Chapter 10 Networking With Windows

Why Microsoft

History

Market Leader GUI Tools in the Box Support

1985 MS Net 1993 NT 3.1 1995 NT 3.51 1996 NT 4.0 2000 Win 2000 2003 Server 2003 Longhorn Blackcomb
2

Goals

To ensure that network resources such as files, folders, and printers are available to users To secure the network so that available resources are only accessible to users who have been granted the proper permissions
3

Windows Server 2003 Editions

Multiple versions of Windows Server 2003 exist Each version is defined to meet the need of a certain market segment Versions Include:

Standard Edition Enterprise Edition Datacenter Edition Web Edition

4

Standard Edition

Designed for everyday needs of small to medium businesses or as a departmental server for larger organizations Provides file and print services, secure Internet connectivity, centralized management of network resources Logical upgrade path for Windows 2000 Server Can be used as a domain controller, member server, or standalone server
5

Standard Edition (continued)

Enterprise Edition

Generally used for medium to large businesses Designed for organizations that require better performance, reliability, and availability than Standard Edition provides Provides support for mission-critical applications Available in both 32 and 64-bit editions

Enterprise Edition (continued)

Enterprise Edition (continued)

Datacenter Edition

Designed for mission-critical applications, very large databases, and information access that requires the highest levels of availability Can only be obtained from Original Equipment Manufacturers (OEMs)

10

Datacenter Edition Continued

11

Web Edition

Lower-cost edition Designed for hosting and deploying Web services and applications Meant for small to large companies or departments that develop and/or deploy Web services Can only be obtained from Original Equipment Manufacturers (OEMs)

12

Web Edition (continued)

13

Windows 2000/2003 Architecture

14

Two Different Operating Modes

User Mode
OS/2 Application Virtual DOS Machine (VDM) Win32 Application POSIX Application Logon Process

OS/2 Subsystem

Win32 Subsystem

POSIX Subsystem

Security Subsystem

Kernel Mode

Executive Services

15

The Intel Memory Model

Kernel Mode Win2K Operating System
Executive Services always operate in Ring 0
Executive Services Ring 0 Ring 1
Ap ps

Executive Services cannot be paged out to Virtual Memory (Hard Disk) User Mode Applications run through Application Programming Interfaces (APIs) to request services from Executive Services

Ring 2 Ring 3

s pp A

User Mode
16

Architectural Layers

User mode

Processes protected by the OS No direct access to hardware Processes protected by the CPU Direct access all hardware and memory

Kernel mode

17

User Mode

Environment subsystems

Provides APIs for

CSRSS.EXE - Windows 32bit Applications OS/2 DOS 16bit Applications Unix compatible Applications

Integral subsystems
Security Tracking user rights and permissions Login authentication

18

Kernel Mode

Executive

Manages all I/O Communications between clients and servers

LPC Local Procedure Call RPC Remote Procedure Call VMM

Hardware Abstraction Layer (HAL)

Library of hardware routines Makes OS portable Device drivers programs that control devices WDM - Windows Driver Model

Kernel-mode drivers

Support of Windows 98/ME

19

The FAT File System

File Allocation Table (FAT)

File location and Attributes Two copies of the FAT are stored on the volume. DOS thru Windows Server 2003 Windows95 OSR2 and above

FAT16

FAT32 (VFAT)

You can move or copy files between FAT and NTFS volumes.
20

The FAT16 File System

Supports up to 2TB Limited to 4 partitions

4 primary or 3 primary and 1 extended Limited to 4Gb

Maximum file size 2GB Short file names 8.3

21

Structure FAT16 Disk

Basically the directory Name Attribute Create data Modified data Starting Cluster File size

22

FAT32 (VFAT)

FAT32 supports partitions larger than those handled by FAT16.

2047 GB theoretical Win2K+ limit 32GB

Maximum file size 4 GB Supports long file names 255 characters

23

FAT32 Partition Structure

24

NTFS

Supported by Windows NT and above Partition size up to 2TB Supports up 264 bytes - 16 exabytes Maximum file size limited by volume size Supports long file names 255 characters Compression Encryption Enhanced Security Journaling
25

Introduction to NTFS

Should try to format Windows 2000 partitions with NTFS Guarantees the consistency of the volume by using standard transaction logging and recovery techniques Supports all Windows 2000 operating system features Allows you to set local permissions on files and folders that specify which groups and users have access to them
26

CD and DVD Support

CDROM File System (CDFS)

Uppercase 32 character names 8 level directory tree

Universal Disk Format (UDF)

Logical/Physical sector size same for entire volume Block size should be set to logical sector size Physical sector size same for all media in volume set

DVD support

27

Basic vs Dynamic

Basic storage

Industry standard Contains partitions, extended partitions, & logical drives Default for new disk added to Win2k Backward compatible with WinNT

Dynamic storage

Win2K feature Single partition includes entire disk Disk is divided into volumes

May span multiple physical disks

Can resize as needed Upgrade a basic disk to a dynamic disk

28

Storage Types

29

Disk Management Snap-In

30

Windows Networking Concepts

Two different security models used in Windows environments

Workgroup Domain

Three roles for a Windows Server 2003 system in a network

Standalone server Member server Domain controller

31

Workgroups

A workgroup is a logical group of computers

Characterized by a decentralized security and and administration model Authentication provided by a local account database Security Accounts Manager (SAM) Users need unique accounts on each workstation Users manage their own accounts (security issues) Not very scalable
32

Limitations

Workgroups (cont)

Peer to Peer connections emphasized Each machine must have a user database
Machines can connect in the network without security if Guest Account active without password.

33

Domains

Must have at least one Win2000 Server to define domain. Centralized Administration of Accounts & Security One Account, One Logon, One Password Domain not reliant on physical factors One security policy for entire domain
34

Domains (cont)

Computers join domains, not users Each computer continues to maintain its own database. Domain Administrato r automaticall y local admin.
35

Differences between Domains

Windows NT 4.0 Servers

Must have a Master computer acting as the Primary Domain Controller Can have secondary computers acting as Backup Domain Controllers Once Server is established as a Domain Controller, it cannot be shifted to another Domain Domains are limited to 40,000 entries (i.e. Users, Groups, etc.)

36

Differences between Domains

Windows 2000+ Servers

Domain controller(s) maintain the Active Directory data store Domain controllers can shift between domains Windows 2000 Domains do not have the limitation on entries that NT 4.0 Domains experience.

37

Domains

A domain is a logical group of computers

Characterized by centralized authentication and administration Authentication provided through centralized Active Directory Active Directory database can be physically distributed across domain controllers Requires at least one system configured as a domain controller
38

Member Servers

A member server

Has an account in a domain Is not configured as a domain controller Typically used for file, print, application, and host network services All 4 Windows Server 2003 Editions can be configured as member servers

39

Windows Networking Concepts

Two different security models used in Windows environments

Workgroup Domain

Three roles for a Windows Server 2003 system in a network

Standalone server Member server Domain controller

40

Domain Controllers

Explicitly configured to store a copy of Active Directory Service user authentication requests Service queries about domain objects May be a dedicated server but is not required to be

41

Windows NT

Primary Domain Controller (PDC)

Read/Write copy of SAM Read only replica copy of SAM Not transitive

Backup Domain Controller (BDC)

Trust relationships explicitly setup

42

NT Domains

NT uses the concept of a domain to manage global access rights within groups. A domain is a group of machines running NT server that share a common security policy and user database. NT provides four domain models to manage multiple domains within a single organization.

Single domain model, domains are isolated. Master domain model, one of the domains is designated the master domain. Multiple master domain model, there is more than one master domain, and they all trust each other. Multiple trust model, there is no master domain. All domains manage their own users, but they also all trust each other.
43

Single domain model

Simplest Windows NT domain

model

One domain that services

every user and resource

44

Master domain model

Uses a single domain to exert control over user account information Separate resource domains manage resources such as networked printers

45

Whats Next

Active Directory
46