Microsoft Windows OS

User Account Control (UAC) is an administrative tool that raises an alert if you modify the privileges of the administrator. It was introduced with Windows Vista, Windows Server 2008 and Windows 7. User Account Control improves the security of Windows by limiting the access to the standard user until the author authorizes an increase in the privilege. The different options in UAC are:

1.       Privilege elevation:  All users on Windows 7 have Standard user right by default.  If a user tries to create a new user account, then user rights has to be raised from the standard user to the administrative user. This increase in rights is known as privilege elevation. Privilege Elevation occurs only for a specific task.
2.       Admin Approval Mode: In this mode administrator should approve for the elevation by responding to the UAC prompt. The UAC prompt requires clicking  ‘Yes’  to the prompting for consent, or entering a user name and passwords which is called prompting for credentials.
3.       Secure Desktop: Secure Desktop ensures that malicious software is unable to alter the display of the UAC prompt.

Types of UAC Settings:

1.       Always Notify me when: This is the most secure setting. It prompts a warning message asking for administrator permission if anyone tries to make some changes in the computer. The desktop appearance is dimmed because of the secure desktop. The request has to be answered within 150 seconds or else it denies the request for privilege elevation and computer returns to the standard desktop.
2.       Notify me when Programs try to make changes to my computer: If you select this option you are shown with a warning about the changes made to your computer or windows settings and require administrator permissions. The notification always occurs at the secure desktop.
3.       Notify me only when the programs try to make changes to my computer (Do not dim my desktop): If this option is selected, you will be prompted with a message that requires administrator permissions.
4.       Never notify me when: IF this option is selected, you are notified about any changes made to your computer or windows settings when you log on as administrator. If you have logged on as a standard user, any changes that require administrative privileges are denied.

Managing user accounts and groups is an essential part of any organization. To do this an administrator should understand ‘User accounts & groups’ and how they work. How users are authenticated to the system. There are several methods of Authentication in the User accounts. It depends upon the function and the needs of an organization which authentication method best suits them.  The different authentication methods in Windows 7 are as follows:

1.       Username and password
2.       Smart Cards
3.       Biometric Devices
4.       Use of Digital Certificates

Steps to configure the behaviour of UAC elevation prompt:

1.       Go to ‘Start’ – ‘Control panel’ – ‘System and security’ – ‘Administrative tools’ – ‘Local security policy’ – ‘Local policies’ – ‘Security options’.
2.       In the right hand pane scroll down to ‘User Account Control: Behaviour of Elevation for administrators in Admin Approval Mode’.
3.        Double click on the ‘User account Control: Behaviour of Elevation for administrators in Admin Approval Mode’.
4.       Select the required option from the list.
5.       Click ‘Apply’. Click ‘Ok’.

Steps to Configure Local security Policies related to UAC:

1.       Go to ‘Start’ – ‘Control panel’ – ‘User Accounts and family safety’ – ‘User Accounts’ – ‘Change User Account Control Settings’.
2.       In the ‘User Account Control Settings’, slide down the slider to change the settings of the User Account Control as per your requirement.
3.       Click ‘Ok’.

Disk management utility is used to convert disk types and change the partition styles. Windows 7 also provides you with Disk part command line tool to manage the disk. Disk management utility also helps you to convert disk types and change the partition styles. Windows 7 allows you to convert the following partition styles:

1. Master Boot Record (MBR) can be converted into GPT if there are no volumes on the disk.
2. MBR can be converted to dynamic, but the disk will become unbootable.
3. GPT can be converted to MBR if there are no volumes on the disk.
4. GPT can be converted on to dynamic, but the disk will become unbootable.
5. Dynamic can be converted to MBR if there are no volumes on the disk.

Master Boot Record (MBR): It is the information on the first sector of the Hard disk or diskette that is used to identify the location of the operating system.

GUID Partition Table (GPT): GPT stands for GUID partition table is a standard for the layout of the partition table on a physical Hard disk. We cannot apply GPT partition on removable media.

Basic Disk:

Basic Disk uses a partition table to manage all partitions on the disk. It is supported by DOS and Windows system. All disks are initially basic disks. Basic disk can contain partitions like Primary partition, Extended Partition and Logical drives. You can create maximum of 4 partitions on basic disk.

Dynamic Disk:

Dynamic Disks do not use a partition table to track all partitions as basic disk does. IT uses a hidden database (LDM) to track information about dynamic volumes or dynamic partitions on the disk. In dynamic disks you can create volumes such as Spanned and Striped volumes, and can also create fault-tolerant volumes such as Mirrored volume and RAID 5 volumes.

