How To Configure ISA Proxy/Auth Setting For Yum

I was running CentOS in my LAN for my personal use and there are MS ISA servers for proxying and each user has to use his/her user name & password for Internet. So when I used my credentials in my web browser I had no problem but when I was going to do yum no success. After some googling I found this solution.

What is’NTLM Authorization Proxy Server’?

‘NTLM Authorization Proxy Server’ (APS) is a proxy software that allows you to authenticate via an MS Proxy Server using the proprietary NTLM protocol. Since version 0.9.5 APS has an ability to behave as a standalone proxy server and authenticate http clients at web servers using NTLM method. It can change arbitrary values in your client’s request header so that those requests will look like they were created by MS IE. It is written in www.python.org/” target=”_blank”>Python.

Main features:

• supports NTLM authentication via parent proxy server (Error 407 Proxy Authentication Required);
• supports NTLM authentication at web servers (Error 401 Access Denied/Unauthorized);
• supports translation of NTLM scheme to standard “Basic” authentication scheme;
• supports the HTTPS ‘CONNECT’ method for transparent tunnelling through parent proxy server;
• has ability to change arbitrary values in client’s request headers;
• supports unlimited number of client connections;
• supports connections from external hosts;
• supports HTTP 1.1 persistent connections;
• stores user’s credentials in config file or requests password from a console during the start time;
• supports intelligent failure detection and failover between multiple upstream proxies;

Download the ntlm rpm via your browser; because in my case Internet is working in firefox but not for yum you can also download on other pc and after that scp is the option for you.

ftp://ftp.pbone.net/mirror/ftp.sourceforge.net/pub/sourceforge/n/project/nt/ntlmaps/OldFiles/ntlmaps-0.9.9.6-1.i386.rpm

Just do copy&paste in your browser.

Open a terminal:

rpm -Uvh ntlmaps-0.9.9.6-1.i386.rpm

After that just edit server.cfg; you can find all related files by typing:

rpm -ql ntlmaps

In my case:

vi /etc/ntlmaps/server.cfg

and change the following parameters as per your requirements:
PARENT_PROXY:That_will_b_your_MS-Prosy_IP
PARENT_PROXY_PORT:That_will_b_your_MS-Proxy_Server_Port
NT_DOMAIN: That_will_b_Your_windows_Domain_name
USER:That_will_b_your_proxy-user
PASSWORD: That_will_b_your_Proxy-user_Password
Save & exit.

Now run ntlmaps deamon:

/opt/ntlmaps/main.py

You will see the following output:

NTLM authorization Proxy Server v0.9.9.6
Copyright (C) 2001-2005 by Dmitry Rozmanov, Darryl Dixon, and others.
Now listening at Testbed.abc.com on port 5865

If you see this – congratulations, you are done – otherwise troubleshoot it.

Now you have to export the proxy for yum:

http_proxy= http://127.0.0.1:5865

export http_proxy

Done!

add NTFS partitons to your Centos or RHEL

In this tutorial we will show you how to add NTFS partitions to your centos or RHEL

Install the rpmforge-release package as directed here and try the yum command again

The commands to type in order:

rpm -Uvh  http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install fuse fuse-ntfs-3g dkms dkms-fuse

Here is am example /etc/fstab entry for both you and madi_beni that should work at boot time;

 [root@localhost pirat9]# /sbin/fdisk  -l

Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 1 6375 51207156 7 HPFS/NTFS
/dev/sda2 6376 19124 102406342+ 7 HPFS/NTFS
/dev/sda3 * 19125 19137 104422+ 83 Linux
/dev/sda4 19138 24321 41640480 5 Extended
/dev/sda5 19138 24321 41640448+ 8e Linux LVM
[root@localhost pirat9]# mkdir -p /mnt/windows_c

[root@localhost pirat9]# mkdir -p /mnt/windows_D

[root@localhost pirat9]# mount -t ntfs-3g /dev/sda1 /mnt/windows_c

[root@localhost pirat9]# mount -t ntfs-3g /dev/sda2 /mnt/windows_D

[root@localhost pirat9]# ls /mnt/windows_D
Acer-D Drivers Music RECYCLER Solaris System Volume Information
cod4- Maroua omnibot Softwars SOL-pack torrent

its working .

now you have to add these lines to /etc/fstab to make this mount permanently

/dev/sda1 /mnt/windows_c ntfs-3g auto,users,uid=0,gid=500,umask=000,rw 0 0

/dev/sda2 /mnt/windows_D ntfs-3g auto,users,uid=0,gid=500,umask=000,rw 0 0

please for any other question contact us in the forum of unixmen.net

Linux > Command line BitTorrent client

BitTorrent is the name of a peer-to-peer (P2P) file distribution protocol, and of a free software implementation of that protocol.

The BitTorrent client is a computer program developed by BitTorrent, Inc. used to download and upload files via the BitTorrent protocol. You can download python based command line BitTorrent client download for Linux/BSD/Mac OS X/UNIX link oses. This is quite useful, if you would like to download file remotely over SSH session. bittorrent.com offers bittorrent client in .deb (Debian Linux) or rpm (RedHat/Fedora Core/CentOS Linux) file formats.

To use the bittorrent in command line one you need to use command bittorrent-console or bittorrent-curses (see below for examples).
Step # 1: Find Python version

Make sure you download file according to your python version. Type following command to find out python version:
$ python -V
Output:

Python 2.4.2

Step # 2: Download bittorrent client

Use wget to download bittorrent client
Download bittorrent client for Debian Linux:

$ wget http://download.bittorrent.com/dl/bittorrent_5.0.3_python2.4.deb
Download bittorrent clientFor Red Hat / Fedora Core / Cent OS Linux

$ wget http://download.bittorrent.com/dl/BitTorrent-5.0.3-1-Python2.4.noarch.rpm
Step # 3: Linux Install BitTorrent client

First login as a root user (use su or sudo command). If you are using Debian Linux, use dpkg command install bittorrent client
# dpkg -i bittorrent_5.0.3_python2.4.deb
If you are using Red Hat / Fedora Core /Cent OS Linux, use rpm command install bittorrent client:
# rpm -ivh BitTorrent-5.0.3-1-Python2.4.noarch.rpm
Step # 4: Start using or downloading files

Use bittorrent client as follows:
$ /usr/bin/bittorrent-curses ‘http://www.some.org/DesktopBSD.iso.torrent’
OR
$ bittorrent-curses ‘http://www.some.org/DesktopBSD.iso.torrent’
OR
$ /usr/bin/bittorrent-curses ‘/path/to/file.torrent’
You can try out pure console based client bittorrent-console instead of curses based client:
$ bittorrent-console ‘/path/to/file.torrent’
$ /usr/bin/bittorrent-console ‘http://www.some.org/DesktopBSD.iso.torrent’
Tips about using and Troubleshooting BitTorrent client

(A) If you get [Errno 2] No such file or directory, you need to use wget or lynx command to download .torrent file to local hard drive first. For example
$ bittorrent-curses ‘http://www.mininova.org/get/some_file[222].torrent’
First download download .torrent file using any one of the following method:
$ lynx ‘http://www.mininova.org/get/some_file[222].torrent’
When prompted save .torrent file to a hard-disk. Another option is use wget to download .torrent file:
$ wget ‘http://www.mininova.org/get/some_file[222].torrent’
Now start the downloading as follows:
$ bittorrent-curses ‘some_file[222].torrent’

(B) If you get error ‘This seems to be an old Python version which does not support detecting the filesystem encoding. Assuming ‘ascii’, then upgrade your python version to 2.4.xx:

Debian user upgrade python version using apt-get command:
# apt-get update
# apt-get install python2.4

Red Hat Linux user try out:
# up2date python2.4
Fedora Linux user try out:
# yum install python2.4

Remember if you have both versions (python v2.3 and v2.4) installed, you need to run bittorent client as follows:
$ python2.4 /usr/bin/bittorrent-curses ‘/path/to/file.torrent’
Command line BitTorrent client should work with other UNIX like operating systems such as FreeBSD/OpenBSD/Solaris etc (as long as you have Python it should work).

The current client enables a range of features including multiple parallel downloads. It also intermediates peering between itself, source file servers (read as trackers) and other clients, thereby yielding great distribution efficiencies. The client also enables users to create and share torrent files. See help files for more information.
See also:

* Linux Iptables rules to open Bittorrent tcp ports 6881 to 6889

Install ntop for Centos|fedora|RHEL

Ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does.but the positive side is that you can use a web browser to manage and navigate through ntop traffic information to better understand network status. Ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform.

1- Install the required dependencies to install Ntop:

yum install   gcc gcc-c++ make libpcap libpcap-devel gdbm-devel libgd-devel libpng-devel libtool 
libtool-libs rrdtool  rrdtool-devel

2- Now download and extract the latest version of ntop tool

wget http://superb-west.dl.sourceforge.net/sourceforge/ntop/ntop-3.3.9.tar.gz 

Extract

tar -xvf ntop-3.3.9.tar.gz 

then go to the extracted folder

 cd ntop-3.3.9

3- Now run the installation of Ntop :

./autogen.sh

4- Now use make

make

5-install

make install

6-create ntop user :

# useradd -M -s /sbin/nologin -r ntop

7-setup permioon for the ntop directories :

# chown ntop:root /usr/local/var/ntop/

 # chown ntop:ntop /usr/local/share/ntop/

8- setup ntop Admojn password

#ntop -A

9-start the ntop deamon :

# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check   --use-syslog=daemon

10- now open your browser with port 3000

http://localhost:3000/ or  http://ip:3000

Install webmin on Redhat, Fedora, CentOS

ebmin is a web-based interface for system administration for Unix/. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotelyyou can also create backups for the system and restore.

Webmin is very usefull also for people that they run their own home server, and are not very good using the command line, webmin will help you administer your server with a graphic interface.

To install webmin on redhat,fedora, and CentOS :

First check for some dependencies if are installed

yum install perl-Net-SSLeay 

Now download latest version of webmin 1.480 :

wget http://prdownloads.sourceforge.net/webadmin/webmin-1.480-1.noarch.rpm

Now install :

rpm -i webmin-1.480-1.noarch.rpm

Now to run webmin localy type :

https://localhost:10000

To login to another system remotely :

https://server-adress:10000

Note that many operating systems block by default port 10000, so if you can not login to webmin in your remote server ,follow step bellow to resolve it :

Login to your server via ssh ,and manually edit the firewall configuration file. On Redhat and derived systems, this is /etc/sysconfig/iptables

and add this line :

-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT

It should be added in the file just after similar lines which grant access to ports 80, 22 and so on.

