Windows 2000 Server System Administration Handbook P1

Chia sẻ: Tuyen Thon | Ngày: | Loại File: PDF | Số trang:30

0
54
lượt xem
6
download

Windows 2000 Server System Administration Handbook P1

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'windows 2000 server system administration handbook p1', công nghệ thông tin, hệ điều hành phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Windows 2000 Server System Administration Handbook P1

  1. WINDOWS 2000 SERVER SYSTEM ADMINISTRATION HANDBOOK FREE Monthly “ An insightful and detailed overview Technology Updates of the tools and tasks that the Windows 2000 administrator faces. Great as an introduction and as a One-year Vendor resource for any IT library.” Product Upgrade —Lloyd Fray, Protection Plan Information Technology Manager Mutual Risk Management FREE Membership to Access.Globalknowledge Paul Shields, MCSE Ralph Crump, MCSE, CCNA, Master CNE Martin Weiss, MCSE, MCP+I, CNA Technical Edit By: Sean Wallbridge, MCSE, MCSD, MCT, MCDBA, MCP+I
  2. solutions@syngress.com With over 1,000,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we have come to know many of you personally. By listening, we've learned what you like and dislike about typical computer books. The most requested item has been for a web-based service that keeps you current on the topic of the book and related technologies. In response, we have created solutions@syngress.com, a service that includes the following features: s A one-year warranty against content obsolescence that occurs as the result of vendor product upgrades. We will provide regular web updates for affected chapters. s Monthly mailings that respond to customer FAQs and provide detailed explanations of the most difficult topics, written by content experts exclusively for solutions@syngress.com. s Regularly updated links to sites that our editors have determined offer valuable additional information on key topics. s Access to “Ask the Author”™ customer query forms that allow readers to post questions to be addressed by our authors and editors. Once you've purchased this book, browse to www.syngress.com/solutions. To register, you will need to have the book handy to verify your purchase. Thank you for giving us the opportunity to serve you.
  3. WINDOWS 2000 SERVER SYSTEM ADMINISTRATION HANDBOOK
  4. Syngress Media, Inc., the author(s), and any person or firm involved in the writing, editing, or production (col- lectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other inci- dental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable case, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media® and Syngress® are registered trademarks of Syngress Media, Inc. “Career Advancement Through Skill Enhancement™” is a trademark of Syngress Media, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 F5H9L432M8 002 K93NCM5982 003 8AMC812KGF 004 28NNA9KJ2N 005 7VBAZZLNMA 006 PJMAL4N87G 007 9H11MDGS9H 008 UBAL848N61 009 Y78P98JL21 PUBLISHED BY Syngress Media, Inc. 800 Hingham Street Rockland, MA 02370 Windows 2000 Server System Administration Handbook Copyright © 2000 by Syngress Media, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN: 1-928994-09-1 Copy edit by: Adaya Henis Proofreading by: Adrienne Rebello Technical edit by: Sean Wallbridge Page Layout and Art by: Emily Eagar and Index by: Bob Saigh Vesna Williams Project Editor: Eva Banaszek
  5. Acknowledgments We would like to acknowledge the following people for their kindness and support in making this book possible. Richard Kristof, Duncan Anderson, Jennifer Gould, Robert Woodruff, Kevin Murray, Dale Leatherwood, Shelly Everett, and Robert Sanregret of Global Knowledge, for their generous access to the IT industry’s best courses, instructors and training facilities. Ralph Troupe and the team at Rt. 1 Solutions for their invaluable insight into the challenges of designing, deploying and supporting world-class enterprise networks. Karen Cross, Kim Wylie, Harry Kirchner, John Hays, Bill Richter, Michael Ruggiero, Kevin Votel, Brittin Clark, Sarah Schaffer, Luke Kreinberg, Ellen Lafferty and Sarah MacLachlan of Publishers Group West for sharing their incredible marketing experience and expertise. Peter Hoenigsberg, Mary Ging, Caroline Hird, Simon Beale, Julia Oldknow, Kelly Burrows, Jonathan Bunkell, Catherine Anderson, Peet Kruger, Pia Rasmussen, Denelise L'Ecluse, Rosanna Ramacciotti, Marek Lewinson, Marc Appels, Paul Chrystal, Femi Otesanya, and Tracey Alcock of Harcourt International for making certain that our vision remains worldwide in scope. Special thanks to the professionals at Osborne with whom we are proud to publish the best-selling Global Knowledge Certification Press series. And finally, to Thomas Edward O’Brien, for waiting. v
