COMP2221 Networks in Organisations Richard Henson March 2014.
COMP2221 Networks in Organisations Richard Henson November 2012.
-
Upload
patrick-jackson -
Category
Documents
-
view
219 -
download
0
Transcript of COMP2221 Networks in Organisations Richard Henson November 2012.
COMP2221COMP2221
Networks in OrganisationsNetworks in Organisations
Richard HensonRichard Henson
NovemberNovember 20122012
Week 7:Week 7:Windows Services…Windows Services…
Objectives:Objectives: Explain the mechanism for control of user and Explain the mechanism for control of user and
system settings on networked machinessystem settings on networked machines Explain the role of the registry in desktop Explain the role of the registry in desktop
configuration, usability, and securityconfiguration, usability, and security Explain the mechanisms typical TCP/IP-based Explain the mechanisms typical TCP/IP-based
network servicesnetwork services Use appropriate software tools for network services, Use appropriate software tools for network services,
system/network monitoring and troubleshootingsystem/network monitoring and troubleshooting
Rapid Boot-up with Rapid Boot-up with Windows 7 (1)Windows 7 (1)
Huge improvements in time to logon Huge improvements in time to logon screen…screen…32-bit colour animation appears at an early 32-bit colour animation appears at an early
stagestage» driven by the CPU (& using Intel EFI)driven by the CPU (& using Intel EFI)
graphics card not yet initiatedgraphics card not yet initiated……
meanwhile, operating system's kernel and meanwhile, operating system's kernel and critical device drivers are loading into critical device drivers are loading into memory in the background…memory in the background…
Rapid Boot-up with Rapid Boot-up with Windows 7 (2)Windows 7 (2)
Early stage of boot process bound to i/o:Early stage of boot process bound to i/o:loading the kernelloading the kerneldevice driver filesdevice driver filesother system component filesother system component files
Dimensions of the boot animation limited Dimensions of the boot animation limited to a small region of the screento a small region of the screenavoids i/o delay loading animation images avoids i/o delay loading animation images
during the early stage of boot…during the early stage of boot…
Rapid Boot-up with Rapid Boot-up with Windows 7 (3)Windows 7 (3)
Changes to the boot “architecture”Changes to the boot “architecture” Windows 7 animation happens as the process Windows 7 animation happens as the process
moves alongmoves along» contrast with Vista, where the pear animation comes only contrast with Vista, where the pear animation comes only
after the boot sequence is complete…after the boot sequence is complete…
fewer transitions in graphics mode during fewer transitions in graphics mode during initialisation of the graphics subsystem and initialisation of the graphics subsystem and Windows shellWindows shell
» again, c.f. Vista, where screen flashes black a few times..again, c.f. Vista, where screen flashes black a few times..
Sound plays BEFORE user login starts…Sound plays BEFORE user login starts…
BUT…BUT… The user in an organisation then needs The user in an organisation then needs
to log on…to log on…endless loading of policy files…endless loading of policy files…subsequent configuration to accommodate subsequent configuration to accommodate
settings into the local registry…settings into the local registry…
Policy Files: Controlling User Policy Files: Controlling User and System Settings…and System Settings…
Arguably the most Arguably the most important part of a network important part of a network manager’s jobmanager’s job get it right: happy users, get it right: happy users,
happy managershappy managers
get it wrong: frustrated get it wrong: frustrated users, angry managersusers, angry managers
Even at remote locations (!)Even at remote locations (!)
