Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 97 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
97
Dung lượng
1,99 MB
Nội dung
7 4 8 CHAPTER 14 Confi guring FTP and SMTP Services Each tool presents you with several options that perform actions similar to those avail - able in the File Server Resource Manager MMC snap-in. To specify that a command performs an action on a remote computer instead of on the local computer, use the /remote: ComputerName parameter. For example, dirquota.exe includes a template export parameter to write quota template settings to an XML fi le and a template import parameter to import template settings from the XML fi le. Adding the /remote:ComputerName parameter to the dirquota template import command imports the templates from the XML fi le on the local computer to the remote computer. To manage remote resources with command-line tools, you must be logged on with a domain account that is a member of the local Administrators group on both the local com- puter and the remote computer. DIRQUOTA Use the dirquota command from an elevated command prompt to create and manage quo- tas, auto-apply quotas, and quota templates. For example, use dirquota with the template export option to export the settings for a custom quota template named 50 MB Limit to the C:\test.xml fi le on the local computer, as follows. dirquota template export /file:C:\test.xml /template:"50 MB Limit" MORE INFO DIRQUOTA.EXE For more information about the dirquota.exe utility, see http://technet.microsoft.com /en-us/library/cc731290.aspx. For more information about the use of the utility in template import and export scenarios, see http://technet.microsoft.com/en-us/library/cc730873.aspx. FILESCRN Use the fi lescrn command from an elevated command prompt. Filescrn includes subcom- mands for creating and managing fi le groups, fi le screens, fi le screen exceptions, and fi le screen templates and for confi guring general administrative options for screening fi les. For example, to list all fi le groups currently confi gured on the local computer, enter the following command: filescrn filegroup list To list the fi le name patterns included in and excluded from the Critical Files group, enter the following command: filescrn filegroup list /filegroup:"Critical Files" MORE INFO FILESCRN.EXE For more information about the fi lescrn.exe utility, see http://technet.microsoft.com/en-us /library/cc730977.aspx. MORE INFO DIRQUOTA.EXE For more information about the dirquota.exe utility, see http://technet.microsoft.com /en-us/library/cc731290.aspx . For more information about the use of the utility in template /en-us/library/cc731290.aspx. For more information about the use of the utility in template /en-us/library/cc731290.aspx import and export scenarios, see http://technet.microsoft.com/en-us/library/cc730873.aspx . http://technet.microsoft.com/en-us/library/cc730873.aspx.http://technet.microsoft.com/en-us/library/cc730873.aspx MORE INFO FILESCRN.EXE For more information about the fi lescrn.exe utility, see http://technet.microsoft.com/en-us /library/cc730977.aspx . /library/cc730977.aspx./library/cc730977.aspx Lesson 1: Confi guring FTP CHAPTER 14 749 STORREPT You use the storrept command from an elevated command prompt to confi gure report parameters and generate storage reports. You can also create report tasks and then use schtasks.exe to schedule the tasks. For example, to list all storage reports confi gured on the local computer, enter the follow- ing command: storrept reports list To list storage reports that are currently running on the remote computer Boston, enter the following command: storrept reports list /running /remote:Boston MORE INFO STORREPT.EXE For more information about the storrept.exe utility, see http://technet.microsoft.com/en-us /library/cc753567.aspx and follow the links. MORE INFO SCHTASKS.EXE Schtasks.exe is not specifi cally related to the File Server Resource Manager commands but is a general task scheduling utility. For more information about schtasks.exe, see http:// technet.microsoft.com/en-us/library/bb490996.aspx. Installing and Using FTP7 The new FTP publishing service includes a wide range of new features and improvements, for example: n Integration with IIS 7.0 The new FTP service is tightly integrated with the IIS7 admin- istration interface and confi guration store. n Support for FTPS The service supports FTP over SSL, also known as FTP/SSL or FTPS, and uses a public key SSL/TLS certifi cate. n Support for standards and protocols The service supports the UTF8 Unicode encod- ing standard and the IPv6 protocol. n Shared hosting The service facilitates hosting FTP and Web content from the same site by adding an FTP binding to an existing Web site. It also supports virtual host- names, which facilitates hosting multiple FTP sites on the same IP address. Improved user