Tài liệu Module 1: Introduction to Windows 2000 Administration pdf

Introduction This module provides students with an overview of a Microsoft® Windows® 2000 network, the basic resources that it provides file, print, and Web, and the directory service in

Contents

Overview 1

Introduction to Network Administration 2

Managing Access to Network Resources 10

Introduction to Windows 2000 Domains 13

Review 19

This course is a prerelease course and is based on

Microsoft Windows 2000 Beta 3 software Content in the

final release of the course may be different than the content

included in this prerelease version All labs in the course

are to be completed using the Beta 3 version of

Microsoft Windows 2000 Advanced Server

Module 1: Introduction

to Windows 2000 Administration

products, people, characters, and/or data mentioned herein are fictitious and are in no way intended

to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 1999 Microsoft Corporation All rights reserved

Microsoft, MS-DOS, MS, Windows, Active Directory, PowerPoint, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted

Other product and company names mentioned herein may be the trademarks of their respective owners

Project Lead/Senior Instructional Designer: Red Johnston

Instructional Designers: Tom de Rose (S&T OnSite), Meera Krishna (NIIT (USA) Inc.) Program Manager: Jim Cochran (Volt Computer)

Lab Simulations Developers: David Carlile (ArtSource), Tammy Stockton (Write Stuff) Technical Contributor: Kim Ralls

Graphic Artist: Julie Stone (Independent Contractor)

Editing Manager: Tina Tsiakalis

Editors: Wendy Cleary (S&T OnSite), Diana George (S&T OnSite)

Online Program Manager: Nikki McCormick

Online Support: Tammy Stockton (Write Stuff)

Compact Disc Testing: ST Labs

Production Support: Rob Heiret, Ismael Marrero, Mary Gutierrez (Wasser)

Manufacturing Manager: Bo Galford

Manufacturing Support: Mimi Dukes (S&T OnSite)

Lead Project Manager, Development Services: Elaine Nuerenberg

Lead Product Manager: Sandy Alto

Group Product Manager: Robert Stewart

Introduction

This module provides students with an overview of a Microsoft® Windows® 2000 network, the basic resources that it provides (file, print, and Web), and the directory service infrastructure (user accounts, permissions, and authentication) that provides and controls user access to these resources The module

introduces Windows 2000 domains, the roles of computers in a domain, and Active Directory™ directory service It also discusses Windows 2000 Help as a source of additional information for students At the end of this module, students will be able to describe how Windows 2000 enables users to access network resources and how administrators manage user access

Materials and Preparation

This section provides you with the materials and preparation needed to teach this module

Materials

To teach this module, you need the following materials:

Preparation

To prepare for this module, you should:

information in Windows 2000 Help

provide answers to them

Presentation:

60 Minutes

Lab:

0 Minutes

Module Strategy

Use the following strategy to present this module:

Identify the ways in which Windows 2000 enables users to gain access to network resources, and network administrators to manage user access

Introduce the way that Windows 2000 enables users to gain access to network resources Describe how user accounts enable users to gain access

to network resources Introduce the Windows 2000 authentication process Show the information that users must provide when they log on to

Windows 2000 Have students log on to their computers Introduce

the Windows 2000 security dialog box Demonstrate accessing each

option in the dialog box

Classroom computers for this course are configured as indicated in the following illustration They are configured in this way so that this course is consistent with other Microsoft Official Curriculum (MOC) courses

You may need to explain the classroom configuration to students in order to:

be used in the labs

Students’ actions may affect their partners

working on labs

As you describe this classroom configuration, sketch it out on the board

The instructor’s computer, london, is in the top-level domain, nwtraders.msft The name for the instructor’s computer is london.nwtraders.msft Each student’s computer is in a subdomain of the instructor’s domain For example, one student computer, vancouver, is in the namerica.nwtraders.msft domain The name for the student’s computer

is vancouver.namerica.nwtraders.msft

vancouver.namerica1.nwtraders.msft Student computer

There are two computers in each subdomain Each student is paired with another student in a domain For example, vancouver is paired with denver

in the namerica1 domain, and lisbon and bonn are paired in the europe1 domain

Show students where to find their computer names Tell them to right-click

My Computer, click Properties, and then click Network Identification

When they have identified their computers, have them write their computer names and domain names on the back of their name cards for quick reference They will need to know their computer names and domain names when they are working on labs Students will be working only in their own subdomains during this class Therefore, anytime that they are logged on to the computer, they should be in their subdomains

