logging in or signing up server administrator part 2 Network Monitor Driver and Network Moni baluglow Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 41 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: December 23, 2011 This Presentation is Public Favorites: 0 Presentation Description server administrator part 2 Network Monitor Driver and Network Moni by Sai Bala subrahmanyam Comments Posting comment... Premium member Presentation Transcript Network Monitor Driver and Network Monitor: Network Monitor Driver and Network Monitor Network Monitor Driver: Enables a Microsoft-based server or workstation NIC to gather network performance data for assessment by the Microsoft Network Monitor Network Monitor: A Windows NT and Windows 2000 network monitoring tool that can capture and display network performance data Sai Bala SubrahmanyamServer Activities to Monitor : Server Activities to Monitor Sai Bala Subrahmanyam Figure 15-1 Using Network Monitor Driver to gather network performance information on two separate networksInstalling Network Monitor Driver: Installing Network Monitor Driver To install Network Monitor Driver: Open the Network and Dial-Up Connections tool Right-click Local Area Connection Click Properties Click Install Double-click Protocol Double-click Network Monitor Driver Sai Bala SubrahmanyamInstalling Network Monitor Driver (continued): Installing Network Monitor Driver (continued) Sai Bala Subrahmanyam Figure 15-2 Installing Network Monitor DriverUsing Network Monitor: Using Network Monitor Network Monitor tracks information such as: Percent network utilization Frames and bytes transported per second Network station statistics Statistics captured for a specific interval of time Transmissions per second Sai Bala SubrahmanyamUsing Network Monitor (continued): Using Network Monitor (continued) Broadcast, unicast, and multicast information NIC statistics Error data Addresses of network stations Other network computers running Network Monitor and Network Monitor Driver Sai Bala SubrahmanyamInstalling Network Monitor : Installing Network Monitor The general steps to install Network Monitor are: Open the Add/Remove Programs tool Double-click the component, Management and Monitoring Tools Check Network Monitor Tools Sai Bala SubrahmanyamInstalling Network Monitor (continued) : Installing Network Monitor (continued) Sai Bala Subrahmanyam Figure 15-3 Installing Network Monitor toolsStarting Network Monitor : Starting Network Monitor The general steps for starting a capture session in network monitor are: Start Network Monitor from the Administrative Tools menu Select the network to monitor Click the Capture button to start capturing information Click the Stop Capture button to stop capturing information Sai Bala SubrahmanyamCapturing Network Data: Capturing Network Data Sai Bala Subrahmanyam Figure 15-4 Network Monitor capturing data Total pane Graph pane Session pane Station paneMonitoring Tip : Monitoring Tip As is true of other monitoring tools, Network Monitor can create an extra load on a server Sai Bala SubrahmanyamNetwork Monitor Display : Network Monitor Display Data captured in Network Monitor is displayed interactively in four window panes, but can be customized to show only one, two, or three panes Sai Bala SubrahmanyamNetwork Monitor Panes : Network Monitor Panes Sai Bala SubrahmanyamViewing a Line-by-Line Report: Viewing a Line-by-Line Report After data is captured, you can view a line-by-line capture summary report by clicking the Stop and View Capture button Sai Bala SubrahmanyamViewing a Line-by-Line Report : Viewing a Line-by-Line Report Sai Bala Subrahmanyam Figure 15-5 Viewing capture summary dataCapture Summary Window Information: Capture Summary Window Information Sai Bala Subrahmanyam Table 15-2 Capture Summary Window InformationCapture Summary Window Information (continued): Capture Summary Window Information (continued) Sai Bala SubrahmanyamFinding Specific Capture Summary Information: Finding Specific Capture Summary Information Use the Find button in the capture summary display to find specific information Sai Bala SubrahmanyamUsing Find: Using Find Sai Bala Subrahmanyam Figure 15-6 Finding Transmission Events Associated with Server LawyerMonitoring Filter : Monitoring Filter Network Monitor has a built-in ability to configure a filter Filter: A capacity in network monitoring software that enables a network or server administrator to view only designated protocols, network events, network nodes, or other specialized views of the network Sai Bala SubrahmanyamCreating a Filter: Creating a Filter To create a filter in network monitor: Click the Edit Capture Filter button and click OK Set the specific parameters by double-clicking any of: SAP/ETYPE, Address Pairs, and Pattern Matches Click OK Continue Capturing data Sai Bala SubrahmanyamSelecting Filter Options: Selecting Filter Options Sai Bala Subrahmanyam Figure 15-7 Creating a filterConfiguring SAPs and ETYPEs: Configuring SAPs and ETYPEs Sai Bala Subrahmanyam Figure 15-8 Selecting a protocol to capture in a filterSAP and ETYPE: SAP and ETYPE Server Access Point (SAP): A service access point, which specifies the network process that should accept a frame at the destination, such as TCP/IP Ethertype (ETYPE): A property of an Ethernet frame that includes a specialized two-byte code used for particular vendor functions Sai Bala SubrahmanyamCapture Trigger: Capture Trigger Besides filtering, Network Monitor supports using capture triggers Capture trigger: Used as a way to have Network Monitor perform a specific function when a predefined situation occurs, such as stopping a capture of network data when the capture buffer is 50% full Sai Bala SubrahmanyamSetting up a Trigger : Setting up a Trigger Sai Bala Subrahmanyam Figure 15-9 Setting up a triggerTroubleshooting Tip: Troubleshooting Tip Check the Graph pane for a quick assessment of performance statistics for: % Network Utilization Frames Per Second Bytes Per Second Broadcasts Per Second Multicasts Per Second Sai Bala SubrahmanyamDiagnosing