Now restart your iptables.

/etc/init.d/iptables restart

Links :

• http://www.webmin.com

15 Examples To Master Linux Command Line History

When you are using Linux command line frequently, using the history effectively can be a major productivity boost. In fact, once you have mastered the 15 examples that I’ve provided here, you’ll find using command line more enjoyable and fun.

1. Display timestamp using HISTTIMEFORMAT

Typically when you type history from command line, it displays the command# and the command. For auditing purpose, it may be beneficial to display the timepstamp along with the command as shown below.

# export HISTTIMEFORMAT='%F %T '
# history | more
1  2008-08-05 19:02:39 service network restart
2  2008-08-05 19:02:39 exit
3  2008-08-05 19:02:39 id
4  2008-08-05 19:02:39 cat /etc/redhat-release

2. Search the history using Control+R

I strongly believe, this may be your most frequently used feature of history. When you’ve already executed a very long command, you can simply search history using a keyword and re-execute the same command without having to type it fully. Press Control+R and type the keyword. In the following example, I searched for red, which displayed the previous command “cat /etc/redhat-release” in the history that contained the word red.

# [Press Ctrl+R from the command prompt,
which will display the reverse-i-search prompt]
(reverse-i-search)`red': cat /etc/redhat-release
[Note: Press enter when you see your command,
which will execute the command from the history]
# cat /etc/redhat-release
Fedora release 9 (Sulphur)

Sometimes you want to edit a command from history before executing it. For e.g. you can search for httpd, which will display service httpd stop from the command history, select this command and change the stop to start and re-execute it again as shown below.

# [Press Ctrl+R from the command prompt,
which will display the reverse-i-search prompt]
(reverse-i-search)`httpd': service httpd stop
[Note: Press either left arrow or right arrow key when you see your
command, which will display the command for you to edit, before executing it]
# service httpd start

3. Repeat previous command quickly using 4 different methods

Sometime you may end up repeating the previous commands for various reasons. Following are the 4 different ways to repeat the last executed command.

1. Use the up arrow to view the previous command and press enter to execute it.
2. Type !! and press enter from the command line
3. Type !-1 and press enter from the command line.
4. Press Control+P will display the previous command, press enter to execute it

4. Execute a specific command from history

In the following example, If you want to repeat the command #4, you can do !4 as shown below.

# history | more
1  service network restart
2  exit
3  id
4  cat /etc/redhat-release

# !4
cat /etc/redhat-release

# !ps
ps aux | grep yp
root     16947  0.0  0.1  36516  1264 ?        Sl   13:10   0:00 ypbind


root     17503  0.0  0.0   4124   740 pts/0    S+   19:19   0:00 grep yp

6. Control the total number of lines in the history using HISTSIZE

Append the following two lines to the .bash_profile and relogin to the bash shell again to see the change. In this example, only 450 command will be stored in the bash history.

# vi ~/.bash_profile HISTSIZE=450 HISTFILESIZE=450

7. Change the history file name using HISTFILE

By default, history is stored in ~/.bash_history file. Add the following line to the .bash_profile and relogin to the bash shell, to store the history command in .commandline_warrior file instead of .bash_history file. I’m yet to figure out a practical use for this. I can see this getting used when you want to track commands executed from different terminals using different history file name.

# vi ~/.bash_profile HISTFILE=/root/.commandline_warrior

If you have a good reason to change the name of the history file, please share it with me, as I’m interested in finding out how you are using this feature.

8. Eliminate the continuous repeated entry from history using HISTCONTROL

In the following example pwd was typed three times, when you do history, you can see all the 3 continuous occurrences of it. To eliminate duplicates, set HISTCONTROL to ignoredups as shown below.

# pwd # pwd # pwd # history | tail -4 44 pwd 45 pwd 46 pwd [Note that there are three pwd commands in history, after executing pwd 3 times as shown above] 47 history | tail -4 # export HISTCONTROL=ignoredups # pwd # pwd # pwd # history | tail -3 56 export HISTCONTROL=ignoredups 57 pwd [Note that there is only one pwd command in the history, even after executing pwd 3 times as shown above] 58 history | tail -4

9. Erase duplicates across the whole history using HISTCONTROL

The ignoredups shown above removes duplicates only if they are consecutive commands. To eliminate duplicates across the whole history, set the HISTCONTROL to erasedups as shown below.

# export HISTCONTROL=erasedups # pwd # service httpd stop # history | tail -3 38 pwd 39 service httpd stop 40 history | tail -3 # ls -ltr # service httpd stop # history | tail -6 35 export HISTCONTROL=erasedups 36 pwd 37 history | tail -3 38 ls -ltr 39 service httpd stop [Note that the previous service httpd stop after pwd got erased] 40 history | tail -6

10. Force history not to remember a particular command using HISTCONTROL

When you execute a command, you can instruct history to ignore the command by setting HISTCONTROL to ignorespace AND typing a space in front of the command as shown below. I can see lot of junior sysadmins getting excited about this, as they can hide a command from the history. It is good to understand how ignorespace works. But, as a best practice, don’t hide purposefully anything from history.

# export HISTCONTROL=ignorespace # ls -ltr # pwd # service httpd stop [Note that there is a space at the beginning of service, to ignore this command from history] # history | tail -3 67 ls -ltr 68 pwd 69 history | tail -3

11. Clear all the previous history using option -c

Sometime you may want to clear all the previous history, but want to keep the history moving forward.

# history -c

12. Subtitute words from history commands

When you are searching through history, you may want to execute a different command but use the same parameter from the command that you’ve just searched.

In the example below, the !!:$ next to the vi command gets the argument from the previous command to the current command.

# ls anaconda-ks.cfg anaconda-ks.cfg # vi !!:$ vi anaconda-ks.cfg

In the example below, the !^ next to the vi command gets the first argument from the previous command (i.e cp command) to the current command (i.e vi command).

# cp anaconda-ks.cfg anaconda-ks.cfg.bak anaconda-ks.cfg # vi !^ vi anaconda-ks.cfg

13. Substitute a specific argument for a specific command.

In the example below, !cp:2 searches for the previous command in history that starts with cp and takes the second argument of cp and substitutes it for the ls -l command as shown below.

# cp ~/longname.txt /really/a/very/long/path/long-filename.txt # ls -l !cp:2 ls -l /really/a/very/long/path/long-filename.txt

In the example below, !cp:$ searches for the previous command in history that starts with cp and takes the last argument (in this case, which is also the second argument as shown above) of cp and substitutes it for the ls -l command as shown below.

# ls -l !cp:$ ls -l /really/a/very/long/path/long-filename.txt

14. Disable the usage of history using HISTSIZE

If you want to disable history all together and don’t want bash shell to remember the commands you’ve typed, set the HISTSIZE to 0 as shown below.

# export HISTSIZE=0 # history # [Note that history did not display anything]

15. Ignore specific commands from the history using HISTIGNORE

Sometimes you may not want to clutter your history with basic commands such as pwd and ls. Use HISTIGNORE to specify all the commands that you want to ignore from the history. Please note that adding ls to the HISTIGNORE ignores only ls and not ls -l. So, you have to provide the exact command that you would like to ignore from the history.

# export HISTIGNORE="pwd:ls:ls -ltr:" # pwd # ls # ls -ltr # service httpd stop # history | tail -3 79 export HISTIGNORE="pwd:ls:ls -ltr:" 80 service httpd stop 81 history [Note that history did not record pwd, ls and ls -ltr]

Fedora release 9 (Sulphur)

5. Execute previous command that starts with a specific word

Type ! followed by the starting few letters of the command that you would like to re-execute. In the following example, typing !ps and enter, executed the previous command starting with ps, which is ‘ps aux | grep yp’.

Get a Grip on the Grep! – 15 Practical Grep Command Examples

This is part of the on-going 15 Examples series, where 15 detailed examples will be provided for a specific command or functionality. Earlier we discussed 15 practical examples for Linux find command, Linux command line history and mysql admin commands.

In this article let us review 15 practical examples of Linux grep command that will be very useful to both newbies and experts.

First create the following demo_file that will be used in the examples below to demonstrate grep command.

$ cat demo_file
THIS LINE IS THE 1ST UPPER CASE LINE IN THIS FILE.
this line is the 1st lower case line in this file.
This Line Has All Its First Character Of The Word With Upper Case.

Two lines above this line is empty.
And this is the last line.

1. Search for the given string in a single file

The basic usage of grep command is to search for a specific string in the specified file as shown below.

Syntax:
grep "literal_string" filename

$ grep "this" demo_file
this line is the 1st lower case line in this file.
Two lines above this line is empty.

2. Checking for the given string in multiple files.

Syntax:
grep "string" FILE_PATTERN

This is also a basic usage of grep command. For this example, let us copy the demo_file to demo_file1. The grep output will also include the file name in front of the line that matched the specific pattern as shown below. When the Linux shell sees the meta character, it does the expansion and gives all the files as input to grep.

$ cp demo_file demo_file1

$ grep "this" demo_*
demo_file:this line is the 1st lower case line in this file.
demo_file:Two lines above this line is empty.
demo_file:And this is the last line.
demo_file1:this line is the 1st lower case line in this file.
demo_file1:Two lines above this line is empty.
demo_file1:And this is the last line.

3. Case insensitive search using grep -i

Syntax:
grep -i "string" FILE

This is also a basic usage of the grep. This searches for the given string/pattern case insensitively. So it matches all the words such as “the”, “THE” and “The” case insensitively as shown below.

$ grep -i "the" demo_file
THIS LINE IS THE 1ST UPPER CASE LINE IN THIS FILE.
this line is the 1st lower case line in this file.
This Line Has All Its First Character Of The Word With Upper Case.
And this is the last line.

4. Match regular expression in files

Syntax:

grep "REGEX" filename

This is a very powerful feature, if you can use use regular expression effectively. In the following example, it searches for all the pattern that starts with “lines” and ends with “empty” with anything in-between. i.e To search “lines[anything in-between]empty” in the demo_file.

$ grep "lines.*empty" demo_file
Two lines above this line is empty.

From documentation of grep: A regular expression may be followed by one of several repetition operators:

• ? The preceding item is optional and matched at most once.
• * The preceding item will be matched zero or more times.
• + The preceding item will be matched one or more times.
• {n} The preceding item is matched exactly n times.
• {n,} The preceding item is matched n or more times.
• {,m} The preceding item is matched at most m times.
• {n,m} The preceding item is matched at least n times, but not more than m times.

