Learning Objective:

After reading this INFORMATION SHEET, YOU MUST be able to Set-up

client/user access and security

To join computers to the domain

1. Log on to the computer with the local Administrator account.

2. Click Start, right-click Computer, and then click Properties. The System dialog box opens.

3. In Computer name, domain, and workgroup settings, click Change settings. The System Properties dialog box opens.

Note

On computers running Windows Vista®, before the System Properties dialog box opens, the User Account Control dialog box opens, requesting permission to continue. Click Continue to proceed.

4. Click Change. The Computer Name/Domain Changes dialog box opens.

5. In Computer Name, in Member of, select Domain, and then type the name of the domain you want to join. For example, if the domain name is example.com, type example.com.

6. Click OK. The Windows Security dialog box opens.

7. In Computer Name/Domain Changes, in User name, type the  user name, and in Password, type the password, and then click OK. The Computer Name/Domain Changes dialog box opens, welcoming you to the domain. Click OK.

8. The Computer Name/Domain Changes dialog box displays a message indicating that you must restart the computer to apply the changes. Click OK.

9. On the System Properties dialog box, on the Computer Name tab, click Close. The Microsoft Windows dialog box opens, and displays a message, again indicating that you must restart the computer to apply the changes. Click Restart Now.

Standard and Public File Sharing

Windows Server 2008 supports two types of file sharing, referred to as public file sharing and standard file sharing

In the case of public file sharing any files to be shared must be copied to the server's Public folder located at % System Drive% \Users\Public. Once placed in this folder the files are accessible to any users logged locally onto the machine and, if enabled, to any network users. Public sharing provides some control over access to the files. For example, when the server belongs to a workgroup the public folder can be password protected. In addition, network access to files within the public folder can be restricted to reading and executing only or given permission to read, write, create and delete files.

Standard file sharing, which is only permitted on NTFS volumes, allows individual folders files and volumes to be shared to specific users. This provides far greater levels of security over network access through a combination of NTFS file and folder permissions and share permissions, and avoids the necessity to move files from their existing location in order to share them.

Enabling Windows Server 2008 File Sharing

File sharing in Windows Server 2008 is managed from the Network and Sharing Center, accessed by selecting Start -> Network and clicking on the Network and Sharing Center button in the toolbar. Once invoked, the Network and Sharing Center will list the current file sharing configuration and options as illustrated in the following figure.

Turn on sharing so anyone with network access can open, change and create files - Allows network users to open, modify, delete and create files in the public folder.

Turn off sharing (people logged on to this computer can still access this folder) - Allow public folder access only to those users locally logged on to the server. Network users are denied access.

Similarly, standard file sharing can be configured by click the down arrow next to File sharing. When unfolded, this panel provides the option to either enable or disable standard file sharing on this server. When enabled, a dialog will appear providing the option to make the shared folders available only to

the private network on which the system resides, or to make sharing available to public networks. The choice here depends on the requirements of the organization but for security purposes it is typically best to limit sharing to the private network unless external access is required.

The Network and Sharing Center also allows password access to shared folders to be configured. When the arrow next to Password protected sharing is selected the options to enable or disable password protection

sharing are provided. When enabled on workgroup servers, only users with user accounts and passwords on the server will be able to access shared files and folders.

Creating Shared Folders with Windows Explorer

Shared folders can be configured using Windows Explorer, simply by navigating to the folder to be shared, right clicking on the folder and selecting Properties from the menu. 

In the properties dialog, click on the Sharing tab to display and modify the current shared folder settings as illustrated in the following figure

Having specified which users will have access to the folder the next step is to enable the sharing of the folder, specify share permissions and configure a Share Name by which the folder will be referenced and accessed. In addition caching of shared files can be configured. Caching allows users to maintain local copies of shared files so that they can be accessed off-line (for example when the server hosting the files is not available to the user's local system). With caching configured, local copies of shared files are stored on the user's local system so that they can be accessed without a connection to the server. When a connection is re- established, any changes made to the local copy of the file are synchronized with the original copy on the server.

                                                                              Printer Sharing

Just like folder sharing in Microsoft Windows operating systems, printer sharing is also an important part in any complex network setup or in simple networking in homes. In either case mostly one printing device is bought and is shared among all the computers connected to the network. Since printing devices, sometimes, are expensive sharing them among all computers in networks is a cost effective approach for both administrators and home users.

Two types of printers are available in the market nowadays: one that can be connected to the computers (local printers) via USB cables and can then be shared by the administrators, and others that can be

connected directly to the central devices such as hubs or LAN switches (network printers).