Converting a Basic disk to Dynamic disk:

1. Right click on ‘Computer’ icon on the desktop, select ‘manage’. The computer management window will be displayed.
2. Click on ‘Disk management’ in the left pane. You will see all the list of storage devices connected to the computer. Right Click on ‘Disk 0’, select ‘Convert to Dynamic disk’.
After conversion all the existing partition of basic disk will be converted to simple volumes.

Steps to Shrink a Volume:

1. Go to ‘Start’ – ‘Control panel’ – ‘System and security’.
2. Click on ‘Administrative tools’ from ‘System and security’ console.
3. Open ‘Computer management’ and click on ‘Disk Management’. The Disk management window appears. Right click on the volume you want to shrink and choose ‘Shrink Volume’.
4. Enter the amount of space to shrink in the value field and click on ‘Shrink’.

Steps to Extend a Volume:

1. Go to ‘Start’ – ‘Control panel’ – ‘System and security’.
2. Click on ‘Administrative tools’ from ‘System and security’ console.
3. Open ‘Computer management’ and click on ‘Disk Management’. The Disk management window appears. Right click on the volume you want to shrink and choose ‘Extend Volume’. Click ‘Next’.
4. Select the amount of space to extend in the value field. Click ‘Next’.
5. Click ‘Finish’.

Steps to create a Simple Volume:

1. Go to ‘Start’ – ‘Control panel’ – ‘System and security’.
6. Click on ‘Administrative tools’ from ‘System and security’ console.
2. Open ‘Computer management’ and click on ‘Disk Management’. From ‘Disk Management’, select the disk on which you want to create a simple volume.
3. Right click on the ‘Unallocated space’ of the selected disk; click ‘New simple Volume’. The ‘New
Simple Volume’ wizard appears.
4. Click ‘Next’ – Enter the ‘Volume size’ in MB, click ‘Next’. Select a ‘Drive letter’ for the volume and click ‘Next’. Select a ‘File system’ (NTFS/FAT), give a ‘Volume label’ to the new volume you are creating. Click ‘Next’.
5. Click ‘Finish’.

Windows Server Update Service (WSUS)

WSUS is a windows feature that can be set up to automatically check for updates that are published on Windows Update or WSUS server. WSUS uses this windows feature to publish administrator approved updates on an intranet. We can configure the Windows operating system to install updates from WSUS.

Windows Server 2008 provides you with different types of updates:

1. Critical updates:
Security fixes and other important updates that keep computers current and networks secure. A computer that is missing one more critical updates should be considered a security risk, unstable or both.
2. Recommended downloads:
The latest Windows and Microsoft Internet Explorer service packs and other important updates.
3. Windows Tools:
Utilities and other tools that are provided to enhance performance facilitate upgrades and ease the burden on system administrator.
4. Internet and Multimedia updates:
Includes Internet Explorer upgrades and patches upgrades to Microsoft Windows Media player and similar updates.
5. Additional Windows Download:
Updates for desktop settings and other Windows Operating system features
6. Multilanguage Features:
Menus and dialogue boxes, language support and Input method editor for a variety of languages
7. Documentation:
Deployment guides and other software –related documents are also available.

Windows Server Update Service (WSUS)

Windows Server update service has following Software and Hardware requirements:
1. Windows Authentication
2. ASP.Net
3. IIS 6.0 management compatibility
4. Microsoft Report viewer Redistributable
5. WSUS service pack 2.0 or higher
6. A minimum of 1 GB free space on system partition
7. 20 GB of free space on the Volume used to store WSUS downloaded content
8. 2 GB free space on the volume where WSUS stores the Windows Internal Database

