MIcrosoft Servers by ajitpunchhi

VIEWS: 108 PAGES: 19


Distributed file system (DFS)
DFS stands for Distributed File System. This feature is available in window server 2000
and window server 2003 operating system. By using DFS we can manage our multiple
share folder by logical manner Roots and Virtual Links. This helps us to centralized
management of our shared folder. There are two types of roots:-
    (i)    Domain Root
    (ii)   Standalone Roots

Domain Root works in Domain environment.
And Standalone Roots is worked in Workgroup environment.

For this process NTFS file system must be required.
First of all we have to create root, in which we can select shared folder or normal folder
which is shared by the DFS server. This folder is shared with the name of Root Name.
After that we have to create Links. Here you can specify any virtual name or same name,
which is name of the shared folder. Then we have to set the path of share folder.

Steps to configure DFS
Go to Start > Programs > Administrative Tools > Distributed File System.

A Distributed File System console appears on your screen. In the left pane right click on
Distributed File System icon then new route.
Now in the wizard select root type.
On the next page type the Host Server Name.
On the next page type the Root Name.
Now select folder to share which must be available on NTFS disk drive.
Click next to finish.

Now in the left pane, Right click on root name then click on new link.
A new dialog box appears on screen. Type link name and click browse to set the path of
shared folder.

To view share files on client
\\NetbiosName (ServerName)\Root Folder Name
For e.g.:- \\Server\sale

Active Directory concept
Active Directory is a centralized service which is used to create domain environment. By
default Active Directory is not installed. Active Directory is introduced with window
server 2000. Active Directory (AD) is available in server operating system (server
                    Active Directory is a database, which stores thousands of objects like
users, groups, computer, printers and shared folder etc. it has complete information about
the domain. It offers us:-
    (i)    Centralized administration
    (ii)   Authorized authentication system
    (iii)  Centralized logon system
    (iv)   Centralized group policy implementation

It provides us special kind of container, which is called OU (organization unit). By using
OU, we can manage our Domain environment in a very effective way. OU hides our
physical           structure          of          our          Active           Directory.


                    Sale                                      Account
                    OU                   Productio            OU
                    GP                                         GP

Active Directory is tightly integrated with DNS server. DNS stands for Domain Name
Server. DNS is used to resolve name to IP address of the Host computer.
Requirements of Active Directory:-
   (i)     Windows server 2003 operating system.
   (ii)    NTFS file system

   (iii)   Network service must be required (that computer must be member of any
   (iv)    TCP/IP must be configured with IP address, subnet mask and prefer DNS
           server IP address.
   (v)     You must have administrative rights to install active directory.

Installation of Active Directory:-
Active Directory is in built package, which is installed by using command DCPROMO.
Type this command in the run dialog box and press enter. An Active Directory
installation wizard appears on screen. In this wizard we have to provide require
information like New Domain Controller, Domain Name (which must be Top level
Domain), installation of DNS server with Active Directory, Administrative password for
the purpose of Restore of Active Directory. After that, Active Directory process
continues and your computer start acting as a Primary Domain Controller. User can not
be logon Locally on Domain Controller. But only Administrator can.

Joining Workgroup computer to Domain environment

Client side configuration
   (1) Log on as Administrator.
   (2) Configure TCP/IP address, subnet mask and IP address of preferred DNS server
   (3) Now perform ping command. Now right click on my computer icon> properties>
        then click on computer name tab. On this tab click on change button.
   (4) A new dialog box will be open. Now select domain radio button. In the Domain
        text box type the NetBIOS name of your Domain name. then press enter.
   (5) An Authentication dialog box appears on screen. Provide Administrator
        Username and Password of Domain Controller. And press enter.
   (6) After successful authentication, a welcome message appears on screen.
   (7) Click ok. Again click ok and restart your computer.
   (8) On the user log on screen. In the Authentication dialog box, there is new option
        Log on to is appeared. You can view it by click on option button.

If you want to log on to domain then select Domain Name.
If you want log on local computer then select Log on this computer option and log on as

User management
Active Directory provides us centralized user management. We can manage user
management by using active directory users and computer console. There are number
of containers. In users container, we can create users by right click on it then new then
user option.