5. Checking for full words, not for sub-strings using grep -w

If you want to search for a word, and to avoid it to match the substrings use -w option. Just doing out a normal search will show out all the lines.

The following example is the regular grep where it is searching for “is”. When you search for “is”, without any option it will show out “is”, “his”, “this” and everything which has the substring “is”.

$ grep -i "is" demo_file
THIS LINE IS THE 1ST UPPER CASE LINE IN THIS FILE.
this line is the 1st lower case line in this file.
This Line Has All Its First Character Of The Word With Upper Case.
Two lines above this line is empty.
And this is the last line.

The following example is the WORD grep where it is searching only for the word “is”. Please note that this output does not contain the line “This Line Has All Its First Character Of The Word With Upper Case”, even though “is” is there in the “This”, as the following is looking only for the word “is” and not for “this”.

$ grep -iw "is" demo_file
THIS LINE IS THE 1ST UPPER CASE LINE IN THIS FILE.
this line is the 1st lower case line in this file.
Two lines above this line is empty.
And this is the last line.

6. Displaying lines before/after/around the match using grep -A, -B and -C

When doing a grep on a huge file, it may be useful to see some lines after the match. You might feel handy if grep can show you not only the matching lines but also the lines after/before/around the match.

Please create the following demo_text file for this example.

$ cat demo_text
4. Vim Word Navigation

You may want to do several navigation in relation to the words, such as:

* e - go to the end of the current word.
* E - go to the end of the current WORD.
* b - go to the previous (before) word.
* B - go to the previous (before) WORD.
* w - go to the next word.
* W - go to the next WORD.

WORD - WORD consists of a sequence of non-blank characters, separated with white space.
word - word consists of a sequence of letters, digits and underscores.

Example to show the difference between WORD and word

* 192.168.1.1 - single WORD
* 192.168.1.1 - seven words.

6.1 Display N lines after match

-A is the option which prints the specified N lines after the match as shown below.

Syntax:
grep -A  "string" FILENAME

The following example prints the matched line, along with the 3 lines after it.

$ grep -A 3 -i "example" demo_text
Example to show the difference between WORD and word

* 192.168.1.1 - single WORD
* 192.168.1.1 - seven words.

6.2 Display N lines before match

-B is the option which prints the specified N lines before the match.

Syntax:
grep -B  "string" FILENAME

When you had option to show the N lines after match, you have the -B option for the opposite.

$ grep -B 2 "single WORD" demo_text
Example to show the difference between WORD and word

* 192.168.1.1 - single WORD

6.3 Display N lines around match

-C is the option which prints the specified N lines before the match. In some occasion you might want the match to be appeared with the lines from both the side. This options shows N lines in both the side(before & after) of match.

$ grep -C 2 "Example" demo_text
word - word consists of a sequence of letters, digits and underscores.

Example to show the difference between WORD and word

* 192.168.1.1 - single WORD

7. Highlighting the search using GREP_OPTIONS

As grep prints out lines from the file by the pattern / string you had given, if you wanted it to highlight which part matches the line, then you need to follow the following way.

When you do the following export you will get the highlighting of the matched searches. In the following example, it will highlight all the this when you set the GREP_OPTIONS environment variable as shown below.

$ export GREP_OPTIONS='--color=auto' GREP_COLOR='100;8'

$ grep this demo_file
this line is the 1st lower case line in this file.
Two lines above this line is empty.
And this is the last line.

8. Searching in all files recursively using grep -r

When you want to search in all the files under the current directory and its sub directory. -r option is the one which you need to use. The following example will look for the string “ramesh” in all the files in the current directory and all it’s subdirectory.

$ grep -r "ramesh" *

9. Invert match using grep -v

You had different options to show the lines matched, to show the lines before match, and to show the lines after match, and to highlight match. So definitely You’d also want the option -v to do invert match.

When you want to display the lines which does not matches the given string/pattern, use the option -v as shown below. This example will display all the lines that did not match the word “go”.

$ grep -v "go" demo_text
4. Vim Word Navigation

You may want to do several navigation in relation to the words, such as:

WORD - WORD consists of a sequence of non-blank characters, separated with white space.
word - word consists of a sequence of letters, digits and underscores.

Example to show the difference between WORD and word

* 192.168.1.1 - single WORD
* 192.168.1.1 - seven words.

10. display the lines which does not matches all the given pattern.

Syntax:
grep -v -e "pattern" -e "pattern"

$ cat test-file.txt
a
b
c
d

$ grep -v -e "a" -e "b" -e "c" test-file.txt
d

11. Counting the number of matches using grep -c

When you want to count that how many lines matches the given pattern/string, then use the option -c.

Syntax:
grep -c "pattern" filename

$ grep -c "go" demo_text
6

When you want do find out how many lines matches the pattern

$ grep -c this demo_file
3

When you want do find out how many lines that does not match the pattern

$ grep -v -c this demo_file
4

12. Display only the file names which matches the given pattern using grep -l

If you want the grep to show out only the file names which matched the given pattern, use the -l (lower-case L) option.

When you give multiple files to the grep as input, it displays the names of file which contains the text that matches the pattern, will be very handy when you try to find some notes in your whole directory structure.

$ grep -l this demo_*
demo_file
demo_file1

13. Show only the matched string

By default grep will show the line which matches the given pattern/string, but if you want the grep to show out only the matched string of the pattern then use the -o option.

It might not be that much useful when you give the string straight forward. But it becomes very useful when you give a regex pattern and trying to see what it matches as

$ grep -o "is.*line" demo_file
is line is the 1st lower case line
is line
is is the last line

14. Show the position of match in the line

When you want grep to show the position where it matches the pattern in the file, use the following options as

Syntax:
grep -o -b "pattern" file

$ cat temp-file.txt
12345
12345

$ grep -o -b "3" temp-file.txt
2:3
8:3

Note: The output of the grep command above is not the position in the line, it is byte offset of the whole file.

15. Show line number while displaying the output using grep -n

To show the line number of file with the line matched. It does 1-based line numbering for each file. Use -n option to utilize this feature.

$ grep -n "go" demo_text
5: * e - go to the end of the current word.
6: * E - go to the end of the current WORD.
7: * b - go to the previous (before) word.
8: * B - go to the previous (before) WORD.
9: * w - go to the next word.

10: * W - go to the next WORD.

The Ultimate Tar Command Tutorial with 10 Practical Examples

On Unix platform, tar command is the primary archiving utility. Understanding various tar command options will help you master the archive file manipulation.

In this article, let us review various tar examples including how to create tar archives (with gzip and bzip compression), extract a single file or directory, view tar archive contents, validate the integrity of tar archives, finding out the difference between tar archive and file system, estimate the size of the tar archives before creating it etc.,

1. tar command examples

Create a new tar archive.

$ tar cvf archive_name.tar dirname/

Extract from an existing tar archive.

$ tar xvf archive_name.tar

View an existing tar archive.

$ tar tvf archive_name.tar

. Creating an archive using tar command

Creating an uncompressed tar archive using option cvf

This is the basic command to create a tar archive.

$ tar cvf archive_name.tar dirname/

In the above command:

• c – create a new archive
• v – verbosely list files which are processed.
• f – following is the archive file name

Creating a tar gzipped archive using option cvzf

The above tar cvf option, does not provide any compression. To use a gzip compression on the tar archive, use the z option as shown below.

$ tar cvzf archive_name.tar.gz dirname/

• z – filter the archive through gzip

Note: .tgz is same as .tar.gz

Note: I like to keep the ‘cvf’ (or tvf, or xvf) option unchanged for all archive creation (or view, or extract) and add additional option at the end, which is easier to remember. i.e cvf for archive creation, cvfz for compressed gzip archive creation, cvfj for compressed bzip2 archive creation etc., For this method to work properly, don’t give – in front of the options.

Creating a bzipped tar archive using option cvjf

Create a bzip2 tar archive as shown below:

$ tar cvfj archive_name.tar.bz2 dirname/

• j – filter the archive through bzip2

gzip vs bzip2: bzip2 takes more time to compress and decompress than gzip. bzip2 archival size is less than gzip.

Note: .tbz and .tb2 is same as .tar.bz2

2. Extracting (untar) an archive using tar command

Extract a *.tar file using option xvf

Extract a tar file using option x as shown below:

$ tar xvf archive_name.tar

• x – extract files from archive

Extract a gzipped tar archive ( *.tar.gz ) using option xvzf

Use the option z for uncompressing a gzip tar archive.

$ tar xvfz archive_name.tar.gz

Extracting a bzipped tar archive ( *.tar.bz2 ) using option xvjf

Use the option j for uncompressing a bzip2 tar archive.

$ tar xvfj archive_name.tar.bz2

Note: In all the above commands v is optional, which lists the file being processed.

3. Listing an archive using tar command

View the tar archive file content without extracting using option tvf

You can view the *.tar file content before extracting as shown below.

$ tar tvf archive_name.tar

View the *.tar.gz file content without extracting using option tvzf

You can view the *.tar.gz file content before extracting as shown below.

$ tar tvfz archive_name.tar.gz

View the *.tar.bz2 file content without extracting using option tvjf

You can view the *.tar.bz2 file content before extracting as shown below.

$ tar tvfj archive_name.tar.bz2

4. Listing out the tar file content with less command

When the number of files in an archive is more, you may pipe the output of tar to less. But, you can also use less command directly to view the tar archive output, as explained

5. Extract a single file from tar, tar.gz, tar.bz2 file

To extract a specific file from a tar archive, specify the file name at the end of the tar xvf command as shown below. The following command extracts only a specific file from a large tar file.

$ tar xvf archive_file.tar /path/to/file

Use the relevant option z or j according to the compression method gzip or bzip2 respectively as shown below.

$ tar xvfz archive_file.tar.gz /path/to/file

$ tar xvfj archive_file.tar.bz2 /path/to/file

6. Extract a single directory from tar, tar.gz, tar.bz2 file

To extract a single directory (along with it’s subdirectory and files) from a tar archive, specify the directory name at the end of the tar xvf command as shown below. The following extracts only a specific directory from a large tar file.

$ tar xvf archive_file.tar /path/to/dir/

To extract multiple directories from a tar archive, specify those individual directory names at the end of the tar xvf command as shown below.

$ tar xvf archive_file.tar /path/to/dir1/ /path/to/dir2/

Use the relevant option z or j according to the compression method gzip or bzip2 respectively as shown below.