  6. From Global Knowledge At Global Knowledge we strive to support the multiplicity of learning styles required by our students to achieve success as technical professionals. As the world's largest IT training company, Global Knowledge is uniquely positioned to offer these books. The expertise gained each year from pro- viding instructor-led training to hundreds of thousands of students world- wide has been captured in book form to enhance your learning experience. We hope that the quality of these books demonstrates our commitment to your lifelong learning success. Whether you choose to learn through the written word, computer based training, Web delivery, or instructor-led training, Global Knowledge is committed to providing you with the very best in each of these categories. For those of you who know Global Knowledge, or those of you who have just found us for the first time, our goal is to be your lifelong competency partner. Thank your for the opportunity to serve you. We look forward to serving your needs again in the future. Warmest regards, Duncan Anderson President and Chief Executive Officer, Global Knowledge vi
  7. Contributors Sean Wallbridge (MCSE+i, MCSD, MCT, MCDBA, MSS, MCP+i, MCP+sb, Compaq ASE, Novell CNA and Vinca VCE) is a Senior Consultant/Trainer for NexGen Technologies based in Hamilton, Bermuda. As a consultant, Sean provides turnkey networking solutions and takes great pride in creat- ing satisfied customers. Sean has co-authored seven other books and tech- nical publications. When not on the beach or in front of a computer, Sean spends his time with his wife Wendy, Murphy- the-Bassett-Hound, and their two cats. Martin Weiss (MCSE, MCP+I, CNA, CIBS, A+, Network+) is a Senior Information Management Specialist with ACS Government Solutions Group, a provider of broad-based information technology solutions for client organizations. Marty lives in New England with his wife Gin and son Kobe. You can contact Martin via e-mail at castadream@hotmail.com. Ralph Crump (MCSE, CCNA, and a CNE 3.x, 4.x, and 5.x, with a Master CNE in Integrating Windows NT) manages a team responsible for a large scale Windows NT and Novell NetWare infrastructure for a major telecom- munications company in Atlanta, Georgia. He specializes in Windows NT and BackOffice applications as well as Novell Netware solutions. He is cur- rently working in cooperation with Microsoft on Windows 2000 Rapid Deployment projects. Cameron Brandon (MCSE, CNE, CNA, MCSE+Internet, A+, Network+) is a Network Engineer/Administrator in Portland, Oregon. He specializes in Windows NT with BackOffice Integration and helped work on Intel Corporation's large-scale migration at its Oregon facility to Windows NT. He completed his MCSE, CNE, CNA, MCPS:Internet Systems, and A+ certi- fications in five months’ time, proving once again that you can achieve those things to which you set your mind. vii
  8. Adam Quiggle (Master CNE, MCSE, CCNA) is a senior level network engi- neer for Metamor Worldwide. In his most recent role, he served as remote access project leader for one of North Carolina's largest state government agencies, utilizing Windows NT Terminal Server, Metaframe and Cisco Access Servers. He is president of the Research Triangle Park chapter of the Cisco Professional Association Worldwide. Holly Simard (MCSE, MCP+I) is a networking specialist in Victoria, BC. Along with providing turnkey solutions for her clients, Holly also delivers online instruction in her spare time. Holly lives with her husband