Introduce managing access to resources for users and groups Identify how administrators use permissions in Windows 2000 to control user access to network resources Identify how students can use groups to efficiently manage user accounts

Provide an overview of Windows 2000 domains Explain how Windows 2000 centralizes network administration Describe the roles of computers in a domain Present an overview of the key functions of Active Directory Mention to students that they can obtain additional information about Active Directory by viewing the video, “Concepts of Windows 2000 Active Directory” on the Student Materials compact disc

You should not present this video in class because it covers topics that are beyond the scope of this course Tell students that they also can learn more

about Active Directory in course 1557, Installing and Configuring Microsoft Windows 2000

Introduce students to Windows 2000 Help Demonstrate how to locate and access information in Windows 2000 Help Explain and demonstrate how Help is context-sensitive Demonstrate Help by accessing it while using Microsoft Internet Explorer

Customization Information

This section identifies the lab setup requirements for a module and the configuration changes that occur on the student computers during the performance of the labs in a module This information is provided to assist you

in replicating or customizing a module with other MOC courses and modules

This module does not include any labs, and as a result, there are no lab requirements for replication or customization

Overview

! Introduction to Network Administration

! Gaining Access to Network Resources

! Managing Access to Network Resources

! Introduction to Windows 2000 Domains

! Using Windows 2000 Help

As administrator of a network, you provide users with access to the network, and you control the kind of access that each user has to resources on the network You create user accounts and assign permissions for users to gain access to resources such as printers, applications, and data files You manage user accounts by creating groups, putting users into groups, and then assigning permissions to groups

In most situations, the network that you administer is a domain A domain is a grouping of computers that can share resources In addition, information about users and network resources is centrally organized in Active Directory™

directory services

When you perform an administrative task, you may need additional information about the task You will find useful information in Microsoft® Windows® 2000 Help

At the end of this module, you will be able to:

network

manage user access to network resources

computers in a domain, and how Active Directory provides a unified source of information and directory functions

Introduction to Network Administration

Sales Group

Shared Resources

Shared Resources

Administering User Accounts

User accounts enable individual users to gain access to network resources A user account is the user’s unique credential that is recognized by the network You create user accounts for each person who regularly uses the network A user account provides the ability to log on to the domain to gain access to network resources, or to log on to an individual computer to gain access to resources on that computer The process of logging on identifies the user to the system As an administrator, you assign and maintain user names and

passwords for each user account

Assigning Permissions to Users

You control user access to network resources Not all users need access to all network resources Windows 2000 provides the administrative tools for you to control access and maintain security for network resources Windows 2000

tools enable you to control who gains access to specific resources, and to specify the kind of access that each user has As an administrator, you assign

permissions to control access to resources

Windows 2000 enables you

to administer users and

network resources

Administering Groups of User Accounts

In networks with many user accounts and many resources, administration can

be time consuming Windows 2000 provides you with the ability to manage individual user accounts efficiently by organizing them into logical groups This simplifies administration by allowing you to group users who have the same administrative needs and then assign appropriate permissions to each group You assign permissions once to an entire group instead of assigning them to each user account

Administering Domains

A domain is a logical grouping of computers After you create a user account, the user logs on to the domain and has access to the resources for which you have given him or her permissions on the domain Generally, a domain is the most common network configuration that you will administer

Using Active Directory to Manage Resources

Active Directory is the directory service for Windows 2000 It is stored on a domain controller Active Directory contains information about users and resources on the network and makes this information easy for you to find and use For example, Active Directory stores information about user accounts, such as names, passwords, phone numbers, and so on, and provides you with tools to gain access to this information

