1. Trang chủ
  2. » Công Nghệ Thông Tin

Network+ 2005 In Depth (P15) pot

30 211 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 30
Dung lượng 489,67 KB

Nội dung

◆ UPN (user principal name) —The preferred naming convention for users in e-mail and related Internet services. A user’s UPN looks like a familiar Internet address, including the positioning of the domain name after the @ sign. When you create a user account, the user’s logon name is added to a UPN suffix, the portion of the user’s UPN that follows the @ sign. A user’s default UPN suffix is the domain name of her root domain. For example, if Mary Smith’s user name is msmith and her root domain is trinketmakers.com, her UPN suffix is trinketmakers.com, and her UPN is msmith@trinketmakers.com. In addition to these names, each object has a GUID (globally unique identifier), a 128-bit number that ensures that no two objects have duplicate names. The GUID is generated and assigned to an object upon its creation. Rather than use any of the alphabetical names, network applications and services communicate with an object via the object’s GUID. Now that you have been introduced to the Windows Server 2003 Active Directory structure and naming conventions, you are ready to learn about installing the NOS. Planning for Installation When installing and configuring an NOS, you must create a plan for your server and its place in your network before you insert the installation CD. You need to consider many factors, including organizational structure, server function, applications, number of users, LAN archi- tecture, and optional services (such as remote access) when developing this plan. After you have installed and configured the NOS, changing its configuration may prove difficult and cause ser- vice disruptions for users. To begin, first ensure that your server hardware meets the Windows Server 2003 requirements (see Table 8-2). Next, you must prepare answers to the following list of critical preinstallation decisions. 392 Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING FIGURE 8-15 Distinguished name and relative distinguished name NET+ 2.10 3.1 NET+ 3.1 ◆ How many, how large, and what kind of partitions will the server require? Windows Server 2003 must be installed on a single partition. When you install it, you will have a choice of: ◆ Creating a new partition on a nonpartitioned portion of a hard disk ◆ Creating a new partition on a partitioned hard disk ◆ Installing Windows Server 2003 on an existing partition ◆ Removing an existing partition and creating a new one for installation The option you choose will depend on how your server is currently partitioned, whether you want to keep data on existing partitions, and how you want to subdivide your server’s hard disk. If you know the number and size of the partitions you need (for example, on a 16-GB hard disk you might want to create a 6-GB system partition and a 10-GB data partition), it is best to create them during installation. ◆ What type of file system will the server use? Recall that the optimal file system for a Windows Server 2003 computer is NTFS. Choose NTFS unless your applications require a different file system. NTFS must be used if you intend to use Active Directory and the domain model for centralized resource and client management. ◆ What will you name the server? You may use any name that includes a maximum of 15 characters, and that includes numerals, letters, and hyphens, but no spaces, peri- ods, or other special characters (for example, ? or =). Choose a practical, descriptive name that distinguishes the server from others and that is easy for you and your users to remember. For example, you might use geographical server names, such as Boston or Chicago. Alternatively, you might name servers according to their func- tion, such as Marketing or Research. If the server is a member of a large domain, you might identify it in relationship to its domain name. For example, the Market- ing server in the Pittsburgh domain might be called Mktg-Pitts. ◆ Which protocols and network services should the server use? Before you begin installing Windows Server 2003, you need to know which protocol (or protocols) your network requires. On Windows Server 2003, TCP/IP is the default protocol, and depending on your circumstances, you should probably leave it as such. If your server runs Web services or requires connectivity with UNIX, Linux, or Mac OS X Server systems, you must run TCP/IP. If your Windows Server 2003 must communicate with an older NetWare server that relies on IPX/SPX, you should also install the NWLink IPX/SPX Com- patible Protocol and Gateway Services for NetWare. For communication with Mac- intosh computers running the AppleTalk protocol, you need to install AppleTalk. ◆ What will the Administrator password be? Use a strong password—in other words, one that is difficult to crack. In Windows Server 2003, network administrators can require users to choose stronger passwords than ever, which means, among other things, they must include a mix of different characters, including numbers, uppercase letters, lowercase letters, and special characters (such as *, & !, @, and so on), and they cannot contain any part of the user’s name, nor can they resemble any known English words. The strongest passwords are also the longest. The Administrator password should meet the most stringent criteria. Chapter 8 393 PLANNING FOR INSTALLATION NET+ 3.1 ◆ Should the network use domains or workgroups, and, if so, what will they be called? First decide whether your network will use workgroups or domains. During installation you will be asked whether the server should join an existing workgroup, be a new workgroup server, or join an existing domain. As you learned, in a workgroup