Common Problems: Diagnosing Common Problems Use Network Monitor to diagnose problems such as: A NIC creating a broadcast storm Inefficient multimedia applications Problems with bridges, switches, and routers Problems with particular a workstation An overloaded server Sai Bala SubrahmanyamFinding a Broadcast Storm: Finding a Broadcast Storm A broadcast storm is a situation in which one or more devices, such as a failing NIC, are saturating the network with traffic Use the Network Monitor Broadcasts Per Second statistic to help determine if there is a broadcast storm and then check the Session and Station panes for the device(s) sending the broadcast(s) Sai Bala SubrahmanyamLocating Unauthorized Network Monitor Users: Locating Unauthorized Network Monitor Users Network Monitor can create problems when it is used by network intruders or unauthorized users You can view all of the Network Monitor users by clicking the Tools menu and then clicking Identify Network Monitor users Sai Bala SubrahmanyamViewing Network Monitor Users: Viewing Network Monitor Users Sai Bala Subrahmanyam Figure 15-10 Identifying all Network Monitor usersSNMP: SNMP The Simple Network Management Protocol (SNMP) is used to gather standardized network performance information and to control network devices Sai Bala SubrahmanyamSNMP Stations: SNMP Stations SNMP uses two kinds of network stations: Network Management Station (NMS): Monitors and manages devices configured with SNMP and collects information Agent: Any device configured for SNMP from which an NMS can collect data – SNMP agents include servers, workstations, routers, switches, and hubs Sai Bala SubrahmanyamMicrosoft Systems Compatible with SNMP: Microsoft Systems Compatible with SNMP The following systems can be managed through SNMP: Windows 2000 and NT servers Windows 2000 and NT workstations WINS servers DHCP servers IIS servers Microsoft RAS and IAS servers Sai Bala SubrahmanyamInstalling SNMP: Installing SNMP To install SNMP: Open the Add/Remove Programs tool Click Add/Remove Windows Components Double-click Management and Monitoring tools Check Simple Network Management Protocol and click OK Click Next and then click Finish Sai Bala SubrahmanyamConfiguring SNMP: Configuring SNMP After installing SNMP, configure one or more community names for security Community name: In SNMP communications, a password used by network agents and the network management station so that their communications cannot be easily intercepted by an unauthorized workstation or device Sai Bala SubrahmanyamConfiguring SNMP (continued): Configuring SNMP (continued) Sai Bala Subrahmanyam Figure 15-11 Configuring the community nameSNMP Trap: SNMP Trap SNMP enables you to configure a trap Trap: A specific situation or event detected by SNMP that a network administrator may want to be warned about or to track via a network management station, such as when a network device is unexpectedly down or offline Sai Bala SubrahmanyamTroubleshooting Tip: Troubleshooting Tip If a trap that you set does not work, make sure that the SNMP Trap Service is started and set to start automatically in Windows 2000 Server Sai Bala SubrahmanyamMonitoring a Network with System Monitor: Monitoring a Network with System Monitor System Monitor contains a wide range of objects for monitoring a network Some objects only appear in System Monitor if you have a particular protocol installed Sai Bala SubrahmanyamSystem Monitor Network Monitoring Objects: System Monitor Network Monitoring Objects Sai Bala Subrahmanyam Table 15-3 System Monitor Network Monitoring ObjectsSystem Monitor Network Monitoring Objects (continued): System Monitor Network Monitoring Objects (continued) Sai Bala SubrahmanyamSystem Monitor Network Monitoring Objects (continued): System Monitor Network Monitoring Objects (continued) Sai Bala SubrahmanyamSystem Monitor Network Monitoring Objects (continued): System Monitor Network Monitoring Objects (continued) Sai Bala SubrahmanyamMonitoring NICs, Servers, and Network Devices: Monitoring NICs, Servers, and Network Devices System Monitor can be used to monitor the NIC at the server to make sure that it is working properly System Monitor is also used to monitor for network problems at the server and between the server and network devices Sai Bala SubrahmanyamUsing System Monitor Objects to Monitor the NIC, Server, and Network Devices: Using System Monitor Objects to Monitor the NIC, Server, and Network Devices Sai Bala Subrahmanyam Table 15-4 Using System Monitor Objects and Counters to Monitor the NIC, Server, and Network DevicesUsing System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued): Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued) Sai Bala SubrahmanyamUsing System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued): Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor Protocols: Using System Monitor Objects and Counters to Monitor Protocols Sai Bala Subrahmanyam Table 15-5 Using System Monitor Objects and Counters to Monitor ProtocolsUsing System Monitor Objects and Counters to Monitor Protocols (continued): Using System Monitor Objects and Counters to Monitor Protocols (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor Server and Network Bottlenecks: Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecks Sai Bala Subrahmanyam Table 15-6 Using System Monitor Objects and Counters to Monitor Server and Network BottlenecksUsing System Monitor Objects and Counters to Monitor Server and Network Bottlenecks (continued): Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecks (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor a Web Server: Using System Monitor Objects and Counters to Monitor a Web Server Sai Bala Subrahmanyam Table 15-7 Using System Monitor Objects to Monitor a Web ServerUsing System Monitor Objects and Counters to Monitor a Web Server (continued): Using System Monitor Objects and Counters to Monitor a Web Server (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor a Web Server (continued): Using System Monitor Objects and Counters