Chapter Two

Windows Network
Concepts

1
 Windows Networking concepts
• Workgroups
– The workgroup is a collection of computers
that are part of the same network.
– All the computers are peers and do not have
control over another computer.
– The workgroup facilitates the detection of
the computers that are part of it and the
sharing of resources like folders or printers.

2
• Can be created only for computers that are part
of the same local network.
• They are designed for small networks like
those found in your home or small businesses.
• By default, all Windows computers are part of
a workgroup named WORKGROUP.

3
 Windows Networking concepts
What is Directory Service?

 A Directory Service is a software application that stores and organizes

information about the network users and resources.
 The Directory Service allows the network administrators to manage the
user’s access to the resources.
 The Directory acts as a central point of control and management of the
network operating system.

4
 Windows Networking concepts…

What is Directory?
• A directory, in the most generic sense, is a comprehensive listing of objects
or it is a listing that helps organize and locate things.

E.g. A phone book is a type of directory that stores information about people,
businesses, and government organizations. Phone books typically record names,
addresses, and phone numbers.
 AD DS is similar to a phone book in several ways, and it is far more
flexible.
 AD DS will store information about organizations, sites, computers,
users, shares, and just about any other network object that you can

imagine.
5
Windows Networking concepts…
– Main advantages of Directory Services are: -
 Directory Services help in Simplifying management: By
acting as a single point of management, a directory can ease
the administrative tasks associated with complex networks.
 Directory Services provide higher level of security.
Directories offer a single logon facility and they provide
more secure authentication process.
 Directory Services allow interoperability

6
 Windows Networking concepts….
 Most of Directory Services available today are based upon
industry standards like X.500, Lightweight Directory Access Protocol
(LDAP) etc. This allows sharing of resources in a heterogeneous
environment.
• There are two main Directory standards
X.500 and Lightweight Directory Access Protocol (LDAP)
 X.500
• It was a very good Directory Standard and provided a lot of
new functionality and security.
• The problem with X.500 was it was difficult to implement.
• The X.500 Directory Access Protocol (DAP) was too complex
and was using OSI network protocol instead of TCP/IP.
7
• X.500 is the OSI directory service. It defines the
following components:
 An information model—determines the form and character of
information in the directory.
 A namespace—allows the information to be referenced and
organized.
 A functional model—determines what operations can be
performed on the information.
 An authentication framework—allows information in the
directory to be secured.
 A distributed operation model—determines how data is
distributed and how operations are carried out.
8
 Lightweight Directory Access Protocol (LDAP): -
 The Lightweight Directory Access Protocol (LDAP)
was designed to remove some of the burden of X.500
access from directory clients, making the directory
available to a wider variety of machines and
applications.

9
 Active Directory
 Active Directory is a directory service. The term
directory service refers to two things
• a directory where information about users and resources is
stored and
• a service or services that let you access and manipulate
those resources.
 Active Directory is a way to manage all elements of
your network, including computers, groups, users,
domains, security policies, and any type of user-
defined objects.

10
 Active Directory
• It melds several Network services and tools that have
functioned separately so far User Manager for
– Domains,
– Server Manager,
– Domain Name Server and
– provides additional functions beyond these
services and tools.

11
 Active Directory
 Active Directory is a hierarchical framework of objects.

 This provides information of the various Active Directory objects,

such as resources, services, user accounts, groups, and so on, and
sets the access permission and security on these objects.
 Active Directory provides a central location for network
administration and security.
 Server computers that run Active Directory are called domain
controllers.

12
 Active Directory
 Active Directory stores information about
 objects on the network and
 makes this information easy for administrators and users to find
and use.

 Active Directory uses a structured data store as the basis

for
 a logical,
 hierarchical organization of directory information.

13
 Security is integrated with Active Directory through logon
authentication and access control to objects in the directory.
 With a single network logon, administrators can manage directory
data and organization throughout their network, and authorized
network users can access resources anywhere on the network.
 Policy-based administration eases the management of even the most
complex network.

14
• Active Directory is built around Domain Name System
(DNS) and lightweight directory access protocol
(LDAP)
– DNS because it is the standard on the Internet and is
familiar,
– LDAP because most vendors support it.

15
• Active Directory clients use DNS and LDAP to
locate and access any type of resource on the
network.
• Because these are platform-independent
protocols, Unix, Macintosh, and other clients
can access resources in the same fashion as
Windows clients.

16
 Active Directory domain also includes:

 A set of rules, the schema, that defines the classes of objects and
attributes contained in the directory, the constraints and limits on
instances of these objects, and the format of their names.
 A global catalog that contains information about every object in the
directory. This allows users and administrators to find directory
information regardless of which domain in the directory actually
contains the data.
 A query and index mechanism, so that objects and their properties
can be published and found by network users or applications.
17
 Active Directory domain also includes:

 A replication service that distributes directory data

across a network. All domain controllers in a domain
participate in replication and contain a complete copy of all
directory information for their domain.
 Any change to directory data is replicated to all domain
controllers in the domain.

18
 Basic Elements of Active Directories
 Active Directory structure is a hierarchical arrangement of
information about objects (i.e. base logical components of the AD
are objects and their associated attributes ).

 Object?
 An object is representation of real things such as a data file, a printer, etc.

 The objects fall into two broad categories: resources (e.g., printers)
and security principals (user or computer accounts and groups).

 Each object represents a single entity—whether a user, a computer, a

printer, or a group—and its attributes. 19
 Certain objects can contain other objects.

