New Page 1

.NET — A Microsoft initiative that provides easier methods for connecting and communicating on a variety of devices. With this initiative, Microsoft aims to expand data sharing beyond traditional computer networks to include cell phones, personal digital assistants, and other web-ready devices.

Active Directory (AD) — The directory service that manages the database of objects of a Microsoft domain.

authenticate — Verify the identity of a user. This is typically done by matching a given account name with the password entered by the user.

client — A computer that receives services from the server in a client/server network.

client/server network — A network that consists of one or more central computers, called servers. The servers provide services and access to resources to the rest of the computers, called clients.

clustering — Linking multiple servers together such that they can share the processing and/or network communications load.

domain — The basic logical structure of a Microsoft network. Domains are created and managed through Active Directory in Windows Server 2003 and Windows 2000. In Windows NT, domains are created and managed by the Security Accounts Manager (SAM) database.

file allocation table (FAT) — The file system used by earlier versions of Windows and MS-DOS, and still available as an alternative file system for newer Windows operating systems.

file system — The system used by an operating system for naming, storing, and retrieving files on a hard disk.

Folder redirection of My Documents — A feature of Windows Server 2003 that allows redirection of the user’s My Documents folder on client machines to a centralized location on a server.

Hot Add Memory — A feature of Windows Server 2003 that supports additional RAM to a server without the need to reboot. This feature must also be supported by the server hardware.

Microsoft Management Console (MMC) — A standardized console interface for working with a variety of administrative tools called snap-ins.

NT File System (NTFS) — The file system introduced in Windows NT that offers distinct advantages over the older FAT file system. NTFS offers folder- and file-level access permissions and, in later versions, file encryption.

open file backup — A feature of Windows Server 2003 that also allows files currently in use by the system or users, to be copied by backup programs.

peer-to-peer network — A network with no central server in which each computer on the network can act as both a client and server.

permissions — Settings that determine the type and extent of access a user or computer may have for a particular resource.

scalable — A term that refers to the ability of elements, such as a network operating system, to grow to meet increasing demands.

Security Accounts Manager (SAM) — The service in Windows NT responsible for maintaining the database of all network objects within a domain. The SAM was replaced by Active Directory in Windows 2000 Server.

server — A central computer that provides services and access to resources to other computers on the network.

Shadow Copies of Shared Folders — A feature of Windows Server 2003 that allows users to retrieve previous versions of files saved to network shares without administrator intervention. This feature stores file revisions with every file write, allowing users to select exactly which version of a file they wish to restore.

shares — A term used to describe resources, such as folders or printers, that have been made accessible, or shared, to the rest of the network.

Software Restriction Policies — A new feature of the Windows Server 2003 group policies that makes it possible to block the running of specific programs or the execution of programs in an entire directory.

Symmetric Multiprocessing (SMP) — A technology that allows a computer to run more than one processor simultaneously.

2. Microsoft released two versions: Windows for Workgroups 3.1 and Windows for Workgroups 3.11.

3. Before the release of Windows for Workgroups, a user had to manually add the appropriate components to the operating system for networking a DOS or Windows computer. Specialized networking software was also required on a network server that centrally managed access to resources.

4. Windows for Workgroups had the built-in ability to be both a client and a server at the same time on the same network. As a result, each machine could act as a file and a print server to its peers. This type of network is called peer-to-peer network.

5. However, peer-to-peer networks become ineffective once the network exceeds seven to ten computers.

6. A major problem with Windows for Workgroups was the inability to have a centralized user database. This prevented sufficient security control as there was no way to set individual access levels for users. Each user used the same password for a shared resource.

3. It was also the first Microsoft operating system to be released as a separate server and workstation product.

5. The NT Server could provide the type of centralized control of resources, and security necessary for networks to grow beyond small workgroups.

6. It offered improved security through the Security Accounts Manager (SAM). The SAM was a database of user security accounts that was used to authenticate, or verify, the identity of users at both the local client and network levels.

7. The domain SAM was the central management tool that allowed both the server and the client machines to selectively grant permissions or types of access to shared resources, according to who the user was.

8. It introduced the NT File System (NTFS), which allowed an extensive set of local permissions that controlled what a user could do with any particular file or folder stored on an NTFS-formatted hard drive.

2. Introduced Active Directory, which is a central database that allows easy management of user accounts, client machines, and printers. It also helps manage other network servers, other networks, and anything that is a part of the network.

3. Introduced the Microsoft Management Console (MMC), which gave the administrator a central, customizable interface to manage the actual server and the client systems.

4. Windows 2000 uses NTFS5, which has the ability to encrypt files and folders, and apply disk quotas.

4. Can handle up to four processors simultaneously, if symmetric multiprocessing (SMP) is supported.

4. The 64-bit version can handle up to 64GB of RAM, while the 32-bit version can handle up to 32GB of RAM.

7. Provides some improved directory services to help coordinate resources across large networks.

4. The 32-bit version can handle up to 32 SMP processors and 64GB of RAM, while the 64-bit version can handle up to 64 SMP processors and 512GB of RAM.

5. It is only sold, by select original equipment manufacturers (OEMs), with server-class computers that are certified as compatible.

1. Specifically designed to fill the role of a dedicated Web server for an organization.

4. The retail price is around 60 percent less than that of the Standard Edition.

1. According to Microsoft’s testing, Windows Server 2003 is at least twice as fast as Windows NT on the same hardware.

2. Microsoft has added many enhancements to Windows Server 2003 that significantly improve reliability.

3. Microsoft has made an effort to make Active Directory, the Microsoft Management Console, and many other management tools easier and more intuitive to use.

4. Windows Server 2003 introduces numerous enhancements to security against both internal and external threats.

5. In addition to Internet connectivity, this latest operating system is better at connecting clients to networks, administrators to servers, and networks to networks.

1. Windows 2002 Server becomes Windows .NET Server that becomes Windows Server 2003.

a) When Microsoft first announced its new server product in June 2001, they called it the Windows 2002 Server.

b) By September 2001, the name changed to Windows .NET Server, and by August 2002, the name changed to Windows .NET Server 2003.

Table 1-1: Minimum Hardware Requirements for All Members of the Windows Server 2003 Family

Chapter1 Summary

· Windows Server 2003 evolved from the operating systems that came before it: Windows for Workgroups, Windows NT, and Windows 2000.

· Windows for Workgroups made setting up and using small networks much simpler than it was earlier. Computers running Windows for Workgroups were able to act as both clients and servers on the same peer-to-peer network.

· Windows for Workgroups suffered from the limitations of peer-to-peer networks, which are difficult to manage and use, once they exceed seven to ten computers.

· Windows NT was the first Windows operating system to be completely independent of DOS. It was also the first Microsoft operating system to be released as both a server and a workstation product.

· Windows NT offered improved security through the SAM. At the network level, the SAM became the basis for the domain, the central management unit for Microsoft networks.

· Windows NT introduced the NT File System (NTFS), which permitted the setting of local permissions on files or folders.

· Most users found Windows NT difficult to master and administer. Windows NT also lacked sufficient security measures to protect files stored on the hard drive from unauthorized access.

· Windows 2000 was essentially the latest version of Windows NT, with additional refinements.

· Windows 2000 introduced Active Directory, the Microsoft Management Console (MMC), NTFS5 that enabled file encryption, and disk quotas. These tools collectively addressed the shortcomings of Windows NT.

· Windows Server 2003 is available in four editions: Standard Edition, Enterprise Edition, Datacenter Edition, and Web Edition.

· The Standard Edition runs on 32-bit processors, can take 4GB of RAM, and supports up to four SMP processors at a time.

· The Standard Edition offers Active Directory, file and print services, management services, and Internet connectivity and security. It is targeted at small businesses or department-level business units.

· The Enterprise Edition offers both a 32-bit version and a 64-bit version. Both versions run on the Intel Itanium processor, and accept up to eight SMP processors. The 64-bit version supports up to 64GB of RAM. The 32-bit version supports up to 32GB of RAM; it also supports Hot Add Memory.

· The Enterprise Edition supports the additional service of server clustering. It is targeted at businesses that depend on their networks for e-commerce or other business-critical activities.

· The Datacenter Edition offers the Windows Datacenter High Availability Program, which provides support through a Datacenter Support Provider. It is available only with the purchase of a certified server from a licensed original equipment manufacturer (OEM).

· The Datacenter Edition also offers both a 32-bit version and a 64-bit version. The 32-bit version supports 64GB of RAM and up to 32 SMP processors. The 64-bit version supports 512GB of RAM and up to 64 SMP processors.

· The Datacenter Edition offers the same features as the Enterprise Edition with the exception of some Internet connectivity services. It is targeted at businesses that cannot afford disruption of their network operations.

· The Web Edition supports 32-bit processors running up to 2GB of RAM and up to two SMP processors.

· The Web Edition offers a pared-down set of services found in the other editions that focus on hosting Web sites and serving up Web pages. It is an inexpensive option for businesses that aim to run their own Web server.

· Windows Server 2003 is at least twice as fast as Windows NT and supports more RAM and SMP processors than Windows 2000 in certain editions. It is more reliable, easier to manage, and more secure than previous operating systems.

· Windows Server 2003 is the first operating system to fully integrate Microsoft’s .NET initiative. .NET is a set of technologies that greatly ease the ability of servers, clients, networks, other devices, and entities to communicate with each other and share data easily.

· Windows Server 2003 offers new features such as redirection of the My Documents folder, Shadow Copies of Shared Folders, open file backups, and Software Restriction Policies.

· Both the Standard Edition and the Web Edition require a 133 MHz processor, 128MB of RAM, and 1.5GB of hard drive space. Microsoft recommends a 550 MHz processor and 256MB of RAM for both editions.