Hervey, who works as a multimedia developer, their springer spaniel Hubert, and their cat Daisy. Paul Shields (Certified MCSE) currently works as a network engineer for a major telecommunications company. He has been working with, support- ing, and writing about Windows NT for the last five years. His current proj- ects revolve around the design and implementation of enterprise-class servers in a mixed platform environment. He is also working on the roll- out of Windows 2000 to the corporate desktop. Paul can be contacted at pshields@airmail.net. Erik Sojka is a system administrator and trainer currently working for a major software company. He is an MCSE and has a BS in Information Science and Technology from Drexel University. Eriq Oliver Neale is a technology strategist with Nortel Networks, research- ing new technology solutions for inclusion in the designer workplace. He has worked in the computer support industry for eleven years and in that time has contributed to several computing technology publications. When not writing, he and his wife try to keep up with seven cats, two dogs, and a plethora of tropical fish. Jay Tomlin works as a server-based computing software specialist for Citrix Systems, Inc. in Fort Lauderdale. His primary duty is training the Citrix Technical Support organization worldwide. Prior to joining Citrix, Jay stud- ied Mathematics and Music Theory in college and graduate school. He can be reached at jtomlin@adelphia.net. viii
  9. Contents CHAPTER 1 The Windows 2000 System Administration Migration Path 1 Brief Overview of Windows 2000 Server 2 Windows 2000 System Administration Overview 5 Increased Reliability, Availability, and Scalability 6 Core Operating System Services 6 Fault Tolerance 7 Disaster and System Recovery 8 Reliable Storage 9 Avoiding Crashes and Reboots 10 High-Availability Solutions 11 Improved Scalability 12 Easier Management and Lower Costs 13 Integrated Directory Services 13 Comprehensive Management Solutions 14 Comprehensive File, Print, and Web Services 15 Comprehensive Internet and Application Server 17 Application Services 17 Communications and Networking Services 19 Why the Change? 20 Migrating to Windows 2000 Server 23 Getting Ready 24 Streamlining 25 Planning 26 Architecture 27 Costs 28 Plan of Action 29 ix
  10. x Contents Timeline 30 Testing 31 Deployment 31 Setting Up Windows 2000 Server 32 Installing Windows 2000 Server 32 Upgrading to Windows 2000 Server 35 Summary 37 FAQs 40 CHAPTER 2 Overview of Windows 2000 Administration 43 Introduction to Network Administration 44 Designing and Setting Up the Network 45 Managing the Network 46 Protecting the Network 46 Documenting the Network 48 Microsoft Management Console 51 Introduction to Active Directory 56 Key Concepts 56 Directory Service 57 Domains 57 Namespace 60 Global Catalog 61 Organizational Units 62 Groups 62 Name 64 Features and Benefits of Active Directory 65 Simplified Management 66 Added Security 67 Scalability 70 Replication of Information 70 Extended Interoperability 71 Integration with DNS 72 Beyond Active Directory 72 Volume Management 72 Disk Quotas 73 Defragmentation 74 Backup and Recovery 75 Hierarchical Storage Management 76
  11. Contents xi File Service Management 76 Distributed File System 77 Using Windows 2000 Help 79 Summary 81 FAQs 83 CHAPTER 3 Setting Up User Accounts 87 Defining an Acceptable Use Policy 88 Template: Acceptable Use/Security Policy 90 Purpose 90 Interpretation 90 Definitions 90 Responsibility 91 Introduction to User Accounts 95 Requirements for New User Accounts 96 Default User Account Settings 97 Creating a Domain User Account 99 Active Directory Users and Computers 99 Creating User Accounts 100 Setting Password Requirements 103 Security Templates 103 Loading Security Snap-ins into the MMC 104 Loading the Security Templates 105 Changing Account (Password) Policies 106 Setting Properties for User Accounts 110 Modifying User Accounts 110 General 111 Address 112 Account 113 Profile 115 Telephones/Notes 116 Organization 118 Dial-in 119 Managing User Accounts 121 Deleting User Accounts 122 Changing User Passwords 122 Enabling an Account 123 Disabling an Account 123