How to configuring Log On Hours
We can set Log on Hours of a particular user. Active directory provide us multi-user
objects port means we can select multiple users by using control key and set Log on
Hours within a single click.
   (i)     Create a user in AD (Active Directory).
   (ii)    Now select your user then properties.
   (iii)   Now click on Account tab then click on Log on Hours button.

Note:- client computer timing and server computer must be same.
Log On To
By default, every user or client who has Domain User account can log on from any client
computer within a Domain. Due to some restrictions or requirement of the organization,
we can restrict the user within two or three computers by using computers NetBIOS
Steps: -
   (1) Create a user in AD. Select it then properties.
   (2) Then click on account tab.
   (3) Now click on Log on to button.
   (4) In the given dialog box, select the option Log on to the following computer
   (5) Now type the NetBIOS Name of the computer on which you want user can logon.
   (6) Now click on Add button then click apply and ok.

Account Expire
We can set the age of the account. This option is best for those employees who work for
company on temporary basis. For e.g.:- one or two months. It is very difficult to
remember the actual timing of the temporary basis user account. After that user will not
be able to access your network. So we can configure account expires option through
Active Directory users and computers after that timing the user will automatically deny to
log on in the network.
Steps: -
    (1) Open Active Directory users and computers console.
    (2) Select your user then properties then click on account tab.
    (3) On this tab the account expires option available on bottom of this tab. Select it.
    (4) Explore the calendar from the list. Choose your date.
    (5) Then click apply and ok.

Home directory
We can assign Home directory to each user, which is automatically map and display in
my computer, when user logon from client computer within domain environment. When
user saves his data in that mapped folder then data will automatically saved on domain
controller and that data will always available to user when user logon second time from
any client computer. Home directory provide us centralized storage, easy to backup
security and safety of data and also the availability.
    (1) Open my computer.
    (2) Open any drive, which has ntfs file system.

   (3) Now create a shared folder with the name of „Home‟.
   (4) Give full control to everyone. Open it
   (5) Now create another shared folder with the name of username. In the permission
       section remove everyone. Add the same username and give full control.
   (6) Then click apply ok.
   (7) Now open active directory users and computers.
   (8) Select your user then properties then click on profile tab.
   (9) On this tab in the home folder section.
   (10) Select the option connect to.
   (11) Now select the letter from the list. It is recommended always start from the last,
   which is z drive.
   (12) Now type the path for that home folder.

User profile
In domain environment when user log in from client computer. A local profile or default
profile is created by operating system, in which all the desktop setting, my document and
start menu items are saved. There are three types of user profile.
    (1) Local profile or Default profile
    (2) Roaming profile
    (3) Mandatory profile

(1) Local Profile
This profile automatically created when user logon on client computer. This profile does
not follow the user. When user logon second time from another computer. A new profile
has been created on second computer related to that user.
(2) Roaming Profile
In this profile, user receives same desktop setting when he logged on second time from
any client computer because all the desktop setting will be saved on Domain Controller
after the user logged off. This profile follows the user each time when he log on. To make
this profile we have to perform some task with the help of Active Directory users and
    (i)      Create a user in AD.
    (ii)     Now open my computer. Create a shared folder with the name of profile.
    (iii)    In permission section give full control to every one.
    (iv)     Now open it. Now create another shared folder with the name of username. In
             permission section remove everyone and add the same user and give him full
             control click on apply then ok.
    (v)      Now again in AD users and computer, select your user then properties then
             click on profile tab.

   (3) Mandatory Profile
   In Mandatory profile all the settings are temporary and exist only during the logon
   session. When the user logged off, all the settings made by user are terminated or
   cancel and default setting will be implemented.
             We can create Mandatory profile by rename the file NTUSER.DAT to
   NTUSER.MAN. This file is hidden file, which is available in the user‟s folder, in
   which all the settings are saved.

   Note: - make sure user must be logged off when you made this kind of changes.
Every organization who has lots of modified data, on daily basis. Every company makes
Backup Strategies about their data for security reason, availability etc.
       There are different types of backups which are performed according to the
requirement of the company or perform according to the modified data.
       Microsoft provides us Backup & Restore facility by using NTBACKUP wizard.
By using this utility, you can perform Normal Data Backup and System State Data
Backup. We have two methods to access this utility.

   (1) Go to start -> programs -> accessories -> system tools -> BACKUP
   (2) We can also access this utility by using “ NTBackup ” command. To do this
   Go to Run -> then type “ NTBackup” then press enter.

