|
Accessing Server Resources
Active Directory Implementation
Creating Users And Groups
DHCP Server Installation
DNS Server Installation
Remote Access Using Terminal Services
Setting Up Shared Folders
TCP/IP Settings
Accessing Server Resources
The easiest way to access a shared directory is via \\testserver\source - according to our example. However, if a share is to be used more often, then it is a good idea to link it as a network drive.
Back To Top
The path is entered just like in the Windows Explorer.
Finished! The first network drive is successfully linked in the system and can now be used like a local hard disk.
Active Directory Implementation
Back To Top
Functional overview of Active Directory in Windows 2000 Server and Windows Server 2003. Source: Microsoft.
The Active Directory (AD) of Windows 2000 Server and Windows Server 2003 basically manages all the information that is relevant in the network's operation. This includes connections, applications, databases, printers, users and groups. Microsoft's text describes it concisely: Active Directory provides a standard way to name, describe, localize, manage, secure and access these resources.
Active Directory is not installed by default because it isn't necessary for simple server services. As the server takes on more responsibility, however, AD makes more and more sense. Additional components like the Exchange Server from Microsoft, for example, require a functioning Active Directory.
The dcpromo command is used to raise the level of the server to become an Active Directory controller. The process takes approximately ten minutes and is described briefly in the following.
Back To Top
We assume that there are no other servers in your network and therefore, we want a controller for a new Active Directory infrastructure.
Afterwards, we define whether the new AD domain is to be integrated into an existing system.
Back To Top
Active Directory uses its own database system in order to manage the described information efficiently. Provided your environment could grow quickly and the server could take on additional tasks, the database as well as the log files should be swapped out to a separate hard disk in order to keep system performance as high as possible.
The SYSVOL folder is another specialty of the Active Directory because its contents are replicated by all the Active Directory controllers in a domain. This includes login scripts, group policies and other things that must be available on other servers as well. The location of this folder can of course be changed according to need.
This option is only important if you have to use Windows NT computers with domain structure.
During the course of the installation, the AD assistant will complain that there is still no DNS server running. Therefore, we choose the option to start it up as well after setting up the Active Directory.
Creating Users And Groups
Back To Top
Users can be setup and configured under [Start] - [Programs] - [Active Directory Users and Computers]. Make sure that you also assign dial-in rights for VPN or terminal services (or perhaps not) as well as assign the correct groups.
You should create groups before anything else in order to organize permissions hierarchically right from the start. In the ideal situation, permissions would only be assigned to groups and not to individual users. Personal folders are of course an exception.
DHCP Server Installation
Back To Top
Once our server can resolve names and IP addresses and already works in Active Directory mode, only the DHCP server (Dynamic Host Configuration Protocol) is missing. By default, every windows computer looks for such a server in order to pick up its IP address, the Internet gateway and various other network parameters.
After service is installed via [Control Panel] - [Software] - [Windows Components] - [Network Services], it must be managed using the management console. Here, we need an IP address range (see screenshot above).
In turn, address spaces can be excluded from the address range.
The IP lease is a time value that stands for the validity of an IP address. In networks with only a few changes, this lease can easily be a month long, while the use of shorter leases (a few days) makes more sense in frequently changing systems.
Back To Top
Specifying an Internet gateway is very important for the users. In small environments, this is usually the DSL router.
Specifying a domain name as well as the DNS server is also important. Here, many DNS servers can be specified, if they are available. For reasons of reliability, the IP address of the DSL router can be given here so that the user can still connect to the Internet if the server crashes or is restarted.
Back To Top
If you didn't install the WINS server, then leave the text boxes empty. Otherwise, the same thing applies as for the DNS settings.
After successfully setting up an address range (scope), the DNS server still has to be authorized in order to work in the Active Directory. A right-click and the right choice of the respective item is all you need. The procedure only takes half a minute.
Finished - DHCP works! However, make sure that only one DHCP server is providing its services in the network. DSL routers often provide similar functions, which of course have to be deactivated.
DNS Server Installation
Back To Top
The DNS service (Domain Name Service) is the Achilles heel of an Active Directory structure. Since network communication is performed by only using names for reasons of understandability (e.g. www.tomshardware.com), there must be a quasi-permanent conversion between the names and the IP addresses that are behind them - and vice versa. A forward lookup searches for an IP address based on a name, while the reverse lookup searches for a computer name based on an address.
