Friday, February 26, 2010

• Installation and Configuration
• Users and Groups
• File and Folder Permissions
• Encryption
• Supporting Mobile Computers
• Data Backup
• System Recovery
• TCP/IP
• Address Assignment
• Server Clustering
Description: This hands on course provides students with the knowledge and skills they need to perform administrative duties for Windows Server 2003 and XP Professional systems. Students learn to install, configure and maintain the client and server operating systems, monitor performance and support users. Attendees will become familiar with Windows XP Professional and the different versions of Server 2003, explore features of services such as DHCP, Clustering, and Shadow Copies and learn to implement security using permissions, encryption and policies. Hands on exercises include installing and configuring client and server systems, creating users and groups, establishing remote desktop connections and setting security permissions on files, folders and printers.
Prerequisites: One year experience using Microsoft Windows 95 or later, configuring the desktop, and managing files and folders.
Windows 2003 Server and XP Administration Course Overview:

Overview of Windows XP and Server 2003
• Secure Architecture
• Automated System Recovery
• Disk Management Enhancements
• Remote Desktop
• Remote Assistance
• Mobile Computing Features
• NTFS Features
• Troubleshooting Windows XP and Server 2003
• Volume Shadow Copy
• Licensing and Activation
• Reactivating Windows XP
• Workgroups
• Active Directory Domains
• Client and Server Functionality
• Compatibility with NT 4, 2000, and Legacy Systems
• Windows Server 2003 Versions
• Improvements over NT 4.0 and Windows 2000
• Windows Components
• Networking Features Installing the Operating System
• Pre-installation Checklist
• Installing Windows Server 2003
• System Requirements
• Hardware Compatibility List
• Installing on a New System
• CD Installation
• Deploying Windows Across an Enterprise
• Creating Answer Files and Uniqueness Files with Setup Manager
• Sysprep
• Upgrading to Windows XP Professional
• Service Packs and Hotfixes
• Server Roles
• Partitioning
• Upgrading Existing Operating Systems
Graphical User Interface Configuration
• Desktop Look and Feel
• Start Menu Options
• Taskbar Properties
• Control Panel Fundamentals
• Registry Configuration
• Administrative Tools
• Hardware Settings
• Advanced Power Management
• Appearance and Themes
• Printers and Hardware
• Accessibility Options
• Computer Management Console
• Performance Tuning
• Managing Hardware Devices
• Power Options Managing Windows
• The Microsoft Management Console Overview
• Troubleshooting Hardware
• Examining Event Logs
• Supporting USB Devices
• Administrative Tools Package
• Resource Kit Support Tools
Microsoft Management Console
• Using Snap-Ins
• Computer Management
• Disk Management
• System Service Management
• Device Management
• Pre-Configured Consoles
• Customizing Consoles
• Task Pads Data Storage
• Basic Disk Partitions
• Dynamic Disk Volumes
• Partitioning
• RAID
• Mirror Sets
• Stripe Set with Parity
• Mount Points
• Windows Backup Utility
• Encrypting File System
• Disk Quotas
• Disk Defragmentation
• Spanned and Striped Volumes
• Extending Volumes
• NTFS File and Folder Permissions
• Permission Inheritance
• Effective Permissions
• Special Permissions Information
• Shared Folder Permissions
• Default Shares for Administrators
• Auditing Object Access
Administering Users and Groups
• Creating Local Users and Groups
• Creating Domain Users and Groups
• Setting User Rights
• Setting the Accounts Policy
• Group Membership Rules
• Roaming Profiles
• Logon Scripts
• Monitoring Network Resources
• Auditing Events Windows Enhanced TCP/IP
• Transmission Control Protocol/Internet Protocol
• Configuring TCP/IP
• Dynamic Host Configuration Protocol (DHCP)
• Configuring IP Addresses
• Automatic Private IP Addressing
• TCP/IP Diagnostic Tools
• Ipconfig, Ping, and Tracert
Dynamic Host Configuration Protocol
• Purpose of DHCP
• DHCP Lease Process
• DHCP Relay Agent
• Troubleshooting DHCP Clients
• Authorizing a DHCP Server in Active Directory
• Scopes
• Reservations
• DHCP Options System Recovery and Restoration
• Windows Backup Utility
• Safe Mode Set Up
• Advanced System Recovery
• Repair Command Console
The Registry
• Registry Hives
• Troubleshooting
• Registry Size
• The HKEY_CURRENT_USER Key
• Operating System Information
• File Associations
• Regedit - The Registry Editor Tool
• Searching the Registry
• Customized Searches
• Modifying the Registry
• Exporting the Registry
• Adding Keys and Data Values Application Performance
• Application Compatibility
• Compatibility Administration Tool
• Using Compatibility Mode
• Setting Environment Variables
• Registry Permissions
Environment Management
• Fast User Switching
• Managing Multiple Accounts
• Simple File Sharing
• Internet Connection Firewall Overview
• Network Bridging
• Files and Settings Transfer Wizard Users and Groups
• User Accounts
• Default Users and Groups
• Creating Local User Accounts
• Local Group Accounts
• Administrators, Power Users, and Operators
• Creating Local Groups
Terminal Services
• Architecture of Terminal Services
• Benefits of Terminal Server
• Remote Desktop Connection
• Mapping Local Resources
• Terminal Server Desktop
• Terminal Server vs. Remote Desktop
• Terminal Server Licensing
• Terminal Services Manager
• Remote Control of Desktops System Security
• Security Permissions
• System Rights
• Assigning Permissions to Users and Groups
• Encrypting Folders and Files
• Sharing Resources Across The Network
• Setting Security Permissions
Remote Desktop
• Configuring Remote Desktop
• Remote Desktop Features
• Enabling Remote Desktop
• Remote Assistance
• Requesting Remote Assistance
• Saving an Invitation File
• Responding to an Assistance Request File Systems
• FAT16/FAT32
• NTFS
• Compression
• Disk Quotas
• Distributed File System
System Monitoring
• Event Viewer
• System Monitor
• Performance Logs and Alerts
• Enhancing System Performance
• Tracking Trends to Predict Network Growth
• The Msconfig Utility
• The Windows XP Boot Process
• Plug and Play Detection
• Repairing the Current Installation
• Windows XP Safe Mode
• The Recovery Console
• Enabling the Recovery Console
• Backing Up the Registry
• Backing Up the System State
• Using System Restore
• System Restore Features
• Types of Restore Points
• Undoing a System Restoration
• Automated System Recovery Overview
• Creating an ASR Backup Set
• Recovering from System Failure
• Device Driver Rollback
• The Msinfo Tool Mobile Computing
• Advanced Power Management
• Offline Files
• BIOS Compatibility
• Hardware Support
• Using Hardware Profiles with Laptop Computers
• Universal Serial Bus Device Support
• Configuring User Profiles
Printing
• Terminology
• Installing Local Printers
• Managing Printers
• Installing Print Drivers
• Internet Printing
• Configuring Printer Settings
• Sharing Printers
• Printer Pooling
• Print Permissions•
Windows 2003 Server and XP Administration
Duration: 5 days | Price: $2495 | Class Dates:
Students Will Learn:
• Installation and Configuration
• Users and Groups
• File and Folder Permissions
• Encryption
• Supporting Mobile Computers
• Data Backup
• System Recovery
• TCP/IP
• Address Assignment
• Server Clustering
Description: This hands on course provides students with the knowledge and skills they need to perform administrative duties for Windows Server 2003 and XP Professional systems. Students learn to install, configure and maintain the client and server operating systems, monitor performance and support users. Attendees will become familiar with Windows XP Professional and the different versions of Server 2003, explore features of services such as DHCP, Clustering, and Shadow Copies and learn to implement security using permissions, encryption and policies. Hands on exercises include installing and configuring client and server systems, creating users and groups, establishing remote desktop connections and setting security permissions on files, folders and printers.
Prerequisites: One year experience using Microsoft Windows 95 or later, configuring the desktop, and managing files and folders.
Windows 2003 Server and XP Administration Course Overview:

Overview of Windows XP and Server 2003
• Secure Architecture
• Automated System Recovery
• Disk Management Enhancements
• Remote Desktop
• Remote Assistance
• Mobile Computing Features
• NTFS Features
• Troubleshooting Windows XP and Server 2003
• Volume Shadow Copy
• Licensing and Activation
• Reactivating Windows XP
• Workgroups
• Active Directory Domains
• Client and Server Functionality
• Compatibility with NT 4, 2000, and Legacy Systems
• Windows Server 2003 Versions
• Improvements over NT 4.0 and Windows 2000
• Windows Components
• Networking Features Installing the Operating System
• Pre-installation Checklist
• Installing Windows Server 2003
• System Requirements
• Hardware Compatibility List
• Installing on a New System
• CD Installation
• Deploying Windows Across an Enterprise
• Creating Answer Files and Uniqueness Files with Setup Manager
• Sysprep
• Upgrading to Windows XP Professional
• Service Packs and Hotfixes
• Server Roles
• Partitioning
• Upgrading Existing Operating Systems
Graphical User Interface Configuration
• Desktop Look and Feel
• Start Menu Options
• Taskbar Properties
• Control Panel Fundamentals
• Registry Configuration
• Administrative Tools
• Hardware Settings
• Advanced Power Management
• Appearance and Themes
• Printers and Hardware
• Accessibility Options
• Computer Management Console
• Performance Tuning
• Managing Hardware Devices
• Power Options Managing Windows
• The Microsoft Management Console Overview
• Troubleshooting Hardware
• Examining Event Logs
• Supporting USB Devices
• Administrative Tools Package
• Resource Kit Support Tools
Microsoft Management Console
• Using Snap-Ins
• Computer Management
• Disk Management
• System Service Management
• Device Management
• Pre-Configured Consoles
• Customizing Consoles
• Task Pads Data Storage
• Basic Disk Partitions
• Dynamic Disk Volumes
• Partitioning
• RAID
• Mirror Sets
• Stripe Set with Parity
• Mount Points
• Windows Backup Utility
• Encrypting File System
• Disk Quotas
• Disk Defragmentation
• Spanned and Striped Volumes
• Extending Volumes
• NTFS File and Folder Permissions
• Permission Inheritance
• Effective Permissions
• Special Permissions Information
• Shared Folder Permissions
• Default Shares for Administrators
• Auditing Object Access
Administering Users and Groups
• Creating Local Users and Groups
• Creating Domain Users and Groups
• Setting User Rights
• Setting the Accounts Policy
• Group Membership Rules
• Roaming Profiles
• Logon Scripts
• Monitoring Network Resources
• Auditing Events Windows Enhanced TCP/IP
• Transmission Control Protocol/Internet Protocol
• Configuring TCP/IP
• Dynamic Host Configuration Protocol (DHCP)
• Configuring IP Addresses
• Automatic Private IP Addressing
• TCP/IP Diagnostic Tools
• Ipconfig, Ping, and Tracert
Dynamic Host Configuration Protocol
• Purpose of DHCP
• DHCP Lease Process
• DHCP Relay Agent
• Troubleshooting DHCP Clients
• Authorizing a DHCP Server in Active Directory
• Scopes
• Reservations
• DHCP Options System Recovery and Restoration
• Windows Backup Utility
• Safe Mode Set Up
• Advanced System Recovery
• Repair Command Console
The Registry
• Registry Hives
• Troubleshooting
• Registry Size
• The HKEY_CURRENT_USER Key
• Operating System Information
• File Associations
• Regedit - The Registry Editor Tool
• Searching the Registry
• Customized Searches
• Modifying the Registry
• Exporting the Registry
• Adding Keys and Data Values Application Performance
• Application Compatibility
• Compatibility Administration Tool
• Using Compatibility Mode
• Setting Environment Variables
• Registry Permissions
Environment Management
• Fast User Switching
• Managing Multiple Accounts
• Simple File Sharing
• Internet Connection Firewall Overview
• Network Bridging
• Files and Settings Transfer Wizard Users and Groups
• User Accounts
• Default Users and Groups
• Creating Local User Accounts
• Local Group Accounts
• Administrators, Power Users, and Operators
• Creating Local Groups
Terminal Services
• Architecture of Terminal Services
• Benefits of Terminal Server
• Remote Desktop Connection
• Mapping Local Resources
• Terminal Server Desktop
• Terminal Server vs. Remote Desktop
• Terminal Server Licensing
• Terminal Services Manager
• Remote Control of Desktops System Security
• Security Permissions
• System Rights
• Assigning Permissions to Users and Groups
• Encrypting Folders and Files
• Sharing Resources Across The Network
• Setting Security Permissions
Remote Desktop
• Configuring Remote Desktop
• Remote Desktop Features
• Enabling Remote Desktop
• Remote Assistance
• Requesting Remote Assistance
• Saving an Invitation File
• Responding to an Assistance Request File Systems
• FAT16/FAT32
• NTFS
• Compression
• Disk Quotas
• Distributed File System
System Monitoring
• Event Viewer
• System Monitor
• Performance Logs and Alerts
• Enhancing System Performance
• Tracking Trends to Predict Network Growth
• The Msconfig Utility
• The Windows XP Boot Process
• Plug and Play Detection
• Repairing the Current Installation
• Windows XP Safe Mode
• The Recovery Console
• Enabling the Recovery Console
• Backing Up the Registry
• Backing Up the System State
• Using System Restore
• System Restore Features
• Types of Restore Points
• Undoing a System Restoration
• Automated System Recovery Overview
• Creating an ASR Backup Set
• Recovering from System Failure
• Device Driver Rollback
• The Msinfo Tool Mobile Computing
• Advanced Power Management
• Offline Files
• BIOS Compatibility
• Hardware Support
• Using Hardware Profiles with Laptop Computers
• Universal Serial Bus Device Support
• Configuring User Profiles
Printing
• Terminology
• Installing Local Printers
• Managing Printers
• Installing Print Drivers
• Internet Printing
• Configuring Printer Settings
• Sharing Printers
• Printer Pooling
• Print Permissions•