When administrators connect printers to the network and share them, computers on which they install drivers and use to configure the printing devices are technically known as Print Servers. Print servers efficiently manage the printing queue by organizing the print sequences and allowing access to the printing devices only from authorized users. When shared printers are accessed by client computers Server Message Block (SMB) protocol, which is an application layer protocol, is used.

In order to install drivers and share printing devices on print servers, where the printers have locally been connected administrative privileges are required. However when users try to install drivers for the shared printers on the client computers, drivers for the shared printers are downloaded from the print servers and are installed on the computers only for the users who have initiated shared printer drivers’ installation

process. In other words when shared printer drivers are installed on client computers no elevated privileges are required and even standard users, who have no administrative rights, can install the drivers.

Sharing a Printer

Assuming that the driver for the printing device has already been installed by Windows Server 2008 R2 administrator and printing device has been connected to the computer, steps given below must be followed to share a locally installed printer in a network:

1. Log on to Windows Server 2008 R2 computer with the administrator account.

2. Make sure that proper driver of printing device is installed.

3. Click Start button and from the menu click Devices and Printers.

4. On the opened window right-click the printer that has to be shared and from the context menu click Printers properties.

5. On the opened box click Sharing tab.

6. Check Share this printer checkbox to allow the printer to be shared on the network.

7. In Shared name field the default shared name of the printer can be changed to some user-friendly name. Moreover, List in the directory checkbox can be checked if administrators want to publish the printer in the active directory. Benefit of doing so is that users can then directly access the active directory in order to use the shared printer. However administrators must use group policy settings for client computers to redirect their print requests to the printers that are published in active directory.

Remote Desktop Connection

As a system administrator you have seen the time when despite the availability of 3-5 system admins at the same time, the management of end user issues can still become difficult to entertain. This is particularly true in the case of managing hundreds of users. Admins used to resolve issues after receiving a ticket in their ticketing portal. Sometimes there were 15 tickets open at the same time, ranging from problems caused due to an unplugged power cable, to entire system crashes. In such a scenario it is not possible to run over to the server room each time you have to reset a password or unlock a locked account. To save time and resolve issues on the fly, we used to remotely login to the DC (Domain Controller), ADC (Additional Domain Controller), ISA (Internet Security and Acceleration) and Exchange (mail) Servers to resolve such issues. In many cases, we used the system of end users to complete these tasks with our DC admin accounts.

Now that we have talked about the basic scenario. In this post, we will tell you how to use Remote Desktop in Windows Server 2008 for remote management.

To make sure that your system can remotely connect, go to Computer (My Computer) Properties from the right-click context menu to enable incoming remote desktop connections.

Create Users and User Templates in Windows Server 2008 Active Directory

You probably already know that a User Account in Active Directory is an Active Directory Object, or simply said, a record in an AD database. Most of the time we create user accounts for people, however user accounts can also be created for applications or processes.

User accounts allow a person to access resources on a network. But we can just as easily deny access to certain resources on the network through the user account. That's why, User Account Objects are quite important and very useful.

HOW TO CREATE A NEW USER ACCOUNT IN ACTIVE DIRECTORY

HOW TO CREATE A USER TEMPLATE IN ACTIVE DIRECTORY

A user template in Active Directory will make your life a little easier, especially if you are creating users for a specific department, with exactly the same properties, and membership to the same user groups. A user template is nothing more than a disabled user account that has all these settings already in place. The only thing you are doing is copying this account, adding a new name and a password.

You may have multiple user templates for multiple purposes with different settings and properties. There is no limit on the number of user templates, but keep in mind that they are there to help you, not to confuse you, so keep in mind less is better.

To create a user template, we are going to create a regular user account just like we did above. A little note here, you may want to add an * as the first character of the name so it floats at the top in AD and is much easier to find

HOW TO USE A USER TEMPLATE IN ACTIVE DIRECTORY

INFORMATION SHEET 3.3-1 

TESTING, DOCUMENTATION AND PRE-DEPLOYMENT PROCEDURES

Learning Objective:

After reading this INFORMATION SHEET, YOU MUST be able to test, document and apply pre-deployment procedures

Tweaking Windows Server 2008 for Efficiency

During the setup and install process, many additional components, packages, and language features are often included unnecessarily into your server build. When you discover a need to reclaim precious native storage space and begin a process of elimination for all but the more critical parts, start by cleaning out any leftover installation material. This includes any Microsoft Office suite products as well — they tend to generate a lot of supportive install-time files that tend to get left behind unless manually specified for removal when installation completes.