· The Enterprise Edition 32-bit version requires a 133 MHz processor, 128MB of RAM, and 1.5GB of hard drive space. The Enterprise Edition 64-bit version requires a 733 MHz 64-bit processor, 128MB of RAM, and 2GB of hard drive space. Microsoft recommends a 733 MHz processor and 256MB of RAM for both versions.

· The Datacenter Edition 32-bit version requires a 400 MHz processor, 512MB of RAM, 1.5GB of hard drive space, and eight SMP processors. The Datacenter Edition 64-bit version requires a 733 MHz 64-bit processor, 512MB of RAM, 2GB of hard drive space, and eight SMP processors. Microsoft recommends a 733 MHz processor and 1GB of RAM for both versions.

answer file — A text file used by Windows setup or remote installation services that provides the answers to installation and configuration questions. The default answer file is unattend.txt.

attended installation — An installation during which the user interactively responds to prompts by the Windows setup program for information and configuration options.

clean installation — An installation of an operating system on a computer hard disk that has been wiped of any previous operating system or data.

critical update — An update to the operating system that addresses a security flaw or problem that could result in serious data loss or system failure.

disk image — A computer file that represents an exact duplicate of a hard disk and its contents. An image can be used to create an exact copy of that hard disk on another machine.

downgrades — An installation of a less-powerful edition of a new operating system over an existing installation of a more powerful edition of an older operating system.

driver update — An update to the software programs used by the operating system to communicate with various pieces of hardware within or attached to the computer system. One of the categories of updates found on the Windows Update Web site.

formatting — The process of preparing a hard disk partition to hold data by placing the file system and its organizational structures on the drive.

Hardware Compatibility List (HCL) — The tool of choice for Windows XP, Windows Me, and Windows 2000 for checking hardware compatibility for those operating systems.

Microsoft Product Activation (MPA) — An approach to reducing the piracy of Microsoft software that requires users to activate the software through Microsoft within a certain number of days after installation. Windows XP and onwards can be activated only on a single computer system, thus eliminating piracy.

partition — A discrete portion of a hard disk that is used as the underlying structure for the storage of data on that disk. A partition must be formatted with a file system before data can be stored on it.

Per Device or Per User licensing — A Windows Server 2003 licensing mode that requires a single client access license for every potential user or device that might connect to the server but puts no limit on the simultaneous number of connections to the server.

Per Server licensing — A Windows Server 2003 licensing mode that is based on the total number of concurrent connections to a particular server irrespective of the users or devices that make these connections. The default licensing mode of Windows Server 2003 is Per Server licensing with five concurrent connections.

service pack — A collection of many different updates, improvements, and sometimes, additions to the operating system that is released after extensive testing. One of the categories of updates found on the Windows Update Web site.

software piracy — The illicit copying and/or distribution of software beyond the terms of the manufacturer’s license agreement.

strong password — A password that is difficult to guess. Strong passwords typically use a combination of upper and lowercase letters, numbers, and symbols, and avoid the use of proper names and words that can be found in a dictionary.

unattended installation — An installation that depends on an answer file for responses to the setup program’s prompts and configuration options rather than on the interactive input of the user.

upgrade installation — An installation of an operating system over a previously installed copy of an earlier operating system that preserves system settings and installed applications.

Windows Update — An online tool that checks for and installs updates to the operating system. Windows Update can be customized to automatically download and install upgrades, or to notify the user that new upgrades are available.

Windows Upgrade Advisor — A utility included in the Windows Server 2003 installation CD that can be used to check a system for compatibility with the operating system before the installation is begun.

Windows Server Catalog — An online tool for checking the compatibility of both hardware and software with Windows Server 2003, Windows XP, and Windows 2000

1. The Microsoft Windows Upgrade Advisor can be run from the installation CD. Run the Microsoft Windows Upgrade Advisor to detect and fix any problems before installing the operating system.

2. This utility will not work properly if the computer is currently running an operating system, such as Windows 98 or Windows XP, that cannot be directly upgraded to Windows Server 2003.

1. The HCL allows you to search a comprehensive list of products by category and keywords. It returns information regarding compatibility with Windows 2000, Windows Me (Millennium edition), and Windows XP.

2. In Windows Server 2003, HCL has been replaced by a new online tool called the Windows Server Catalog.

3. You can access the Windows Server Catalog from the setup program on the Windows Server 2003 installation CD, from the All Programs menu of a Windows Server 2003 computer, or directly at: http://www.microsoft.com/windows/catalog/server/

4. You can also access the Windows Server Catalog from the command prompt by typing d:\i386\winnt32.exe -checkupgradeonly.

5. Microsoft suggests that administrators should use the Windows Server Catalog as their first destination when considering the purchase of new components and peripherals

1. During an attended installation, you respond to queries by the installation program.

a) Even if the users have never installed a client operating system such as Windows 2000 Professional or Windows XP, they will find it easy to follow the steps for installation.

a) They are quite time-consuming. On most machines, the process may take around 45 minutes to complete.

1. An unattended installation does not require your constant presence during the process. By pre-configuring an answer file, you can start the installation and then leave it to finish on its own.

a) If you have to install Windows Server 2003 on several similar servers, you can set up a single answer file.

b) You can save the answer file by any name, but it is normally saved as unattend.txt. If the installation source files to be used during an unattended installation are located on the network, the answer file can be given any name. However, if the installation files and the answer file are on a CD, the answer file must be named winnt.sif.

c) Unattended installations are useful when deploying a large number of client operating systems, such as Windows XP or Windows 2000 Professional.

a) In most cases, an unattended installation will not save you much time when setting up a single computer. An unattended installation requires careful planning.

b) To create an answer file using Notepad or another text editor, you can refer a help file called ref.chm that is available on the Windows Server 2003 CD in the Deploy.cab file. A .cab file, or a cabinet file, is a special type of file that holds other compressed files.

c) Another utility is the Setup Manager, which is also located in the Deploy.cab file as setupmgr.exe. This utility takes you through the creation of a basic setup file suitable for most situations. It also helps to set the answer file on multiple machines.

a) You can place the \I386 directory on a network share and access the files over the network rather than from the CD.

b) This method requires a good bit of planning and work in advance, but it can save time if you have many installations to perform.

b) Disk images allow you to set up a drive on a machine, including the operating system and any applications you might want to install. It then makes an image of that drive, which can be copied to other identical computers.

c) You need a separate disk imaging utility to make disk images. Although Windows Server 2003 does not make disk images, it includes some tools that can be used to set up the images and deploy them to other computers.

1. Clean installation refers to installing an operating system on a computer hard drive that has been wiped of any prior operating system or data.

2. A clean installation is recommended for any operating system as it eliminates all chances of incompatibilities with older software. It also allows the new operating system maximum control over certain aspects of hardware configuration.

3. During an upgrade installation, the new operating system replaces the existing operating system, but preserves existing configuration settings, installed applications, and data.

4. One of the benefits of upgrade installations is that the new operating system is ready to go with minimal time needed to reinstall applications, and reconfigure the hardware and the OS.

5. Microsoft recommends that Windows Server 2003 be installed using a clean installation.

6. In most cases, Windows Server 2003 can be installed as an upgrade to Windows NT 4.0 with Service Pack 5 or later and Windows 2000. Downgrades are not supported.

1. A hard drive partition is a discrete portion of a hard drive that is used as the underlying structure for the organization of data on the drive.

2. The space that is left unpartitioned can be used later for various purposes, as needed. Space that has already been partitioned is essentially committed and cannot be easily reallocated.

3. The Windows Server 2003 installation program allows the user to install the operating system on an existing partition, delete existing partitions, and create new partitions of varying sizes.

4. It is recommended that the partition you install Windows Server 2003 on be 4GB or more. This helps to hold the operating system files and any future expansion.

1. Formatting is a process that places the file system, which actually organizes the partition and tracks the locations of files, on the drive.

a) It allows the network administrator to set file- and folder-level access permissions.

b) It allows files to be encrypted, and permits selective compression of individual folders to improve storage management.

a) This file system is necessary to boot the server using an older operating system that does not support NTFS and access your files.

b) It can be useful if you want to boot from the DOS partition for troubleshooting.

a) Is based on the total number of concurrent connections to a particular server.

b) Can be useful for smaller networks as it is a cheaper option. More users can use the network for a cheaper overall price, as long as only a limited number connect at any one time.

b) Requires a license for every potential connection to the server but does not put a limit on simultaneous connections.

c) Recommended for large networks where client devices connect to more than one server.

3. If you are not sure which mode to choose, select Per Server licensing. Later, if you decide to use Per Device or Per User licensing, you can change modes.

2. A server name should consist of 63 or less characters. These characters should consist of only upper and lowercase letters, numbers, and hyphens. It should not contain spaces and should not be entirely made up of numbers.

1. The password for the administrator account is the key to the whole installation.

2. Create a secure password, which you can remember, but is difficult for others to guess.

1. The first of two choices for network settings is called Typical settings. These are network settings used on most networked computers. Typical settings will configure the server to use the TCP/IP protocol suite, and to obtain the proper IP address automatically. File and printer sharing, as well as support for logging on to a Microsoft network, will be installed.

2. The second option, Custom settings, allows you to choose exactly which networking protocols and services you want to run, and to configure them on the spot.

3. After configuring the networking settings, the installation program will also ask you to identify the workgroup or domain your computer will be joining.

A. The first indication of a successful installation is that the system effectively reboots into the new operating system at the end of the process.

1. The logon prompt that appears after the computer boots requires the user to press ctrl-alt-delete to log on. This keystroke combination is meant to defeat any possible malicious programs that might be trying to record user names and passwords by displaying fake logon prompts.