Steps to Configure WSUS

1. Go to ‘Start’ – ‘Administrative tools’ – ‘Server Manager’ – ‘Roles’ – ‘Add Roles’ – ‘Next’ – Select ‘Web server IIS’.
2. Click ‘Add required Features’ – ‘ASP.NET’, ‘Windows Authentication’ and ‘IIS 6 Met abase compatibility’. Select ‘Add required features’ – ‘Next’ – ‘Install’ – ‘Close’.
3. Go to ‘Start’ – ‘Administrative tools’ – ‘Server Manager’ – ‘Add features’ – ‘Windows Internal Database’. Click ‘Yes’ – ‘Yes’ – “Install’ – ‘Close’.
4. Double click ‘Microsoft Report Viewer’ downloaded from the internet. Click ‘Next’ – ‘Next’ – ‘Install.
5. Double click ‘WSUS installation file’ from the Web, ‘Next’ – ‘Full Server installation including Administration console’ – ‘Next’ – Select ‘ I accept the terms of the License agreement’ – ‘Next’ – ‘Synchronize from Microsoft update’ – ‘Next’ – On Database option accept the default value and click ‘Next’ – ‘Finish’.
6. The ‘Windows Server updates services’ Window will be displayed, click ‘Next’ – ‘Choose upstream server’ screen appears. Select ‘Synchronize from Microsoft updates’ – ‘Next’.
7. ‘Specify the Proxy server settings’ Wizard appears – Enter proxy information if necessary – Click ‘Start Connecting’. This will take several minutes to connect to Microsoft update server depending on the Internet connection speed.
8. Select ‘Language screen’ will appear. Select ‘Download updates only in these languages. Place the check mark in the appropriate language. Click ‘Next’.
9. ‘Choose product screen’ appears. Select the appropriate options and click ‘Next’.
10. ‘Choose classification’ window, Accept default value and click ‘Next’. Set ‘Synch schedule’, Click ‘Next’ — ‘next’ – ‘Finish’.

Steps to configure any client machine to receive updates from the WSUS server:

1. Go to ‘Run’ – type ‘gpedit.msc’. In the ‘Group policy editor’, click on ‘Computer management’ – ‘Admin templates’ – ‘Windows Components’ – ‘Windows updates’.
2. In the right hand pane, double click ‘Configure automatic updates’, select ‘Enable’ radio button – Click ‘Ok.
3. In the right hand pane click ‘Specify intranet Microsoft update service location’ – select ‘Enabled’. In ‘Set the intranet update service’ enter ‘http://computername of WSUS server’.
4. Go to ‘Start’ – ‘Admin tools’ – ‘Services’ – Right click ‘Windows update’ click on ‘Restart’ option.
5. Go to ‘cmd’ – ‘wuauclt /detectnow and press ‘Enter’.

Router is a device which determines routes from a source network to a destination network. It decides where to send the network packets based on the addressing in the packet. Since router works on layer 3 of OSI model they are also referred to as layer 3 devices.

Functions of a Router:

1. To join networks together over extended distances over WAN’s. WAN traffic often travels over multiple routes, and the routers choose the faster or cheaper route between a source computer and destination.
2. To connect dissimilar LANs, such as Ethernet LAN to a Fibre Distributed Data Interface (FDDI).

LAN routing

You should have at least 2 LAN cards on your server machine, configured with two IP address belonging to different subnets.
1. Go to ‘Server manager’ – ‘Roles’ – ‘Add roles’— ‘Next’— ‘Network policy and Access services.’
2. Click ‘Next’ – read the information—Place a check mark next to ‘Routing’ — click ‘Add required role services’ —‘Next’ –‘Install’ —- The installation begins —click ‘Close’ when installation completes.

Configuration

1. Go to ‘Start’ — ‘Administrative tools’— ‘Routing and Remote Access’ – Right click and select ‘Configure and enable Routing & Remote Access’ – ‘Next’ – ‘Custom configuration’ – ‘Next’ – ‘LAN Routing’ – ‘Next’ – ‘Finish’.
2. ‘Routing and Remote Access’ screen appears – Click ‘Start service’. Now just Ping and check the ‘IP addresses from both the sides.
You will see that the network connection has been established between both the subnets.

Virtual Private Network (VPN)

I am running organisation ABC enterprises, and my marketing executive is a person who has to visit several customer sites for promoting my business. He visits places which are at remote locations. The problem which I am facing now is he needs to connect frequently to the company’s branch office for data transactions and updating. Here I cannot provide him with dedicated connection from service provider since his location is not fixed. So now only VPN can help me in doing secure transaction.

Steps to install and Configure VPN:

1. Now go to ‘Start’ – ‘Administrative tools’ – ‘Routing & Remote Access Service’. Right click on ‘Server name’ and click on ‘Configure & Enable Routing & Remote Access Service’ – ‘Next’ –select ‘Remote Access (Dial up or VPN).
2. Click ‘Next’ — place a checkmark next to ‘VPN’, click ‘Next’ — VPN screen appears (select the LAN interface which is named as Internet)—‘Next’ — click ‘From a specified range of IP addresses’ –‘Next’ –click ‘New’ — provide a range of IP address (start 12.0.0.1 to 12.0.0.55)—‘Ok.
3. Click ‘Next’ – ‘Managing multiple Remote Access Server’ screen appears – Accept the default value – ‘Next’ – ‘Finish’ – ‘Ok’ (When the warning message is displayed)

Steps to Configure of Network Policy server:

1. Go to ‘Start’ – ‘Administrative tools’ – ‘Network Policy Server’ — Click on ‘Policies’ — Click on ‘Network policies.’
2. Right click ‘Network policies’ — click ‘New’ — Provide a ‘Network policy name’ (lets say LAB1) — in the ‘Type of Network Access Server’ select ‘(RAS VPN dial up)’ – ‘Next’.
3. In ‘Specify conditions’ screen ‘Click Add’ — Select ‘Windows group’ — Add — Add groups select ‘Remote Desktop Users’ group from the option — Click ‘Ok’ – ‘Ok’ and then click ‘Next’ — select ‘Access Granted’ option – ‘Next’ — in ‘Authentication Methods’ select ‘Default values’ and say ‘Next’.
4. In ‘Configuration constraints’ screen – ‘Idle timeout’ — enter a specified value say ‘20 minutes’ – ‘Next’ – ‘Accept default’ selections — Click ‘Next’ and the Click ‘Finish’.

Client side configuration:

1. Go to ‘Network and sharing centre’ – ‘Setup a Network Connection’ – ‘Connect to my work place’ — Select ‘VPN’ – Configure ‘Internet settings later’.
2. Put the ‘Clients IP address’ or the ‘Servers private address’. Enter ‘Username and Password’ provided by the server – ‘Finish’.
3. Click ‘Manage Network Connections’ — Double click ‘VPN connection’ — Enter ‘Username and Password’ – ‘Connect or Dial’.
4. Right click on ‘VPN connection’ and see the status you will get an IP provided by the VPN Server.

Each computer on the network has to locate every other computer in the network and so they need to communicate with each other. For this they require IP address and the names. The process of mapping an IP address to its computer name and computer name to IP address is called as Name Resolution. Human beings can remember names easily than numbers. So it is very important that there should be some system which maps name to IP address and IP address to name. Domain Naming System is the service which provides this Name resolution service in Local Area Network (LAN) as well as Wide Area Network (WAN).

Advantages of having DNS

1. Scalability: Since DNS is capable of distributing workload across several databases or computers, it can scale to handle any level of name resolution required.
2. Constancy: Hostnames remain constant even when associated IP addresses change, which makes locating network resources much easier.
3. Ease of use: Users access computers using easy to remember names such as www.gmail.com then a numerical IP address such as 202.128.1.100.
4. Simplicity: Users need to learn only one naming convention to find resources on either the internet or intranet.

Steps to install and Configure DNS server

1. Go to ‘Start’ – ‘Server Manager’ – ‘Roles’ – ‘Add Roles’. Click ‘Next’; select the ‘DNS server’ checkbox.
2. Click ‘Next’ – ‘next’ – ‘Install’ – click the ‘Close’ button once the installation is done.

 Steps to configure Primary Zone:

a. To configure a primary zone go to ‘Start’ – ‘Administrative tools’ – ‘DNS’ – Select ‘Forward lookup zone’. Right click on ‘Forward lookup zone’, select ‘New zone’ – ‘Next’ – Select the ‘Primary Zone’ option.
b. Click ‘Next’ – in the ‘Zone name’ textbox enter the zone name as ‘abc.com’ – ‘Next’.
c. The Zone file windows will appear. Select ‘Create a new file with this filename’ – ‘Next’ – ‘Do not allow dynamic updates’ – ‘Next’ – ‘Finish’.
d. To configure ‘Reverse lookup zone’ go to ‘Start’ – ‘Administrative tools’ – ‘DNS’ – ‘Reverse lookup zone’. Right click the ‘Reverse lookup zone’ and click ‘New zone’ — ‘Primary Zone’.
e. Select ‘To all DNS servers in the Domain’ – ‘Next’ – ‘IP version 4 Reverse Lookup Zone’ – ‘Specify network Id of your network’. For e.g. 192.168.10.
f. Select the ‘Allow both non secure and secure dynamic updates’ radio button.
g. Click ‘Next’, click ‘Finish’.

 Steps to add Hostnames

a. Double click on ‘Forward lookup Zone’ – select you zone name – Right click and select ‘New host’ – ‘Specify the name of the host’ for e.g. sales.
b. Assign an ‘IP address’ for the host to resolve the name. Click on ‘Add host’.
5. Configuring Zone transfers:
a. Double click ‘Forward lookup zone’. Select the ‘Zone name’ and right click on it.
b. Select ‘Properties’ — click on ‘Zone transfer’ tab. select ‘Allow zone transfers’ – ‘only to following server’ radio button. Enter the ‘IP address of the server. Click ‘Apply’ –
c. Click ‘Ok’. Transfer the reverse lookup zone in the same way.