situa- tion, computers share network access in a peer-to-peer fashion. It is more likely that your environment will require domains, in which the security for clients and resources is centralized. If the server will be joining an existing domain, you must know the domain name, domain controller name, and the DNS server name. Domain names should describe the logical group of servers and users they support. You may use any name that includes numerals, letters, and hyphens, but no spaces, periods, or other special characters (for example, ? or =). Popular schemes for naming domains incorporate geography and function into the names. For example, in a domain model for a WAN spanning several cities, you might want to name your domains Boston, Chicago, Detroit, Pittsburgh, and so on. In a very large organiza- tion, you may want to use a less limiting convention. For example, if your company’s business is chemical production, you might want to name your domains Hydrocar- bons, Resins, Solvents, and so on. ◆ Will the server support additional services? During installation, you will be asked to choose which services your server will support. Of course, you must install certain protocols and network services in order for clients to access the server. You may also want to install optional services, such as: Remote Installation Services, Terminal Server, Windows Media Services, and Management and Monitoring Tools. Although it’s easiest to include additional services during the original installation, they can be added later as well. ◆ Which licensing mode will you use? You may choose one of two licensing modes: per seat or per server. The per server licensing mode allows a limited number of clients to access the server simultaneously. (The actual number is determined by your Win- dows Server 2003 purchase.) In per server mode, any of your organization’s clients may be capable of connecting to the server. The number of concurrent connections is restricted. Per server mode is a popular choice in organizations that have a limited number of servers and many users, or where multiple users share workstations (for example, a mail-order catalog’s call center). The per seat mode requires a license for every client capable of connecting to the Windows Server 2003. In environments that include multiple Windows Server 2003 computers and in which each user has his own workstation, this choice is probably more economical than per server licensing. 394 Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING If you are running Windows Server 2003 as a Web or FTP server for anonymous clients (for example, Internet users from anywhere in the world), you do not need separate Windows Server 2003 client licenses for these types of clients. NOTE NET+ 3.1 ◆ How can I remember all of this information? As you make these preinstallation deci- sions, you should note your choices on a server installation form and keep the form with you during installation. Appendix D offers an example of such a form. The preceding list describes only the most significant installation options. You should also be prepared to: ◆ Read and accept the license agreement. ◆ Identify your organization. ◆ Provide your Product Key (which can be found on the jacket of your Windows Server 2003 CD-ROM). ◆ Select the appropriate time and date. ◆ Specify display settings. ◆ Identify and supply drivers for hardware components, such as video cards, NICs, printers, and so on. If you are upgrading a server that currently runs an older Windows NOS, such as Windows NT or Windows 2000 Server, you will have to follow a special upgrade process, as described in the Microsoft documentation. The following section walks you through a new Windows Server 2003 installation. Installing and Configuring a Windows Server 2003 Server After you have devised a plan for your Windows Server 2003 installation, you can begin the actual installation process. In this section, you will learn about the available options and the decisions you must make when installing and initially configuring your Windows Server 2003 server. The Installation Process You can install Windows Server 2003 from a CD-ROM or remotely over the network. If you use the network method, be aware that this type of installation generates a high volume of net- work traffic and shouldn’t be performed while clients are attempting to use the network. You also have the choice of performing a Windows Server 2003 installation in attended or unat- tended mode. The term “attended mode” simply means that someone is at the computer responding to installation prompts as they appear. Unattended mode relies on a preprogrammed script (which can be customized for different environments) to answer installation prompts. This mode prevents the need for a network administrator to be present during server installa- tion. However, creating the script requires forethought and preparation. Now that you understand the variables and considerations for a Windows Server 2003 instal- lation, you are prepared to install the NOS. Following is a summary of the process, which Chapter 8 395 INSTALLING AND CONFIGURING A WINDOWS SERVER NET+ 3.1 NET+ 3.1 assumes an attended installation using a CD-ROM (in other words, somebody will be respond- ing to prompts, rather than allowing a script to respond to prompts automatically). It repre- sents a typical, simple installation for a small or home office. The options you choose and the prompts you see during installation will depend on your network environment and your pre- installation decisions. The time your installation requires will also depend on the options you choose, in addition to your server’s processor speed and amount of memory. Insert the Windows Server 2003 CD-ROM in your server’s CD-ROM drive and restart