to Monitor a Web Server (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor SMTP Services: Using System Monitor Objects and Counters to Monitor SMTP Services Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor SMTP Services (continued): Using System Monitor Objects and Counters to Monitor SMTP Services (continued) Sai Bala SubrahmanyamNetwork Tuning Tips: Network Tuning Tips Keep NIC drivers updated Replace slow NICs Tune the network access order Implement TCP/IP exclusively, if possible Purchase servers that are equipped to keep up with the server load Sai Bala SubrahmanyamNetwork Tuning Tips (continued): Network Tuning Tips (continued) Monitor for excessive BPDU broadcasts Monitor the network for saturation from broadcast storms Replace aging, slower network devices with newer, faster devices Use multimedia applications that support multicasting Upgrade bandwidth to match the load Sai Bala SubrahmanyamChapter Summary: Chapter Summary Monitoring a network is as important as monitoring a server Establish network benchmarks to help in preventing and diagnosing problems Install the Network Monitor Driver and Network Monitor together to enable network monitoring from Windows 2000 Server Sai Bala SubrahmanyamChapter Summary: Chapter Summary Install Microsoft SNMP service to take advantage of SNMP-based network management station monitoring Use the System Monitor’s network-related objects, counters, and instances for in-depth network monitoring, particularly of protocols Sai Bala SubrahmanyamChapter 8: Managing Accounts and Client Connectivity : Chapter 8: Managing Accounts and Client Connectivity Sai Bala SubrahmanyamLearning Objectives: Learning Objectives Establish account naming conventions Configure account security policies Create and manage accounts, including setting up a new account, configuring account properties, delegating account management, and renaming, disabling, and deleting an account Sai Bala SubrahmanyamLearning Objectives (continued): Learning Objectives (continued) Create local user profiles, roaming profiles, and mandatory profiles Configure client network operating systems to access Windows 2000 Server, and install client operating systems through Remote Installation Services Sai Bala SubrahmanyamAccount Policies: Account Policies Account policies: security measures set up in a group policy, such as for a domain or local computer Account policies particularly focus on: Password security Account lockout Kerberos security Use the Group Policy MMC snap-in to set up account policies Sai Bala SubrahmanyamSetting Account Policies: Setting Account Policies Sai Bala Subrahmanyam Figure 8-1 Account policiesPassword Policy Options: Password Policy Options Enforce password history : Enables you to require users to choose new passwords when they make a password change, because the system can remember the previously used passwords Maximum password age : Permits you to set the maximum time allowed until a password expires Minimum password age : Permits you to specify that a password must be used a minimum amount of time before it can be changed Sai Bala SubrahmanyamPassword Policy Options (continued): Password Policy Options (continued) Minimum password length : Enables you to require that passwords are a minimum length Passwords must meet complexity requirements : Requires passwords to be complex (use upper and lowercase letters, numbers and special characters; cannot contain the user name, etc.) Sai Bala SubrahmanyamAccount Lockout Policy Options: Account Lockout Policy Options Account lockout duration : Permits you to specify in minutes how long the system will keep an account locked out after reaching the specified number of unsuccessful log on attempts Account lockout threshold : Enables you to set a limit to the number of unsuccessful tries to log onto an account Sai Bala SubrahmanyamAccount Lockout Policy Options (continued): Account Lockout Policy Options (continued) Reset account lockout count after : Enables you to specify the number of minutes between two consecutive unsuccessful logon attempts to make sure that the account will not be locked out too soon Sai Bala SubrahmanyamKerberos Policy Options : Kerberos Policy Options Enforce user logon restrictions : Turns on Kerberos security, which is the default Maximum lifetime for a service ticket : Determines the maximum amount of time in minutes that a service ticket can be used to continually access a particular service in one service session Maximum lifetime for a user ticket : Determines the maximum amount of time in hours that a ticket can be used in one continuous session for access to a computer or domain Sai Bala SubrahmanyamCreating Accounts: Creating Accounts On a member server (not a domain controller) use the Local Users and Groups MMC snap-in to create accounts On a domain controller, use the Active Directory Users and Computers MMC snap-in to create accounts in the domain. Sai Bala SubrahmanyamCreating an OU: Creating an OU To create an OU: Click the container in which to create the OU, such as the domain or another OU Click the Create a new organizational unit in the current container button Enter the name of the OU Click OK Sai Bala SubrahmanyamDelegating Authority in an OU: Delegating Authority in an OU To delegate authority: Right-click the OU and click Delegate control Click Next after the wizard starts Click the Add button and specify the accounts, groups, or computers to have the control Click OK and click Next Select the tasks to delegate and click Next Click Finish Sai Bala SubrahmanyamDelegation of Control Options: Delegation of Control Options Sai Bala SubrahmanyamUsing Find to Locate an Account: Using Find to Locate an Account To locate a particular account in order to maintain it: Right-click the domain Click Find Enter the username or the account holder’s name Click Find Now Sai Bala SubrahmanyamAccount Maintenance Activities: Account Maintenance Activities Typical account maintenance activities include: Disabling an account, such as when a user takes a leave of absence