Steps to configure Secondary Zone: (On another server)

a. Go to ‘Start’ – ‘Administrative tools’ – ‘DNS’. Right click and select ‘New zone’.
b. Select ‘Secondary Zone’ — Specify ‘abc.com’ in the ‘Name of the Zone’ window.
c. Click ‘Next’ – Select the ‘Ip address of the Primary Zone’ server. Click ‘Next’ – ‘Finish’.
d. Press ‘F5’ function key to refresh the records if necessary. All the DNS records from the primary zone are automatically updated in the secondary zone.
e. Repeat the same procedure for Reverse lookup Zone.

Testing the DNS settings

Nslookup or the ‘Name Server lookup’ is a tool used to test the DNS settings. In the command prompt type the command ‘Nslookup abc.com’. The name should be resolved to the IP address if you successfully configured the DNS.

DHCP is Dynamic Host Configuration Protocol. The function of DHCP server is to assign IP address to its clients. It functions at application layer of OSI model.

Terms in DHCP

1. DHCP Server: It is a server that provides DHCP configuration information to multiple clients, the IP address and configuration information that the DHCP server makes available to client are defined by the DHCP administrator.
2. DHCP client: A computer that obtains its IP address configuration from the DHCP server.
3. DHCP lease: It defines the duration for which a DHCP server assigns an IP address to a DHCP client. The lease duration can be any amount of time between 1 minute and 999 days or unlimited. Default lease duration is 8 days.

How DHCP Works

The DHCP works on the process of DORA. DORA stands for:

a. Discover: It is sent by clients via broadcast to locate a DHCP server.
b. Offer: Sent by one or more DHCP servers to DHCP clients in response to Discover, along with offered configuration parameters.
c. Request: Sent by the DHCP clients to signal its acceptance of the offered address and parameters.
d. Acknowledgement: Sent by the DHCP server to a DHCP client to confirm an IP address and provide the client with configuration parameters.

Commands to configure DHCP client

1. To view IP address configuration.
ipconfig /all
2. To renew the IP address.
ipconfig /renew
3. To release the IP address.
Ipconfig /release
Steps to install and configure DHCP
1. Right click ‘Computer’ – ‘Sever Manager’ – Click on ‘Roles’ – ‘Add Roles’.
2. Select the ‘DHCP’ option , ‘Next’ – ‘Next’
3. Select the ‘Disable IP version 6’ option – ‘Next’.
4. Add DHCP scope – Click on’ Add’. Enter a ‘Scope range’ and ‘Scope name’
5. Check the ‘Active the scope immediately’ checkbox. Click on ‘Install’ – ‘Ok’.

Reservation in DHCP

Reservation in DHCP means to bind a particular host by assigning a permanent IP address to it which will not change even if the computer restarts. It requires the MAC address information of the Host device. Reservation is generally done on Network printer in corporate networks where Network printers are accessed frequently by users.
Steps to configure DHCP Reservation:
1. Go to ‘Start’ – ‘Administrative tools’ – ‘DHCP – ‘Address pool’ – Check the range of scope.
2. Check the ‘Reservations’. By default there are no reservations.
3. Double click on ‘Reservations’. Right click ‘New Reservation’.
4. Assign IP address and bind a MAC address to give a reservation to it. Click ‘Create’ and ‘OK’.

Steps to configure Exclusion range

1. Right click on the scope where you want to exclude ip addresses.
2. Select ‘New exclusion range’, type the range of IP addresses which you want to exclude from the scope.
3. Click ‘Next’ – ‘Ok’.
Steps to configure DHCP client computer:
1. Go to ‘Network and Sharing centre’ –‘View statuses – ‘TCP/IP properties’.
2. Select ‘Obtain an IP address automatically’ – ‘Obtain DNS server automatically’ – ‘Ok’.
3. Click ‘Ok’ one more time. The client will show a status as ‘Identifying’ and then after sometime an IP address will be assigned to the computer.

DHCP Relay Agent

If we consider a scenario where we have several networks and each network having its own subnets. The DHCP server is configured on one of the network. We all learned that DHCP broadcasts the DORA process and hence clients on other networks will not be able to get IP addresses from DHCP. Do we have to configure DHCP Relay agent who will forward this broadcast to the DHCP server. Without DHCP relay agent the clients from other sub networks will not be able to receive IP address from DHCP server.

