Tài liệu Module 1: Introduction to Windows 2000 Administration pdf

26 403 0
Tài liệu Module 1: Introduction to Windows 2000 Administration pdf

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

Module 1: Introduction to Windows 2000 Administration Contents Overview Introduction to Network Administration Gaining Access to Network Resources Managing Access to Network Resources 10 Introduction to Windows 2000 Domains 13 Using Windows 2000 Help 18 Review 19 This course is a prerelease course and is based on Microsoft Windows 2000 Beta software Content in the final release of the course may be different than the content included in this prerelease version All labs in the course are to be completed using the Beta version of Microsoft Windows 2000 Advanced Server Information in this document is subject to change without notice The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property  1999 Microsoft Corporation All rights reserved Microsoft, MS-DOS, MS, Windows, Active Directory, PowerPoint, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted Other product and company names mentioned herein may be the trademarks of their respective owners Project Lead/Senior Instructional Designer: Red Johnston Instructional Designers: Tom de Rose (S&T OnSite), Meera Krishna (NIIT (USA) Inc.) Program Manager: Jim Cochran (Volt Computer) Lab Simulations Developers: David Carlile (ArtSource), Tammy Stockton (Write Stuff) Technical Contributor: Kim Ralls Graphic Artist: Julie Stone (Independent Contractor) Editing Manager: Tina Tsiakalis Editors: Wendy Cleary (S&T OnSite), Diana George (S&T OnSite) Online Program Manager: Nikki McCormick Online Support: Tammy Stockton (Write Stuff) Compact Disc Testing: ST Labs Production Support: Rob Heiret, Ismael Marrero, Mary Gutierrez (Wasser) Manufacturing Manager: Bo Galford Manufacturing Support: Mimi Dukes (S&T OnSite) Lead Project Manager, Development Services: Elaine Nuerenberg Lead Product Manager: Sandy Alto Group Product Manager: Robert Stewart Module 1: Introduction to Windows 2000 Administration iii Introduction Presentation: 60 Minutes Lab: Minutes This module provides students with an overview of a Microsoft® Windows® 2000 network, the basic resources that it provides (file, print, and Web), and the directory service infrastructure (user accounts, permissions, and authentication) that provides and controls user access to these resources The module introduces Windows 2000 domains, the roles of computers in a domain, and Active Directory™ directory service It also discusses Windows 2000 Help as a source of additional information for students At the end of this module, students will be able to describe how Windows 2000 enables users to access network resources and how administrators manage user access Materials and Preparation This section provides you with the materials and preparation needed to teach this module Materials To teach this module, you need the following materials: !" Microsoft PowerPoint® file 1556A_01.ppt !" Module 1, “Introduction to Windows 2000 Administration” Preparation To prepare for this module, you should: !" Read all the materials for this module !" Review the Delivery Tips and Key Points for each section and topic !" Prepare to lead students through the processes of logging on and accessing information in Windows 2000 Help !" Study the review questions and prepare alternative answers for discussion !" Anticipate questions that students may ask Write out the questions and provide answers to them iv Module 1: Introduction to Windows 2000 Administration Module Strategy Use the following strategy to present this module: !" Introduction to Network Administration Identify the ways in which Windows 2000 enables users to gain access to network resources, and network administrators to manage user access !" Gaining Access to Network Resources Introduce the way that Windows 2000 enables users to gain access to network resources Describe how user accounts enable users to gain access to network resources Introduce the Windows 2000 authentication process Show the information that users must provide when they log on to Windows 2000 Have students log on to their computers Introduce the Windows 2000 security dialog box Demonstrate accessing each option in the dialog box Classroom computers for this course are configured as indicated in the following illustration They are configured in this way so that this course is consistent with other Microsoft Official Curriculum (MOC) courses You may need to explain the classroom configuration to students in order to: !" Provide students with a basis for understanding the naming scheme that will be used in the labs !" Explain that when working on labs, each student works with a partner Students’ actions may affect their partners !" Emphasize the domain and computer names that students should use when working on labs As you describe this classroom configuration, sketch it out on the board Module 1: Introduction to Windows 2000 Administration The instructor’s computer, london, is in the top-level domain, nwtraders.msft The name for the instructor’s computer is london.nwtraders.msft Each student’s computer is in a subdomain of the instructor’s domain For example, one student computer, vancouver, is in the namerica.nwtraders.msft domain The name for the student’s computer is vancouver.namerica.nwtraders.msft vancouver.namerica1.nwtraders.msft Student computer namerica1.nwtraders.msft Student subdomain london.nwtraders.msft Instructor computer nwtraders.msft Instructor domain There are two computers in each subdomain Each student is paired with another student in a domain For example, vancouver is paired with denver in the namerica1 domain, and lisbon and bonn are paired in the europe1 domain Show students where to find their computer names Tell them to right-click My Computer, click Properties, and then click Network Identification When they have identified their computers, have them write their computer names and domain names on the back of their name cards for quick reference They will need to know their computer names and domain names when they are working on labs Students will be working only in their own subdomains during this class Therefore, anytime that they are logged on to the computer, they