$ tar xvfz archive_file.tar.gz /path/to/dir/

$ tar xvfj archive_file.tar.bz2 /path/to/dir/

7. Extract group of files from tar, tar.gz, tar.bz2 archives using regular expression

You can specify a regex, to extract files matching a specified pattern. For example, following tar command extracts all the files with pl extension.

$ tar xvf archive_file.tar --wildcards '*.pl'

Options explanation:

• –wildcards *.pl – files with pl extension

8. Adding a file or directory to an existing archive using option -r

You can add additional files to an existing tar archive as shown below. For example, to append a file to *.tar file do the following:

$ tar rvf archive_name.tar newfile

This newfile will be added to the existing archive_name.tar. Adding a directory to the tar is also similar,

$ tar rvf archive_name.tar newdir/

Note: You cannot add file or directory to a compressed archive. If you try to do so, you will get “tar: Cannot update compressed archives” error as shown below.

$ tar rvfz archive_name.tgz newfile
tar: Cannot update compressed archives
Try `tar --help' or `tar --usage' for more information.

9. Verify files available in tar using option -W

As part of creating a tar file, you can verify the archive file that got created using the option W as shown below.

$ tar cvfW file_name.tar dir/

If you are planning to remove a directory/file from an archive file or from the file system, you might want to verify the archive file before doing it as shown below.

$ tar tvfW file_name.tar
Verify 1/file1
1/file1: Mod time differs
1/file1: Size differs
Verify 1/file2
Verify 1/file3

If an output line starts with Verify, and there is no differs line then the file/directory is Ok. If not, you should investigate the issue.

Note: for a compressed archive file ( *.tar.gz, *.tar.bz2 ) you cannot do the verification.

Finding the difference between an archive and file system can be done even for a compressed archive. It also shows the same output as above excluding the lines with Verify.

Finding the difference between gzip archive file and file system

$ tar dfz file_name.tgz

Finding the difference between bzip2 archive file and file system

$ tar dfj file_name.tar.bz2

10. Estimate the tar archive size

The following command, estimates the tar file size ( in KB ) before you create the tar file.

$ tar -cf - /directory/to/archive/ | wc -c
20480

The following command, estimates the compressed tar file size ( in KB ) before you create the tar.gz, tar.bz2 files.

$ tar -czf - /directory/to/archive/ | wc -c
508

$ tar -cjf - /directory/to/archive/ | wc -c
428

2. grep command examples

Search for a given string in a file (case in-sensitive search).

$ grep -i "the" demo_file

Print the matched line, along with the 3 lines after it.

$ grep -A 3 -i "example" demo_text

Search for a given string in all files recursively

$ grep -r "ramesh" *

Unix LS Command: 15 Practical Examples

ls – Unix users and sysadmins cannot live without this two letter command. Whether you use it 10 times a day or 100 times a day, knowing the power of ls command can make your command line journey enjoyable.

In this article, let us review 15 practical examples of the mighty ls command.

1. Open Last Edited File Using ls -t

To open the last edited file in the current directory use the combination of ls, head and vi commands as shown below.

ls -t sorts the file by modification time, showing the last edited file first. head -1 picks up this first file.

$ vi first-long-file.txt
$ vi second-long-file.txt

$ vi `ls -t | head -1`
[Note: This will open the last file you edited (i.e second-long-file.txt)]

2. Display One File Per Line Using ls -1

To show single entry per line, use -1 option as shown below.

$ ls -1
bin
boot
cdrom
dev
etc
home
initrd
initrd.img
lib

3. Display All Information About Files/Directories Using ls -l

To show long listing information about the file/directory.

$ ls -l
-rw-r----- 1 ramesh team-dev 9275204 Jun 13 15:27 mthesaur.txt.gz

• 1st Character – File Type: First character specifies the type of the file.
  In the example above the hyphen (-) in the 1st character indicates that this is a normal file. Following are the possible file type options in the 1st character of the ls -l output.
  • Field Explanation
  • - normal file
  • d directory
  • s socket file
  • l link file
• Field 1 – File Permissions: Next 9 character specifies the files permission. Each 3 characters refers to the read, write, execute permissions for user, group and world In this example, -rw-r—– indicates read-write permission for user, read permission for group, and no permission for others.
• Field 2 – Number of links: Second field specifies the number of links for that file. In this example, 1 indicates only one link to this file.
• Field 3 – Owner: Third field specifies owner of the file. In this example, this file is owned by username ‘ramesh’.
• Field 4 – Group: Fourth field specifies the group of the file. In this example, this file belongs to ”team-dev’ group.
• Field 5 – Size: Fifth field specifies the size of file. In this example, ’9275204′ indicates the file size.
• Field 6 – Last modified date & time: Sixth field specifies the date and time of the last modification of the file. In this example, ‘Jun 13 15:27′ specifies the last modification time of the file.
• Field 7 – File name: The last field is the name of the file. In this example, the file name is mthesaur.txt.gz.

4. Display File Size in Human Readable Format Using ls -lh

Use ls -lh (h stands for human readable form), to display file size in easy to read format. i.e M for MB, K for KB, G for GB.

$ ls -l
-rw-r----- 1 ramesh team-dev 9275204 Jun 12 15:27 arch-linux.txt.gz*

$ ls -lh
-rw-r----- 1 ramesh team-dev 8.9M Jun 12 15:27 arch-linux.txt.gz

5. Display Directory Information Using ls -ld

When you use “ls -l” you will get the details of directories content. But if you want the details of directory then you can use -d option as., For example, if you use ls -l /etc will display all the files under etc directory. But, if you want to display the information about the /etc/ directory, use -ld option as shown below.

$ ls -l /etc
total 3344
-rw-r--r--   1 root root   15276 Oct  5  2004 a2ps.cfg
-rw-r--r--   1 root root    2562 Oct  5  2004 a2ps-site.cfg
drwxr-xr-x   4 root root    4096 Feb  2  2007 acpi
-rw-r--r--   1 root root      48 Feb  8  2008 adjtime
drwxr-xr-x   4 root root    4096 Feb  2  2007 alchemist

$ ls -ld /etc
drwxr-xr-x 21 root root 4096 Jun 15 07:02 /etc

6. Order Files Based on Last Modified Time Using ls -lt

To sort the file names displayed in the order of last modification time use the -t option. You will be finding it handy to use it in combination with -l option.

$ ls -lt
total 76
drwxrwxrwt  14 root root  4096 Jun 22 07:36 tmp
drwxr-xr-x 121 root root  4096 Jun 22 07:05 etc
drwxr-xr-x  13 root root 13780 Jun 22 07:04 dev
drwxr-xr-x  13 root root  4096 Jun 20 23:12 root
drwxr-xr-x  12 root root  4096 Jun 18 08:31 home
drwxr-xr-x   2 root root  4096 May 17 21:21 sbin
lrwxrwxrwx   1 root root    11 May 17 20:29 cdrom -> media/cdrom
drwx------   2 root root 16384 May 17 20:29 lost+found
drwxr-xr-x  15 root root  4096 Jul  2  2008 var

7. Order Files Based on Last Modified Time (In Reverse Order) Using ls -ltr

To sort the file names in the last modification time in reverse order. This will be showing the last edited file in the last line which will be handy when the listing goes beyond a page. This is my default ls usage. Anytime I do ls, I always use ls -ltr as I find this very convenient.

$ ls -ltr

total 76
drwxr-xr-x  15 root root  4096 Jul  2  2008 var
drwx------   2 root root 16384 May 17 20:29 lost+found
lrwxrwxrwx   1 root root    11 May 17 20:29 cdrom -> media/cdrom
drwxr-xr-x   2 root root  4096 May 17 21:21 sbin
drwxr-xr-x  12 root root  4096 Jun 18 08:31 home
drwxr-xr-x  13 root root  4096 Jun 20 23:12 root
drwxr-xr-x  13 root root 13780 Jun 22 07:04 dev
drwxr-xr-x 121 root root  4096 Jun 22 07:05 etc
drwxrwxrwt  14 root root  4096 Jun 22 07:36 tmp

8. Display Hidden Files Using ls -a (or) ls -A

To show all the hidden files in the directory, use ‘-a option’. Hidden files in Unix starts with ‘.’ in its file name.

$ ls -a
[rnatarajan@asp-dev ~]$ ls -a
.                             Debian-Info.txt
..                            CentOS-Info.txt
.bash_history                 Fedora-Info.txt
.bash_logout                  .lftp
.bash_profile                 libiconv-1.11.tar.tar
.bashrc                       libssh2-0.12-1.2.el4.rf.i386.rpm

It will show all the files including the ‘.’ (current directory) and ‘..’ (parent directory). To show the hidden files, but not the ‘.’ (current directory) and ‘..’ (parent directory), use option -A.

$ ls -A
Debian-Info.txt               Fedora-Info.txt
CentOS-Info.txt               Red-Hat-Info.txt
.bash_history                 SUSE-Info.txt
.bash_logout                  .lftp
.bash_profile                 libiconv-1.11.tar.tar
.bashrc                       libssh2-0.12-1.2.el4.rf.i386.rpm
[Note: . and .. are not displayed here]

9. Display Files Recursively Using ls -R

$ ls  /etc/sysconfig/networking
devices  profiles

$ ls  -R /etc/sysconfig/networking
/etc/sysconfig/networking:
devices  profiles

/etc/sysconfig/networking/devices:

/etc/sysconfig/networking/profiles:
default

/etc/sysconfig/networking/profiles/default:

To show all the files recursively, use -R option. When you do this from /, it shows all the unhidden files in the whole file system recursively.

10. Display File Inode Number Using ls -i

Sometimes you may want to know the inone number of a file for internal maintenance. Use -i option as shown below to display inone number. Using inode number you can remove files that has special characters in it’s name as explained in the example #6 of the find command article.

$ ls -i /etc/xinetd.d/
279694 chargen      279724 cups-lpd  279697 daytime-udp
279695 chargen-udp  279696 daytime   279698 echo

11. Hide Control Characters Using ls -q

To print question mark instead of the non graphics control characters use the -q option.

ls -q

12. Display File UID and GID Using ls -n

Lists the output like -l, but shows the uid and gid in numeric format instead of names.

$ ls -l ~/.bash_profile
-rw-r--r--  1 ramesh ramesh 909 Feb  8 11:48 /home/ramesh/.bash_profile
$ ls -n ~/.bash_profile
-rw-r--r--  1 511 511 909 Feb  8 11:48 /home/ramesh/.bash_profile

[Note: This display 511 for uid and 511 for gid]

13. Visual Classification of Files With Special Characters Using ls -F

Instead of doing the ‘ls -l’ and then the checking for the first character to determine the type of file. You can use -F which classifies the file with different special character for different kind of files.