   Backup technologies work on attributes. „ A „ attribute assigned to file when
   (1) A new file is created.
   (2) When a file is modified after a Normal Backup.
   (3) When a file restore by using a backup process after deletion.

Types of Backup: -

(1) Normal Backup
    Normal Backup is a complete Backup. It is time consuming       practice. It clears the
„a‟ attribute after the backup means mark each file as a backup. It is recommended that
you must perform Normal Backup once a day. You can also such schedule for your
backup plan.

(2) Incremental Backup
    It is second type of backup. It is less time consuming practice. It also read attribute of
the file and mark each file as a backup. This is not a complete backup. We can perform
this kind of backup after Normal Backup. Suppose you have ten files and Normal Backup
is already performed. But four files are modified by user then there is no need to perform
Normal Backup.
                In this case, Incremental Backup is best solution to save the time and
Backup the modified files.

(3) Differential Backup

   We can perform Differential Backup when we want to backed up the files and also
maintain their attributes the main reason behind this concept is when all these files are
move one location to another. In this case, location 2 Administrator can also perform
backup process on all these files.

(4) Copy
     A copy is just that, a copy. A copy backup is generally used for archiving files. A
copy only backs up files specified, regardless of whether the archiving bit is set to 1 or
not, and it does not clear the archive bits. Copy backups may be made when a company is
required to keep data for an extended length of time.

(5) Daily
    A daily backup only backs up files that were created or modified on the day the
backup is run. A daily backup does not clear the archive bit.

Backup of System state data
Backup Active Directory
In Domain Environment, user management is handled with the help of Active Directory
users and computer. So Active Directory Database is most important for us. In which
users, groups and ou are created by the Administrator. In case of accidentally deleted any
kind of object or ou. We can recover it, if we have backup of Active Directory Database.
This is possible with the help of System state data. The backup of System state data is
similar as we perform Normal data backup. The key difference is that in Normal data
Backup, we will select Normal folder for backed up.
                But in case of System state data, we have to select System state data, we
have to select System state data container, which keeps Active directory database, sysvol
folder, booting files, certificate server (services) and registry setting etc.
                        But the restore process is difference from normal data restore
because Active Directory service is running and we can not restore System state data
(Active Directory database) when Active Directory is running.
                To restore the System state data on Domain controller, we have to restart
the computer then press F8 for advance options in which we have number of modes
           (i)      Safe mode
           (ii)     Safe mode with Networking
           (iii) Active directory restore mode ( Domain controller only)
           (iv)     Last good configuration
           (v)      Normal restart

Select Active Directory restore mode from the list and press enter. Now select operating
system from the list and again press enter. Now provide the user account information
(Administrative account. When your computer is idle in AD restore mode. Then again
access backup utility. Select restore the files. Now select System state data Backup from
the list. Click next to restore the database or System state data. It will show you warning

“All the previous settings will be implemented after this process”. It takes few minutes to
complete. Click close to close the dialog box. It will also say you to restart your computer
        Now open AD and you have all the users as on desire.

DNS SERVER (Domain Name System)
DNS Concept
DNS in Workgroup
DNS in Domain
DNS with A.D
DNS with IIS

DNS Concept
The DNS stands for Domain Name System. It works on 53 no. port. DNS is used to
resolve name to IP address of the host computer. DNS is also called Database which
stores host records. DNS is available in Windows Server 2000 and Windows Server 2003
operating system.
                      DNS is introduced in 2000 with Window Server 2000. Domain
Name is Hierarchal Structure. It can be use twice time in network.

Difference between NetBIOS Name and Domain Name

NetBIOS Name                                  Domain Name
(1) It is 15 characters long.                 (1) It is 255 bytes long.
(2) It must be unique in the Network.         (2) It will use more than one
                                                          time in the network.
(3)It has flat structure means no sub         (3) It is Hierarchal structure ,
    NetBIOS Names.                                  means roots, top level
                                                    Domains, second level
                                                    Domains and host
(4)The primary method to resolve               (4) The primary method to
    NetBIOS over TCP/IP is WINS                     resolve name to IP address

      Server in previous Win 2000.                 of the host computer is
                                                           DNS Server.