Active Directory Domain Services is a directory service by Microsoft that provides centralized authentication and authorization services. It is a powerful service to store and manage security principals, such as users, groups and computers. It also offers centralized and secure access to network resources. ADDS in server 2008 is one of the most important role. It provides the basis for authentication and authorization for virtually all other server roles in Windows Server 2008. Applications like Exchange server and Windows SharePoint services require ADDS.

New features of ADDS in Windows Server 2008

1. Auditing. In Windows server 2008 the ADDS provide more granular auditing capabilities through four new auditing categories:
a. Directory Services Access
b. Directory Services Changes
c. Directory Services Replication
d. Detailed Directory Services Replication
Auditing also provides the capability to log old and new values of an attribute when a successful change is made to that attribute.
2. Fine grained Password Policies. In windows Server 2008 there are different password and account lockout policies for different sets of users in domain. User and group password and account lockout policies are defined and applied via ‘Password Setting Object’ (PSO).
3. Read only domain controllers. Windows server 2008 introduces a new type of Domain controller called a Read only Domain Controller (RODC). RODC contains read only copy of ADDS database.
4. Restart able Active Directory Domain Services. Windows Server 2008 can be stopped and restarted through MMC snap ins and the command line. The Restart able ADDS service reduces the time required to perform certain maintenance and restore operations. Other services running on the server remain available to satisfy the client request while ADDS is stopped.
5. ADDS database mounting Tool. Windows Server 2008 comes with a ADDS database mounting tool which provides a means to compare data as it exists in snapshots or backups taken at different times. The ADDS database mounting eliminates the need to restore multiple backups to compare the AD data that they contain and provides the capability to examine any change.

Active Directory terms

Domain. Domain is defined as a logical group of network objects that share a common active directory database.
Tree. A tree is a collection of one or more domains and domain trees in a contagious namespace, linked in a transitive trust.
Forest. A forest is a collection of trees that share a common global catalog, Schema, logical structure and Directory configuration. It represents the security boundary within which users, computers, groups and other objects are accessible.

Steps to install Active Directory Domain Services

1. Go to ‘Server Manager’ – ‘Roles’ — ‘Add Roles’. The ‘Add Role wizard will be displayed.
2. Click ‘Next’ and Select ‘Active Directory Domain Services’ from the list.
3. Click ‘Next’ – ‘Install’. The installation process will begin and click ‘Close’ when the Wizard finishes the installation.
4. Go to ‘Server manager’—‘Roles’. Select ‘ADDS role’ and click the ‘Dcpromo.exe’ link.
5. The ‘Active Directory Domain services’ window will be displayed. Click ‘Next’ – ‘Next’.
6. Select ‘Create a New Domain in a new Forest’ radio button. Click ‘Next’. Give a particular name to the domain like ‘abc.com’. Click ‘Next’.
7. Select Forest functional level as ‘Windows Server 2008’. The Domain functional level is also ‘Windows Server 2008’. Click ‘Next’.
8. Select the ‘DNS server’ checkbox. Click ‘Next’. Keep the default database location and select’ Next’. The ‘Directory services Restore mode’ password Window is displayed.
9. Type the password for ‘Directory Services Restore mode’.
10. Click on ‘Next’ and select ‘Reboot on completion’ checkbox so that the server will restart once the ADDS is installed in your computer.

Difference Between Workgroups and Domains

The difference between a workgroup and a domain network is the way of managing network resources. Computers in domains have a centralised database and the computers in Workgroups have a distributed database. Computers in the home are usually in Workgroup whereas computers in the workplace and corporate networks are normally 0n Domains.

Workgroups

1. Every computer has its own unique database called as SAM database
2. NetBIOS protocol is used for Name resolution.
3. There could be 10 to 15 computers in a Workgroup.
4. All computers must be on the same network or subnet.
5. Workgroup works in LAN environment.
6. All computers have client Operating system.

Domains

1. Domain shares a centralised database called as NTDS with all the computers in the network.
2. DNS is used for Name resolution.
3. There could be unlimited no. of computers and users in Domain.
4. Different computers are in different Sub networks.
5. Domain works in LAN and WAN environment.
6. Computers in Domain can have server as well as client operating system.
Advantages of having a Workgroup
1. It is commonly used for home and small business network.
2. IT is also called as peer to peer network.
3. Computers communicate directly with each other and share resources.
4. Each user can decide the resource that he wants to share with others in the network.
5. Less expensive and easy to setup for small networks.
6. No dedicated Administrator required.