Run-time optimization

Windows Server 2008 does a fair job of minimizing unnecessary components bundled with the default install. This confers several immediate advantages: It shortens the install phase, creates a more flexible minimal foundation upon which to build your specific features, and gives you greater control over setup aspects. Typically, there isn’t a whole lot to the default install that you need to strip away to streamline your server.

Over time, or through a timeline of developmental periods or experimental phases, you may experience sluggish system performance owing to an abuna- dance of unnecessary or resource-intensive system processes and components. We like to maintain a conservative profile and remove parts that aren’t vital to system or business functions. In the sections that follow, we cite a few such examples to inspire your own excursions into the realm of server optimization.

Turn off Indexing Service

Windows Indexing Service generates search content properties for all files targeting local and network-attached storage volumes to optimize return time for results. This service runs continuously and can potentially slow the PC’s performance, particularly on servers with revolving data storage and continuous cyclic indexing.

If you don’t need fast file searches, turn off Indexing Service by following these steps:

1. Open Computer.

2. Select the target volume, right-click, and choose Properties.

3. Deselect the Allow Indexing Service to Index This Disk check box.

4. Click OK.

Disable unnecessary services

Services run continuously in the background and even consume resources in their idle states awaiting some event or receipt of data. Not all that is loaded is needed, which is particularly why Microsoft wisely chose to componentize and modularize Windows Server 2008 into a Server Core build option.

Over time, you may find your system consumed by many services ravaging many shared resources, only to realize that some of those processes are no longer necessary. Either they’ve fallen into disuse, never found utilization, or since been replaced by the next best thing. Either way, you neither want nor need them there, so you should remove them. To view startup services and statuses, open Start and type services. MSc in the Start Search bar. Left-click a service entry to view its description and become informed of what other dependent functionality will be affected by its removal from operation.

To disable a service, follow these steps:

1. Right-click the service and choose Properties.

2. Change its startup type to Manual.

3. Click Stop to halt the service.

Schedule Disk Defragmenter

If not already set, schedule disk defragmentation at regular intervals that correspond to local usage. Disk defragmentation realigns file segments to optimize their arrangement on disk so that they may be read and written to most efficiently. This ensures optimal disk performance, especially for drives that process large numbers of files of various sizes.

Windows Server Backup

The Windows Server Backup feature in Windows Server 2008 consists of a Microsoft Management Console (MMC) snap-in and command-line tools that provide a complete solution for your day-to-day backup and recovery needs. You can use four wizards to guide you through running backups and recoveries. You can use Windows Server Backup to back up a full server (all volumes), selected volumes, or the system state. You can recover volumes, folders, files, certain applications, and the system state. And, in case of disasters like hard disk failures, you can perform a system recovery, which will restore your complete system onto the new hard disk, by using a full server backup and the Windows Recovery Environment.

You can use Windows Se r v e r Backup to create and manage backups for the local computer or a remote computer. You can also schedule backups to run automatically and you can perform one-time

backups to augment the scheduled backups.

How to install Windows Server Backup

To access backup and recovery tools for Windows Server 2008, you must install the Windows Server Backup, Command-line Tools, and Windows PowerShell items that are available in the Add Features Wizard in Server Manager. This installs the following tools:

• Windows Server Backup Microsoft Management Console (MMC)snap-in

• Badin command-line tool

• Windows Server Backup cmdlets (Windows PowerShell commands)

Note: 

To install Windows Server Backup features in Server Manager, you must be a member of the Backup Operators or Administrators group. You can also access Windows Server Backup from Server Manager, under the Storage node

To install backup and recovery tools

1. Click Start, click Server Manager, in the left pane click Features, and then in the right pane click Add Features. This opens the Add Features Wizard.

2. A message that Windows PowerShell is also required to be installed in the Add Features Wizard, on the Select Features page, expand Windows Server Backup Features, and then select the check boxes for Windows Server Backup and Command-line Tools. You will receive with these features.

Note:

If you just want to install the snap-in and the Wbadmin command line tool, expand Windows Server Backup Features, and then select the Windows Server Backup check box. In this case, Windows PowerShell is not required.

3. Click Add Required Features, and then click Next.

4. On the Confirm Installation Selections page, review the choices that you made, and then click Install. If there is an error during the installation, it will be noted on the Installation Results page.

5. Then, to access these backup and recovery tools, do the following:

6. To access the Windows Server Back up snap -in, click Start, click Administrative Tools, and then click Windows Server Backup.

7. To access and view the syntax for Badin, click Start, right- click Command Prompt, and then click Run as administrator. At the prompt, type: wading /?

8. For instructions to access and view the Help for the Windows Server Backup cmdlets, see GettingStarted.rtf at: <system drive>: \Windows\System32\Windows PowerShell\v1.0\Do cements\<language>.