  12. xii Contents Other Active Directory Users and Computers Functions 123 Moving User Accounts 125 Mapping a Certificate to a User 125 Best Practices 128 Using Active Directory Users and Computers 129 Advanced Features 129 Filters 129 Administrative Logon 130 Account (Password) Policies 132 Summary 132 FAQs 133 CHAPTER 4 Using Groups to Organize User Accounts 135 Introduction to Groups 136 Group Type 139 Security Groups 139 Distribution Lists 139 Group Scope 140 Domain Local 140 Global 140 Universal 140 Implementing Group Strategies 142 Why Use Groups? 142 Structuring Groups 143 Implementing Groups 144 Preparing to Create Groups 144 Information Needed to Create a Group 144 Creating a Group 145 Assigning Users to a Group 147 Adding Users through the Group Setting 147 Adding User through the User Settings 149 Configuring Group Settings 151 General 152 Members 153 Member Of 153 Managed By 154 Object 154
  13. Contents xiii Security 156 Managing Groups 157 Changing a Group’s Scope 157 Finding a Group 158 Deleting a Group 159 Implementing Local Groups 160 Preparing to Create Local Groups 160 Creating a Local Group 161 Implementing Built-in Groups 162 Built-in Domain Local Groups 162 Built-in Global Groups 163 Built-in Local Groups 163 Built-in System Groups 164 Built-in Group Behavior 164 Best Practices 168 Managing Groups 169 Using Universal Groups 169 Switching Modes 170 Summary 172 FAQs 172 CHAPTER 5 Administering File Resources 175 Introduction 176 Using Microsoft Windows NT File System (NTFS) Permissions 176 NTFS Folder Permissions 176 NTFS File Permissions 177 How Windows 2000 Applies NTFS Permissions 178 Access Control Lists 178 Combining NTFS Permissions 179 Permissions Are Cumulative 179 File Permissions Override Folder Permissions 179 Deny Overrides All Other Permissions 180 Permission Inheritance 180 Assigning NTFS Permissions 181 Planning NTFS Permissions 181 Managing NTFS Permissions 182 Special Access Permissions 185
  14. xiv Contents Take Ownership 185 Change Permissions 187 Other Special Permissions 187 Using Special Access Permissions 188 Setting the Special Access Permissions 188 Taking Ownership of Files and Folders 190 Changing NTFS Permissions 191 Copying and Moving Files and Folders 192 Copying Files 192 Moving Files 193 Sharing Resources 196 Securing Network Resources 196 Shared Folder Permissions 197 Creating Shared Folders 198 Developing a Shared Folder Strategy 198 Shared Applications 199 Shared Data 200 Sharing Folders 200 Administrative Shares 201 Creating a Shared Folder 202 Assigning Permissions to a Shared Folder 204 Managing Shared Folders 206 Connecting to a Shared Folder 208 NTFS Permissions and Shared Folders 211 Troubleshooting Access Problems 213 Solving Permission Problems 213 Typical Permission-Related Access Problems 213 Solving Permission-Related Access Problems 214 Best Practices 214 Avoiding Permission-Related Access Problems 215 Guidelines for Managing Shared Folder Permissions 216 Summary 217 FAQs 218 CHAPTER 6 Administering User Accounts 221 Managing User Profiles 222 User Profiles Overview 222 Types of User Profiles 223
  15. Contents xv Contents of a User Profile 223 All Users 224 Settings Saved in a User Profile 225 Local User Profiles 226 Roaming User Profiles 227 Creating Individualized Roaming User Profiles 228 Mandatory Profiles 229 Setting Up a Roaming User Profile 230 Assigning Customized Roaming Profiles 231 Creating Home Folders 235 Home Directories and My Documents 235 Creating Home Directories 236 Introduction to Group Policies 239 Applying Group Policy 240 Order of Application 240 Filtering Policy Based on Security Group Membership 241 Blocking Policy Inheritance 241 Enforcing Policy from Above 241 Best Practices 242 Allowing for Different Hardware Configurations 242 Combining the Power of Profiles and Policies 242 Tightening Security on Home Directories 243 Summary 244 FAQs 244 CHAPTER 7 Administering Printer Resources 247 Introduction to Administering Printers 248 Terminology 248 Planning the Print Environment 248 Dedicated vs. Non-dedicated Print Servers 249 Local, Remote, and Network Printers 250 Creating the Print Environment 250 Installing a Local Printer 250 Installing a Network Printer 254 Installing a Printer from Another Server 256 Other Types of Network Printers 257 Loading Printer Drivers 259
  16. xvi Contents Printer Properties 261 General 261 Sharing 262 Ports 262 Advanced 263 Security 263 Device Settings 265 Managing Printer Permissions 265 Security/Sharing Permissions 266 Printer Ownership 268 Managing Printers 269 Assigning Forms to Paper Trays 269 Assigning Separator Pages 270 Creating a Printer Pool 272 Specifying Printer Priorities 273 Redirecting a Printer 274 Removing Printer Drivers 275 Managing Documents in a Print Queue 276 Setting Priority, Notification, Printing Time 277 Administering Printers by Using a Web Browser 278 Best Practices 281 Organize Printers by Business Function or Geographic Location 281 Put Print Devices on a Separate Network 282 Allow Clients Access to Web Printing Interfaces 282 Restart Print Spool Service Periodically 283 FAQs 283 CHAPTER 8 Managing Storage Data 285 Managing Data Compression 286 Compressing Files and Folders 286 Determining Compression Status 289 Disk Space Requirements 291 Compression State 292 Compression Rules 292 Copying and Moving Compressed Files and Folders 292
  17. Contents xvii Managing Disk Quotas 297 Encrypting Data 305 File Encryption 308 Decryption of Files 308 Storing Encrypted Files on Remote Servers 308 Accessing Encrypted Data 309 Moving and Renaming Encrypted Data 309 Decrypting Data 309 The Recovery Agent 310 Using Disk Defragmenter 311 Analyzing a Drive 314 Viewing Reports 315 Defragmenting NTFS File System Partitions 316 Troubleshooting Data Storage 317 Best Practices 318 FAQs 319 CHAPTER 9 Monitoring Event Logs 321 Introduction to Monitoring Event Logs 322 Viewing Event Logs 325 Monitoring Security Events 336 Auditing Files and Folders 342 Auditing Registry Entries 347 Analyzing Security Events 353 Managing Event Logs 354 Best Practices 359 Summary 360 FAQs 361 CHAPTER 10 Backing Up and Restoring Data 363 Introduction to Backing Up and Recovering Data 364 Types of Backups 367 Normal Backup 367 Daily Backup 367 Copy Backup 368 Incremental Backup 368 Differential Backup 369 Necessary Permissions and User Rights 370
  18. xviii Contents System State Data 371 Emergency Repair Disk 372 Back Up and Restore Options 373 Advanced Options 378 Backing Up Data 380 Back Up Files to File or a Tape 382 Scheduling 384 Using Batch Files 387 Restoring Data 389 Restore Files from a File or Tape 389 Restore System State Data 390 Authoritative Restore 391 Maintaining Media 393 Best Practices 394 Summary 396 FAQs 397 CHAPTER 11 Advanced Administration of Windows 2000 399 Administering Windows 2000 400 Microsoft Management Console 400 Windows 2000 System Administration 402 Computer Management Console 402 Event Viewer 406 License Manager 406 Performance 407 Windows 2000 Network Administration 410 Adapters and Protocols 410 Configuring Adapters and Protocols 412 DHCP Manager 415 DNS Management 419 Windows Internet Naming Service (WINS) 424 Terminal Services 425 Quality of Service 429 Routing and Remote Access 430 Remote Access Service Dial Out 437 Virtual Private Networks 440 Demand Dial Routing 443 Network Address Translation (NAT) 445
  19. Contents xix Internet Authentication Service 447 Connection Manager Administration Kit 450 Customizing Windows 2000 Tools for Your Environment 452 Creating Custom MMC Consoles 453 Using the Task Scheduler 458 Understanding the Logon Process 460 Logon Authentication 460 Secondary Logon Services 461 Windows 2000 Resource Kit 462 Direct X Diagnostic Utility 462 Command Line Kill 463 Sysprep 463 Setup Manager 464 Sysdiff 465 Dependency Walker 466 Shutdown 467 Netdiag 467 Summary 467 FAQs 467 CHAPTER 12 Administering Active Directory 469 Introduction to Administering Active Directory 470 Active Directory Concepts 471 Directory 471 Namespace 472 Naming Conventions 474 Schema 476 Global Catalog 477 Replication 479 Client Software 481 Active Directory Components 482 Objects 482 Site 484 Domain 485 Trees and Forests 485 Using Active Directory Management Utilities 486
Đồng bộ tài khoản