10

Special Program for Technical Vocational Education

COMPUTER SYSTEMS
SERVICING

LEARNING MATERIAL
Quarter 1

Developed by: School Year:

DIANA P. CUIZON 2020 - 2021
ESPHIE JOY V. DE GUZMAN
 TANZA NATIONAL TRADE SCHOOL
Technical Vocational Education
SPTVE Computer Systems Servicing
Weekly Learning Activity Sheets

Table of Contents Pages Date/Duration

Introduction 4
Pre-Test 5
Quarter I: SETTING UP COMPUTER SERVERS
LO 1: Set up user access
Information Sheet 1.1 Network operating systems features 11 Week 1
Self-Check 1.1 15
Activity Sheet 1.1 16
Information Sheet 1.2 User access level configurations 18 Week 1
Self-Check 1.2 44
Activity Sheet 1.2 45
Information Sheet 1.3 Network policies and services 46 Week 2
Self-Check 1.3 56
Activity Sheet 1.3 57
Task Sheet 1.3 58
Information Sheet 1.4 Set up peer-to-peer (P2P) network access 59 Week 2
Self-Check 1.4 68
Activity Sheet 1.4 69

LO 2: Configure network services

Information Sheet 2.1 Configure server function 70 Week 3
Self-Check 2.1 82
Activity Sheet 2.1 83
Information Sheet 2.2 Server modules and addons 84 Week 3
Self-Check 2.2 86
Activity Sheet 2.2 87
Information Sheet 2.3 Network services and its operation 88 Week 3
Self-Check 2.3 92
Activity Sheet 2.3 93
Information Sheet 2.4 Procedures in respond to unplanned 94 Week 3
events and condition
Self-Check 2.4 98
Activity Sheet 2.4 99
Information Sheet 2.5 Domain controller (Active Directory) 100 Week 4
Operation Sheet 2.5 112
Self-Check 2.5 120
Activity Sheet 2.5.1 122
Activity Sheet 2.5.2 123

2
Assignment Sheet 2.5 124
Information Sheet 2.6 Domain Name Server 125 Week 5
Self-Check 2.6 139
Activity Sheet 2.6 140
Assignment Sheet 2.6 141
Information Sheet 2.7 Dynamic Host Configuration Protocol server 142 Week 6
Operation Sheet 2.7 156
Self-Check 2.7 165
Activity Sheet 2.7.1 167
Activity Sheet 2.7.2 168
Assignment Sheet 2.7 169
Information Sheet 2.8 File server 170 Week 7
Operation Sheet 2.8 178
Self-Check 2.8 183
Activity Sheet 2.8 184
Assignment Sheet 2.8 185
Information Sheet 2.9 Printer server 186 Week 8
Operation Sheet 2.9 192
Self-Check 2.9 197
Activity Sheet 2.9 199
Assignment Sheet 2.9 200
References 201

3
 Introduction

In this learning material, there will be two (2) most essential learning
competencies that you will encounter: (1) Set up user access and (2) Configure
network services. The two most essential learning competencies contain sub-topics
that discuss the details on setting up computer servers.

The competencies for this learning material are:

LO 1: Set up user access

1.1 Create user folder in accordance with Network operating system features
1.2 Configure user access level based on NOS features
1.3 Establish network access policies/end user requirements
1.4 Perform security check in accordance with established network access
policies/end user requirements

LO 2: Configure network services

2.1 Check normal server function in accordance with manufacturer’s
instructions
2.2 Install and update required modules/add-ons on NOS installation
procedures
2.3 Confirm network services based on user/system requirements
2.4 Check operation of network services based on user/system requirements
2.5 Respond to unplanned events or conditions in accordance with established
procedures

4
 Pre-Test

Direction: Choose the correct answer from the given choices. Write your answer on a
separate sheet of paper.

1. Which network protocol used on IP networks where it is automatically assigns an

IP address and other information to each host on the network?
a. DHCP Server c. DNS Server
b. HTTP d. List Server
2. What do you call a computer program that provides a service to another computer
programs and their users?
a. DHCP Server c. DNS Server
b. Server d. List Server
3. These are primarily comprised of individual routines (SrvRoutines) that are typically
coded to perform database centric processing.
a. Server Module c. Client Manager
b. FTP Server d. List Server
4. It is a network protocol used to move computer files between a client and server.
a. DHCP Server c. FTP Server
b. HTTP d. List Server
5. It is a program that uses HTTP to serve the files that form Web pages to users, in
response to their requests.
a. DHCP Server c. FTP Server
b. HTTP d. List Server
6. A window Server 2008 computer that has been configured with the Active Directory
DS role is referred to as
a. Domain controller c. Global catalog
b. Domain manager d. DNS server
7. It is a component of Windows Server 2008.
a. Domain controller c. NPAS
b. Active manager d. DNS server

5
8. Provides traditional dial-up remote access to support mobile
users or home users who are dialing in to an organization's intranets
a. Remote Access c. Client
b. DNS d. Server
9. What is the Microsoft implementation of a RADIUS server and Proxy?
a. Active Domain c. DHCP
b. Network Policy Server d. Forest
10. It makes server administration more efficient by allowing administrators to do tasks
in the following table by using a single tool.
a. DHCP Server c. Server Manager
b. FTP Server d. List Server
11. These files are also named unmanaged modules, because they are not created by
using the ASP.NET model.
a. Native Modules c. DNS Server
b. Managed Modules d. Client
12. These modules are created by using the ASP.NET model.
a. Native Modules c. Server
b. Managed Modules d. List Server
13. Operating system designed for the sole purpose of supporting workstations,
database sharing, application sharing and file and printer accessing and sharing
among multiple computers in a network.
a. NOS c. Global catalog
b. Domain manager d. DNS server
14. Database of user accounts and other information that network administrators
use to control access to shared network resources.
a. Domain controller c. NPAS
b. Active manager d. Directory Services
15. What is the highest available forest functional?
a. Windows 2008 c. Windows server 2008
b. Windows server 2003 d. Windows 2009

6
16. These are a method for assigning access rights to specific user accounts and
user groups.
a. Read c. Full control
b. Permission d. Modify
17. Allows you to authenticate to Windows or any other operating system so that you
are granted authorization to use them
a. User group c. Windows server 2008
b. Full control d. User Account
18. It allows reading, writing, changing and deleting of any file and subfolder
a. Permission c. Full Control
b. User group d. Modify
19. Collection of user accounts that share the same security rights and
permissions.
a. Permission c. Administrator
b. User group d. Windows 2009
20. It is part of an access control procedure for computer systems, which allows a
system administrator to set up a hierarchy of users.
a. Windows 2008 c. Windows server 2008
b. User Access Level Configuration d. User Group
21. Hierarchical structure that stores information about objects on the network.
a. Active Directory c. Directory
b. Active Directory Domain Services d. Domain Controller
22. Stores information about user accounts, such as names, passwords, phone
numbers, and so on, and enables other authorized users on the same network to
access this information.
a. Active Directory c. Directory
b. Active Directory Domain Services d. Domain Controller
23. Uses a structured data store as the basis for a logical, hierarchical organization of
directory information.
a. Active Directory c. Directory
b. Active Directory Domain Services d. Domain Controller

7
24. Server that is running a version of the Windows Server® operating system and has
Active Directory® Domain Services installed.
a. Active Directory c. Directory
b. Active Directory Domain Services d. Domain Controller
25. Naming system allows for growth on the Internet and the creation of names that
are unique throughout the Internet and private TCP/IP-based intranets.
a. Zone c. Geographical Domain
b. Organizational Domain d. Domain Name System
26. These are named by using a 3-character code that indicates the primary function
or activity of the organizations contained within the DNS domain.
a. Zone c. Geographical Domain
b. Organizational Domain d. Domain Name System
27. These are named by using the 2-character country/region codes established by
the International Standards Organization (ISO) 3166.
a. Zone c. Geographical Domain
b. Organizational Domain d. Domain Name System
28. Contiguous portion of the DNS namespace.
a. Zone c. Geographical Domain
b. Organizational Domain d. Domain Name System
29. The full consecutive range of possible IP addresses for a network. Scopes typically
define a single physical subnet on your network to which DHCP services are
offered.
a. DHCP c. IPv4
b. DHCP Server d. Scope
30. IP standard for simplifying management of host IP configuration.
a. DHCP c. IPv4
b. DHCP Server d. Scope
31. Service that holds information about available IP addresses and related
configuration information, as defined by the DHCP administrator, and responds to
requests from DHCP clients.
a. DHCP c. IPv4
b. DHCP Server d. Scope

8
32. Most widely deployed version of Internet Protocol which defines an addressing
scheme based on 32-bit addresses.
a. DHCP c. IPv4
b. DHCP Server d. Scope
33. Provides a central location on your network where you can store files and share
them with users across your network.
a. Share and Storage Management c. File Server
b. Namespace d. Disk Management
34. System utility for managing hard disks and the volumes or partitions that they
contain.
a. Share and Storage Management c. File Server
b. Namespace d. Disk Management
35. Enable to group shared folders into one locally structured location.
a. Share and Storage Management c. File Server
b. Namespace d. Disk Management
36. Provides a centralized location for you to manage two important server resources.
a. Share and Storage Management c. File Server
b. Namespace d. Disk Management
37. Creates a Web site hosted by Internet Information Services.
a. Print Server c. Print and Document Services
b. Print Management d. Internet Printing
38. Helps you monitor print queues and receive notifications when print queues stop
processing print jobs.
a. Print Server c. Print and Document Services
b. Print Management d. Internet Printing
39. Role in Server Manager that enables you to share printers and scanners on a
network, setup print servers and scan servers, and centralize network printer and
scanner management tasks by using the Print Management and Scan
Management Microsoft Console (MMC) snap-ins respectively.
a. Print Server c. Print and Document Services
b. Print Management d. Internet Printing

9
40. Required role service of the Print Services role.
a. Print Server c. Print and Document Services
b. Print Management d. Internet Printing

10
 INFORMATION SHEET 1.1
Network Operating Systems Features

Learning Objectives:
After reading this Information Sheet, the learner is expected to:
a. Identify Network Operating system
b. Enumerate Network Operating system features
c. Explain each features of Network Operating System

A network operating system is an operating system designed for the sole purpose of
supporting workstations, database sharing, application sharing and file and printer
accessing and sharing among multiple computers in a network. It provides services to
clients over a network.
A server is a running instance of an application (software) capable of accepting
requests from the client and giving responses accordingly. Servers can run on any
computer including dedicated computers, which individually are also often referred to
as "the Servers operate within a Servers are computer programs running to serve the
-requests of other programs, the clients. Thus, the server performs some tasks on
behalf of clients. It facilitates the clients to share data, information or any hardware
and software resources. The clients typically connect to the server through the network
but may run on the same computer. In the context of Internet Protocol (IP) networking,
a server is a program that operates as a socket listener. Servers often provide
essential services across a network, either to private users inside a large organization
or to public users via the Internet. Typical computing servers are database server, file
server, mail server, print server, web server, and numerous systems use this client
server networking model including Web sites and email services. An alternative model,
enables all computers to act as either a server or client as needed. Usage The term
server is used quite broadly in information technology. Despite the many server-
branded products available (such as server versions of hardware, software or

11
operating systems), in theory, any computerized process that shares a resource to
one or more client processes is a server.
Network operating systems (NOS) typically are used to run computers that act
as servers. They provide the capabilities required for network operation.

Directory Services
A directory service is a database of user accounts and other information that network
administrators use to control access to shared network resources. When users
connect to a network, they have to be authenticated before they can access network
resources.

Authentication
Authentication is the process of checking the user's credentials (usually a user name
and a password) against the directory. Users that supply the proper credentials are
permitted access according to the permissions specified by the network administrator.
Successful user authentication in a Windows 2000 2003,2008 computing environment
consists of separate processes: interactive logon, which confirms the user's
identification to either a domain account or a local computer, and network
authentication, which confirms the- user's identification to any network service that the
user attempts to access.

Windows Server 2008 is designed around certain roles and features. A role is a
primary duty that a server performs. A feature is something that helps a server perform
its primary duty (Windows Backup, network load balancing). Certain roles are
comprised of sub-elements called Role Services, which are distinct units of
functionality.
o The server manager console introduced in the full installation of Windows 2008
server r2 made the installation of roles and features straightforward.
o Group Policy Management Console (GPMC) is a scriptable Microsoft
Management Console (MMC) snap-in, providing a single administrative tool for
managing Group Policy across the enterprise. GPMC is the standard tool for
managing Group Policy.

12
 Group Policy Object (GPO) is a collection of settings that define what a system
will look like and how it will behave for a defined group of users. Microsoft provides
a program snap-in that allows you to use the Group Policy Microsoft Management
Console (MMC). The selections result in a Group Policy Object. The GPO is
associated with selected Active Directory containers, such as sites, domains, or
organizational units (OUs). The MMC allows you to create a GPO that defines
registry-based polices, security options, software installation and maintenance
options, scripts options, and folder redirection options.
Some Features:
Active Directory Domain Services (AD DS) stores information about users,
computers, and other devices on the network. AD DS helps administrators
securely manage this information and facilitates resource sharing and
collaboration between users. AD DS is also required to be installed on the network
in order to install directory-enabled applications such as Microsoft Exchange
Server and for applying other Windows Server technologies such as Group Policy.
DNS Server - Domain Name System (DNS) provides a standard method for
associating names with numeric Internet addresses. This lets users refer to
network computers by using easy-to-remember names instead of a long series of
numbers. Windows DNS services can be integrated with DHCP services,
eliminating the need to add DNS records as computers are added to the network.
Dynamic Host Configuration Protocol (DHCP) is responsible for assigning IP
addresses to the computers automatically. IP addresses assigned to the
computers by DHCP server are known as dynamic IP addresses, and the
computers that are configured to obtain the IP addresses automatically from the
DHCP server are called DHCP client computers.
File Services provides technologies for storage management, file replication,
distributed namespace management, fast file searching, and streamlined client
access to files, such as UNIX-based client computers.
Print and Document Services enables you to centralize print server and network
printer management tasks. With this role, you can also receive scanned
documents from network scanners, and route the documents to a shared network
resource, a Windows SharePoint Services site, or to e-mail addresses.

13
Remote Desktop Services provides technologies that enable users to access
Windows-based programs that are installed on a remote desktop server, or to
access the Windows desktop itself, from almost any computing device. Users can
connect to a remote desktop server to run programs and to use network resources
on that server.

14
 SELF CHECK 1.1

Direction: Write T if the statement is TRUE or F if it is FALSE. Write the letter of your
answer before each number.

_____1. A server is a running instance of an application (software) capable of

accepting requests from the client and giving responses accordingly.

_____2. Authentication is the process of checking the user's credentials (usually a

user name and a password) against the directory.

_____3. Network operating systems (NOS) typically are used to run computers that
act as client.
_____4. Active Directory Domain Services (AD DS) stores information about users,
computers, and other devices on the network.
_____5. DHCP stands for Dynamic Host Commercial Protocol.

_____6. Users can connect to a remote desktop server to run programs and to use
network resources on that server.
_____7. Client provide essential services across a network, either to private users
inside a large organization or to public users via the Internet.
_____8. File Services provides a standard method for associating names with numeric
Internet addresses

_____9. Domain Name System (DNS) provides a standard method for associating
names with numeric Internet addresses.

_____10. Network operating system provides services to clients over a network.

15
 ACTIVITY SHEET 1.1
Network Operating Systems Features

Identification: Write your answer on the space provided.

____________1. It stores information about users, computers, and other devices on

the network.

____________2. An operating system designed for the sole purpose of supporting

workstations, database sharing, application sharing and file and

printer accessing and sharing among multiple computers in a

network.

____________3. IP addresses assigned to the computers by DHCP server

____________4. The computers that are configured to obtain the IP addresses

automatically from the DHCP server

____________5. It is a scriptable Microsoft Management Console (MMC) snap-in,

providing a single administrative tool for managing Group Policy

across the enterprise

____________6. It enables you to centralize print server and network printer

management tasks.

____________7. It provides technologies for storage management, file replication,

distributed namespace management, fast file searching, and

streamlined client access to files

16
____________8. The process of checking the user's credentials (usually a user name

and a password) against the directory

____________9. It is a database of user accounts and other information that network

administrators use to control access to shared network resources

____________10. It provides a standard method for associating names with numeric

Internet addresses

17
 INFORMATION SHEET 1.2
User Access Level Configurations

Learning Objectives:
After reading this Information Sheet, the learner is expected to:
a. Define user access level configuration
b. Configure user access level
c. Create user account in accordance with network operating systems features

User Access Level Configuration is part of an access control procedure for computer
systems, which allows a system administrator to set up a hierarchy of users. Thus, the
low level users can access only a limited set of information, whereas the highest level
users can access the most sensitive data on the system. Also called access rights.

A user account is a collection of settings and information that tells Windows which files
and folders you can access, what you can do on your computer, what are your
preferences, and what network resources you can access when connected to a
network.

The user account allows you to authenticate to Windows or any other operating system
so that you are granted authorization to use them. Multi-user operating systems such
as Windows don’t allow a user to use them without having a user account.

In Windows, you can manage your computer’s user accounts by going to the “Control
Panel” and then to “User Accounts and Family Safety > User Accounts.”

18
 A user account in Windows is characterized by the following attributes:

• User name – the name you are giving to that account.

• Password – the password associated with the user account (in Windows 7 or older
versions you can also use blank passwords).
• User group – a collection of user accounts that share the same security rights and
permissions. A user account must be a member of at least one user group.
• Type – all user accounts have a type which defines their permissions and what they
can do in Windows.

Windows 7 User Accounts

Windows 7 and earlier versions has three important types of accounts:

19
Administrator

The “Administrator” user account has complete control over the PC. He or she can
install anything and make changes that affect all users of that PC.

Standard

The “Standard” user account can only use the software that’s already installed by the
administrator and change system settings that don’t affect other users.

Guest

The “Guest” account is a special type of user account that has the name Guest and
no password. This is only for users that need temporary access to the PC. This user
can only use the software that’s already installed by the administrator and cannot
make any changes to system settings.

Windows 8 User Accounts

Windows 8 introduces two new types of user accounts, alongside those already in
Windows 7:

20
Microsoft account

Microsoft accounts are user accounts with an associated e-mail address that give you
access to all Microsoft products and services. They always have password that’s not
blank. If you are using an outlook.com e-mail address (let’s say
howtogeek@outlook.com), you have a Microsoft account with that address.

To further complicate things, Microsoft allows people to create Microsoft accounts

using third-party e-mail services like Gmail. To simplify things for you, remember that
you have a Microsoft account when you use an email address to log into Windows or
to any Microsoft product or service.

Microsoft accounts work on multiple systems and devices. Therefore you can use the
same account to log into all your Windows 8.x devices, your Xbox One console and
your Windows Phone. You don’t have to create a separate account for each device.

Microsoft accounts can be administrators or standard user accounts.

Local account

Local accounts are classic user accounts that exist locally and can use blank
passwords. For example, in Windows 7 all user accounts are local accounts. Local
21
accounts can be administrators or standard user accounts. They work on a single
system only, so if you do have multiple devices, you’ll have to create a separate
account for each.

User accounts provide the added benefit of letting you share the same computer with
several people, while having your own files and settings. Each person accesses his or
her user account without interfering with others.

How to tell them apart?

In Windows 8.x you can quickly differentiate local user accounts from Microsoft
accounts by looking at whether they use an email address or not. Look at the
screenshot below, sharing the Manage Accounts window, which is accessed by going
to “Control Panel > User Accounts and Family Safety > User Accounts > Manage
Accounts.”

The first account, named Ciprian Rusen, is a Microsoft account. All the other user
accounts are local accounts. The Microsoft account is an administrator, which is
marked by the “Administrator” statement beneath its email address. All other user
accounts are standard user accounts because they do not have the “Administrator”
statement.

What is a User Group?

22
As mentioned earlier, the user group is a collection of user accounts that share the
same security rights and permissions.

Keep Reading…

Windows has a long list of predefined user groups which includes “Administrators” and
“Users.” However, most predefined user groups do not have user accounts until the
administrator or third-party apps start customizing them. User groups can also be
created by third-party software and services like virtual machines which create hidden
user accounts and groups in order to provide different features or services.

