[Exam 70-270] – Chapter 1/Lesson 3 – Workgroups and Domains
Oct0
I- Workgroups
- Workgroup is a logical grouping of networked computers that share resources such as files/printers.
- Workgroup is also called a peer-to-peer network because all computers can share resources equally without having a dedicated server.
- Each computer maintain its local own security database.
1- Advantage
- Decentralized administration since each computer maintain its own local security database.
- Does not require a domain controller to hold centralized security information thus making managing a workgroup easier.
- Does not require extensive planning and designing.
- Provides a convenient networking solution for computers in close proximity.
2- Disadvantage
- Workgroup is impractical if the network has more than 10 computers.
- A user must have a local account for every computer that the user wants to access.
- Any changes on any user account on any computer must also be performed on all remaining computers. For example: user A changes password on computer A. If user A wants to access computer B using the updated password, user A must also update the password on computer B.
II- Domains
- Domain is a logical grouping of networked computers that share a central directory database also known as the directory.
- This directory holds user accounts and security for the domain.
- This directory is a database portion of Active Directory service, which is the Windows 2003 directory server.
- In a domain, a domain controller is a server that holds the Active Directory database, and all security related information of the domain.
- A domain does not refer to a single location or any type of network configuration. In another word, a domain can consist of networked computers that are located on 2 opposite sides of the world. Any networked computer in a domain can interact with each other regardless of location.
- A person cannot log on locally to a domain controller machine because that computer does not have a local user database.
1- Advantage
- Centralized administration since all user accounts and security are located on the Active Directory on a single machine (domain controller server(. Any changes to this database will affect every other computer network-wide.
- Since user accounts are maintained by the domain controller, logon authentication only happens on the server side, not on the local computer side. Thus users can logon to any computer in the network regarding of its local security/account database.
- Feasible for creating large scale network of computers with hundred, or thousands of computers.
2- About domain controllers running on Windows Server 2003
- Domain controller does not maintain a security database. You cannot logon locally to a domain controller computer.
- Each domain controller grants logon access to domain users by validating the user’s credentials against the Active Directory database.
- If there are more than one domain controllers in a domain, each domain controller replicate its directory periodically so that all the domain controllers can have a copy of the Active Directory.
- A member server is a computer that is not configured as a domain controller but is in charge of providing shared resources such as files/printers.
[Exam 70-270] – Chapter 1/Lesson 2 – Windows XP SP2
Oct0
I- How to determined if you have Windows XP SP2
1- Start -> Run -> winver.exe -> enter
2- Start -> Right click on my computer -> General Tab will tell you
II- Major enhancements in Windows XP SP2
1- Security Center – is an entirely new feature provided by the XP SP2. Security features routinely checks on status of the following components
1.1- Windows Firewall – detects whether the computer has any firewall software. If the computer doesn’t, security center will warn you about this if you click on the Security Center baloon on the bottom right of the taskbar.
1.2- Automatic Updates – detects the setting of automatic updates in XP. Security Center will make recommendation regarding to the setting of automatic updates in your computer if you don’t already have automatic updates set to enable or you set it to turned off.
1.3- Virus Protection – detects whether you have antivirus in your computer. If your computer does, Security Center will check to see if the virus definition is up-to-date.
2- Automatic Updates – Windows XP automatic updates connects periodically to Windows Update on the internet to check for the latest updates, and patches for the computer. Automatic Updates can then download, and install the updates automatically in the background or it can prompt the administrator to perform an appropriate action. Additional enhancements provided by XP SP2 are:
2.1- added expanded support for Microsoft Office, and Microsoft products.
2.2- previous automatic update can only download critical updates. The new version now can download critical updates, security updates, update roll-ups, and service packs.
2.3- prioritizes the updates based on importance and size of the updates.
2.4- more automated than the old version. THe EULAs pop up has been eliminated. The users now can decided whether to restart the computer after the update.
3- Windows Firewall - a firewall protects a computer from outside attack by only allow specified traffic to travel into the computer. Previous version of windows firewall named ICF (Internet Connection Firewall) is now replaced by Window Firewall in the XP SP2. Windows Firewall is a sateful, host-based firewall software that blocks all incoming traffic that does not meet one of the following requirements:
- Solicited traffic – valid traffic that is sent in response to a request by the computer.
- Excepted traffic – traffic that is manually configured to pass through the firewall.
Windows Firewall has numerous enhancements/characteristic such as the following:
3.1- Enabled by default – when updated to Windows XP SP2, Windows Firewall will be enalbed by default to protect all network connections.
3.2- Global settings – Windows Firewall has a global setting feature that affect the firewall settings of all internet connections. Of course, user can always change the settings of each internet connection manually.
3.3- New interface – in the previous version, you have to click Settings on the Advanced tab to configure your firewall settings. In Windows XP SP2, when you click Windows Firewall, all the tabs are now consolidated into 1 interface.
3.4- Prevent excepted traffic – in ICF, you can only either enable or disable all traffic (either solicited or excepted). With Windows Firewall, you can still allow solicited traffic but disable excepted traffic at the same time.