should be in their subdomains !" Managing Access to Network Resources Introduce managing access to resources for users and groups Identify how administrators use permissions in Windows 2000 to control user access to network resources Identify how students can use groups to efficiently manage user accounts !" Introduction to Windows 2000 Domains Provide an overview of Windows 2000 domains Explain how Windows 2000 centralizes network administration Describe the roles of computers in a domain Present an overview of the key functions of Active Directory Mention to students that they can obtain additional information about Active Directory by viewing the video, “Concepts of Windows 2000 Active Directory” on the Student Materials compact disc You should not present this video in class because it covers topics that are beyond the scope of this course Tell students that they also can learn more about Active Directory in course 1557, Installing and Configuring Microsoft Windows 2000 !" Using Windows 2000 Help Introduce students to Windows 2000 Help Demonstrate how to locate and access information in Windows 2000 Help Explain and demonstrate how Help is context-sensitive Demonstrate Help by accessing it while using Microsoft Internet Explorer v vi Module 1: Introduction to Windows 2000 Administration Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on the student computers during the performance of the labs in a module This information is provided to assist you in replicating or customizing a module with other MOC courses and modules This module does not include any labs, and as a result, there are no lab requirements for replication or customization Module 1: Introduction to Windows 2000 Administration Overview Slide Objective To provide an overview of the module topics and objectives Lead-in This module will introduce you to Windows 2000 administration on a single domain network This module provides a foundation for the rest of the course ! Introduction to Network Administration ! Gaining Access to Network Resources ! Managing Access to Network Resources ! Introduction to Windows 2000 Domains ! Using Windows 2000 Help As administrator of a network, you provide users with access to the network, and you control the kind of access that each user has to resources on the network You create user accounts and assign permissions for users to gain access to resources such as printers, applications, and data files You manage user accounts by creating groups, putting users into groups, and then assigning permissions to groups In most situations, the network that you administer is a domain A domain is a grouping of computers that can share resources In addition, information about users and network resources is centrally organized in Active Directory™ directory services When you perform an administrative task, you may need additional information about the task You will find useful information in Microsoft® Windows® 2000 Help At the end of this module, you will be able to: !" Describe how users gain access to resources in a Windows 2000 network !" Describe how users gain access to resources and data in a Windows 2000 network !" Describe how you use permissions and groups in Windows 2000 to manage user access to network resources !" Identify the key characteristics of Windows 2000 domains, the roles of computers in a domain, and how Active Directory provides a unified source of information and directory functions !" Use Windows 2000 Help to find information Module 1: Introduction to Windows 2000 Administration Introduction to Network Administration Slide Objective To identify the ways in which Windows 2000 enables users to gain access to network resources Active Active Directory Directory Lead-in Windows 2000 enables you to administer users and network resources Access Access User User 11 Shared Shared Resources Resources Sales Group User User 22 User User 33 Windows 2000 enables users to gain access to network resources It provides you with the tools and services to administer the network Administering Networks Computer networks let users share resources and exchange information As an administrator, you set up and control the access that users have to network resources For example, you enable users to gain access to shared file resources and printers Administering User Accounts User accounts enable individual users to gain access to network resources A user account is the user’s unique credential that is recognized by the network You create user accounts for each person who regularly uses the network A user account provides the ability to log on to the domain to gain access to network resources, or to log on to an individual computer to gain access to resources on that computer The process of logging on identifies the user to the system As an administrator, you assign and maintain user names and passwords for each user account Assigning Permissions to Users You control user access to network resources Not all users need access to all network resources Windows 2000 provides the administrative tools for you to control access and maintain security for network resources Windows 2000 tools enable you to control who gains access to specific resources, and to specify the kind of access that each user has As an administrator, you assign permissions to control access to resources Module 1: Introduction to Windows 2000 Administration Administering Groups of User Accounts In networks with many user accounts and many resources, administration can be time consuming Windows 2000 provides you with the ability to manage individual user accounts efficiently by organizing them into logical groups This simplifies administration by allowing you to group users who have the same administrative needs and then assign appropriate permissions to each group You assign permissions once to an entire group instead of assigning them to each user account Administering Domains A domain is a logical grouping of computers After you create a user account, the user logs on to the domain and has access to the resources for which you have given him or her permissions on the domain Generally, a domain is the most common network configuration that you will administer Using Active Directory to Manage Resources Active Directory is the