Windows Server Hack [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Windows Server Hack [Electronic resources] - نسخه متنی

Mitch Tulloch

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Windows Server Hacks

Table of Contents

Copyright

Credits

About the Author

Contributors

Acknowledgments

Foreword: I''m a Sci-Fi freak

Preface

Why Windows Server Hacks?

Getting and Using the Scripts

How to Use This Book

How This Book Is Organized

Conventions Used in This Book

Using Code Examples

How to Contact Us

Got a Hack?

Chapter 1. General Administration

Hacks #1-16

Hack 1 Use Run As to Perform Administrative Tasks

Hack 2 Drag and Drop to the Run Menu

Hack 3 Find and Replace Registry Keys from a Command Line

Hack 4 Automatically Log On After Booting

Hack 5 Wait for and Optionally Terminate a Process

Hack 6 Shut Down a Remote Computer

Hack 7 Rename Mapped Drives

Hack 8 Execute a Command on Each Computer in a Domain

Hack 9 Add, Remove, or Retrieve Environment Variables

Hack 10 Extend Group Policy

Hack 11 Disable EFS

Hack 12 Get Event Log Information

Hack 13 Shortcut to Remote Assistance

Hack 14 Desktop Checker

Hack 15 Top Five Tools

Hack 16 myITforum.com

Chapter 2. Active Directory

Hacks #17-24

Hack 17 Retrieve the List of Old Domain Computer Accounts

Hack 18 Automate Creation of OU Structure

Hack 19 Modify All Objects in the OU

Hack 20 Delegate Control of an OU to a User

Hack 21 Send OU Information in Active Directory to an HTML Page

Hack 22 Display Active Directory Information

Hack 23 Store and Display Contact Information in Active Directory

Hack 24 Restore the Active Directory Icon in Windows XP

Chapter 3. User Management

Hacks #25-35

Hack 25 Search for Domain Users

Hack 26 Manage User Accounts in Active Directory

Hack 27 Get a List of Disabled Accounts

Hack 28 Get User Account Information

Hack 29 Check for Passwords that Never Expire

Hack 30 Enumerate Group Membership to a CSV File

Hack 31 Modify User Properties for All Users in a Particular OU

Hack 32 Check Group Membership and Map Drives in a Logon Script

Hack 33 Script Creation of a User''s Home Directory and Permissions

Hack 34 Prevent Ordinary Users from Creating Local Accounts

Hack 35 Put a Logoff Icon on the Desktop

Chapter 4. Networking Services

Hacks #36-47

Hack 36 Manage Services on Remote Machines

Hack 37 Simplify DNS Aging and Scavenging

Hack 38 Troubleshoot DNS

Hack 39 Manually Recreate a Damaged WINS Database

Hack 40 Change WINS for All Enabled Adapters

Hack 41 Ensure DHCP Server Availability

Hack 42 Change a Network Adapter''s IP Info

Hack 43 Change from Static IP to DHCP

Hack 44 Release and Renew IP Addresses

Hack 45 Use netsh to Change Configuration Settings

Hack 46 Remove Orphaned Network Cards

Hack 47 Implement Windows 2000 Network Load Balancing

Chapter 5. File and Print

Hacks #48-53

Hack 48 Map Network Drives

Hack 49 Determine Who Has A Particular File Open on the Network

Hack 50 Display a Directory Tree

Hack 51 Automate Printer Management

Hack 52 Set the Default Printer Based on Location

Hack 53 Add Printers Based on Name of Computer

Chapter 6. IIS

Hacks #54-61

Hack 54 Back Up the Metabase

Hack 55 Restore the Metabase

Hack 56 Map the Metabase

Hack 57 Metabase Hacks

Hack 58 Hide the Metabase

Hack 59 IIS Administration Scripts

Hack 60 Run Other Web Servers

Hack 61 IISFAQ

Chapter 7. Deployment

Hacks #62-68

Hack 62 Get Started with RIS

Hack 63 Customize RIS

Hack 64 Tune RIS

Hack 65 Customize SysPrep

Hack 66 Remove Windows Components from the Command Line

Hack 67 Unattended Installation of Windows Components

Hack 68 Easily Create a Network Boot Disk

Chapter 8. Security

Hacks #69-78

Hack 69 Fundamentals of a Virus-Free Network

Hack 70 Antivirus FAQ

Hack 71 Rename the Administrator and Guest Accounts

Hack 72 Get a List of Local Administrators

Hack 73 Find All Computers that Are Running a Service

Hack 74 Grant Administrative Access to a Domain Controller

Hack 75 Secure Backups

Hack 76 Find Computers with Automatic logon Enabled

Hack 77 Security FAQ

Hack 78 Microsoft Security Tools

Chapter 9. Patch Management

Hacks #79-89

Hack 79 Best Practices for Patch Management

Hack 80 Beginners Guide to Enterprise Patch Management

Hack 81 Patch-Management FAQ

Hack 82 Enumerate Installed Hotfixes

Hack 83 Apply Patches in the Correct Order

Hack 84 Windows Update FAQ

Hack 85 Obtain Updates via the Windows Update Catalog

Hack 86 Use Automatic Updates Effectively

Hack 87 Use Group Policy to Configure Automatic Updates

Hack 88 Automatic Updates FAQ

Hack 89 Software Update Services FAQ

Chapter 10. Backup and Recovery

Hacks #90-100

Hack 90 Collect Disaster Recovery Files

Hack 91 Back Up Individual Files from the Command Line

Hack 92 Back Up System State on Remote Machines

Hack 93 Back Up and Restore a Certificate Authority

Hack 94 Back Up EFS

Hack 95 Work with Shadow Copies

Hack 96 Back Up and Clear the Event Logs

Hack 97 Back Up the DFS Namespace

Hack 98 Recover with Automated System Recovery

Hack 99 Recovery Roadmap

Hack 100 Data Recovery of Last Resort

Colophon

