WINDOWS DEPLOYMENT SERVICES (WDS)

 WINDOWS DEPLOYMENT SERVICES (WDS):-

• Windows Deployment Services enables you to deploy Windows operating systems, particularly Windows Seven and Windows Server 2008.

• You can use it to set up new computers by using a network-based installation. This means that you do not have to be physically present at each computer and you do not have to install each operating system directly from a CD or DVD.

Required of WDS-Deployment Server:-

• DHCP Server

• DNS Server

• Active Directory – Domain Services

• An NTFS Partition to Store images

 How WDS Work? :-

Types of Clients:-
1. Known Clients

• A Known Client is one whose computer account has been pre-created (Pre-staged) in Active directory.

2. Un-known Client

• A UN-Know Client Computer is one whose computer account has been per-staged in Active directory.

Types of Images:-
1. Boot Image

• It is a WIM file you can use to boot a computer to begin the deployment of an O.S to the computer.

2. Install Images

• It is a image of windows Vista or Windows server 2008 O.S itself that you want to deploy onto the client computer.

3. Capture Image

• It is a special boot image that you use to boot a master computer and upload an image to WDS server.

4. Discover Image

• It is a boot that you to deploy that you use to deploy an install image onto a computer that is not PXE enabled.

TERMINAL SERVICES

Modes of Terminal Services:-
1. Remote Administrator Mode

• Specially designed for remote management of server.

• Only two connections are Supported

• License is not required.

2. Application Server Mode

• Specially designed to use multiple application from terminal server.

• Unlimited connection supported.

• License should be purchased.

Terminal Services Sessions:-
Disconnect Session

•  If the Session is disconnected all the programs will continue to run in the background & the user can reconnect to same session

Logoff Session

• If the Session is logged off then all programs will be closed and next time new session will be established

Features of Terminal Services:-

• Terminal Server

• TS Licensing

• TS Session Broker

• TS Gateway

• TS Web Access

                - Remote App
Terminal Server:-

• Users can connect to a terminal server to run programs, to save file, and to use network resources on that server.

• Users can access a terminal server from within a corporate network or from the by using Remote Desktop Connection.

TS Licensing:-

• Terminal Services Licensing (TS Licensing) manages the terminal Services client access licenses (TS CALs) that are required for each device or user to a terminal server.

• Remote Desktop support two concurrent connections to remotely administer a computer. You do not need a license server for these connections.

TS Session Broker:-

• Allows a user to reconnect to their existing in a load balanced terminal servers.

• Enables you to evenly distribute the session load between servers in a load-balanced terminal servers

TS Gateway:-

• Terminal Services Gateway (TS Gateway) enables authorized remote users to connect to resources on a private network.

• The network can be terminal server, or computer with Remote Desktop enabled.

TS Web Access:-

• TS Web Provides access to a Terminal Server through a web browser.

• Users can visit a Web site (either from the internet or from the intranet) to access a list of available Remote App programs.

REMOTE ACCESS SERVICES (RAS)

How Dial-Up Network Access Work:-

• Dial-up client make a temporary connection to a remote access server by using.

Components of a Dial-Up Connection:-

How a VPN Connection Work:-

• A virtual private network (VPN) extends a private network across a public network, such as the internet.

Components of a VPN Connection:-

ROUTING

ROUTER

• It is device to communicate between two different networks.

ROUTING

• It is process of sending the data packets through the best path to reach the destination.

DEFAULT GATEWAY

• It gives exit point (or) entry point to reach the destination.

Types of Routing:-
1. Static Routing

• Routes should be added manually on the router by the administrator.

2. Dynamic Routing

• Routes will be added automatically by the router with the help of routing protocols

Types of Routers:-
1. Software Router

• It is a computer which performs routing task as one of its multiple tasks.

2. Hardware Router

• It is Dedicated HARDWARE DEVICE which works only as a router.

Router and Remote Access Service (RRAS):-

• Routing and Remote Access is a service that performs routing as one of its multiple processes.

NAT:-

• Provides access to internet from a protected private address range.

• Translates Private IP’s to public IP’s & vice-versa for outgoing and incoming traffic

• Hide private IP address range from the internet

• Can be used with DHCP or can be configured to assign IP to Client

How NAT works:-

DHCP Relay Agents:-

• A DHCP Relay agent is a computer or router that listens for DHCP Broadcasts from DHCP client and then relay(sends) those messages to DHCP Server on the another network.

How a DHCP Relay Agent Works? :-

INTERNET INFORMATION SERVICES(IIS)

INTERNET INFORMATION SERVICES(IIS):-

• IIS is a service which is used to host the information over internet.