3.5- Startup Security – in Windows XP SP2, Windows Firewall protects the network connection as soon as it becomes active.
3.6 – Traffic source restriction – now you can apply firewall rule based on individual IP or a range of IP.
3.7 – Excepted traffic based on file names – with Windows Firewall, you can simply add the application name into the firewall list. Windows Firewall will then add the ports that the application uses into the list of accepted incoming traffic.
4- Internet Explorer – many enhancements are introduced into IE by XP SP2
4.1- Information bar -notifies users regarding current activities happening in the browser. Activity such as blocked ActiveX install request, blocked pop-up windows, and blocked download request.
4.2- Pop-up blocker – IE now has its own pop-up blocker add-on. When a pop-up is blocked, a notification is showed up on the Information Bar. User then can left click on the bar to choose whether or not to view the pop-up or block the pop-up indefinitely from that particular website.
4.3- File download prompt – users now are prompted to accept or reject downloads from the Internet. This prevents malicious files to download themselves automatically without users’ permission.
4.4 – Add-on management – users now can disable/enable add-ons that they install through the add-on interface under Internet Options/Programs/Manage-addon.
III- Lesson Review
1) After Windows XP SP2 is installed, IE combines many of the common dialog boxes that prompt users for input into an area called Information Bar.
2) Windows Firewall
- is enabled by default
- protects a network connection as soon as the connection becomes active
The Linux Directories
Oct0
The root (/) directory
The root directory begins with the / symbol
The /bin directory
This directory stores system binaries or programs used to oeprate the system. Non-critical programs or binaries are stored in the /usr/bin directory.
The /boot directory
This directory holds all the files needed to boot the system, except the configuration files. Files included are the kernal, boot loaders, and message files defining the text printed on the loading screen.
The /dev directory
This directory stores all devices used to access different hardware components in the system. Some devices are disk drives, floppy disks, tap drives, terminals, console, serial ports, parallel ports, and sound card.
To view devices currently connected on your computer
cd /dev
ls -lk
The /etc directory
This directory contains a variety of system configurations files needed for system initilization. All users can read files in this directory but only administrators can execute the files.
The /home directory
The /home directory is to store user’s home directory. The root’s home directory is located inside /root instead.
The /lib directory
This directory stores shared libraries allowing Linux’s executables to have smaller file size and denser features without the need of recompiling.
The /mnt directory
This directory to store references to external file systems or devices.
The /opt directory
This directory is a holdover from Unix where /opt hosts additional or add-on software.
The /proc directory
This directory hold dynamic information generated from related system processes such as the kernal, network devices, etc…Each process is a folder with permission to access the process environment. Use ls -l to view long listing type of this folder.
ls -l
The /root directory
Not to be confused with the / directory, the /root directory is the home directory for root user.
The /sbin directory
This directory contains executables that can only be run by the root users. Many of these executables are essential for booting up the system.
The /tmp directory
This folder is used to store temporary files that lasts only a short period of time. This is an efficient way to manage files since most of these temporary files get deleted after a restart of the system or after a termination of a program.
The /usr directory
This directory is enormous that comes with a directory structure of its own.
The /usr/bin directory stores non-critical system executable files, even most of them are launched on a basis.
The /usr/dict directory stores spell checking command files.
The /usr/etc directory used to store configuration files but now no longer used for that purpose.
The /usr/games directory does not have to hold third party games but can be used for that purpose.
The /usr/include and /usr/lib are used to store the C compiler’s include and library files.
The /usr/sbin directory does not store critical system administration file.
The /var directory
Usually user mailboxes, system log files, and spool logs are stored in this directory.
The /var directory
lock – lock files for system processes
log – log files for login/logout, current users, syslog, httpd, ftpd, mail, and spool file.
run – files created for the current system run level.
spool – data that has been spooled for processing, such as print jobs.
state – system state variables.
Linux – setserial command
Oct0
Serial ports on Linux are named ttyS followed by a number corresponding to the actual DOS COM port. For example
ttyS0 –> COM1
ttyS1 –> COM2
ttyS2 –> COM3
ttyS3 –> …you get the idea
The /dev directory holds information essential to operating these ports. setserial lists and configure the serial port configurations. To list all the serial ports, type
ls /dev/ttys*
setserial -g /dev/ttyS* prints out the configuration information for each serial port
Linux – date command
Oct0
To change the date and time, type su, enter your password, then become root. Or sudo if you have a different setup.
You must adhere to the following format when setting date and time
MMDDhhmmCCYY.ss
MM 2 digits month
DD 2 digits day of the month
hh 2 digits hour in 24-hour clock format
mm 2 digits minute
CC 2 digits century
YY 2 digits year
ss 2 digit seconds
For example: change the date and time to October 10 2008, 11:34:35 EDT
Change Date/Time
steps to successfully authenticate through an ISA Proxy on Linux
Oct0
Who need this?
A person who is using Linux and try to authenticate himself/herself through Microsoft ISA Proxy.
Does Linux use ISA Proxy Authentication?