         Host         Second      Top   Root
         Computer     Level       Level
DNS Lookup Types: -
By default, DNS has two Lookup types
           (vi)  Forward Lookup
           (vii) Reverse Lookup

(i)       Forward Lookup
      The forward lookup is used to store zones, which are responsible for resolve name to
      IP address of the Host computer. Under forward lookup type, we can create or store
      Primary Zone, Secondary Zone, and Stub Zone.

(ii) Reverse Lookup
     Reverse lookup is used to resolve IP address to name of the Host computer. This is
     very rarely configure because mostly it is used for in troubleshooting purpose in the
     NS Lookup.

Zone Types: -
DNS has three types of zones
(i) Primary Zone
(ii) Secondary Zone
(iii) Stub Zone

(i) Primary Zone
     In DNS server, we have to create zones under forward lookup type to configure the
     DNS server. Zone is also called Database, which stores Host records of the computer
     (NetBIOS Name and IP address). Primary Zone has read and write access. We can
     update data directly in this zone. This zone is available on first DNS server in the
     network or we can say this Zone is available on Primary DNS server. It keeps original
     data. This zone is also responsible for store Host records and resolve name to IP

(ii) Secondary Zone
     This zone is also available under the forward lookup type. We can configure this kind
of zone on secondary DNS server. It has read only access. You can not update data

directly on this zone. It has copy of Primary zone. We can configure secondary DNS
server with Secondary zone for the purpose of fault tolerance.
For e.g:- we can configure secondary DNS server with secondary zone with Additional
Domain Controller. Zone and Data is replicated from Primary DNS server to secondary
DNS server by using zone transfer option process. It keeps copy of Primary original data
or Primary zone.

(iii) Stub Zone
      Stub zone does not provide any kind of service like Primary and Secondary zone. It
stores special kind of records like NS record (Name of Server) and SOA record (Start of
Records types:-
     (i)    A Record [Host Record]
     (ii)   Alias Record ( c Name )
     (iii)  MX Record [Exchange server, Mail server, @domain name (e-mails) ]
     (iv)   NS Record - Name of Server
     (v)    SOA Record - Start of Authority
     (vi)   SRV Record - Service Location Record

Installation of DNS Server
   (1) log on as a Administrator
   (2) go to control panel -> Add/Remove Programs -> Add/Remove Components ->
       Network Services -> then click on Detail button -> then check the check box of
   (3) Click ok.
   (4) Click next to install the DNS server.

   You can access DNS server from Administrator Tools.

DNS Suffix
   (1)   Registration (Dynamic)
   (2)   Query to DNS by client
   (3)   DNS respond back to requesting client
   (4)   Client communicate with other client

DNS Suffix is used to resolve Name to IP Address of the Host Computer. It is also used
to register Host Records of the client computers in DNS server dynamically.
        In real means DNS Suffix is the name of the Primary Zone configured in the
Primary DNS server.

Steps to assign DNS Suffix
   (1) Log on as Administrator.
   (2) Configure TCP/IP. IP Address, Subnet Mask and Preferred DNS IP Address.
   (3) Now right click on My Computer icon then Properties -> Computer Name Tab ->
        Change button -> More button.
   (4) In the Primary DNS Suffix text box. Type the name of the DNS Suffix.

   (5) Click ok and restart your computer.

To make member of DNS
On workgroup computer, Fill Suffix name of Domain and Restart PC or type command
on Command Prompt C:\>ipconfig/registerdns.

Dynamic Updates
Dynamic Updates are updates which are registered in DNS server dynamically. Here
Dynamic updates are Host records of the client computer (Name & IP Address). These
updates are registered in DNS server dynamically with the help of DNS Suffix.
        When your DNS server accepting Dynamic Updates then your DNS server is
called DDNS (Dynamic DNS).
        We can also set Dynamic Update acceptance behavior of the DNS server, in
which we have three options:-

(i) Secure only
    In this option only active directory clients can register their Host Record in DNS

(ii) Secure and Non-Secure only
     In this option active directory clients and workgroup clients, Both can able to register
     their Host record in DNS server.

(iii) Do not Allow
      In this option no one can register their Host record in DNS server.

       You can also change these options by zone properties.