A user account is a member of at least one user group while some user accounts are
members of two groups or more, depending on how they are set.

For example, all user accounts that are set as administrators will be part of the
“Administrators” group. Standard user accounts are part of the “Users” group.
However, both types of user accounts will become members of the “HomeUsers”
group, when you start using the Homegroup networking feature in Windows.

User groups are managed automatically by Windows and you won’t need to fiddle with
them, even though you can if you are an administrator. This concept is important so
that you better understand how file sharing works, how permissions are assigned, etc.

What are File & Folder Permissions?

23
 Permissions are a method for assigning access rights to specific user accounts and
user groups. Through the use of permissions, Windows defines which user accounts
and user groups can access which files and folders, and what they can do with them.
To put it simply, permissions are the operating system’s way of telling you what you
can or cannot do with a file or folder.

To learn the permissions of any folder, right click on it and select “Properties.” In the
Properties window, go to the Security tab. In the “Group or user names” section you
will see all the user accounts and use groups that have permissions to that folder. If
you select a group or a user account, then see its assigned permissions, in the
“Permissions for Users” section.

In Windows, a user account or a user group can receive one of the following
permissions to any file or folder:

• Read – allows the viewing and listing of a file or folder. When viewing a folder, you
can view all its files and subfolders.
• Write – allows writing to a file or adding files and subfolders to a folder.
• List folder contents – this permission can be assigned only to folders. It permits the
viewing and listing of files and subfolders, as well as executing files that are found in
that folder.

24
• Read & execute – permits the reading and accessing of a file’s contents as well as its
execution. When dealing with folders, it allows the viewing and listing of files and
subfolders, as well as the execution of files.
• Modify – when dealing with files, it allows their reading, writing and deletion. When
dealing with folders, it allows the reading and writing of files and subfolders, plus the
deletion of the folder.
• Full control – it allows reading, writing, changing and deleting of any file and subfolder.

Generally, files inherit the permissions of the folder where they are placed, but users
can also define specific permissions that are assigned only to a specific file. To make
your computing life simpler, it is best to edit permissions only at a folder level.

Why are Permissions Important to Sharing in Windows?

Permissions are important because when you share something in Windows, you
actually assign a set of permissions to a specific user account or user group. A shared
folder can only be accessed by someone with a user account that has the permission
to access that folder.

For example, when using the Sharing Wizard, you choose the user name or the user
group and then one of these two permission levels:

• Read/Write – it is the equivalent of the “Modify” permission level.

• Read – it is the equivalent of the “Read & execute” permission level.

25
 When using the Sharing Wizard you will also see a permission level named “Owner.”
This is not a permission level per-se. It just signals that the folder you are about to
share is owned by the user account for which you see this entry. An owner has full
control over that folder. You will learn more about the Sharing Wizard and how to use
it in lesson 6.

When using advanced sharing, you can assign one of these three permission levels:

• Full Control – it allows reading, writing, changing, and deleting of any file and
subfolder.
• Change – it is the equivalent of the Modify permission level.
• Read – it is the equivalent of the Read & execute permission level.

When sharing resources with the network, you will encounter a special group that’s
named “Everyone.” This user group stands for anyone with or without a user account
on the computer who is sharing the resource with the network. As you will learn in
future lessons, this user group is very useful when you have a network with very
diverse devices and operating systems. Advanced sharing will be explained in detail,
in lesson 7.

26
 Why is it Useful to Use a Microsoft Account in Your Network?

Using a Microsoft account has both benefits (e.g. the ability to sync all your apps and
settings across multiple devices) and downsides (e.g. you will give more data to
Microsoft). From a network sharing perspective, using a Microsoft account can be
useful if you have a network with many PCs and devices with Windows 8.x:

• You log in with the same Microsoft account on all your devices, using the same
credentials.
• You don’t have to create separate local accounts on each computer or device with
Windows 8.x.
• Setting up permissions when sharing is easier because you don’t have to deal with
multiple local user accounts.
• Accessing network shares is also easier because you log in with the same user
account everywhere and you can quickly access everything that’s shared with it.

Source: http://www.businessdictionary.com/definition/system-access-level.html

https://www.howtogeek.com/school/windows-network-sharing/lesson1/

Note:

If "Access permissions" are granted to users who are registered to computers,

they are authorized to operate folders and files.
There are two types of access permissions:
• Network-level access permission
This is to control users who access to the shared folder over the network.
• Local-level access permission
This is to control users who access folders by logging on to their computers.
The local-level access permission can be set only when the drive in which folders
are located is formatted in NTFS.

Shared Folder without Access Control

In Windows Server 2008, you can use the special folder named "Public folder,"
which allows files to be shared with other users on the same network. Using the
Public folder, you can set up a shared folder without access control.
27
NOTE:
By default, the Public folder is created in the [Users] folder, on the drive (e.g. C
drive) Windows Vista is installed on.
Example: \Public\share

For Windows Server 2008 users

Sharing the Public folder

1. On the [Start] menu, select [Control Panel] to open [Control Panel] window.

2. Click [Set up file sharing] to open the [Network and Sharing Center] window.

3. In the [Network and Sharing Center] window, click the downwards arrow next to
[Public folder sharing].

28
4. Select [Turn on sharing so anyone with network access can open, change, and
create files], and then click [Apply].

NOTE:
• Do not select [Turn on sharing so anyone with network access can open files].
Otherwise, you will not be able to store a document scanned with this machine
in a shared folder.
• If the [User Account Control] dialog box appears in Windows Server 2008, click
[Continue].
5. Click the downwards next to [Password protected sharing].

29
6. Check [Turn off password protected sharing], and then click [Apply].

NOTE:
If the [User Account Control] dialog box appears in Windows Server 2008, click
[Continue].
For Windows Server 2008 R2 users

Sharing the Public folder

1. On the [Start] menu, select [Control Panel] to open [Control Panel] window.

30
2. Click [View network status and tasks] to open the [Network and Sharing Center]
window.

3. Click [Change advanced sharing settings] in the [Network and Sharing Center]
window.

31
4. In the [Advanced sharing settings] window, under [Public folder sharing], select
[Turn on sharing so anyone with network access can read and write files in the
Public folders].

5. Under [Password protected sharing], select [Turn off password protected sharing],
and then click [Save changes].

32
Creating a folder to store a file

You can store a file in the first level of the Public folder. This section describes the
procedure for creating a new folder in which to store a file in the Public folder.

1. Display the Public folder in Windows Explorer, etc.

2. Create a new folder in the Public folder.

33
NOTE:
It is recommended that you write down the folder name you created here.

Shared Folder with Access Control

Creating a User Account for Accessing a Shared Folder

You need to create user accounts for users who access the shared folder in
advance. This section describes the procedure for creating a new account on your
computer.
NOTE:
Even if you do not create a new account by following the procedures below, you
can add a pre-registered account for users who are permitted to access the
shared folder. In such case, you need to create a password if one has not been
set for the pre-registered account. Once the password is created, the user is
prompted to type it when he/she logs on to a computer.
1. On the [Start] menu, select [Control Panel] to open [Control Panel] window.

2. Click [Add or remove user accounts].

34
3. In the [Manage Accounts] dialog box, click [Create a new account].

4. In the [Create New Account] dialog box, enter the user name, check [Standard
user], and then click [Create Account].

35
NOTE:
• The user name must be up to 20 alphanumeric characters long.
• It is recommended that you write down the user name you created here.
5. Click the user name created in step 4, and then click [Create a password].

6. In the [Create Password] dialog box, type the password in two boxes, and then
click [Create password].

36
NOTE:
• The password must be up to 14 alphanumeric characters long.
• It is recommended that you write down the password you created here.
7. Close the [Change an Account] dialog box.

Setting a Shared Folder and Access Permissions

Once you create the account on your computer, create a shared folder. Add the
created account to the shared folder as a user who is permitted to access that folder.
Set the permission which allows the user to access the folders as well.
NOTE:
If "Access permissions" are granted to users who are registered for computers,
they are authorized to operate folders and files.
This section describes the procedure for granting FULL Control permission to the
"Everyone" account so that any user can access the shared folder.

There are two types of access permissions:

• Network-level access permission
This is to control users who access to the shared folder over the network.
• Local-level access permission

This is to control access to folders by users who are logged on to the computer.
The local-level access permission can be set only when the drive in which folders
are located is formatted in NTFS.

37
 The [File Sharing] dialog box is used to set up the access permissions. The
network-level and local-level access permissions for a user will be set
simultaneously when you select a permission level in the [File Sharing] dialog box.

For Windows Server 2008 users

1. Create a folder in any drive.

It is recommended to create the folder in a place where users can find it easily, such
as the first level in C drive.

Ex) C:\share

2. Right-click the created folder.

3. Select [Share...] to open the [File Sharing] dialog box.

4. Click [ ] on the left side of [Add], and select the user

38
5. Click [Add].

6. Select the added user. Select the [Contributor] or [Co-owner] check box. Click
[Share].

39
• If the [User Account Control] dialog box appears in Windows Server 2008, click
[Continue].
• Access permissions in Windows Server 2008
- Reader: A reader can only view shared files.

- Contributor: A contributor can create, alter and delete shared files, but not alter
access permissions.

- Co-owner: A co-owner can perform all file operations including creating, altering,
deleting shared files and altering access permissions.
7. Click [Done] to close the [File Sharing] dialog box.

40
For Windows Server 2008 R2 users

1. Create a folder in any drive.

It is recommended to create the folder in a place where users can find it easily, such
as the first level in C drive.

Ex) C:\share
NOTE:
It is recommended that you write down the folder name you created here.
2. Right-click the created folder.

3. Select [Share with], and then select [Specific people...] to open the [File Sharing]
dialog box.

4. Click [ ] on the left side of [Add], and then select the user.

41
5. Click [Add].

6. Select the added user. Select the [Read/Write] check box. Click [Share].

42
NOTE:
Access permissions in Windows Server 2008 R2

- Read: "Read" can only view shared files.

- Read/Write: "Read/Write" can create, alter and delete shared files, but not alter
access permissions.
7. Click [Done] to close the [File Sharing] dialog box.

Sources: https://support.usa.canon.com/kb/index?page=content&id=ART108077

43
 SELF CHECK 1.2

Direction: Match column A with the correct answer on column B. Write only the letter

on the space provided before each number.

COLUMN A COLUMN B

___1. These are a method for assigning access A. user account

rights to specific user accounts and user groups.

___2. Allows you to authenticate to Windows B. user group

or any other operating system so that you

are granted authorization to use them

___3. It allows reading, writing, changing and deleting C. permission

of any file and subfolder

___4. A collection of user accounts that share the same D. full control

security rights and permissions.

___5. It is part of an access control procedure for computer E. user access

systems, which allows a system administrator configuration

to set up a hierarchy of users.

44
 ACTIVITY SHEET 1.2
User Access Configuration Level

A. Direction: Answer the given questions. Write your answer on the separate answer
sheet.

1. What is user access configuration level?

2. What are the two types of access permission? (2pts)

3. Why are Permissions Important to Sharing in Windows?

4. What are File & Folder Permissions?

B. Arrange the following steps by putting number (1-7) on the space provided.

* For Windows Server 2008 R2 users

_____ Click [View network status and tasks] to open the [Network and Sharing

Center] window.

_____ Click [Change advanced sharing settings] in the [Network and Sharing

Center] window.

_____ In the [Advanced sharing settings] window, under [Public folder sharing],

select [Turn on sharing so anyone with network access can read and write

files in the Public folders].

_____ On the [Start] menu, select [Control Panel] to open [Control Panel] window.

_____ Under [Password protected sharing], select [Turn off password protected

sharing], and then click [Save changes].

45
 INFORMATION SHEET 1.3
Network Policies and Services

Learning Objectives:
After reading this Information Sheet, the learner is expected to:
a. Understand network policies and services
b. Install network policies and services
c. Value the importance of network security policy

Network Policy and Access Services (NPAS) is a component of Windows Server

2008. It replaces the Internet Authentication Service (IAS) from Windows Server 2003.
NPAS helps you safeguard the health and security of a network.
The Network Policy Server is the core component of a NAP deployment. It is used
to manage network access through the VPN server, RADIUS servers, and other
points of access to the network. Depending on your network environment, you may
deploy multiple NPS servers.

Network Policy and Access Services provides the following network connectivity
solutions:

• Network Access Protection (NAP). NAP is a client health policy creation,

enforcement, and remediation technology that is included in the
Windows Vista® client operating system and in the
Windows Server® 2008 operating system. With NAP, system
administrators can establish and automatically enforce health policies,
which can include software requirements, security update requirements,
required computer configurations, and other settings. Client computers
that are not in compliance with health policy can be provided restricted
network access until their configuration is updated and brought into
compliance with policy. Depending on how you choose to deploy NAP,

46
 noncompliant clients can be automatically updated so that users can
quickly regain full network access without manually updating or
reconfiguring their computers.

• Secure wireless and wired access. When you deploy 802.1X wireless
access points, secure wireless access provides wireless users with a
secure password-based authentication method that is easy to deploy.
When you deploy 802.1X authenticating switches, wired access allows
you to secure your network by ensuring that intranet users are
authenticated before they can connect to the network or obtain an IP
address using DHCP.

• Remote access solutions. With remote access solutions, you can

provide users with virtual private network (VPN) and traditional dial-up
access to your organization's network. You can also connect branch
offices to your network with VPN solutions, deploy full-featured software
routers on your network, and share Internet connections across the
intranet.

• Central network policy management with RADIUS server and proxy.

Rather than configuring network access policy at each network access
server, such as wireless access points, 802.1X authenticating switches,
VPN servers, and dial-up servers, you can create policies in a single
location that specify all aspects of network connection requests,
including who is allowed to connect, when they can connect, and the
level of security they must use to connect to your network.

Role services for Network Policy and Access Services

When you install Network Policy and Access Services, the following role services are
available:

• Network Policy Server (NPS). NPS is the Microsoft implementation of

a RADIUS server and proxy. You can use NPS to centrally manage
network access through a variety of network access servers, including

47
wireless access points, VPN servers, dial-up servers, and 802.1X
authenticating switches. In addition, you can use NPS to deploy secure
password authentication with Protected Extensible Authentication
Protocol (PEAP)-MS-CHAP v2 for wireless connections. NPS also
contains key components for deploying NAP on your network.

The following technologies can be deployed after the installation of the

NPS role service:

• NAP health policy server. When you configure NPS as a NAP

health policy server, NPS evaluates statements of health (SoH)
sent by NAP-capable client computers that want to communicate
on the network. You can configure NAP policies on NPS that allow
client computers to update their configuration to become
compliant with your organization's network policy.

• IEEE 802.11 Wireless. Using the NPS MMC snap-in, you can
configure 802.1X-based connection request policies for IEEE
802.11 wireless client network access. You can also configure
wireless access points as Remote Authentication Dial-In User
Service (RADIUS) clients in NPS, and use NPS as a RADIUS
server to process connection requests, as well as perform
authentication, authorization, and accounting for 802.11 wireless
connections. You can fully integrate IEEE 802.11 wireless access
with NAP when you deploy a wireless 802.1X authentication
infrastructure so that the health status of wireless clients is
verified against health policy before clients are allowed to connect
to the network.

• IEEE 802.3 Wired. Using the NPS MMC snap-in, you can
configure 802.1X-based connection request policies for IEEE
802.3 wired client Ethernet network access. You can also
configure 802.1X-compliant switches as RADIUS clients in NPS,
and use NPS as a RADIUS server to process connection
48
 requests, as well as perform authentication, authorization, and
accounting for 802.3 Ethernet connections. You can fully
integrate IEEE 802.3 wired client access with NAP when you
deploy a wired 802.1X authentication infrastructure.

• RADIUS server. NPS performs centralized connection

authentication, authorization, and accounting for wireless,
authenticating switch, and remote access dial-up and VPN
connections. When you use NPS as a RADIUS server, you
configure network access servers, such as wireless access points
and VPN servers, as RADIUS clients in NPS. You also configure
network policies that NPS uses to authorize connection requests,
and you can configure RADIUS accounting so that NPS logs
accounting information to log files on the local hard disk or in a
Microsoft® SQL Server™ database.

• RADIUS proxy. When you use NPS as a RADIUS proxy, you

configure connection request policies that tell the NPS server
which connection requests to forward to other RADIUS servers
and to which RADIUS servers you want to forward connection
requests. You can also configure NPS to forward accounting data
to be logged by one or more computers in a remote RADIUS
server group.

• Routing and Remote Access. With Routing and Remote Access, you
can deploy VPN and dial-up remote access services and multiprotocol
LAN-to-LAN, LAN-to-WAN, VPN, and network address translation (NAT)
routing services.

The following technologies can be deployed during the installation of the

Routing and Remote Access role service:

• Remote Access Service. Using Routing and Remote Access,

you can deploy Point-to-Point Tunneling Protocol (PPTP), Secure

49
 Socket Tunneling Protocol (SSTP), or Layer Two Tunneling
Protocol (L2TP) with Internet Protocol security (IPsec) VPN
connections to provide end users with remote access to your
organization's network. You can also create a site-to-site VPN
connection between two servers at different locations. Each
server is configured with Routing and Remote Access to send
private data securely. The connection between the two servers
can be persistent (always on) or on-demand (demand-dial).

Remote Access also provides traditional dial-up remote access to

support mobile users or home users who are dialing in to an
organization's intranets. Dial-up equipment that is installed on the
server running Routing and Remote Access answers incoming
connection requests from dial-up networking clients. The remote
access server answers the call, authenticates and authorizes the
caller, and transfers data between the dial-up networking client
and the organization intranet.

• Routing. Routing provides a full-featured software router and an open

platform for routing and internetworking. It offers routing services to
businesses in local area network (LAN) and wide area network (WAN)
environments.

Health Registration Authority (HRA). HRA is a NAP component that

issues health certificates to clients that pass the health policy verification
that is performed by NPS using the client SoH. HRA is used only with
the NAP IPsec enforcement method.

• Host Credential Authorization Protocol (HCAP). HCAP allows you to

integrate your Microsoft NAP solution with Cisco Network Access
Control Server. When you deploy HCAP with NPS and NAP, NPS can
perform client health evaluation and the authorization of Cisco 802.1X
access clients.

50
Managing the Network Policy and Access Services server role

The following tools are provided to manage the Network Policy and Access Services
server role:

• NPS MMC snap-in. Use the NPS MMC to configure a RADIUS server,
RADIUS proxy, or NAP technology.

• Netsh commands for NPS. The Netsh commands for NPS provide a
command set that is fully equivalent to all configuration settings that are
available through the NPS MMC snap-in. Netsh commands can be run
manually at the Netsh prompt or in administrator scripts.

• HRA MMC snap-in. Use the HRA MMC to designate the certification
authority (CA) that HRA uses to obtain health certificates for client
computers and to define the NPS server to which HRA sends client SoHs
for verification against health policy.

• Netsh commands for HRA. The Netsh commands for HRA provide a
command set that is fully equivalent to all configuration settings that are
available through the HRA MMC snap-in. Netsh commands can be run
manually at the Netsh prompt or in administrator-authored scripts.

• NAP Client Management MMC snap-in. You can use the NAP Client
Management snap-in to configure security settings and user interface
settings on client computers that support the NAP architecture.

• Netsh commands for configuring NAP client settings. The Netsh

commands for NAP client settings provide a command set that is fully
equivalent to all configuration settings that are available through the NAP
Client Management snap-in. Netsh commands can be run manually at
the Netsh prompt or in administrator-authored scripts.

• Routing and Remote Access MMC snap-in. Use this MMC snap-in to
configure a VPN server, a dial-up networking server, a router, NAT, VPN
and NAT, or a VPN site-to-site connection.

51
• Netsh commands for remote access. The Netsh commands for
remote access provide a command set that is fully equivalent to all
remote access configuration settings that are available through the
Routing and Remote Access MMC snap-in. Netsh commands can be
run manually at the Netsh prompt or in administrator scripts.

• Netsh commands for routing. The Netsh commands for routing

provide a command set that is fully equivalent to all routing configuration
settings that are available through the Routing and Remote Access MMC
snap-in. Netsh commands can be run manually at the Netsh prompt or
in administrator scripts.