directory service for Windows 2000 It is stored on a domain controller Active Directory contains information about users and resources on the network and makes this information easy for you to find and use For example, Active Directory stores information about user accounts, such as names, passwords, phone numbers, and so on, and provides you with tools to gain access to this information Module 1: Introduction to Windows 2000 Administration # Gaining Access to Network Resources Slide Objective To introduce administering access to network resources Lead-in Users must have a user account to gain access to a Windows 2000 network Delivery Tip This is an overview of gaining access to network resources Prepare students for the topics by providing the following key points of information Key Points User accounts enable users to log on to a computer or domain The authentication process insures that only valid users have access to network resources Users log on to a network by using the Log On to Windows dialog box The Windows 2000 Security dialog box enables users to lock their workstations and change their passwords ! User Accounts in Windows 2000 ! Windows 2000 Authentication Process ! Logging On to Windows 2000 ! Windows 2000 Security Dialog Box User accounts enable users to gain access to network resources To gain access to network resources, users must be validated through the logon process A user types the necessary logon information in the Log On to Windows dialog box Windows 2000 authenticates a user during the logon process to verify the identity of the user This mandatory process ensures that only valid users gain access to resources on a computer or the network Logging on provides the user with access to everything on the network for which the user has permission Users can log on to a domain or to a local computer The domain controller or the computer to which users log on authenticates the users The Windows 2000 Security dialog box enables users to lock their workstations, change their passwords, and perform additional actions Module 1: Introduction to Windows 2000 Administration Windows 2000 Authentication Process Slide Objective To introduce the Windows 2000 authentication process Domain Controller Active Directory Logs Logs On On Lead-in Windows 2000 provides an authentication process that ensures that only valid users have access to network or computer resources ! ! Key Points When a user logs on to a domain, the domain controller authenticates the user by using information in Active Directory When a user logs on to a local computer, the computer authenticates the user by using information in the local security database Domain Logging Logging on on to to aa Domain Domain Provides User Identity and Security Settings Enables a User to Gain Access to Resources and Perform System Tasks Logs Logs On On Local Security Database Logging Logging on on Locally Locally Users can log on to a domain or a local computer The way in which a user account is authenticated is different on a domain than it is on a local computer The authentication process is as follows: The user logs on by providing a user logon name and a password Windows 2000 validates the user’s information in one of two ways, depending on whether the user is logging on to a domain or to a local computer: • For logging on to a domain—Windows 2000 forwards the information to a domain controller • For logging on to a local computer—Windows 2000 validates the information on the local computer The computer compares the logon information with user information that is stored in the appropriate directory: • For logging on to a domain—the domain controller compares the logon information with the user information in Active Directory • For logging on locally—the computer compares the logon information with the user information in the local security database If the information matches and the user account is valid, the user is then able to gain access to resources and perform system tasks for which he or she has the permissions and privileges Module 1: Introduction to Windows 2000 Administration Logging On to Windows 2000 Slide Objective To show the information that users must provide when they log on to Windows 2000 Log On to Windows Lead-in Let’s look at the information that users must provide when they log on to Windows 2000 User User Name Name Password Password Administrator ******** OK Delivery Tips Display the Log On to Windows dialog box Reference this slide as you discuss the options in the dialog box that the following table presents Have students log on to their computers Tell them to type administrator for the user name, and password as the password Cancel Options> Options Options When a computer running Windows 2000 starts, the user is prompted to press CTRL+ALT+DEL to log on Windows 2000 then displays the Log On to Windows dialog box A user can log on to a domain or to an individual computer Logging On to a Domain When a user logs on to a domain: !" By default, the user does not have to specify a domain Windows 2000 logs the user on to the default domain The default domain is the most recent domain to which a user logged on at that computer !" By clicking the Options button in the Log On to Windows dialog box, the user is able to use the Log on to option to specify a domain This allows a user to log on to the domain that contains his or her user account from a computer that is located in a different domain, or to log on locally to a member server or a computer running Windows 2000 Professional The following table describes the options in the Log On to Windows dialog box Option Description User name A unique user logon name that an administrator assigns To log on to a domain, this user account must reside in Active Directory Password The password that is assigned to the user account A user must enter a password to prove his or her identity Passwords are case sensitive The password appears on the screen as a series of asterisks (*) to protect it from onlookers To prevent unauthorized access to resources and data, users must keep passwords secret Module 1: Introduction to Windows 2000 Administration (continued) Option Description Log on to Determines whether a user logs on to a domain or logs on locally A user can choose