# Gaining Access to Network Resources

! User Accounts in Windows 2000

! Windows 2000 Authentication Process

! Logging On to Windows 2000

! Windows 2000 Security Dialog Box

User accounts enable users to gain access to network resources To gain access

to network resources, users must be validated through the logon process A user

types the necessary logon information in the Log On to Windows dialog box

Windows 2000 authenticates a user during the logon process to verify the identity of the user This mandatory process ensures that only valid users gain access to resources on a computer or the network Logging on provides the user with access to everything on the network for which the user has permission

Users can log on to a domain or to a local computer The domain controller or the computer to which users log on authenticates the users

The Windows 2000 Security dialog box enables users to lock their

workstations, change their passwords, and perform additional actions

Users must have a user

account to gain access to a

Windows 2000 network

Delivery Tip

This is an overview of

gaining access to network

resources Prepare students

for the topics by providing

the following key points of

The authentication process

insures that only valid users

have access to network

resources

Users log on to a network by

using the Log On to

Windows dialog box

The Windows 2000

Security dialog box enables

users to lock their

workstations and change

their passwords

User Accounts in Windows 2000

Domain User Accounts

A domain user account contains information that defines a user to the domain

In Windows 2000, all user account information for the domain is stored in one common location called Active Directory Active Directory is stored on a domain controller With a single domain user account, a user can log on to the domain and gain access to domain resources on any computer on the network

Local User Accounts

A local user account contains information that defines a user to the local computer With a local user account, a user can log on to the local computer only and gain access to local resources only To gain access to resources on another computer, a user must use an account on the other computer

user account contains

information about the user

Instructor Note

Be sure that students

understand the difference

between domain and local

user accounts You may

need to provide a brief

explanation of the terms

Windows 2000 Authentication Process

! Provides User Identity and Security Settings

! Enables a User to Gain Access to Resources and Perform System Tasks Logging on Locally

Local Security Database

1 The user logs on by providing a user logon name and a password

Windows 2000 validates the user’s information in one of two ways, depending on whether the user is logging on to a domain or to a local computer:

• For logging on to a domain—Windows 2000 forwards the information

3 If the information matches and the user account is valid, the user is then able

to gain access to resources and perform system tasks for which he or she has the permissions and privileges

authentication process that

ensures that only valid users

have access to network or

computer resources

Key Points

When a user logs on to a

domain, the domain

controller authenticates the

user by using information in

Active Directory

When a user logs on to a

local computer, the

computer authenticates the

user by using information in

the local security database

When a computer running Windows 2000 starts, the user is prompted to press

CTRL+ALT+DEL to log on Windows 2000 then displays the Log On to

Windows dialog box A user can log on to a domain or to an individual

computer

Logging On to a Domain

When a user logs on to a domain:

the user on to the default domain The default domain is the most recent domain to which a user logged on at that computer

user is able to use the Log on to option to specify a domain This allows a

user to log on to the domain that contains his or her user account from a computer that is located in a different domain, or to log on locally to a member server or a computer running Windows 2000 Professional

The following table describes the options in the Log On to Windows

dialog box

Option Description User name A unique user logon name that an administrator assigns To log on to

a domain, this user account must reside in Active Directory

Password The password that is assigned to the user account A user must enter a

password to prove his or her identity

Passwords are case sensitive The password appears on the screen as a series of asterisks (*) to protect it from onlookers To prevent

unauthorized access to resources and data, users must keep passwords secret

Slide Objective

To show the information

that users must provide

when they log on to

Windows 2000

Lead-in

Let’s look at the information

that users must provide

when they log on to

Windows 2000

Delivery Tips

Display the Log On to

Windows dialog box

Reference this slide as you

discuss the options in the

dialog box that the following

table presents

Have students log on to

their computers Tell them to

type administrator for the

user name, and password

as the password