Enabling an account, such as when a user returns Renaming an account, such as when one user leaves and another user is hired into the same position Moving an account, such as into a different OU Sai Bala SubrahmanyamAccount Maintenance Activities (continued): Account Maintenance Activities (continued) Typical account maintenance activities include (continued): Deleting an account, such as when a user leaves the organization and there will be no replacement Resetting a password for users who do not remember theirs Account auditing to track certain kinds of activity performed by an account holder Sai Bala SubrahmanyamSample Events that Can be Audited for an Account: Sample Events that Can be Audited for an Account Logon and logoff activity Account modifications through account management tools Accesses to files and other objects (for files, folders, and objects that are set up to be audited) Sai Bala SubrahmanyamTroubleshooting Tip: Troubleshooting Tip Management will usually want to audit EVERYTHING Use account auditing sparingly because every audited event is written to the Security log. A server can be overloaded by devoting too much of its resources to auditing. Sai Bala SubrahmanyamUser Profiles: User Profiles What is a profile? Windows maintains a group of settings for each individual user that logs into the system. This group of settings is known as a user “profile” What is included in a profile? Most anything that users may wish to set independently from other users (favorites, desktop wallpaper, email settings, web browser home page, etc.) Sai Bala SubrahmanyamUser Profiles: User Profiles Where are profiles stored? Under the “Documents and Settings” folder on the boot partition. Each time a new user logs in, a new profile is created for them based on the “Default” user profile. Sai Bala SubrahmanyamLocal vs. Roaming User Profile: Local vs. Roaming User Profile Local user profile: a user profile that is stored locally on the boot partition under “Documents and Settings”. Since the profile is local, it will only work on the machine on which it is created. Roaming user profile: a user profile that is copied to a network server so that it can be downloaded to each workstation where the user logs on. This allows the profile to “roam” with the user. Sai Bala SubrahmanyamMandatory User Profile: Mandatory User Profile Mandatory User Profile: A user profile set up by the server administrator that is loaded from the server to the client each time the user logs on. Changes that the user makes to the profile are not saved. Used to lock down the desktop and prevent users from customizing it. Sai Bala SubrahmanyamAssociating a Profile with an Account: Associating a Profile with an Account Sai Bala Subrahmanyam Figure 8-9 Setting a roaming profile in an account’s propertiesActive Directory Support for Non-Windows 2000 Clients: Active Directory Support for Non-Windows 2000 Clients Plan to install Directory Service Client (DSClient) on Windows 95 and Windows 98 clients DSClient enables non-Windows 2000 Clients for: Kerberos authentication Ability to view and search objects published in the Windows 2000 Active Directory Access a Windows 2000 Distributed File System The Directory Service client can be found on the Windows 2000 Server CD-ROM Sai Bala SubrahmanyamSetting Up Client Desktops Using Group Policy and Security Policy: Setting Up Client Desktops Using Group Policy and Security Policy Use the Group Policy snap-in to set up group policies that govern clients Group Policy can only be applied to Windows 2000 or later clients. The System Policy Editor (Poledit.exe) can be used to configure system policies for Windows NT and Win9x. Sai Bala SubrahmanyamRemote Installation Services: Remote Installation Services Remote Installation Services (RIS): Services installed on a Windows 2000 Server that enable you to remotely install Windows 2000 Professional on one or more client computers Sai Bala SubrahmanyamRIS Pre-Installation Steps: RIS Pre-Installation Steps Purchase the appropriate number of Windows 2000 Professional licenses Make sure the Active Directory is implemented and that there are DHCP and DNS servers on the network Create a Windows 2000 Professional operating system image on a standard PC Create user accounts for the Windows 2000 Professional clients (called pre-staging the clients). This prevents unauthorized users from using Windows 2000 licenses. Sai Bala SubrahmanyamRIS Installation Steps: RIS Installation Steps Installing RIS is a two stage process: First install RIS using the Control Panel Add/Remove Programs tool Configure RIS from the Add/Remove Programs tool Sai Bala SubrahmanyamInstalling RIS on the Client: Installing RIS on the Client Install in one of two ways: Using a computer that has a boot-enabled PXE compliant NIC Creating a remote boot disk Both methods use the Preboot eXecution Environment (PXE):Services that enable a prospective client to obtain an IP address and to connect to a RIS server in order to install Windows 2000 Professional Sai Bala SubrahmanyamInstalling RIS on the Client: Installing RIS on the Client After booting and contacting the RIS server, the user is presented with a menu to select which RIS image to load. Sai Bala SubrahmanyamChapter Summary: Chapter Summary Preparing a server and domain entail configuring accounts and configuring client computers Before configuring accounts, consult with members of your organization about naming standards Set up account policies before configuring accounts Sai Bala SubrahmanyamChapter Summary: Chapter Summary After accounts are created, use the account properties capability to supplement or modify parameters for the accounts, such as time of day access restrictions Configure client computers to access Windows 2000 Server, such as installing DSClient Sai Bala SubrahmanyamChapter Summary: Chapter Summary Manage clients by setting up group policies or system policies Use RIS to install multiple Windows 2000 Professional clients in order to reduce your TCO Sai Bala Subrahmanyam You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
