The Ultimate Windows Server 1002003 System Administrators Guide [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

The Ultimate Windows Server 1002003 System Administrators Guide [Electronic resources] - نسخه متنی

Robert Williams, Mark Walla

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

TOC

Copyright

Foreward

Preface

THE ROLE OF THE ADMINISTRATOR

BASIS OF OUR RESEARCH

AUDIENCE

ORGANIZATION

OTHER REFERENCES

Acknowledgments

About the Authors

CONTRIBUTOR

Chapter 1. Administrative Overview

WINDOWS SERVER 2003: A HISTORICAL PERSPECTIVE

THE WINDOWS SERVER 2003 FAMILY: WHAT''S IN A NAME?

UNDERSTANDING THE .NET FRAMEWORK

WINDOWS SERVER 2003 ADMINISTRATIVE ROLES

WINDOWS SERVER 2003 FEATURES AND ADMINISTRATIVE IMPLICATIONS

POSTSCRIPT

Chapter 2. Windows Server 2003 Structure and Architecture

STRUCTURAL MODES, SUBSYSTEMS, AND MANAGERS

WINDOWS SERVER 2003 PROCESSES

STORED AND VIRTUAL MEMORY

THE BOOT PROCESS

THE WINDOWS SERVER 2003 REGISTRY

SOFTWARE TRACING

VIEWING APPLICATION DEPENDENCIES

APPLICATION COMPATIBILITY

INTELLIMIRROR AND OTHER INNOVATIONS

POSTSCRIPT

Chapter 3. Planning and Installation

LOGICAL AND PHYSICAL STRUCTURES

UNDERSTANDING THE CURRENT ENTERPRISE

PLANNING FOR UPGRADES

INSTALLATION

DEVICE DRIVER MANAGEMENT

HARDWARE AUTOPLAY

WINDOWS PRODUCT ACTIVATION

AUTOMATIC PRODUCT UPDATE

FILE TRANSFER WIZARD

SYSTEM RESTORATION

UNINSTALLING WINDOWS XP OPERATING SYSTEM

POSTSCRIPT

Chapter 4. Getting Started: The OS Interface

INTERFACE BASICS

HELP AND SUPPORT

SEARCH

INTERNET CONNECTIVITY AND INTERNET EXPLORER 6.0

WINKEY QUICK KEYS

INTERNATIONALIZATION AND LOCALIZATI

CLEARTYPE MOBILE COMPUTER/LIQUID CRYSTAL DISPLAY ENHANCEMENTS

POSTSCRIPT

Chapter 5. The Active Directory

DIRECTORY SERVICES

ACTIVE DIRECTORY STRUCTURAL COMPONENTS

OPEN STANDARDS SUPPORT AND NAMING CONVENTIONS

MIGRATION AND BACKWARD COMPATIBILITY

ADMINISTRATIVE INTERFACE SNAP-INS

API OPTIONS

ADMINISTRATIVE SECURITY AND TRUST RELATIONSHIPS

ADMINISTRATIVE DELEGATION

POSTSCRIPT

Chapter 6. Active Directory Management and Use

PLANNING FOR THE ACTIVE DIRECTORY

INSTALLING THE ACTIVE DIRECTORY

ACTIVE DIRECTORY MMC SNAP-IN TOOLS

CREATING ORGANIZATIONAL UNITS

LOCATING OBJECTS

STANDARD AND SPECIAL PERMISSIONS

ACTIVE DIRECTORY ADMINISTRATIVE DELEGATION

REFINING THE GLOBAL CATALOG

THE ACTIVE DIRECTORY CONNECTOR

POSTSCRIPT

Chapter 7. User Accounts and Groups

USER ACCOUNTS

GROUPS

POSTSCRIPT

Chapter 8. Group Policies

UNDERSTANDING GROUP POLICIES

GPO IMPLEMENTATION

IMPLEMENTING GROUP POLICY

RESULTANT SET OF POLICY

GROUP POLICY WMI FILTERING

INTELLIMIRROR

POSTSCRIPT

Chapter 9. Permissions Security, Folder Sharing, and Dfs

REVIEWING NTFS PERMISSIONS

FOLDER SHARING

DISTRIBUTED FILE SYSTEM SHARING

POSTSCRIPT

Chapter 10. Kerberos and the Public Key Infrastructure

KERBEROS AUTHENTICATION

THE PUBLIC KEY INFRASTRUCTURE

POSTSCRIPT

Chapter 11. Additional Security Issues and Solutions

SECURITY POLICY

SECURITY AUTHORIZATION MANAGER

WINDOWS SERVER 2003 SYSTEM LOCKDOWN

SECURE NETWORK SERVICES AND ARCHITECTURE

THE END USER''S RESPONSIBILITY

POSTSCRIPT

Chapter 12. Networking Basics and Naming Services

NETWORKING BASICS

NAMING SERVICES AND IP ASSIGNMENTS

REAL-TIME COMMUNICATIONS

TAPI STREAMING SUPPORT

DNS CONFIGURATION THROUGH GROUP POLICY

SUPPORT FOR BROADBAND PPPOE CONNECTIONS

POSTSCRIPT

Chapter 13. Virtual Private Networks and IP Security

VIRTUAL PRIVATE NETWORKS

IP SECURITY

POSTSCRIPT

Chapter 14. Disk Management, Backup and Restoration, and Disaster Recovery

DISK MANAGEMENT

BACKUP AND RESTORATION

DISASTER MANAGEMENT

POSTSCRIPT

Chapter 15. Terminal Services

CONCEPTUAL REVIEW

INSTALLING TERMINAL SERVICES

CONFIGURING TERMINAL SERVICES

TERMINAL SERVICES ADMINISTRATION

TERMINAL SERVICES FROM A USER''S PERSPECTIVE

POSTSCRIPT

Chapter 16. Internet Information Services

OVERVIEW

UNDERSTANDING THE IIS WEB SERVER

WORKING WITH THE SMTP SERVER

UNDERSTANDING THE NNTP SERVER

UNDERSTANDING THE FTP SERVER

POSTSCRIPT

Chapter 17. Cluster, Indexing, Message Queuing, SMS, MOM, and WSH

UNDERSTANDING CLUSTER SERVICES

INDEXING SERVICE

MESSAGE QUEUING SERVICES

SYSTEM MANAGEMENT SERVER