$ ls -F
Desktop/  Documents/  Ubuntu-App@  firstfile  Music/  Public/  Templates/

Thus in the above output,

• / – directory.
• nothing – normal file.
• @ – link file.
• * – Executable file

14. Visual Classification of Files With Colors Using ls -F

Recognizing the file type by the color in which it gets displayed is an another kind in classification of file. In the above output directories get displayed in blue, soft links get displayed in green, and ordinary files gets displayed in default color.

$ ls --color=auto
Desktop  Documents Examples firstfile Music  Pictures  Public  Templates  Videos

15. Useful ls Command Aliases

You can take some required ls options in the above, and make it as aliases. We suggest the following.

• Long list the file with size in human understandable form.

  alias ll="ls -lh"

• Classify the file type by appending special characters.

  alias lv="ls -F"

• Classify the file type by both color and special character.

  alias ls="ls -F --color=auto"

Understanding /etc/passwd File Format

/etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root).

Understanding fields in /etc/passwd

The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows.

Generally, passwd file entry looks as follows (click to enlarge image):

(Fig.01: /etc/passwd file format - click to enlarge)

1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4. Group ID (GID): The primary group ID (stored in /etc/group file)
5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Task: See User List

/etc/passwd is only used for local users only. To see list of all users, enter:
$ cat /etc/passwd
To search for a username called tom, enter:
$ grep tom /etc/passwd

/etc/passwd file permission

The permission on the /etc/passwd file should be read only to users (-rw-r--r--) and the owner must be root:
$ ls -l /etc/passwd
Output:

-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd

Reading /etc/passwd file

#!/bin/bash
# seven fields from /etc/passwd stored in $f1,f2...,$f7
#
while IFS=: read -r f1 f2 f3 f4 f5 f6 f7
do
echo "User $f1 use $f7 shell and stores files in $f6 directory."
done < /etc/passwd

Your password is stored in /etc/shadow file

Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.

Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.

RSAT: the AdminPak for Windows Server 2008

An AdminPak (a.k.a AdminPack, Admin Pack) for Windows Server 2008 has been released. Windows Server 200x administrators are familiar with the “Administration Tools” or adminpak.msi that they used to install on their management workstations for connecting remotely via MMC to servers instead of having to login them via RDP.

Windows Server 2008 did not have the adminpak built in to the RTM media. These are called the “Remote Server Administration Tools (RSAT)”

Role Administration Tools:

• Active Directory Certificate Services Tools
• Active Directory Domain Services (AD DS) Tools
• Active Directory Lightweight Directory Services (AD LDS) Tools
• DHCP Server Tools
• DNS Server Tools
• File Services Tools
• Network Policy and Access Services Tools
• Terminal Services Tools
• Universal Description, Discovery, and Integration (UDDI) Services Tools

Feature Administration Tools:

• BitLocker Drive Encryption Tools
• Failover Clustering Tools
• Group Policy Management Tools
• Network Load Balancing Tools
• SMTP Server Tools
• Storage Manager for SANs Tools
• Windows System Resource Manager Tools

The following tools are fully supported for managing computers running Windows Server 2003:

• Active Directory Domain Services (AD DS) Tools
• Active Directory Lightweight Directory Services (AD LDS) Tools
• Active Directory Certification Authority Tools
• DHCP Server Tools
• DNS Server Tools
• Terminal Services Tools
• Universal Description, Discovery, and Integration (UDDI) Services Tools
• Group Policy Management Tools
• Network Load Balancing Tools

An immediate thought: Managing computers running Windows Server 2008 Server Core is now easier. Once the server has been set up and configured to allow remote MMC connections, all you need to do is install RSAT on your workstation and connect to your Server Core machine using the RSAT tools. Your non-GUI Windows Server now has a remote GUI

Note that you can install the RSAT tools only on a computer running Windows Vista with Service Pack 1.

Understanding Server Roles

Server Roles Overview

A network or network infrastructure is the grouping of hardware devices and software components which are needed to connect devices within the organization, and to connect the organization to other organizations and the Internet. The network infrastructure's physical hardware and logical components are needed to provide a number of features for the network, including connectivity, routing and switching capabilities, network security, and access control. The network or network infrastructure has to exist before a number of servers needed to support applications which are needed by your users can be deployed into your networking environment.

Therefore, when planning your network design and deciding on the computers for your network, you must know what functions the computer will be performing. Understanding these functions will put you in a good position to determine the hardware and software components needed for your computers.

Windows Server 2003 itself provides a number of features and tools when you install it on a computer. You though have to implement additional features and functionality on a server to provide the services and capabilities required by the organization and its users. In fact, until these additional features and functionality make certain services available, the computer cannot be used as required by users.

Computers required on your network can be broadly grouped according to the following roles:

• Server roles: Servers can be configured to perform a number of roles. The applications that the server is running specify the role of the particular server. Server's typically need services and additional features installed to perform its specific role. When compared to workstations, servers have more disk space and memory, and faster processors. The hardware required by servers is determined by the role being performed by the server. A few common server roles are listed below:

  • Domain controller

  • Database server

  • Backup server

  • File server

  • Print server

  • Infrastructure server

  • Web server

  • E-mail server

• Desktop workstation roles: Desktop workstations differ to servers in that desktop workstations are general purpose computers that can perform a number of different types of functions.

• Portable workstation roles: Portable workstations are the solution to bringing the features of a desktop computer to an off-site employee.

Windows Server 2003 introduced the concept of server roles. Server roles basically group related administrative tasks, and are used to provide a specific capability or function to the network design. With Windows Server 2003, if you configure a server for a certain server role, then a number of additional services, features and tools are installed for the server. In this manner, the server is set up to provide the required services to your users.

Windows Server 2003 provides a new tool for defining and managing server roles, namely, the Manage Your Server utility. The actual Wizard for applying the server roles to computers is the Configure Your Server Wizard. The Configure Your Server Wizard is included within the Manage Your Server utility and is also managed through this utility.

For Windows Server 2003, there are 11 different server roles that you can configure using the Configure Your Server Wizard:

• File server

• Print server

• Application server

• Mail server

• Terminal server

• Remote access server/VPN server

• Domain controllers

• DNS server

• WINS server

• DHCP server

• Streaming media server

Understanding the File Server Role

The file server role is a widely used role when configuring servers in Windows Server 2003 based networks. This is due to the file server role storing data for network users, and providing access to files stored on the file server. The file server role is though not availble in the Windows Server 2003 Web Edition. A file stored on a file server volume can be accessed by users that have the necessary rights to access the directories wherein the files are stored.

File servers provide the following functionality to users:

• Enables users to store files in a centralized location.

• " Enable a user to share files with another user.

A few characteristics and features of the file server role are listed:

• Files and folder resources can be shared between network users.

• Administrators can manage the following aspects of file servers:

  • Access to files and folders

  • Disk space

  • Disk quotas can be implemented to control the amount of space which users can utilize.

• For file servers that have NTFS volumes:

  • NTFS security can be used to protect files from users who are not authorized to access the files and folders.

  • Encrypting File System (EFS) enables users to encrypt files and folders, and entire data drives on NTFS formatted volumes. EFS secures confidential corporate data from unauthorized access.

  • Distributed File System (Dfs) provides a single hierarchical file system that assists in organizing shared folders on multiple computers in the network. Dfs provides a single logical file system structure by concealing the underlying file share structure within a virtual folder structure. Users only see a single file structure even though there are multiple folders located on different file servers within the organization.

• The Offline files feature can be enabled if necessary. Offline Files make is possible for a user to mirror server files to a local laptop, and ensures that the laptop files and server files are in sync. For your laptop users, Offline Files ensures that the user can access the server based files when they are not connected to the network.

Understanding the Print Server Role

The print server role provides network printing capabilities for the network. Through the print server role, you can configure a server to manage printing functions on the network. Users typically connect to a network printer through a connection to a print server. The print server is the computer where the print drivers are located that manage printing between printers and client computers. With Windows NT, Windows 2000, Windows XP, and Windows Server 2003, the print servers supply clients with the necessary printer drivers. The print servers also manage communication between the printers and the client computers. The print servers manage the print queues, and can also supply audit logs on jobs printed by users. A network interface printer is a printer that connects to the network through a network card. The print server role is though not available in the Windows Server 2003 Web Edition.

When deciding on a print server, ensure that the print server has sufficient disk space to store print jobs waiting in the printer queue. It is recommended to use a dedicated, fast drive for the print spooler. You should consider implementing a print server cluster if your enterprise needs exceptional reliability and performance when it comes to printing.

A few characteristics of print servers are listed here:

• The Windows Management Instrumentation (WMI) a management application program interface (API) can be used to manage printing on the network.

• Print servers can also be remotely managed.

• Administrators can control when printing devices can be utilized.

• Administrators can control access to printers

• Priorities can be defined for print jobs.

• Print jobs can be paused, resumed, and deleted and viewed.

• Printers can be published in Active Directory so that access to printers can be controlled according to Active Directory accounts.

Understanding Web servers

The application server role makes Web applications and distributed applications available to users. A Web server typically contains a copy of a World Wide Web site and can also host Web based applications. When you install a Web server, users can utilize Web based applications and download files as well.

When you add a Web server through the application server role, the following components are installed:

• Internet Information Services 6.0

• The Application Server console

• The Distributed Transaction Coordinator (DTC)

• COM+, the extension of the Component Object Model (COM)

Internet Information Services 6.0 (IIS 6.0) is Microsoft's integrated Web server that enables you to create and manage Web sites within your organization. Through IIS, you can create and manage Web sites, and share and distribute information over the Internet or intranet. With the introduction of Windows Server 2003, came the advent of Internet Information Services (IIS) 6. IIS 6 is included with the 32-bit version and the 64-bit versions of the Windows Server 2003 Editions. IIS 6 include support for a number of protocols and management tools which enable you to configure the server as a Web server, File Transfer Protocol (FTP) server or a Simple Mail Transport Protocol (SMTP) server. The management tools included with Windows Server 2003 allows you to manage Internet Information Services on the Windows Server 2003 product platforms.

Before you can deploy IIS 6 Web servers within your enterprise, you first need to install Windows Server 2003 or upgrade to Windows Server 2003. Only after Windows Server 2003 is deployed, are you able to install IIS 6 in your environment.