1. Using Microsoft Product Activation (MPA), products like Windows Server 2003 must be activated within a limited number of days or they will cease to work.

3. The process works through a combination of codes that identify both the unique copy of the software and the hardware it is being run on, and record that information with Microsoft.

4. You must activate Windows Server 2003 within 30 days of installation or it will become inaccessible to users.

5. To activate Windows Server 2003, go to Start | All Programs | Accessories | System Tools | Activate Windows.

1. Windows Update is a Web-based service built into the newer Microsoft operating systems. It allows quick and easy checking for, and installing of, updates.

2. Once you have contacted the Windows Update Web site, it will scan your computer and operating system. It will report any updates that are currently available for your setup.

a) A critical update addresses a security flaw or a problem that could result in serious data loss or system failure.

a) A service pack is a collection of different updates, improvements, and additions to the operating system that is released after extensive testing.

b) Service packs are major updates to an operating system, and are typically numbered and released periodically throughout the life of the operating system.

b) This is also the category where new components, or new versions of components, are made available.

a) A driver update is an improvement to the software programs that allow hardware components, such as video cards and printers, to communicate with the operating system.

1. Windows Update can be configured to scan for updates according to a schedule. It can even download and install them automatically.

2. To access the configuration settings for Windows Update, click Start, right-click My Computer, select Properties, and then click the Automatic Updates tab.

(1) Windows Update utility will still receive information about available and new updates from Microsoft when you are connected to the Internet.

(1) Allows Windows Update to transfer the update files to your computer as they become available. It also allows you to review them and choose the ones you want to install.

(1) Allows the user to schedule when updates should be downloaded and installed. This option will automatically install all available updates, and reboot the system if required.

CHAPTER 3 Introduction to Windows Server 2003

American Registry for Internet Numbers (ARIN) — The Regional Internet Registry (RIR) responsible for allocating IP addresses within North America, and some parts of the Caribbean and North Africa.

Classless Inter-Domain Routing (CIDR) — A scheme for allocating IP addresses that uses variable-length subnet masks, as opposed to the three fixed masks of the older class-based system.

domain name system (DNS) service — The Windows Server 2003 service responsible for resolving DNS names into IP addresses.

dotted decimal — A form for expressing IP addresses that consists of four decimal numbers, ranging from 1 to 255, and each separated by a period. The IP address 192.168.2.1 is one example.

dynamic IP address — An IP address that is assigned by a dynamic host configuration protocol (DHCP) server. A dynamic IP address may change from time to time as its lease on the address expires.

forward lookup zone — A list of external DNS servers to which requests for DNS names from outside the domain are sent. By default, a forward lookup zone is configured to query one or more Internet root servers to begin the process of resolving external DNS names.

fully qualified domain name (FQDN) — A form of a computer’s DNS name that indicates both the name of the computer and the domain to which it belongs. The name rah2.ecktek.com is an example of a fully qualified domain name that identifies the rah2 computer on the ecktek.com domain.

Internet Assigned Numbers Authority (IANA) — The ultimate authority for the allocation of IP addresses on a global basis. The IANA allocates IP addresses to lower-level Internet registries that then allocate addresses to actual networks.

IP host name — The segment of an IP address that identifies the individual computers on a network. It is represented by the part of the IP address, in binary, that corresponds to the 0’s of the subnet mask.

ipconfig — A useful Windows utility for displaying the status and configuration settings of a computer’s network interface cards.

IPv6 — An IP addressing scheme that makes use of 128-bit addresses and provides over four million unique addresses for each square meter of the entire Earth’s surface.

lease — The duration during which a client that is assigned an IP address by a DHCP server is permitted to retain that IP addresses. The lease can be renewed before its expiry. After a lease has expired, the client must renegotiate a new lease and, in the meantime, the originally leased IP address may be reassigned to another client.

name resolution — The process of translating DNS or NetBIOS names into IP addresses and vice versa.

Network Address Translation (NAT) — A technology that allows a router, or other network devices, with a public IP address to “stand in” for computers on the network using private IP addresses. NAT avoids potential conflict between IP addresses within a network and IP addresses outside the network. It helps conserve limited public IP addresses.

Network Basic Input/Output System (NetBIOS) — An older networking system used by the earlier versions of Windows such as Windows 98 and Windows NT.

protocol — A set of rules and standards for network communications between computers and/or networks.

reverse lookup zone — Used by a DNS server to resolve a DNS name from an IP address.

root servers — Public DNS servers that assist in the resolution of external domain names by pointing requests towards the DNS server responsible for the top level domain that the name belongs to.

router — A network device used for connecting two different networks, such as a LAN and the Internet. It frequently provides network address translation (NAT).

static IP address — An IP address that has been manually configured and does not change.

subnet mask — Used to mask off the part of an IP address that identifies the network from the individual PC. A common example of a subnet mask is 255.255.255.0.

Transmission Control Protocol/Internet Protocol (TCP/IP) — The network communications protocol suite used by the Internet and Microsoft networks.

Windows Internet Name Service (WINS) — The service responsible for resolving NetBIOS names into IP addresses.

zone name — Identifies the domain or portion of a domain for which a DNS server is responsible. Used by the DNS server to determine which name requests are internal and which are not.

a) Used to indicate which part of an IP address refers to the network, and which part refers to the device or host.

b) Converting the subnet mask to binary helps you to identify the two unique portions of an IP address, where 1 indicates the network and 0 indicates the host.

b) ISPs get their allocation of IP addresses from a Local Internet Registry (LIR), National Internet Registry (NIR), or Regional Internet Registry (RIR).

c) The American Registry for Internet Numbers, or simply ARIN, is the RIR responsible for allocating ranges of IP addresses within North America, and in some parts of the Caribbean and Africa.

d) Until around 10 years ago, IP addresses for public networks were distributed using a system of three primary classes known as class A, class B, and class C.

1. A Dynamic Host Configuration Protocol (DHCP) server provides a dynamic IP address to devices as they connect to the network.

2. A dynamic IP address is one that can change, sometimes each time a connection to the network is established.

a) Servers and some other devices will not work properly if IP addresses keep changing.

a) Servers, printers, and other devices that provide network resources to users function best when their IP addresses do not change from time-to-time.

1. IP addresses, and related settings, are accessed through the Local Area Connection Properties dialog box.

a) The Internet Protocol (TCP/IP) Properties dialog box is where you will choose between obtaining your IP address automatically or entering the information manually. In addition, you can configure settings for a special service known as DNS.

b) Once you have chosen to enter the IP address manually, you need to also enter the subnet mask for that address.

c) The default gateway setting allows you to point the computer towards a router for access to other networks, such as the Internet.

1. It helps to avoid human error of mistyping an IP address, subnet mask, default gateway, or preferred DNS server. Any mistakes in these entries could cause a failure in the network communication process.

4. To take advantage of DHCP, at least one server on the network must be configured as a DHCP server.

1. DHCP manages IP addresses by issuing a lease to client computers for a particular address. These addresses are drawn from a pool of IP addresses called the scope.

a) The scope consists of a range of IP addresses that are valid for the network that the DHCP server is connected to, excluding any addresses that have already been assigned as static IP addresses.

b) The lease issued to clients, for a particular IP address, is valid for a limited time.

a) The first step in configuring DHCP is to add a new scope using the New Scope Wizard.

(1) A name and description can help identify each scope, if you have more than one.

(1) The IP address range is defined by entering the first and the last address in the range, along with the subnet mask.

(1) Any IP addresses that are being assigned statically must be excluded from the DHCP scope; if they are not, they may be leased to a client machine and create a conflict.

(1) Lease duration is set in days, hours, and minutes. A general rule of thumb is that networks with relatively stable client bases benefit from longer leases. Longer leases may improve network performance, since lease requests generate network traffic, and longer leases reduce lease requests. Networks with a dynamic client base, perhaps from many portable computers, may benefit from shorter leases in order to conserve IP addresses.

(1) You can enter the address of a router that serves as the default gateway to an external network, such as the Internet.

(1) If your network is running either DNS and/or WINS, it is possible to have DHCP automatically configure client computers to help find the servers running these services.

Chapter 3 Review

· Transmission Control Protocol/Internet Protocol (TCP/IP) is a protocol suite that handles network addressing, data encoding, and the communication connections for networks. TCP/IP is the preferred protocol on most modern networks, and is also the protocol suite used by the Internet.

· IP addresses are normally expressed in a form known as dotted decimal, which is a sequence of four base-10 numbers, each ranging from 0 to 255 and separated by a period.

· The IP addressing scheme provides almost 4.3 billion unique addresses, but the supply is running out. A new addressing scheme, known as IPv6, will provide over 4 million unique addresses for each square meter of the Earth’s surface.

· Subnet masks are used to divide IP addresses into one component that identifies the network and another that identifies the host, or client, on the network. This is similar to the way the area code and exchange of a telephone number works.

· Subnet masks, in binary, consist of a string of 1’s followed by a string of 0’s. When a subnet mask is matched to the binary expression of an IP address, the portion of the IP address that coincides with the 1’s of the subnet mask is read as the network ID. The portion of the IP address corresponding to the 0’s of the subnet mask is read as the host ID.

· Public IP addresses are allocated by the Internet Assigned Numbers Authority (IANA) to organizations such as the American Registry for Internet Numbers (ARIN). ARIN allocates numbers to national or local Internet registries, or directly to ISPs. ISPs assign IP addresses to the organizations that are their customers.

· IP addresses used to be distributed using a three-class scheme, which was very inefficient. In 1993, the IANA started using Classless Inter-Domain Routing (CIDR). CIDR uses variable length subnet masks to allow greater control over the number of host addresses available in a particular network.