isolation facilitates isolating users through per-user virtual directories. n Extensibility The service supports developer (API) extensibility. This makes it easier for software vendors to write custom providers for FTP authentication. MORE INFO STORREPT.EXE For more information about the storrept.exe utility, see http://technet.microsoft.com/en-us /library/cc753567.aspx and follow the links. /library/cc753567.aspx and follow the links./library/cc753567.aspx MORE INFO SCHTASKS.EXE Schtasks.exe is not specifi cally related to the File Server Resource Manager commands but is a general task scheduling utility. For more information about schtasks.exe , see http:// technet.microsoft.com/en-us/library/bb490996.aspx . technet.microsoft.com/en-us/library/bb490996.aspx.technet.microsoft.com/en-us/library/bb490996.aspx 7 5 0 CHAPTER 14 Confi guring FTP and SMTP Services n Logging The service improves FTP logging, which is enhanced to include all FTP traf- fi c in the log fi les. n Improved troubleshooting The service supports IIS7 troubleshooting features such as Event Tracing for Windows (ETW) and provides detailed error responses and mes- sages for local users. EXAM TIP The Windows Server 2008 FTP7 service does not use metadata, and the new confi guration store in IIS7 uses NET XML-based fi les to store confi guration details. MORE INFO DOWNLOADING THE FREE FTP PUBLISHING SERVICE The new FTP publishing service is available as a free download at http://www.iis.net /downloads/default.aspx?tabid=34&g=6&i=1619 (32-bit) or http://www.iis.net/downloads /default.aspx?tabid=34&g=6&i=1620 (64-bit). An update for the 32-bit version is available at http://www.microsoft.com/downloads/details.aspx?FamilyId=F23F366F-5D1C-4390 -934C-D5E9C3057661&displaylang=en&displaylang=en and for the 64-bit version at http://www.microsoft.com/downloads/details.aspx?FamilyId=1D4264C7-783A-4381-A65C -39EB148820DE&displaylang=en&displaylang=en. The service requires the Windows Server 2008 operating system and IIS7. If you want to manage the new FTP services by using the IIS7 interface, the Internet Information Services (IIS) Manager must be installed. However, many administrators fi nd it more convenient to use command-line administration. The appcmd.exe command-line utility is described later in this chapter. If you are using IIS7 shared confi guration, you must disable it on each node in a Web farm scenario before you install the new FTP service. It can be re-enabled after the FTP service has been installed. The FTP service that ships with the Windows Server 2008 must be uninstalled before you install the new FTP service. NOTE FTP7 INSTALLATION You must uninstall FTP6 before installing FTP7. When you download the appropriate fi le, you cannot specify that it should run auto- matically on download because User Account Control blocks access to the applicationHost. c o n fi g fi le. Instead, run it from an elevated command prompt or use one of the following commands: msiexec /i ftp7_x86_rtw.msi (for 32-bit) msiexec /i ftp7_x64_rtw.msi (for 64-bit) MORE INFO DOWNLOADING THE FREE FTP PUBLISHING SERVICE The new FTP publishing service is available as a free download at http://www.iis.net /downloads/default.aspx?tabid=34&g=6&i=1619 (32-bit) or http://www.iis.net/downloads /default.aspx?tabid=34&g=6&i=1620 (64-bit). An update for the 32-bit version is available at http://www.microsoft.com/downloads/details.aspx?FamilyId=F23F366F-5D1C-4390 -934C-D5E9C3057661&displaylang=en&displaylang=en and for the 64-bit version at http://www.microsoft.com/downloads/details.aspx?FamilyId=1D4264C7-783A-4381-A65C -39EB148820DE&displaylang=en&displaylang=en . NOTE FTP7 INSTALLATION NOTE FTP7 INSTALLATIONNOTE You must uninstall FTP6 before installing FTP7. Lesson 1: Confi guring FTP CHAPTER 14 751 During installation, you can include some or all the following features: n Common Files This provides common fi les for the Microsoft FTP Service for IIS, such as the FTP confi guration schema fi le. Common fi les are required on all FTP servers using shared confi guration mode. n FTP 7.0 Publishing Service This is the core component that FTP needs to work. It requires the installation of the Process Model from the Windows Process Activation Service feature. n Managed Code Support This is required when managed code features such as ASP. NET or IIS Manager are used with FTP. This feature is optional and does not work in Windows Server 2008 Server Core installations. n Administration Features This supports administration through IIS Manager. It requires the installation of IIS Manager and Microsoft .NET 2.0 Framework. You can confi rm that the FTP Service is installed by verifying that the Microsoft FTP Service is running and (optionally) that the new IIS Manager FTP section displays management com- ponents for the FTP Service. By default, the FTP server is locked down and does