Duties of the System Administrator

The Linux System Administrator
Using Linux involves much more than merely sitting down and turning on the
machine. Often you hear talk of a “steep learning curve” but that discouraging
phrase can be misleading. Instead, Linux is quite different from the most popular
commercial operating systems in a number of ways. While it is no more difficult to
learn than other operating systems, it is likely to seem very strange even to the
experienced administrator of other systems. In addition, the sophistication of a
number of parts of the Red Hat distribution has increased by an order of magnitude,
so even an experienced Linux administrator is likely to find much that is new and
unfamiliar. Fortunately, there are new tools designed to make system administration
easier than ever before.
3
03 544985 ch01.qxd 1/8/04 9:22 AM Page 3
Make no mistake: Every computer in the world has a system administrator. It
may be—and probably is—true that the majority of system administrators are
those who decided what software and peripherals were bundled with the machine
when it was shipped. That status quo remains because the majority of users who
acquire computers for use as appliances probably do little to change the default
values. But the minute a user decides on a different wallpaper image or adds an
application that was acquired apart from the machine itself, he or she has taken on
the role of system administration.
The highfalutin title of system administrator brings with it some responsibilities.
No one whose computer is connected to the Internet, for instance, has been immune
to the effects of poorly administered systems, as demonstrated by the Distributed
Denial of Service (DDoS) and e-mail macro virus attacks that have shaken the
online world in recent years. The scope of these acts of computer vandalism (in
some cases, computer larceny) would have been greatly reduced if system administrators
had a better understanding of their duties.
Linux system administrators are likely to understand the necessity of active system
administration more than those who run whatever came on the computer,
assuming that things came properly configured from the factory. The user or enterprise
that decides on Linux has decided, too, to assume the control that Linux
offers, and the responsibilities that this entails.
By its very nature as a modern, multiuser operating system, Linux requires a
degree of administration greater than that of less robust, home-market systems.
This means that even if you use just a single machine connected to the Internet by
a dial-up modem—or not even connected at all—you have the benefits of the same
system employed by some of the largest businesses in the world, and will do many
of the same things that IT professionals employed by those companies are paid to
do. Administering your system does involve a degree of learning but it also means
that in setting up and configuring your own system you gain skills and understanding
that raise you above mere “computer user” status. The Linux system
administrator does not achieve that mantle by purchasing a computer but by taking
full control of what the computer does and how it does it.
You may end up configuring a small home or small office network of two or more
machines, perhaps including ones that are not running Linux. You may be responsible
for a business network of dozens of machines. The nature of system administration
in Linux is surprisingly constant, no matter how large or small your installation.
It merely involves enabling and configuring features you already have available.
By definition, the Linux system administrator is the person who has “root”
access, which is to say the one who is the system’s “super user” (or root user). A
standard Linux user is limited to whatever he or she can do with the underlying
engine of the system. But the root user has unfettered access to everything—all
user accounts, their home directories, and the files therein; all system configurations;
and all files on the system. A certain body of thought says that no one should
ever log in as “root,” because system administration tasks can be performed more
easily and safely through other, more specific means, which we discuss in due
course. Because the system administrator has full system privileges, your first duty
is to know what you’re doing, lest you break something.
4 Part I: System and Network Administration Defined
03 544985 ch01.qxd 1/8/04 9:22 AM Page 4
By definition, the Linux system administrator is the person who has “root”
access—the one who is the system’s “super user.”
The word duty implies a degree of drudgery; in fact, it’s a manifestation of the
tremendous flexibility of the system measured against the responsibility to run a
tight organization. These duties do not so much constrain you, the system administrator,
as free you to match the job to the task. Let’s take a brief look at them.
Installing and Configuring Servers
When you hear the word server to describe a computer, you probably think of a
computer that offers some type of service to clients. The server may provide file or
printer sharing, File Transfer Protocol (FTP) or Web access, or e-mail processing
tasks. Don’t think of a server as a standalone workstation; think of it as a computer
that specifically performs these services for many users.
In the Linux world, the word server has a broader meaning than what you might
be used to. For instance, the standard Red Hat graphical user interface (GUI)
requires a graphical layer called XFree86. This is a server. It runs even on a standalone
machine with one user account. It must be configured. (Fortunately, Red Hat
has made this a simple and painless part of installation on all but the most obscure
combinations of video card and monitor; gone are the days of anguish as you configure
a graphical desktop.)
Likewise, printing in Linux takes place only after you configure a print server.
Again, this has become so easy as to be nearly trivial.
In certain areas the client-server nomenclature can be confusing, though. While
you cannot have a graphical desktop without a server, you can have Web access
without a Web server, FTP access without running an FTP server, and e-mail capabilities
without ever starting a mail server. You may well want to use these servers,
all of which are included in Red Hat; then again, maybe not. Whenever a server is
connected to other machines outside your physical control, there are security implications
to consider. You want your users to have easy access to the things they
need but you don’t want to open up the system you’re administering to the whole
wide world.
Whenever a server is connected to machines outside your physical control,
security issues arise. You want users to have easy access to the things they
need but you don’t want to open up the system you’re administering to the
whole wide world.
Chapter 1: Duties of the System Administrator 5
03 544985 ch01.qxd 1/8/04 9:22 AM Page 5
Linux distributions used to ship with all imaginable servers turned on by default.
Just installing the operating system on the computer would install and configure—
with default parameters—all the services available with the distribution. This was a
reflection of an earlier, more innocent era in computing when people did not consider
vandalizing other people’s machines to be good sportsmanship.
Unfortunately, the realities of this modern, more dangerous world dictate that all
but the most essential servers remain turned off unless specifically enabled and
configured. This duty falls to the system administrator. You need to know exactly
which servers you need and how to employ them, and to be aware that it is bad
practice and a potential security nightmare to enable services that the system isn’t
using and doesn’t need. Fortunately, the following pages show you how to carry
out this aspect of system administration easily and efficiently.
Installing and Configuring
Application Software
Although it is possible for individual users to install some applications in their
home directories—drive space set aside for their own files and customizations—
these applications are not available to other users without the intervention of the
system administrator. Besides, if an application is to be used by more than one user,
it probably needs to be installed higher up in the Linux file hierarchy, which is a job
that only the system administrator can perform. (The administrator can even decide
which users may use which applications by creating a “group” for that application
and enrolling individual users in that group.)
New software packages might be installed in /opt if they are likely to be
upgraded separately from the Red Hat distribution itself. Doing this makes it simple
to retain the old version until you are certain that the new version works and meets
your expectations. Some packages may need to go in /usr/local or even /usr if
they are upgrades of packages installed as part of Red Hat. (For instance, there are
sometimes security upgrades of existing packages.) The location of the installation
usually matters only if you compile the application from source code; if you use a
Red Hat Package Manager (RPM) application package, it automatically goes where
it should.
Configuration and customization of applications is to some extent at the user’s
discretion, but not entirely. “Skeleton” configurations—administrator-determined
default configurations—set the baseline for user employment of applications. If
there are particular forms, for example, that are used throughout an enterprise, the
system administrator would set them up or at least make them available by adding
them to the skeleton configuration. The same applies to configuring user desktops
and in even deciding what applications should appear on user desktop menus. For
instance, your company may not want to grant users access to the games that ship
with modern Linux desktops. You may also want to add menu items for newly
installed or custom applications. The system administrator brings all this to pass.
6 Part I: System and Network Administration Defined
03 544985 ch01.qxd 1/8/04 9:22 AM Page 6
Creating and Maintaining
User Accounts
Not just anyone can show up and log on to a Linux machine. An account must be
created for each user and—you guessed it—no one but the system administrator
can do this. That’s simple enough.
But there’s more. It involves decisions that either you or your company must
make. You might want to let users select their own passwords, which would no doubt
make them easier to remember but which probably would be easier for a malefactor
to crack. You might want to assign passwords, which is more secure in theory but
increases the likelihood that users will write them down on a conveniently located
scrap of paper—a risk if many people have access to the area where the machine(s)
is located. You might decide that users must change their passwords periodically—
something you can configure Red Hat Enterprise Linux to prompt users about.
What happens to old accounts? Suppose someone leaves the company. You probably
don’t want him or her to gain access to the company network, but you also
don’t want to delete the account wholesale, only to discover later that essential data
resided nowhere else.
To what may specific users have access? It might be that there are aspects of
your business that make Web access desirable, but you don’t want everyone spending
their working hours surfing the Web. If your system is at home, you may wish
to limit your children’s access to certain Web sites.
These and other issues are part of the system administrator’s duties in managing
user accounts. Whether the administrator or his or her employer establishes policies
governing accounts, these policies should be delineated—preferably in writing for
a company—for the protection of all concerned.
Backing Up and Restoring Files
Until computer equipment becomes infallible, until people lose the desire to harm
others’ property, and—truth be told—until system administrators become perfect,
there is considerable need to back up important files so that the system can be up
and running again with minimal disruption in the event of hardware, security, or
administration failure. Only the system administrator may do this. (Because of its
built-in security features, Linux doesn’t allow users even to back up their own files
to removable disks.)
It’s not enough to know that performing backups is your job. You need to formulate
a strategy for making sure your system is not vulnerable to catastrophic disruption.