DNS with Active Directory
DNS server plays a very important role in Domain Environment. We can also say Active
Directory is tightly integrated with DNS server or DNS is a backbone of Active
Directory. DNS work without Active Directory in workgroup environment. But Active
Directory can not work without DNS server.
        When we install Active Directory with DNS server then A.D registers its Domain
Name in DNS server, when we join clients in Domain Environment then we have to
provide IP Address of the DNS server to our client computers. First request goes to DNS
server. DNS server locates the Domain Controller and the request shifted to Active
Directory. So in this way client computers join Domain environment.
Protocol/Port No.
=> Protocol used in Active Directory is LDAP (Light Weight Directory Access Protocol)
and the Port no. is 389.

=>In Domain environment the authentication protocol is KERBROS and the Port no. is
            (also check clock synchronization)

DNS with WAN

Top level Domain

Root Server
We have 13 Root servers. This is available on the top of the Hierarchal Structure in
Domain Name System. Microsoft provides the name & IP Address of Root Servers in the
DNS server.
                When a DNS server receives a query from a client, First of all, it will try
to resolve the query. if it has no answer then DNS server go to Root server on the Internet
by using Root Hints (List of Name & IP Address of Root Servers).

Query Type
(1) Recursive Query
(2) Iterative Query
(3) Referral Query
(4) MX Query

(1) Recursive Query
    Client to DNS

(2) Iterative Query
    DNS performs query on behalf of its clients.

(3) Referral Query
    Appro: answer provided by Root and Com.

When client receives proper answer from DNS Server then one Recursive Query is
completed. The whole process which is performed on behalf of client is called Recursion.
By default, Recursion option is enabled in DNS server.

(4) MX Query
    Which Query solved about mail that is MX Query.

Types of DNS Server
(1) Primary DNS Server
(2) Secondary DNS Server
(3) Cache Only DNS Server

Primary DNS Server
This is a first DNS Server in the network. It contains original data. It has Primary Zone
under forward lookup.

Secondary DNS Server
This is a second DNS server in the network also act as a Backup Server. We can also say
Secondary DNS server is used to provide fault tolerance in the network. It has Secondary
Zone under the Forward Lookup Zone and Data is replicated from Primary to Secondary
DNS server by Zone transfer process. It has read only access. Secondary DNS server
queried to its master server for new updates after every 15 minutes.

Cache Only DNS server
This is the type of DNS server. It has no Zone. But it has Cache, Root Hints and one
another thing Forwarders.
                 There is no additional configuration required in Cache Only server. We
will just install DNS role in the computer. We can use it for two purposes:-

(1) Internet use

   Server side configuration
   In this process no additional configuration required. But Internet connectivity

   Client side configuration
   In PDNS IP Address, we will provide IP Address of Cache Only DNS server.

(2) Between two offices
   (Branch office and Head office)

  But in this case we have to configure Forwarders. In which we will provide Domain
Name and IP address of DNS server, Which is responsible for this Domain Name Zone.

Clear your cache and read the correct information from your DNS.

Web Server

IIS Concept
IIS stands for internet information services. IIS is used to provide web hosting service or
we can say it is used to provide web services. In web services HyperText Transfer
Protocol (HTTP) is used or some times for security reasons we can enable
HTTPS(HyperText Transfer Protocol Security) which provides security, integrity and
encryption to our data. In case of HTTP, it works on 80 number port and in case of
HTTPS, it works on 443 number port.
                        In window 2000, IIS is by default install which means 80 number
port is by default open, Which may arise some security issues. But in window server
2003, IIS is not installed by default; we can install it according to our requirement. Www,
which is called World Wide Web, is its sub component, which is automatically installed
when we install IIS.
                        IIS also play a very important role with Exchange server 2003
(Mail Server). Because Exchange Server uses some windows component like SMTP
(Simple Mail Transfer Protocol), WWW (World Wide Web), all these
components are required for the proper functionality for the Exchange Server.
                        Exchange Server 2003 is a Server Software. We can access it by
mail client software, in which outlook web access (owa) play a very important role.
Outlook web access support provided by IIS Server.

Installation of IIS
(1) Window server 2003 must be required.
(2) go to control panel -> add/remove programs -> add/remove windows components ->
then application services -> detail.
(3) Then check the check box of IIS.
(4) You can also check its sub components from its IIS details.
     (i) SMTP
     (ii) NNTP
(5) Click ok.
(6) And click next to install the IIS.