server administrator part 2 Network Monitor Driver and Network Moni baluglow Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 41 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: December 23, 2011 This Presentation is Public Favorites: 0 Presentation Description server administrator part 2 Network Monitor Driver and Network Moni by Sai Bala subrahmanyam Comments Posting comment... Premium member Presentation Transcript Network Monitor Driver and Network Monitor: Network Monitor Driver and Network Monitor Network Monitor Driver: Enables a Microsoft-based server or workstation NIC to gather network performance data for assessment by the Microsoft Network Monitor Network Monitor: A Windows NT and Windows 2000 network monitoring tool that can capture and display network performance data Sai Bala SubrahmanyamServer Activities to Monitor : Server Activities to Monitor Sai Bala Subrahmanyam Figure 15-1 Using Network Monitor Driver to gather network performance information on two separate networksInstalling Network Monitor Driver: Installing Network Monitor Driver To install Network Monitor Driver: Open the Network and Dial-Up Connections tool Right-click Local Area Connection Click Properties Click Install Double-click Protocol Double-click Network Monitor Driver Sai Bala SubrahmanyamInstalling Network Monitor Driver (continued): Installing Network Monitor Driver (continued) Sai Bala Subrahmanyam Figure 15-2 Installing Network Monitor DriverUsing Network Monitor: Using Network Monitor Network Monitor tracks information such as: Percent network utilization Frames and bytes transported per second Network station statistics Statistics captured for a specific interval of time Transmissions per second Sai Bala SubrahmanyamUsing Network Monitor (continued): Using Network Monitor (continued) Broadcast, unicast, and multicast information NIC statistics Error data Addresses of network stations Other network computers running Network Monitor and Network Monitor Driver Sai Bala SubrahmanyamInstalling Network Monitor : Installing Network Monitor The general steps to install Network Monitor are: Open the Add/Remove Programs tool Double-click the component, Management and Monitoring Tools Check Network Monitor Tools Sai Bala SubrahmanyamInstalling Network Monitor (continued) : Installing Network Monitor (continued) Sai Bala Subrahmanyam Figure 15-3 Installing Network Monitor toolsStarting Network Monitor : Starting Network Monitor The general steps for starting a capture session in network monitor are: Start Network Monitor from the Administrative Tools menu Select the network to monitor Click the Capture button to start capturing information Click the Stop Capture button to stop capturing information Sai Bala SubrahmanyamCapturing Network Data: Capturing Network Data Sai Bala Subrahmanyam Figure 15-4 Network Monitor capturing data Total pane Graph pane Session pane Station paneMonitoring Tip : Monitoring Tip As is true of other monitoring tools, Network Monitor can create an extra load on a server Sai Bala SubrahmanyamNetwork Monitor Display : Network Monitor Display Data captured in Network Monitor is displayed interactively in four window panes, but can be customized to show only one, two, or three panes Sai Bala SubrahmanyamNetwork Monitor Panes : Network Monitor Panes Sai Bala SubrahmanyamViewing a Line-by-Line Report: Viewing a Line-by-Line Report After data is captured, you can view a line-by-line capture summary report by clicking the Stop and View Capture button Sai Bala SubrahmanyamViewing a Line-by-Line Report : Viewing a Line-by-Line Report Sai Bala Subrahmanyam Figure 15-5 Viewing capture summary dataCapture Summary Window Information: Capture Summary Window Information Sai Bala Subrahmanyam Table 15-2 Capture Summary Window InformationCapture Summary Window Information (continued): Capture Summary Window Information (continued) Sai Bala SubrahmanyamFinding Specific Capture Summary Information: Finding Specific Capture Summary Information Use the Find button in the capture summary display to find specific information Sai Bala SubrahmanyamUsing Find: Using Find Sai Bala Subrahmanyam Figure 15-6 Finding Transmission Events Associated with Server LawyerMonitoring Filter : Monitoring Filter Network Monitor has a built-in ability to configure a filter Filter: A capacity in network monitoring software that enables a network or server administrator to view only designated protocols, network events, network nodes, or other specialized views of the network Sai Bala SubrahmanyamCreating a Filter: Creating a Filter To create a filter in network monitor: Click the Edit Capture Filter button and click OK Set the specific parameters by double-clicking any of: SAP/ETYPE, Address Pairs, and Pattern Matches Click OK Continue Capturing data Sai Bala SubrahmanyamSelecting Filter Options: Selecting Filter Options Sai Bala Subrahmanyam Figure 15-7 Creating a filterConfiguring SAPs and ETYPEs: Configuring SAPs and ETYPEs Sai Bala Subrahmanyam Figure 15-8 Selecting a protocol to capture in a filterSAP and ETYPE: SAP and ETYPE Server Access Point (SAP): A service access point, which specifies the network process that should accept a frame at the destination, such as TCP/IP Ethertype (ETYPE): A property of an Ethernet frame that includes a specialized two-byte code used for particular vendor functions Sai Bala SubrahmanyamCapture Trigger: Capture Trigger Besides filtering, Network Monitor supports using capture triggers Capture trigger: Used as a way to have Network Monitor perform a specific function when a predefined situation occurs, such as stopping a capture of network data when the capture buffer is 50% full Sai Bala SubrahmanyamSetting up a Trigger : Setting up a Trigger Sai Bala Subrahmanyam Figure 15-9 Setting up a triggerTroubleshooting Tip: Troubleshooting Tip Check the Graph pane for a quick assessment of performance statistics for: % Network Utilization Frames Per Second Bytes Per Second Broadcasts Per Second Multicasts Per Second Sai Bala SubrahmanyamDiagnosing