Showing posts with label configuring. Show all posts
Showing posts with label configuring. Show all posts

Sunday, March 26, 2017

Configuring Domain Group Policy for Windows 2003

Configuring Domain Group Policy for Windows 2003


Windows 2003 Group Policies allow the administrators to manage a group of people accessing a resource efficiently. The group policies can be used to control both the users and computers.
They give better productivity to administrators and save their time by allowing them to manage all the users and computers centrally in just one go.
The group policies are of two types, Local Group Policy and Domain-based Group Policy. As the name suggests, the Local Group Policies allow the local administrator to manage all the users of a computer to access the resources and features available on the computer. For example an administrator can remove the use of Run command from the start menu. This will ensure that the users will not find Run command on that computer.
The Domain-based Group Policies on the other hand allow the domain/enterprise administrators to manage all the users and the computers of a domain/ forest centrally. They can define the settings and the allowed actions for users and computers across sites, domains, and OUs through group policies.
There are more than 2000 pre-created group policy settings available in Windows Server 2003/ Windows XP. A default group policy already exists. You only need to modify it by setting values of different policy settings according to your specific requirements. You can also create new group policies to meet your specific business requirements. The group policies allow you to implement:
  • Registry based settings: Allows you to create a policy to administer operating system components and applications.
  • Security settings: Allows you to set security options for users and computers to restrict them to run files based on path, hash, publisher criteria, or URL zone.
  • Software restrictions: Allows you to create a policy that would restrict users to run unwanted applications and protect computers against virus and hacking attack.
  • Software distribution and installation: Allows you to either assign or publish software application to domain users centrally with the help of a group policy.
  • Automation of tasks using computer and User Scripts
  • Roaming user profiles: Allow mobile users to see a familiar and consistent desktop environment on all the computers of the domain by storing their profile centrally on a server.
  • Internet Explorer maintenance: Allow administrators to manage the IE settings of the users computers in a domain by setting the security zones, privacy settings, and other parameters centrally with the help of group policy.

Configuring a Domain-Based Group Policy
Just as you used group policy editor to create a local computer policy, to create a domain-based group policy you need to use Active Users and Computers snap-in from where you can open the GPMC .
Follow the steps below to create a domain-based group policy
1. Select Active Directory Users and Computers tool from the Administrative Tools.
2. Expand Active Directory Users and Computers node, as shown below.
3. Right-click the domain name and select Properties from the menu that appears.
tk-windows-gp-domain-1
The properties window of the domain appears.

4. Click the Group Policy tab.
5. The Group Policy tab appears with a Default Domain Policy already created in it, as shown in here:
tk-windows-gp-domain-2

You can edit the Default Domain Policy or create a new policy. However, it is not recommended to modify the Default Domain Policy for regular settings.
We will select to create a new policy instead. Click New to create a new group policy or group policy object. A new group policy object appears below the Default Domain Policy in the Group Policy tab, as shown below:
tk-windows-gp-domain-3

Once you rename this group policy, you can either double-click on it, or select it and click Edit.
Youll next be presented with the Group Policy Object Editor from where you can select the changes you wish to apply to the specific Group Policy:
tk-windows-gp-domain-4

In this example, we have selected to Remove Run menu from Start Menu as shown above. Double-click on the selected setting and the properties of the settings will appear. Select Enabled to enable this setting. Clicking on Explain will provide plenty of additional information to help you understand the effects of this setting.
tk-windows-gp-domain-5
When done, click on OK to save the new setting.
Similarly you can set other settings for the policy. After setting all the desired options, close the Group Policy Object editor . You new group policy will take effect.

Available link for download

Read more »
Posted by at No comments:
Labels: , , , , , ,

Friday, February 24, 2017

Configuring permissions and groups Windows Server 2003 domain controller

Configuring permissions and groups Windows Server 2003 domain controller


Configuring permissions and groups (Windows Server 2003 domain controller)

If Microsoft Windows Server 2003 is a domain controller, you must complete these tasks to configure users and groups to access IBM® InfoSphere® Information Server. This configuration is required only for the engine tier computer and is only applicable to the users of the operating system where the engine tier components are installed.