After Windows Server 2003 is installed, for all editions of Windows Server 2003 other than the Web Edition, you can install IIS 6 from the Configure Your Server Wizard. When you first log on after Windows Server 2003 is installed, the Manage Your Server Wizard is initiated. To start the Configure Your Server Wizard, choose the Add Or Remove A Role link. You next have to follow the prompts of the Configure Your Server Wizard to install the Application Server (IIS, ASP.NET) option.

The protocols supported by IIS 6.0, the Microsoft integrated Web server, are listed here:

• Hypertext Transfer Protocol (HTTP) is a TCP/IP application layer protocol used to connect to websites, and to create Web content. HTTP handles the publishing of static and dynamic Web content. A HTTP session consists of a connection, a HTTP request and a HTTP response

  1. Port 80 is used for HTTP connections. The client establishes a TCP connection to the server by using a TCP three way handshake.

  2. After the connection is established, the client sends a HTTP GET request message to the server.

  3. The server sends the client the requested Web page.

  4. HTTP Keep-Alives maintains the TCP connection between the client and server if it is enabled, so that the client can request additional pages.

  5. If HTTP Keep-Alives is not enabled, the TCP connection is terminated after the requested page is downloaded.

• File Transfer Protocol (FTP) is a TCP/IP application layer protocol used for copying files to and from remote systems through the Transmission Control Protocol (TCP). FTP makes it possible for clients to upload and download files from a FTP server over an internetwork. Through IIS, you can create and administer FTP servers. You need an FTP server and FTP client to use the protocol. A FTP session has a connection, a request, and a response.

  1. The client establishes a TCP connection to the FTP server through port 21.

  2. A port number over 1023 is assigned to the client.

  3. The client sends a FTP command to port 21.

  4. If the client needs to receive data, another connection is created with the client, to convey the data. This connection utilizes port 20.

  5. The second connection remains in a TIME_WAIT state afte the data is transferred to the client. The TIME_WAIT state makes it possible for additional data to be transferred. The TIME_WAIT state ends when the connection timeout.

• Network News Transfer Protocol (NNTP) is a TCP/IP application layer protocol used to send network news messages to NNTP servers and NNTP clients on the Internet. NNTP is a client/server and server/server protocol. The NNTP protocol enables a NNTP host to replicate its list of newsgroups and messages with another host through newsfeeds, using a push method or a pull method. A NNTP client can establish a connection with a NNTP host to download a list of newsgroups, and read the messages contained in the newsgroups. Through NNTP, you can implement private news servers to host discussion groups, or you can implement public news servers to provide customer support and help resources to Internet users. You can specify that users need to be authenticated to both read and post items to newsgroups, or you can allow access to everybody. The NNTP service can also integrate with the Windows Indexing Service for the indexing of newsgroup content. It is also fully integrated with event and performance monitoring of Windows Server 2003.

• Simple Mail Transfer Protocol (SMTP) is a TCP/IP application layer protocol used for routing and transferring e-mail between SMTP hosts on the Internet. SMTP enables IIS machines to operate as SMTP hosts to forward e-mail over the Internet. IIS can be utilized instead of Sendmail. SMTP also enables IIS machines to protect mail servers such as Microsoft Exchange servers from malicious attacks by operating between these servers and Sendmail host at the ISP of the organization. SMTP can be used to forward mail from one SMTP host to another SMTP host. SMTP cannot deliver mail directly to the client. Mail clients use POP3 or IMAP to receive e-mail. Windows Server 2003 includes the POP3 service for providing clients with mailboxes, and for handling incoming e-mail. To use the SMTP as a component of IIS, you have to install the SMTP service first if you are running a Windows Server 2003 Edition other than the Windows Server 2003 Web Edition. The SMTP service is installed on the Windows Server 2003 Web Edition by default.

Understanding the Mail Server Role

The mail server role provides e-mail services for the network, by providing the functionality needed for users to both send and receive e-mail messages. A mail server has to exist for users to send e-mail to each other. When a mail server receives e-mail for a user, it stores the e-mail for the intended user until that particular user retrieves it from the mail server.

The primary functions of mail servers are listed here:

• Store e-mail data.

• Process client requests

• Receive incoming e-mail from the Internet.

When you configure a server for the mail server role, the following TCP/IP based protocols are installed:

• Simple Mail Transfer Protocol (SMTP): SMTP is a TCP/IP application layer protocol used for routing and transferring e-mail between SMTP hosts on the Internet. IIS 6 has to be installed to install both the SMTP service and the Post Office Protocol 3 (POP3) service. The SMTP service has to be installed because mail servers and clients utilize this service to send e-mail.

• Post Office Protocol 3 (POP3): Mail clients use the POP3 service or IMAP to receive e-mail. Windows Server 2003 includes the POP3 service for providing clients with mailboxes, and for handling incoming e-mail. The POP3 service also enables clients to retrieve e-mail from the mail server.

Understanding the Terminal Server Role

Terminal Services have the ability to operate as an application server that remote clients can connect to, and run sessions from. The Terminal Services server runs the applications. The data response is transmitted back to the Terminal Services client. Clients can access Terminal Services over a local areaconnection or a wide area connection. Terminal Services clients can be MS-DOS based clients, Windows for Workgroups clients, (version 3.11), Windows based terminals, and Macintosh clients.

When a user connects to a Windows Server 2003 server using Remote Desktop, the resources of the server is used, and not that of the workstation. The terminal is only responsible for the keyboard, mouse and the display. Every user has its own individual Terminal Services session. Sessions are unique and do not affect one another. In this manner, a user connecting to a Windows Server 2003 server through Remote Desktop functions as a terminal on that server.

Once a client establishes a connection to Terminal Services, it creates a Terminal Services session for the client. All processing is handled by the Terminal Services server. Clients use insignificant bandwidth on the underlying network when they establish a connection. Terminal Services is therefore popular in WANs where bandwidth is limited. It is also suited for mobile users who have to execute processor intensive applications over a dial-up connection. In this case, the local machine only needs to handle the console.
When applications need to be installed or updated, a single instance of the application can be installed or updated on the Terminal Services server. Users will have access to the application without you needing to install or update the application on all machines.

Remote Desktop Protocol (RDP) is the protocol that manages communications between a computer running Terminal Services, and a client computer running a Terminal Server client. The connection can be established using Terminal Services on a terminal server. The RDC utility can be used for complete terminal server client utilization, or it can be used for Remote Administration. Remote Desktop Connection is by default installed with Windows XP and Windows Server 2003. You can however install Remote Desktop Connection on the previous Windows Operating Systems (OSs) such as Windows 2000, Windows NT, Windows ME, Windows 98, and Windows 95. The RDC utility is backward compatible, and can therefore interact with Terminal Services in Windows XP, Windows 2000 and Windows NT 4 Terminal Server Edition.

Understanding the Remote Access and VPN Server Role

The Windows Server 2003 remote access and VPN server role can be used to provide remote access to clients through either of the methods:

• Dial-up connections: Dial-up networking makes it possible for a remote access client to establish a dial-up connection to a port on a remote access server. The configuration of the dial-up networking server determines what resources the remote user can access. Users that connect through a dial-up networking server, connect to the network much like a standard LAN user accessing network resources.

• Virtual private networks (VPNs): Virtual Private Networks (VPNs) provide secure and advanced connections through a non-secure network by providing data privacy. Private data is secure in a public environment. Remote access VPNs provides a common environment where many different sources such as intermediaries, clients and off-site employees can access through web browsers or email. Many companies supply their own VPN connections via the Internet. Through their ISPs, remote users running VPN client software are assured private access in a publicly shared environment. By using analog, ISDN, DSL, cable technology, dial and mobile IP; VPNs are implemented over extensive shared infrastructures. Email, database and office applications use these secure remote VPN connections.

A few features and capabilities provided by the RRAS server are listed here:

• LAN-to-LAN routing and LAN-to-WAN routing

• Virtual private network (VPN) routing

• Network Address Translation (NAT) routing: NAT, defined in RFC 1631 translates private addresses to Internet IP addresses that can be routed on the Iternet

• Routing features, including

  • IP multicasting

  • Packet filtering

  • Demand-dial routing

  • DHCP relay

• Assign DHCP addresses to RRAS clients

• Remote Access Policies (RAPs): RAPs are used to grant remote access permissions.

• Layer Two Tunneling Protocol (L2TP) combines Layer 2 Forwarding (L2F) of Cisco with Point-to-Point Tunneling Protocol (PPTP) of Microsoft. L2TP is a Data-link protocol that can be used to establish Virtual Private Networks (VPNs).

• Internet Authentication Service (IAS), a Remote Authentication Dial-In User Service (RADIUS) server, provides remote authentication, authorization and accounting for users that are connecting to the network through a network access server (NAS) such as Windows Routing and Remote Access.

Understanding the Domain Controllers Role

A domain controller is a server that stores a write copy of Active Directory, and maintains the Active Directory data store. Active Directory was designed to provide a centralized repository of information, or data store that could securely manage the resources of an organization. The Active Directory directory services ensure that network resources are available to, and can be accessed by users, applications and programs. Active Directory also makes it possible for administrators to log on to a one network computer, and then manage Active Directory objects on a different computer within the domain.

A domain controller is a computer running Windows 2000 or Windows Server 2003 that contains a replica of the domain directory. Domain controllers in Active Directory maintain the Active Directory data store and security policy of the domain. Domain controllers therefore also provide security for the domain by authenticating user logon attempts.

The main functions of the domain controller role within Active Directory are listed here:

• Each domain controller in a domain stores and maintains a replica of the Active Directory data store for the particular domain.

• Domain controllers in Active Directory utilize multimaster replication. What this means is that no single domain controller is the master domain controller. All domain controllers are considered peers.

• Domain controllers also automatically replicate directory information for objects stored in the domain between one another.

• Updates that are considered important are replicated immediately to the remainder of the domain controllers within the domain.

• Implementing multiple domain controllers within the domain provides fault tolerance for the domain.

• In Active Directory, domain controllers can detect collisions. Collisions take place when an attribute modified on one particular domain, is changed on a different domain controller prior to the change on the initial domain controller being fully propagated.

Certain master roles can be assigned to domain controllers within a domain and forest. Domain controllers that are assigned special master roles are called Operations Masters. These domain controllers host a master copy of specific data in Active Directory. They also copy data to the remainder of the domain controllers. There are five different types of master roles that can be defined for domain controllers. Two types of master roles, forestwide master roles, are assigned to one domain controller in a forest. The other three master roles, domainwide master roles, are applied to a domain controller in every domain.