This is not always obvious. If you have a high-capacity tape drive and several
good sets of restore disks, you might make a full system backup every few days. If
you are managing a system with scores of users, you might find it more sensible to
back up user accounts and system configuration files, figuring that reinstallation
from the distribution CDs would be quicker and easier than getting the basics off a
Chapter 1: Duties of the System Administrator 7
03 544985 ch01.qxd 1/8/04 9:22 AM Page 7
tape archive. (Don’t forget about applications you install separately from your Red
Hat distribution, especially those involving heavy customization.)
Once you decide what to back up, you need to decide how frequently to perform
backups, whether to maintain a series of incremental backups—adding only files
that have changed since the last backup—or multiple full backups, and when these
backups should be performed. Do you trust an automated, unattended process? If
you help determine which equipment to use, do you go with a redundant array of
independent disks (RAID), which is to say multiple hard drives all containing the
same data as insurance against the failure of any one of them, in addition to other
backup systems? (A RAID is not enough because hard drive failure is not the only
means by which a system can be brought to a halt.)
You don’t want to become complacent or foster a lackadaisical attitude among
users. Part of your strategy should be to maintain perfect backups without ever
needing to resort to them. This means encouraging users to keep multiple copies of
their important files in their home directories so that you won’t be asked to mount
a backup to restore a file that a user corrupted. (If your system is a standalone one
then, as your own system administrator, you should make a habit of backing up
your configuration and other important files.)
Restoring files from your backup media is no less important than backing them
up in the first place. Be certain you can restore your files if the need arises by testing
your restore process at least once during a noncritical time.
Chances are good that even if you work for a company, you’ll be the one making
these decisions. Your boss just wants a system that runs perfectly, all the time.
Backing up is only part of the story, however. You need to formulate a plan for
bringing the system back up after a failure. A system failure could be caused by any
number of problems, either related to hardware or software (application, system
configuration) trouble, and could range from a minor inconvenience to complete
shutdown.
Hardware failures caused by improper configuration can be corrected by properly
configuring the device. Sometimes hardware failures are caused by the device
itself, which typically requires replacing the device. Software failures caused by
improperly configured system files are usually corrected by properly configuring
those files. An application can cause the system to fail for many reasons and may
require a lot of research on the part of the administrator to find the root of the
problem.
If you are the administrator of servers and workstations for a business, you
should have a disaster recovery plan in place. Such a plan takes into account the
type of data and services provided and how much fault tolerance your systems
require—that is, how long your systems could be down and what effect that would
have on your company’s ability to conduct business. If you require 100 percent
fault tolerance, meaning your systems must be online 24/7, then disaster recovery
is unnecessary as your systems never go down and there is no disaster from which
to recover. Most organizations, though, cannot afford such a high level of fault tolerance;
they are willing to accept less stringent standards. Based on the level of
8 Part I: System and Network Administration Defined
03 544985 ch01.qxd 1/8/04 9:22 AM Page 8
fault tolerance you require, your disaster recovery plan should list as many possible
failures as you can anticipate and detail the steps required to restore your systems.
In Chapter 2, we describe fault tolerance and disaster recovery in more detail.
Backing up is only part of the story. You need to formulate a disaster recovery
plan to bring your system back up in the event of a failure.
Monitoring and Tuning Performance
The default installation of Red Hat Enterprise Linux goes a long way toward capitalizing
on existing system resources. There is no “one size fits all” configuration,
however. Linux is infinitely configurable, or close to it.
On a modern standalone system, Linux runs pretty quickly. If it doesn’t, there’s
something wrong—something the system administrator can fix. Still, you might
want to squeeze one last little bit of performance out of your hardware—or a number
of people might be using the same file server, mail server, or other shared machine,
in which case seemingly small improvements in system performance add up.
System tuning is an ongoing process aided by a variety of diagnostic and monitoring
tools. Some performance decisions are made at installation time, while others
are added or tweaked later. A good example is the use of the hdparm utility, which
can increase throughput in IDE drives considerably; but for some high-speed modes
a check of system logs shows that faulty or inexpensive cables can, in combination
with hdparm, produce an enormity of nondestructive but system-slowing errors.
Proper monitoring allows you to detect a misbehaving application that consumes
more resources than it should or fails to exit completely upon closing.
Through the use of system performance tools you can determine when hardware—
such as memory, added storage, or even something as elaborate as a hardware
RAID—should be upgraded for more cost-effective use of a machine in the enterprise
or for complicated computational tasks such as three-dimensional rendering.
Possibly most important, careful system monitoring and diagnostic practices
give you an early heads-up when a system component is showing early signs of
failure, so that you can minimize any potential downtime. Combined with the
resources for determining which components are best supported by Red Hat
Enterprise Linux, performance monitoring can result in replacement components
which are far more robust and efficient in some cases.
In any case, careful system monitoring plus wise use of the built-in configurability
of Linux allows you to squeeze the best possible performance from your existing
equipment, from customizing video drivers to applying special kernel patches
or simply turning off unneeded services to free memory and processor cycles.
Chapter 1: Duties of the System Administrator 9
03 544985 ch01.qxd 1/8/04 9:22 AM Page 9
To squeeze the best performance from your equipment, monitor your system
carefully and use Linux’s built-in configurability wisely.
Configuring a Secure System
If there is a common thread in Linux system administration, it is the security of the
computer and data integrity.
What does this mean? Just about everything. The system administrator’s task,
first and foremost, is to make certain that no data on the machine or network are
likely to become corrupted, whether by hardware or power failure, by misconfiguration
or user error (to the extent that the latter can be avoided), or by malicious or
inadvertent intrusion from elsewhere. It means doing all the tasks described
throughout this chapter, and doing them well, with a full understanding of their
implications.
No one involved in computing has failed to hear of the succession of increasingly
serious attacks on machines connected to the Internet. For the most part,
these attacks have not targeted Linux systems. That doesn’t mean Linux systems
have been entirely immune, either to direct attack or to the effects of attacks on
machines running other operating systems. In one Distributed Denial of Service
(DDoS) attack aimed at several major online companies, for instance, many “zombie”
machines—those that had been exploited so that the vandals could employ
thousands of machines instead of just a few—were running Linux that had not
been patched to guard against a well-known security flaw. In the various “Code
Red” attacks during the summer of 2001, Linux machines themselves were invulnerable,
but the huge amount of traffic generated by this “worm” infection nevertheless
prevented many Linux machines from accomplishing much Web-based
work for several weeks, so fierce was the storm raging across the Internet. And few
e-mail users have been immune from receiving at least some “SirCam” messages—
nonsensical messages from strangers with randomly selected files attached from
their machines. While this infection did not corrupt Linux machines per se, as it did
those running MS Windows, anyone on a dial-up Internet connection who had to
endure downloading several megabytes of infected mail each day would scarcely
describe himself or herself as unaffected by the attack.
Depending on how a Linux machine is connected, and to what, the sensitivity of
the data it contains and the uses to which it is put, security can be as simple as
turning off unneeded services, monitoring the Red Hat security mailing list to make
sure that all security advisories are followed, and otherwise engaging in good computing
practices to make sure the system runs robustly. It’s almost a full-time job
involving levels of security permissions within the system and systems to which it
is connected; elaborate firewalls to protect not just Linux machines but machines
that, through their use of non-Linux software, are far more vulnerable; and physical
security—making sure no one steals the machine itself!
10 Part I: System and Network Administration Defined
03 544985 ch01.qxd 1/8/04 9:22 AM Page 10
For any machine connected to another machine, security means hardening
against attacks and making certain no one else uses your machine as a platform for
launching attacks against others. If you run Web, FTP, or mail servers, it means giving
access to only those who are entitled to it, while locking out everyone else. It
means making sure that passwords are not easily guessed and not made available
to unauthorized persons. It means that disgruntled former employees no longer
have access to the system and that no unauthorized person may copy files from
your machines.
Security is an ongoing process. The only really secure computer is one that contains
no data, is unplugged from networks and power supplies, has no keyboard
attached, and resides in a locked vault. While that is theoretically true, it implies
that security diminishes the usefulness of the machine. Your job as system administrator
is to strike the right balance between maximum utility and maximum
safety, all the while bearing in mind that confidence in a secure machine today
means nothing about the machine’s security tomorrow.
In the chapters that follow, you learn about the many tools that Red Hat provides
to help you guard against intrusion, even to help you prevent intrusion into non-
Linux machines that may reside on your network. Linux is designed from the
beginning with security in mind. In all your tasks you should maintain that same
security awareness.
Your job as system administrator is to strike the right balance between maximum
utility and maximum safety, all the while bearing in mind that confidence
in a secure machine today means nothing about the machine’s security
tomorrow.
Using Tools to Monitor Security
People who, for purposes of larceny or to amuse themselves, like to break into computers—
they’re called “crackers”—are a clever bunch. If there is a vulnerability in
a system, they will find it. Fortunately, the Linux development community is quick
to find potential exploits and to create ways of slamming the door shut before
crackers can enter. Fortunately, too, Red Hat is diligent in making available new,
patched versions of packages in which potential exploits have been found. Your
first and best security tool, therefore, is making sure that whenever a security advisory
is issued, you download and install the repaired package. This line of defense
can be annoying but it is nothing compared to rebuilding a compromised system.
As good as the bug trackers are, sometimes their job is reactive. Preventing the use
of your machine for nefarious purposes and guarding against intrusion are, in the
end, your responsibility alone. Red Hat equips you with tools to detect and deal with
unauthorized access of many kinds. As this book unfolds, you’ll learn how to install
and configure these tools and how to make sense of the warnings they provide. Pay