the server (making sure your computer is configured to boot from a CD-ROM). After booting, you may be prompted to press any key to install Windows Server 2003. After you press a key, the Windows Setup screen appears, and installation will proceed, with prompts, to: ◆ Inspect your hardware and load appropriate hardware drivers and other files. ◆ Display the Windows Licensing Agreement, which you should read and then press the F8 key to accept if you want to continue. ◆ Search the hard disk to determine whether any previous versions of Windows are installed. ◆ Scan the hard disk to assess how many partitions and what type of partitions are available. ◆ Select a partition for Windows Server 2003 installation (at this point, you may also create a new partition or delete an existing partition). ◆ Format the disk partition you selected. ◆ Copy files to the Windows installation folders on the hard disk. After the Windows installation files are copied to your server’s hard disk, the Setup process has finished preparing your computer for the Windows Server 2003 installation. Your com- puter restarts and returns to a graphical user interface screen. During the next part of the process, you are prompted to: ◆ Customize regional and language options, which include how numbers should be formatted and what languages you want Windows Server 2003 to support. ◆ Personalize your software by entering your name and your organization’s name. ◆ Enter the 25-character Product Key that appears on your CD-ROM folder. ◆ Select the licensing mode you want to use—either Per Server, Per Device, or Per User. ◆ Assign a name to your server and enter (and confirm) the password associated with the Administrator user account. ◆ Enter modem dialing information. ◆ Enter date and time settings. ◆ Choose whether you want to use typical network settings or manually configure your server’s networking components. ◆ Indicate whether the server is part of a workgroup or a domain. 396 Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING NET+ 3.1 After gathering the preceding information, the setup program installs and registers the com- ponents you’ve selected, installs Start menu items, saves settings, and removes the temporary files created during installation. Then, your system restarts (or prompts you to click Finish to restart). Finally, you can log on to the server using the Administrator user name and password. Initial Configuration After you have completed the Windows Server 2003 installation, the server still isn’t ready to support clients on a network. First, you must configure the software (for instance, assign it a role in the domain, if your network follows the domain model). The first time you log on to the server using the Administrator ID, the Manage Your Server window will open, as shown in Figure 8-16. Here you can establish the server’s role. For example, you can designate the server as a file server, print server, mail server, terminal server, and so on. Chapter 8 397 INSTALLING AND CONFIGURING A WINDOWS SERVER FIGURE 8-16 Manage Your Server window Suppose you want to assign the role of file server to a newly installed Windows Server 2003 computer. In that case, you would follow these steps: 1. If the Manage Your Server window is not open, click Start, and then click Manage Your Server. The Manage Your Server window opens. 2. Click Add or remove a role. The Configure Your Server Wizard window opens, reminding you to make sure that all of the server’s peripherals are installed, that it is connected to the network and to the Internet, if Internet access is desired, and that you have the Windows Server 2003 installation CD handy. 3. Click Next to continue. NET+ 3.1 4. The Configure Your Server Wizard detects your network connection settings. Then, it prompts you to select the server’s role from a list of possibilities. 5. Click File server, then click Next to continue. 6. The Configure Your Server Wizard prompts you to set default disk quotas (a limit on how much of the server’s hard disk space users’ personal files can occupy) for new users, if desired. After you have made your choice, click Next to continue. 7. Next, you are prompted to choose whether you want to enable the File Server Index- ing Service, which allows users to search indexed files for specific words or characters. (By default, the Indexing Service is turned off.) After making your selection, click Next to continue. 8. Finally, you are presented with a summary of your selections. Confirm that the selec- tions are correct, and then click Next to continue. 9. The Share a Folder Wizard appears, prompting you to establish shared folders on the server. Click Next to continue. 10. Specify a folder path for the folder you want to share. For example, you might want to share the folder called “C:\Documents and Settings\All Users\Documents.” Then click Next to continue. 11. You are prompted to name the share you have just created and, if you desire, provide a description. For example, you could name the share “Public documents” and enter a description of “A directory available for file sharing among all users.” Click Next to continue. 12. The Share a Folder Wizard prompts you to indicate users’ permissions to the folder. The default selection allows users read-only access to files in the folder, as shown in Figure 8-17. (“Read-only access” means that users can view data files and execute pro- gram files within a folder, but they cannot modify, delete, or add files.) If you want users to be able to save files to the folder, you could choose Administrators have full access; other users have read and write access. Click Finish to continue. 398 Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING FIGURE 8-17 Specifying permissions in the Share a Folder Wizard NET+ 3.1 13. The next screen announces that “Sharing was Successful.” Click Close to close the Share a Folder Wizard. 