Understanding Group Policy
The change-control tool on Windows Server 2003 is the Group Policy Object Editor GPOE or just GPE . Shown in Figure 14-2, this application is an MMC snap-in from which policy can be applied to the security principals computer, users, and groups of a Windows 2000 and Windows Server 2003 network. 2 Login Scripts jacsOI .HQ.LATirW S Computer Configuration ffl l Software Settings Windows Settings B AdWiinistrative Templates B LJ Windows Componer NetMeeting T l Internet Explorer I l Application Com...
Figure Unidirectional trust relationship between two domains
When the trust is mutual, the trust relationship becomes bi-directional, or two-way. Bi-directional trust enables the users or devices in each domain to access resources in the other's domains see Figure 3-3 . Windows NT trusts are limited by the underlying database and security technology, which endows the operating system with a less than suitable cognitive ability. In other words, Windows NT domains are always mistrusting and as such, whenever two domains need to interoperate, explicit...
Creating a superscope
You can create a superscope only after you define at least one scope on the server this prevents you from creating an empty superscope . Windows Server 2003 enables you to select which existing scopes will be moved to the superscope. You can create additional scopes within the superscope afterwards. You can also create multiple superscopes and create scopes both inside and outside of a superscope. Therefore, a given server might have two superscopes with four scopes each, along with three...
Local print monitor
The local print monitor formerly localmon.dll and now built into localspl.dll manages the following ports Parallel Interface. This interface caters to print jobs that are sent to the parallel port on the computer initiating the job. Most machines support parallel port printing. You choose this monitor when you set up a local printer connected directly to the host. The local printer can also be shared, which makes it a network printer. Serial Interface. This interface provides the same service...
Creating NNTP virtual servers
Creating an NNTP virtual server is relatively simple thanks to the New NNTP Virtual Server Wizard provided by IIS. To run the wizard, open the IIS console, right-click the server where you want to add the virtual server, and choose New O NNTP Virtual Server. You also can right-click an existing NNTP virtual server and choose New O Virtual Server. Specify the following information in the wizard Name. This is the friendly name for the virtual server as it appears in the IIS console. IP Address....
Creating a taskpad
To create a taskpad, right-click the object in the tree that you want to be the focus of the taskpad and then choose New Taskpad View. MMC starts a wizard to help you create the taskpad. In the second page of the wizard right after the introduction screen see Figure 7-6 , you define the appearance of the taskpad. As you make selections, the wizard shows the results to help you determine the effect of your choices. Figure 7-6 This wizard page helps you configure the way the taskpad appears....
Working with Data Sources ODBC
ODBC, which stands for Open Database Connectivity, provides a framework for database engines to communicate with client applications. ODBC drivers serve as a middleman between a database and a client application, coordinating transactions and translating between the client and the database. In some cases, they can take the place of the database engine. For example, a server doesn't need Microsoft Access installed to enable clients to query an Access database file stored on the server, which is...
Terminal Services Licensing
Licensing requirements for the Remote Desktop connections to Windows Server 2003 servers are dependent on three factors the mode in which Terminal Services are running Remote Desktop for Administration or Full Terminal Server , the operating system on the client device that's running Remote Desktop session, and the number of Terminal Servers configured with per-device and per-session licensing. Per-device licensing requires a temporary or full license for each connecting device per-session...
Services for Unix
Windows Server 2003, like Windows 2000 Server before it, includes Print Services for Unix, which provides printing integration between Windows and Unix platforms. Windows Server 2003 prior to R2 doesn't provide file services for Unix platforms, but Microsoft offers an add-on product called Services for Unix SFU that does provide file and related services for Unix platforms. Note R2 adds a component called Microsoft Services for NFS that includes Mapping Server, NFS Server, and client components...
Hidden shares
The capability to hide shares is a useful feature of the Windows OS. It makes up for the problem of shares being visible to everyone on the network, even to users who do not have access to the shares. Relative hiding of shares is probably a very difficult and cumbersome technology to introduce into the OS, but exposing shares only to users who have access to them makes sense. To the other users, the shares should not be visible . . . but available only on a need-to-know basis. Active Directory...
Bifactorial and monofactorial authentication
Network login is a bi-factorial exercise, meaning that it requires the user or device to present two factors to the authentication mechanisms of the network a user ID also known as an account name or ID and a password or what is also known in the secret service as the cipher . Every user ID must have a password. In order for the authentication system to validate the user, it asks for a password, and that is the only way it authenticates. However, the authentication is very weak. The...
Defining DSNs
You make data sources available to clients by creating a Data Source Name DSN . Three types of DSNs exist User. A user DSN is visible only to the user who is logged on when the DSN is created. System. A system DSN is visible to all local services on a computer and all users who log on locally to the computer. File. A file DSN can be shared by all users who have the same drivers installed and who have the necessary permissions to access the DSN. Unlike user and system DSNs, file DSNs are stored...
Performance Logs and Alerts
The Performance Logs and Alerts branch of the Computer Management snap-in provides a tool for setting up performance monitoring. You can configure counter logs, trace logs, and alerts. This branch is useful only for viewing or modifying settings it doesn't enable you to actually execute any performance monitoring. Instead, you need to use the Performance MMC snap-in. See Chapter 24 for detailed information on configuring performance logs and alerts and monitoring system performance.
Using the Security Configuration Wizard
Windows Server 2003 Service Pack 1 introduces a new tool called the Security Configuration Wizard to help administrators fine-tune security on a server. The wizard configures security settings based on server roles. The wizard prompts for information about the server and its roles, and then stops all services not required to perform those roles, locks down ports as needed, modifies registry settings, and configures settings for IIS and other components to apply the desired level of security....
Multicast address allocation
Multicast addresses enable IP traffic to be broadcast to a group of nodes. They are most commonly used in audio or video conferencing. A standard IP address is also known as a unicast address because traffic is broadcast to a single address. A multicast address, however, enables you to send a group of computers the same data packets with a single broadcast, rather than using multiple broadcasts to a group of unicast addresses. The use of multicasting enables a group of computers to receive the...