· Private IP addresses for networks that will not connect directly to the Internet should be chosen from special ranges reserved by the IANA. Private networks can connect to the Internet through the use of routers that are capable of using Network Address Translation (NAT).

· A dynamic IP address is assigned to a client by a Dynamic Host Configuration Protocol (DHCP) server. Dynamic IP addresses can, and do, change from time-to-time, which can be a problem for servers and some other devices.

· A static IP address does not change and is usually set manually at the client. Many servers need a static IP address.

· Configuring TCP/IP requires entering an IP address and an appropriate subnet mask. You can also configure a gateway address that points to a router connecting the network to other networks or the Internet.

· DHCP prevents mistyped IP addresses, inadvertent duplication of addresses, and helps to conserve limited addresses by reusing addresses, as necessary.

· DHCP, DNS, and WINS are not installed as part of the typical networking settings.

· DHCP manages a pool of IP addresses called the scope. These addresses are leased for a limited amount of time to clients on the network.

· Addresses that are assigned as static IP addresses must be excluded from the DHCP scope.

· Lease duration is set in days, hours, and minutes. Lease duration should be increased for larger, more stable networks if there are available IP addresses.

· Both DNS and WINS translate computer names and domain names into IP addresses in a process known as name resolution.

· WINS is used by older operating systems that use Network Basic Input/Output System (NetBIOS) names.

· DNS should be installed on most Windows Server 2003 networks to handle internal name resolution and to forward queries it cannot handle to external DNS servers. DNS is required in an Active Directory domain-based network.

· DNS requires more configuration than WINS. DNS configuration includes the creation of a forward lookup zone, which forwards requests for external name resolution to external DNS servers while handling internal name resolution.

· DNS configures access to root servers on the Internet to aid in the process of resolving external domain names.

· A reverse lookup zone can be used to look up a domain name based on an IP address. This can be useful for troubleshooting.

· A DNS zone name, which is usually the domain name of the network, defines the internal network for the DNS server. The zone name could be a portion of the domain on larger networks.

Active Directory (AD) — The directory service that manages the database of objects that make up a Microsoft domain.

contiguous namespace — A logical network structure, common to trees in Microsoft networking, in which all domains share the same root domain name. For instance, the domains peru.ezeranch.com, venezuela.ezeranch.com, and mexico.ezeranch.com all exist in a contiguous namespace.

demote — To remove the domain controller role from a server, converting it into a member server or a stand-alone server.

disjointed namespace — A logical network structure, common to forests in Microsoft networking, in which domains do not share the same root domain name. For instance, the domains peru.ezeranch.com and east.ezesteaks.com exist in a disjointed namespace.

domain controller (DC) — A server upon which Active Directory has been installed, and is then used to administer the network and its objects.

domain functional level — A configuration setting for Windows Server 2003 domain controllers that determines the features available within the Active Directory domain. The choice of domain functional level is limited by the presence of domain controllers running earlier operating systems such as Windows 2000 or Windows NT.

domain name — The name of the Active Directory domain, which may either take the form of an Internet DNS name, such as ecktek.com, or a purely internal name, such as ecktek.local.

domain name system (DNS) — The system for assigning names to networks and computers that can then be associated with registered IP addresses.

first-layer domain — The first child domains created under the root domain in an Active Directory. For instance, peru.ecktek.com is a first-layer domain of ecktek.com.

forest functional level — A configuration setting for Windows Server 2003 domain controllers that determines the features available within the Active Directory forest. The choice of forest functional level is limited by the domain functional level of the domain controllers within the forest.

global catalog (GC) — A directory database hosted on one of the domain controllers in a tree or forest that keeps track of a few key pieces of information for each network object within the tree or forest. Used to help locate network objects between domains without the need to fully replicate the Active Directory database of each domain.

Group Policy Management Console (GPMC) — A new tool introduced in Windows Server 2003 for easily managing group policy object settings. Although the GPMC is not included with Windows Server 2003, it can be downloaded easily from Microsoft’s Web site.

member server — A server that belongs to an Active Directory domain but is not a domain controller.

multimaster replication — The process used by Active Directory to continuously synchronize the Active Directory database on all domain controllers within a domain to ensure that the information on each is up-to-date.

namespace — The logical area within Active Directory in which names are resolved.

organizational unit (OU) — Logical network structures used to subdivide a domain into more manageable parts. Each OU can have its own group policies applied to it, and the administrative control of OUs can be delegated to ease the workload on the administrator of the domain.

promote — Describes the process of converting a stand-alone or member server into a domain controller through the installation of Active Directory.

schema — The set of attributes, both required and optional, that describe a network object within an Active Directory domain.

second-layer domain — A child domain of a first-layer domain. For example, sales.peru.ezeranch.com is a second-layer domain of peru.ezeranch.com, which is the first-layer domain of ezeranch.com, which is the root domain.

site — An Active Directory structure that uses subnets to segment the domain based on connectivity speed.

stand-alone server — A server that is not a domain controller and does not belong to an Active Directory domain.

tree — A logical network structure that consists of a hierarchy of two or more domains that share a contiguous namespace.

two-way, transitive trust — The trust that exists by default between domains in a tree. The trust is two-way, where each domain is trusted by and trusts the other domain. The trust is transitive, which means, if one domain trusts another, it also trusts all other domains trusted by the other domain.

2. The domain is formed when the first server on the network is promoted to a domain controller (DC). A server is promoted by installing Active Directory.

3. A domain is a container that forms a security boundary between the domain and the rest of the environment.

4. When there is more than one DC, Active Directory maintains synchronized directories on each through a process known as multimaster replication.

5. Every domain has a domain name, which becomes part of the identification of every object in the domain.

6. Microsoft refers to Active Directory as a namespace. A namespace is a logical area in which names can be resolved, or understood.

2. The domains exist within a contiguous namespace, which means they all have the same root domain name.

3. All the parent and child domains in a tree possess a two-way, transitive trust between them

b) Consider obtaining a registered DNS name to prevent future problems that could occur from another organization using the same domain name.

c) The name should be relatively short, so it is both easier to remember and type. Also, in order to prevent problems with older client operating systems, which do not understand domain names, it is best to keep the name to 15 characters or less.

a) The Active Directory database and log file are normally stored in the NTDS subfolder of the WINDOWS folder.

b) The SYSVOL folder contains all the information that gets replicated between domain controllers. It is also usually located in the WINDOWS folder on an NTFS formatted partition.

a) One of the prerequisites for installing Active Directory is that the DNS service be installed and configured properly.

a) During the installation of Active Directory, you will be asked whether you want to enable support for older server operating systems like Windows NT.

b) If you are creating a new domain, it is not necessary to choose Windows NT servers. You can choose to use only permissions compatible with Windows Server 2003.

a) If the Active Directory data store should become corrupt, the Restore Mode can be used to fix the problem. The Restore Mode administrative password is necessary to use the Restore mode.

Chapter-4 Review / Summary

Before moving on to the assessment quiz, review the material in the chapter with the students.

· Every Microsoft client/server network begins with a domain, which becomes the container for everything in the network, and forms a security boundary between the network and the rest of the environment.

· Domains are formed when the first server on the network is promoted to become a domain controller (DC).

· Servers are promoted to DCs through the installation of Active Directory, which maintains a database that manages all network objects.

· Active Directory uses multimaster replication between multiple DCs to maintain synchronized versions of itself. This allows the network to continue to operate even if one DC fails for some reason.

· Each domain has a domain name, which is similar to an Internet DNS domain name. Although the domain name may not be used for Internet access to the network, it should still be registered.

· Microsoft networks exist within a namespace, which is a logical area in which names can be resolved. The root domain forms the initial namespace for the network.

· A tree is formed by a hierarchy of domains with a contiguous namespace. The domains in a tree share a common schema and a common global catalog. A two-way, transitive trust exists between them.

· The global catalog tracks only key information for the objects in the domains of a tree, which saves time, and allows the global catalog to help users in one domain find objects in another.

· The child domains of the root domain are called first-layer domains, while their child domains are called second-layer domains.

· The root domain also forms the first tree when it is created, but it is a tree of only a single domain.

· A forest consists of two or more trees of domains, with a disjointed namespace between the trees.

· Forests share a common schema and a common global catalog, and have a two-way, transitive trust between the domains.

· Organizational units (OUs) are used to subdivide a domain and make it more manageable. Administration of OUs can be delegated and created to reflect the actual operational or political structure of the organization.

· Sites use subnets of the network to identify computers and servers by their physical proximity or the nature of their connection. Sites allow modifications to the replication schedule between DCs.

· Active Directory simplifies management for administrators by providing a centralized representation of all network objects and structures.

· Administrators can use Active Directory to modify the layout of users’ desktops and to roll out applications to clients remotely.

· Users benefit from Active Directory’s ability to publish shared printers and folders, and allow them to be easily searched for. Printers can even be located by their features, and installed with little technical knowledge.

· Active Directory gives administrators extensive control over users’ access to resources through the applications of standard and special permissions to authenticated users.

· Administrators can control the activities of both users and client computers through Active Directory.

· Users are benefited as only a single authentication is required to gain access to all appropriate resources. They also have the ability to control access to their own local resources.

· Active Directory can provide other application access to its data store, thus allowing them to make use of security settings or access permissions.

· Active Directory can interact with hardware components, thus allowing to change configurations based on information stored in the directory.

· Active Directory in Windows Server 2003 provides an improved user interface with drag-and-drop capability, a new Group Policy Management Console, and the ability to rename domains.

· Both a member server that already belongs to a domain, and a stand-alone server that does not, may be promoted to become domain controllers.

· Planning for the installation of Active Directory requires choosing a domain name and folder locations.