not accept any FTP requests. You use IIS Manager or the elevated command prompt to either publish a new FTP site or add FTP Publishing to an existing Web site. The FTP service supports anonymous authentication, but Microsoft recommends that you not rely on this method. Recommended ways of authenticating your FTP users include the following: n Windows Authentication In this method, users are located in the Active Directory Domain Services (AD DS) or local user store on the dedicated FTP server. n IIS Manager Authentication This is a new feature. IIS Manager is used for user administration; all users are added using IIS Manager, and authentication is handled by the IISManagerAuth provider. EXAM TIP At this time of writing, the upgrade examinations are likely to test the version of FTP (FTP6) that ships with Windows Server 2008 rather than FTP7, which must be downloaded separately. You are likely to need to know only the signifi cant differences between the two versions, such as that FTP7 supports Windows authentication, IIS Manager authentication, and SSL encryption, whereas FTP6 does not. You use IIS 6.0 Manager to manage FTP6 and IIS Manager to manage FTP7. 7 5 2 CHAPTER 14 Configuring FTP and SMTP Services PracticE Installing the FTP Publishing Role Service and Creating a Virtual Directory In this practice, you install the FTP Publishing role service. You place content directly on Default FTP Site. You then create a virtual directory that points to content elsewhere on the hard disk. ExErcisE 1 Install the FTP Publishing Service In this exercise, you install the FTP Publishing Service role service that ships with Windows Server 2008. This automatically installs the role service dependencies. 1. Log on to the domain controller Glasgow with the Kim_Akers account. If necessary, open Server Manager. 2. In Server Manager, expand the Roles section, right-click the Web Server (IIS) server role, and click Add Role Services. 3. On the Select Role Services page, select the FTP Publishing Service check box. As shown in Figure 14-8, this automatically installs the FTP Server and FTP Manage- ment Console role services. 4. Click Next. FIGURE 14-8 Installing the FTP publishing service and its dependencies. 5. On the Confirm Installation Selections page, verify that you have made the correct selections, and then click Install. 6. When the installation is complete, click Close. Lesson 1: Configuring FTP CHAPTER 14 753 ExErcisE 2 View the Default Web Site Configuration and Add Content In this exercise, you view configuration settings for Default FTP Site on the Glasgow FTP server. You add and view site content. 1. If necessary, log on to the Glasgow domain controller with the Kim_Akers account. 2. Launch Internet Information Services (IIS) 6.0 Manager from the Administrative Tools program group. 3. Expand Glasgow, and then expand the FTP Sites folder. The Default FTP Site object exists but has not been started. 4. Right-click the Default FTP Site object and click Properties. As shown in Figure 14-9, the default settings are for the FTP site to respond on all unassigned IP addresses by using TCP port 21. FIGURE 14-9 Default FTP Site settings. 5. Click the Home Directory tab to view the file system location for the FTP site’s root directory. The default file system location is %SystemDrive%\Inetpub\Ftproot. The default per- missions are only Read, for access to the contents of this folder, and Log Visits. 6. Click OK to close the Default FTP Site Properties dialog box. 7. Using Windows Explorer, open the root directory for the FTP site and create a new folder called MyFTPContents. Within this folder, create a new text file called MyTestFile.txt. 8. In IIS 6.0 Manager, right-click the Default FTP Site object and click Start. If prompted, click Yes to start the service and the site. 7 5 4 CHAPTER 14 Configuring FTP and SMTP Services 9. Open Internet Explorer. Navigate to ftp://Glasgow/MyFTPContents. View the contents of Default FTP Site, as shown in Figure 14-10. FIGURE 14-10 Accessing the MyFTPContents directory on Default FTP Site. ExErcisE 3 Create a Virtual Directory In this exercise, rather than put content directly on Default FTP Site, you create a virtual direc- tory that points to a physical location on the hard disk. 1. If necessary, log on to the Glasgow domain controller with the Kim_Akers account and open Windows Explorer. 2. Create a directory named C:\Virtual. 3. In C:\Virtual, create text files named Virtual1.txt and Virtual2.txt. 4. If necessary, launch Internet Information Services (IIS) 6.0 Manager from the Adminis- trative Tools program group. 5. Navigate to Default FTP Site. Right-click Default FTP Site, click New, and then click Virtual Directory. 6. Click Next. 7. In the Alias text box, type MyVirtualDir. Click Next. 8. In the Path text box, type C:\Virtual. Click Next. 9. Click Next to accept the default Directory Access permissions. 