• Wireless Network (IEEE 802.11) Policies - Group Policy

Management Console (GPMC). The Wireless Network (IEEE 802.11)
Policies extension automates the configuration of wireless network
settings on computers with wireless network adapter drivers that support
the Wireless LAN Autoconfiguration Service (WLAN Autoconfig
Service). You can use the Wireless Network (IEEE 802.11) Policies
extension in the Group Policy Management Console to specify
configuration settings for either or both Windows XP and Windows Vista
wireless clients. Wireless Network (IEEE 802.11) Policies Group Policy
extensions include global wireless settings, the list of preferred
networks, Wi-Fi Protected Access (WPA) settings, and IEEE 802.1X
settings.

When configured, the settings are downloaded to Windows wireless

clients that are members of the domain. The wireless settings configured
by this policy are part of the Computer Configuration Group Policy. By
default, Wireless Network (IEEE 802.11) Policies are not configured or
enabled.

• Netsh commands for wireless local area network (WLAN). Netsh

WLAN is an alternative to using Group Policy to configure Windows Vista
wireless connectivity and security settings. You can use the Netsh wlan
52
 commands to configure the local computer, or to configure multiple
computers using a logon script. You can also use the Netsh wlan
commands to view wireless Group Policy settings and administer
Wireless Internet Service Provider (WISP) and user wireless settings.

• Wired Network (IEEE 802.3) Policies - Group Policy Management

Console (GPMC). You can use the Wired Network (IEEE 802.3) Policies
to specify and modify configuration settings for Windows Vista clients
that are equipped with network adapters and drivers that support Wired
AutoConfig Service. Wireless Network (IEEE 802.11) Policies Group
Policy extensions include global wired and IEEE 802.1X settings. These
settings include the entire set of wired configuration items associated
with the General tab and the Security tab.

Using NPS as a RADIUS server

You can use NPS as a RADIUS server when:

• You are using an AD DS domain or the local SAM user accounts database as
your user account database for access clients.
• You are using Remote Access on multiple dial-up servers, VPN servers, or
demand-dial routers and you want to centralize both the configuration of network
policies and connection logging and accounting.
• You are outsourcing your dial-up, VPN, or wireless access to a service provider.
The access servers use RADIUS to authenticate and authorize connections that
are made by members of your organization.
• You want to centralize authentication, authorization, and accounting for a
heterogeneous set of access servers.

The following illustration shows NPS as a RADIUS server for a variety of access
clients.

53
The following illustration shows NPS as a RADIUS proxy between RADIUS clients
and RADIUS servers.

With NPS, organizations can also outsource remote access infrastructure to a

service provider while retaining control over user authentication, authorization, and
accounting.

NPS configurations can be created for the following scenarios:

• Wireless access
• Organization dial-up or virtual private network (VPN) remote access

54
 • Outsourced dial-up or wireless access
• Internet access
• Authenticated access to extranet resources for business partners

Source:
http://techgenix.com/understanding-configuring-network-policy-access-services-server-2012-
part1/

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server
2012-r2-and-2012/hh831683(v=ws.11)
http://winintro.ru/nas.en/

55
 SELF CHECK 1.3

Multiple Choice. Encircle the letter of the correct answer.

1. A window Server 2008 computer that has been configured with the Active

Directory DS role is referred to as

a. Domain controller c. Global catalog

b. Domain manager d. DNS server

2. It is a component of Windows Server 2008.

a. Domain controller c. NPAS

b. Active manager d. DNS server

3. What is the highest available forest functional?

a. Windows 2008 c. Windows server 2008

b. Windows server 2003 d. Windows 2009

4. It is also provides traditional dial-up remote access to support mobile

users or home users who are dialing in to an organization's intranets

a. Remote Access c. Client

b. DNS d. Server

5. What is the Microsoft implementation of a RADIUS server and

Proxy?

a. Active Domain c. DHCP

b. Network Policy Server d. Forest

56
 ACTIVITY SHEET 1.3
Network Policies and Services

Direction: Answer the given questions below. Write your answer on the space
provided.

1-2. What are the role services available when you install NPAS?
_________________________________________________
_________________________________________________

3-7 What are the tools provided in managing NPAS?

_________________________________________________
_________________________________________________
_________________________________________________
_________________________________________________
_________________________________________________

8-10 After the installation of the NPS role service, what are the
technologies can be deploy?

_________________________________________________
_________________________________________________
_________________________________________________

57
 TASK SHEET 1.3
Network Policies and Services

Direction: Explain the difference of the two (2) given illustration. (10pts)

Illustration 1

Illustration 2

58
 INFORMATION SHEET 1.4
Setup Peer-to-Peer Network Access

Learning Objectives: After reading this Information Sheet, the learner is expected
to:
a. Understand peer to peer networking
b. Create peer to peer server
c. Value the importance of peer to peer network access

In a peer-to-peer (P2P) network, the "peers" are computer systems which are
connected to each other via the Internet. Files can be shared directly between systems
on the network without the need of a central server. In other words, each computer on
a P2P network becomes a file server as well as a client.

Once connected to the network, P2P software allows you to search for files on other
people's computers. Meanwhile, other users on the network can search for files on
your computer, but typically only within a single folder that you have designated to
share. While P2P networking makes file sharing easy and convenient, is also has led
to a lot of software piracy and illegal music downloads. Therefore, it is best to be on
the safe side and only download software and music from legitimate websites.

Create peer to peer Server

o Computer Name→ IP Address→ Subnet Mask→ Primary DNS Server→ Test
Network Connection using PING

PEER TO PEER METWORK SHARING

Step 1: Navigate to the Desktop. Open command prompt and then use the command
<cd Desktop> to change into the desktop directory. This step is simply for convenience
so that it is easier to find the folder you're going to be working with . You can open
command prompt by clicking on the windows button at the bottom left and tying <cmd>.

59
Step 2: Create Your Folder

Use the command <md *folder name*> . Make sure that it is visible on your desktop.
The command md allows you to create a new folder. After tying md press space and
type the name of the folder you want to create. If the folder has more than one word
in the name make sure to put the name in quotation marks.

Step 3: Navigate to the Folder and Open the Properties

Open the file explorer and go under the Desktop section. Left-click then right-click on
the folder. The left-click highlights the folder, and the right-click opens a menu of
options. Once the menu of options pops up click on the properties. When you open
the properties window go to the sharing section.

60
Step 4: Choose Who You Want to Share With.

Type <Everyone> and click add. Once you're done with that click share and then go
to the advanced sharing.The default setting for the folder is set to only read. This
means that if a person accesses the folder they will only be able to view the files and
not actually be able to write to the folder.

61
Step 5: Sharing the Folder

Press the box that lets you share the folder and then go into the permissions section.

Step 6: Permissions

Make sure to give full control to the people that have access to the shared folder. Click
Apply then click OK. Once you press OK you'll be back at the advanced sharing page.
Press Apply and OK on that page too.

62
Step 7: Open Control Panel

Navigate into the control panel and click on the Network and Internet section.

Step 8: Network and Sharing

Navigate into the Network and Sharing section.

63
Step 9: Advanced Sharing

Navigate to the advanced sharing settings.

Step 10: Choose Home and Work / Public

There are many settings that need to be changed in both of the options.

64
Step 11: Select All Options

There are going to be many options, the ones you need for the sharing to work are
pretty common sense like making sure that your device is allowed to be discovered.
And turn off password protected sharing.

65
Step 12: Go Into Network

Go onto another computer and open the file explorer. Go into the Network section
found on the left hand side at the bottom.

Step 13: Find the Device

Find the original device that the file was shared from.

66
Step 14: Find the Folder That Was Shared

Once you click on the device you will find all the files that were shared from it. You can
tell that the folder is shared over the network because it has the green crossroads
looking thing under its name.

Source: https://techterms.com/definition/p2p

https://www.instructables.com/id/Peer-to-Peer-Network-Sharing/

67
 SELF CHECK 1.4

Direction: Arrange the following steps on peer to peer networking by putting number
(1-15) on the space provided.

____ Go Into Network. Go onto another computer and open the file explorer. Go into
The Network section found on the left hand side at the bottom.
____ Create Your Folder. Use the command <md *folder name*> . Make sure that it
is visible on your desktop. The command md allows you to create a new folder.
____ Navigate to the Desktop. Open command prompt and then use the command
<cd Desktop> to change into the desktop directory.
____ Open Control Panel. Navigate into the control panel and click on the Network
and Internet section.
____ Choose Who You Want to Share With.Type <Everyone> and click add. Once
you're done with that click share and then go to the advanced sharing
____ Find the original device that the file was shared from.
____ Navigate to the Folder and Open the Properties
____ Find the Folder That Was Shared
____ Select All Options and turn off password protected sharing
____ Navigate to the advanced sharing settings.
____ Network and sharing. Navigate into the Network and Sharing section
____ Choose Home and Work / Public
____ Permissions. Make sure to give full control to the people that have access to the
shared folder. Click Apply then click OK.
____ Sharing the folder. Press the box that lets you share the folder and then go into
the permissions section.
____ You can tell that the folder is shared over the network because it has the green
crossroads looking thing under its name.

68
 ACTIVITY SHEET 1.4
Set Up Peer-To-Peer (P2p) Network Access

A. Direction: Explain concisely the illustration below about Networking. (5pts)

__________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

B. Arrange the steps in creating peer to peer Server. Write the correct sequence on
the space provided.

Computer Name→ 1. ____________

IP Address→ 2. ____________
Subnet Mask→ 3. ____________
Test Network Connection using PING→ 4. ____________
Primary DNS Server→ 5. ____________

69
 INFORMATION SHEET 2.1
Configure Server Function

Learning Objectives:
After reading this Information Sheet, the learner is expected to:
a. Understand server function
b. Configure server manager
c. Appreciate the importance of server function

Server is a computer program that provides a service to another computer programs

and their users. A physical computer which runs a server programme is frequently
refer to as a SERVER. Servers perform various essential tasks and activities that is
a very crucial thing of any organization's IT infrastructure. The many complex
processes that take place during an activity, for example a security and authentication
to billing and orders, the purchase could not take place without several powerful
servers handling the load hence servers are very much important for any organisation.

Functions of Server:
The main and important function of a server is to listen in on a port for incoming
network requests, and a good demonstration of this is the interaction between a Web
server and browser. For a user the process is instantaneous, but when he clicks a link
while surfing on the Web, several things are taking place behind the scenes like the
request for the Web page is transmitted to the corresponding web server, and the
server fetches and assembles the Web page and retransmits it using a protocol like
HTTP, and, the user's browser receives the data, converts it, and displays the page.

Types of Servers

There are mainly three types of Server Hardware are as given below.

70
1. Tower server
It is a computer intended for use as a server that built in an upright cabinet that stands
alone. The cabinet is called a tower which is similar in size and shape to the cabinet
for a tower-style personal computer.

2. Rack server
A rack server, is a rack-mounted server and a computer dedicated server to use as a
server and designed to be installed in a framework called a rack. The rack contains
multiple mounting slots, each designed to hold a hardware unit secured in place with
screws.

3. Blade server

Blade server is a server architecture that houses multiple server modules in a single
chassis. It is widely used to improve system management and either self-standing or
rack mounted, the chassis provides the power supply, and each blade has its own
CPU, RAM and storage.

There are some common servers used by organizations are mention below.

1. Proxy server

It is a server that is called a computer, acts as an intermediary between the user's

computer and the Internet and allows client computers to make indirect network
connections to other network services.

2. Mail server

A mail server is a computer system that sends and receives email using standard
email services protocols like the SMTP protocol that sends messages and handles
outgoing mail requests.

3. DNS name

It is a program that uses HTTP to serve the files that form Web pages to users, in
response to their requests. Dedicated computers and appliances are may be called as
Web servers.

71
4. Application server

This type of server is acts as a set of components accessible to the software developer
through a standard API defined for the platform itself. These are usually performed in
the same running environment as their web server(s), and their main work is to support
the construction of dynamic pages.

5. Active Directory Server

Active Directory (AD) is consists of several services that run on Windows Server to
manage permissions and access to networked resources. AD stores data as objects
and it is a single element, such as a user, group, application or device, such as a
printer. These objects are normally defined as either resources like printers or
computers or security principals such as users or groups.

6. DHCP SERVER

Here DHCP stands for a dynamic host configuration protocol. Which is a network
protocol used on IP networks where it is automatically assigns an IP address and other
information to each host on the network hence it can communicate efficiently with other
endpoints.

7. DNS SERVER

DNS stands for Domain Name System. It is the Internet's system for converting
alphabetic names into numeric IP addresses for example, when a URL is typed into a
browser, DNS servers return the IP address of the Web server associated with that
name.

8. Terminal Server

A terminal server is a network device that enables connections to multiple client server
network systems and connect to a LAN network. Microsoft introduced this concept by
releasing terminal services as a part of the Windows Server OS.

72
9. Print Server

It is also called as printer server, which is a device that connects printers to client
computers over a network. Print server accepts print jobs from the computers and
sends the jobs to the appropriate printers.

10. Real-time communication server

It is a term used for any live telecommunications that occur without transmission
delays and it is nearly instant with minimal latency. RTC (Real-time communication
server) data and messages are not stored between transmission and reception.

11. FTP server

It is a network protocol used to move computer files between a client and server. FTP
(File Transfer Protocol) is built on a client-server model architecture using separate
control and data connections between the client and the server.

12. List Server

It is a Server or a server program that handles subscription requests for a mailing list
and distributes new messages and other postings from the list's members to the entire
list of subscribers.

13. Telnet Server

It is a network text-only protocol that offers bidirectional interactive communications

facility using virtual terminal connection. Telnet allows connecting to a remote
computer over Internet and using programs and data as if they were on your local
machine.

14. Open Source Server

It is a program whose source code is made available to use or modification as users

where open source software is always developed as a public collaboration and made
freely available.

73
How Does A Server Works?
In Networking, Servers are named depending on what they serve. It is referred to a
system which is capable of serving contents and many important things. The system
may be running windows, Linux or other operating systems. Take an example, web
server can be running windows, Linux or any other OS depending on your choice.
After choosing the operating system for the web server then you can install the
software needed for that system to be web server.

Configuring Your Server

After you’ve installed Windows Server 2008, the computer automatically reboots, and
you’re presented with the Initial Configuration Tasks Wizard. This wizard guides you
through the most important initial tasks for configuring your new server.

The following list describes the server configuration settings available from this wizard:

74
 • Set the Administrator Password: The very first thing you should do after
installing Windows is set a secure administrator password.

• Set the Time Zone: This is necessary only if the indicated time zone is
incorrect.

• Configure Networking: The default network settings are usually

appropriate, but you can use this option to change the defaults if you
wish.

• Provide Computer Name and Domain: This option lets you change the
server’s computer name and join a domain.

• Enable Automatic Updating: Use this option if you want to let the server
automatically check for operating system updates.

• Download and Install Updates: Use this option to check for critical
operating system updates.

• Add Roles: This option launches the Add Roles Wizard, which lets you
configure important roles for your server.

• Add Features: This option lets you add more operating system features.

• Enable Remote Desktop: Use this option to enable the Remote Desktop
feature, which lets you administer this server from another computer.

• Configure Windows Firewall: If you want to use the built-in Windows

firewall, this option lets you configure it.

Server Manager is a management console in Windows Server that helps IT

professionals provision and manage both local and remote Windows-based servers
from their desktops, without requiring either physical access to servers, or the need to
enable Remote Desktop protocol (rdP) connections to each server. Although Server
Manager is available in Windows Server 2008 R2 and Windows Server 2008, Server
Manager was updated in Windows Server 2012 to support remote, multi-server
management, and help increase the number of servers an administrator can manage.

75
In our tests, Server Manager in Windows Server 2016, Windows Server 2012 R2, and
Windows Server 2012 can be used to manage up to 100 servers, depending on the
workloads that the servers are running. The number of servers that you can manage
by using a single Server Manager console can vary depending on the amount of data
that you request from managed servers, and hardware and network resources
available to the computer running Server Manager. As the amount of data you want to
display approaches that computer's resource capacity, you can experience slow
responses from Server Manager, and delays in the completion of refreshes. To help
increase the number of servers that you can manage by using Server Manager, we
recommend limiting the event data that Server Manager gets from your managed
servers, by using settings in the Configure Event Data dialog box. Configure Event
Data can be opened from the Tasks menu in the Events tile.

To start Server Manager on a client computer

1. Follow instructions in Remote Server Administration Tools to install Remote

Server Administration Tools for Windows 10.
2. On the start screen, click Server Manager. The Server Manager tile is
available after you install Remote Server Administration Tools.
3. if neither the Administrative Tools nor the Server Manager tiles are displayed
on the start screen after installing Remote Server Administration Tools, and
searching for Server Manager on the start screen does not display results, verify
that the Show administrative tools setting is turned on. To view this setting,
hover the mouse cursor over the upper right corner of the start screen, and then
click Settings. If Show administrative tools is turned off, turn the setting on to
display tools that you have installed as part of Remote Server Administration
Tools.

Important

By default, Server Manager and Windows PowerShell remote management is enabled

in Windows Server 2016.

76
To perform management tasks on remote servers by using Server Manager, remote
servers that you want to manage must be configured to allow remote management by
using Server Manager and Windows PowerShell. If remote management has been
disabled on Windows Server 2012 R2 or Windows Server 2012 , and you want to
enable it again, perform the following steps.

To configure Server Manager remote management on Windows Server 2012

R2 or Windows Server 2012 by using the
Windows interface
1. Note

The settings that are controlled by the Configure remote Management dialog
box do not affect parts of Server Manager that use DCOM for remote
communications.

Do one of the following to open Server Manager if it is not already open.

o On the Windows taskbar, click the Server Manager button.

o On the start screen, click Server Manager.
2. In the Properties area of the Local Servers page, click the hyperlinked value
for the remote management property.
3. Do one of the following, and then click OK.
o To prevent this computer from being managed remotely by using Server
Manager (or Windows PowerShell if it is installed), clear the Enable remote
management of this server from other computers check box.
o To let this computer be managed remotely by using Server Manager or
Windows PowerShell, select Enable remote management of this server
from other computers.

To enable Server Manager remote management on Windows Server 2012

R2 or Windows Server 2012 by using Windows
PowerShell

1. Do one of the following.

77
 o To run Windows PowerShell as an administrator from the start screen,
right-click the Windows PowerShell tile, and then click Run as
Administrator.
o To run Windows PowerShell as an administrator from the desktop, right-
click the Windows PowerShell shortcut in the taskbar, and then click Run
as Administrator.
2. type the following, and then press Enter to enable all required firewall rule
exceptions.

Configure-SMremoting.exe -Enable

Note

This command also works in a command prompt that has been opened with
elevated user rights (Run as Administrator).

Tasks that you can perform in Server Manager

Server Manager makes server administration more efficient by allowing administrators

to do tasks in the following table by using a single tool. In Windows Server 2012 R2
and Windows Server 2012 , both standard users of a server and members of the
Administrators group can perform management tasks in Server Manager, but by
default, standard users are prevented from performing some tasks, as shown in the
following table.

Note

Server Manager cannot be used to add roles and features to servers that are running
Windows Server 2008 R2 or Windows Server 2008 .

start Server Manager

Server Manager starts automatically by default on servers that are running Windows
Server 2016 when a member of the Administrators group logs on to a server. If you
close Server Manager, restart it in one of the following ways. This section also contains

78
steps for changing the default behavior, and preventing Server Manager from starting
automatically.

To start Server Manager from the start screen

• On the Windows start screen, click the Server Manager tile.
To start Server Manager from the Windows desktop
• On the Windows taskbar, click Server Manager.
To prevent Server Manager from starting automatically

1. In the Server Manager console, on the Manage menu, click Server Manager
Properties.
2. In the Server Manager Properties dialog box, fill the check box for Do not start
Server Manager automatically at logon. Click OK.
3. Alternatively, you can prevent Server Manager from starting automatically by
enabling the Group Policy setting, Do not start Server Manager automatically
at logon. The path to this policy setting, in the Local Group Policy editor console,
is computer Configuration\Administrative Templates\System\Server Manager.

Restart remote servers

You can restart a remote server from the Servers tile of a role or group page in Server
Manager.