· Before Active Directory installation, determine whether the DNS is installed or configured properly.

· Determine whether the Active Directory should support older versions of the operating system.

· After installing Active Directory, it is necessary to raise both the domain functional level and the forest functional level to a level high enough to support the new features

CA 221 OS-II (Server2003)

Prepared by:

Rashid Ali Khan

(Coordinator, Dammam Community College)

CHAPTER 5

Active Directory Assistance

contact — An Active Directory object that represents the contact information for an individual outside the network.

container — An Active Directory object that can contain other objects. Containers are represented in Active Directory using variations on the folder icon.

distinguished name (DN) — A name which fully identifies an Active Directory object and its place within the domain. Example: CN=WIN2K03SRV,CN=Servers,CN=Home,CN=Sites,CN=Configuration,DC=ezeranch,DC=com.

distribution group — An Active Directory object whose purpose is to group together computer accounts, user accounts, and group accounts, solely for the purposes of sending e-mail messages and not for the setting of access permissions.

domain local group — A group scope that allows access to resources only within the domain in which the domain local group account was created. Domain local groups may contain other domain local groups from the same domain, and computer accounts, user accounts, global groups, and universal groups from any trusted domain.

global group — A group scope that can be given access to resources within any domain in the forest. Global groups may contain other global groups, computer accounts, and user accounts only from their own domain.

group account — An Active Directory object that represents a group of computer or user accounts for the purposes of access permission assignment or communication.

group policy — A feature of Windows Server 2003 that allows administrators to apply groups of settings to all members of a domain or an OU. Group policy settings can be used to control everything from registry settings at client computers to user rights and software restriction policies.

group scope — The term used to describe the extent of access potentially provided by membership in a group. The three group scopes are: domain local, global, and universal.

publish — The act of creating an Active Directory object that represents a shared resource such as a folder or printer.

relative distinguished name (RDN) — A simple form of an object’s name that uniquely identifies the object with respect to its position in the Active Directory hierarchy.

security group — A group account that is used to assign permissions for access of resources within the network.

security ID (SID) — A unique identifier associated with each security principal that is used by the operating system to identify that security principal.

security principal — An Active Directory object, such as a computer account, user account, or group account, that can be given access permissions to network resources. The operating system uniquely identifies the each security principal its security ID.

snap-in — Term used to describe an administration tool that can be added to the Microsoft Management Console (MMC).

Terminal Services — The component of Windows Server 2003 responsible for providing users and computers remote access to the server’s operating system either for the purposes of running applications or for remote administration of the server and the network.

universal group — A group scope that can be given access to resources within any domain in the forest. Universal groups may contain other universal groups, global groups, computer accounts, and user accounts from any domain in the forest.

user principal name (UPN) — A name that identifies users and the domain to which their account belongs. An example of a UPN is an e-mail address, such as eecklund@ecktek.com.

2. Computer accounts, for computers running Windows NT, Windows 2000, Windows XP Professional, and Windows Server 2003, are required to join a domain to access the domain’s resources.

3. A computer account is one of the security principals in a domain. A security principal is a network object that can be given access to resources on the network.

a) Active Directory uniquely identifies each security principal with a security ID (SID).

3. To create a user account, the user’s full name, logon name, and the initial password for the account are required.

6. The initial password for the account must be at least seven characters long. To meet complexity requirements, the password should include at least one character each from any three possible groups of the four groups: uppercase letters, lowercase letters, numbers, and special characters. The password must not include any part of the user name.

1. Contacts are created to provide contact information for people who are not members of the network.

1. A group, or a group account, is a security principal that can be used to collectively manage resource access for other security principals, such as user accounts and computer accounts.

3. Distribution groups are used to send messages to multiple users through a single address.

5. You need to choose a name to create a group, whether the group is a security group or a distribution group. For security groups, you will also need to specify whether it is domain local, global, or universal.

1. Organizational units (OUs) are used to subdivide a domain into more manageable segments.

2. They allow administrators to easily group together Active Directory objects that share a relationship within the actual organization’s structure.

3. Administrative tasks for an OU can be delegated to a user other than the network administrator.

4. You can apply a group policy to an entire OU, which allows you to control everything from the appearance of client desktops to advanced security settings.

1. When an Active Directory object represents a shared printer or folder, users can search the resource.

2. The term publish refers to the act of creating an Active Directory object for a shared resource.

3. All shared printers in Windows 2000 and Windows Server 2003 are automatically published.

a) Contains many of the security groups that are built into the installation of Active Directory.

b) Each security group provides different levels of access and different privileges to the users or groups that become members.

c) These security groups allow to assign predefined roles to network users by making them members of the appropriate group.

a) The Computers container is the default location for upgraded computer accounts from earlier network operating systems such as Windows NT.

a) The Domain Controllers container is an OU that contains the DCs for the domain.

b) A single Domain Controller security policy can be applied to this container. This makes it easy for a consistent set of policies to be set across all DCs.

a) This container is used to hold the security identifiers (SIDs) of security principals from external, trusted domains.

a) It is the location of upgraded user accounts from Windows NT and the location of the initial Administrator account.

b) It can also be used to hold user accounts you create that do not belong to a particular OU.

Chapter 5 Review & Summary

· When a computer running Windows NT or higher joins a domain, it creates a computer account. This account can be pre-created, which is typically more efficient.

· A computer account identifies a network computer. It can be used to manage the computer and to install an OS remotely. Most importantly, a computer account is a security principal in the domain, which is uniquely identified by an SID for accessing resources.

· Each computer account must have a unique name. It can also include other information such as description and location.

· Creating user accounts requires a unique full name, a unique logon name, and an initial password that meets the complexity requirements.

· Additional information, including addresses, telephone numbers, titles, and more can be added to the user account after it is created.

· A contact is typically used to store contact information for someone from outside the network.

· A group account is a security principal that allows the collective application of permissions to users and other groups. Distribution groups are strictly used to send messages.

· There are three types of security groups: domain local, global, and universal. They vary in their group scope, which is the level of network structure at which they may provide access to resources.

· Creating group accounts requires only a unique name and the type of group. Other information, including the members of the group can be added later.

· An organizational unit (OU) is used to group together user accounts, computer accounts, and shared resources within a domain to subdivide the domain, and make it more manageable.

· Creating an OU requires only a unique name. After an OU is created, additional information can be added.

· Printer and shared folder objects are generally created automatically, unless they exist on a pre-Windows 2000 system.

· Active Directory Users and Computers is actually an MMC snap-in. Like most snap-ins, it closely follows the familiar user interface of Windows Explorer.

· Active Directory Users and Computers initially has five containers under the domain.

· The Builtin container holds most of the initial domain local security groups.

· The Domain Controllers container holds the DCs for the domain. It is actually an OU.

· The ForeignSecurityPrincipals container holds the SIDs of security principals from external, trusted domains.

· The Users container holds upgraded user accounts, the initial Administrator account, and an assortment of domain local, global, and universal groups.

· Object management consists of tasks such as moving, deleting, and editing object properties.

· The Properties dialog box of the Computer Account object includes General, Operating System, Member Of, Delegation, Location, Managed By, and Dial-in tabs.

· The Properties dialog box for the User Account object includes General, Address, Account, Profile, Telephones, Organization, Terminal Services Profile, Sessions, Environment, Remote Control, COM+, Member Of, and Dial-in tabs.

· The Properties dialog box for the OU object includes General, Managed By, COM+, and Group Policy tabs.

CHAPTER 6 Storage Management

Automated System Restore (ASR) backup set — A feature of Windows Backup that creates a set of disks containing backups of all essential system files and settings including a bootable diskette that can be used to restore the backed up files.

basic disk — A physical disk divided up to four partitions that become the underlying structure for storing data on the disk. All four partitions can be primary partitions, each of which is treated as a single drive letter. One of the four partitions may be an extended partition, which is further subdivided into multiple logical drives.

defragment — The process of rearranging the data stored on a hard disk so that all the pieces of individual files are as close to each other as possible.

dynamic disk — A disk that makes use of volumes, rather than partitions, for dividing the physical disk into discrete storage areas.

extended partition — A partition on a basic disk that can be further subdivided into logical drives. Each basic disk can have only one extended partition. Extended partitions are not bootable under Microsoft operating systems

extended volume — A volume that is actually an extension of an existing simple volume on the same disk.

fault tolerance — The ability of a hardware or software to survive catastrophic events.

fragmented — Term used to describe a hard disk on which the pieces of individual files are spread across rather than stored adjacent to each other.

logical drive — Subdivisions of a single extended partition on a basic disk, each of which is referred to by a single drive letter.

mirrored volume — A volume on a dynamic disk that is an exact, real-time copy of a volume on another dynamic disk. Mirrored volumes provide fault tolerance without decreasing performance.

mounted volume — A volume on a dynamic disk that is associated with an existing folder rather than being assigned a drive letter. Such volumes are accessed by users as if they were folders.

parity-information stripe — Additional blocks of information written to a RAID-5 volume that can be used to recreate any data lost from a hard disk failure.

primary partition — A partition on a basic disk that is assigned a single drive letter and may be bootable.

RAID — Acronym for “redundant array of inexpensive (or independent) disks.”

RAID-5 volume — A volume that uses three or more dynamic disks to provide both increased performance and fault tolerance through striping data and the use of a parity-information stripe.

simple volume — A volume on a single dynamic disk that provides no increased performance or fault tolerance. However, a simple volume can be expanded using extended volumes on the same disk or spanned volumes across different disks.

spanned volume — A volume that uses up to 32 dynamic disks to create larger volumes. Such volumes do not improve performance and actually decrease fault tolerance since the loss of one disk destroys the whole volume.

striped volume — A volume that uses identically sized segments of up to 32 dynamic disks to create a larger volume with improved performance. Such volumes decrease fault tolerance since the loss of one disk destroys the whole volume.

volume — The discrete areas of storage on a dynamic disk that are assigned either drive letters or associated with an empty folder.