• It provides integrated, reliable, scalable and manageable web server capabilities over an intranet/internet

Versions of IIS:-

• IIS 2.0 in windows NT 4.0 Operating System

• IIS 5.0 in windows 2000 Operating System

• IIS 6.0 in windows 2003 Operating System

• IIS 7.0 in windows 2008 Operating System

Features Of IIS 7.0:-

• Supports IPv6

• Backup & Restoration of websites is automatic.

• Isolation of Users

• Supports for Application Developers & Programmers

• IIS 6.0 Compatibility

IIS 7.0 Services:-

• World wide web (WWW) publishing service (HTTP)

• File Transfer Protocol (FTP) service (IIS 6.0 Compatibility)

Hyper-Text Transfer Protocol:-

• Http service is used to publish data to World Wide Web quickly & easily

• This protocol is easily configurable and it supports security and encryption to product sensitive data.

• Default Port No is 80

Internet Web Server:-

Intranet Web Server:-

Required to Host WEB SERVER:-

• Static IP Address (Public IP if Published over Internet)

• Domain name (Registered Domain name if Public over internet)

• Name Resolution Service like DNS

• Home Directory

                     - Required for each Web site
                     - Central location of published pages
Virtual Directory:-

• Virtual Directory is sub directories of the root of the web site.

• By using Virtual directories we can create alias or pointer to a directory somewhere else in the same system or another system on the network.

File Transfer Protocol(FTP):-

• It is a protocol used to download and upload the files over the internet.

• Default Port No is 21

Internet FTP Server:-

Intranet FTP Server:-

Requirements to Host FTP SERVER:-

• Static IP Address (Public IP if public over internet)

• Home Directory

                    - Required for each FTP site
                    - Central location of published pages
Do not isolate user:-

• All users can access FTP Home directory of other Users.

• Anonymous access will be allowed.

Isolate User:-

• User can’t view or modify files or directories of other users.

• They are confined to access their own Home Directory.

• User Home Directory must be present within the root of the site.

Isolate user using Active Directory:-

• User can’t view or modify files or directory of other users.

• This option simplifies administrator of the FTP Site by permitting home directories to exit in any location.

• Only the users whose Active Directory properties are defined can logon to FTP server.

DOMAIN NAMING SYSTEM(DNS)

What is DNS:-

• Domain Name Service/Domain Name System

• Provides resolution of name to IP addressing and resolution of IP addresses to names

• Define a hierarchical namespace where level of the namespace is separated by a “.”

 Computer running DNS Service can be:-

DNS Namespace:-

How DNS Queries Work:-

Authoritative & Non-authoritative DNS Server:-

• Return the request IP address

• Return an authoritative “NO”

An Non-authoritative DNS Server will either:-

• Check its cache

• Use forwarders

• Use root hints

Fully Qualified Domain Name (FQDN):-

• Identifies a host’s name within the DNS namespace hierarchy

• Host name + DNS domain name = FQDN

• Example:

                      - Host name: sys1 & Domain name: WindowsAdmin.com
                      - Then FQDN = sys1.WindowsAdmin.com

Look up Types:-

ZONE:-

• Forward Lookup Zone

                 - Used for Resolving Host Name to IP-Address
                 - It maintains Host to IP Address Mapping Information

• Reverse Lookup Zone

                - Used for Resolving IP-Address to Host Name
                - It maintains IP Address to host Mapping Information

Types of Records:-
1. SOA Record
            - The first in any zone file
2. N S Record
            - Identifies the DNS server for each zone
3. Host Record
            - Resolves an alias name to a host name
4. Alias Record
            - Resolves an alias name to a host name
5. Pointer Record
            - Resolves an IP address to a host
6. MX Records
            - Used by the mail server
7.SRV Records (Service Records)
            - Resolves names of server providing services

Zone Types:-
1. Standard Primary
            - It is the Master Copy of all zone information. It is Read/Write copy
2. Standard Secondary
            - It is Backup to Primary zone. It
3. Stub Zone
            - It contains only NS, SOA & possibly Glue (A) Records with are used to locate name servers
4. Active Directory Integrated
            - It stores the information of Zone in ACTIVE DIRECTORY DATABASE

What are Service Records:-

• SRV records allow DNS client to locate TCP/IP-based Services.

• SRV record are used when:

            - A domain controller needs to replicate
            - A client searches Active Directory
            - A user attempts to change her password
            - An administrator modifies Active Directory

Dynamic Host Configuration Protocol(DHCP)

What is DHCP:-

• It gives Addresses automatically to the client who is requesting for an IP address

• Centralized IP Address management

• DHCP prevent IP address conflict and help conserve the use of client IP Address on the on the network

• DHCP reduces the complexity and amount of administrator work by assigning TCP/IP configuration automatically to the clients.