The installation of the DNS service is over in a jiffy (screenshot above), only it usually doesn't work as desired right from the start.
Function of a Reverse Lookup. Source: Microsoft.
It is very important to install a Reverse Lookup Zone. It is only with this that the DNS server also able to establish names based on IP addresses.
* The email addresses collected via this form are not recorded on our servers and are only used for the sending request
- Email
- Print
- Comment
- Share
Back To Top
For our purposes, we need a primary zone, because we want to serve our complete local network with the DNS server. Selecting the option for Active Directory integration at the bottom of the dialog box is important.
Of course, we enter the address space of our local network as a network ID. In this case it is 192.168.1.x. We left the subnet mask at 255.255.255.0, as it was before in the properties of the network connection so that we can include 254 computers in the network. This is enough for small and medium-sized companies. Changing it to 255.255.0.0 would expand the segment to 64,516 possible computers, or more specifically, 64,516 IP addresses (254 times 254).
Back To Top
We only want safe dynamic updates. Manual updates take a lot of effort and therefore this option is skipped for most applications.
After confirmation, the Reverse Lookup Zone is installed.
The last thing we still need is a pointer, which points to our subnet 192.168.1.0.
Back To Top
Here, the fully qualified domain name of the server must be given, which is testserver.testdomain.com in this case.
The best way to check if the DNS configuration was successful is via an nslookup, a ping. So that addresses and names outside the local network can also be addressed, we must still inform the DNS server about which server is higher-ranking than it is for external requests.
For the sake of simplicity, we enter the IP address of our DSL router as the DNS forwarder. It will automatically forward requests to the DNS server provided by the Internet provider. You could also enter this directly here.
Remote Access Using Terminal Services
Back To Top
A nice picture: remote access to a computer that we want to remotely control again using remote access. Even with ISDN, the speed of working with remote desktop functions, or alternatively terminal services, was quite acceptable.
In Windows 2000, the terminal services still have to be set up, while with Windows Server 2003, access for a maximum of two users works right out of the box.
The administrator has access at any time, while other users have to be added by clicking the Select Remote Users button in the [Remote] tab of System Properties.
The necessary software to connect from one Windows computer to the other has been available since WindowsXP, or alternatively Server 2003. Look under [Start] - [Programs] - [Accessories] - [Communications] where you will find Remote Desktop Connection.
Back To Top
To select the computer to be controlled remotely, it is sufficient to know its IP address or a domain name.
The performance of the Remote Desktop Connection can be adjusted here by changing the options.
For example, to remotely control the home PC from anywhere, which in any case is connected to the network via DSL flat rate, it is sufficient to set up an account with a provider such as dyndns.org as well as to use software such as DirectUpdate, which continuously checks the connection and transmits its own IP address to the service provider if it changes. However, in the meantime, there are numerous DSL routers that support various DNS service providers.
Setting Up Shared Folders
Back To Top
Administrators always have full access to all the logical drives of a Windows server. \\testserver\c$, for example, is drive C. However, we naturally want to also provide share accounts with different permissions.
A right-click on any directory opens the shortcut menu in which we select [Sharing and security]. First, a share name is chosen here for the directory. If you don't set any permissions, then all users have read access. However, we also want to be able to write.
We added the user Patrick and gave him write as well as read permission. The rights assigned here, however, only refer to network shares. If a user who is locally logged in should also be able to change files, then the permissions in the index card [Security] must be accurately specified.
TCP/IP Settings
Back To Top
Now, the network connection, or more precisely the TCP/IP settings must be modified in order to be able to work together with the new DNS server. This time we enter the Windows server (here it is 192.168.1.50) as the primary DNS server address. We mark all available checkboxes because we also want to work with DNS suffixes.
We can enter the WINS server (Windows Internet Naming Service) here if it is to be installed. This is also selected under [Control Panel] - [Software] - [Windows Components] - [Network Services] and only has a few configuration options so that there should be no difficulties here.
Installation Of Asminpak.msi
Back To Top
By far, the most helpful tool collection is the Resource Kit for Windows Servers provided by Microsoft. However, this has to be bought separately. The Windows CD included here contains the administration package, which can be installed quickly by running the command asminpak.msi. It expands the program options in the administration tree. |