Windows Backup — A utility included with some versions of Windows for backing up data stored on hard disks to floppy disks or tape drives.

a) Each primary partition is treated as a separate drive identified by a drive letter, such as C.

b) By using extended and primary partitions, you can subdivide a hard disk into as many as 24 different drives, each with its own drive letter.

3. For computers with only a single physical hard disk, basic disk storage is sufficient.

1. Dynamic disks use volumes, which are basic storage areas for data on the hard disk.

5. You can mount a volume, which makes the volume accessible as a folder to users on the local system or on the network. By mounting volumes, you can create more than 24 drives.

2. Dynamic disks are not useable by earlier operating systems. This is because both, the volumes that improve performance and the volumes that increase fault tolerance, do so by using multiple physical drives.

3. Although older operating systems can access files from a dynamic disk volume, you cannot boot an old version of Windows from such a volume.

4. You can easily convert a basic disk to a dynamic disk at any time with no data loss. However, when converting from dynamic to basic, you will lose all data as you need to delete all volumes on the disk before converting.

b)The Advanced Mode option allows detailed configuration of all backup settings for an experienced user.

c) An Automated System Restore (ASR) backup set allows data to be recovered from complete system failures by backing up all the essential system files and settings.

d) Volume Shadow Copy allows Windows Backup to back up files that are currently opened by users or the system.

e) Other features include the ability to keep a backup log that tracks each backup operation and the ability to schedule backups automatically.

a) Backups created in Windows Server 2003 cannot be restored on any other operating system.

b) Windows Backup does not support writeable optical drives as backup devices.

CHAPTER 7 Printers

dots per inch (dpi) — The measurement of the print resolution of a printer.

local print devices — Printers that are physically connected to one of the ports on a computer.

logical printer — A term in Windows Server 2003 for the software interface between the operating system and the printing device.

non-remote print device — A printer that is accessed by a computer without the intervention of a server.

pages per minute (ppm) — The measurement of the speed of a printer’s output.

parallel port — A 25-pin, D-shaped female port used to attach a printer or other parallel devices to a PC.

physical printer — A term in Windows Server 2003 sometimes used to describe the printing hardware to differentiate it from the logical printer. A physical printer is also known as a print device or a printer.

print device — A term in Windows Server 2003 sometimes used to describe the actual printing hardware to differentiate it from the logical printer. This term is synonymous with the terms physical printer and printer.

print queue — The collection of documents held by the print spooler waiting to print.

print server — A server-classed computer connected to multiple printers to make them available to network clients.

print spooler — The software that accepts the documents to be printed and stores them until the printer is ready.

printer — A term in Windows Server 2003 sometimes used to describe the printing hardware to differentiate it from the logical printer. This term is synonymous with the terms physical printer and print device.

printer pooling — A technique of treating several identical printers as a single logical printer to distribute print jobs among the printers that make up the pool.

priority — When used with printers, priority refers to the settings that control which logical printer prints first. When used with print jobs, priority refers to the settings that control which print job prints first. When used with running processes, priority refers to the settings that control which process can first access the computer and the resources of the operating system.

redirect print jobs — The process of reassigning the port associated with a logical printer for sending print jobs intended for one print device to another.

remote print device — A printer that is accessed by a computer with the intervention of a server.

USB port — A small, rectangular port used to connect printers, and a variety of other devices, to a PC. A single port can support high-speed data transfer up to a maximum of 127 devices.

Chapter 7 Review

· A logical printer is the software interface between the operating system and the device that prints.

· A printer is the hardware that does the printing. In some cases, a printer is formally described as a physical printer or print device to differentiate it from the logical printer.

· Local print devices are printers that are physically connected to one of the ports on the computer.

· Local print devices are easy to install, but must be located close to the computer to which they are connected. The connections for local printers are not designed to support a large number of printers simultaneously.

· Some network print devices connect directly to the network, while others can accept optional network cards. Local print devices can become network print devices by connecting to external devices called print servers. The print servers connect them to the network. Regardless of the method, the printer becomes associated with a network IP address as its port.

· Network print devices can be located anywhere on the network, and can be centrally administered by a print server. The print server handles all print jobs and helps improve client computer performance.

· If a computer communicates directly with a printer, Microsoft refers to the device as non-remote. A non-remote print device does not require a special print server, and provides greater control to the computer using the printer. However, computer performance may be affected, and may also cause delays if several computers connect to the same non-remote device.

· If a computer communicates with a printer through another computer, Microsoft refers to the device as remote. A remote device requires a server to handle the task of communicating with the printer. This relieves the load of client computers.

· The General tab of a printer’s Properties dialog box displays the printer’s name, location, and comments, if any. Features of the printer, such as the paper loaded, and its speed and resolution, are also listed on this tab.

· The General tab also offers buttons that allow you to set the printing preferences and print a test page to check whether or not the printer is functioning.

· The Sharing tab allows you to choose whether or not to share a printer. If the printer is shared, it allows you to give the share a name. Printer drivers for other operating systems can also be installed from the Sharing tab. This allows you to automatically download the print drivers to client computers that install the shared printer.

· The Ports tab shows the port being used by a printer and the ports that can be used to create printer pools.

· The Advanced tab allows configuring printer availability, priority, printer driver, spooling behavior, and several other features.

· The Security tab displays and allows the configuration of permissions concerning who can use a printer and what they can do with it. By default, all users can print, but only Administrators and Power Users have permission to print, manage printers, and manage documents.

· Printers may be taken offline and the print spooler may be paused to allow a printer to be worked on, while print jobs still enter the queue.

· Printer pooling allows multiple identical physical print devices to act as a single logical printer thus improving printing performance.

· Print jobs may be redirected to another printer using the same print driver if something prevents the original printer from working properly.

· Print jobs may be paused, resumed, canceled, and restarted. The priority of a print job can also be changed.

· If a client computer cannot print to a network printer, then the printer may be set offline on the client computer. This can happen if the user tries to print without being connected to the network. The solution is to change the status of the printer to online.

· An incorrect printer driver can cause a host of problems including printing nonsense characters. The solution is to install the correct printer driver.

access control entry (ACE) — A term for an individual user or group entry on the access control list (ACL) of a resource.

access control list (ACL) — The list of users and groups to whom permissions have been granted or denied for accessing a particular resource.

domain local group — A group scope that allows to access resources only within the domain in which the domain local group account was created. Domain local groups may contain other domain local groups from the same domain and computer accounts. It may also contain user accounts, global groups, and universal groups from any trusted domain.

effective permissions — The overall effect of all combined NTFS permissions inherited from group membership or applied to the user or group account directly. The ability to analyze effective permissions is a new feature in Windows Server 2003.

group scope — The term used to describe the extent of access potentially provided by membership in a group. The three group scopes are: domain local, global, and universal.

inheritance — The term that describes the implicit granting of access permissions to users and/or groups through their membership in groups that have been explicitly granted these permissions.

nesting — The process of making groups of a particular scope, members of other groups of the same scope. For instance, making a domain local group a member of another domain local group. Nesting should be minimized, as it can make troubleshooting access-related problems difficult.

NTFS permissions — Access permissions for files and/or folders of the NTFS file system.

ownership — An Active Directory concept that refers to the account that can control permissions on the object and grant permissions to others. The account that creates an object initially is the owner of that object.

special permissions — A customizable set of access permissions for files and/or folders on an NTFS-formatted volume.

Chapter 8 Review

· Windows Server 2003 offers security groups of three different scopes: the domain local groups, global groups, and universal groups. Each may also be created as a distribution group.

· Domain local groups allow access only to resources within the domain in which they were created. They may contain user and computer accounts, and other domain local groups from their domain. Global groups, universal groups, computer accounts, and user accounts from other trusted domains may also be members of the domain.

· Global groups may access resources in any trusted domain. Global groups can contain other global groups, computer accounts, and user accounts from their own domain only.

· Universal groups may access resources in any trusted domain. Universal groups may have user accounts, computer accounts, global groups, and universal groups as members from any trusted domain.

· Domain local groups should be used to represent resources within a domain. Global groups should be used to hold user accounts, and should convey permissions to those accounts by joining domain local groups. Universal groups are used in large, multi-domain networks to provide easy access to resources across the domains.

· Share permissions are applied to folders that are shared over the network. They consist of the Read, Change, and Full Control permissions.

· By default, the Read permission is granted to the Everyone group when a new share is created.

· Multiple share permissions are combined so that the least restrictive permission prevails unless permission is explicitly denied.

· NTFS access control permissions control what users can do with files and folders, whether they are accessed locally, or over the network. When combining different sets of NTFS permissions, the least restrictive permissions apply. When combining share and NTFS permissions, the most restrictive set of permissions apply.

· NTFS standard permissions include Write, Read, List Folder Contents, Read & Execute, Modify, and Full Control.

· NTFS standard permissions represent a more extensive set of special permissions, which can be modified through the Advanced Security Settings dialog box.

· NTFS permissions on a folder are inherited by the contents of that folder. This inheritance can be modified in several ways.

· The original creator of a file or folder owns that file or folder. Ownership allows the owner to grant permission to other accounts to take ownership and can be used to track disk usage.

· The Effective Permissions tab in the Advanced Security Settings dialog box can be used to analyze the combination of NTFS permissions from various sources. The results are only approximate and do not include the effect of share permissions.

· Printer permissions are a mix of share permissions and NTFS permissions. Like NTFS permissions, the standard printer permissions represent a slightly larger set of special permissions.