The different types of master roles which can be configured on domain controllers are listed here:

• The Schema Master is a forestwide master role applied to a domain controller that manages all changes in the Active Directory schema.

• The Domain Naming Master is a forestwide master role applied to a domain controller that manages changes to the forest, such as adding and removing a domain. The domain controller serving this role also manages changes to the omain namespace.

• The Relative ID (RID) Master is a domainwide master role applied to a domain controller that creates unique ID numbers for domain controllers and manages the allocation of these numbers.

• The PDC Emulator is a domainwide master role applied to a domain controller that operates like a Windows NT primary domain controller. This role is typically necessary when there are computers in your environment running pre-Windows 2000 and XP operating systems.

• The Infrastructure Master is a domainwide master role applied to a domain controller that manages changes made to group memberships.

A Global Catalog (GC) server(s) can also be installed on a domain controller. The global catalog is a central information store on the Active Directory objects in a forest and domain, and is used to improve performance when searching for objects in Active Directory. The first domain controller installed in a domain is designated as the global catalog server by default. The global catalog server stores a full replica of all objects in its host domain, and a partial replica of objects for the remainder of the domains in the forest. The partial replica contains those objects which are frequently searched for. It is generally recommended to configure a global catalog server for each site in a domain.

The functions of the global catalog server are summarized below:

• Global catalog servers are crucial for Active Directory's UPN functionality because they resolve user principal names (UPNs) when the domain controller handling the authentication request is unable to authenticate the user account because the user account actually exists in another domain. Here, the GC server assists in locating the user account so that the authenticating domain controller can proceed with the logon request for the user.

• The global catalog server deals with all search requests of users searching for information in Active Directory. It can find all Active Directory data irrespective of the domain in which the data is held. The GC server deals with requests for the entire forest.

• The global catalog server also makes it possible for users to provide Universal Group membership information to the domain controller for network logon requests.

Understanding the DNS Server Role

Domain Name Service (DNS) is a hierarchically distributed database that creates hierarchical names that can be resolved to IP addresses. The IP addresses are then resolved to MAC addresses. DNS provides the means for naming IP hosts, and for locating IP hosts when they are queried for by name.

The DNS server role resolves IP addresses to domain names, and domain name to IP addresses. In this way, DNS provides name resolution services to establish connections for those clients that need to resolve to IP addresses. A Fully Qualified Domain Name (FQDN) is the DNS name that is used to identify a computer on the network.

A DNS server is a computer running the DNS service or BIND; that provides domain name services. The DNS server manages the DNS database that is located on it. The information in the DNS database of a DNS server pertains to a portion of the DNS domain tree structure or namespace. This information is used to provide responses to client requests for name resolution. A DNS server is authoritative for the contiguous portion of the DNS namespace over which it resides.

When a DNS server is queried for name resolution services it can do either of the following:

• Respond to the request directly by providing the requested information.

• Provide a pointer (referral) to another DNS server that can assist in resolving the query.

• Respond that the information is unavailable.

• Respond that the information does not exist

You can configure different server roles for your DNS servers. The server role that you configure for a DNS server affects the followin operations of the server:

• The way in which the DNS server stores DNS data.

• The way in which the DNS server maintains data.

• Whether the DNS data in the database file can be directly edited.

The different DNS server roles which you can configure are listed here:

• Standard Primary DNS server: This DNS server owns the zones defined in its DNS database, and can make changes to its zones. A standard primary DNS server obtains zone data from the local DNS database. The primary DNS server is authoritative for the zone data that it contains. When a change needs to be made to the resource records of the zone, it has to be done on the primary DNS server so that is can be included in the local zone database. A DNS primary server is created when a new primary zone is added.

• Standard Secondary DNS server: This DNS server obtains a read-only copy of zones through DNS zone transfers. A secondary DNS server cannot make any changes to the information contained in its read-only copy. A secondary DNS server can however resolve queries for name resolution. Secondary DNS servers are usually implemented to provide fault tolerance, provide fast access for clients in remote locations, and to distribute the DNS server processing load evenly. If a secondary DNS server is implemented, that DNS server can continue to handle queries when the primary DNS becomes unavailable. Secondary DNS servers also assist in reducing the processing load of the primary DNS server. It is recommended to install at least one primary DNS server, and one secondary DNS server for each DNS zone.

• Caching-only DNS server: A caching-only DNS server only performs queries and then stores the results of these queries. All information stored on the caching-only DNS server is therefore only that data which has been cached while the server performed queries. Caching-only DNS servers only cache information when the queries have been resolved. The information stored by caching-only DNS servers is the name resolution data that it has collected through name resolution queries. Caching-only DNS servers do not host zones and are not authoritative for any DNS domain.

• Master DNS servers: The DNS servers from which secondary DNS servers obtain zone information in the DNS hierarchy are called master DNS servers. When a secondary DNS server is configured, you have to specify the master server from whom it will obtain zone information. Zone transfer enables a secondary DNS server to obtain zone information from its configured primary DNS server. A secondary DNS server can also transfer its zone data to other secondary DNS servers, who are beneath it in the DNS hierarchy. Here, the secondary DNS server is regarded as the master server to the other subordinate secondary DNS servers. A secondary DNS server initiates the zone transfer process from its particular master server when it is brought online.

• Dynamic DNS Servers: Windows 2000, Windows XP and Windows Server 2003 computers can dynamically update the resource records of a DNS server when a client's IP addressing information is added, or renewed through Dynamic Host Configuration Protocol (DHCP). Both DHCP and Dynamic DNS (DDNS) updates make this possible. When dynamic DNS updates are enabled, a client sends a message to the DNS server when changes are made to its IP addressing data. This indicates to the DNS server that the A type resource record of the client needs to be updated.

Understanding the WINS Server Role

The Windows Internet Name Service (WINS) server roles provide name resolution services for clients that need to resolve IP addresses to NetBIOS names, and vice versa. A WINS server is an enhanced NetBIOS name server (NBNS) designed by Microsoft to resolve NetBIOS computer names to IP addresses. WINS can resolve NetBIOS names for local hosts and remote hosts. WINS registers NetBIO computer names, and stores these client name registrations in the WINS database. The registrations are used when clients query for host name resolution and service information and to resolve a NetBIOS name to an IP address. Clients that are configured to utilize a WINS server as a NetBIOS name server (NBNS) are called WINS enabled clients. If the WINS server resolves the NetBIOS name to an IP address, no broadcast traffic is sent over the network. Broadcasts are only utilized if the WINS server is unable to resolve the NetBIOS name. A WINS enabled client can communicate with a WINS server that is located anywhere on the internetwork.

Since Windows 2000 was the first Windows operating system where NetBIOS naming was no longer required, you might still need to provide support for NetBIOS naming if you have legacy applications. Remember that all Windows operating system prior to Windows 2000 require NetBIOS name support.

To implement WINS, you only need one WINS server for an internetwork. However, implementing two WINS servers provides fault tolerance for name resolution. The secondary WINS server would be used for name resolution if the primary WINS server is unavailable to service WINS clients' requests.

A WINS server can cope with 1,500 name registrations and roughly 4,500 name queries per minute. It is recommended to have one WINS server and a backup server for each 10,000 WINS clients. When you configure the WINS server role, the WINS server must be statically assigned with the following TCP/IP parameters: static IP address, subnet mask and default gateway.

Understanding the DHCP Server Role

DHCP is a service and protocol which runs on a Windows Server 2003 operating system. DHCP functions at the application layer of the TCP/IP protocol stack. One of the primary tasks of the protocol is to automatically assign IP addresses to DHCP clients.

A server running the DHCP service is called a DHCP server. The DHCP protocol automates the configuration of TCP/IP clients because IP addressing occurs through the system. You can configure a server as a DHCP server so that the DHCP server can automatically assign IP addresses to DHCP clients, and with no manual intervention. IP addresses that are assigned through a DHCP server are regarded as dynamically assigned IP addresses.

The DHCP server assigns IP addresses from a predetermined IP address range(s), called a scope. A DHCP scope can be defined as a set of IP addresses which the DHCP server can allocate or assign to DHCP clients. A scope contains specific configuration information for clients that have IP addresses which are within the particular scope. Scope information for each DHCP server is specific to that particular DHCP server only, and is not shared between DHCP servers. Scopes for DHCP servers are configured by administrators.

The functions of the DHCP server are outlined below:

• Dynamically assign IP addresses to DHCP clients.

• Allocate the following TCP/IP configuration information to DHCP clients:

  • Subnet mask information

  • Default gateway IP addresses

  • Domain Name System (DNS) IP addresses

  • Windows Internet Naming Service (WINS) IP addresses

You can increase the availability of DHCP servers by using the 80/20 Rule if you have two DHCP servers located on different subnets. The 80/20 Rule is applied as follows:

• Allocate 80 percent of the IP addresses to the DHCP server which resides on the local subnet.

• Allocate 20 percent of the IP addresses to the DHCP Server on the remote subnet.

If the DHCP server that is allocated with 80 percent of the IP addresses has a failure, the remote DHCP server would resume assigning the DHCP clients with IP addresses.

With Windows Server 2003 DHCP, three options are available for registering IP addresses in DNS. The options can be configured for the DHCP serve, or for each individual scope. The options which can be specified to enable/disable the DHCP service to dynamically update DNS records on behalf the client are:

• The DHCP server can be configured to not register any IP address of the DHCP clients when it assigns IP addresses to these clients.

• The DHCP server can be configured to at all times register all IP address of clients when they receive IP addresses from the DHCP server.

• The default option results in the DHCP server registering the IP addresses of clients with the authoritative DNS server, based on the client's request for an IP address.

Understanding the Streaming Media Server Role

The streaming media role provides media services so that clients can access streaming audio and video. The Windows Media Services is used to provide media services to clients. The Windows Media Services can be configured on server platforms, and on enterprise platforms.

The Windows Media Services is not available in the following edition of Windows Server 2003:

• Windows Server 2003 Web Edition

• Windows Server 2003 64-bit versions.

Understanding Certificate Authorities (CAs) Servers

A Certificate Authority is an entity that generates and validates digital certificates. The CA adds its own signature to the public key of the client. By using the tools provided by Microsoft, you can create an internal CA structure within your organization.