Procedure

Because you cannot add the built-in authenticated users group to a group that you create in steps 2 and 3, you might prefer to skip steps 2 and 3 and use the authenticated users group directly.
  1. Log in to Microsoft Windows Server 2003 as an administrator.
  2. Configure the server to allow local users to log in.
    1. Click Start > Control Panel > Administrative Tools > Domain Security Policy.
    2. In the Domain Security Policy window, expand Local Policies > User Rights Assignment to display the policies.
    3. In the Domain Security window, click the Allow log on Locally policy, and click Actions > Properties.
    4. In the Allow log on Locally Properties window, click Add User or Group.
    5. Click Browse.
    6. In the Select Users, Computers, or Groups window, click Advanced and then click Find Now.
    7. In the search results, click Authenticated Users, and then click OK three times to return to the Domain Security Policy window.
    8. Close the Domain Security Policy window.
  3. Create a group.
    1. Click Start > Control Panel > Administrative Tools > Active Directory and Computers.
    2. In the Active Directory and Computers window, click Users in the current domain.
    3. In the window that opens, click Action > New Group.
    4. In the New Group window, type the name for the group.
    5. Leave Group scope as Global and Group type as Security.
    6. Click OK
  4. Add users to the group.
    1. In the Users in the current domain window, click the name of the group that you want to add users to, and click OK. Authenticated users are not available.
    2. Click Action > Properties.
    3. In the Properties window, click the Members tab, and then click Add.
    4. In the window that opens, click Advanced, and then click Find Now.
    5. Click the names of users that you want to add to the group, and then click OK. Authenticated users are not available.
    6. Click OK two times to save your results and to return to the Active Directory and Computers window.
    7. Close the Active Directory and Computers window.
  5. Set permissions on the server folder.
    1. In Windows Explorer, locate the server folder. The default location is c:IBMInformationServerServer.
    2. Click File > Properties.
    3. In the Properties window, click the Security tab, and click Add.
    4. In the Select Users, Computers, or Groups window, click Locations.
    5. In the window that opens, click Advanced, and then click Find Now.
    6. Click the name of the group that you want to set permissions for.
    7. Click OK, and then click OK again.
    8. Click the name of the group that you want to set permissions for.
    9. In the Permissions list, locate Modify.
    10. Click Write in the Allow column for this item, and click OK.
    11. If you receive a message to confirm your changes, confirm by clicking Apply changes to this folder, subfolders and files.

Available link for download

Read more »
Posted by at No comments:
Labels: , , , , , , , ,

Thursday, January 5, 2017

Configuring and Managing RAID 5 on Windows Server 2012

Configuring and Managing RAID 5 on Windows Server 2012


An Overview of RAID 5

RAID 5 consists of three or more volumes each located on a separate physical disk. As with RAID 0, RAID 5 also uses disk striping, whereby blocks of data are divided up into stripes with each stripe written to a different disk. RAID 5, however, differs quite considerably from RAID 0. Under RAID 5, not only are the data stripes written, but also parity information relating to the data. The key to RAID 5 fault tolerance is the fact that the parity information for a particular data stripe is always written to a different drive from the drive containing the corresponding data stripe. This means that if a disk fails, the corresponding parity information stored on another disk can be used for error detection and data correction (also referred to as regeneration).
Whilst RAID 5 has considerable advantages over RAID 0 there are one or two drawbacks that should be taken into consideration when considering this storage option. Firstly, there is the inevitable performance overhead inherent in calculating and storing parity information for each data stripe written to disk. Secondly, the loss of more than one disk in a RAID 5 array will leave insufficient parity data on the remaining disks to regenerate the original data. That said, RAID 5 does provide considerable advantages that generally outweigh the disadvantages.

Configuring RAID 5 Using Windows Server 2008 Disk Management

A Windows Server 2008 RAID 5 configuration may be set up using the Disk Management snap-in. This is accessed either from the Server Manager or Computer Management tools. To launch the Server Manager, open the Start menu and click on the Server Manager option, or click on the Server Manager icon in the task bar. Alternatively launch Computer Management from Start -> All Programs -> Administration Tools -> Computer Management or run compmgmt.csc at the command prompt or in a Run dialog. In all cases the Disk Management tool can be found under the Storage category.
As previously noted, RAID 5 implementation requires a minimum of 3 disk drives. For the purposes of this tutorial a system containing four disk drives is assumed. In this scenario, disk 0 is the system disk and disks 1 through 3 are available for use in the RAID 5 configuration. Before proceeding the disks will need to be initialized using either the MBR or GPT partition style. Assuming these prerequisites are met the first step is to right click on one of the 3 disks in the Disk Management graphical view. In the resulting popup menu select the New RAID-5 Volume... option to invoke the New RAID-5 Volume wizard. On the wizards welcome page click on the Next button to proceed to the Disk Selection screen. This screen contains a list of disk drives available for inclusion in the disk array together with a list of selected disks. Currently only the current disk is included in the Selected list. Two more disks must be added to the selected disks before the RAID 5 array can be built. Select disks from the Available list and click on the Add> button to add the disk to the selected list. Once sufficient disks (in this case disks 1, 2 and 3) are selected the Next button will activate to allow the remainder of the configuration to be completed. Note that disk 0 (the system disk) is not included in the RAID 5 array:
Selecting disks for a Windows Server 2008 RAID 5 configuration

With the disk selections completed, the Next button proceeds to the drive letter and mount point assignment screen. Once these settings are configured click Next to proceed to the Format Volume screen. Select the appropriate file system and compression options and click on Next to proceed to the Summary screen. Review the information displayed and click on Finish to initiate the RAID 5 creation process. During this process the Disk Management graphical view will list the disks as Formatting and then Resynching. The amount of time these phases will take depends on the size of the volumes in question. Once the process is complete the status will change to Healthy and the RAID 5 volume is ready for use.