SYSTEM ADMINSTRATIONS

1. Explain hidden shares. Hidden or administrative shares are share names with a dollar sign ($) appended to their names. Administrative shares are usually created automatically for the root of each drive letter. They do not display in the network browse list.
2. How do the permissions work in Windows 2000? What permissions does folder inherit from the parent? When you combine NTFS permissions based on users and their group memberships, the least restrictive permissions take precedence. However, explicit Deny entries always override Allow entries.
3. Why can’t I encrypt a compressed file on Windows 2000? You can either compress it or encrypt it, but not both.
4. If I rename an account, what must I do to make sure the renamed account has the same permissions as the original one? Nothing, it’s all maintained automatically.
5. What’s the most powerful group on a Windows system? Administrators.
6. What are the accessibility features in Windows 2000? StickyKeys, FilterKeys Narrator, Magnifier, and On-Screen Keyboard.
7. Why can’t I get to the Fax Service Management console? You can only see it if a fax had been installed.
8. What do I need to ensure before deploying an application via a Group Policy? Make sure it’s either an MSI file, or contains a ZAP file for Group Policy.
9. How do you configure mandatory profiles? Rename ntuser.dat to ntuser.man
10. I can’t get multiple displays to work in Windows 2000. Multiple displays have to use peripheral connection interface (PCI) or Accelerated Graphics Port (AGP) port devices to work properly with Windows 2000.
11. What’s a maximum number of processors Win2k supports? 2
12. I had some NTFS volumes under my Windows NT installation. What happened to NTFS after Win 2k installation? It got upgraded to NTFS 5.
13. How do you convert a drive from FAT/FAT32 to NTFS from the command line? convert c: /fs:ntfs
14. Explain APIPA. Auto Private IP Addressing (APIPA) takes effect on Windows 2000 Professional computers if no DHCP server can be contacted. APIPA assigns the computer an IP address within the range of 169.254.0.0 through 169.254.255.254 with a subnet mask of 255.255.0.0.
15. How does Internet Connection Sharing work on Windows 2000? Internet Connection Sharing (ICS) uses the DHCP Allocator service to assign dynamic IP addresses to clients on the LAN within the range of 192.168.0.2 through 192.168.0.254. In addition, the DNS Proxy service becomes enabled when you implement ICS.
16. | Describe how the DHCP lease is obtained. It’s a four-step process consisting of (a) IP request, (b) IP offer, © IP selection and (d) acknowledgement.
17. I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my address is 169.254.*.*. What happened? The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).
18. We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP leases off of it. The server must be authorized first with the Active Directory.
19. How can you force the client to give up the dhcp lease if you have access to the client PC? ipconfig /release
1)What authentication options do Windows 2000 Servers have for remote clients? PAP, SPAP, CHAP, MS-CHAP and EAP.
2)What are the networking protocol options for the Windows clients if for some reason you do not want to use TCP/IP? NWLink (Novell), NetBEUI, AppleTalk (Apple).
3) What is binding order? The order by which the network protocols are used for client-server communications. The most frequently used protocols should be at the top.
4)How do cryptography-based keys ensure the validity of data transferred across the network? Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends, the data was modified or corrupted.
5)Should we deploy IPSEC-based security or certificate-based security? They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of the packets. Certificate-based security ensures the validity of authenticated clients and servers.
6)What is LMHOSTS file? It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.
7)What’s the difference between forward lookup and reverse lookup in DNS? Forward lookup is name-to-address, the reverse lookup is address-to-name.
8)How can you recover a file encrypted using EFS?
Use the domain recovery agent.
9)Can't enable guest account
A:To enable guest account on w2k/xp, you must logon as administrator.
10))Cannot add a new local user
A:Cause: you are using domain credentials to add a new user on a computer that doesn’t connect to the domain.
11)How Inheritance Affects File and Folder Permissions
A:After you set permissions on a parent folder, new files and subfolders that are created in the folder inherit these permissions. If you do not want the files and folders to inherit permissions, click This folder only in the Apply onto box when you set up special permissions for the parent folder. If you want to prevent only certain files or subfolders from inheriting permissions, right-click the file or subfolder, click Properties, click the Security tab, click Advanced, and then click to clear the Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here check box.
12)If the check boxes are not available, the file or folder has inherited permissions from the parent folder. There are three ways to make changes to inherited permissions:
Make the changes to the parent folder so that the file or folder inherits the permissions.
Click to select the opposite permission (Allow or Deny) to override the inherited permission.
Click to clear the Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here check box. When you do this, you can make changes to the permissions or remove the user or group from the permissions list. However, the file or folder does not inherit permissions from the parent folder.
13)How to access Domain Console without logon the domain
A:Sample issue: I have group policy that is locking down the computer for ALL User, Even the administrator. Now I cant access the domain network from any computers
Solution: Logon as the administrator with the same password of the domain administrator. Then access the AD Users and Computers-Connected to the domain controller. Moved the admin accounts up to the Users OU.
14)How to check the group policy settings and result
A:You can use gpresult.exe which displays the resulting set of policies that were forced on the client for the specified user at logon.1.
15)How to manage inherited permissions
A:By default, Everyone has Full Control for a NTFS folder and the permission is inherited from the root folder on the partition or volume. To block Permissions Inheritance, click to clear the Allow inheritable permissions from parent to propagate to this object check box.
16)How to change the password policy
A:For local computer, go to Local Computer Policy>Computer Configuration>Windows Settings>Security Settings>Account Policies>Password Policy. For domain controller, go to Default Domain Security Setting>Security Settings>Account Policies>Password Policy.
17)How to protect my computer without buying hardware or software firewall?
1. Enable ICF if you have XP or 2003.
2. Enable TCP/IP Security.
3. Enable IPSec Policies.
4. Enable RRAS Packet Filters.
18)Logon script doesn't work
A:Symptoms: the logon script doesn't run when some users logon.
Resolutions: 1. Everyone doesn't have read right to C:\%rootsystem%\system32\repl\script\import.
2. Also check the netlogon under My Computer Manage.
19)One user can't make share, see the shared sign
A:Symptoms: 1. Can't make share folders on your local computer;
2. Can't see shared sign on your local computer;
3. Net share gets "Access denied"
Cause: you don't have permission.
20)The security settings to managing XP Firewall
A:Go to Local Computer Policy\Computer Configurations\Admin Templates\Network\Network Connections\Internet Connection Firewall.
21)Not accessible. You may not have permission to use this network resource?
A:Symptom: Your WinXP, in a peer-to-peer mixed network, may receive the following error when you double-click My Network Places/Computers Near Me: is not accessible. You may not have permission to use this network resource.
Resolution: 1) Enable NetBIOS over TCP/IP on one or more computers in the workgroup. To do that, go to properties of Local Area Connection>properties of Internet Protocol (TCP/IP)>General> Advanced>WINS, check Enable NetBIOS over TCP/IP (If you have a DHCP-assigned IP address, select Use NetBIOS setting from the DHCP server ). 2) Make sure the Computer Browser service is started.
22)The password does not meet the password policy requirement
A:Symptoms: when attempting to create a new account with a password or change the password on 2003 server and the member of computers, you may receive this messages "Windows cannot complete the password change. The password does not meet the password policy requirement. Check the minimum password length, password complexity and password history requirement".
Cause: The default minimum password length is 7 and the password must meet complexity requirement on 2003 domain controller. By default, member of computers follow the password configuration of the their domain controller.
23)The Sharing tab is not visible
A:The sharing tab is not visible if you are logged on to a machine with an account that does not have adequate rights.
24)Understand Allow and Deny permissions
A: 1) Allow permissions are cumulative, so a user's permissions are determined by the cumulative effect of all of the groups to which the user belongs. 2) Deny permissions override Allow permissions. Use caution when you apply Deny permissions.
25)Why can't I have permission button while setup sharing on XP
A:The reason you can't see the permission is because the XP simple file sharing is enabled. To disable simple file sharing, go to windows explorer>tools>folder options>view, uncheck use simple file sharing. Just remember that, after disabling simple file sharing, some users may have
difficulty to access the sharing folders.
26)Why do I get \S-1-51-xxxxx as a user/group name
A:Symptoms: 1. When check the member of a group, it takes long time to open and you may see one or some members are listed as \S-1-51xxxx. 2. When checking the Security of a file or folder, you may see one or more user/groups are listed as \S-1-51-xxxx.
Causes: The workgroup or domain that the users, groups or members are belong to is offline
27)"... not accessible. Logon failure: account current disabled.
Symptom: When browsing a network drive in Windows Explorer, you may receive above error message.

Resolutions: this is cache credentials issue. To fix this problem and cache the credentials, use net use \\computername /user:username command.
28)"... not accessible. Access Denied "
SYMPTOMS: When you attempt to connect to a network share, you may receive the following error message: \\Servername\share is not accessible. Access Denied. If you are accessing a share in another domain, this message may appear even though you have verified that the trust is configured correctly. Also, the share may be visible in Network Neighborhood.
RESOLUTION: This issue may be resolved by verifying that both the share permissions and the NTFS partition permissions are correctly configured for individual user or group access.:

29)"...not available. The server is not configured for transactions"
Use "net share" command on the shared computer to check share status. If there is not a share named "IPC$" in the share list, use "net share ipc$" command to create it.
"A domain controller for your domain could not be contacted. You have been logged on using cached account information. Changes made to your profile since you last logged on may not be available"
Resolutions: 1. Check the DNS settings and make sure the client points to correct DNS.
2. Make the computer have correct TCP/IP settings and can ping the domain controller.
30)"Access is denied"
Symptoms: 1. When attempting to create a folder or copy a folder on a network drive, you may receive "Cannot create or replace xxxxx: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use".
2. When attempting to save a file on a network drive, you may receive "Cannot save or create xxxxx: Access is denied. Make sure the disk you want to save the file on is not full or write-protected or damaged".
Resolutions: go to the properties of the drive>Sharing, add the the user and give Change permission.
2. Make sure everyone has Change permission.
31)"Access Denied" Message When Opening from or Saving to a Network Folder
Symptom: When opening a network folder in Windows Explorer and then try to open a file from or save a file to that folder, the associated program may report a sharing violation, return an "access denied" message, or open the document as read-only. Typically, this problem occurs when you open a network folder and then double-click to open a Microsoft Word or Microsoft Excel file. The document opens as read-only.
Resolution: To fix this problem, go to Windows Explorer, open the network folder that contains the file that you are trying to open or save. On the Tools menu, click Folder Options. Click Use Windows classic folders, and then click OK.
32)"An extended error has occurred" or "Access Denied"
Symptoms: When mapping a network drive using net use or using the net view command to view a different computer in the domain, you may receive: "An extended error has occurred" or "Access Denied" error messages.
Resolutions: 1) This issue may occur if the workstation doesn't synchronize the time with the server. After verifying that basic network connectivity exists, you can force time synchronization on the client computer manually. To do this, run net time /domain /set command.
2) Make sure you have granted enough licenses for clients accessing.
33)" computername is not accessible. No permission to access the resources"
If both win2000/XP and win9x can see the workgroup but only win2000/XP can access a win 2000/XP computer, and win9x gets the above error, check the group name. If they are the same name,
Check these:
1) are you sure the logon user has permission to the shared folder?
2) have you tried to logon using the same user name and password of the accessed win2k/XP computer?
3) the last and risky one, if you enable guest account in the accessed win2000/XP computer, can you access now?
34)Logon unsuccessful: The user name you typed is the same as the user name you logged in with
Cause: it could be the name resolution issue, especially DNS issue.
Logon Message: You do not have access to logon to this session
Symptom: When attempting to logon using the Terminal Services client, you may receive the following error message: "Logon Message: You do not have access to logon to this session".
Resolution: By default, TS connection security setting allows only administrators to log on. To set custom TS connection permissions, go to Terminal Services Configuration>Connections folder. Right-click the connection (RDP-TCP)>Properties>Permissions, add the users or/and groups that needs access to this connection.
35)More Connections Can Be Made At This Time
Symptoms: When attempting access a shared folder on a remote computer, you may receive this message “No more connections can be made at this remote computer at this time because there are already as many connections as the computer can accept” or “This request is not accepted by the network. Try again later”.
Causes: 1) The share that is configured to allows a specific number of connections, and that number of connections has been reached.
2) The 10 user connection limit has been reached if the remote computer is w2k/XP.
3. If you have Per Server licensing, the license limit has been reached
36)"Multiple connections to the server or shared resource are not allowed"
Symptom: when attempting to join a domain, you may receive "Multiple connections to the server or shared resource are not allowed. Please disconnect all previous connections to the server or shared resource and try again."
Resolution: try using net use /d from a command to clear all your mapped connections before joining the domain. You can also disconnect the mapped drive in Windows Explorer by right-click the mapped drive and select disconnection.
37)"Network path not found" in a domain network 1
SYMPTOMS: When trying to join a W2K/XP to a Windows 2000 domain by using he NetBIOS domain name, you are successful but not the FQDN and you may receive one of the following error messages:1) The following error occurred attempting to join domain "example.com": The network location cannot be reached. For information about network troubleshooting, see Windows Help. 2) Network path not found.
RESOLUTION: This issue may occur if the TCP/IP NetBIOS Helper Service is not running on the client computer. To start the TCP/IP NetBIOS Helper Service, go to MMS>Services, double-click TCP/IP NetBIOS Helper Service.
38)"Network path not found" in a domain network 2
Symptom: some w2k/xp can't join the domain randomly. The DNS server is multihomed server..
Resolution: You can find some computer browser errors on the DNS server. Disable one of two NICs will work. More resolutions can be found in browser Issue page.
39)"Network path not found" in a workgroup network - error 53
RESOLUTIONS:
1) Make sure that File and Printer Sharing is enabled on on the shared computer.
2) Make sure that shared machine has something shared.
3) Make sure that you have created the same workgroup and logon the same username if you try to access w2k/xp network.
4) Make sure that you have enabled NetBIOS over TCP/IP if this is a mixed OS network.
40)"Not accessible. You may not have permission to use this network resource"
Symptom: Your WinXP, in a peer-to-peer network, may receive the following error when you double-click My Network Places/Computers Near Me: is not accessible. You may not have permission to use this network resource. Resolution: 1) Enable NetBIOS over TCP/IP on one or more computers in the workgroup. To do that, go to properties of Local Area Connection>properties of Internet Protocol (TCP/IP)>General> Advanced>WINS, check Enable NetBIOS over TCP/IP (If you have a DHCP-assigned IP address, select Use NetBIOS setting from the DHCP server ). 2) Make sure the Computer Browser service is started.
41)"Not enough server storage is available to process this command." error.
SYMPTOMS: When accessing shares on a server from a client, you may receive "Not enough server storage is available to process this command." error. You may receive this message and Event ID: 2011 after you install Norton Antivirus for Windows.
Resolution:
1) The registry value IRPstackSize may be not explicitly present. To increase the value of the parameter, go to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ LanmanServer\Parameters. If the key is not present, choose Add Value in the Registry Editor. The Value Name should be IRPStackSize and the Data Type is REG_DWORD.
2) Remove any unnecessary entries from this value in the registry, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionPipes.
3) If the machine has a non-zero PagedPoolSize in the Registry, you need to re-set it by going to HKEY_LOCALMACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management and double-click on PagedPoolSize and set to 0.
4) Disable Norton antivirus to see if that will fix the problem.
42)"Not Enough Storage to Complete Operation"
SYMPTOMS: When you try to open the Printers folder, you may receive the following error message "There is not enough storage to complete this operation". This is because the size of the registry has exceeded the maximum size set in the virtual memory settings.
RESOLUTION: Increase the maximum registry size. To do that, go to Start>Control Panel>System>Performance> Change (In Windows 2000, click the Advanced tab, click Performance Options, and then Change). Type a larger value in the Maximum Registry Size box.


43)"No logon server available"
Symptoms: you can ping the server by ip and name but can't map the shared drive by using net use \\ip or \\servername. If you try, you may receive the "No logon server available".
Resolutions: This sounds like cache credential issue. 1) make sure the computers in the same network, the same workgroup/domain and have created the same username. 2) use net to cache the credential. 3) The user profiles may been damaged.