Advantages of having a Domain

1. Domain provides user and group based security, centralised management of network resources and can be physically stored in one room or Span international borders.
2. Security is more as compared to workgroup.
3. A lot of Scalability
4. Lot of Extensibility
5. Single Sign On.
Steps to join a single client computer into a particular workgroup:
1. Go to ‘Start’ – ‘Computer’ – ‘Right click’ and select ‘Properties.’
2. Click ‘Change settings’ – ‘System properties’ window will be displayed.
3. Click on ‘Change’ button. ‘Computer name/Domain changes’ window will be displayed.
4. In the bottom click ‘Workgroup’ radio button. Enter the name of the workgroup where you want to join your computer.
5. Click’ Ok’. You will need to restart.
6. After the computer restarts your computer will be joined to the particular Workgroup.

Steps to join a single client computer into a Domain:

1. Go to ‘Start’ – ‘Computer’ – ‘Right click’ and select ‘Properties.’
2. Click ‘Change settings’ – ‘System properties’ window will be displayed.
3. Click on ‘Change’ button. ‘Computer name/Domain changes’ window will be displayed.
4. In the bottom click ‘Domain’ radio button. Enter the name of the domain where you want to join your computer.
5. This will ask you to provide the administrative credentials of the domain. Enter the credentials.
6. Click ‘Ok’. You will need to restart the computer.
7. After the computer restarts your computer will be joined to the particular Domain.

The Home group:

Home group is a new feature in windows 7 which allows you to connect to other computers and also allows you to share music, pictures, documents, printers and other files with other computers. Home group cannot be created on a Domain network. We can allow other computers on home group to modify our files o make them read only. You can set permissions for other users to access your files.

Steps to create a Home group:

1. You require minimum 2 computers on the same network.
2. Click ‘Start’ and select ‘control panel’. In control panel select ‘Network and Internet’ and click on choose ‘Home group and sharing’. This will display the home group window.
3. Click the ‘Create a Home group’ button. The Create Home group window will appear. Now select the check box for which items you want to share and click ‘Next’. Then it opens a window with password information to other computers.
4. You have to use this same password to add other computers to your network. You can also click on ‘Print password and instruction’ and give this password to other computers running windows 7 on the network to join your Home group.
5. Click ‘Finish’ to complete the creation process.
Note: When a computer is connected to the home network where you created your home group, windows 7 prompts you that there is Home group available to join.

Steps to Join a Home group which is already created:

1. Click ‘Start’ – ‘Control Panel’ – ‘Network and Internet’ – ‘Home group’. The Home group window will appear.
2. Click ‘Join now’ button to join your Home group. The join a Home group wizard will appear.
3. On the join a Homepage window, select the items that you want to share with other computer and click ‘Next’.
4. Enter the Home group password that you got from the person who created the Home group and click on ‘Join now’ button.
5. If you want to leave the home group, open the Home group item in the ‘Network and sharing center’ and then click ‘Leave the Home group’ option.

Sharing Data in your home group:

1. Type ‘compmgmt.msc’ in start search box, click on ‘Shares’ under ‘Shared folders’.
2. Right click on shares node and click ‘New share’. Then it will open ‘Create a shared folder’ wizard.
3. Click ‘Next’ and specify the folder which you want to share. After entering the folder path ‘Create a shared folder’ wizard appears. Enter ‘share name, share path & description’ to specify how users see and use this shared folder over a network and click ‘Next’.
4. Set the appropriate permission that you want for the shared folder.
5. Click ‘Finish’ so that the sharing completes.

Sharing a printer in your Home group:

1. Click ‘Start’ – ‘control panel’- ‘Hardware and sound’- ‘Devices and printers’.
2. Locate the printer and right click the printer which you want to share. Select ‘Printer properties’.
3. Click ‘Sharing ‘tab of the printer properties and enable the ‘Share this printer’ option.
4. To add additional drivers for the printer, Click ‘Additional drivers’.
5. Click ‘Apply’- ‘Ok’.

Stop or change folder sharing:

1. Open windows explorer. Select the folder and right click the folder for which you want to stop sharing. Select ‘Share with’ and select ‘Nobody’. The sharing wizard will appear.
2. Click ‘Change sharing permissions. This will allow you to change the existing permissions.
3. To stop sharing permission, click ‘Stop sharing’ option from share wizard.
Note:

You can assign three different kinds of permissions:

1. Owner permissions: For the user who shared the folder.
2. Read permissions: Allows the user to access files in the shared folder but not to delete or modify them.
3. Write permissions: Allows the user to read, add, delete and modify the files in the shared folder.

That software’s which worked fine in previous version of Windows is unable to function in Windows 7. This is called as Application Compatibility issue. This happens when the administrator tries to migrate earlier Windows client operating system to Windows 7. There are many methods in which Application Compatibility issue could be resolved.