Types of IP Addresses:-

• Static IP address

                  - Address that are manually assigned and do not change over time

• Dynamic IP address

                 - Address that are automatically assigned for a specific period of time and might change
Authorization:-

• In domain model the DHCP server should be authorized to assign the IP addresses to client.

• It is a security precaution that ensures that only authorized DHCP server can run in the network. To avoid computer running illegal DHCP server in the network.

Scope:-

• A scope is a range of IP addresses that are available to be leases to clients. 

DHCP Lease Generation Process(DORA):-

• This process of assigning the IP addresses by the DHCP server also known as DORA (Discover, Offer, Request, and Acknowledgement).

1. Step 1:

                    Your computer sends a "Discovery" request, asking for it's IP information from
                     any listening DHCP servers.
     2. Step 2:

                     Any listening DHCP servers will "Offer" their configuration information to your
                     workstation.

     3. Step 3:

                    You workstation chooses the best lease then "Requests" that lease from the
                     corresponding DHCP server.

    4. Step 4:

                    The DHCP server you requested the IP configuration information from then
                    "Acknowledges" your request and leases you the IP configuration information.

 What is DHCP Reservation? :-

• A reservation is a specific IP address, within a scope that is permantly reserved to a specific DHCP client

 What is DHCP options? :-

• DHCP Scope options are other server addresses given to client along with IP Configuration.

Read-Only Domain Controllers (RODC)

Read-Only Domain Controllers (RODC):-

• RODC address some of the problems that are commonly found in branch offices.

• These locations might not have a DC, Or they might have a writable DC but no physical security to that DC, low network bandwidth, or inadequate expertise to support that DC.

Functionality of RODCs:-

• Read-Only DC database

• Uni-directional replication

• Credential caching

• Administrator role separation

 Read-only AD DS Database:-

• Except for accounts password, an RODC holds all the Active Directory objects and attributes that a writable domain controller holds.

• However, changes cannot be made to the database that is stored on the RODC. Changes must be made on a writable domain controller and then replicated back to the RODC.

Uni-Directional Replication:-

• Because no changes are written directly to the RODC, no changes originate at the RODC. Accordingly, writable DCs do not have to pull changes from the RODC. This means that any changes or corruption that a malicious user might make at branch locations cannot replicate from the RODC to the rest of the forest.

Credential Caching:-

• By default, an RODC does not store any user credentials.

• You must explicitly allow any credential to be cached on a RODC.

Administrator Role Separation:-

• You can delegate local administrative permissions for an RODC to any domain user without granting that user right for the domain or other domain controllers.

• In this way, the branch user can be delegated the ability to effectively manage and perform maintenance work on the server, such as upgrading a driver in the branch office RODC only, without compromising security of the rest of the domain

Trust and Relationship

What is Trust:-

• Secure communication path the allow objects in one domain to be authenticated and accepted in other domains.

• Some trusts are automatically created.

               - Parent-child domain trust each other
               - Tree root domain trust forest root domain

• Other trusts are manually created

• Forest-to-Forest transitive trust relationships can be created in Windows Server 2003 and Windows Server 2008 forests only

Trust Relationships:-

Type of Trusts:-
Default:-
- Two-way-transitive Kerberos trust (Intraforest)

Shortcut:-
- One or two-way transitive Kerberos trust (Intraforest)

External:-
- One way non-transitive NTML trust. Used to connect to/from Windows NT or external 2000 domains Manually created

Forest:-
- One or two-way transitive Kerberos trust. Only between 2003 or 2008 Forest

Realm:-
- One or two-way-non-transitive Kerberos trust Connected to/from UNIX Kerberos realms

GROUP POLICY

What is Group Policy:-

• Group policy is a collection of settings which can be applied on computers and users.

• With group policy administrator can centrally manage the computers and users.

• Eases administration using group policy.

• Group policy is applied in three levels, There are

                     - Site GPO
                     - Domain GPO
                     - O.U GPO

Organizational Unit:-

• It a logical container which contains Active Directory objects (Users, Groups, OU & other objects)

• It is also called as SUBTREE

• It is used for Minimizing administrator tasks

• It is used for organizing and managing the directory objects.

• It is used for delegating the control to one or more users.

What is Delegation of Control:-

• The process of decentralizing management of organizational units.

• Assigning management of an organizational unit to another user or group

• Eases administrator by distributing routine administrator tasks to another user or group.

Soft Development:-

• It is to deploy software (Application) on all the computer in the domain from one central location by applying the Group Policies.

• Supports the development of “.MSI” but not “.EXE” applications. 

Folder Redirection:-

• Redirection of folders on the local computer or on a shared folder.

• Folder on a server appears as if they are located on the local drive.