10. Click Finish. 11. If necessary, open Microsoft Internet Explorer. Browse to ftp://Glasgow/MyVirtualDir. You should see the files you created, as shown in Figure 14-11. Lesson 1: Confi guring FTP CHAPTER 14 755 FIGURE 14-11 Accessing files in a virtual directory. Lesson Summary n You can confi gure general settings, security settings, home directory settings, mes- sages settings, and directory security settings for FTP6 through the IIS 6.0 Server Manager GUI. You can also add and manage virtual directories by using the GUI. n You can confi gure Anonymous or Basic authentication on an FTP6 site. You can use NTFS permissions, IIS permissions, and IP address restrictions to help secure the site. FTP6 offers no encryption facility; if you need encryption, confi gure IPsec. You can manage resources on both a local and a remote server by using File Server Resource Manager. n FTP7 offers a number of enhancements, including SSL encryption and additional authentication methods. Lesson Review You can use the following questions to test your knowledge of the information in Lesson 1, “Confi guring FTP.” The questions are also available on the companion DVD if you prefer to review them in electronic form. NOTE ANSWERS Answers to these questions and explanations of why each answer choice is right or wrong are located in the “Answers” section at the end of the book. NOTE ANSWERS NOTE ANSWERSNOTE Answers to these questions and explanations of why each answer choice is right or wrong are located in the “Answers” section at the end of the book. 7 5 6 CHAPTER 14 Configuring FTP and SMTP Services 1. You are an administrator for Litware, Inc. According to the Litware’s written security policy, all confidential company data must be transmitted over the network in the most secure manner. However, a security check on the company’s Windows Server 2008 Web Server FTP server, Boston, reveals that confidential information, including name and password information, is being transmitted to a partner organization in clear text. Your system is using Basic authentication and the version of the FTP publishing service that ships with Windows Server 2008. Your line manager has prohibited the down- load and installation of FTP7 until it has been piloted on your internal test network. How can you ensure that encryption is always used when the confidential files on the Litware Boston server are transmitted over a network? A. Use anonymous authentication on Boston and specify Use Only Anonymous Authentication. B. Configure the FTP sites on Boston to use SSL encryption. Publish the confidential files on Boston, using IIS, and then activate SSL on the IIS server. C. Use IPsec encryption between Boston and the partner network. D. Upgrade the operating system of Boston to Windows Server 2008 Enterprise. 2. You install the FTP Publishing role service on the Windows Server 2008 server, Perth. You configure Default FTP Site with Write IIS permission. Users complain that they receive warning messages when they upload files to the site. What should you do to allow authenticated users to access the FTP site and upload files without receiving warnings? A. Enter the cscript iisftpdr /access Perth “Default FTP Site” command at an elevated command prompt. B. Set NTFS permissions for the Authenticated Users security group to Allow Read/ Write Attributes. C. Specifically allow the authenticated users’ client computers to access the site by allowing access based on IPv4 address. D. Configure Basic authentication. 3. You are configuring an FTP site on a Windows Server 2008 Web server in the trey- research.internal domain. The server uses the FTP publishing service that ships with Windows Server 2008.This facility enables researchers to submit a series of individual independent reports on a new product. Researchers should not be influenced by their colleagues’ reports and should not be able to access content in their colleagues’ direc- tories. Directory location should be assigned through AD DS and only clients from a single designated company network should be able to access the FTP service. Which of the following settings should you configure on this FTP site? (Choose two. Each correct answer presents part of a complete solution.) Lesson 1: Configuring FTP CHAPTER 14 757 A. Configure access control to allow client computer access based on an IPv4 address range. B. Configure access control to allow client computer access based on an IPv6 address range. C. Configure SSL encryption. D. Configure the site so that it does not isolate users. E. Configure user isolation, using AD DS. 4. You are currently logged on interactively to the Glasgow Windows Server 2008 domain controller. You want to list all the storage reports currently running on the Windows Server 2008 member server, Boston, in the same domain. You open an elevated com- mand prompt. Which command do you enter? A. storrept reports list B. storrept reports list /running C. storrept reports list /running /Boston D. storrept reports list /running /remote:Boston [...]