Program Compatibility Trouble-shooter:

The program compatibility trouble-shooter in windows 7 is a tool that automatically selects compatibility settings to run the applications in earlier versions of Windows mode. Operating system detects the compatibility problem and determines the solution to resolve the problem while troubleshooting the issue. Once the operating system has fixed the compatibility issue, it remembers the solution and will prevent the same issue from occurring in future. Program compatibility trouble-shooter cannot troubleshoot installation of .MSI format and is applicable only for executable files.

Built in Compatibility modes and option:

Windows 7 provides several built in compatible modes that configure application to run using settings which provide earlier Windows operating system Environment. The steps to configure compatibility mode for any application are as follows:
1. Select the ‘setup file’ of the application, right click on it. Click ‘Properties’.
2. In ‘Properties’ window, select the environment for your application in the ‘Compatibility’ tab.
3. Click ‘Apply’ — ‘Ok’.

Application Compatibility Toolkit:

Application Compatibility Toolkit is a collection of tools that allow you to resolve application compatibility issues. This tool determines if existing applications are compatible with Windows 7 before migrating to new operating system. The features of Application Compatibility Toolkit are:
1. Application Compatibility Manager
2. Application Compatibility Administrator
3. Internet Explorer Compatibility Test Tool
4. Setup Analysis Tool
5. Standard User Analyzer

Application compatibility Manager:

It is used to configure, collect, analyze and test the compatibility data to resolve any kind of compatibility issue which occurs when you deploy a new operating system in your organization. Application Compatibility manager communicates with Microsoft SQL server database which stores all the data.

Application Compatibility Administrator:

It helps you to resolve large number of compatibility issues before deploying new windows to your organization. Compatibility Administrator provides a set of compatibility fixes and compatibility modes that can be used to resolve compatibility issues with particular applications. Compatibility fix is a piece of software which stops application programming interface calls from applications and modifies these application to run to run on Windows 7 platform.

Internet Explorer Compatibility tool:

It helps in testing the compatibility problems of websites which will display on the Internet Explorer 8. The steps to use Internet Explorer toolkit are:
1. Go to ‘Start’ – ‘All programs’ – ‘Microsoft Application Compatibility Toolkit’ – ‘Developer and test tools’ – ‘Internet Explorer Compatibility test tool’ – ‘Enable’.
2. Open ‘Internet Explorer’ and it will inform you that compatibility tool is enabled.
3. Now you can open the website and web applications that you want to test.
Internet Explorer Compatibility Toolkit tests the site that you visit and keeps all the information about compatibility issue related with specified websites and web applications.

Setup Analysis Tool:

Setup Analysis Tool detects the compatibility issue that can occur during the installation and configuration of an application. Setup Analysis Tool detects and monitors the action taken by application installer and checks their compatibility issues.

Standard User Analyzer:

It determines whether the User Account Control causes any compatibility issue while deploying new Operating system in your organization. The Standard User Analyzer provides data about problematic files, processes, registry keys, .ini files and other related items that are used by the applications that might cause problems while successfully running on Windows 7.

Steps to install Application Compatibility Toolkit:

1. Download Application Compatibility Toolkit from the below link:
2. http://www.microsoft.com/en-in/download/details.aspx?id=7352
3. Run the downloaded toolkit. In ‘Microsoft Application Compatibility Toolkit’ wizard click ‘Next’. Accept the license agreement and click ‘Next’. The Microsoft Application Compatibility Toolkit wizard opens to enter the destination path. Enter the destination path and click ‘Next’.
4. Click ‘Install’ to start the installation process. You can view the tools on start menu of the computer once the installation process completes.
Steps to configure Application Compatibility Toolkit:
1. Click on ‘Start’ – ‘All programs’ – ‘Microsoft Application Compatibility Toolkit’ – ‘Application Compatibility Manager’. Click ‘Next’ to select the configuration wizard.
2. Select the appropriate configuration option. Select ‘Enterprise configuration’ – click ‘Next’.
3. Enter the name of the SQL server and the name for the database and click ‘Create’ button.
4. Click ‘Next’ – ‘Finish’. (Note down the log file location of your machine).

A quick way to learn all of the new features in Windows 7 is to take a course. Many colleges run short courses such as award winners City and Islington in London. There are also a number of training organisations which deliver 1 day Microsoft courses. Designed primarily for businesses, these are a quick way to get employees skilled in the use of Windows 7. Paul Brown Associates are a UK based National training Company and run an in house Windows 7 training course. This type of training is normally more expensive than a college course but has the advantage of teaching skills quickly.