Important

Restarting a remote server forces the server to restart, even if users are still logged
on to the remote server, and even if programs with unsaved data are still open. This
behavior is different from shutting down or restarting the local computer, on which you
would be prompted to save unsaved program data, and verify that you wanted to force
logged-on users to log off. Be sure that you can force other users to log off of remote
servers, and that you can discard unsaved data in programs that are running on the
remote servers.

79
To restart remote servers in Server Manager

1. Open a role or server group home page in Server Manager.

2. select one or more remote servers that you have added to Server Manager.
Press and hold Ctrl as you click to select multiple servers at one time. For more
information about how to add servers to the Server Manager server pool, see add
Servers to Server Manager.
3. Right-click selected servers, and then click Restart Server.

Export Server Manager settings to other computers

In Server Manager, your list of managed servers, changes to Server Manager console
settings, and custom groups that you have created are stored in the following two files.
You can reuse these settings on other computers that are running the same release
of Server Manager (or Windows 10 with Remote Server Administration Tools
installed). Remote Server Administration Tools must be running on Windows client-
based computers to export Server Manager settings to those computers.

Note
• Manage As (or alternate) credentials for servers in your server pool are not stored
in the roaming profile. Server Manager users must add them on each computer
from which they want to manage.
• The network share roaming profile is not created until a user logs on to the
network, and then logs off for the first time. The Serverlist.xml file is created at
this time.

You can export Server Manager settings, make Server Manager settings portable, or
use them on other computers in one of the following two ways.

• To export settings to another domain-joined computer, configure the Server

Manager user to have a roaming profile in active directory Users and computers.
You must be a Domain Administrator to change user properties in active directory
Users and computers.

80
 • To export settings to another computer in a workgroup, copy the preceding two
files to the same location on the computer from which you want to manage by
using Server Manager.

Source:

https://docs.microsoft.com/en-us/windows-server/administration/server-manager/server-
manager

https://www.dummies.com/programming/networking/network-server-setup-installation-and

configuration/

https://www.sancuro.com/blog/post/What-Is-A-SERVER-And-What-Are-the-Functions-of-It/

https://dirteam.com/sander/2010/07/03/server-manager-in-windows-server-2008-r2-part-1/

81
 SELF CHECK 2.1

Multiple Choice. Encircle the letter of the correct answer.

1. Which network protocol used on IP networks where it is automatically assigns an

IP address and other information to each host on the network?

a. DHCP Server c. DNS Server

b. HTTP D. List Server

2. What do you call a computer program that provides a service to

another computer programs and their users?

a. DHCP Server c. DNS Server

b. Server D. List Server

3. It makes server administration more efficient by allowing administrators to do tasks

in the following table by using a single tool.

a. DHCP Server c. Server Manager

b. FTP Server D. List Server

4. It is a network protocol used to move computer files between a client and server.

a. DHCP Server c. FTP Server

b. HTTP D. List Server

5. It is a program that uses HTTP to serve the files that form Web pages to users, in

response to their requests.

a. DNS Server c. FTP Server

b. HTTP D. List Server

82
 ACTIVITY SHEET 2.1
Configure Server Function

Identification. Write your answer on the space provided.

__________1. It starts automatically by default on servers that are running Windows

Server 2016 when a member of the Administrators group logs on to a
server.
__________2. It is the Internet's system for converting alphabetic names into numeric
IP addresses.
__________3. A computer system that sends and receives email using standard email
services protocols
__________4. It is a program whose source code is made available to use or
modification as users
__________5. Consists of several services that run on Windows Server to manage
permissions and access to networked resources.
__________6. This type of server is acts as a set of components accessible to the
software developer through a standard API defined for the platform
itself.
__________7. A computer program that provides a service to
another computer programs and their users.
__________8. This option launches the Add Roles Wizard, which lets you configure
important roles for your server.
__________9. It is a network protocol used to move computer files between a client
and server.
__________10. Use this option to check for critical operating system updates.

83
 INFORMATION SHEET 2.2
Server Modules and Add-Ons

Learning Objectives:
After reading this Information Sheet, the learner is expected to:
a. Understand server module add-ons
b. Configure server module add-ons
c. Value the importance of server modules and add-ons

Server Modules are primarily comprised of individual routines (SrvRoutines) that are
typically coded to perform database centric processing. They also provide Session
handling features allowing data to persist between calls to the server and a timeout to
be specified.

Configuring Modules in IIS 7

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows
Vista

The IIS 7 extensibility model lets you develop and deploy Web server components,
named modules, as either native DLLs that use native C++ APIs or managed types
developed by using ASP.NET APIs. Web server modules can be either of the following
types:

• Native modules (native .dll files): These files are also named unmanaged
modules, because they are not created by using the ASP.NET model. By default,
most of the features included in the Web server are implemented as native
modules.
• Managed modules (managed types created by .NET assemblies): These
modules are created by using the ASP.NET model.

84
This section includes the following tasks:

Configuring Native Modules (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows
Vista

Modules process parts of a request to provide a desired service, such as

authentication or compression. This process is similar to the manner that Internet
Server API (ISAPI) filters work. Typically, modules do not generate responses to
clients; instead, handlers perform this action because they are better suited for
processing specific requests for specific resources. Native modules are loaded when
a Web server worker process is initialized. These modules can provide services—for
example, authentication or compression—for a site or an application.

For security reasons, native modules are registered or unregistered only at the Web
server level by the server administrator. However, you can enable or remove
registered native modules at the site or application level.

Configuring Managed Modules (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows
Vista

Modules process parts of a request to provide a desired service, such as

authentication or compression. They operate much like the manner in which Internet
Server API (ISAPI) filters work. Typically, modules do not generate responses to
clients; instead, handlers perform this action because they are better suited for
processing specific requests for specific resources.

Managed modules can be configured separately for each site or application. They are
loaded for processing only when this is required by that site or application.

Source: https://docs.microsoft.com/en-usServerModule

85
 SELF CHECK 2.2

Multiple Choice. Encircle the letter of the correct answer.

1. These files are also named unmanaged modules, because they are not created by

using the ASP.NET model.

a. Native Modules c. DNS Server

b. Managed Modules D. Client

2. These modules are created by using the ASP.NET model.

a. Native Modules c. Server

b. Managed Modules D. List Server

3. These are primarily comprised of individual routines (SrvRoutines) that are

typically coded to perform database centric processing.

a. Server Module c. Client Manager

b. FTP Server D. List Server

4. It can be either native or managed module.

a. Client-Server c. FTP Server module

b.Peer-to-Peer D. Web server module

5. The ____________model lets you develop and deploy Web server components,

named modules, as either native DLLs that use native C++ APIs or managed types

developed by using ASP.NET APIs.

a. DNS Server c. IIS 7 extensibility

b. HTTP D. List Server

86
 ACTIVITY SHEET 2.2
Server Module and Add-Ons

Direction: Answer the following question. Write your answer on the space provided?

1. What is server modules?

___________________________________________________________________
___________________________________________________________________

2. What are the different types of web server modules?

___________________________________________________________________
___________________________________________________________________

3. How to configure nature server module?

___________________________________________________________________
___________________________________________________________________

4. How to configure managed server module?

___________________________________________________________________
___________________________________________________________________

5. What is the importance of server modules and add-ons?

___________________________________________________________________
___________________________________________________________________

87
 INFORMATION SHEET 2.3
Network Services and Its Operation

Learning Objectives:
After reading this Information Sheet, the learner is expected to:
a. Identify network services and its operation
b. Enumerate the different types of network services
c. Signify the importance of network operation
In computer networking, a network service is an application running at the
network application layer and above, that provides data storage, manipulation,
presentation, communication or other capability which is often implemented using
a client-server or peer-to-peer architecture based on application layer network protocols.

Each network service is usually provided by a server component running on one

or more computers (often a dedicated server computer offering multiple services) and
accessed via a network by client components running on other devices. However, the
client and server components can both be run on the same machine.

Clients and servers will often have a user interface, and sometimes other hardware
associated with it.

Examples are the Domain Name System (DNS) which translates domain names
to Internet protocol (IP) addresses and the Dynamic Host Configuration
Protocol (DHCP) to assign networking configuration information to network
hosts. Authentication servers identify and authenticate users, provide user account
profiles, and may log usage statistics.

E-mail, printing and distributed (network) file system services are common
services on local area networks. They require users to have permissions to access the
shared resources.

Other network services include:

88
• Directory services
• e-Mail
• File sharing
• Instant messaging
• Online game
• Printing
• File server
• Voice over IP
• Video on demand
• Video telephony
• World Wide Web
• Simple Network Management Protocol
• Time service
• Wireless sensor network

DIFFERENT TYPES OF NETWORK SERVICES

The term network services is used to describe a wide range of software and
connectivity tools that are managed by a central group and distributed to the
networked computers. A networked computer environment occurs when multiple
computers are connected to each other or a central server. The computers are able to
access shared files and utilities from a central location. There are several advantages
to this type of environment, ranging from increased quality control to performance and
issue management.
Server maintenance is a type of network service.
There are four types of network services: user management, email, printing, and
system administration. In a networked environment, the desktops are known as client
computers or workstations. The servers are typically stored in a special temperature-
controlled room that is often physically located in a different building or space than the
workstation users. Access is provided through network cables that are used to transmit
data packages within the network. These cables also provide access to the Internet,
typically after being routed through a central server or network switch.

89
Photocopiers are often connected to a network, allowing users to schedule print jobs
from their desks.
User management is a range of services, from the creation of user names and
passwords to the allocation of rights, privileges, and access. For example, when a new
staff member joins a department, the network administrator must create a new
account for this person to access the network services. Access to applications, files,
services, and tools this person will require to complete his or her job must be provided
by the system administrator. This is known as user management and authentication.
Email is a widely used productivity tool that requires connection to the Internet. In
addition, many organizations have a policy surrounding the email software that can be
used, the maximum storage capacity, and the file sizes that can be transmitted. Most
organizations provide staff with a company-specific email address, which requires the
creation and maintenance of an email server.

Shared printing is one of the primary network services required in any

organization. Instead of individual printers at each desk, all the users can submit
printing jobs to a central unit. This unit is often a multi-function printer, scanner, and
photocopier. In order to provide this type of network service, many firms implement
special printer management software to control the flow of documents and protect
confidential documents. From a system administration perspective, the ability to
control all the workstations from a central location is the best network service. The
administrator is responsible for deploying new software applications, updating the
operating systems, and maintaining the same versions of software programs on all the
workstations. Many firms lock the workstations, so only the system administrator can
add new software or run new programs. This increases the overall quality of the
network and reduces staff time spent on computer maintenance.

System administration capabilities are used in conjunction with manual

troubleshooting to locate network issues.

90
Source:

https://www.wisegeek.com/what-are-the-different-types-of-network-services.htm

https://en.wikipedia.org/wiki/Network_service

91
 SELF CHECK 2.3

Fill in the Blank.

Direction. Write the correct answer on the space provided.

1. ____________ is one of the primary network services required in any

organization. Instead of individual printers at each desk, all the users can submit

printing jobs to a central unit.

2. ___________are used in conjunction with manual troubleshooting to locate network

issues.

3-4 ______________ and _____________________ are common services on local

area networks. They require users to have permissions to access the shared
resources.

5. _______________ usually provided by a server component running on one or more

computers (often a dedicated server computer offering multiple services) and

accessed via a network by client components running on other devices.

92
 ACTIVITY SHEET 2.3
Network Services and Its Operation

Direction: Explain concisely.

1-6 In computer networking, a network

service _____________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________

6-10 Enumerate the following:

Different Types of Network services
________________________
________________________
________________________
________________________
________________________
________________________

11-15 Types of network services

________________________
________________________
________________________
________________________

93
 INFORMATION SHEET 2.4
Procedures in Respond to Unplanned Events and
Condition

Learning Objectives:
After reading this Information Sheet, the learner is expected to:
a. Explain hazards and risks in the workplace
b. Apply contingency measures in accordance with the OHS procedures
c. Appreciate the importance of procedures in respond to unplanned
events and condition

Occupational safety and health (OSH) is a planned system of working to prevent

illness and injury where you work by recognizing and identifying hazards and risks.
Health and safety procedure is the responsibility of all persons in the computer and
technology industries. You must identify the hazards where you are working and
decide how dangerous they are. Eliminate the hazard or modify the risk that it
presents.

Examples of workplace hazards include: -frayed electrical cords (could result in

electrical shock) -boxes stacked unsecurely (they could fall on someone) -noisy
machinery (could result in damage to your ear)

Whenever you spot a hazard, assess the risk by asking yourself two questions: - How
likely is it that the hazard could harm me or someone else? - How badly could I or s
omeone else be harmed?

Sometimes you may be able to fix simple hazards yourself, as long as you don't put
yourself or others at risk. For
example, you can pick up things from the floor and put them away to eliminate a trip

94
hazard. What to do?
• Ask your supervisor/teacher for instructions and training before using
equipment.
• Ask for help moving or lifting heavy objects.

Watch video clip about OHSP type this link on the address bar:
https://www.youtube.com/watch?v=aR-1kKCvmLE

Is an agent, factor or circumstance that can cause harm with or without contact. They
can be classified as type of occupational hazard or environmental hazard. One of the
most common physical hazards involving computer technicians is cables running
across the floor. If someone trips, falls, and hurts himself because of a cable you ran
across the floor, someone (you, your employer, or your customer) has a serious legal
negligence problem.
For cables that are temporary but will need to run across the floor for a longer period
of time, use "gaffers tape". Gaffers tape is a heavy tape with strong adhesive to stick
to the floor. It comes in a wide range of colors, from unintrusive matte black to hazard
warning red. Although it has strong adhesive, it can be removed easily and cleanly.
• It is created as a result of either powered or manual (human) use of tools,
equipment or machinery and plant. When working on electronic equipment, ask
yourself "Is there any way this equipment could hurt me?. You might stick your
hand in a printer and suddenly the paper feed arm moves, feeding not only

95
 paper through the printer, but a piece of your finger too. When working on
electronic equipment always be
• A type of occupational hazard caused by exposure to chemicals in the
workplace. Exposure to chemicals in the workplace can cause acute or long-
term detrimental health effects. There is a wide array of chemicals used with
electronic equipment. There are display cleaning chemicals, keyboard cleaning
chemicals, compressed gas dirt and dust removers, and many cleaning
solvents. Some of these chemicals can be harmful if accidentally swallowed,
get on bare skin
• Inside computers and electronic equipment, there is a range of voltages from
3.3 volts to 25 volts, most of these are harmless. But at the power supply, you'll
find line voltage, which is a lethal 220 volts. Most of the time while working
inside computers and electronic equipment, you'll want them unplugged from
the wall socket. If you need to work on equipment while it is still plugged in or
powered up, remove all jewelry and wrist watches. If you must work
• CRT monitors are becoming less common nowadays, but should you run into
one, it is best NOT to open it up. Instead, outsource any CRT repair job to a
qualified CRT repair service. A CRT monitor has a high-voltage anode inside it,
which can carry a charge of up to 25,000 volts, and it can still be holding a high
charge days after the power is removed. If you must open a CRT monitor case
for some reason, be sure to study the proper way to discharge a CRT before
you proceed.
Procedure:

1. Identify the hazard.

2. Clear the area close to the hazard.

3. Partition the hazard off or clearly identify the

area to protect other people from harm.

4. If the hazard is can be easily and safely cleared,

then do so.

5. Report the hazard to the appropriate person

96
 (such as teacher in charge, principal etc.) to obtain assistance.

6. After clearing of the hazard, fill out the correct documentation to assist in

identifying improved practice to reduce further incidence of hazards.

97
 SELF CHECK 2.4

A. Direction: Read carefully each statement below. Write T if the statement is

TRUE or F if the statement is FALSE.

_____ 1. Health and safety procedure is the responsibility of all persons in the
computer and technology industries.
______ 2. Spotting the hazards means working out how likely it is that a hazard
will harm someone and how serious the harm could be.
______ 3. If you need to temporarily run a cable across the floor, place a
Danger sign similar to those "wet floor" signs used by cleaning services.
______ 4. An LCD monitor has a high-voltage anode inside it, which can carry
a charge of up to 25,000 volts, and it can still be holding a high charge days
after the power is removed.
______ 5. Inkjet printer cartridges, or laser printer toner cartridges are
hazardous to users.

98
 ACTIVITY SHEET 2.5
Procedures in Respond to Unplanned Events and
Condition

A. Make a list of hazards that may be present in your own home when operating
a personal computer. Give the possible risk of the said hazards.

________________________________________
________________________________________
________________________________________

B. Choose an industry or type of workplace e.g. computer laboratory, computer

manufacturing, or a computer shop. Make a list of hazards that may be
present in that workplace e.g. slippery floors from spilt water, oil etc; uneven
floors from changing floor level.

________________________________________
________________________________________
________________________________________

C. Write down ways to control the risks.

________________________________________
________________________________________
________________________________________
________________________________________
________________________________________

99
 INFORMATION SHEET 2.5
Active Directory

Learning Objectives
At the end of the lesson, the learner must be able to:
a. Identify an active directory and domain controller
b. Illustrate hierarchical structure of an active directory
c. Distinguish the core elements of the active directory

A directory is a hierarchical structure that stores information about objects on

the network. A directory service, such as Active Directory Domain Services (AD
DS), provides the methods for storing directory data and making this data available to
network users and administrators. For example, ADDS stores information about user
accounts, such as names, passwords, phone numbers, and so on, and enables other
authorized users on the same network to access this information.

Active Directory stores information about objects on the network and makes
this information easy for administrators and users to find and use. Active Directory
uses a structured data store as the basis for a logical, hierarchical organization of
directory information.

This data store, also known as the directory, contains information about Active
Directory objects. These objects typically include shared resources such as servers,
volumes, printers, and the network user and computer accounts.

Security is integrated with Active Directory through logon authentication and

access control to objects in the directory. With a single network logon, administrators
can manage directory data and organization throughout their network, and authorized
network users can access resources anywhere on the network. Policy-based
administration eases the management of even the most complex network.

100
 Active Directory also includes:

• A set of rules, the schema, that defines the classes of objects and
attributes contained in the directory, the constraints and limits on
instances of these objects, and the format of their names. For more
information about the schema, see Schema.

• A global catalog that contains information about every object in the

directory. This allows users and administrators to find directory
information regardless of which domain in the directory actually contains
the data. For more information about the global catalog, see The role of
the global catalog.

• A query and index mechanism, so that objects and their properties can
be published and found by network users or applications. For more
information about querying the directory, see Finding directory
information.

• A replication service that distributes directory data across a network.

All domain controllers in a domain participate in replication and contain
a complete copy of all directory information for their domain. Any change
to directory data is replicated to all domain controllers in the domain. For
more information about Active Directory replication, see Replication
overview.

❖ Active Directory Structure and Storage Technologies

Administrators use Active Directory to store and organize objects on a network

(such as users, computers, devices, and so on) into a secure hierarchical containment
structure that is known as the logical structure. Although the logical structure of Active
Directory is a hierarchical organization of all users, computers, and other physical
resources, the forest and domain form the basis of the logical structure. Forests, which

101
are the security boundaries of the logical structure, can be structured to provide data
and service autonomy and isolation in an organization in ways that can both reflect
site and group identities and remove dependencies on the physical topology.

Note:
In Windows 2000 Server and Windows Server 2003, the directory service is named
Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory
service is named Active Directory Domain Services (AD DS). The rest of this topic
refers to Active Directory, but the information is also applicable to Active Directory
Domain Services.
Domains can be structured in a forest to provide data and service autonomy
(but not isolation) and to optimize replication with a given region. This separation of
logical and physical structures improves manageability and reduces administrative
costs because the logical structure is not affected by changes in the physical structure.
The logical structure also makes it possible to control access to data. This means that
you can use the logical structure to compartmentalize data so that you can control
access to it by controlling access to the various compartments.

The data that is stored in Active Directory can come from many diverse sources.
With so many different data sources and so many different types of data, Active
Directory must employ some type of standardized storage mechanism so that it can
maintain the integrity of the data that it stores. In Active Directory, objects are used to
store information in the directory, and all objects are defined in the schema. The object
definitions contain information, such as data type and syntax, that the directory uses
to ensure that the stored data is valid. No data can be stored in the directory unless
the objects that are used to store the data are first defined in the schema. The default
schema contains all the object definitions that Active Directory needs to function;
however, you can also add object definitions to the schema.