one of the following: Domain name: The name of the domain in which his or her user account resides Computer name: The name of the computer to which the user is logging on (a user cannot log on to a domain controller) Log on using dial-up connection Permits a user to connect to a server in the domain by using a dial-up network connection Dial-Up Networking allows a user to log on and perform work from a remote location (Dial-Up Networking must be installed.) Shutdown Closes all files, saves all operating system data, and prepares the computer so that a user can safely turn it off On a computer running Windows 2000 Server, the Shutdown button is not active This prevents an unauthorized user from using this dialog box to shut down the server To shut down a server, a user must be able to log on to it Logging On Locally A user can log on locally to: !" A computer running Windows 2000 Professional or a member server participating in a domain The user selects the computer name in the Log on to box in the Log On to Windows dialog box A user who logs on locally will not have access to network resources !" A computer that is not part of a domain Note Domain controllers not maintain a local security database Therefore, local user accounts are not available on domain controllers In both situations, a user must provide the following logon information that matches the user’s information in the local security database: !" A unique logon name !" A password Module 1: Introduction to Windows 2000 Administration Windows 2000 Security Dialog Box Ctrl Slide Objective To introduce the Windows 2000 Security dialog box Alt Delete Windows 2000 Security Lead-in The Windows 2000 Security dialog box provides access to security options and other tasks Logon Information Logon Logon Information Information You are logged on as Domain_name\Administrator Logon Date: 9/18/98 Use the Task Manager to close an application that is not responding Log Off Shutdown Lock Workstation Change Password Delivery Tip Demonstrate accessing the options in the Windows 2000 Security dialog box Be sure that you click Change Password You may want to have students access the Security dialog box on their computers This is where a user can determine the user logon name under which he or she is logged on, as well as what he or she is logged on to (a domain or local computer) Cancel Any time that a user is logged on, he or she can press CTRL+ALT+DEL to obtain the Windows 2000 Security dialog box This dialog box provides logon information: It specifies the domain or computer to which the user is logged on and the user account that was used to log on This is important for users with multiple user accounts, such as an administrator who has both a regular user account and an administrator account The following table describes the Windows 2000 Security dialog box options Option Description Lock Workstation Secures the computer without a user having to log off All applications remain running The user who locks the computer must unlock it by entering the valid password An administrator can unlock a locked computer, thereby logging off the current user Change Password Changes the user account password The user must know the old password to create a new one This is the only way for a user to change his or her password Log Off Logs off the current user and closes all applications but leaves Windows 2000 running Network users can still make a connection to and use shared resources on the computer Task Manager Provides a list of current applications that are running Provides a view of how each application, application component, or system process is using the CPU and memory resources You can use Task Manager to switch between applications and to stop an application that does not respond Shutdown Closes all applications, saves all operating system data, and prepares the computer so that it can be safely turned off Cancel Closes the Windows 2000 Security dialog box Key Points This is the only place that a user can change his or her password Task Manager 10 Module 1: Introduction to Windows 2000 Administration # Managing Access to Network Resources Slide Objective To introduce managing access to resources Lead-in Users will need access to resources You administer the resources to which they have access Delivery Tip This is an overview of managing access to resources Prepare students for the topics by providing the following key points of information Key Points You assign permission to provide users with access to resources To simplify administration of user accounts, you add users to groups and assign permissions to groups ! Assigning Permissions to Gain Access to Resources ! Using Groups to Manage User Accounts You administer access to resources for users and groups You identify the resources that users need—printers, files, and applications Then you assign permissions to user accounts and groups to make the resources available to them On computers running Windows 2000, users cannot gain access to network resources unless they have been assigned permissions Many users will require access to the same resources It is very time consuming to assign permissions to individual users To simplify administration of user accounts, add users to groups according to administrative needs Then, assign permissions to groups rather than to each individual user account Module 1: Introduction to Windows 2000 Administration 11 Assigning Permissions to Gain Access to Resources Slide Objective To identify how administrators use permissions in Windows 2000 to control user access to network resources ! Assigning Permissions to Control Access ! Users Must Have Explicit Permissions to Gain Access to Resources Lead-in You assign permissions to users and groups to control access by users to resources Write Write database After you identify the resources to which users need access, you control the access that users have You assign permissions to users for specific resources so that the users can gain access to the resources Most users not need access to all of the resources on a network The kind of access to specific resources that users require will vary from user to user Controlling Access to Resources You control access to network resources such as files, folders, and printers