... administrator, be aware that each edition of Windows Server 2008 includes a different number of extra virtual machine licenses These licenses are as follows: n Windows Server 2008 Standard includes a single license to run a Windows virtual guest n Windows Server 2008 Enterprise includes four licenses to run Windows Virtual guests n Windows Server 2008 Datacenter includes unlimited licenses to run Windows. .. connecting to their mailbox on the messaging server, using a protocol such as Post Office Protocol version 3 (POP3) For example, if you want to configure a Web site on a Windows Server 2008 Web server to send e-mail to Internet users, configure the SMTP e-mail feature for the Web site on that server The SMTP Server feature allows the e-mails to be sent to specified addresses EXAM TIP SMTP sends messages... and IMAP4 retrieve them You can use Server Manager to install the SMTP Server feature on a Windows Server 2008 server To do this, right-click Features and select Add Features You can then add SMTP Server and its dependencies You do this in the practice later in this lesson You can also use Server Manager to remove the SMTP Server feature The SMTP server enables you to support applications and network... Transfer Protocol (SMTP) in Windows Server 2008 to transport and deliver e-mail messages SMTP enables servers to send messages through internal e-mail or across the Internet Individuals and applications use SMTP to send notifications and other information In this lesson, you learn how to enable and configure the SMTP Server feature in Windows Server 2008 REAL WORLD Ian McLean I think it’s all done to make... site has a dedicated SMTP virtual server You create a new SMTP virtual server on a Windows Server 2008 Web server on your domain and install it for a new client Web site The Web server already hosts several SMTP virtual servers The SMTP virtual server Configuring FTP and SMTP Services fails to start How do you configure the new SMTP server so it will start on the Web server? (Select two Each correct... to a virtual machine Hyper-V and Server Core You can add the Hyper-V Server role to a computer running the Server Core installation option of indows Server 2008 Computers running Server Core make excellent HyperW V hosts because the operating system has a smaller hardware footprint than a traditional W indows Server 2008 installation To install the Hyper-V role on an x64 version of indows W Server. .. resources The Hyper-V role service is available for x64 versions of Windows Server 2008 Standard, Enterprise, and Datacenter in both the standard and Server Core configurations You cannot install the Hyper-V Server role on Windows Web Server 2008 or any x86 versions of Windows Server 2008 Hyper-V requires the computer it is installed on to support hardware-assisted virtualization and hardware data execution... Configure a different port for the new SMTP server 2 You administer an SMTP virtual server on a Windows Server 2008 Web server at Trey Research A Web developer wants to create a set of Web pages that enable a user to type a message into a form and mail it to support@treyresearch.com The form creates a properly formatted text file with the correct SMTP headers Into which folder should the file be copied?... Into which folder should the file be copied? A Mailroot\Drop B Mailroot\Queue C Mailroot\Pickup D Badmail 3 You create a new virtual SMTP server on a Windows Server 2008 Web server You want to configure the new SMTP server to forward all e-mails to your ISP’s mail server How can you achieve this objective? A Enter a command with the %systemroot%\system32\inetsrv\appcmd set config /commit:WEBROOT /section:smtp... because only specific servers require access to external networks The Attempt Direct Delivery Before Sending To Smart Host option instructs the local SMTP server to attempt to connect directly to the destination SMTP server If this operation fails, the message is forwarded to the designated smart host n Perform Reverse DNS Lookup On Incoming Messages This setting instructs the SMTP server to perform a DNS . on interactively to the Glasgow Windows Server 2008 domain controller. You want to list all the storage reports currently running on the Windows Server 2008 member server, Boston, in the same. messaging server, using a protocol such as Post Offi ce Protocol version 3 (POP3). For example, if you want to confi gure a Web site on a Windows Server 2008 Web server to send e-mail to Internet. on a Windows Server 2008 Web server in the trey- research.internal domain. The server uses the FTP publishing service that ships with Windows Server 2008. This facility enables researchers to submit