IIS Testing
We can test our web server by two methods:-
(1) By using IIS manager.
(2) By using internet explorer (web browser)

By using IIS manager
(i) Open IIS from Administrative Tools.
(ii) In the left pane, select web site container.
(iii) Expand it.
(iv) There is default web site in list. Right click on it then click browse.
(v) A default page will display in the detail page.

By using Internet Explorer on client

(i) Open iexplorer and type the IP address in address bar.

What is web page?
IIS supports many languages for e.g:- html, asp, (common gate interface) cgi scripts,
JavaScript, vbscript etc. a web page we can create with the help of html. Its extension is
.html or .htm.
A web page contains some formats like tables, hyperlinks, images, contents of matter and
bullets in the shape of images etc.

Configuring IIS
To configure the IIS, open IIS manager from Administrative Tools. In the left pane,
Double click on web site container then right click on it then new then web site.
A new web site wizard appears on your screen in which we have to provide the following
(1) Description Name of website.
(2) IP address of IIS, select it from list. Port no = 80, Host Header Value=
(3) Local path of your Home Directory c:\website\msn.
(4) Permissions.

Configuring first page of web site
Select your web site from list in IIS manager. Then right click on it-> Then properties->
Then click on add button. Now type the simply name of web page. Now place it in the
top of the list by clicking on moves up button. Click Apply, ok.

Web site
Web site is a collection of web pages. One web page contains the reference of second
web page according to the requirement of the topic. These references are stored in the
hyper reference links, which is also called hyperlinks. Hyperlink is a part pf anchor tag.

Virtual directory
IIS server support virtual directories. In real world, virtual directory is a folder which is
not available in to your Home Directory. By using virtual directory, we can display
contents and we can separate our html files from other web pages on the web site.
Create a sub folder in your home directory. Place a html file in the sub folder with the
same name as you provide first page of the web site. Open IIS manager. In the left pane,
Select your web site from the list, right click on it. Then new-> then virtual directory.
A virtual directory wizard appears on your screen. Type the alias name, which is related
to your topic. On the next, type the local path of your sub folder. Then click next to
A virtual directory is display in the list under your web site. It will display with gear type
icon. Right clicks on your web site, then click explore. Now your IIS manager displays
all the files in the detail pane. Now select your file. Right click on it then open with
notepad. Now create a hyperlink of virtual directory.
<a href=”news”>news</a>

Virtual web hosting
 We can run multiple web sites with multiple IP addresses means each web site has
unique IP address. But we can provide multiple web site service with single IP address by
using Host Header value. In other words, Host Header value is a fully qualified Domain
Name. To do this we have to register multiple Domain names over the internet and then
we have to add „A Record‟ (Host Record). In each domain, here Host Record means
public IP address of your web server.
                When any internet client wants to communicate or access our web site
then his query goes to DNS server over the internet. Now DNS server resolve name to IP
address of the Host computer. Here host computer is a web server. Now query shifted to
your web server. Your web server listen the request and port no. 80 and reads the host
header value then check its configuration if found then respond back to the requesting
                In case of multiple web site hosting services, other multiple domain name
have same IP address when your web server receives multiple request with same IP
address, same port no. 80 but with different host header value then your web server
differentiate the request by reading the host header value. So in this way we can provide
multiple web site service by using single IP address. This process is called virtual web
hosting and this is possible with the help of domain name server (DNS).

Assigning Host Header value to existing web site
Configure or create a zone in DNS server. Add host record or „A record‟ by right click on
your zone. Now open web server. Expand web site container in the left pane. Select your
site from the list. Then its properties. On general tab, click on advance button. In the
multiple identity section. Select the IP address from list. Then click on edit button. Now
type the host header value in the given dialog text box. Click apply, ok.

Configuring Alias record in DNS server
We can assign multiple identities to a single web site means we can assign or call any
particular web site with alias name with the help of DNS server.
To do this, first of all we have to create a zone in DNS server then we will add Alias
record by right click on your zone.
In the alias record dialog box, type the simple alias name of your web site. Then type the
original fully qualified domain name.


Web server side configuration of alias name
Open web server. Create a new web site with host header value or we can select existing
web site. Then its properties, on general tab click on advance button. In the multiple
identity section, Click on add button. In the given dialog box, select the same IP address
from list. Type same 80 no. port and type the alias host header value for web site. Click
ok and click apply.