While the directory is exposed to you through a logical structure that consists
of elements such as domains and forests, the directory itself is implemented through
a physical structure that consists of a database that is stored on all domain controllers

102
in a forest. The Active Directory data store handles all access to the database. The
data store consists of both services and physical files. These services and physical
files make the directory available, and they manage the processes of reading and
writing the data inside the database that exists on the hard disk of each domain
controller.

❖ Active Directory Structure and Storage Architecture

The Active Directory structure and storage architecture consists of four parts:
1. Active Directory domains and forests. Forests, domains, and organizational
units (OUs) make up the core elements of the Active Directory logical structure.
A forest defines a single directory and represents a security boundary. Forests
contain domains.

2. Domain Name System (DNS) support for Active Directory. DNS provides a
name resolution service for domain controller location and a hierarchical design
that Active Directory can use to provide a naming convention that can reflect
organizational structure.

3. Schema. The schema provides object definitions that are used to create the
objects that are stored in the directory.

4. Data store. The data store is the portion of the directory that manages the
storage and retrieval of data on each domain controller.

103
The following figure illustrates the Active Directory data structure and storage
architecture.

Figure 2.5-1 Active Directory Data Structure and Storage Architecture

Active Directory Domains and Forests
Domains partition the directory into smaller sections within a single forest. This
partitioning results in more control over how data is replicated so that an efficient
replication topology can be established and network bandwidth is not wasted by
replicating data where it is not required. OUs make it possible to group resources in a
domain for management purposes, such as applying Group Policy or delegating
control to administrators.

The following figure illustrates the relationships of OUs, domains, and forests in the
logical structure architecture.

Figure 2.5-2 Logical Structure Architecture

104
DNS Support for Active Directory
Active Directory uses DNS as its domain controller location mechanism. When
any of the principal Active Directory operations, such as authentication, updating, or
searching, is performed, domain joined computers use DNS to locate Active Directory
domain controllers, and these domain controllers use DNS to locate each other. For
example, when a network user with an Active Directory user account logs on to an
Active Directory domain, the user’s computer uses DNS to locate a domain controller
for the Active Directory domain to which the user wants to log on.

To log on to a network that consists of an Active Directory forest, a client

workstation must first be able to locate a nearby domain controller. The domain
controller is necessary for initial authentication of both the workstation and the user
and for subsequent authorization of the user for the files and resources to which the
user needs access. The support that is provided to Active Directory by DNS enables
a client workstation to locate a domain controller.

Active Directory Schema

Active Directory schema contains definitions for all the objects that are used to
store information in the directory. There is one schema per forest. However, a copy of
the schema exists on every domain controller in the forest. This way, every domain
controller has quick access to any object definition that it might need, and every
domain controller uses the same definition when it creates a given object. The data
store relies on the schema to provide object definitions, and the data store uses those
definitions to enforce data integrity. The result is that all objects are created uniformly,
and it does not matter which domain controller creates or modifies an object because
all domain controllers use the same object definition.

The following figure illustrates the relationship of the schema to the data store in the
schema architecture.

105
Figure 2.5-3 Schema Architecture

Active Directory Data Store

The Active Directory data store is made up of several components that together
provide directory services to directory clients. These components include the following:

Four interfaces:
1. Lightweight Directory Access Protocol (LDAP)
2. Replication (REPL) and domain controller management interface
3. Messaging API (MAPI)
4. Security Accounts Manager (SAM)

Three service components:

1. Directory System Agent (DSA)
2. The database layer
3. Extensible Storage Engine (ESE)

The directory database where the data is actually stored.

106
The following figure illustrates the relationships of these components in the data store
architecture.

Figure 2.5-4 Data Store Architecture

❖ Domain and Forest Components

TABLE 2.5-1 Domain and Forest Components

Component Description

Forest A forest is the highest level of the logical

structure hierarchy. An Active Directory
forest represents a single self-contained
directory. A forest is a security boundary,
which means that administrators in a
forest have complete control over all
access to information that is stored
inside the forest and to the domain
controllers that are used to implement
the forest.

Domain Domains partition the information that is

stored inside the directory into smaller

107
 portions so that the information can be
more easily stored on various domain
controllers and so that administrators
have a greater degree of control over
replication. Data that is stored in the
directory is replicated throughout the
forest from one domain controller to
another. Some data that is relevant to the
entire forest is replicated to all domain
controllers. Other data that is relevant
only to a specific domain is replicated
only to domain controllers in that
particular domain. A good domain design
makes it possible to implement an
efficient replication topology. This is
important because it enables
administrators to manage the flow of
data across the network, that is, to
control how much data is replicated and
where that replication traffic takes place.

OU (Organizational Unit) OUs provide a means for administrators

to group resources, such as user
accounts or computer accounts, so that
the resources can be managed as one
unit. This makes it much easier to apply
Group Policy to multiple computers or to
control the access of many users to a
single resource. OUs also make it easier
to delegate control over resources to
various administrators.

108
 Domain Controller

A domain controller is a server that is running a version of the Windows Server®

operating system and has Active Directory® Domain Services installed.

When you install Windows Server on a computer, you can choose to configure
a specific server role for that computer. When you want to create a new forest, a new
domain, or an additional domain controller in an existing domain, you configure the
server with the role of domain controller by installing AD DS.

By default, a domain controller stores one domain directory partition consisting

of information about the domain in which it is located, plus the schema and
configuration directory partitions for the entire forest. A domain controller that runs
Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 can also
store one or more application directory partitions. There are also specialized domain
controller roles that perform specific functions in an AD DS environment. These
specialized roles include global catalog servers and operations masters.

Active Directory Installation

Active Directory Installation Wizard

The Active Directory Installation Wizard (dcpromo.exe) configures a server to

be a domain controller by installing Active Directory. Using the Active Directory
Installation Wizard you can either add a domain controller to an existing domain or
create the first domain controller in a new domain. The wizard provides the option to
do this.

You can run the Active Directory Installation Wizard from the command line, or from
the Configure Your Server Wizard. You can also install Active Directory using an
unattended setup script called an answer file.

109
When running the wizard from the command line, you can append the /adv switch to
the dcpromo command to populate the directory using a backup of system state data
from another domain controller in the same domain. Installing from backup media
reduces the amount of data that must be replicated over the network, thus reducing
the time required to install Active Directory.

Before installing Active Directory, the wizard verifies that the server is eligible to run
Active Directory by checking certain criteria. The following are examples of some of
the criteria that the wizard checks before allowing an Active Directory installation to
proceed:
• There is sufficient disk space on the computer to store the Active Directory
database.
• You have sufficient privileges to install Active Directory on the computer.
• The computer is running a correct version of the operating system.

After all prerequisites have been met, a user interface is used to gather information
specific to the environment in which Active Directory will be installed, such as the
Domain Name System (DNS) name and the storage locations for the Active Directory
database and the SYSVOL shared folder. If you are installing Active Directory using
an answer file, you will prepopulate the script with this information. Finally, the wizard
configures Active Directory and makes the server a domain controller.

Active Directory Functional Levels

Although most Active Directory features are available by default, certain new
features of Windows Server 2003 Active Directory, such as efficient group
membership replication and domain rename, cannot be enabled until all domain
controllers within a given scope (domain or forest) are running Windows Server 2003.

Windows Server 2003 Active Directory does not automatically enable such a
feature even when all domain controllers within a forest are running Windows Server
2003. Instead, the responsibility for the decision is administrative so that you can still

110
add domain controllers that are running earlier versions of Windows. By advancing the
functional level of a Windows Server 2003 domain or forest, you enable new features
within that scope.

Functional levels protect against incompatibility. Before you raise a functional level,
Active Directory verifies that all domain controllers are running the correct version of
the operating system. After you raise the functional level, Active Directory no longer
allows the introduction of a domain controller with an incompatible version of Windows.

111
 OPERATION SHEET 2.5
Installation and Configuration Procedures

To install the ADDS and DNS follow these steps:

1. Open Server Manager and click on roles, this will bring up the Roles
Summary on the right hand side where you can click on the Add Roles link.

2. This will bring up the Add Roles Wizard where you can click on next to see
a list of available Roles. Select Active Directory Domain Services from the
list, you will be told that you need to add some features, click on the Add
Required Features button and click next to move on.

112
3. A brief introduction to Active Directory will be displayed as well as a few links
to additional resources, you can just click next to skip past here and click
install to start installing the binaries for Active Directory.

4. When the installation is finished you will be shown a success message, just
click close.

113
Configuration Procedures for Domain Controller and Functional Level

5. Open up Server Manager, expand Roles and click on Active Directory

Domain Services. On the right hand side click on the Run the Active
Directory Domain Services Installation Wizard (dcpromo.exe) link.

6. This will kick off another wizard, this time to configure the settings for you
domain, click next to continue.

114
7. The message that is shown now relates to older clients that do not support
the new cryptographic algorithms supported by Server 2008 R2, these are
used by default in Server 2008 R2, click next to move on.

8. Choose to create a new domain in a new forest.

115
9. Now you can name your domain, we will be using a .local domain the reason
why will be explained in an upcoming article.

10. Since this is the first Domain Controller in our domain we can change our
forest functional level to Server 2008 R2.

116
 (Domain Name System) DNS Server
11. We want to include DNS in our installation as this will allow us to have an
AD Integrated DNS Zone, when you click next you will be prompted with a
message just click yes to continue.

12. You will need to choose a place to store log files, it is a best practice to store
the database and SYSVOL folder on one drive and the log files on a
separate drive, but since this is in a lab environment I will just leave them all
on the same drive.

117
13. Choose a STRONG Active Directory Restore Mode Password and click next
twice to kick off the configuration.

You will be able to see what components are being installed by looking in
the following box.

14. When its done you will be notified and required to reboot your PC.

118
15. Click Finish.

119
 SELF CHECK 2.5

Direction: Choose the letter of the correct answer from the given options. Write your
answer on a separate sheet of paper.

A. Schema G. Domains M. ADDS

B. Replication Service H. Domain Controller N. Active Directory
C. Organizational Unit I. DNS Installation Wizard
D. Global Catalog J. Directory O. Active directory
E. Functional levels K. Dcpromo.exe
F. Forest L. Data Store

1. Hierarchical structure that stores information about objects on the network.

2. Stores information about user accounts, such as names, passwords, phone
numbers, and so on, and enables other authorized users on the same network
to access this information.
3. Uses a structured data store as the basis for a logical, hierarchical organization
of directory information.
4. Provides object definitions that are used to create the objects that are stored in
the directory.
5. Contains information about every object in the directory.
6. Distributes directory data across a network.
7. The portion of the directory that manages the storage and retrieval of data on
each domain controller.
8. The highest level of the logical structure hierarchy.
9. Partition the information that is stored inside the directory into smaller portions.
10. Provide a means for administrators to group resources, such as user accounts
or computer accounts, so that the resources can be managed as one unit.
11. Server that is running a version of the Windows Server® operating system and
has Active Directory® Domain Services installed.
12. Provide a naming convention that can reflect organizational structure.
13. Configures a server to be a domain controller by installing Active Directory.

120
14. Windows server operating system command that opens the Active Directory
Installation Wizard
15. Active Directory no longer allows the introduction of a domain controller
with an incompatible version of Windows.

121
 ACTIVITY SHEET 2.5.1
Forest Functional Level

Directions:
1. Create a hierarchical structure showing domain within an Active Directory.
2. Select an organization from the top-level domains.
3. Use the following Active Directory Forest Functional Level: Domain,
Organizational Unit, Administrator, Group Policy Object, Users
4. Must have at least 5 client computers.
5. Use the example as guide.
6. Have a separate sheet of short bond paper for your answer.

Domain:

Philippines (.ph)

Organizational Unit:

Department of Health
(DOH)

Administrator:

COVID19 Inter Agency Task

Force (IATF)

Group Policy Object: Group Policy Object:

Region IV-A CALBARZON NCR National Capital

Region

User: User: User: User: User: User:

School Church Local Local Church School

Government Government
Unit Unit
User: User:
User: User:
Barangay Companies
Companies Barangay

122
 ACTIVITY SHEET 2.5.2
Installation and Configuration Procedures

Directions: Arrange the procedures in their proper order. Write the letter of the correct
answer on a separate sheet of paper.

1. A. Welcome to the Active Directory Domain Services

2. Installation Wizard
3. B. Type the fully qualified domain name FQDN of the new
4. forest root domain
5. C. Specify the folders that will contain the Active Directory
6. domain controller database, log files and SYSVOL
7. D. Set forest functional level
8. E. Run dcpromo.exe
9. F. Reboot on completion
10. G. Operating system compatibility
11. H. Open Server Manager
12. I. ADDS installation results succeeded
13. J. Create a new domain in a new forest
14. K. Confirm ADDS installation selection
15. L. Click Finish after completing the ADDS Installation Wizard
M. Choose a STRONG Active Directory Restore Mode
Password
N. Check Active Directory Domain Services in Add Roles
Wizard
O. Additional domain controller options

123
 ASSIGNMENT SHEET 2.5
Active Directory and Domain Controller

Direction: Answer the following questions on a separate sheet of paper.

1. What is the function of the Active Directory Domain Services in a server?

(3 points)

2. What is the function of the Domain Controller in a server?

(3 points)

3. What are the core elements of the Active Directory logical structure? Describe
the function of each component.
(6 points)

4. What is the importance of the active directory functional level?

(3 points)

124
 INFORMATION SHEET 2.6
Domain Name System

Learning Objectives
At the end of the lesson, the learner must be able to:
a. Identify a domain name system
b. Create an internet domain namespace
c. Recognize a DNS server

Terminology:

 TCP/IP - The Transmission Control Protocol/Internet Protocol, is a suite of

communication protocols used to interconnect network devices on the internet.
TCP/IP can also be used as a communications protocol in a private computer
network (an intranet or an extranet).
 IP - Internet Protocol address (IP address) is a numerical label assigned to each
device connected to a computer network that uses the Internet Protocol for
communication. An IP address serves two main functions: host or network
interface identification and location addressing.
 RFCs 1034/1035 - Organizational Interoperability Agreement in using the DNS
standardized by IETF.
 IETF - The Internet Engineering Task Force (IETF) The IETF is the Internet's
longest-established technical standardization body, and its open, decentralized
structure derives from the Internet's early history. The IETF is more a
community than a hierarchical organization.

125
DNS Infrastructure

The Domain Name System (DNS) infrastructure consists of DNS servers that
run the DNS Server service and DNS clients that run the DNS Client service.

Hierarchy of Managed Entities

DNS Server
A DNS server hosts the information that enables client computers to resolve
memorable, alphanumeric DNS names to the IP addresses that computers use to
communicate with each other. Most often, the DNS server responds to requests from
DNS clients to provide the IP address associated with a host's DNS domain name.
DNS servers can also be configured to provide the name of a host when it receives a
query containing the host's IP address, and DNS servers can also provide the IP
addresses of other servers configured to provide certain services, such as e-mail.

DNS names are organized into a hierarchy of domains, and domains are grouped and
managed in zones on the DNS server.

The DNS Server role in Windows Server 2008 combines support for standard DNS
protocols with the benefits of integration with Active Directory Domain Services (AD
DS) and other Windows networking and security features, including such advanced
capabilities as secure dynamic update of DNS resource records.

DNS Client
The DNS Client service is the client component that resolves and caches Domain
Name System (DNS) domain names. When the DNS Client service receives a request
to resolve a DNS name that it does not contain in its cache, it queries an assigned

126
DNS server for an IP address for the name. If the DNS Client service receives the
requested address, it stores the name and address in its cache to resolve future
requests without having to query the DNS server. All computers that use DNS to
resolve domain names (including DNS servers and domain controllers) use the DNS
Client service for this purpose.

Although TCP/IP uses IP addresses to locate and connect to hosts (computers

and other TCP/IP network devices), users typically prefer to use friendly names. For
example, users prefer the friendly name ftp.reskit.com, instead of its IP address,
172.16.23.55. The Domain Name System (DNS), defined in RFCs 1034 and 1035, is
used on the Internet to provide a standard naming convention for locating IP-based
computers.

On the Internet, before the implementation of DNS, the use of names to locate
resources on TCP/IP networks was supported by a file called Hosts. Network
administrators entered names and IP addresses into Hosts, and computers used the
file for name resolution.

Both the Hosts file and DNS use a namespace. A namespace is a grouping in
which names can be used to symbolically represent another type of information, such
as an IP address, and in which specific rules are established that determine how
names can be created and used. Some namespaces, such as DNS, are hierarchically
structured and provide rules that allow for the namespace to be divided into subsets
of names for distributing and delegating parts of the namespace. Other namespaces,
such as the Hosts namespace cannot be divided and must be distributed in their
entirety. Because of this, using the Hosts file posed a problem for network
administrators. As the number of computers and users on the Internet grew, the task
of updating and distributing the Hosts file became unmanageable.

DNS replaces the Hosts file with a distributed database that implements a
hierarchical naming system. This naming system allows for growth on the Internet and
the creation of names that are unique throughout the Internet and private TCP/IP-
based intranets.

127
Basic DNS Concepts

▪ DNS servers. Computers that run DNS server programs containing DNS
database information about the DNS domain tree structure. DNS servers also
attempt to resolve client queries. When queried, DNS servers can provide the
requested information, provide a pointer to another server that can help resolve
the query, or respond that it does not have the information or that the
information does not exist.

▪ DNS resolvers. Programs that use DNS queries to query for information from
servers. Resolvers can communicate with either remote DNS servers or the
DNS server program running on the local computer. Resolvers are usually built
into utility programs or are accessible through library functions. A resolver can
run on any computer, including a DNS server.

▪ Resource records. Sets of information in the DNS database that can be used
to process client queries. Each DNS server contains the resource records it
needs to answer queries for the portion of the DNS namespace for which it is
authoritative. (A DNS server is authoritative for a contiguous portion of the DNS
namespace if it contains information about that portion of the namespace.)

▪ Zones. Contiguous portions of the DNS namespace for which the server is
authoritative. A server can be authoritative for one or more zones.

▪ Zone files. Files that contain resource records for the zones for which the server
is authoritative. In most DNS implementations, zones are implemented as text
files.

128
Domain Namespace

The naming system on which DNS is based is a hierarchical and logical tree
structure called the domain namespace. Organizations can also create private
networks that are not visible on the Internet, using their own domain namespaces.
Figure 2.6-1 shows part of the Internet domain namespace, from the root domain and
top-level Internet DNS domains, to the fictional DNS domain named reskit.com that
contains a host (computer) named Mfgserver.

Figure 2.6-1 Domain Name System

Each node in the DNS tree represents a DNS name. Some examples of DNS
names are DNS domains, computers, and services. A DNS domain is a branch under
the node. For example, in Figure 2.6-1, reskit.com is a DNS domain. DNS domains
can contain both hosts (computers or services) and other domains (referred to as
subdomains ). Each organization is assigned authority for a portion of the domain
namespace and is responsible for administering, subdividing, and naming the DNS
domains and computers within that portion of the namespace.

Subdividing ** is an important concept in DNS. Creating subdivisions of the

domain namespace and private TCP/IP network DNS domains supports new growth
on the Internet and the ability to continually expand name and administrative
groupings. Subdivisions are generally based on departmental or geographic divisions.

129
For example, the reskit.com DNS domain might include sites in North America and
Europe. A DNS administrator of the DNS domain reskit.com can subdivide the domain
to create two subdomains that reflect these groupings: noam.reskit.com. and
eu.reskit.com. Figure 2.6-2 shows an example of these subdomains.

Figure 2.6-2 Subdomains

Domain Name
Computers and DNS domains are named based on their position in the domain
tree. For example, because reskit is a subdomain of the .com domain, the domain
name for reskit is reskit.com.

Every node in the DNS domain tree can be identified by a fully qualified
domain name (FQDN). The FQDN is a DNS domain name that has been stated
unambiguously so as to indicate with absolute certainty its location relative to the root
of the DNS domain tree. This contrasts with a relative name, which is a name relative
to some DNS domain other than the root.