Common Problems: Diagnosing Common Problems Use Network Monitor to diagnose problems such as: A NIC creating a broadcast storm Inefficient multimedia applications Problems with bridges, switches, and routers Problems with particular a workstation An overloaded server Sai Bala SubrahmanyamFinding a Broadcast Storm: Finding a Broadcast Storm A broadcast storm is a situation in which one or more devices, such as a failing NIC, are saturating the network with traffic Use the Network Monitor Broadcasts Per Second statistic to help determine if there is a broadcast storm and then check the Session and Station panes for the device(s) sending the broadcast(s) Sai Bala SubrahmanyamLocating Unauthorized Network Monitor Users: Locating Unauthorized Network Monitor Users Network Monitor can create problems when it is used by network intruders or unauthorized users You can view all of the Network Monitor users by clicking the Tools menu and then clicking Identify Network Monitor users Sai Bala SubrahmanyamViewing Network Monitor Users: Viewing Network Monitor Users Sai Bala Subrahmanyam Figure 15-10 Identifying all Network Monitor usersSNMP: SNMP The Simple Network Management Protocol (SNMP) is used to gather standardized network performance information and to control network devices Sai Bala SubrahmanyamSNMP Stations: SNMP Stations SNMP uses two kinds of network stations: Network Management Station (NMS): Monitors and manages devices configured with SNMP and collects information Agent: Any device configured for SNMP from which an NMS can collect data – SNMP agents include servers, workstations, routers, switches, and hubs Sai Bala SubrahmanyamMicrosoft Systems Compatible with SNMP: Microsoft Systems Compatible with SNMP The following systems can be managed through SNMP: Windows 2000 and NT servers Windows 2000 and NT workstations WINS servers DHCP servers IIS servers Microsoft RAS and IAS servers Sai Bala SubrahmanyamInstalling SNMP: Installing SNMP To install SNMP: Open the Add/Remove Programs tool Click Add/Remove Windows Components Double-click Management and Monitoring tools Check Simple Network Management Protocol and click OK Click Next and then click Finish Sai Bala SubrahmanyamConfiguring SNMP: Configuring SNMP After installing SNMP, configure one or more community names for security Community name: In SNMP communications, a password used by network agents and the network management station so that their communications cannot be easily intercepted by an unauthorized workstation or device Sai Bala SubrahmanyamConfiguring SNMP (continued): Configuring SNMP (continued) Sai Bala Subrahmanyam Figure 15-11 Configuring the community nameSNMP Trap: SNMP Trap SNMP enables you to configure a trap Trap: A specific situation or event detected by SNMP that a network administrator may want to be warned about or to track via a network management station, such as when a network device is unexpectedly down or offline Sai Bala SubrahmanyamTroubleshooting Tip: Troubleshooting Tip If a trap that you set does not work, make sure that the SNMP Trap Service is started and set to start automatically in Windows 2000 Server Sai Bala SubrahmanyamMonitoring a Network with System Monitor: Monitoring a Network with System Monitor System Monitor contains a wide range of objects for monitoring a network Some objects only appear in System Monitor if you have a particular protocol installed Sai Bala SubrahmanyamSystem Monitor Network Monitoring Objects: System Monitor Network Monitoring Objects Sai Bala Subrahmanyam Table 15-3 System Monitor Network Monitoring ObjectsSystem Monitor Network Monitoring Objects (continued): System Monitor Network Monitoring Objects (continued) Sai Bala SubrahmanyamSystem Monitor Network Monitoring Objects (continued): System Monitor Network Monitoring Objects (continued) Sai Bala SubrahmanyamSystem Monitor Network Monitoring Objects (continued): System Monitor Network Monitoring Objects (continued) Sai Bala SubrahmanyamMonitoring NICs, Servers, and Network Devices: Monitoring NICs, Servers, and Network Devices System Monitor can be used to monitor the NIC at the server to make sure that it is working properly System Monitor is also used to monitor for network problems at the server and between the server and network devices Sai Bala SubrahmanyamUsing System Monitor Objects to Monitor the NIC, Server, and Network Devices: Using System Monitor Objects to Monitor the NIC, Server, and Network Devices Sai Bala Subrahmanyam Table 15-4 Using System Monitor Objects and Counters to Monitor the NIC, Server, and Network DevicesUsing System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued): Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued) Sai Bala SubrahmanyamUsing System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued): Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor Protocols: Using System Monitor Objects and Counters to Monitor Protocols Sai Bala Subrahmanyam Table 15-5 Using System Monitor Objects and Counters to Monitor ProtocolsUsing System Monitor Objects and Counters to Monitor Protocols (continued): Using System Monitor Objects and Counters to Monitor Protocols (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor Server and Network Bottlenecks: Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecks Sai Bala Subrahmanyam Table 15-6 Using System Monitor Objects and Counters to Monitor Server and Network BottlenecksUsing System Monitor Objects and Counters to Monitor Server and Network Bottlenecks (continued): Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecks (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor a Web Server: Using System Monitor Objects and Counters to Monitor a Web Server Sai Bala Subrahmanyam Table 15-7 Using System Monitor Objects to Monitor a Web ServerUsing System Monitor Objects and Counters to Monitor a Web Server (continued): Using System Monitor Objects and Counters to Monitor a Web Server (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor a Web Server (continued): Using System Monitor Objects and Counters