Configuring RAID 5 from the Command Prompt using DiskPart

In addition to configuring RAID 5 from within Disk Management, the configuration may also be implemented from the command prompt using DiskPart. DiskPart may be launched either from a command prompt or a Run dialog simply by typing diskpart. Once invoked, DiskPart will display the DiskPart> command prompt and is ready to receive commands.
The first step in the configuration process is to identify the disks attached to the system using the list disk command: 
DISKPART> list disk

 Disk ### Status Size Free Dyn Gpt
 -------- ---------- ------- ------- --- ---
 Disk 0 Online 30 GB 15 GB *
 Disk 1 Online 8 GB 8189 MB
 Disk 2 Online 8 GB 8189 MB
 Disk 3 Online 8 GB 8189 MB
For the purposes of this chapter disks 1, 2 and 3 will be used to create a RAID 5 configuration. Each of these disks needs to be converted to dynamic disks before the configuration can proceed. This is achieved by selecting each disk in turn and executing the convert dynamic command: 
DISKPART> select disk 1

Disk 1 is now the selected disk.

DISKPART> convert dynamic

DiskPart successfully converted the selected disk to dynamic format.

DISKPART> select disk 2

Disk 2 is now the selected disk.

DISKPART> convert dynamic

DiskPart successfully converted the selected disk to dynamic format.

DISKPART> select disk 3

Disk 3 is now the selected disk.

DISKPART> convert dynamic

DiskPart successfully converted the selected disk to dynamic format.
Once the disks have been converted to dynamic disks the next step is to create the RAID 5 volume using the create volume raid command. This command also takes as a parameter the disk= directive followed by a list of disks to be used in the array. The size= directive may also be specified to declare the size of the volume. If this value is omitted the volume will be sized to match the smallest contiguous block of unallocated space on the designated disk drives: 
DISKPART> create volume raid disk=1,2,3

DiskPart successfully created the volume.
Once the command has completed and displayed the DISKPART> prompt the system will have begun the resynching process. This can take a considerable amount of time depending on the size of the volume. During this process, the status of the volume will be listed as Rebuild when the list volume command is executed: 
DISKPART> list volume

 Volume ### Ltr Label Fs Type Size Status Info
 ---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 RAW RAID-5 16 GB Rebuild
 Volume 1 C NTFS Simple 15 GB Healthy System
 Volume 2 D DVD-ROM 0 B No Media
Once the resynch is complete the volume status will change to Healthy at which point the volume may be formatted (the RAW type listed above indicates the volume has yet to be formatted). The volume may be formatted using the format command as follows: 
DISKPART> format fs=ntfs label="RAID 5 Vol"

 100 percent completed

DiskPart successfully formatted the volume.
Once the volume has been formatted the RAID 5 configuration is ready for use.

Fixing RAID 5 Problems

In order to function, all the disks in a RAID 5 configuration must be online and healthy. If the RAID 5 set displays Failed Redundancy and the volume is listed as Offline, Missing or Online (Errors) there is a problem which needs to be resolved.
If the status is Offline or Missing, check that the disk is connected and powered up. If the problem is resolved select Rescan Disks from the Actions menu. Once the rescan is complete right click on the problematic drive and select Reactivate. All being well the drive status will change to Regenerating as the data is rebuilt using the parity information on the other drives in the array. If, once regeneration is complete, the status does not return to Healthy, right click once again and select Regenerate Parity.
If a disk in a RAID 5 configuration is listed as Failed or Online (Errors) repeat the above steps. If this fails the disk may be unrecoverable and will need to be replaced. To achieve this, right click on the volume on the failed disk and select Remove Volume from the popup menu. Once the volume has been removed, right click on a suitable block of unallocated space on another dynamic disk which is not already part of the RAID 5 array, has sufficient space and has a matching partition style and select Repair Volume. This will rebuild the RAID 5 configuration using the space on new disk drive together with the remaining healthy disks from the original RAID 5 configuration.


Available link for download

Read more »
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Comments (Atom)