A digital certificate associates a public key with an owner. The certificate verifies the identity of the owner. A certificate cannot be forged because the authority that issued the certificate digitally signs the certificate. Certificates are issued for functions such as the encryption of data, code signing, Web user and Web server authentication, and for securing e-mail. Certificates in Windows XP and Windows Server 2003 are managed by the Data Protection API. When certificates are issued to a client, it is stored in the Registry and in Active Directory. You can also store certificates on smart cards. The information included in a certificate is determined by the type of certificate being used.

Certificate Authorities (CAs) are servers which are configured to issue certificates to users, computers, and services. CAs also manage certificates. An organization can have multiple CAs, which are arranged in a logical manner. A CA can be a trusted third party entity such as VeriSign or Thawte, or it can be an internal entity of the organization. An example of an internal CA entity is Windows Server 2003 Certificate Services. Windows Server 2003 Certificate Services can be used to create certificates for users and computers in Active Directory domains.

The functions performed by Certificate Authorities (CAs) are listed below:

• Accepts the request for a certificate from a user, computer, application, or service.

• Authenticates the identity of the user, computer or service requesting the certificate. The CA utilizes its policies, and incorporates the type of certificate being requested; to verify the identity of the requestor.

• Creates the certificate for the requestor.

• Digitally signs the certificate using its own private key.

Windows Certificate Services is used to create a Certificate Authority on Windows Server 2003 servers. The first CA that is installed becomes the root CA. The common practice is to first install the root CA, and then use the root CA to validate all the other CAs within the organization. A root CA is the most trusted CA in a CA hierarchy. When a root CA issues certificates to other CAs, these CAs become subordinate CAs of the root CA. When a root CA is online, it is used to issue certificates to subordinate CAs. The root CA never usually directly issues certificates to users, computers, applications or services.

A subordinate CA can also issue certificates to other subordinate CAs. These subordinate CAs are called intermediate CAs. While an intermediate CA s subordinate to the root CA, it is considered superior to those subordinate CAs to which it issued certificates. Subordinate CAs which only issue certificates to users, and not to other subordinate CAs, are called leaf CAs.

The type of CAs which you can install:

• Enterprise root CA: This is the topmost CA in the CA hierarchy, and is the first CA installed in the enterprise. Enterprise root CAs are reliant on Active Directory. Enterprise root CAs issue certificates to subordinate CAs.

• Enterprise Subordinate CA: This CA also needs Active Directory, and is used to issue certificates to users and computers.

• Stand-alone Root CA: A stand-alone root CA is the topmost CA in the certificate chain. A stand-alone root CA is not however dependent on Active Directory, and can be removed from the network. This makes a stand-alone root CAs the solution for implementing a secure offline root CA.

• Stand-alone Subordinate CA: This type of CA is also not dependent on Active Directory, and is used to issue certificates to users, computers, and other CAs.

Understanding the Configure Your Server Wizard

The Configure Your Server Wizard is one of the main wizards used to perform administrative tasks for Windows Server 20033 computers. The Configure Your Server Wizard is used to configure server roles. Windows Server 2003 provides a new tool for defining and managing server roles, namely, the Manage Your Server utility. The actual Wizard for applying the server roles to computers is the Configure Your Server Wizard. The Configure Your Server Wizard is included within the Manage Your Server utility and is also managed through this utility.

To access the Manage Your Server utility and use the Configure Your Server Wizard,

1. Click Start, click Administrative Tools, and then click Manage Your Server.

The main screen of the Manage Your Server utility is made up as follows:

• At the top of the Manage Your Server main screen, are three buttons, labelled as follows:

  • Add or remove a role button; for initiating the Configure Your Server Wizard.

  • Read about server roles button; for accessing information on server roles.

  • Read about remote administration button; for accessing information on remote administration.

• The left end of the screen contains the server roles which are already configured for the particular server.

• Each listed configured server role is accompanied by buttons which can be used to view information on the existing role, or manage the existing server role. The buttons which are displayed differ between the existing server roles.

You can also initiate the Configure Your Server Wizard by:

1. Clicking Start, Administrative Tools, and then clicking Configure Your Server.

After the Configure Your Server Wizard is initiated, the following preliminary steps need to be performed first before any server roles can be added:

• Install all modems and network cards.

• Attach all necessary cables.

• Create an Internet connection if the server is to be used for Internet connectivity.

• Turn on all peripherals

• Have the Windows Server 2003 installation CD at hand.

Clicking the Next button on the Preliminary Steps screen invokes the Configure Your Server Wizard to test network connections and verify the operating system, and then displays the Server Role screen.

The Server Role screen contains the following columns:

• Server role column; indicates the server roles which can be added or removed.

• Configured column; indicates whether a server role is configured or not configured.

If you want to navigate to the Add or Remove Programs in Control Panel, click the Add or Remove Programs link on the Server Role screen.

How to add an application server role to Windows Server 2003

1. Click Start, click Administrative Tools, and then click Manage Your erver.

2. Click the Add or remove a role button.

3. The Configure Your Server Wizard initiates.

4. Click Next on the Preliminary Steps page of the wizard.

5. When the Server Role page opens, select the Application server (IIS, ASP.NET) server role, and then click Next.

6. The Application Server Options page opens.

7. Select the FrontPage Server Extensions checkbox to include Web server extensions in the configuration.

8. Select the Enable ASP.NET checkbox so that Web applications created through ASP.NET can be utilized. Click Next.

9. Verify the settings which you have selected on the Summary of Selections. Click Next.

10. The installation of the components occurs next.

11. Click Finish.

How to install the Remote Access and VPN server role using the using the Configure Your Server Wizard

1. Click Start, click Administrative Tools, and then click Manage Your Server.

2. Select the Add or remove a role option.

3. The Configure Your Server Wizard starts.

4. On the Preliminary Steps page, click Next.

5. A message appears, informing you that the Configure Your Server Wizard is detecting network settings and server information.

6. When the Server Role page appears, select the Remote Access/VPN Server option and then click Next.

7. On the Summary of Selections page, click Next.

8. The Welcome to the Routing and Remote Access Server Setup Wizard page is displayed.

How to add the global catalog server role on a domain controller

1. Click Start, Administrative Tools, and then click Active Directory Sites and Services.

2. In the console tree, expand Sites, and then expand the site that contains the domain controller which you want to configure as a global catalog server.

3. Expand the Servers folder, and locate and then click the domain controller that you want to designate as a global catalog server.

4. In the details, pane, right-click NTDS Settings and click Properties on the shortcut menu.

5. The NTDS Settings Properties dialog box opens.

6. The General tab is where you specify the domain controller as a global catalog server.

7. Enable the Global Catalog checkbox.

8. Click OK.

How to remove the global catalog server role from a domain controller

1. Open the Active Directory Sites and Services console.

2. In the console tree, locate and click the domain controller currently configured as the global catalog server.

3. Right-click NTDS Settings and click Properties on the shortcut menu to open the NTDS Settings Properties dialog box.

4. Clear the Global Catalog checkbox.

5. Click OK

How to install the DHCP server role

1. Click Start, Control Panel, and then click Add Or Remove Programs.

2. When the Add Or Remove Programs dialog box opens, click Add/Remove Windows Components.

3. This starts the Windows Components Wizard.

4. In the Components list box, select Networking Services, and then click the Details button.

5. The Networking Services dialog box opens.

6. In the Subcomponents Of Networking Services list box, check the Dynamic Host Configuration Protocol (DHCP) checkbox.

7. Click OK. Click Next.

8. When The Completing The Windows Components Wizard page is displayed, click Finish.

How to implement a caching-only DNS server

1. Open Control Panel

2. Double-click Add/Remove Programs., and then click Add/Remove Windows Components.

3. The Windows Components Wizard starts.

4. Click Networking Services, and then click Details.

5. In the Networking Services dialog box, select the checkbox for Domain Name System (DNS) in the list.
   Click OK. Click Next.

6. When The Completing The Windows Components Wizard page is displayed, click Finish.

7. Do not add or configure any zones for the DNS server. The DNS Server service functions as a caching-only DNS server by default. This basically means no configuration is necessary to set up a caching-only DNS server.

8. You should verify that the server root hints are configured correctly.

How to add the Terminal Services server role to Windows Server 2003 using Add Or Remove Programs in Control Panel

1. Click Start, Control Panel, and then click Add Or Remove Programs.

2. Click Add/Remove Windows Components to initiate the Windows Components Wizard

3. Select the Terminal Server checkbox. Click Next

4. When the Terminal Server Setup page is displayed, read the message on Terminal Server Licensing and Terminal Server mode. Click Next

5. Select the appropriate security setting. Click Next

6. After the necessary files are copied, click Finish.

7. When the System Settings Change page is displayed. Click Yes to reboot the computer.

8. Terminal Services Configuration, Terminal Services Manager, and Terminal Server Licensing are added to the Administrative Tools menu.

How to install IIS 6.0 using the Configure Your Server Wizard

1. Click Start, click Administrative Tools, and then click Manage Your Server.

2. In the Manage Your Server main screen, click Add or remove a role.

3. The Configure Your Server Wizard starts.

4. The Preliminary Steps screen is a warning screen that prompts you to verify that the requirements for the installation have been met. Click Next.

5. The network connections configured on the machine are tested and verified before the Wizard displays the following screen.

6. On the Configuration Options screen, choose one of the following options:

   • Typical configuration for a first server: You would choose this option to install the server as a domain controller, and to install the Active Directory directory service, DNS service, and DHCP service.

   • Custom Configuration, This option should be selected to install IIS 6 on the server.

   Click Next.

7. On the Server Role screen, choose Application Server (IIS, ASP.NET) as the role which you want install on the server. From this screen, you can also select to install Terminal, Print, DNS, and DHCP services. Selecting the Application Server (IIS, ASP.NET) option, installs IIS, ASP.NET and additional components so that the server can host websites and FTP sites. Click Next.

8. On the Application Server Options screen, you can select that these optional components be installed:

   • FrontPage Server Extensions, for users to develop Web content and publish Web content on the IIS machine via Microsoft FrontPage or Microsoft Visual Studio.

   • Microsoft Data Engine, for hosting SQL databases on the IIS machine

   • Enable ASP.NET: This option is enabled by default. ASP.NET is the scripting framework utilized for running IIS applications.

   Click Next.

9. The Summary of Selections screen displays a summary of the components which you selected for installation. Verify that the correct items are listed on this screen. The Enable COM+ for remote transactions option is automatically added. Click Next.

10. The installation process now commences. You would either have to insert the Windows Server 2003 CD, or indicate the location of the installation files. The Application Selections screen is displayed, the Configuration Components window appears, and the necessary files are copied.