by assigning permissions For example, if a user needs to add information to a folder, you assign permissions so that the user can write to the folder Permissions provide security for resources by allowing or denying user access to individual files and folders, and by specifying the kind of access that each user has Permissions are effective whether a user gains access to the file or folder at the computer or over the network Assigning Explicit Permissions A user must have explicit permission to gain access to a file or folder If you have not assigned permission to the user, the user cannot gain access to the file or folder 12 Module 1: Introduction to Windows 2000 Administration Using Groups to Manage User Accounts Slide Objective To identify how groups efficiently manage user accounts Lead-in Put Put Users Users in in Groups Groups Assign Assign Permissions Permissions to to Groups Groups User User 11 To simplify administration of user accounts, add users to groups and assign permissions to groups User User 22 Read Read // Write Write User User 33 Accounting Group User User 44 User User 55 You can assign permissions to individual users, but user account administration is easier if you assign permissions to groups of users instead A group is a logical collection of user accounts You add users to existing groups or create new groups and add user accounts to the new groups Adding users to groups simplifies administration because you avoid having to assign permissions to individual user accounts When managing user accounts and assigning access to resources, follow this strategy: Create groups based on administrative needs Assign users to appropriate groups Identify the resources that each group of users needs, and assign the appropriate permissions to the group Create groups to organize users based on resource access needs and assign permissions to the group for the resources For example, members of an accounting department need access to the same application, Microsoft Excel, and the same accounting files They also need to gain access to the printer that is located in their department You first should identify the user accounts in the accounting department with common needs Then, create an accounting group that will logically group them Finally, assign permissions to the accounting group to gain access to Excel and the accounting files Module 1: Introduction to Windows 2000 Administration 13 # Introduction to Windows 2000 Domains Slide Objective To introduce domains Lead-in The most common network configuration in Windows 2000 is a domain Delivery Tip This is an overview of introduction to Windows 2000 domains Prepare students for the topics by providing the following key points of information Key Points A Windows 2000 domain provides users with access to network resources and a common directory service Computers in a Windows 2000 domain consist of domain controllers, member servers, and client computers Use Active Directory to administer users, groups, and network resources such as computers and printers Students can learn more about Active Directory by viewing the video “Concepts of Windows 2000 Active Directory” Do not show the video in class; it introduces topics beyond the scope of this course ! Windows 2000 Domains ! Computers in a Domain ! Active Directory A Windows 2000 domain is a network of computers All users who log on to a domain have access to the resources on all computers connected to the network Users must have permission to access these resources Domains consist of computers configured as domain controllers, member servers, and client computers The domain controller stores Active Directory Active Directory allows for central administration of domain account privileges and security and network resources Member servers provide shared resources such as file and print services Note To learn more about Active Directory, see the video “Concepts of Windows 2000 Active Directory” on the Student Materials compact disc You can also learn more about Active Directory in course 1557, Installing and Configuring Microsoft Windows 2000 14 Module 1: Introduction to Windows 2000 Administration Windows 2000 Domains Slide Objective To introduce Windows 2000 domains and explain how Windows 2000 centralizes network administration Lead-in A Windows 2000 domain provides a centralized approach to sharing network resources ! Users Have Access to Data on Other Computers ! Single Logon Process for All Computers ! User and Resource Information Is Stored and Administered Centrally ! Scalable to Very Large Networks A Windows 2000 domain is a logical grouping of networked computers It provides a centralized approach to sharing network resources Users on one computer have access to all resources on every other computer in the domain, provided they have the appropriate permissions to access the resource Domains provide a single logon process for users to gain access to network resources, such as file, print, and application resources for which they have permissions A user can log on to one computer in a domain and, with the appropriate permissions or rights, use resources on another computer in a domain A domain also provides centralized administration All user account and resource information is contained in one central location, in a directory service Active Directory is the Windows 2000 directory service Domains are scalable to very large networks The way that users gain access to resources and the way that resources are managed on a small network are the same as in very large networks ... Configuring Microsoft Windows 2000 14 Module 1: Introduction to Windows 2000 Administration Windows 2000 Domains Slide Objective To introduce Windows 2000 domains and explain how Windows 2000 centralizes... permissions to the accounting group to gain access to Excel and the accounting files Module 1: Introduction to Windows 2000 Administration 13 # Introduction to Windows 2000 Domains Slide Objective To. .. information and directory functions !" Use Windows 2000 Help to find information Module 1: Introduction to Windows 2000 Administration Introduction to Network Administration Slide Objective To identify

Ngày đăng: 21/12/2013, 05:17

Từ khóa liên quan

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan