Pages

Sunday 26 May 2013

Profiles

What is Profile?

* Profile is a user state environment.
* Profile contains personal setting of the users like:
- Documents.
- Desktop setting.
- Start Menu Icons.
- Shortcuts.
- Application Data.
- Downloads.
- Pictures, Musics, Videos.
- Contact.
- Favorites Etc.

Profile Types:

1.  Local.

2.  Roaming.

3.  Mandatory.

1.  Local Profile:

Local profile is a profile which is going to created and saved in a same system from where the user is login.

Disadvantages of Local profile
* As the user is changing the computer he is getting a different profile.
* Profile is not carried over through the network.

2.  Roaming Profile:

* A roaming user profile is created by System Administrator and its stores on a server.
* This profile is available everywhere you login to any computer on a network.
* Change made to your roaming user profiles are updates on the server.

3.  Mandatory Profile.

* A mandatory user profile is a roaming profile.
* Mandatory Profiles are fixed profiles in which the user change will no be saved.
* Only Administrators can make changes to Mandatory profiles.

Home Folder:

* Home folder is a centralized location of the users file (data).
* Home folder make it easier for an administrator to back up user files by collecting all user's files in the location.
* whenever the user log on any computer in a Domain, Home Folder will be available in the for network drive/network location

Disk Quota:

* You can use disk quota on drives formatted with the NTFS files system to monitor and limit the amount of disk space available to the individual users.
* Disk quota prevents further disk space usages and log on event when a user exceeds a specified disk space limit.


Configuration of Profiles.

Lab - 1: Configuration Local Profiles.
Lab - 2: Configuration Roaming Profiles.
Lab - 3: Configuration Mandatory Profiles.
Lab - 4: Configuration Home Folder.
Lab - 5: Enabling Disk Quota.

Pre-requisites:

Before working on this tab, you must have
1.  A computer running windows 2008 server Domain Controller.
2.  A computer running windows 2008 server or Windows 7.

SYS1:

Domain Controller
IP Address 10.0.0.1
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.1

SYS2:

Member Server/ Client
IP Address 10.0.0.2
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.1


Lab - 1: Configuration Local Profiles:

1.  Log on to Domain Controller as Administrator.

2.  Go to Active Directory Users and Computers and create Users (Ex:a1, a2).

Verification:

1.  Login as User (a1) on Client or Member Server.

2.  Right Click Computer → Select Properties, Click Advanced System Settings.

3.  Select Setting of User Profiles.

4.  Verify for user Profile Type and Status to be Local.

5.  Create some files on desktop and go to C: drive → Open Users → Open the user profile(a1) Folder → open desktop folder → verify for the files created on Desktop.


Lab - 2: Configuration Roaming Profiles:

1.  Log on to D.C as Administrator, Open Computer → Go to drive and create a shared folder Roam with Everyone as Co-Owner permission.

2.  Go to Active Directory Users and Computers → Expand the Domain Name (MICROSOFT.COM) → click Users → Right click the User(a1) and select Properties and select the Profile tab.

3.  Under User Profile → enter profile path as:

Syntax::  \\Servername\Shared Folder Name\User Name

Example:  \\SYS1\roam\a1.

4.  Click Apply and OK.

Verification:

1.  Login as User a1 on Client or Member Server and create some files on the Desktop.

2.  Then Right click computer Icon and Click Properties and Select Advanced System Settings.

3.  Click Settings of User Profiles.

4.  Verify for User Profile type and Status to be Roaming.

5.  Log off this user (a1) & log in on another computer with the same user (a1), we can see the files which we have created on first computer.


Lab - 3: Configuring Mandatory Profile:

1.  Configure a User (a1) Profile as Roaming Profile and Login as the user (a1) on Client or Member Server, Create some files on Desktop and Log off.

2.  Log on to server (D.C) as Administrator and Open the shared folder roam.

3.  In the shared folder you can find a folder with the user name (a1).

4.  When you try to open the folder a1 you will get an error You Don't currently have permission to access this folder, click Continue.

5.  Click Security tab.

6.  Click Advanced.

7.  Select Owner tab.

8.  Click Edit.

9.  Select Administrators and check the box Replace owner on sub containers and objects, click Apply and Yes → OK → OK → OK.

10.  Now open the folder a1 you can find some folders & files.

11.  Select NTUSER.DAT file and rename to NTUSER.MAN, click Yes → Yes.


 Note: NTUSER.DAT file is an operating system protected hidden file, it will not be visible directly, if it is not visible, then open computer icon → click Tools tab → Select Folder options → Select View tab → Select Show hidden Files and Folders → Clear the check box Hide extensions for known Files Types → Clear the Check box Hidden protected operating system Files → click Yes → Click OK.


 12.  After renaming it go back to the folder a1, Right click a1 → Properties.

 13.  Select the Security tab → Edit → Add the User a1 and check Allow Full control, click Apply and OK.


 14.  Click Advanced tab → Edit → Check the box Replace all existing inheritable permissions on all descendants with inheritable permissions from this object.


15.  Click Apply, It will ask do you wish to continue, Click YES and OK.


 16.  Click Apply and OK → OK.

 Verification:

 1.  Login as User a1 on Client or Member Server.

2.  Right click Computer and Click Properties, click Advanced System Settings.

3.  Click Setting of User Profiles.


4.  Verify for Profile type and Status to be Mandatory Profile.
Lab - 4: Configuration Home Folder.

 1.  Log on to D.C as Administrator, Open computer → Go to drive and create a shared folder home with Everyone as Co-Owner permission.

2.  Go to Active Directory User and Computers → Select User and Right click User a1 and click Properties.

3.  Select the Profile tab Under the Home Folder, Select Connect and Select a drive letter Z: and in To:  enter \\Server Name\Share Name\User Name.
Example: \\SYS1\home\a1.


 4.  Click Apply and OK.

 Verification:

 1.  Login as user a1 on client or Member Server.

2.  Open Computer, Locate Home folder under network drives.


Lab - 5: Enabling Disk Quota

 1.  Log on to the computer (D.C) as Administrator.

2.  Open Computer → Right click NTFS Drive (Which contains Home Folder) → select Properties, Select Quota tab.

3.  check box the box Enable quota management, and check the box Deny disk space to users exceeding quota limit.

4.  Click Quota Entries click Quota  → New Quota Entry...

5.  Enter the User Name (a1) and click Check names, click OK.


 6.  Select Limit disk space to and enter the quota limit for a1 → Click OK → Close.


 7.  Click Apply and Click OK.

 8.  The user a1 can use only 5 MB from this quota partition.

 Verification:

 1.  Login as User a1 on Member Server, Open Computer.

2.  Right Click Network drive Z: (Home Folder) → Properties.


 3.  Check the capacity as 5 MB and click OK.
Posted by at No comments:

Permission

What is Permission?

 *  Permission define the types of access granted to a user, groups, or computer access resources.
*  Permission can applied to resource such as files, folders and printers.
Permissions like Privilege to read a file, delete a file, or to create a new file in folder.

Two types of permission:

1.  Security level permission.
2.  Share level permission.

New tech files system is also known as Security level permission.

 R       -  Read
W      -  Write
R/w   -  Read executive
M      -  Modified
F.c     -  Full Control
L.F.C -  List Folder Contain

1. Security Level Permission.

 *  Security level permission are the permission which are used to restrict the access on a resources which is present in a local computer from where the user login in.
*  Security level permission is also called as new tech file
*  New technology file system (NTFS) permission can be set on  drive, folder and file.
*  Different security permission are
*  Full control
*  Modified
*  Read and executive
*  Full control list folder contain

2. Share Level Permission.

 *  Share level permission can be implemented on New Technology File System NTFS and File Allocation Table FAT file system.
*  Share level permission can be set on a folder drive not on a file

Three types of sharing in 2008 server.

 *  Reader
*  Contributor
*  Co-Onwer

Note:
          To hidden sharing folder from the network rename the file which want to hidden rename with a Dollar Symbol ($)
Example: \\system\name\filename$
Configuration Of Permission

 Lab - 1: Security Level Permission.
Lab - 2: Share Level Permission.
Lab - 3: Configuration Offline Files Client Or Configuration Offline Files In Member Server.

 Pre-requisites:

 Before working on this lab, you must have.

1.  A computer running windows 2008 server Domain Controller.

2.  A computer running windows 2008 server or Windows 7.

Sys1:
Domain Controller
IP Address 10.0.0.1
Subnet Mask 255.0.0.0
Preffered DNS 10.0.0.1

Syst2:
Member Server / Client
IP Address 10.0.0.2
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.1

Lab - 1: Security Level Permission..

 1.  Open Computer → Go to any NTFS partition and create a folder (DATA), along with some files in it.

2.  Right Click the folder (DATA) and select properties and click Security tab → click Advanced tab → click Edit → clear the box on Include Inherit permissions from this objects parent.


 3.  Click Remove → Apply → OK → OK

 4.  Click Edit

 5.  Add Administrator or Administrators and Allow Full Control permission.

6.  Then Add the Users (Users1) and Allow Read permission.

7.  Click Apply → OK → OK

 Verification:

 1.  Login as User(User1) on the same computer, and Open  computer icon, and verify the respective permission by accessing the folder.

2.  The user can just read the Files and Folders.


 Lab - 2: Share Level Permissios.

 1.  Logon to a computer as Administrator, Open Computer → Open any drive and create a folder (SALES) along what some files in it.

2.  Right Click the folder (SALES) and Select Share.


3.  Select the drop down arrow mark and select Find → enter the User name (User1) → Click OK → select the user (User1) and assign Permissions (Ex: Co-Owner) → click Share → click Done.


 Verification:

 Access The Shared Folder

 1.  Logon to Member Server or Client as User (User1) → Open Network.


 2.  Open System Name in which the shared folder is present.

3.  Access the shared folder (SALES) & verify the permission by creating some files.

Accessing Shared Folders using UNC Path:

 1.  Logon to Member Server or Client as a User.

2.  Click Start → click Run and type the Syntax \\Servername\Sharename.

 Example: \\sys1\sales
Lab - 3: Configuration Offline Files in Client (Windows 7)

 1.  Log on to D.C as Administrator, Open Computer → Go to drive and create a shared folder Sales with Everyone as Co-Owner permission.

2.  Log on to Client (sys2) as Administrator → open Network → open the system name of DC (sys1) → Right click the shared folder and select Always Available Offline.


 Verification:

 1.  Disconnect or Disable the Network connection, and try to access the shared folders from network and only Sales folder will be visible and accessible.

2.  Open the SALES folder & make some modification (Create some files in it).

3.  Then connect or Enable the Network connection, then Right Click the shared folder & click Sync.


4.  Modification will be updated on the shared folder (In the server).


Configuration Offline Files in Member Server (Windows 2008)

 1.  Log on to D.C as Administrator, Open Computer → Go to a drive and create a shared folder Sales with Everyone as Co-Owner permission.

2.  Log on to Member server SYS2 as Administrator, Open Server Manager → click features → click Add Features → Next → check the box for Desktop ExperienceNext → Click Install.


 3.  Click close → select Yes to restart the system.

4.  Click Start → Setting → Control Panel → Double click the option Offline Files.


5.  Click Enable Offline Files → Click OK → Click Yes to restart the system.

6.  Log on to Member Server SYS2 as Administrator → open Network → Open system name DC → Right click the shared folder and select Always Available Offline.


 Verification:

 1.  Disconnect or Disable the Network connection, and try to access the Shared Folders from network and only SALES folder will be visible and accessible.

2.  Access the SALES folder & make some modifications (Create some files in it).

3.  Connect or Enable the network connection, then Right Click the shared folder & click Sync.

4.  Modification will be updated on the shared folder (In the server).
Posted by at No comments:

Saturday 25 May 2013

Member Server/Client and User Management

Member Server/Client and User Management

 * Clients
A computer joint in the domain with client operating system.

Client operating system like Windows, Vista, Window xp professional, Windows 2000 professional

 *Member Servers

 A computer joined into the domain with server operating system.

Server operating system like Windows server 2008, Windows server 2003, Windows 2000 server.

 *Local User.

 A user account created in local database of a computer.

Local users are generally used in (work group) model.

Local users can log-in only on the respective computer.

*Domain

 A user account created in Active Directory database

Domain users are used in Domain model.

Domain users can log on to any computer in the DOMAIN


 Active Directory Infrastructure

 1. Configuration m-s (system 3)

2. Creating D-user (system1-DC) V-log in from system2

3. Password policy (sys1 dc)
L-O         GDMC-MJC-default domain policy
C-D

 V-create w/o p/w

4. Allow log on locally (sys1-dc)
gpmc-msc-default-domain controller policy
V-O login from dc as user

 5. Account lockout policy (DC)
default domain policy

Configuration of Member Server/Client and User Management

 Lab - 1: Configuration Client Or Configuration Member Server.
Lab - 2: Creating Domain User Account.
Lab - 3: Changing Default Password Policy.
Lab - 4: Changing Allow Logon Locally Policy.
Lab - 5: Enabling Account Lockout Policy.

 Pre-requisites:

Before working on this lab, you must have

1. A computer running windows 2008 server Domain Controller.

2. A computer running windows 2008 server windows 7.

Sys1:
IP Address 10.0.01
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.1

Sys2:
IP Address 10.0.0.2
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.1

Lab - 1: Configuring Client (Windows 7)

 1.  Log in as Administrator to workgroup computer.
2.  Right click Computer Icon and click Properties and click change settings.


 3.  In the System properties dialog box click Change.


 4.  Select the Member of Domain and enter the Domain Name.(Ex: Microsoft.com).

5.  Enter the user name Administrator and his Password, click ok.

6.  Welcome Message appears indicating that the computer was successful in joining the domain.

7.  Click OK and click Close to close the system properties dialog box. It will ask for restart, Click Yes.

 8. After restarting the computer, it will become Client.

 Verification:
1. Right click Computer Icon → Properties.

 2.  Click computer Name, domain, and workgroup setting and verify for the Domain Name MICROSOFT.COM
CONFIGURATION MEMBER SERVER

 1.  Log in as Administrator to Workgroup Computer.

 2.  Right click Computer and click Properties and click Change settings.

 3.  In the System properties dialog box click Change.


4.  Select Member of DOMAIN and enter the Domain Name. (Ex:Microsoft.com)

5. Enter the user name Administrator and his Password, click OK.


 6.  Welcome Message appears indicating that the computer was successful in joining the domain, Click OK.


 7.  Click OK → click OK and click Close to close the system Properties dialog box. It will ask for restart, click Yes.

 8.  After restarting the computer it will become Member Server.

 Verification:

 1.  Right click Computer Icon → Properties.

 2.  Click Computer Name, domain, and workgroup setting and verify for the Domain Name MICROSOFT.COM.


 Lab- 2: Creating Domain User Accounts

 1.  Log in as Administrator to the Domain Controller.

 2.  Click Start Programs → Administrative tools → Active Directory users and computer.


 3.  In the console tree, expand your domain MICROSOFT.COM, and then Right Click users container, Select New User.


 4.  Specify the First name, and User Logon name and then click Next.


 5.  Enter the Password and Confirm password for the user account, click Next.


 6.  Review the configuration setting for the User Account and then click Finish.

 Verification:

 1.  Login as user (User1@Microsoft.com) in Member server or Client.


Lab - 3: Changing Default Password Policy

 1.  Log in as Administrator to the Domain Controller.

 2.  Click Start → Program → Administrator Tools → Group Policy Management Console.


 3.  Expand Forest → Expand Domains → Expand Microsoft.com → Right Click Default Domain Policy and select Edit.


4.  Expand Computer Configuration → Expand Policies → Expand Windows Setting → Expand Security Setting → Expand Account Policies → open Password Policy.


 5.  Double click Minimum Password Length.


 6.  Change the length value from (7 to 0) and click Apply and OK.


 7.  Double click Password must meet complexity Requirements.


 8.  Select Disabled and Apply and OK.


 9.  Click Start → Run and type GPUPDATE and it refreshes the policy changes.

Verification:

 1.  Go to Active Directory users and computers and create to user with any password or without any password.
Lab - 4: Changing Allow Logon Locally Policy

 1.  Log in as Administrator to the Domain Controller.

 2.  Click Start → Programs → Administrative Tools → Group Policy Management Console.


 3.  Expand Forest → Expand Domains → Expand Microsoft.com → Expand Domain Controller → Right Click Default Domain Controller Policy and Select Edit.

4.  Expand Compute Configuration → Expand Policies → Expand Windows Settings → Expand Security Setting → Expand Local Policies → Select User Rights Assignment → Double click Allow logon locally.


 5.  Click Add User or Group → Click Browse → Enter the User name → Click OK.


 6.  Click OK → OK → Apply and OK.

 7.  Click Start → RUN and Type GPUPDATE and it refreshes the policy changes.

Verification:

 1.  Log on to Domain Controller as Domain User (User1).
Lab - 5: Enabling Account Lockout policy

 1.  Log on to D.C as Administrator, Click start → ProgramsAdministrator ToolsGroup Policy Management.


 2.  Expand Forest → Expand Domains → Expand Microsoft.com → Right click Default Domain policy and select Edit.


 3.  Expand Computer Configuration → Expand Policies → Expand Windows Settings → Expand Security Settings → Expand Account Policies → Expand Account Lockout Policy.


 4.  Double click Account lockout threshold.


 5.  Enter the value for Number of invalid logon attempts(Ex: 2)

6.  Set the Account lockout duration and click OK.


 7.  Close the Group Policy Management Window.

Verification:

 1.  Enter the password for user (User1) wrongly for 2 times while logging in and the user account will be locked.

Unlocking the locked User account Manually

 1.  Log on to D.C as Administrator, click start → programs → Administrative Tools → Active Directory Users and Computers.

 2.  Right click the user (User1) and select Properties.


 3.  Check the box Unlock account → click Apply and OK.


 Verification:

 1.  Log in as User (user 1) in client or Member Server.
Posted by at No comments:
Subscribe to: Posts (Atom)