14. The Configure Your Server Wizard announces that “This Server is Now a File Server.” Click Finish to close the wizard. 15. You have now made it possible for users to share files on this server. In the next sec- tion, you will learn how to create user accounts and make users part of a group. Establishing Users and Groups The installation process creates two accounts: Guest and Administrator. The Guest account is a predefined user account with limited privileges that allows a user to log on to the computer. The Administrator account is a predefined user account that has the most extensive privileges for resources both on the computer and on the domain that it controls (if it is a domain con- troller). These two predefined user accounts are designed primarily to allow you to log on to a computer after installation and before you have created any additional user accounts. The Guest and Administrator accounts cannot be deleted; however, they may be disabled. Chapter 8 399 INSTALLING AND CONFIGURING A WINDOWS SERVER To enhance security, at some point you should create a new user account with administrative privileges to perform network administration, and disable the Adminis- trator user account. If you keep the Administrator account active with full privileges, hackers have half the information they need to break into your system. CAUTION Additional accounts that you create may be local accounts, or those that only have rights on the server they are logged on to, and domain accounts, those that have rights throughout the domain. To create domain accounts, you must have Active Directory installed and your domains properly configured. Active Directory is not installed by default when you install Win- dows Server 2003. To install Active Directory, click Start, and then click Manage Your Server. From the Manage Your Server window, click Add or remove a role, and then select Domain Controller (Active Directory) from the list of server roles that the Configure Your Server Wizard offers. The Active Directory Installation Wizard will lead you through the process of making the computer a domain controller. The following exercise assumes that Active Direc- tory is installed on your Windows Server 2003 computer and that domains have already been configured. To create a domain user account: 1. Make sure you are logged on as Administrator. 2. Click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers. The Active Directory Users and Computers snap-in opens. NET+ 3.1 3. Double-click the Active Directory container in which you want to create the new user. This may be a domain or an OU. 4. Right-click the Users folder, point to New on the shortcut menu, and then click User. The New Object - User dialog box opens, as shown in Figure 8-18. 5. Type the user’s last and first name in the appropriate text boxes. You then see the user’s full name in the Full name text box. 6. Enter a user name in the User logon name text box. This name uniquely identifies the user in a domain or forest. The domain name is provided automatically. Click Next to continue. 7. In the New Object - User dialog box shown in Figure 8-19, enter a password for the user. Enter a strong password (one that consists of at least 10 characters, cannot be found in the dictionary, and contains numbers, letters, and special characters). Retype the password in the Confirm password text box. You may also select from four addi- tional options: User must change password at next logon, User cannot change pass- word, Password never expires, or Account is disabled. It’s a good policy to force the user to pick a new password the first time they log on, so that they have a password that is meaningful to them and so that you, as the network administrator, don’t know their password. It is also a good policy to allow the password to periodically expire. With this in mind, make certain that the first option, User must change password at next logon, is checked, and then click Next. 8. The next New Object - User window displays the information you have entered. Click Finish to complete the creation of a new domain user account. 400 Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING FIGURE 8-18 New Object–User dialog box After you have created a new user, you can configure the properties associated with his account, including his address, telephone number, and e-mail address, his rights to use remote access, his position in the organization, his group memberships, what hours of the day he may log on to the network, and so on. To modify user account properties, you can use the Active Direc- tory Users and Computers snap-in. In the snap-in window, double-click the user account in FIGURE 8-19 Password settings in the New Object–User dialog box NET+ 3.1 the right-hand pane. The User Account Properties dialog box opens, with multiple tabs that represent different categories of attributes you may change. Before you add many users, you will probably want to establish groups into which you can col- lect user accounts. But before creating a group, you must know what type of scope the group will have. The group’s scope identifies how broadly across the Windows Server 2003 network its privileges can reach. The possible scopes are domain local, global, or universal. A domain local group is one that allows its members access to resources within a single domain. Domain local groups are used to control access to certain folders, directories, or other resources. They may also contain global groups. A global group allows its members access to resources within a single domain also. However, a global group usually contains user accounts and can be inserted (or nested) into a domain local group to gain access to resources in other domains. A univer- sal group is one that allows its members access to resources across multiple domains and forests. To create a group in Windows Server 2003: 1. Make sure you are logged on as Administrator. 