• Fastens the User logon process in case if Profile is large. 

Roles of Active Directory

Flexible Single Master Operation Roles(FSMO Roles):-

1. Names Master
2. Schema Msater
3. RID Master
4. PDC Emulator
5. Infrastructure Master

1.Naming Master:-

• Check the Maintains the Uniqueness off the Domain Names in the Whole Forest.

• It is Responsible for adding. Removing and renaming the domain names in the whole Forest.

2.Schema Master:-

• Schema is a set of rules which is used to define the structure if AD.

• Schema contains Definitions of all the objects which are stored in AD.

• Schema is further classified into:

             - Classes
                         Classed is a Template which is used to create an objest
             -Attributes
                         Attributes are Properties of an object

3.RID Master:-

• It assigns unique IDs (RIDs) to the objects which are created in the domain.

• Allocates pool of Relative IDs (RIDs) to all domain controllers within a Domain.

4.PDC Emulator:-

• Acts as a PDC for Windows NT 4.0 BDC’s in the domain

• Processed all passwords updates for clients

• Receives immediate updates from other domain controllers when a user’s password is changed

• It Synchronizes time between the Domain controllers.

5.Infrastructure Master:-

• Infrastructure Master Maintains and updates the Universal Group Membership information.

• It is used for Inter-Domain Operations.

Global Catalog:-

• A global catalog server is a domain controller. It is a master searchable database that contains information about every object in every domain in a forest.

• The global catalog contains a complete replica of all objects in Active Directory for its host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest.

Trees and Forests in Active Directory

What is Tree:-

• Tress is a set of one or more domains with contiguous names.

• If more than one domain exists, you can combine the multiple domains into hierarchical tree structures.

• The first domain created is the root domain of the first tree.

• Other domains in the same domain tree are child domains.

• A domain immediately above another domain in the same domain tree is its parent.

 What is Forest:-

• Multiple domain trees within a single forest do not form a contiguous namespace.

• Although tree in a forest do not share root a namespace, a forest will have a single root domain, called the forest root domain.

• The forest root domain is the first domain created in the forest.

• These two forest-wide predefined groups reside in forest root domain.

                  - Enterprise Admins
                  - Schema Admins

PROFILES

What is Profile:-

• Profile is a user-state Environment.

• Profile contains Personal Settings of the User like

              - Documents
              - Desktop Settings
              - Start Menu Icons
              - Shortcuts
              - Application Data
              - Downloads
              - Pictures, Music, Videos
              - Contacts
              - Favorites, etc.

Types of Profiles:-

1. Local Profile
2. Roaming Profile
3. Mandatory Profile

1.Local Profile:-

• A local user profile is created the first time you log on to a computer and is stored on a computer’s local hard disk.

• Any changes made to your local profile are specified to the computer on which you made the changes.

2.Roaming Profile:-

• A roaming user profile is created by your system administrator and is stored on a server.

• This profile is available every time you logon to any computer on the network.

• Changes made to your roaming user profile are updated on the server.

3.Mandatory Profile:-

• A mandatory user profile is a roaming profile.

• Mandatory profiles are fixed profile in which the user changes will not be saved.

• Only administrator can make changes to mandatory profiles.

PERMISSIONS

What is Permissions:-

• Permissions define the type of access granted to a user, group, or computer to access resources.

• Permission can be applied to resources such as files, folders, and printers.

                 - Like: Privilege to read a file, delete a file, or to create a new file in folder.

Types of Permissions:-

1. Security Level Permissions
2. Share Level Permissions

1.Security Level Permissions:-

• Can be implemented Only in NTFS partitions.

• Security or NTFS Permissions can be set on drives, Folders, and Files.

• By default, security permissions will be inherited from its parent drive or folder.

• File permission override folder permissions.

• Creators of the file and folders are their owners.

• Different security Permissions are

                  - Full Control, Modify, Read & Execute, Write, Read, List Folder Contents.

2.Share Level Permission:-

• It can be implemented on NTFS and FAT partition.

• It can be set on Drives and shared Folders but not files.

• What are shared folders?

               - Share folders can be accessed from network.
               - When you copy or move shared folder, the folder will no longer be shared.
               - To hide a shared folder, include a $ after the name of the shared folder & users access                          hidden shared folder by typing the UNC path.

• Different Share Permission are

               -Reader, contributor, Co-Owner

Configuring Member server

MEMBER SERVERS:-         
         1. A computer joined in the domain with Server Operating System.
         2. Server Operating System like
                - Windows server 2008, Windows server 2003, Windows 2000 server.

Pre-requisites:
          Before working on this lab, you must have
               1. A computer running windows 2008 server Domain Controller.
               2. A computer running windows 2008 server.

 

 Verification:-