Index

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_K

index_L

index_M

index_N

index_O

index_P

index_Q

index_R

index_S

index_T

index_U

index_V

index_W

index_X
توضیحات
افزودن یادداشت جدید










Hack 62 Get Started with RIS

Remote Installation Services (RIS) is a complex
but powerful tool for deploying Windows images.
Here's a guide to getting started with
it.

In the past, with the many
flavors of Windows, there were many ways of configuring and deploying
Windows to client machines. Such automated and customized methods
included imaging with a tool such as GHOST or scripting with answer
files and VBScript or other automation tools to deploy silently and
without user intervention. Or, you could make one image on a hard
drive and use a hard-drive-cloning device to copy the image to
multiple hard disks at once. The technology and methodologies for
deploying a customized Windows operating system to client
workstations has matured over the years, but not quite to the
plug and play capability we would all like to
see.

As part of Microsoft's change and
configuration-management initiative, they developed a service
included with Windows 2000 called Remote Installation Service (RIS).
RIS supports deploying both automated and customized versions of
Windows 2000 and XP Professional to clients that support the
PXE/DHCP-based remote technology for remotely installing the
operating system on the client computer over the network. The
intention that Microsoft was communicating to the corporate
technologists when they were developing Windows 2000 was that you
could basically plug a new computer into the network, start the
computer, authenticate, and the operating system would be installed
and configured for the user within a short matter of time.

With a little bit of work, it actually does just that.

Not only can you deploy images of Windows 2000 and XP through RIS,
but with a tool developed by 3Com (http://www.3com.com/en_US/lanworks/indexl)
you also can deploy BIOS updates, other applications, Windows 2000
Server images, and so on. RIS is customizable and flexible; you can
modify the Client Installation Wizard to prompt users for
information, pass information to setup answer files, and populate
environment variables with information. You can deploy disk images
with RIS, but I recommend the scripted, silent-installation approach,
because it is more customizable. I successfully use RIS in my office
to deploy a customized Windows XP Professional image, and it saves me
a lot of time.

Think of RIS as a network-based boot disk. The client workstation
boots onto the network and obtains an IP address from a DHCP server
and the location of the RIS server, RIS verifies the client is a
known client, and then the Client Installation Wizard appears. It is
similar to using a boot disk with NDIS drivers, a custom menu, and
prompts via autoexec.bat or some other script
called on the disk.


Requirements for RIS


So, what do you need to get started with RIS? First,
you need a PXE-compliant (PXE stands for
Pre-Boot Execution Environment) network card and system BIOS that
supports setting the LAN as a bootup device. Most network cards
todaysuch as ones from Intel, 3Com, SMC, and
RealTeksupport PXE. For those workstations that are not
compliant, you can create a bootable disk with a PXE emulator by
using a tool that accompanies RIS. Next, you need a Windows 2000
server that is a member of an Active Directory-enabled domain. Active
Directory is required, because it provides client authentication and
configuration information for the RIS server and RIS also stores its
configuration information within Active Directory. Obviously, you
need TCP/IP, because it is the basic networking protocol required for
a Windows 2000 network. Finally, you need a Windows 2000-compliant
DNS server, so that an RIS server can locate an Active Directory
controller, and a DHCP server to assign TCP/IP addresses to clients,
allowing them to communicate with a RIS server.

Hardware requirements


The hardware requirements for your RIS server are dependent on how
many clients will be supported within your environment. How well RIS
performs when deploying Windows to clients depends on the hardware
configuration of your RIS serverin particular, the disk
subsystem, memory, and networking components of your RIS server.
Let's consider each of these briefly:

Disk subsystem


Storage space for each operating system image you want to deploy must
be taken into account, because the size will vary depending on the
level of customization, size of images and applications included with
each image, and so on. The RIS installation point cannot be on the
same volume that the operating system and/or boot files are on. It
must be installed on a separate dedicated volume.


Memory


In addition to the memory allocated to the operating system, allocate
additional memory for the RIS service. Microsoft recommends a minimum
of 128 MB for Windows 2000 Server, but I recommend 512 MB for the
services and functions this server will be providing, as well as the
number of clients it might be supporting.