44)"No domain server was available to validate your password"
Symptoms: when trying to logon a domain from win9x, you may receive a message "The following error occurred while loading protocol number 0. Error 38: The computer name you specified is already in use..." and then "No domain server was available to validate your password".
Resolution: 1) make no two host name in the network. 2) check WINS and make sure no one host uses two IPs. If it does, delete all of them and reboot the computer.
45)"No domain server was available..." while the dialup connection is active
Symptom: you have windows 2000 domain controller with DNS, DHCP, WINS and Dialup connection. Whenever the dialup connection is active, none client can't logon and gets a message "No domain server was available to to validate your password. You may not be able to gain access to some network resources"
Resolution: Make sure you don't have "Register this connection's addresses in DNS" checked under TCP/IP Advanced DNS settings. To check this, go to the Properties of the connection> the Properties of the TCP/IP>Advanced>DNS, uncheck "Register this connection's addresses in DNS"
46)Resource: \\computername\IPC$ - An extended error has occurred
Symptoms: When you attempt to connect to w2k/xp computer over the network, you may receive one of the following error messages: "You must supply a password to make this connection: Resource: \\computername\IPC$" -or- "computername An extended error has occurred"
Resolutions: 1. make sure netlogon service is running.
2. Make sure you have created logon ID and password for remote computer logon.
3. Or enable guest account.
47)Remote Procedure call terminated unexpectedly - ...NT authority must shut down your computer in 30 seconds."
Symptoms: 1. Your computer reboots every few minutes without user input.
2. The computer become unresponsive.
3. You may receive "Remote Procedure Call terminated unexpectedly" and ...NT authority must shut down your computer in 30 seconds."
4. There is msblasr.exe running on Task Manager
Cause: "W32.Blaster.Worm" or "MSBlast."
48)RPC Server is Unavailable
Symptoms: When running Replication, Winlogon, Terminal Server, User authentication, enabling trusted relationships, Connecting to domain controllers and trusted domains, you may receive the above error.
Causes: 1. The RPC service may not be started.
2. You are unable to resolve a DNS or NetBIOS name.
3. An RPC channel cannot be established.
49)"Spooler Subsystem Application Needs to Close" - "Operation Could Not Be Completed" Error Messages
Causes: 1. Bad printer driver. 2. New MS update conflicts with the printer driver. 3. ICF conflicts with the printer driver.
50)The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect.
Causes: 1. incorrect password.
2. This behavior may occur if the password for the computer account and the local security authority (LSA) secret are not synchronized.
3. Computer names conflict.
51)This account is the same as the one logged on to the system and that this account was tried before to logon
There is no domain controller available to validate this account.
52)There are currently no logon servers available to service the logon request.
Event ID 5719
Symptoms: 1. In client, you may receive Event ID 5719: "No Windows NT or Windows 2000 Domain Controller is available for domain Domain. The following error occurred: There are currently no logon servers available to service the logon request."
2. In DC, you may receive Event ID 5719: "No Windows NT or Windows 2000 Domain Controller is available for domain chicagotech.net. The following error occurred: There are currently no logon servers available to service the logon request.
3. You logon domain user in a domain network, the mapping logon script displays this message: "There is no domain controller available to validate this account."
4. You use a office laptop to connect the office VPN, when you map a network drive using this command line: net use \\chicagotech\shared /u:chicagotech.net/blin, you may receive this message: "This account is the same as the one logged on to the system and that this account was tried before to logon. There is no domain controller available to validate this account"
Causes: 1.The DC is down.
2. Can't access the DC.
3. The DNS issue.
4. Run out of buffer space in the NetBT datagram buffer.
53)'TCP/IP transport not installed
Causes: 1. TCP/IP is not enabled.
2. Installed too many TCP/IP protocols.
3. Old NIC driver.
4. Winsock issue.

54)"The computer account already exists"
Symptoms: When joining w2k/xp into a domain, you may receive "The computer account already exists". You may be able to ping the computer account, for example ABC, but ping -a ip address (the same ip of ABC) shows different computer name like XYZ.
Resolution: Go to the DNS ad WINS to find and delete the ABC account and wait for while to re-join the domain.
55)The network folder specified is currently mapped using a different user name and password
Symptom: If you use the Map Network Drive Wizard to connect to a network share by using different user credentials and you use the browse functionality to locate the network share, you may receive the following error message: The network folder specified is currently mapped using a different user name and password. To connect using a different user name and password, first disconnect any existing mappings to this network share.
Resolutions: 1. Disconnect the existing mapped drive. 2. Apply latest SP.
56)"The password is incorrect. Try again"
Symptom: While trying to access a win2000/XP computer and type administrator password on Enter Network Password screen in the same peer-to-peer workgroup, you may get Error: The password is incorrect. Try again.
Resolution:
1) You need to setup every user that needs access to the shared folder on every computer they have to connect to. Then give the proper user proper permission to the shared folder.
2) logon the same user and password.
3) as always, you can try to enable a guest account on the accessed machine.
57)"There are no entries on the list"
Symptom: when using net view \\remotecomputer command, you may receive "There are no entries on the list". And you may have a problem to access the remote computer.
Resolution: 1) If there are no file or print shares on the computer, the net view command displays a "There are no entries in the list" message. So, make sure there are file or print shares on the computer. Or to use net share command to check sharing status.
2) Make sure no firewall running because the firewall may block sharing.
3) Make sure client for ms network is enabled.
58)"There is not enough memory available to print your"
If you receive all following message, you may have firewall running on the LAN connection and you should disable it.
59)"computer is not accessible...",
"There was an error writing to \\XP computer for printer..." and "There is not enough memory available to print your document. Quit one or more programs and try again. ..."
Transmit failed, error code 65 or 10050
Symptom: When attempting to verify network connectivity with a remote computer by using the Ping.exe command, you may receive a command-line error message similar to the following: Ping: transmit failed, error code 65 or 10050.
Resolutions: This behavior can occur if the following conditions are true: 1) ICS is enabled; 2) a firewall software is running on the computer; 3) The ZoneLabs program is not correctly configured for ICS. To fix the problem: 1) re-configure ZoneAlarm for ICS. 2) Remove the Zone Labs firewall software from the computer.
60)"Unable to access Computers Near Me" or "Workgroup is not accessible" errors
Symptom: When several Win2000/XP computers are configured as members of a workgroup in a peer-to-peer network environment and you click on Computers Near Me in My Network Places or workgroup name Entire Network, the following error message may appear: "Cannot Access 'Computers Near Me' " or "Workgroup is not accessible" errors.
Resolution: 1) NetBIOS over TCP/IP. To do that, go to the properties of TCP/IP>Advanced>WINS. If you are using a static Internet Protocol (IP) address, click Enable NetBIOS over TCP/IP. If you have a DHCP-assigned IP address, click Use NetBIOS setting from the DHCP server.
2) No Master Browser or too many browsers may cause this issue. Check Browser issue.
61)"Unable to Browse Network"
Symptom: When you attempt to browse your network by opening Entire Network in My Network Places/Network Neighborhood, you may receive the following error message: 62)"Unable to Browse Network."
Check Lists: 1) have you loaded the NIC or is it working?
2) have you loaded common protocol, TCP/IP?
3) does the Computer browser work?
4) have you enable file and printer sharing in the accessed computer?
5) is the workstation service running?
63)"You may not have permission to use this network resource"
Refer to ... is not accessible and "Resource: \\\ipc$"
"You must provide a password to make this connection." and "Resource: \\\ipc$"
Whenever you receive "Enter network password. You must provide a password to make this connection." and "Resource: \\\ipc$", it is permission and workgroup issues.
This behavior can occur for any of the following reasons: 1) The Windows 9x computer is not a client of a domain environment but the Log On To Windows Domain option is enabled. 2) The user name and password you are using to log in to the Windows 9x are not contained in the local user accounts database of the Windows NT/2000/XP computer you are attempting to browse. 3) The Windows 9x host is configured with user-level authentication to a domain.
Resolutions: To resolve this issue, use the appropriate method:
1) Disable the Log On To Windows Domain Option.
2) Log on to the Windows 9x with the local user accounts database of the Windows NT/2000/XP computer you are attempting to browse.
3) Disable User-level Authentication on the Windows 9x.
Windows needs your current credentials to ensure network connectivity
"Windows needs your current credentials to ensure network connectivity. Please lock this computer,
then unlock it using your most recent password or smart card. To lock your computer, press CTRL+ALT+DELETE,
and then press Enter."