I’m not 100% sure but I know for a fact that even if you set System Proxy Settings, apt-get still is not going to work. I did some search on google and found that apt-get does not understand the algorithm used in the ISA server.
How to fix this?
Download, configure, and run NTLM, a program that enable apt-get to understand ISA Proxy Authentication algorithm.
Where to get this file?
http://sourceforge.net/project/showfiles.php?group_id=69259
Download and extract the gz file
Download the file then extract the folder onto your Desktop.
How to configure?
I’m using Ubuntu 8.0.4, the instruction may be different if you are using a different Linux flavor.
You can read the INSTALL file included in the package, but if you don’t want to you can read the image instruction (that’s why I’m writing this post).
Navigate to the NTLMaps folder using whichever method best suited for you. I’m a beginner so I use the GUI way.
NTLMaps Folder
Double click on the server.cfg to open up the file. Now you can configure your proxy. Now inside this file, there are many lines like the one below that allow you to configure your proxy settings. You will have to go through the entire text file to look for these lines.
Listening port on NTLMaps
Leave this port alone unless you want to use a different port.
Parent Proxy/Port
Put your parent proxy address and port number here.
Windows domain
The text suggests that you should put only the NT Domain name, not full qualified domain name. I put my company’s full qualified domain name and it still works, your company may be different, try the full qualified domain name if the NT domain name does not work out for you.
Windows Username
Put your network log on name here. My company uses Windows logon username to authenticate through the proxy, your company may be different.
Windows Password
Put your network log on password here. My company uses Windows logon password to authenticate through the proxy, your company may be different.
Now the basic configuration is complete, how do I start this program?
Start Terminal, navigate to your NTLMaps folder, type python main.py to start the program
Start NTLMaps
Now how do I tell Linux to direct all Microsoft proxy authentication to NTLMaps?
The instruction is also included in the server.cfg file but you can read the images if that’s better for you.
Network Proxy
Network Proxy Configure
Navigate to SystemPreferencesNetwork Proxy and select Manual proxy configuration. Enter 127.0.0.1 for HTTP Proxy and port 5865. Make sure you also check the box “Use the same proxy for all protocols.”
Now you are done. All proxy authentication will not be directed back to NTLMaps for process.
Conclusion
This method WORKS. You can browse the internet as well as using apt-get. However, Website access is slower now since you have to authenticate again by going through NTLMaps.
Why people don’t want to pay to repair their computers ?
Sep0
To be honest with you guys, I don’t exactly know for sure but I have theorized some answers based on my 6 months working at a huge computer maker [company]:
1) First, users who know absolutely nothing about the computer think the computer is the problem, not themselves.
I remember talking to this insane customer on the phone long ago. He claimed that [company] needs to reimburse him for the loss of his data due to the the [company]’s defective HDD. As normal procedure for a call center, I told him that his warranty on the laptop does not cover for the loss of data that may occur during either normal or abnormal operation, but then of course he wouldn’t listen. I told the guy I would replace the HDD for free but not the data (duh stupid).
2) Second, computer users think everything that is related to technology should be free. No I’m serious, this is an “out of this world, GTFO, WTF, are you serious” idea but it’s a reality in today’s world.
Let me give you an example. We all know the famous Microsoft Office software (Word, Excel, Powerpoint, etc…). I bet we all know how popular it is, how useful it is, and most important how expensive it is. Despite my respect for appreciating the makers of all things, most of my customers on the phone do not. Usually 10% of my phone call is related to this type of situation where my customers assume Microsoft Office should be shipped along with Microsoft Windows. I got nothing else to say here but “stupidity is contagous.”
Let’s take a look at another ridiculous situation. This guy called me around 8 p.m. on Saturday for a repair on his out-of-warranty laptop. I quoted him a price and he told me it should be free. I asked him why and he said “Well, my HP lasted 3 years and this one only lasts for a year, it’s unacceptable.” Now let’s imagine him being at the car dealer trying to negotiate the repair cost of his 1998 Mercedes E320 by saying “Well my Honda lasted 200k miles, this one only lasts 100k miles, it’s unacceptable.” You get the message.
We can’t leave this section just yet, let’s talk about the the last but also MOST famous situation of all, configuring wireless. At [company], wireless problems related call is so common, it’s so common that [company] even drafted a special sheet of what they call “responsiblity sheet” to identify if the tech rep should disengage from the call the moment he hears the buzz word. Here are some of the buzz word from the sheet and from my experience:
- I try to use the wireless from the Bonzo’s wireless network (wireless pirates alert, ask the pertinent question “Sir, are you the owner of the network?”. Usually they hang up after this question.)
- I need help configuring my router (and the manufacture’s technical support phone number is…)
- How do I use wireless (wireless for dummies is available for sale now on amazon.com)
But anyway, this isn’t really a repair situation but if things don’t work, they are defective that in turn can be repaired. If you do not go to a Mercedes dealer to ask them to show you how to operate the radio, you shouldn’t call your computer’s maker up to ask them to show you how to send an email. All things cost money either mentally or physically, in this case, it’s physical, US dollars $.