Networking components


A network adapter running at 100 Mbps full duplex is best. If you are
supporting a large client base, you might want to have two 10/100
adapters. Solid network connectivity between client and server is
important, and you must consider your network topology when planning
a RIS implementation.



As with other Microsoft services you provide on your network, proper
planning will help you to determine the configuration of your RIS
server, how many you may need, and the placement of them. RIS can run
on a member server that provides other services on your network; you
just need to determine the impact and whether additional hardware is
required to support the additional services.

Services associated with RIS


RIS relies on three services to provide the capabilities it offers:

Boot Information Negotiation Layer (BINL)


The BINL service listens for and answers client DHCP requests (PXE).
It also services Client Installation Wizard requests. BINL directs
the client to the files needed to start the installation process.
This service also checks Active Directory to verify credentials,
determine whether a client needs a service, and determines whether to
create a new computer account object or reset an existing one on
behalf of the client.


Trivial File Transfer Protocol Daemon (TFTPD)


An RIS server uses Trivial File Transfer Protocol (TFTP) to download
the initial files needed to begin the remote installation process to
the client. These files include the Client Installation Wizard and
all files needed to start Windows 2000 setup. The first file
downloaded to the client using TFTP is
Startrom.com, a small bootstrap program that
displays the Press F12 for Network Service Boot prompt. If F12 is
pressed within three seconds, the Client Installation Wizard
(OSChooser) is downloaded to begin the remote installation process.
When it resides on the server side, this service is called the
Trivial File Transfer Protocol Daemon (TFTPD). When it resides on the
client, it is simply called TFTP.


Single Instance Store (SIS) or Groveler


The SIS services consist of an NTFS filesystem filter and a service
that acts on the volume on which the RIS images are kept. SIS
services reduce the storage requirements needed to store these images
by combining duplicate files.




Installing RIS


On Windows 2000 Server, go to
StartSettingsControl Panel.
Double-click Add/Remove Programs, and then double-click Add/Remove
Windows Components. Scroll down, choose Remote Installation Services,
and then click Next. Insert the Windows 2000 Server CD-ROM into the
CD-ROM drive and click OK. The necessary files are copied to the
server. Click Finish to end the wizard. When you are prompted to
restart your computer, click Yes. When the server has restarted, log
on to the computer with an account that has administrative privilege.

I recommend you always apply the latest service pack for Windows
2000, because it might have fixes or enhancements to RIS. For
example, Service Pack 3 includes support for deploying Windows 2000
Server and Windows XP Professional (the original RIS supported
deploying Windows 2000 Professional only) and resolves networking
issues with RIS clients and installation issues (such as RIS clients
hanging during setup). There are also specific hotfixes for RIS, but
these are available only if you are experiencing the specific issue
and they require a call into Microsoft support to obtain the update.

The directory structure of RIS is flexible; it is designed to support
many different languages and hardware platforms. The following
directories are created for the RIS service during installation.

OSChooser


This directory contains all of the files needed by the client
installation wizard. As noted, the OSChooser
directory supports many different types of hardware
platforms and languages. However, only the x86 platform is supported
for RIS in Windows 2000.


Setup


This directory contains the images that have been installed on the
RIS server. Notice that the existing operating system images also
contain a corresponding Templates directory,
which contains the SIF file used for unattended installation of the
operating system on the client computer. The SIF file also contains
the friendly description string and specific image details that are
displayed to end users of the client installation wizard and in the
Tools tab within the administrative UI. Note that for an image to be
displayed in both the administrative UI and the
client-installation-wizard UI, it must contain an associated
*.sif file template.


Tools


This directory contains tools that are designed to support deployment
through RIS, such as BIOS updates, virus tools, and so on.



To set up RIS after installation, go to the command prompt or
StartRun and type RISETUP.EXE to
start the Remote Installation Service Setup Wizard. Follow the
instructions on the screen. It will guide you through configuring
RIS, and the last step will be to create an image of your Windows
2000 Server/Professional or Windows XP Professional from the CD. I
won't get into detail here, because it is a
straightforward process, but see Microsoft Knowledge Base article
Q298750 (http://support.microsoft.com/default.aspx?scid=kb;en-us;298750)
for any assistance you might need.

Once you complete the process of configuring RIS, the server must be
authorized in Active Directory. This ensures that rogue servers with
those services installed (either by accident or intentionally), will
not impact or disrupt network operations. Log onto a domain
controller in the root domain with Domain Administrator or Enterprise
Administrator rights. Go to
StartProgramsAdministrative Tools
and click on the DHCP snap-in. Right-click DHCP in the upper-left
corner of the screen, and then click Manage Authorized Servers. If
the RIS server does not appear in the list, click Authorize and enter
the IP address of the server.

Once you're finished setting up RIS, you can
customize it to the needs of your own networking
environment[Hack #63].

Matt Goedtel


/ 163