MICROSOFT OPERATIONS MANAGER

WINDOWS SCRIPTING HOST

POSTSCRIPT

Appendix Windows Server 2003 Commands and Utilities

NEW COMMAND-LINE TOOLS WITH WINDOWS SERVER 2003

BACKUP COMMANDS

BATCH COMMANDS

COMPARISON COMMANDS

COMPRESSION COMMANDS

DISPLAY COMMANDS

FILE-MANAGEMENT COMMANDS

FILE-MANIPULATION COMMANDS

MISCELLANEOUS COMMANDS

NETWORKING COMMANDS

PRINT COMMANDS

SEARCH COMMANDS

SYSTEM-MANAGEMENT COMMANDS

RESOURCE KIT SUPPORT TOOLS

POSTSCRIPT

Glossary

توضیحات
افزودن یادداشت جدید



FOLDER SHARING


Folder sharing is used whenever one computer user needs access to a file on another computer's file system. Once a folder is shared, all files and subfolders receive the same shared permissions. Shared permissions apply to the entire folder and not to specific files. Both NTFS and FAT volumes require that shared folder permissions be set for network users to gain access. FAT volumes have no local user authentication, but shared permissions provide security for remote users. Only NTFS volumes can apply file permissions to the objects in a shared folder.

Several additional user rules govern the use of shared folders:


The effective permission is an accumulation of the user's individual and group membership rights.


Deny permissions always cancel corresponding Allow permissions.


A copy of a shared folder does not retain the "shared" status.


Shared folder status is discarded when a folder is moved.



Creating Shared Folders


Shared folders work in the same manner for Windows Server 2003 domains and workgroups. The only measurable difference is in who can create them. In a Windows Server 2003 domain environment, the built-in Administrators and Server Operators groups can establish shared folders throughout the domain. In the workgroup, the Administrators and Power Users groups have authority to share folders on the individual server. These two groups can also share folders on standalone servers and on Windows 2000 Professional and Windows XP installations.

SHARING FOLDERS


The creation of a shared folder is similar to application of permissions to a file or folder. The following steps set shared permissions:



Log on with administrative privileges.

Open Explorer and right-click Properties on a folder you want to share.

Select the Sharing tab and click Share this folder, as shown in Figure 9.20.

Figure 9.20. Share Properties

Click Permissions. The Permissions for Software Config dialog box appears, as shown in Figure 9.21.

Figure 9.21. The Share Permissions Tab


Three levels of available permissions are presented for each of the named users or groups. Select the Allow permission(s) that apply. While you can also Deny a specific right, it is generally advisable to use an affirmative approach.


Read allows a user to open files and see subfolder names.


Change allows all privileges offered by Read permissions and allows users to change file contents and delete and create files and subfolders.


Full Control allows all privileges offered by Change and adds the ability to take ownership and modify permissions.



Adding and Deleting Groups and Users


The default share permissions give full control to Everyone. If you want to ensure folder security only to users and groups you add, remove the Everyone group by selecting Everyone and clicking Remove. To add users or groups,



Click Add (Figure 9.21).

The Select Users, Computers, or Groups dialog appears.

NOTEThe From this location menu displays your domain and other trusted domains. You may add users or groups and then assign shared permissions. Note that a user account in a trusted domain must be selected from its domain, not the local domain.

Using the Locations dialog box (Figure 9.22), select the domain where the user or group resides.

Figure 9.22. Select Users, Computers, and Groups

Type the name of a desired group or user in the Enter the Object names to select box and click Check Names. Select an object and click Add.

Click OK.


NOTEIn connecting to shared folders, there are three common scenarios:


The user is accessing a shared folder in your domain. In this case, she can use her user name and password in the standard form.