For example, the FQDN for the server in the reskit.com DNS domain is constructed as
Mfgserver.reskit.com ., which is the concatenation of the host name (Mfgserver) with
the primary DNS suffix (reskit.com), and the trailing dot (.). The trailing dot is a
standard separator between the top-level domain label and the empty string label
corresponding to the root.

130
Note
In general, FQDNs have naming restrictions that allow only the use of characters a-z,
A-Z, 0-9, and the dash or minus sign (-). The use of the period (.) is allowed only
between domain name labels (for example, "reskit.com") or at the end of a FQDN.
Domain names are not case-sensitive.

You can configure the Windows 2000 DNS server to enforce some or all RFC
character restrictions or to ignore all character restrictions. For more information, see
"Windows 2000 DNS" in this book.

Internet Domain Namespace

The root (the top-most level) of the Internet domain namespace is managed by
an Internet name registration authority, which delegates administrative responsibility
for portions of the domain namespace to organizations that connect to the Internet.

Beneath the root DNS domain lie the top-level domains, also managed by the
Internet name registration authority.

There are three types of top-level domains:

1. Organizational domains. These are named by using a 3-character code that
indicates the primary function or activity of the organizations contained within
the DNS domain.
2. Geographical domains. These are named by using the 2-character
country/region codes established by the International Standards Organization
(ISO) 3166.
3. Reverse domains. This is a special domain, named in-addr.arpa, that is used
for IP address-to-name mappings.

131
 The most commonly used top-level DNS name components for organizations in
the United States are described in the Table 2.6-1.

Table 2.6-1 Top-Level Name Component of the DNS Hierarchy

Top-Level Description Example DNS
Name Domain Name
Component
.com An Internet name authority delegates portions of microsoft.com
the domain namespace under this level to
commercial organizations, such as the Microsoft
Corporation.

.edu An Internet name authority delegates portions of mit.edu

this domain namespace to educational
organizations, such as the Massachusetts
Institute of Technology (MIT).

.gov An Internet name authority delegates portions of whitehouse.gov

this domain namespace to governmental
organizations, such as the White House in
Washington, D.C.

.int An Internet name authority delegates portions of nato.int

this domain namespace to international
organizations, such as the North Atlantic Treaty
Organization (NATO).

.mil An Internet name authority delegates portions of ddn.mil

this domain namespace to military operations,
such as the Defense Date Network (DDN).

.net An Internet name authority delegates portions of nsf.net

this domain namespace to networking

132
 organizations, such as the National Science
Foundation (NSF).

.org An Internet name authority delegates portions of cnidr.org

this domain namespace to noncommercial
organizations, such as the Center for Networked
Information Discovery and Retrieval (CNIDR).

In addition to the top-level domains listed above, individual countries have their
own top-level domains. For example, .ca is the top-level domain for Canada.

Beneath the top-level domains, an Internet name authority delegates domain

to organizations that connect to the Internet. The organizations to which an Internet
name authority delegates a portion of the domain namespace are then responsible for
naming the computers and network devices within their assigned domain and its
subdivisions. These organizations use DNS servers to manage the name-to-IP
address and IP address-to-name mappings for host devices contained within their
portion of the namespace.

Zones
A zone is a contiguous portion of the DNS namespace. It contains a series of
records stored on a DNS server. Each zone is anchored at a specific domain node.
However, zones are not domains. A DNS domain is a branch of the namespace,
whereas a zone is a portion of the DNS namespace generally stored in a file, and can
contain multiple domains. A domain can be subdivided into several partitions, and
each partition, or zone, can be controlled by a separate DNS server. Using the zone,
the DNS server answers queries about hosts in its zone, and is authoritative for that
zone. Zones can be primary or secondary. A primary zone is the copy of the zone to
which the updates are made, whereas a secondary zone is a copy of the zone that is
replicated from a master server.

133
 Zones can be stored in different ways. For example, they can be stored as zone
files. On Windows 2000 servers, they can also be stored in the Active Directory ™
directory service. Some secondary servers store them in memory and perform a zone
transfer whenever they are restarted.

Figure 2.6-3 shows an example of a DNS domain that contains two primary zones. In
this example, the domain reskit.com contains two subdomains: noam.reskit.com. and
eu.reskit.com. Authority for the noam.reskit.com. subdomain has been delegated to
the server noamdc1.noam.reskit.com. Thus, as Figure 2.6-3 shows, one server,
noamdc1.noam.reskit.com, hosts the noam.reskit.com zone, and a second server,
reskitdc1.reskit.com, hosts the reskit.com zone that includes the eu.reskit.com
subdomain.

Figure 2.6-3 Domains and Zones

Rather than delegating the noam.reskit.com zone to

noamdc1.noam.reskit.com, the administrator can also configure reskitdc1 to host the
zone for noam.reskit.com.

Also, you cannot configure two different servers to manage the same primary
zones; only one server can manage the primary zone for each DNS domain. There is

134
one exception: multiple computers can manage Windows 2000 Active Directory–
integrated zones.

You can configure a single DNS server to manage one zone or multiple zones,
depending on your needs. You can create multiple zones to distribute administrative
tasks to different groups and to provide efficient data distribution. You can also store
the same zone on multiple servers to provide load balancing and fault tolerance.

Name Resolution
DNS clients use libraries called resolvers that perform DNS queries to servers
on behalf of the client. Keep in mind throughout this discussion that a DNS server can
also be a client to another server.

Note
Computers running under Microsoft® Windows NT® Workstation or Microsoft®
Windows NT® Server version 4.0 use DNS name resolution when a name query
contains a name that contains a period or is greater than 15 bytes in length. Computers
running Windows 2000 always try DNS name resolution. For more information about
DNS and NetBIOS name resolution, see "TCP/IP Troubleshooting" and "Windows
2000 DNS" in this book.

DNS clients can make two types of queries: recursive and iterative.

DNS Servers
DNS servers store information about no zones, one zone, or multiple zones.
When a DNS server receives a DNS query, it attempts to locate the requested
information by retrieving data from its local zones. If this fails because the server is not
authoritative for the DNS domain requested and thus does not have the data for the
requested domain, the server can check its cache, communicate with other DNS
servers to resolve the request, or refer the client to another DNS server that might
know the answer.

135
 DNS servers can host primary and secondary zones. You can configure servers
to host as many different primary or secondary zones as is practical, which means that
a server might host the primary copy of one zone and the secondary copy of another
zone, or it might host only the primary or only the secondary copy for a zone. For each
zone, the server that hosts the primary zones is considered the primary server for that
zone, and the server that hosts the secondary zones is considered the secondary
server for that zone.

Primary zones are locally updated. When a change is made to the zone data,
such as delegating a portion of the zone to another DNS server or adding resource
records in the zone, these changes must be made on the primary DNS server for that
zone, so that the new information can be entered in the local zone.

In contrast, secondary zones are replicated from another server. When a zone
is defined on a secondary server for that zone, the zone is configured with the IP
address of the server from which the zone is to be replicated. The server from which
the zone file replicates can either be a primary or secondary server for the zone, and
is sometimes called a master server for the secondary zone.

When a secondary server for the zone starts up, it contacts the master server
for the zone and initiates a zone transfer. The secondary server for the zone also
periodically contacts the master server for the zone to see whether the zone data has
changed. If so, it can initiate a transfer of the zones, referred to as a zone transfer .

You must have a primary server for each zone. Additionally, you should have
at least one secondary server for each zone. Otherwise, if the primary server for the
zone goes down, no one will be able to resolve the names in that zone.

Secondary servers provide the following benefits:

▪ Fault tolerance When a secondary server is configured for a zone, clients can
still resolve names for that zone even if the primary server for the zone goes
down. Generally, plan to install the primary and secondary servers for the zone
on different subnets. Therefore, if connectivity to one subnet is lost, DNS clients
can still direct queries to the name server on the other subnet.
136
 ▪ Reduction of traffic on wide area links You can add a secondary server for
the zone in a remote location that has a large number of clients, and then
configure the client to try those servers first. This can prevent clients from
communicating across slow links for DNS queries.
▪ Reduction of load on the primary server for the zone The secondary server
can answer queries for the zone, reducing the number of queries the primary
server for the zone must answer.

Dynamic Update

Dynamic update is a new standard, specified in RFC 2136, that provides a

means of dynamically updating zone data on a zone's primary server.

Originally, DNS was designed to support only static changes to a zone

database. Because of the design limitations of static DNS, the ability to add, remove,
or modify resource records could only be performed manually by a DNS system
administrator.

For example, a DNS system administrator would edit records on a zone's

primary server and the revised zone database is then propagated to secondary
servers during zone transfer. This design is workable when the number of changes is
small and updates occur infrequently, but can otherwise become unmanageable.

With dynamic update, on the other hand, the primary server for the zone can
also be configured to support updates that are initiated by another computer or device
that supports dynamic update. For example, it can receive updates from workstations
registering A and PTR resource records, or from DHCP servers. Updates are sent
using a standard UPDATE message format and can include the addition or deletion of
individual resource records (RRs) or sets of resource records (RRsets).

In order for a request for a dynamic update to be performed, several

prerequisite conditions can also be identified. Where prerequisites are set, all such
conditions must be met before an update is allowed.

137
 Some examples of prerequisites that can be set are:
a. A required RR or RRset already exists or is in use prior to an update.
b. A required RR or RRset does not exist or is not in use prior to an update.
c. A requester is permitted to initiate an update of a specified RR or RRset.

Each prerequisite must be satisfied in order for an update to occur. After all
prerequisites are met, the zone's primary server can then proceed with an update of
its local zones. Multiple updates can be processed concurrently only if one update
does not depend on the final result of another update.

138
 SELF CHECK 2.6

Direction: Match Column A with Column B. Choose the correct term that best describe

COLUMN A COLUMN B

1. Suite of communication protocols used to A. .edu

interconnect network devices on the internet. B. DNS
2. Numerical label assigned to each device
connected to a computer network. C. DNS Server
3. Naming system allows for growth on the Internet
and the creation of names that are unique D. Dynamic update
throughout the Internet and private TCP/IP-
E. Geographical domain
based intranets.
4. The use of names to locate resources on TCP/IP F. Host
networks supported by a file.
5. The naming system on which DNS is based is a G. IP
hierarchical and logical tree structure.
6. Internet name authority delegates portions of this H. Namespace
domain namespace to educational organizations.
I. Organizational domain
7. These are named by using a 3-character code
that indicates the primary function or activity of J. Primary server
the organizations contained within the DNS
domain. K. Resolver
8. These are named by using the 2-character
country/region codes established by the L. Reverse domain
International Standards Organization (ISO) 3166.
M. Secondary server
9. This is a special domain, named in-addr.arpa,
that is used for IP address-to-name mappings. N. TCP/IP
10. Contiguous portion of the DNS namespace.
11. Library that perform DNS queries to servers on O. Zone
behalf of the client.
12. Store information about no zones, one zone, or
multiple zones. the statement. Write the letter
13. The server that hosts the primary zones. of the correct answer on a
14. The server that hosts the secondary zones. separate sheet of paper.
15. New standard, specified in RFC 2136, that
provides a means of dynamically updating zone
data on a zone's primary server.

139
 ACTIVITY SHEET 2.6
Domain Name System

Direction: Create your own domain name system by using the following namespace
accordingly in the Philippines. Use the table on a separate sheet of paper.

Domain namespace Domain Name System

.com

.edu

.gov

.mil

.org

Rubric: Originality – 3 points

Relativity – 2 points

Total Score: 25 points

140
 ASSIGNMENT SHEET 2.6
Domain Name System

Direction: Answer the following questions on a separate sheet of paper.

1. What is FQDN in configuring the DNS? (3 points)

2. What is the relationship of the DNS Server to zones? (3 points)

3. Why do you need to consider the domain namespace in creating a DNS?

(3 points)

4. What is the importance of Secondary servers in the DNS Server? (3 points)

5. What is dynamic update in DNS? (3 points)

141
 INFORMATION SHEET 2.7
Dynamic Host Configuration Protocol DHCP
Server

Learning Objectives
At the end of the lesson, the learner must be able to:
a. Identify the DHCP Server
b. Assign an IP scope for the DHCP server
c. Install the DHCP server

Terminology:
 address pool - Addresses that remain after you define a DHCP scope and
apply exclusion ranges. Pooled addresses are eligible for dynamic assignment
by the server to DHCP clients on your network.
 exclusion range - A limited sequence of IP addresses within a scope, excluded
from DHCP service offerings. Exclusion ranges assure that any addresses in
these ranges are not offered by the server to DHCP clients on your network.
 Lease - A length of time that a DHCP server specifies, during which a client
computer can use an assigned IP address. When a lease is made to a client,
the lease is active. Before the lease expires, the client typically needs to renew
its address lease assignment with the server. A lease becomes inactive when
it expires or is deleted at the server. The duration for a lease determines when
it will expire and how often the client needs to renew it with the server.
 options class - A way for the server to further manage option types provided
to clients. When an options class is added to the server, clients of that class
can be provided class-specific option types for their configuration. Options
classes can be of two types: vendor classes and user classes.
 option types - Other client configuration parameters a DHCP server can assign
when serving leases to DHCP clients. For example, some commonly used

142
 options include IP addresses for default gateways (routers), WINS servers, and
DNS servers. Typically, these option types are enabled and configured for each
scope. You can use the DHCP console to configure default option types that
are used by all scopes added and configured at the server. Most options are
predefined through RFC 2132, but you can use the DHCP console to define
and add custom option types, if required.
 Reservation - Used to create a permanent address lease assignment by the
DHCP server. Reservations assure that a specified hardware device on the
subnet can always use the same IP address.
 Scope - The full consecutive range of possible IP addresses for a network.
Scopes typically define a single physical subnet on your network to which
DHCP services are offered. Scopes also provide the primary way for the server
to manage distribution and assignment of IP addresses and any related
configuration parameters to clients on the network.
 Superscope - An administrative grouping of scopes that can be used to support
multiple logical IP subnets on the same physical subnet. Superscopes only
contain a list of member scopes or child scopes that can be activated together.
Superscopes are not used to configure other details about scope usage. For
configuring most properties used within a superscope, you need to configure
member scope properties individually.

143
DHCP Infrastructure
Dynamic Host Configuration Protocol (DHCP) is an IP standard for simplifying
management of host IP configuration. The DHCP standard provides for the use of
DHCP servers as a way to manage dynamic allocation of IP addresses and other
related configuration details for DHCP-enabled clients on your network.

Hierarchy of Managed Entities

Dynamic Host Configuration Protocol (DHCP) server is a computer running the

DHCP Server service that holds information about available IP addresses and related
configuration information, as defined by the DHCP administrator, and responds to
requests from DHCP clients.

144
Managed Entities

1. Dynamic Host Configuration Protocol (DHCP) NAP Components

Network Access Protection (NAP) is a health policy creation, enforcement, and
remediation technology that is included in Windows Vista and Windows Server 2008.
With NAP, system administrators can enforce health requirements, which can include
software requirements, security update requirements, required computer
configurations, and other settings.
Dynamic Host Configuration Protocol (DHCP) enforcement includes a DHCP
NAP enforcement server component and a DHCP NAP enforcement client
component. By using DHCP enforcement, DHCP servers can enforce health policy
requirements any time a computer attempts to lease or renew an IP address
configuration on the network. DHCP enforcement is the easiest enforcement to deploy
because all DHCP client computers must lease IP addresses.
DHCP NAP requires proper NPS/RADIUS configuration.

2. DHCP Scopes
A Dynamic Host Configuration Protocol (DHCP) scope is the consecutive range
of possible IP addresses that the DHCP server can lease to clients on a subnet.
Scopes typically define a single physical subnet on your network to which DHCP
services are offered. Scopes are the primary way for the DHCP server to manage
distribution and assignment of IP addresses and any related configuration parameters
to DHCP clients on the network.

Managed Entities:

A. DHCP BOOTP Configuration

The Bootstrap Protocol (BOOTP) is a host configuration protocol
developed before Dynamic Host Configuration Protocol (DHCP). DHCP
improves on BOOTP and resolves its limitations as a host configuration service.

145
 The BOOTP service can request Internet Protocol (IP) addresses for
BOOTP clients from the DHCP server. If the DHCP server cannot provide IP
addresses, the BOOTP service might not function correctly.

B. DHCP Client Option Configuration

Dynamic Host Configuration Protocol (DHCP) uses options to pass
additional Internet Protocol (IP) settings to DHCP clients on a network.
Examples of DHCP options include:
• The default gateway IP address
• The Domain Name System (DNS) server IP address
• The DNS domain name
You can configure options for an entire server, a scope, or for a single
reserved client. If the server does not recognize the options sent by the client,
it ignores the options.

C. DHCP Lease Availability

Internet Protocol (IP) addresses are leased by the Dynamic Host
Configuration Protocol (DHCP) server to its clients. Each lease has an
expiration date, which the client must renew if it is going to continue to use that
IP address. The DHCP server cannot issue leases to clients if the number of
available IP addresses in the scope is insufficient.

D. DHCP Scope Configuration

Before Dynamic Host Configuration Protocol (DHCP) clients can use a
DHCP server for dynamic Transmission Control Protocol/Internet Protocol
(TCP/IP) configuration, you must define and activate scopes for your DHCP
clients. A scope is the full, consecutive range of possible Internet Protocol (IP)
addresses for a subnet. The IP addresses in a scope defines a single subnet
on which DHCP services are offered. DHCP servers use scopes to manage
network IP address distribution and the configuration of DHCP options.

146
3. DHCP Runtime
Dynamic Host Configuration Protocol (DHCP) runtime includes normal
operating functions of the DHCP server. Examples of these functions include lease
issuance and rogue detection.
Managed Entities:
Name Description

Audit Logging Dynamic Host Configuration Protocol (DHCP) servers include

several logging features and server parameters that provide
enhanced auditing capabilities. You can specify the following
features:

• The file path in which the DHCP server stores audit log
files. DHCP audit logs are located by default at
%windir%\System32\Dhcp.
• A maximum size restriction (in megabytes) for the total
amount of disk space available for all audit log files created
and stored by the DHCP service.
• An interval for disk checking that is used to determine how
many times the DHCP server writes audit log events to the
log file before checking for available disk space on the
server.
• A minimum size requirement (in megabytes) for server disk
space that is used during disk checking to determine if
sufficient space exists for the server to continue audit
logging.

Authorization When configured correctly and authorized for use on a network,

and Conflicts Dynamic Host Configuration Protocol (DHCP) servers provide a
useful administrative service. However, a misconfigured or
unauthorized DHCP server can cause problems. For example, if
an unauthorized DHCP server starts, it might begin either leasing
incorrect IP addresses to clients or negatively acknowledging
DHCP clients that attempt to renew current IP address leases.

147
 To resolve these issues, DHCP servers are verified as authorized
in Active Directory Domain Services before they can service
clients. This prevents most of the accidental damage caused by
either misconfigured DHCP servers or correctly configured DHCP
servers running on the wrong network.

Backup/Restore Maintaining a backup of the Dynamic Host Configuration Protocol

(DHCP) database protects you from data loss in the event of data
corruption or a hard disk failure.

There are three backup methods supported by the DHCP Server

service:

• Synchronous backups that occur automatically. The

default backup interval is 60 minutes.
• Asynchronous (manual) backups, performed by using the
Backup command in the DHCP snap-in.
• Backups using Windows Backup (Ntbackup.exe) or other
backup software.

When a synchronous or asynchronous backup occurs, the entire

DHCP database is saved.

BOOTP Boot The Bootstrap Protocol (BOOTP) is a host configuration protocol

File developed before Dynamic Host Configuration Protocol (DHCP).
Configuration DHCP improves on BOOTP and resolves its limitations as a host
configuration service.

To configure your DHCP server to assign Internet Protocol (IP)

address information to BOOTP clients, you must add a
reservation for each BOOTP client. The reservation builds an

148
 association between the media access control (MAC) address
and the IP address

General General availability of the Dynamic Host Configuration Protocol

Availability (DHCP) server refers to its ability to service clients. General
availability depends on:

• Proper authorization of the DHCP server

• Presence of Active Directory Domain Services
• Successful loading of the DHCP dynamic-link libraries
(DLLs)

Lease Issuance Internet Protocol (IP) addresses are leased by the Dynamic Host
Configuration Protocol (DHCP) server to its clients. Each lease
has an expiration date, which the client must renew if it is going
to continue to use that IP address. If conflict detection is enabled,
the DHCP server pings the client before assigning the IP address
to determine whether an IP address is already in use on the
network.

If the DHCP client cannot be pinged by the server, the server

assumes no IP address conflict and assigns the IP address to the
client.

Server Active For proper authorization and operation, the Dynamic Host
Directory Configuration Protocol (DHCP) server relies on a valid Active
Availability Directory Domain Services configuration. The DHCP server must
find a valid directory services-enabled domain controller.

Server For proper network communication between the Dynamic Host

Communication Configuration Protocol (DHCP) server and other network
services, such as Active Directory Domain Services and Winsock,
the DHCP server must have a working network connection.

149
Server DNS You can configure the Dynamic Host Configuration Protocol
Registration (DHCP) Server service to impersonate an account to perform
Domain Name service (DNS) registrations and secure dynamic
updates. The Netsh.exe tool can be used to configure the
impersonation credentials. You must create a dedicated user
account in Active Directory Domain Services before you use the
Netsh.exe tool to configure the use of impersonation credentials.

Server Interface When the network interfaces or Internet Protocol (IP) addresses
Change with which the Dynamic Host Configuration Protocol (DHCP)
Notification server is configured are changed, the server might not recognize
these changes, and the interfaces might not function correctly.

Server Rogue When configured correctly and authorized for use on a network,
Detection Dynamic Host Configuration Protocol (DHCP) servers provide a
useful administrative service. However, a misconfigured or
unauthorized DHCP server can cause problems. For example, if
an unauthorized DHCP server starts, it might begin either leasing
incorrect IP addresses to clients or negatively acknowledging
DHCP clients that attempt to renew current address leases.

To resolve these issues, DHCP servers are verified as authorized

in Active Directory Domain Services before they can service
clients and unauthorized, or rogue, servers are detected. This
prevents most of the accidental damage caused by either
misconfigured DHCP servers or correctly configured DHCP
servers running on the wrong network.

Service When the Dynamic Host Configuration Protocol (DHCP) Server

Initialization service initializes, it checks for proper configuration of
Transmission Control Protocol/Internet Protocol (TCP/IP),
including the presence of a static IP address. Successful
initialization results when the DHCP server has established
network communication by using TCP/IP.

150
 Users Group To function properly, the Dynamic Host Configuration Protocol
Configuration (DHCP) service must be able to create or look up the DHCP Users
and DHCP Administrators local groups.

4. DHCP Database
The Dynamic Host Configuration Protocol (DHCP) service database is a
dynamic database that is updated as DHCP clients are assigned or as they release
their TCP/IP configuration parameters.
The DHCP server database can be backed up and restored, or migrated to
another server.

5. DHCPv6 Service
The Dynamic Host Configuration Protocol version 6 (DHCPv6) Server service
is a process that runs in the background on a computer running Windows Server and
that provides Internet Protocol version 6 (IPv6) addresses to clients.

DHCPv6 Lease Availability

A Dynamic Host Configuration Protocol version 6 (DHCPv6) scope consists of
a pool of IPv6 addresses on a specific subnet that the DHCP server can lease to
clients. If there are more clients requesting IP addresses than are available in the
DHCP scope, you either need to add a sufficient number of IP addresses to the scope
or configure shorter lease times.

6. DHCPv6 Runtime
Dynamic Host Configuration Protocol version 6 (DHCPv6) runtime includes
normal operating functions of the DHCPv6 server. Examples of these functions include
lease issuance and rogue detection.

DHCPv6 Scopes
A Dynamic Host Configuration Protocol version 6 (DHCPv6) scope is the
consecutive range of possible IPv6 addresses that the DHCP server can lease to
clients on a subnet. Scopes typically define a single physical subnet on your network
to which DHCP services are offered. Scopes are the primary way for the DHCP server

151
to manage distribution and assignment of IP addresses and any related configuration
parameters to DHCP clients on the network.

DHCP Client
With a DHCP server installed and configured on your network, DHCP-
enabled clients can obtain their IP address and related configuration
parameters dynamically each time they start and join your network. DHCP
servers provide this configuration in the form of an address-lease offer to
requesting clients.

DHCP Client Address Conflicts

Dynamic Host Configuration Protocol (DHCP) operates on a lease
renewal basis. During the leasing process, IP address conflicts can occur as
leases are renewed and expired. Client lease requests might be denied by the
server for invalid (out of pool) or duplicate IP addresses. Multiple IP address
conflict messages can indicate that your lease period, your scope, or both, need
adjustment in your DHCP server configuration.

DHCP Client Configuration

Each time a DHCP client starts, it requests IP configuration information
from a DHCP server including:
• IP address
• Subnet mask
• Additional configuration parameters, such as a default gateway address,
Domain Name System (DNS) server addresses, a DNS domain name,
and Windows Internet Name Service (WINS) server addresses

DHCP Deployment Design Goal: Allocating IP Addresses

DHCP enables the allocation of IP addresses to client computers and other

devices in enterprise environments.

152
 If you look at your installed base of TCP/IP devices, you can roughly separate them
into three categories:

✓ Network devices: These include routers, firewalls, and switches.

✓ Servers: Computers that provide services to other computers.

✓ Clients: Computers that consume services provided by the servers.

Each of these devices needs an IP address to be fully functional. However, the

method for allocating addresses to these devices can differ, depending on the
category of the device.

The most widely deployed version of Internet Protocol (IP) is IP version 4, which
defines an addressing scheme based on 32-bit addresses. Each address includes a
network/subnet address component and an individual host address component;
therefore, there are practical limitations to the numbers of addresses available. If all
IP devices were required to have a globally unique IP address, the available pool of
addresses would have run out long ago. Class C IP addresses, for example, have 24
bits reserved for network ID, which means that there are approximately 16 million
network IDs available. This might seem like a lot of IDs, but each of them can have
only 254 possible hosts on it (because there are only 8 bits left for host IDs).

Given the limitations of providing globally unique IP addresses, most enterprise

networks use private IP addressing within the organization. The private IP address
space is defined as three sets of IP addresses set aside by the Internet Assigned
Numbers Authority (IANA) and is specified in RFC 1918.

The reserved IP ranges are:

▪ 10.0.0.1 through 10.255.255.254
▪ 172.16.0.1 through 172.31.255.254
▪ 192.168.0.1 through 192.168.255.254

153
 Private addressing schemes are typically used in conjunction with technologies
such as network address translation (NAT), which allows hosts with private addresses
to access external services through proxy devices. NAT works by temporarily
allocating a real registered address for the duration of a given session only.

If you need to use registered IP addresses for public devices, it is crucial that you
do not waste addresses on unused hosts. However, even if you are using private
addressing within the organization, your addressing scheme might require you to
reuse addresses where possible. For this reason, an IP address allocation and
management solution is required.

DHCP Hardware Requirements

A manually configured IP allocation scheme requires planning documents, lists

of addresses to assign, and a method for recording addresses in use. This information
must be updated and kept accurate for as long as the method is used; this includes
keeping track of all network configuration changes that occur during the lifetime of the
service.

If you intend to use an automated IP allocation scheme, you will need at least
one computer that meets the hardware requirements of the operating system and the
allocation software package you choose. Regardless of the software package, the
service will be more responsive with the addition of RAM and a faster disk subsystem
to the host computer.

The minimum hardware requirement for the DHCP service in Windows Server
2008 is a Class 1 server for both member and clustered DHCP server roles; the
clustered servers require extra hardware for clustering. The following table provides
the basic hardware requirements for this server type.

Component Type Component Configuration

Processor Two processors, 700 megahertz (MHz) to 1.6 gigahertz (GHz).

154
 Memory 256 megabytes (MB) to 2 gigabytes (GB). The minimum
memory requirement includes the base requirement for
Windows Server 2008 and an additional 128 MB for the DHCP
service.

Local storage Drive controller: SCSI 3

Hard disks: 30-36 GB

Hard disk bays: 2-4

Network adapter Two 10/100 Fast Ethernet adapters supporting PXE (Pre-boot
Execution Environment).

The following table provides the additional components required by the clustered
DHCP servers.

Component Type Component Configuration

Network adapter Three network adapter ports:

▪ Two configured in a fault-tolerant NIC team.

▪ One used for cluster heartbeat (single port network
adapter).

Host bus Two host bus adapters configured for fault tolerance and
adapters connected to the SAN.

Local storage RAID 1 (mirrored) drive hosting the operating system.

SAN attached RAID 1 (mirrored) drive hosting the Quorum drive for the
storage cluster set and the DHCP database drive.

The amount of RAM and hard disk specification (disk spindles/speed) are the critical
hardware elements; processor speed is not as important.

155
 OPERATION SHEET 2.7
DHCP Server Installation Procedures

To install the DHCP Server follow these steps:

1. Open Server Manager. Click Add Roles, to open Add Roles Wizard.

156
2. Check DHCP Server in the Add Roles Wizard, click Next.

Take note that the ADDS and DNS can be installed together with the DHCP Server.

3. The DHCP informational screen appears. Read it and click Next.

157
4. The Select Network Connection Bindings screen appears. Keep the static IP
address selected and click Next.

5. The Specify IPv4 DNS Server Setting screen appears.

158
6. Validate the Preferred DNS server IPv4 address, click Next.

7. The Specify IPV4 WINS Server Settings screen appears. Retain the default option.
Click Next.

159
8. The Add or Edit DHCP Scopes screen appears. Click Add.

9. The Add Scope screen appears. Activate this scope.

160
10. Enter the scope name, starting IP address, ending IP address, subnet type, subnet
mask, and default gateway. Click OK.

11. You return to the Add or Edit DHCP Scopes screen, with the scope in place. Click
Next.

161
12. The Configure DHCPv6 Stateless Mode screen appears. Select Disable DHCPv6
stateless mode for this server. Click Next.

13. The Specify IPv6 Server Settings screen appears. Accept the defaults and click
Next.

162
14. The Authorize DHCP Server screen appears. Select User current credentials. Click
Next.

15. The installation runs and the Installation Progress screen appears.

163
16. The installation completes and the Installation Results screen appears. Close and
Reboot.

164
 SELF CHECK 2.7

Direction: Choose the correct answer from the given options. Write your answers on
a separate sheet of pad paper.

A. Backup/Restore
B. Bootstrap Protocol
C. Database
D. DHCP Client
E. DHCP Service Initialization
F. DHCPv6 Scope
G. DHCPv6 Service
H. Dynamic Host Configuration Protocol
I. Dynamic Host Configuration Protocol (DHCP) server
J. IPv4
K. Lease Availability
L. NAP Components
M. Reservation
N. Runtime
O. Scope

1. The full consecutive range of possible IP addresses for a network. Scopes typically
define a single physical subnet on your network to which DHCP services are
offered.
2. IP standard for simplifying management of host IP configuration.
3. Service that holds information about available IP addresses and related
configuration information, as defined by the DHCP administrator, and responds to
requests from DHCP clients.

165
4. System administrators can enforce health requirements, which can include
software requirements, security update requirements, required computer
configurations, and other settings.
5. Host configuration protocol developed before Dynamic Host Configuration
Protocol.
6. Has an expiration date, which the client must renew if it is going to continue to use
that IP address.
7. Includes normal operating functions of the DHCP server.
8. Protect the database from data loss in the event of data corruption or a hard disk
failure.
9. Dynamic structure that is updated as DHCP clients are assigned or as they release
their TCP/IP configuration parameters.
10. Process that runs in the background on a computer running Windows Server and
that provides Internet Protocol version 6 (IPv6) addresses to clients.
11. Consecutive range of possible IPv6 addresses that the DHCP server can lease to
clients on a subnet.
12. Requests IP configuration information from a DHCP server.
13. Most widely deployed version of Internet Protocol which defines an addressing
scheme based on 32-bit addresses.
14. Used to create a permanent address lease assignment by the DHCP server.
15. Checks for proper configuration of Transmission Control Protocol/Internet Protocol
(TCP/IP), including the presence of a static IP address.

166
 ACTIVITY SHEET 2.7.1
Installation Procedures

Directions: Arrange the procedures in their proper order. Write the letter of the correct
answer on a separate sheet of paper.

1. A. Add or Edit DHCP Scopes screen appears. Click Add.

2. B. Authorize DHCP Server screen appears. Select User current

3. credentials. Click Next.

4. C. Check DHCP Server in the Add Roles Wizard, click Next.

5. D. Configure DHCPv6 Stateless Mode screen appears. Select

6. Disable DHCPv6 stateless mode for this server. Click Next.

7. E. DHCP informational screen appears. Read it and click Next.

8. F. Enter the scope name, starting IP address, ending IP address,

9. subnet type, subnet mask, and default gateway. Activate. Click

10. OK.

11. G. Installation completes and the Installation Results screen

12. appears. Close and Reboot.

13. H. Installation runs and the Installation Progress screen appears.

14. I. Open Server Manager. Click Add Roles, to open Add Roles

15. Wizard.
J. Select Network Connection Bindings screen appears. Keep the
static IP address selected and click Next.
K. Specify IPv4 DNS Server Setting screen appears.
L. Specify IPV4 WINS Server Settings screen appears. Retain the
default option. Click Next.
M. The Specify IPv6 Server Settings screen appears. Accept the
defaults and click Next.
N. Validate the Preferred DNS server IPv4 address, click Next.
O. You return to the Add or Edit DHCP Scopes screen, with the
scope in place. Click Next.

167
 ACTIVITY SHEET 2.7.2
DHCP Familiarization

Direction: Find as much as 15 terminologies related to Dynamic Host Configuration

Protocol. List the words you get on a separate sheet of paper.

P E N O K T N C T S P B G I G L R J J J
E K W O N P W M T K R E C I V R E S P X
I C F E I K D N J S O D Q Y Y Y T H C C
X C I D A T E E F C T H H O S F R C S N
T L B D M N A Q K J O D T A U C H F Z G
C D E C O I V Z N X C N Y T V K O A E T
L T O P D A D F I B O S E R V E R P Q Y
K Q M H Y H U N Q L L H F I F D D M E J
X O G B C B W O R K A O E L V C P H L M
C T V P F A R I L S O I M B L B U K N M
R N K I B E T T E P M S T O E Z K R O X
Y S F W S J Q A A Z K D O I V J C K F E
R R F T B O Q V S E O R A G N J A I Q P
S H O W T V J R E P M X U T R I B R F O
L R E E H S J E B Q R I M U A P V I T I
E V T H M F L S D O S C T A Q B J P Z I
R V L B T F R E J E B S S N Y S A I K I
E G W N A R Z R F I D V I C U J R S M W
R D B L L S Z A W B O O T S T R A P E I
R M Z M B D X H B H L A D M S U I V H L

168
 ASSIGNMENT SHEET 2.7
Dynamic Host Configuration Protocol

Direction: Answer the following questions on a separate sheet of paper.

1. Discuss the difference between DHCP Server and DHCP Client. (6 points)

2. Discuss the difference between IPv4 and IPv6? (6 points)

3. What is the importance of DHCP Scope? (2 points)

4. What is the importance of DHCP Lease Availability? (3 points)

5. What is the importance of DHCP Database? (3 points)

169
 INFORMATION SHEET 2.8
File Services

Learning Objectives
At the end of the lesson, the learner must be able to:
a. Identify file services
b. Select file services
c. Install files services role

A file server provides a central location on your network where you can store
files and share them with users across your network. When users require an important
file that is intended to be accessed by many users, such as a project plan, they can
access the file remotely on the file server instead of having to pass the file between
their separate computers.
If your network users need access to the same file and applications, or if
centralized backup and file management are important to your organization, you
should configure this computer as a file server by adding the File Services role.

The following topics provide information about using File Services snap-ins.
• DFS Management
• Disk Management
• File Server Resource Manager
• Removable Storage: Welcome
• Services for Network File System
• Shadow Copies of Shared Folders
• Share and Storage Management
• Shared Folders
• Storage Explorer
• Storage Manager for SANs

170
❖ DFS Management

Distributed File System is implemented as a role service of the File Services

role and consists of the following role services:
• DFS Namespaces
• DFS Replication

To manage DFS Namespaces and DFS Replication, you can use the DFS
Management snap-in hosted by Server Manager, or you can use the DFS
Management snap-in from the Administrative Tools folder. Or you can use command
prompt tools, as discussed later in this topic.

To manage Distributed File System from a command prompt you can use the
DfsUtil, DfsCmd, DfsrAdmin, and DfsrDiag commands or write scripts that use
Windows Management Instrumentation (WMI).

Role service descriptions

DFS Namespaces and DFS Replication are role services in the File and
Storage Services role.

DFS Namespaces Enables you to group shared folders that are located on
different servers into one or more logically structured namespaces. Each namespace
appears to users as a single shared folder with a series of subfolders. However, the
underlying structure of the namespace can consist of numerous file shares that are
located on different servers and in multiple sites.

DFS Replication Enables you to efficiently replicate folders (including those

referred to by a DFS namespace path) across multiple servers and sites. DFS
Replication uses a compression algorithm known as remote differential compression
(RDC). RDC detects changes to the data in a file, and it enables DFS Replication to
replicate only the changed file blocks instead of the entire file.

171
Practical applications
You can use DFS Namespaces and DFS Replication to achieve the following
goals:

DFS Namespaces Provide users with a centralized folder namespace through

which to access and store files. You can host the underlying file shares on different
servers and in different sites to improve availability and performance.

DFS Replication Synchronize folder contents efficiently between servers,

across LAN or WAN network connections.

❖ Disk Management

Disk Management is a system utility for managing hard disks and the volumes or
partitions that they contain. With Disk Management, you can initialize disks, create
volumes, and format volumes with the FAT, FAT32, or NTFS file systems. Disk
Management enables you to perform most disk-related tasks without restarting the
system or interrupting users. Most configuration changes take effect immediately.

In this version of Windows, Disk Management provides the same features you may
already be familiar with from earlier versions, but also adds some new features:
• Simpler partition creation. When you right-click a volume, you can choose
whether to create a basic, spanned, or striped partition directly from the menu.
• Disk conversion options. When you add more than four partitions to a basic
disk, you are prompted to convert the disk to dynamic or to the GUID partition
table (GPT) partition style.
• Extend and shrink partitions. You can extend and shrink partitions directly from
the Windows interface.

❖ File Server Resource Manager

172
 File Server Resource Manager is a suite of tools for Windows Server® 2008 that
allows administrators to understand, control, and manage the quantity and type of data
that is stored on their servers. By using File Server Resource Manager, administrators
can place quotas on folders and volumes, actively screen files, and generate
comprehensive storage reports. This set of advanced instruments not only helps the
administrator efficiently monitor existing storage resources, but it also aids in the
planning and implementation of future policy changes.

❖ Removable Storage

You can use Removable Storage to easily track your removable storage media
(tapes and optical disks) and to manage the libraries that contain them (such as
changers and jukeboxes).

Removable Storage does the following:

• Labels, catalogs, and tracks media.
• Controls library drives, slots, and doors.
• Provides drive-cleaning operations.

This component works with your data-management programs, such as Backup.

You use data-management programs to manage the actual data stored on the media.
Removable Storage makes it possible for multiple programs to share the same storage
media resources, which can reduce your costs.

Removable Storage organizes all the media in your libraries into different media
pools. It also moves media between media pools in order to provide the amount of
data storage your applications require.

Removable Storage does not provide volume management, such as for media
siding or striping. Also, Removable Storage does not provide file management, such
as for data backup or disk-extender operations. These services are provided by data-
management applications such as Backup or Remote Storage.

173
 You must run all your data-management programs on the same computer that
connects to your library. Removable Storage does not support multiple data-
management programs running on different computers that are connected to the same
library.

❖ Services for Network File System

Services for Network File System (NFS) provides a file sharing solution for enterprises
that have a mixed Windows and UNIX environment. With Services for NFS, you can
transfer files between computers running Windows Server 2008 and UNIX operating
systems using the NFS protocol.

Services for NFS includes the following improvements:

• Active Directory Lookup. The Identity Management for UNIX Active Directory
schema extension includes UNIX user identifier (UID) and group identifier (GID)
fields. This enables Server for NFS and Client for NFS to look up Windows-to-
UNIX user account mappings directly from Active Directory Domain Services.
Identity Management for UNIX simplifies Windows-to-UNIX user account
mapping management in Active Directory Domain Services.
• 64-bit support. You can install Services for NFS components on all editions of
Windows Server 2008, including 64-bit editions.
• Enhanced server performance. Services for NFS includes a file filter driver,
which significantly reduces common server file access latencies.
• Unix special device support. Services for NFS supports UNIX special devices
(mknod).
• Enhanced Unix support. Services for NFS supports the following versions of
UNIX: Sun Microsystems Solaris version 9, Red Hat Linux version 9, IBM AIX
version 5L 5.2, and Hewlett Packard HP-UX version 11i.

❖ Shadow Copies of Shared Folders

Shadow Copies of Shared Folders provides point-in-time copies of files that are
located on shared resources, such as a file server. With Shadow Copies of Shared

174
Folders, users can view shared files and folders as they existed at points of time in the
past. Accessing previous versions of files, or shadow copies, is useful because users
can:
• Recover files that were accidentally deleted. If you accidentally delete a file,
you can open a previous version and copy it to a safe location.
• Recover from accidentally overwriting a file. If you accidentally overwrite a file,
you can recover a previous version of the file.
• Compare versions of a file while working. You can use previous versions when
you want to check what has changed between two versions of a file.

❖ Share and Storage Management

Share and Storage Management provides a centralized location for you to

manage two important server resources:
• Folders and volumes that are shared on the network
• Volumes in disks and storage subsystems

Shared resources management

You can share the content of folders and volumes on your server over the
network using the Provision a Shared Folder Wizard, which is available in Share and
Storage Management. This wizard guides you through the necessary steps to share
a folder or volume and assign all applicable properties to it. With the wizard, you can:
• Specify the folder or volume that you want to share or create a new folder
to share.
• Specify the network sharing protocol used to access the shared resource.
• Change the local NTFS permissions for the folder or volume you will be
sharing.
• Specify the share access permissions, user limits, and offline access to files
in the shared resource.
• Publish the shared resource to a Distributed File System (DFS) namespace.
• If Services for Network File System (NFS) has been installed, specify NFS-
based access permissions for the shared resource.

175
 • If File Server Resource Manager is installed on your server, apply storage
quotas to the new shared resource, and create file screens to limit the type
of files that can be stored in it.

Using Share and Storage Management, you can also monitor and modify
important aspects of your new and existing shared resources. You can:
• Stop the sharing of a folder or volume.
• Change the local NTFS permissions for a folder or volume.
• Change the share access permissions, offline availability, and other
properties of a shared resource.
• See which users are currently accessing a folder or a file and disconnect a
user if necessary.

If Services for Network File System (NFS) has been installed, change the NFS-
based access permissions for a shared resource.

❖ Shared Folders

You can use the Shared Folders Microsoft Management Console (MMC) snap-
in to centrally manage file shares on a computer. Shared Folders enables you to create
file shares and set permissions, as well as view and manage open files and users
connected to file shares on the computer.
• Share a Folder or Drive
• Stop Sharing a Folder or Drive
• Close an Open File
• Disconnect a User
• Set Permissions for Shared Folders
• Set Caching Options for Shared Folders
• Limit the Number of Users of a Shared Folder
• Understanding Shared Folders and the Windows Firewall
• Troubleshooting Shared Folders

176
❖ Storage Explorer

With Storage Explorer, you can view and manage the Fibre Channel and iSCSI
fabrics that are available in your storage area network (SAN).

A fabric is a network topology where devices are connected to each other

through one or more high-efficiency data paths. In the case of a Fibre Channel fabric,
the network includes one or more Fibre Channel switches that allow servers and
storage devices to connect to each other through virtual point-to-point connections.
For iSCSI fabrics, the network includes one or more Internet Storage Name Service
(iSNS) servers that provide discoverability and partitioning of resources.

Storage Explorer can display detailed information about servers connected to

the SAN, as well as components in the fabrics such as host bus adapters (HBAs),
Fibre Channel switches, and iSCSI initiators and targets.

You can also perform many administrative tasks on an iSCSI fabric—for

example, you can log on to iSCSI targets, configure iSCSI security, add iSCSI target
portals, add iSNS servers, and manage Discovery Domains and Discovery Domain
Sets.

❖ Storage Manager for SANs

Storage Manager for SANs helps you create and manage logical unit numbers
(LUNs) on Fibre Channel and iSCSI disk drive subsystems that support Virtual Disk
Service (VDS) in your storage area network (SAN).

A LUN is a logical reference to a portion of a storage subsystem. A LUN can

comprise a disk, a section of a disk, a whole disk array, or a section of a disk array in
the subsystem. Using LUNs simplifies the management of storage resources in your
SAN because they serve as logical identifiers through which you can assign access
and control privileges.

177
 OPERATION SHEET 2.8
Adding File Services Role

To install the File Server follow these steps:

1. Log on to the Windows Server 2008 R2 system with an account with

administrator privileges.
2. Click Start, click All Programs, click Administrative Tools, and select Server
Manager.
3. In the tree pane, click on the Roles node or In the tasks pane, click on the Add
Roles link.

4. When the Add Roles Wizard window opens, read the information on the Before
You Begin page and if the system meets the recommendations to have a strong
administrator password, static IP address, and be updated with the latest Windows
security updates, click Next to continue.

178
5. On the Select Server Roles page, check the File Services check box, and click
Next to continue.

179
6. The next page provides a short introduction to the File Services role and notes the
fact that the Windows Search Service and the indexing service cannot be installed
on the same system. Click Next to continue with the installation of the File Services
role.
The Role Services page enables administrators to select which File Services role
services will be installed on the system. The File Server service is selected by
default. After checking the desired services, click Next to continue.

7. The Confirm Installation Selections page enables the administrator to review the
chosen settings. After confirming that the settings are correct, click Install to install
and configure the services and tools chosen.

180
8. Wait for the Installation Progress

181
9. Review the Installation Results if the Files Services selected was successfully
installed.

10. View and configure File Services in the Server Manager.

182
 SELF CHECK 2.8

Direction: Identify the following terms. Choose the best answer form the given choices.
Write your answer on a separate sheet of paper.

A. Share and Storage Management E. File services

B. Shadow Copies of Shared F. File server resource manager
Folders G. File server
C. Services for Network File H. Disk management
System I. DFS REPLICATION
D. Removable storage J. DFS NAMESPACE

1. Provides a central location on your network where you can store files and share
them with users across your network.
2. Used to configure the computer as a file server.
3. Enable to group shared folders into one locally structured location.
4. Efficiently duplicate folders across multiple servers and sites.
5. System utility for managing hard disks and the volumes or partitions that they
contain.
6. Suite of tools for Windows Server® 2008 that allows administrators to
understand, control, and manage the quantity and type of data that is stored on
their servers.
7. Easily track your removable storage media and to manage the libraries it
contains.
8. Provides a file sharing solution for enterprises that have a mixed Windows and
UNIX environment
9. Provides point-in-time copies of files that are located on shared resources, such
as a file server.
10. Provides a centralized location for you to manage two important server
resources.

183
 ACTIVITY SHEET 2.8
File Services Installation

Directions: Arrange the procedures in their proper order. Write the letter of the correct
answer on a separate sheet of paper.

1. A. Click Start, click All Programs, click Administrative Tools,

2. and select Server Manager.
3. B. Confirm Installation Section, click Install to continue.
4. C. In the tree pane, click on the Roles node or In the tasks
5. pane, click on the Add Roles link.
6. D. Log on to the Windows Server 2008 R2 system with an
7. account with administrator privileges.
8. E. On the Select Server Roles page, check the File Services
9. check box, and click Next to continue.
10. F. Read the information on the Before You Begin page, click
Next to continue.
G. Review the Installation Results if the Files Services selected
was successfully installed.
H. The File Server service is selected by default. After checking
the desired services, click Next to continue.
I. View and configure File Services in the Server Manager.
J. Wait for the Installation Progress

184
 ASSIGNMENT SHEET 2.8
File Services

Direction: Answer the following questions on a separate sheet of paper.

1. Differentiate the functions of each file system: FAT, FAT32, NTFS. (6 points)

2. Differentiate the partitions styles: MBR, GPT. (4 points)

3. Enumerate features of Disk Management. (5 points)

4. Enumerate the functions of Removable Storage. (5 points)

185
 INFORMATION SHEET 2.9
Print Services

Learning Objectives
At the end of the lesson, the learner must be able to:
a. Identify print services
b. Manage print service
c. Install Print and Document Services Role

Print Services in Windows Vista and Windows Server 2008 enables you to
share printers on a network and centralize print server and network printer
management tasks by using the Print Management Microsoft Management Console
(MMC) snap-in.

The following sections provide more information about Print Services:

• Tools for managing a print server
• Print Services role services

Tools for managing a print server

There are two primary tools that you can use to administer a Windows print

server: Server Manager and Print Management. On Windows Server 2008, you can

use Server Manager to install the Print Services server role, optional role services,

and features. Server Manager also displays print-related events from Event Viewer

and includes an instance of the Print Management snap-in, which can administer the

local server only.

186
 The Print Management snap-in is available in the Administrative Tools folder

on computers running Windows Vista Business, Windows Vista Enterprise, Windows

Vista Ultimate and Windows Server 2008. You can use it to install, view, and manage

all of the printers and Windows print servers in your organization.

Print Management provides current details about the status of printers and print

servers on the network. You can use Print Management to install printer connections

to a group of client computers simultaneously and to monitor print queues remotely.

Print Management can help you find printers that have an error condition by using

filters. It can also send e-mail notifications or run scripts when a printer or print server

needs attention. On printers that provide a Web-based management interface, Print

Management can display more data, such as toner and paper levels.

Note

To manage a remote print server, you must be a member of the Print Operators or

Server Operators groups, or the local Administrators group on the remote print server.

You do not need these credentials to monitor remote print servers, though some

functionality will be disabled.

Print and Document Services

Print and Document Services is a role in Server Manager that enables you to

share printers and scanners on a network, setup print servers and scan servers, and

centralize network printer and scanner management tasks by using the Print

Management and Scan Management Microsoft Console (MMC) snap-ins respectively.

187
Print management helps you monitor print queues and receive notifications when print

queues stop processing print jobs. It also enables you to migrate print servers and to

deploy printer connection using Group Policy (to be discussed to next lessons). Scan

management enable you to monitor network scanners and scan servers, process

scanned documents and then route them to network folders, Windows SharePoint

Web sites, and to email recipients.

The Print and Document Services role in Windows Server 2008 R2 includes

three role services:

• Print Server

• LPD Service

• Internet Printing

Together, these role services provide all of the functionality of a Windows print

server. You can add these role services while you are installing the Print Services role

using the Add Roles Wizard of Server Manager. Or you can install them at a later time

by using the Add Role Services Wizard of Server Manager.

Print Server

Print Server is a required role service of the Print Services role. It adds the Print

Services role to Server Manager, and it installs the Print Management snap-in. Print

Management is used for managing multiple printers or print servers and migrating

printers to and from other Windows print servers. After you share a printer, Windows

enables the File and Printer sharing exception in Windows Firewall with Advanced

Security.

188
LPD Service

The Line Printer Daemon (LPD) Service installs and starts the TCP/IP Print Server

(LPDSVC) service, which enables UNIX-based computers or other computers that are

using the Line Printer Remote (LPR) service to print to shared printers on this server.

It also creates an inbound exception for port 515 in Windows Firewall with Advanced

Security.

No configuration is necessary for this service. However, if you stop or restart the Print

Spooler service, the TCP/IP Print Server service is also stopped, and it is not

automatically restarted.

To use a computer that is running Windows Vista or Windows Server 2008 to print to

a printer or print server that uses the LPD protocol, you can use the Network Printer

Installation wizard and a Standard TCP/IP printer port. However you must install the

Line Printer Remote (LPR) Port Monitor feature to print to a UNIX print server. To do

so, use one of the following methods:

• In Windows Vista: in Control Panel, click Programs and Features, click Turn

Windows features on or off, expand Print Services, select the LPR Port Monitor

check box, and then click OK.

• In Windows Server 2008: in Server Manager, click Add Features, select the

LPR Port Monitor check box, and then click OK.

189
Internet Printing

The Internet Printing role service in Windows Server 2008 creates a Web site hosted

by Internet Information Services (IIS). This Web site enables users to:

• Manage print jobs on the server.

• Use a Web browser to connect and print to shared printers on this server by

using the Internet Printing Protocol (IPP). (Users must have Internet Printing

Client installed.)

To manage a server by using the Web site created by Internet Printing, open a Web

browser and navigate to http://servername/printers, where server name is the UNC

path of the print server.

The Universal Naming Convention is the naming system used in Microsoft Windows for
accessing shared network folders and printers on a local area network.
Support for working with UNC paths in Unix and other operating systems use cross-platform
file sharing technologies like Samba.
UNC Name Syntax
UNC names identify network resources using a specific notation. These names consist
of three parts: a host device name, a share name, and an optional file path.

The Host-Name Section

The host-name portion of a UNC name can consist of either a network name string set
by an administrator and maintained by a network naming service like DNS or WINS, or by an
IP address. These hostnames normally refer to either a Windows PC or a Windows-compatible
printer.
The Share-Name Section
The share-name portion of a UNC pathname references a label created by an
administrator or, in some cases, within the operating system. In most versions of Microsoft
Windows, the built-in share name admin$ refers to the root directory of the operating system
installation—usually C:\Windows but sometimes C:\\WINDOWS. UNC paths do not include
Windows driver letters, only a label that may reference a particular drive.
The File_Path Section
The file_path portion of a UNC name references a local subdirectory beneath the share
section. This part of the path is optional. When no file_path is specified, the UNC path simply
points to the top-level folder of the share. The file_path must be absolute. Relative paths are
not allowed.

190
To install the Internet Printing Client, use one of the following methods:

• In Windows Vista: in Control Panel, click Programs and Features, click Turn

Windows features on or off, expand Print Services, select the Internet Printing

Client check box, and then click OK.

• In Windows Server 2008: in Server Manager, click Add Features, select the

Internet Printing Client check box, and then click OK.

191
 OPERATION SHEET 2.9
Print Services

To install the Print Services server role with the Print Server and Internet Printing

role services follow these steps:

1. In Server Manager, right click Roles and select Add Roles, this will load the

Add Roles Wizard.

192
2. On the Before You Begin page, click Next.

3. On the Server Roles page, select the Print Services check box and click Next.

193
4. On the Print Services page, click Next.

5. On the Select Role Services page, select the Print Server and Internet

Printing check boxes, and click Next.

194
6. On the Confirmation page, click Install.

7. Wait for Installation Progress.

195
8. On the Results page, click Close.

196
 SELF CHECK 2.9

Direction: Choose the correct answer from the given options. Write your answer on a

separate sheet of paper.

A. File path F. Print and Document

B. Host-name Services
C. Internet Printing G. Print Management
D. Line Printer Daemon Service H. Print Server
E. Name Syntax I. Print Services
J. UNC path

1. Enables you to share printers on a network and centralize print server and

network printer management tasks by using the Print Management Microsoft

Management Console (MMC) snap-in.

2. Helps you monitor print queues and receive notifications when print queues

stop processing print jobs.

3. Role in Server Manager that enables you to share printers and scanners on a

network, setup print servers and scan servers, and centralize network printer

and scanner management tasks by using the Print Management and Scan

Management Microsoft Console (MMC) snap-ins respectively.

4. Required role service of the Print Services role.

5. Installs and starts the TCP/IP Print Server (LPDSVC) service, which enables

UNIX-based computers or other computers that are using the Line Printer

Remote (LPR) service to print to shared printers on this server.

6. Creates a Web site hosted by Internet Information Services

197
7. Naming system used in Microsoft Windows for accessing shared network

folders and printers on a local area network.

8. Identify network resources using a specific notation.

9. Consist of either a network name string set by an administrator and maintained

by a network naming service like DNS or WINS, or by an IP address.

10. References a local subdirectory beneath the share section.

198
 ACTIVITY SHEET 2.9
Print Services Terminologies

Direction: Find as much as 10 words in the word search puzzle. Write your answers

on a separate sheet of paper.

M E S Z E J B D K G T R H Z K
P X C L O T S F C N D E R H F
X R I I G G K D E N A T X Q F
G F I L V U V M T T I N G L C
P I L N P R U N E S N I V S B
M Y M A T C E N L F N R W B B
B A T W O I R S F L W P D Z S
E H N D Z E N X J Z I S Q G Z
W E X A T K A G W T O G Y T C
P I O N G T V A T O T B D B X
W G I G N E Z D J S L X T I L
O E H Y B O M E M Y O U Y A Y
Y E S I H J T E J I C H J L K
D S F Y E P T A N I N D R F L
F G U T Y J S M W T S O N E T

199
 ASSIGNMENT SHEET 2.9
Print Services

Direction: Write your answer on a separate sheet of pad paper.

Write procedures on how to deploy a printer driver in Windows Server 2008 R2.

(10 pts.)

200
REFERENCES:

IS2.5

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-

dc/active-directory-domain-services-overview

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2003/cc759186(v=ws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2003/images%5ccc759186.ccf65c10-edb1-4a3a-ad87-38775ee43b8a(ws.10).gif

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2003/images%5ccc759186.2fabcc84-463e-4ead-be8c-a9d5bad61281(ws.10).gif

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2003/images%5ccc759186.33e6bd85-d00a-41f4-8fce-9503ed0e22d7(ws.10).gif

https://www.howtogeek.com/99323/installing-active-directory-on-server-2008-r2/

https://www.howtogeek.com/wp-content/uploads/2011/12/xsshot-

1.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.85WT-7qwgu.png

https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-5.png

https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-6.png

https://www.howtogeek.com/wp-content/uploads/2011/12/xsshot-

7.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.TvwBELiGrV.png

https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-8.png

https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-9.png

https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-10.png

https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-11.png

https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-12.png

201
https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-13.png

https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-14.png

https://www.howtogeek.com/wp-content/uploads/2011/12/sshot-15.png

IS2.6

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc732575(v%3dws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-

server/cc958965(v=technet.10)

https://cdt.org/wp-

content/uploads/standards/ietf.shtml#:~:text=The%20Internet%20Engineering%20Ta

sk%20Force,community%20than%20a%20hierarchical%20organization.

https://searchnetworking.techtarget.com/definition/TCP-IP

https://en.wikipedia.org/wiki/IP_address

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-

server/cc958962(v=technet.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-

server/images%5ccc958962.cncc01(en-us,technet.10).gif

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-

server/images%5ccc958962.cncc05(en-us,technet.10).gif

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-

server/cc958980(v=technet.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-

server/images%5ccc958980.cncc02(en-us,technet.10).gif

202
IS2.7

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc726909(v=ws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc726954(v%3dws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc726862(v%3dws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc732944(v=ws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/images/dd380273.4a8e09bc-d127-44fe-ab60-

e850488e1fad(ws.10).gif

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-R2-and-2008/dd283016(v=ws.10)?redirectedfrom=MSDN

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-R2-and-2008/dd296703(v=ws.10)

https://www.blackbaud.com/files/support/infinityinstaller/infinity-

installation.htm#installermaster/tkaddadanddhcprolestoapplicationserver.htm%3FTo

cPath%3DBefore%20You%20Install%7C_____4

203
IS2.8

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc733004(v=ws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc732006(v%3dws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2012-R2-and-2012/jj127250(v=ws.11)?redirectedfrom=MSDN

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc754414(v%3dws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc732369(v%3dws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc771305(v%3dws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc731884(v%3dws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc771378(v%3dws.10)

https://www.youtube.com/watch?v=uJ0yVkCbiXY

http://tutorial.programming4.us/windows_server/Windows-Server-2008-R2---Adding-

the-File-Services-Role.aspx

204
IS2.9

Windows Help and Support for Windows Server 2008 R2

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-

2008-r2-and-2008/cc731857(v%3dws.10)

https://www.youtube.com/watch?v=DcNtcVmj8m8

http://techgenix.com/installing-the-print-service-server-role-in-windows-server-2008-

46/

https://www.lifewire.com/unc-universal-naming-convention-818230

205
206