· When access problems occur, first check the share and the NTFS permissions for possible conflicts.

· Use the Effective Permissions tab to evaluate whether or not the account has the required permissions.

· Check group membership to see if one or more groups may be denying the permission to the affected account.

· Check special permissions in case they have been manually altered from their normal settings for the selected standard permissions.

alerts — A feature of the Performance Console that allows to create automated alarms. These alarms are triggered when specific conditions are met. Alerts may be configured for each of the counters that the System Monitor monitors.

application log — The event log that contains events associated with various applications.

commit charge limit — A statistic on the Performance tab of the Task Manager that displays the total amount of memory available. The total amount of memory is obtained by combining both, the page file and the physical memory.

commit charge peak — A statistic on the Performance tab of the Task Manager that indicates the maximum amount of demand placed on the page file since the Task Manager was run.

commit charge total — A statistic on the Performance tab of the Task Manager that indicates the amount of virtual memory currently in use.

counter — A statistic that can be tracked by the System Monitor that is related to the performance of the hardware, software, or operating system component.

counter logs — A feature of the Performance Console that tracks performance object counters in a file over time, so that they can be reviewed later using the System Monitor.

event logs — A feature of Windows NT and onwards that uses log files to track various events related to the system, security, applications, and other areas of operation.

handles — A statistic displayed on the Performance tab of the Task Manager that represents all the resources. The resources include open files or entries in the Registry, which are currently being used by the CPU.

instance — The term that describes a performance object counter when there are more than one objects that the counter applies to. An example is the %Processor Time counter on a computer with multiple processors. The unique counter for a particular CPU would be one instance of the %Processor Time counter.

Messenger service — A service used to send performance alerts. By default, it is disabled in Windows Server 2003.

Performance Console — An administrative tool used to access System Monitor, counter logs, trace logs, and alerts.

performance logs — Log files, including counter logs and trace logs that can be used to track System Monitor performance object counters over time.

performance object — The term used to describe a unique element of hardware, software, or the operating system that may be measured by one or more counters in the System Monitor.

process — The term used in the Task Manager to describe an executable program currently running on the computer.

security log — The event log that contains Success and Failure audit events.

service — A program or process that works with the operating system to support the activities of other programs and users.

system cache — Memory that holds the contents of files that are currently open.

system log — The event log that contains events associated with the operating system.

System Monitor — An administrative tool accessible through the Performance Console. It helps monitor the performance of the hardware, software, and operating system components.

Task Manager — A utility used to manage running applications and processes and monitor various key resource statistics regarding CPU, RAM, and virtual memory utilization.

threads — The subcomponents of a process that perform calculations in the CPU.

trace logs — Performance logs that record the occurrence of specific events. A third-party viewer is required to view trace log data.

Chapter 9 Review

· The Task Manager can be opened by right-clicking the taskbar and choosing Task Manager. You can also use ctrl-alt-delete and click Task Manager in the Windows Security dialog box. You can also use ctrl-shift-esc or type taskmgr from the command line.

· The Applications tab in the Task Manager lists the running applications and their status. It can be used to switch between tasks, start new tasks, and to terminate unresponsive tasks.

· The Processes tab lists the currently running processes along with their CPU time and RAM. The Processes tab can be used to terminate a process or a process tree. You can right-click an application in the Applications tab and choose Go To Process to see which processes belong to which applications. You can also modify the priority of a running process in this tab.

· The Performance tab consists of graphic and numeric displays that detail the current and recent demands made on the server’s CPU and memory resources.

· The Networking tab displays graphic and numeric information regarding the performance of the network interface card.

· The Users tab displays locally logged-on users, and can be used to log users off or disconnect their session. This tab can also be used to send messages to logged-on users.

· The Task Manager is useful for terminating frozen or improperly running programs. It is also useful for tracking down the reasons behind slow server performance.

· The System Monitor is accessed through the Performance Console. It can be used to track counters and counter instances associated with a wide variety of performance objects.

· The information in System Monitor can be presented as a line graph, a histogram, or as a report.

· Counter logs can be used to track the same information as the System Monitor. Counter logs record the data over time for later viewing and analysis through the System Monitor.

· Alerts monitor counters and are triggered when these counters reach certain pre-determined levels. Alerts are recorded in the application log, and may also be configured to send a message to a computer, run a performance log, or execute a command.

· The application log, as the name implies, contains events associated with various applications, including elements of the operating system.

· The security log is only used to record Success Audits and Failure Audits. These are the results of monitoring or auditing the access of various objects including files, folders and printers, and activities such as logons and logoffs.

· The event logs in Windows Server 2003 begin with a default maximum size of 16MB. This may be increased to as high as 4GB. By default, older events are overwritten by newer events when necessary.

· Event logs may be filtered and events can be searched for based on a number of fields used to describe events.

CHAPTER 10 Remote Installation of the Windows XP Professional Client

authorize — To enable a Windows Server 2003 server to provide a particular service to the network.

flat image — A virtual copy of the installation CD used to install an operating system using RIS that acts like the original.

hal.dll — The dynamic link library file used by Windows Server 2003 to represent the actual Hardware Abstraction Layer file provided by the manufacturer of the computer’s motherboard. The hal.dll file is located in the System32 subfolder of the Windows folder.

Hardware Abstraction Layer (HAL) — The part of the operating system that enables the OS to interact with the computer’s hardware in an “abstract” or general way.

Preboot Execution Environment (PXE) — A technology that works in conjunction with NICs to enable a computer to essentially boot from the network even when no operating system is present on the local hard drive.

prestage — Preparing a client computer to use RIS by creating the computer account ahead of time as a managed computer.

rbfg.exe — The utility used to create a boot disk for non-PXE-enabled client computers, so that they can access an RIS server.

reference computer — A client computer used as the basis of a RIPrep image.

Remote Installation Preparation Wizard — The utility used to create RIPrep images of reference computers.

Remote Installation Services (RIS) — The service that allows client computers to be set up over the network.

reparse point — A pointer used by the Single Instance Store groveler agent when it deletes duplicate files. The pointer re-directs programs to the SIS Common Store Folder, which is the new location of the file that was duplicated.

RIPrep image — A Remote Installation Services image created from a reference computer.

Single Instance Store Service (SIS) — The service that conserves disk space on an RIS server by minimizing the duplication of files between multiple images.

SIS Common Store Folder — The folder used by the Single Instance Store Service (SIS) to store copies of deleted duplicate files.

SIS groveler agent — The component of the Single Instance Store Service (SIS) that scans for duplicate files, deletes them, and replaces them with a reparse point. The reparse point indicates the new location of the file.

Volume Licensing Key (VLK) — A single product key that can be used with multiple installations of a volume-licensed product.

Chapter 10 Review

Remote Installation of the Windows XP Professional Client

· RIS allows images of operating system installation CDs or existing client machines with installed programs and configuration settings. These images can then be installed on other client computers over the network.

· Microsoft recommends that RIS servers should maintain a separate volume for images of at least 4GB in size, formatted with the NTFS file system.

· All versions of Windows Server 2003, except Web Edition, can act as RIS servers. All versions of the Windows 2000 server operating system were also able to act as RIS servers.

· RIS requires Active Directory to be installed on the network, and DNS and DHCP to be running on at least one server.

· RIS servers need to be authorized through DHCP, if the server is not already authorized as a DHCP server.

· As part of the process of configuring RIS, the first flat image is created. A flat image is an image of an operating system’s installation CD.

· RIS supports flat images for all editions and versions of Windows Server 2003, except the Datacenter Edition, and all server versions of Windows 2000. Windows XP Professional and Windows 2000 Professional are also supported.

· All images still require proper licensing. Volume licensing is available and may include a Volume Licensing Key (VLK) to facilitate the creation of answer files for unattended installations.

· RIS options available through the Group Policy Object Editor include Automatic Setup, Custom Setup, Restart Setup, and Tools. Each of these options can be enabled, disabled, or not configured.

· The Remote Install tab of the server’s Properties dialog box can be used to verify the server, show the RIS clients, or access advanced settings.

· The Advanced settings dialog box of the RIS server allows configuration of the client computer’s account name and location, image management, and tool management.

· Clients of an RIS server should have PXE-enabled NICs that allow them to boot from the network. In rare cases, a boot disk created with the rbfg.exe utility may allow non-PXE clients to use RIS.

· Clients with PXE-enabled NICs must have the NIC moved to the head of the boot sequence to be able to boot from the network.

· Prestaging a client computer is accomplished by creating a managed computer account for the client prior to using RIS to install an image. To create a managed computer account, you need the GUID for the NIC in the client computer.

· Adding the Product Key to the ristndrd.sif answer file, allows client computers to install a flat image over RIS with no user intervention.

· A RIPrep image is created from an existing reference computer by the Remote Installation Preparation Wizard. A RIPrep image may include installed software and configuration settings from the reference computer.

· The client machine that installs from a RIPrep image must have a HAL that is compatible with that of the reference computer.

· The HAL allows the operating system to communicate in an abstract or general way with the computer’s hardware.

· RIPrep images are not supported by the 64-bit version of the Windows Server 2003 Enterprise Edition.

· Installing from a RIPrep image is similar to installing from a flat image. However, the answer file is riprep.sif instead of ristndrd.sif.

CHAPTER 11 Managing Computers and Users Through Group Policy

account lockout duration — An account lockout policy that controls how long a locked-out account will be unavailable.

account lockout threshold — An account lockout policy that controls the allowed number of failed attempts prior to locking out an account.

account policies — Security settings policies that include password policies, account lockout policies, and Kerberos policies.

administrative templates settings — Collections of group policy settings that allow changes to the operating system’s Registry.