The user is accessing a shared folder from another untrusted domain. She must use a user name and account for the domain in which the share resides.


The user is accessing a shared folder from another trusted domain. Important: She must use a user name and password from her home domain. The user name should be in the form domainname\username.


Facilitating Shared Access


Once a share has been created, clients may connect to the folder using one of three methods: (1) map a network drive; (2) use My Network Places; and (3) use the Start Run menu option.

MAPPING A NETWORK DRIVE TO A SHARED FOLDER


Mapping a network drive makes a remote shared folder available to the local machine via Explorer or My Computer. From all appearances, the remote shared folder looks local. Mapping follows these steps:



From My Computer, select Tools select Map Network Drive.

Select the drive letter to be associated with the remote share from the Drive drop-down list (Figure 9.23).

Figure 9.23. The Map Network Drive Wizard

Click Browse, then search for the desired network share. Ensure that the share is addressed in the form \\servername\sharedfolder.

From this dialog, you may also log on to the share with another user name. (This is required for access to a share in a trusted domain.)

The new folder share will be accessible from My Computer as the Drive letter.


THE MY NETWORK PLACES LINK TO A SHARED FOLDER


My Network Places can also facilitate access to a shared folder. To use it, follow these steps:



From My Network Places, find the computer containing the share. If you have trouble connecting to the desired computer, click Search, enter the computer name, and click Search Now.

Open the desired shared folder. If required, enter the appropriate user name according to the preceding note.


USING THE RUN COMMAND TO ACCESS SHARED FOLDERS


Another approach to gaining access to a shared folder is the Run command. To use the this option:



Start select Run. The Run window appears as shown in Figure 9.24.

Figure 9.24. The Run Dialog Box

Enter the name of the server with the path to the desired share in the form \\servername\sharefolder.

Click OK.


ACCESSING A SHARE FROM INTERNET EXPLORER


A share may be accessed from Internet Explorer using the share's Uniform Naming Convention (UNC) name. From the URL address field, enter the share name in the form \\servername\sharefolder. A shared folder address may be added to the Favorites list for convenient access.

Special Hidden Shares


Windows Server 2003 special shares are system root folders accessible to the network but not necessarily visible to normal users. There are several types of administrative share folder, as shown in Table 9.6.

Additional shares may be added for different services. For instance, the Certificate Authority adds its own share when installed. The Shared Folders snap-in may be added to any management console to display all shared folders (Figure 9.25).

Figure 9.25. The Shared Folders Snap-In


The Sessions node displays users and systems currently accessing network shares. The administrator can selectively terminate connections or terminate all sessions at once (Figure 9.26).

Figure 9.26. Current Share Sessions


The Open Files node displays the files currently being accessed from shares. Individual files may be closed or all files may be closed at once (Figure 9.27).

Figure 9.27. Open Files Being Accessed



































Table 9.6. Special Hidden Shares


Share Name


Description


Admin$


The root system folder is by default C:\Winnt, but may have been placed in a different volume or under a different name during installation. The Administrator group is granted full control and is the only group with any access to this shared folder for remote administration.


Drive$


Each volume is associated with a disk drive designation. A$ and B$ are reserved for floppy disk volumes. C$ through Z$ are designations for hard disks, CD-ROMs, and removable media. The Administrator group has full control over these volumes.


IPC$


Shared memory space for interprocess communication when accessing remote shares and remotely administering a computer.


NETLOGON


Space used by the Net Logon service during logon. Startup/logon scripts are accessed here.


print$


Used for shared printers and contains the device drivers. Administrators, Server Operators, and Print Operator group members have full control over this shared folder.


SYSVOL


Used by the Net Logon service and provides access to Active Directory information.

NOTEWith Windows Server 2003, it is now possible to use Group Policy to set up Netlogon properties. This simplifies the steps to configure domain members when adjusting Netlogon settings. To use this feature go to the Active Directory Snap-in Group Policy. This can be applied to the properties of any domain, organizational unit, or site object.

Using NTFS Permissions and Shared Folders


While the permissions associated with a shared folder are automatically inherited by the files and subfolders, it is possible to apply additional permissions to individual files on an NTFS volume. Doing so provides greater security for the contents of a shared folder. Both the NTFS permissions and shared folder permissions are applied to objects. Remember that the most restricted set of permissions is used. For example, if the shared folder permits a user only Read permissions, Read will be the overriding permission level even if an individual file delegates the user Full Control NTFS permissions.

Publishing Files and Folders to the Active Directory


Like users, computers, and printers, files and folders may be published to the Active Directory. The Active Directory provides a way to locate published files and folders and secures permissions on the resources. To publish a file or folder, share out the folder and complete the following:



Open the Active Directory Users and Computers snap-in.

Right-click the desired domain node or Active Directory container and select New Share Folder.

Enter a name for the share to publish in the Shared Folder Name field.

Enter a path to the network share in the Network Path field in the form \\servername\sharedfolder. Click OK.


The shared file or folder should now appear in the Active Directory and be available for lookup from the Global Catalog.


/ 158