2. Click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers. The Active Directory Users and Computers snap-in starts. 3. Double-click the Active Directory container in which you want to create the new group. This may be a domain or an OU. 4. Click Action on the menu bar, click New, and then click Group. The New Object - Group dialog box appears, as shown in Figure 8-20. Chapter 8 401 INSTALLING AND CONFIGURING A WINDOWS SERVER FIGURE 8-20 New Object–Group dialog box 5. In the New Object - Group dialog box, enter the name of the group in the Group name text box. In case you are using Windows NT servers on your network, the Group name (pre-Windows 2000) text box is automatically completed. 6. Choose the group scope: Domain local, Global, or Universal. NET+ 3.1 [...]... NOS AND WINDOWS SERVER 2003-BASED NETWORKING universal group—A group on a Windows Server 2003 network that allows members from one domain to access resources in multiple domains and forests UPN (user principal name)—The preferred Active Directory naming convention for objects when used in informal situations This name looks like a familiar Internet address, including the positioning of the domain name... operating systems, a method for organizing and managing objects KEY TERMS Chapter 8 407 distinguished name—See DN DN (distinguished name)—A long form of an object’s name in Active Directory that explicitly indicates the object name, plus the names of its containers and domains A distinguished name includes a DC (domain component), OU (organizational unit), and CN (common name) A client uses the distinguished... Active Directory database domain local group—A group on a Windows Server 2003 network that allows members of one domain to access resources within that domain only domain model In Microsoft terminology, the type of client/server network that relies on domains, rather than workgroups domain tree—A group of hierarchically arranged domains that share a common namespace in the Windows Server 2003 Active Directory... domain two-way transitive trust—The security relationship between domains in the same domain tree in which one domain grants every other domain in the tree access to its resources and, in turn, that domain can access other domains’ resources When a new domain is added to a tree, it immediately shares a two-way trust with the other domains in the tree UDF (Universal Disk Format)—A file system used on CD-ROMs... branches into multiple containers, which may branch into additional containers A file system is an operating system’s method of organizing, managing, and accessing its files through logical structures and software routines In general, when installing Windows Server 2003, you will want to choose the NTFS file system For clients to share a server application, the network administrator must assign users... possible to purchase the software, thereby gaining a certain amount of convenience In the case of purchasing Red Hat Enterprise Linux, for example, you are paying for the convenience of a package that includes the software on CD-ROM, documentation, and access to Red Hat’s customer support Choosing to obtain Fedora Core Linux for free from Red Hat means investing a fair amount of time, enough to download... structure of an operating system’s directory that contains objects or other organizational units CDFS (CD-ROM File System)—The read-only file system used to access resources on a CD Windows Server 2003 supports this file system to allow CD-ROM file sharing CD-ROM File System—See CDFS child domain—A domain established within another domain in a Windows Server 2003 domain tree CIFS (Common Internet File System)—A... Install and configure Linux on an Intel-based PC ■ Manage users, groups, and file access permissions in Solaris, Linux, and Mac OS X Server ■ Explain how computers running other operating systems can connect to UNIX servers long with Microsoft Windows and Novell NetWare, UNIX is one of the most popular network operating systems All of these operating systems enable servers to provide resource sharing,... decisions regarding your server and network pertaining to the domain or workgroup characteristics, file system, disk partitioning, optional services to be installed, administrator password, protocols to be installed, and server name Adding users and groups is accomplished through an administrative tool called Active Directory Users and Computers For integrating Windows Server 2003 clients and resources with... applications in the world Some examples 420 Chapter 9 NET+ 3.1 NETWORKING WITH UNIX-TYPE OF OPERATING SYSTEMS include large multiterabyte databases, weather prediction systems, and large economic modeling applications ◆ Linux follows standard UNIX conventions, is highly stable, and is free Linus Torvalds developed it in 1991 when he was a second-year computer science student in Finland After developing Linux, . principal name) —The preferred naming convention for users in e-mail and related Internet services. A user’s UPN looks like a familiar Internet address, including the positioning of the domain. have been introduced to the Windows Server 2003 Active Directory structure and naming conventions, you are ready to learn about installing the NOS. Planning for Installation When installing and. workgroups or domains. During installation you will be asked whether the server should join an existing workgroup, be a new workgroup server, or join an existing domain. As you learned, in a workgroup

Ngày đăng: 07/07/2014, 09:20