Authentication Service (AS) — A service used by Kerberos security to authenticate a user account through Active Directory during logon.

computer configuration settings — Group policy settings that focus on controlling aspects of the computer and its operating system, regardless of the user.

default domain controllers policy — Group policy settings applied to any domain controller within a domain. This policy is created automatically when Active Directory is installed.

default domain policy — The overall group policy settings for a domain. This policy is created automatically when Active Directory is installed.

group policy object (GPO) — Term used to describe each unique collection of group policy settings.

Group Policy Object Editor — The most commonly used administrative tool for working with group policy objects.

Kerberos security — The security system used by Windows Server 2003 to authenticate users and grant access to resources.

local policy — Group policy settings that apply only to the local computer.

package — A file containing installation instructions to install applications remotely on client computers with the Windows Installer Service.

password policies — Group policy settings that determine the rules for password creation and expiration.

reset account lockout counter after — An account lockout policy setting that determines the period during which consecutive failed log on attempts will be tracked and compared to the account lockout threshold setting.

Resultant Set of Policy (RSoP) — A group policy tool that analyzes all the policies that apply in a particular situation and reports on the final effective or resultant policy.

scope of management (SOM) — A term used to describe the domain, site, OU, or computer to which a group policy object is applied.

software restriction policies — A new feature of Windows Server 2003 group policies that makes it possible to block the running of specific programs or the execution of programs in an entire directory.

software settings — A category of group policy settings for users and computers that contains the software installation settings.

Ticket Granting Service (TGS) — Kerberos component that grants a ticket to an account requesting a particular service that is then used by that service to authenticate the account.

Ticket to Get Tickets (TGT) — Ticket issued to an account by the Kerberos Authentication Service (AS) indicating that the account has been authenticated. It is also known as Ticket Granting Tickets.

user configuration settings — Group policy settings that focus on controlling aspects of the user, regardless of the computer they are using.

Windows Installer service — A service used to remotely install applications to client computers from the server.

Windows settings — A category of group policy settings for users and computers that are used to configure startup and shutdown scripts, logon and logoff scripts, and security settings.

Chapter 11 Review / Summary by Rashid Khan

· A group policy object (GPO) is a collection of configuration settings that can be linked to a domain, site, OU or even individual computers, which is its scope of management (SOM).

· The installation of Active Directory automatically creates a default domain policy linked to the domain and a default domain controller's policy linked to the domain controllers OU.

· The most commonly used tool for working with GPOs is the Group Policy Object Editor, which is a snap-in for the Microsoft Management Console (MMC).

· The Group Policy Management Console (GPMC) is a new, downloadable, tool from Microsoft for working with GPOs. However, it still depends on the Group Policy Management Console for the actual editing of GPOs.

· Group Policy settings are divided into computer configuration and user configuration settings. Each is further sub-divided into software settings, Windows settings, and administrative templates.

· Software settings can be used to install software applications through the use of package files and the Windows Installer service.

· The computer configuration Windows settings are used to configure startup/shutdown scripts and security settings.

· The user configuration Windows settings are used to configure logon/logoff scripts and security settings.

· The administrative template settings provide 745 different Registry settings that alter the configuration of the operating system and its components.

· The most commonly used security settings are found below the computer configuration settings. They include account policies and software restrictions.

· Account policies include password policies, account lockout policies, and Kerberos security policies.

· Software restriction policies can be used to prevent certain applications from running, or to prevent the running of applications from a particular folder.

· The five administrative templates files are: System.adm, Inetres.adm, conf.adm, Wuau.adm, and Wmplayer.adm.

· Administrative templates policies can be used to reduce problems for users and administrators by limiting what can be done with the operating system.

· GPOs with a higher priority take precedence over lower-priority GPOs when there is a policy conflict. This priority can be adjusted.

· GPOs are inherited. Policy inheritance can be blocked as long as the GPO is not set to No Override.

· GPOs can be disabled completely, or you can selectively disable either the computer or the user configuration settings.

· Resultant Set of Policy (RSoP) is a tool for analyzing the effect of all applicable policies on a particular domain, site, OU, computer, or user.

CHAPTER 12 Server Management Using Remote Desktop for Administration

active session — A Terminal Services session in which the user is actively performing tasks.

clipboard mapping — A feature of Terminal Services that allows copying and pasting information between a client and a server.

connection bar — A small, yellow bar that appears at the top of the display in a full-screen Remote Desktop connection. It displays the remote computer name and a set of window control buttons.

console session — The session running locally at the server in Terminal Services. This term is synonymous with the term session 0.

disconnected session — A Terminal Services session that is running, but users have disconnected by closing their remote desktop connection without logging off.

mapped — A term that refers to devices made available to the remote session when using Remote Desktop Connection. This term is synonymous with the term redirected.

RDP-Tcp — An acronym for remote desktop protocol-transfer control protocol. This is the connection type used by Terminal Services for Remote Desktop for Administration.

redirected — When used in printing, this term refers to moving print jobs from one logical printer to another. When used in Terminal Services, it refers to devices made available to the remote session when using Remote Desktop Connection. When used with reference to Remote Desktop Connections, this term is synonymous with the term mapped.

Remote Desktop Connection (RDC) — The client software in Windows XP and Windows Server 2003 used to create and configure connections to Remote Desktop for Administration.

Remote Desktop for Administration — A Terminal Services mode that allows administrators to connect to a server from remote locations.

Remote Desktop protocol file — A file that saves customized settings for Remote Desktop Connections.

session — In Terminal Services, this term is used to describe remote connections to the server.

session 0 — In Terminal Services, this term refers to the session that is running locally at the server. It is synonymous with the term console session.

Terminal Server — A Terminal Services mode that allows users to connect to the server for running applications installed on the server using the server’s CPU, RAM, and other hardware.

Terminal Services — A component of Windows Server 2003 that provides users and computers remote access to the server’s operating system for running applications or for remote administration of the server and the network.

Terminal Services Configuration — An administrative tool used to configure various server and protocol settings for Terminal Services connections.

Terminal Services Manager — An administrative tool used to monitor and manage connected Terminal Services sessions.

thin client — A relatively inexpensive and low-powered computer used to run applications from the server using the Terminal Server mode of Terminal Services.

virtual private network (VPN) — A highly secure connection between two or more computers or networks that allows the participating machines to interact as if they were on the same physical LAN.

Windows CE — The version of Windows designed to run on portable devices such as personal digital assistants (PDAs).

Chapter 12 Review

· Remote Desktop for Administration is a feature of Terminal Services that can be used by administrators to create remote connections, called sessions, to the server.

· Remote Desktop for Administration is easy to use, and is supported by many operating systems. Connections can be established over dial-up, LAN, or VPN connections.

· Since Remote Desktop for Administration only sends keyboard and mouse input from the client, and displays data from the server, it has a very low resource overhead.

· Administrators should avoid rebooting a server while using Remote Desktop for Administration, as there is no way to troubleshoot a failed boot from a remote location.

· Remote Desktop for Administration increases security risks for a server. Administrators must protect the passwords to their accounts, use strong passwords, and consider changing the name of the administrator account.

· Remote Desktop for Administration supports only administrator accounts by default and allows only two simultaneous connections.

· Remote Desktop for Administration access to a Windows Server 2003 computer is disabled by default. It can be enabled through the Remote tab of the System Properties dialog box.

· The General options tab of the Remote Desktop Connection dialog box allows you to enter the machine’s name or IP address, your user name, password, and domain. Settings can be saved as a Remote Desktop protocol file and existing .rdp files can be loaded using the General options tab.

· The Display options tab allows you to control the remote desktop size and color. You can also choose whether or not the connection bar should be displayed while in full screen mode.

· The Local Resources options tab allows the redirecting, or mapping, of local resources to the remote session. Drives, printers, and serial ports are all devices that can be mapped or redirected.

· The Programs options tab can be used to launch programs after establishing a remote session.

· The Experience options tab is used to select your connection speed. The various aspects of the desktop experience are enabled or disabled based on the selected speed.

· Closing a Remote Desktop for Administration session by logging off ends the session and all programs or processes associated with it. The session is then available for another user.

· Closing a Remote Desktop for Administration session by choosing Disconnect from the shutdown dialog box or by closing the Remote Desktop Connection screen disconnects the session, but leaves all programs and processes running. If the users connect again, they will connect to the same session.

· Session 0, also known as the console session, is the session that occurs locally at the server. To connect to session 0, use the /console switch either after the machine name or IP address in Remote Desktop Connection, or after the command mstsc.exe in the Run dialog box.

· The Terminal Services Configuration console is used to modify the properties of the RDP-Tcp connection protocol. From the Client Settings tab of the RDP-Tcp Properties dialog box, limitations can be placed on the options available for the client machines in the Remote Desktop Connection dialog box.

· The Sessions tab of the RDP-Tcp Properties dialog box can be used to put time limits on active, idle, and disconnected sessions. When the time limit is exceeded or the connection is interrupted, you can choose to disconnect or end the session.

The Sessions tab of the Terminal Services Manager console can be used to monitor sessions, disconnect sessions, reset sessions, and send messages to client machines connected to a session

Edition	Processor	RAM	Disk Space	SMP
Web Edition Minimum	133 MHz	128MB	1.5GB	1
Standard Edition Minimum	133 MHz	128MB	1.5GB	1
Enterprise Edition Minimum	133 MHz/32-bit 733 MHz/64-bit	128MB	1.5GB/32-bit 2GB/64-bit	1
Datacenter Edition Minimum	400 MHz/32-bit 733 MHz/64-bit	512MB	1.5GB/32-bit 2GB/64-bit	8

CHAPTER 1

Introduction to Windows Server 2003

KEY TERMS