to Monitor a Web Server (continued) Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor SMTP Services: Using System Monitor Objects and Counters to Monitor SMTP Services Sai Bala SubrahmanyamUsing System Monitor Objects and Counters to Monitor SMTP Services (continued): Using System Monitor Objects and Counters to Monitor SMTP Services (continued) Sai Bala SubrahmanyamNetwork Tuning Tips: Network Tuning Tips Keep NIC drivers updated Replace slow NICs Tune the network access order Implement TCP/IP exclusively, if possible Purchase servers that are equipped to keep up with the server load Sai Bala SubrahmanyamNetwork Tuning Tips (continued): Network Tuning Tips (continued) Monitor for excessive BPDU broadcasts Monitor the network for saturation from broadcast storms Replace aging, slower network devices with newer, faster devices Use multimedia applications that support multicasting Upgrade bandwidth to match the load Sai Bala SubrahmanyamChapter Summary: Chapter Summary Monitoring a network is as important as monitoring a server Establish network benchmarks to help in preventing and diagnosing problems Install the Network Monitor Driver and Network Monitor together to enable network monitoring from Windows 2000 Server Sai Bala SubrahmanyamChapter Summary: Chapter Summary Install Microsoft SNMP service to take advantage of SNMP-based network management station monitoring Use the System Monitor’s network-related objects, counters, and instances for in-depth network monitoring, particularly of protocols Sai Bala SubrahmanyamChapter 8: Managing Accounts and Client Connectivity : Chapter 8: Managing Accounts and Client Connectivity Sai Bala SubrahmanyamLearning Objectives: Learning Objectives Establish account naming conventions Configure account security policies Create and manage accounts, including setting up a new account, configuring account properties, delegating account management, and renaming, disabling, and deleting an account Sai Bala SubrahmanyamLearning Objectives (continued): Learning Objectives (continued) Create local user profiles, roaming profiles, and mandatory profiles Configure client network operating systems to access Windows 2000 Server, and install client operating systems through Remote Installation Services Sai Bala SubrahmanyamAccount Policies: Account Policies Account policies: security measures set up in a group policy, such as for a domain or local computer Account policies particularly focus on: Password security Account lockout Kerberos security Use the Group Policy MMC snap-in to set up account policies Sai Bala SubrahmanyamSetting Account Policies: Setting Account Policies Sai Bala Subrahmanyam Figure 8-1 Account policiesPassword Policy Options: Password Policy Options Enforce password history : Enables you to require users to choose new passwords when they make a password change, because the system can remember the previously used passwords Maximum password age : Permits you to set the maximum time allowed until a password expires Minimum password age : Permits you to specify that a password must be used a minimum amount of time before it can be changed Sai Bala SubrahmanyamPassword Policy Options (continued): Password Policy Options (continued) Minimum password length : Enables you to require that passwords are a minimum length Passwords must meet complexity requirements : Requires passwords to be complex (use upper and lowercase letters, numbers and special characters; cannot contain the user name, etc.) Sai Bala SubrahmanyamAccount Lockout Policy Options: Account Lockout Policy Options Account lockout duration : Permits you to specify in minutes how long the system will keep an account locked out after reaching the specified number of unsuccessful log on attempts Account lockout threshold : Enables you to set a limit to the number of unsuccessful tries to log onto an account Sai Bala SubrahmanyamAccount Lockout Policy Options (continued): Account Lockout Policy Options (continued) Reset account lockout count after : Enables you to specify the number of minutes between two consecutive unsuccessful logon attempts to make sure that the account will not be locked out too soon Sai Bala SubrahmanyamKerberos Policy Options : Kerberos Policy Options Enforce user logon restrictions : Turns on Kerberos security, which is the default Maximum lifetime for a service ticket : Determines the maximum amount of time in minutes that a service ticket can be used to continually access a particular service in one service session Maximum lifetime for a user ticket : Determines the maximum amount of time in hours that a ticket can be used in one continuous session for access to a computer or domain Sai Bala SubrahmanyamCreating Accounts: Creating Accounts On a member server (not a domain controller) use the Local Users and Groups MMC snap-in to create accounts On a domain controller, use the Active Directory Users and Computers MMC snap-in to create accounts in the domain. Sai Bala SubrahmanyamCreating an OU: Creating an OU To create an OU: Click the container in which to create the OU, such as the domain or another OU Click the Create a new organizational unit in the current container button Enter the name of the OU Click OK Sai Bala SubrahmanyamDelegating Authority in an OU: Delegating Authority in an OU To delegate authority: Right-click the OU and click Delegate control Click Next after the wizard starts Click the Add button and specify the accounts, groups, or computers to have the control Click OK and click Next Select the tasks to delegate and click Next Click Finish Sai Bala SubrahmanyamDelegation of Control Options: Delegation of Control Options Sai Bala SubrahmanyamUsing Find to Locate an Account: Using Find to Locate an Account To locate a particular account in order to maintain it: Right-click the domain Click Find Enter the username or the account holder’s name Click Find Now Sai Bala SubrahmanyamAccount Maintenance Activities: Account Maintenance Activities Typical account maintenance activities include: Disabling an account, such as when a user takes a leave of absence Enabling an account, such as when a user returns Renaming an account, such as when one user leaves and another user is hired into the same position Moving an account, such as into a different OU Sai Bala SubrahmanyamAccount Maintenance Activities (continued): Account Maintenance Activities (continued) Typical account maintenance activities include (continued): Deleting an account, such as when a user leaves the organization and there will be no replacement Resetting a password for users who do not remember theirs Account auditing to track certain kinds of activity performed by an account holder Sai Bala SubrahmanyamSample Events that Can be Audited for an Account: Sample Events that Can be Audited for an Account Logon and logoff activity Account modifications through account management tools Accesses to files and other objects (for files, folders, and objects that are set up to be audited) Sai Bala SubrahmanyamTroubleshooting Tip: Troubleshooting Tip Management will usually want to audit EVERYTHING Use account auditing sparingly because every audited event is written to the Security log. A server can be overloaded by devoting too much of its resources to auditing. Sai Bala SubrahmanyamUser Profiles: User Profiles What is a profile? Windows maintains a group of settings for each individual user that logs into the system. This group of settings is known as a user “profile” What is included in a profile? Most anything that users may wish to set independently from other users (favorites, desktop wallpaper, email settings, web browser home page, etc.) Sai Bala SubrahmanyamUser Profiles: User Profiles Where are profiles stored? Under the “Documents and Settings” folder on the boot partition. Each time a new user logs in, a new profile is created for them based on the “Default” user profile. Sai Bala SubrahmanyamLocal vs. Roaming User Profile: Local vs. Roaming User Profile Local user profile: a user profile that is stored locally on the boot partition under “Documents and Settings”. Since the profile is local, it will only work on the machine on which it is created. Roaming user profile: a user profile that is copied to a network server so that it can be downloaded to each workstation where the user logs on. This allows the profile to “roam” with the user. Sai Bala SubrahmanyamMandatory User Profile: Mandatory User Profile Mandatory User Profile: A user profile set up by the server administrator that is loaded from the server to the client each time the user logs on. Changes that the user makes to the profile are not saved. Used to lock down the desktop and prevent users from customizing it. Sai Bala SubrahmanyamAssociating a Profile with an Account: Associating a Profile with an Account Sai Bala Subrahmanyam Figure 8-9 Setting a roaming profile in an account’s propertiesActive Directory Support for Non-Windows 2000 Clients: Active Directory Support for Non-Windows 2000 Clients Plan to install Directory Service Client (DSClient) on Windows 95 and Windows 98 clients DSClient enables non-Windows 2000 Clients for: Kerberos authentication Ability to view and search objects published in the Windows 2000 Active Directory Access a Windows 2000 Distributed File System The Directory Service client can be found on the Windows 2000 Server CD-ROM Sai Bala SubrahmanyamSetting Up Client Desktops Using Group Policy and Security Policy: Setting Up Client Desktops Using Group Policy and Security Policy Use the Group Policy snap-in to set up group policies that govern clients Group Policy can only be applied to Windows 2000 or later clients. The System Policy Editor (Poledit.exe) can be used to configure system policies for Windows NT and Win9x. Sai Bala SubrahmanyamRemote Installation Services: Remote Installation Services Remote Installation Services (RIS): Services installed on a Windows 2000 Server that enable you to remotely install Windows 2000 Professional on one or more client computers Sai Bala SubrahmanyamRIS Pre-Installation Steps: RIS Pre-Installation Steps Purchase the appropriate number of Windows 2000 Professional licenses Make sure the Active Directory is implemented and that there are DHCP and DNS servers on the network Create a Windows 2000 Professional operating system image on a standard PC Create user accounts for the Windows 2000 Professional clients (called pre-staging the clients). This prevents unauthorized users from using Windows 2000 licenses. Sai Bala SubrahmanyamRIS Installation Steps: RIS Installation Steps Installing RIS is a two stage process: First install RIS using the Control Panel Add/Remove Programs tool Configure RIS from the Add/Remove Programs tool Sai Bala SubrahmanyamInstalling RIS on the Client: Installing RIS on the Client Install in one of two ways: Using a computer that has a boot-enabled PXE compliant NIC Creating a remote boot disk Both methods use the Preboot eXecution Environment (PXE):Services that enable a prospective client to obtain an IP address and to connect to a RIS server in order to install Windows 2000 Professional Sai Bala SubrahmanyamInstalling RIS on the Client: Installing RIS on the Client After booting and contacting the RIS server, the user is presented with a menu to select which RIS image to load. Sai Bala SubrahmanyamChapter Summary: Chapter Summary Preparing a server and domain entail configuring accounts and configuring client computers Before configuring accounts, consult with members of your organization about naming standards Set up account policies before configuring accounts Sai Bala SubrahmanyamChapter Summary: Chapter Summary After accounts are created, use the account properties capability to supplement or modify parameters for the accounts, such as time of day access restrictions Configure client computers to access Windows 2000 Server, such as installing DSClient Sai Bala SubrahmanyamChapter Summary: Chapter Summary Manage clients by setting up group policies or system policies Use RIS to install multiple Windows 2000 Professional clients in order to reduce your TCO Sai Bala Subrahmanyam