 An object is uniquely identified by its name and

has a set of attributes—the characteristics and
information that the object represents. It is defined
by a schema, which also determines the kinds of
objects that can be stored in Active Directory.

20
Domain
• A group of computers and devices on a network that
constitute a single security boundary within Active
Directory, but can span more than one physical
location
– Example:
• Let’s say you were the founder of Facebook and you started
with 100 employees and 100 computers, 1 website and 1
email server. All of those resources would belong
inside Facebook.com.

21
• Active Directory lets you create domains inside domains
– Let’s say you expand Facebook to Europe and EU law requires you to
have all European employees records physically stored in Europe. So
with Active Directory, you can create a domain
inside Facebook.com and call it Europe.Facebook.com – then
assign servers, computers and users inside this “Europe”
• Each has its own security policies and security relationships
with other domains
• Domains co-existing under the same namespace form a single
tree

22
Types of computers in a domain
• Domain controller
– A domain controller a server that takes care of managing Active
Directory
– A computer that stores a replica of the directory database
– Stores security policies and accounts
• Member server
– A Windows NT 4.0, 2000, or Server 2003 computer that is part of a
domain
– Does not store a replica of the directory database
• Client computers
– Computers running operating systems that can communicate with the
Active Directory for user authentication and resource access

23
Hierarchical structure of Active Directory

24
Organizational unit (OU)
• A container object for organizing objects within a domain
• Can contain users, groups, resources, and other OUs
• Enables the delegation of administration to distinct segments
of the directory, which provides more flexibility in managing
the objects in a business unit, department, or other
organizational division
• Administration of grouped OUs
– Creation and organization of child OUs
– Delegation of permissions within specific OUs
– Assignment of Group Policy links

25
Tree
• A set of one or more domains in a hierarchical
structure
• The first domain created in the forest is called the
forest root and this is where the forest name is
specified
• All domain trees in a forest share the same forest
root

26
• If a new tree is created after the forest root,
the first domain that is added to this tree is
called the root domain
• Domains under the root domain are called
child domains
• Any domain immediately above another
domain is called the parent domain

27
28
Forest (top-level) domain
• A group of one or more Active Directory domains
sharing a common schema, configuration, global
catalog, and two-way, transitive trusts
• All trees in a given forest trust each other through
transitive or two-way trust relationships
• A forest exists as a set of cross-referenced objects and
trust relationships known to the member trees
• Trees in a forest form a hierarchy for the purposes of
trust
29
30
Sites
• A location in a network holding Active
Directory servers
• Defined as one or more well connected TCP/IP
subnets, meaning that network connectivity is
highly reliable and fast

31
32
 File System
• Are a very basis of what system admin about
• Every task in host administration or network configuration
involves making changes to files.
• System admin focus on user functionality of the file system.
•How allowing file access to be restrictive to group of
users.
•What command are necessary to manage this

33
 UNIX/Linux file Model
• A hierarchal file system – make directories and
sub directory- make tree
• All file system in UNIX – like operating system
of index nodes or inodes – each file has an index
entry stored in the special part of the file system.
• The inodes contains essential information needed
to locate a file on the disk.
• Top/start of UNIX file tree is called root file
system or ‘/’.
34
 The file hierarchy

• The main subdirectories of the root directory

together with the most important file are
shown below. Their contents are as follows.

35
• / - the “the root directory”
• /bin – executable (binary) program.
• /etc – Unix system configuration and
information file
• /user – is where application software lives
together with all basic library.
• /usr/bin – more executable from the OS.

36
• /sbin – super user utilities (for performing system
administration tasks ).
• /dev – hardware devises.
• /home – user home directories personal file space
for each user.
• /temp – temporary file storage (can be used by any
user)
• /export – Network servers only use this. This
contains the disk space set aside for client machines
• /dev and /devices – a place where all logical devises
are collected 37
 Windows file model
• Like the UNIX file system, is a hierarchical file
system with files and directories, but not
group membership. files do not have a set of
default permission bits as does UNIX. instead
they all have full-blooded ACL's which assign a
set of permission to specific user.

38
 File hierarchy
• Window file system is changed through the
different versions.
• The system root is usually stored in c:\WintNT.
• C:\I368 – the directory contains binary code
and data for the windows operating system.
• C:\program files – official location for the new
software.

39
• C:\Temp – temporary scratch space
• C:\WinNT – the root directory for the window
system.(only for operating system files)
• C:\WinNT\config – configuration information
for programs.
• C:\WinNT\system32 – this is so called system
root.(most system applications and data are
kept)

40
 Logs and Audits
• Operating system kernels share resources and offer
services.
• Logging or auditing – keeping lists of transactions
which have taken place, one can later go back and see
exactly what happened at a given time
• It is important to know break-ins from system crackers
and want to be able to trace the activities of the system
in order to be able to look back and find out the
identity of a cracker.
• Full system auditing(logging every single operation
that the computer performs) consumes vast amounts of
disk space and CPU time. 41
• It is generally inadvisable unless one has a
specific reason to audit the system.
• Auditing is issue again in connection with
security.

42
 Privileged accounts
• Is used to configure and maintain the system.
• Have access to the whole system, without regard for
restriction.
• In UNIX the privileged account is called root(super-
user).
• In windows the administrator account is similar to
Unix’s root, except that the administrator does not
have automatic access to everything as does root-first
granted access to an object.

43
• Administrator and root accounts should never
be used for normal work.
• To use the privileged accounts as a normal
user account would be to make the system as
insecure as the insecure systems we have
mentioned above.

44