Cause: you are logging on mutiple computer using the same logon ID and password while changing th
Network Errors
64)The network request is not supported.
Symptoms: 1. When you type NET ACCOUNTS /SYNC at the command prompt, you may receive either of the following error messages: System error 50 has occurred.
The network request is not supported.
2. After you upgrade your computer to Windows 2000 Service Pack 4 (SP4), you may experience all the following symptoms: Event ID: 20071 - The network request is not supported.
3. When you run a software and the data is located in the remote server.
Resolutions: 1.Make sure the Netlogon service is running correctly on the PDC.
2. If you just upgraded a Windows 2000 SP3 based server to SP4, you may need to reboot it.
3. Make sure you can access the remote resources.
4. Contact the third-party SMB server manufacturer if you have a third-party SMB server, such as DEC Pathworks, Samba or Linux.
65)How to use the net view command to view a list of computer or network resources
The net view command is ever useful network troubleshooting utility. You can use it to displays a list of domains, computers, or shared resources available on a specific computer.
66)To list all shared resources on a domain or workgroup, at the command prompt
type net view.
67)To display the shared resources on a computer,
do net view \\ComputerName where Computer Name is the name of a specific computer whose resources you want to view.
68)When using net view, you may see different messages. The following are some of them and resolutions.
Symptom: net view ip successful but not net view \\computername.
Resolutions: 1) name resolution. 2) cache credential - net use \\computername /user: username. 3) make sure the remote computer is in the same workgroup or domain.
Symptom: If you can net use \\ip but not net use \\computername.
Resolutions: you may just need to cache the credential pointing to the computer name by using net net use \\computername /user: username command.
Symptom: There are no entries in the list.
Resolution: this is because no shared drive or folder. Go to a folder you want to share, right-click>sharing and select sharing.
69)System error 5: access is denied.
Resolutions:1) check permission or 2) need to cache credential: logon the same username and password on both computers or use net net use \\computername /user:username command.
70)System error 51 has occurred.
Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If windows still cannot find the network path, contact your network administrator.
Resolution: enable file and printer sharing.
71)Can't net view computer name - error 52
Symptoms: you can ping a host but not net view it. When using net view \\hostname, you get system error 52 - a duplicate name exists on the network.
Resolutions: there are two host names or alias name (cname) are pointed to the same IP. 1) check the WINS records. 2) check DNS records.

72)Can't ping or net view computer name - error 53
Symptom: if you can ping IP but not computer name, or if you can net view \\IP but not \\computername (error 53). You have name resolution problem.
Resolutions: 1) if it is domain environment, check your WINS. 2) if it is peer-to-peer workgroup, enable NetBIOS over TCP/IP. 3) or add NetBEUI on all your workstations.
Troubleshooting Ping
73)Can't ping another computer because of the ICF
Sometimes, XP's built-in Firewall may enable after running network setup wizard on LAN connections. You can't ping or access the XP computer. To disable the XP firewall on the connection, go to the properties of the Connections, select Advanced, and deselect the firewall.
74)Can't ping outside IP or name
If you can't ping outside IP, make sure you have correct gateway. If you can't ping outside computer name or web name, check the DNS settings.
75)Can't use ping
If you cannot use ping successfully at any point, confirm that:
1)The computer was restarted after TCP/IP was configured.
2) The IP address of the local computer is valid and appears correctly on ipconfig /all.
3) IP routing is enabled and the link between routers is operational.
4) For the security reasons, many organizations block the return of ICMP (ping) packets so that ping or tracert may not be possible to obtain a response.
76)Error code 65, 10043 and 10050, transmit failed
Symptoms: When using ping command, you may receive either of the following: "Transmit failed, error code 65" or "Transmit failed, error code 10050"
Resolutions: make sure your firewall, NAT or router doesn't disable ping and to allow ICMP Echo and Echo Reply packets.
77)Hardware Error
Symptom: when you try to ping an IP, you may receive "hardware error" reply.
Causes: 1. Bad NIC.
2. The cable doesn't plug in.
78)Host is unreachable
Q: When I ping the server using one of the clients it says the host is unreachable. Why?
A: 1) Make sure all machines are on the same local subnet and no routers in between.
2) Check the lmhosts file to make sure that you do not have an outdated file.
79)Ping lists a public IP instead of private IP
Symptom: when you ping a LAN computer like ping chicagotechpc1, you may receive a public ip 64.176.153.103 instead of the computer private IP 192.168.1.100.
Cause: Incorrect DNS settings. For consultants, refer to case 060104RL
80)Receiving a reply from a different IP
Symptoms: when you ping a public IP, you may receive reply from a different IP, for example,
ping 4.2.2.1
Pinging 4.2.2.1 with 32 bytes of data:
Reply from 209.165.105.129: Destination net unreachable.
Causes: If you have incorrect IPSec settings, you may have above mentioned symptom.
81)Cannot view event log after changing administrator password
A:Symptoms: After you changed the administrator password on a 2003 server, you are unable to access some server information like the event logs.
Cause: When using Reset Password on Local Users and Groups, that may cause irreversible loss of information. You should use Ctrl+Alt+Del instead of Reset Password to change administrator password.
82) How do cryptography-based keys ensure the validity of data transferred across the network?
Ans:Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends, the data was modified or corrupted.
83) Should we deploy IPSEC-based security or certificate-based security?
Ans:They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of the packets. Certificate-based security ensures the validity of authenticated clients and servers.
84) What is LMHOSTS file?
Ans: It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.
85) What authentication options do Windows 2000 Servers have for remote clients?
Ans: PAP, SPAP, CHAP, MS-CHAP and EAP.
86)AD communication, including replication, fails on multihomed domain controllers
A:Cause: network adapters on the multihued domain controllers are registering both the inside and outside Internet Protocol (IP) addresses with the DNS server. Replication operations require multiple lookup requests of SRV records. In this case, half of the DNS lookup requests return an IP address that cannot be contacted, and the replication operation fails.
87) Tracert
A:Tracert.exe is a route-tracing utility that you can use to determine the network path to a destination. To determine the path that a packet takes on the network and where that path may be ending.
88)NBTSTAT
A:Nbtstat.exe is a useful tool for troubleshooting NetBIOS name resolution problems. You can use the nbtstat.exe command to remove or correct preloaded entries.
Viewing configuration by using ipconfig /all or winipcfgl
Refreshing configuration by using ipconfig /renew
Managing DNS and DHCP class IDs by using ipconfig
Testing connections by using ping
Troubleshooting hardware addresses by using arp
Troubleshooting NetBIOS names by using nbtstat
Displaying connection statistics by using netstat
Tracing network connections by using tracert
Testing routers by using pathping
Viewing configuration by using ipconfig /all or winipcfg


89)Name 3 differences between Windows 2000 Standard and Windows 2000 Advanced
90))In reference to Windows 2000 DNS, what are resource records -better known as SRV records?
91))What is the current service pack for Windows 2000?
92))Where would I go in Windows 2000 to find out more information in reference to a
service not starting?
Active Directory Services:-
93) If I have 2 servers one at Mumbai & one at U.K on which server u
will place the Global Catlog?
94) Can win Nt & win 2K work in mixed
mode?
95) which dialer you are using in your company?
96) why we get disturbance in IPLC?
97). Broadcast is in which range of IP range?
98) how many IP u can give on 1 LAN card?
99) whats the difference between Router & switch?
100) Can i give the IP starting from 163. in my LAN? If yes then Why? If noThen Why?
101)What is “REGEDIT” ?
102)Port Numbers for the following:-
1)HTTP-80
2)DNS -53
3)POP3-110
4)SMTP-25
5)TCP/IP-6
6)FTP-21
7)DHCP
103) What does PING stand for? What are the error messages in PING command? What does TTL stand for? On which layer does PING work? Which is the protocol that PING uses?
A:A utility to determine whether a specific IP address is accessible. It works by sending a packet to the specified address and waiting for a reply. PING is used primarily to troubleshoot Internet connections. There are many freeware and shareware Ping utilities available for personal computers.
It is often believed that "Ping" is an abbreviation for Packet Internet Groper, but Ping's author has stated that the names come from the sound that sonar makes.
Time to Live- length of time to get the packet returned.
104)What is data link layer in the OSI reference model responsible for? Data link layer is located above the physical layer, but below the network layer. Taking raw data bits and packaging them into frames. The network layer will be responsible for addressing the frames, The physical layer is responsible for retrieving and sending raw data bits.

105) What is a level 0 backup?
106) What is an incremental backup?
107) What steps are required to perform a bare-metal recovery?
108)Name key files or directories on a Windows system that should always be backed up