Backup and Restore of IIS configuration
Open IIS manager from Administrator Tool. In the left pane, right click on local server.
Then all task -> then Backup & Restore.
A Backup & Restore dialog box appears on your screen. Type the name of Backup. Here
you can encrypt your Backup by using password. To do this select the check box of
encrypt with password. Now type the password and click ok.
To restore the last configuration or backup again, right click on server local. Then all
task, then Backup & Restore configuration. Now select your backup from the list and
click on restore button. It will ask you password type the password and again click ok.

Securing your HTML files in IIS
NTFS provide us file level security. So we can secure our html files by placing our home
directory on NTFS disk drive. By default everyone has right to access the web pages.
Every user is a member of users group. We remove the users group from the html file
access list (Access Control List-ACL) and we can add some of the users in the ACL list.
When a user accesses the web page that page demands authentication. If the user
information matches with ACL list then he can view the web page otherwise not.
Steps: -
Open IIS Manager.
Select any configure web site. Right click on it. Then explore it in the detail pane. It will
show all the html files.
Now select your first web page -> Properties -> click on security tab.
Then click on Advance button. A special permission dialog box appears on screen. Select
users group from the list.
Deselect the checkbox allow inheritance checkbox option.
Another dialog box appear on screen. Click copy button. Now click close.
 Now select your users group from the list on security tab and click remove.
Now click on add button and add the users whom you want grant permission to access
this web site.
Click ok. And Click apply ok.

We can secure our web site by enabling Authentication. By default anonymous access
authentication is enable, in which everyone has right access the web site.
        Authentication means every user who wants to access web site have to prove his
identity means he must deliver username and password, which is available in local
database in workgroup environment or in Active directory database.
There are three types of Authentication: -
(1) Anonymous Access
(2) Basic Authentication
(3) Integrated Window Authentication

Anonymous access
In this Authentication, only valid username is required. No need to provide your identity.
This type of authentication overwrites other authentication method. If we want to enable
another authentication method then we have to disable anonymous access authentication.

Basic authentication
This is a second type of authentication. In this type, a valid username & valid password is
required. This authentication is not a secure authentication because it sends the user
information in clear text or plain text, which creates some security issues. For example: -
in case of hub, any third person can capture the data by using third party software. So he
can analyses and read your user information.

Integrated windows authentication
This is a most secure method in authentication type. In this type, a valid username &
valid password is required. It sends user information in encrypted form by using HASH
algorithms (MD5-Message Digest 5, SHA1). In this type Kerberos protocol is used
means Active Directory must be required. For the proper functionality of this type
anonymous access must be disable.
        In case of mail server, we can enable this type of SMTP server to control the junk

 Steps to enable authentication
Open IIS Manager.
Select your configure web site -> properties -> click on directory security tab.
In the authentication section, click on edit button.
Deselect the option of anonymous access. By default Integrated windows authentication
checkbox is selected.
Now click apply, ok.

Restriction by using IP Address
We can allow or deny computers by using their IP Address and IP Subnet. This
restriction will also apply on our web site. In this process, we have to decide whether
computers are more.
         We will decide our deny list according to the no. of computers to be deny. We
will also deny according to the IP Subnet.

Steps to enable IP restriction
Open IIS Manager.
Select your configure web site -> Properties -> Directory Security Tab.
In the IP restriction section, click on edit button.
An IP Address restriction dialog box appears on screen. In which you have two options: -
(i) By default all computers will be granted access except the following.
(ii) By default all computers will be deny access except the following.

       FAT32                                                        NTFS
(1) Provide Sharing                                  (1) Provide Sharing
(2)      X                                           (2) File Level Security
(3)      X                                           (3) Fault Tolerance in Dynamic
                                                         Disk type (Raid Type).

(4)        X                              (4) Distribution File System.
(5)        X                              (5) Active directory supported
(6) Less speed of accessing files.        (6) More speed.
(7)        X                              (7) Disk quota.
(8) Partition supports 16GB to 32GB.      (8) Up to 2Tera Bytes.
(9) No capability to handle bad sector.   (9) It has capability to handle
                                              bad sector.
(10) There is need to run Scan Disk on    (10) No need.
     Regular basis.


To top