General principle of no access at all General principle of no access at all without logon…without logon…
Policies determine the desktops and Policies determine the desktops and services available when users logon services available when users logon right access the (enterprise) networkright access the (enterprise) network
User/System Policy SettingsUser/System Policy Settings
Different types of system?Different types of system?»different registry settings neededdifferent registry settings needed
System settings for computer may System settings for computer may need to be changed for particular users need to be changed for particular users »e.g. lower screen refresh rate required for e.g. lower screen refresh rate required for
epilepticsepileptics
Groups and Group PolicyGroups and Group Policy
Convenient for users to be put into Convenient for users to be put into groupsgroupsSettings for group provides particular Settings for group provides particular
access to data & servicesaccess to data & services Problems…Problems…
user in wrong group(s)user in wrong group(s)group has wrong settingsgroup has wrong settings
Users and ConvenienceUsers and Convenience Windows Networks provide storage Windows Networks provide storage
space on Server for user data:space on Server for user data:mandatory profilesmandatory profiles
» no storage for desktop settings all same no storage for desktop settings all same desktop settings!desktop settings!
roaming profilesroaming profiles» desktop settings preserved on Server between desktop settings preserved on Server between
user sessionsuser sessions but takes extra spacebut takes extra space and makes logon even longer!and makes logon even longer!
The all-important RegistryThe all-important Registry Hierarchical store of system and user settingsHierarchical store of system and user settings Five basic subtrees:Five basic subtrees:
HKEY_LOCAL_MACHINEHKEY_LOCAL_MACHINE : local computer info. : local computer info. Does not change no matter which user is logged onDoes not change no matter which user is logged on
HKEY_USERSHKEY_USERS : default user settings : default user settings HKEY_CURRENT_USERHKEY_CURRENT_USER : current user settings : current user settings HKEY_CLASSES_ROOTHKEY_CLASSES_ROOT : software config data : software config data HKEY_CURRENT_CONFIGHKEY_CURRENT_CONFIG : “active” hardware : “active” hardware
profileprofile
Each subtree contains one or more subkeysEach subtree contains one or more subkeys
Location…Location… C:\windows\system32\configC:\windows\system32\config Six files (no extensions):Six files (no extensions):
SoftwareSoftware System – hardware settingsSystem – hardware settings Sam, SecuritySam, Security
» not viewable through regedt32not viewable through regedt32
Default – default userDefault – default user Sysdiff – HKEY USERS subkeysSysdiff – HKEY USERS subkeys
Also: ntuser.dat fileAlso: ntuser.dat file user settings that override default useruser settings that override default user
Emergency Recovery if Emergency Recovery if Registry is damagedRegistry is damaged
Backup registry files created during text-Backup registry files created during text-based part of windows installationbased part of windows installationalsoalso stored in: stored in:
» C:\windows\system32\configC:\windows\system32\config» distinguished by .sav suffixdistinguished by .sav suffix
only used to update registry if “R” option is only used to update registry if “R” option is chosen during a windows recovery/reinstallchosen during a windows recovery/reinstall
Emergency Recovery if Emergency Recovery if registry completely ruined…registry completely ruined…
Another NEVER UPDATED backup is Another NEVER UPDATED backup is saved to C:\windows\repairsaved to C:\windows\repaircontains no user and software settingscontains no user and software settingsreboots back to the point: reboots back to the point:
» ““Windows is now setting up”Windows is now setting up”
Backing up the RegistryBacking up the Registry Much forgotten…Much forgotten…
can be copied to tape, USB stick CD/DVD, or diskcan be copied to tape, USB stick CD/DVD, or disk rarely more than 100 Mbrarely more than 100 Mb
Two options;Two options; Use third-party backup toolUse third-party backup tool
» e.g e.g http://www.acronis.co.uk
Use windows “backup”Use windows “backup”» not recommended by experts!not recommended by experts!» already there & it does work!already there & it does work!» when choosing backup options, “system state” should be when choosing backup options, “system state” should be
selectedselected
Editing “Live” Registry SettingsEditing “Live” Registry Settings Registry data that is loaded into memory can Registry data that is loaded into memory can
also be overwritten by data:also be overwritten by data: from local profiles (ntconfig.pol)from local profiles (ntconfig.pol) downloaded across the network… downloaded across the network…
Contents should not be changed manually Contents should not be changed manually unless you really know what you are doing!!!unless you really know what you are doing!!!
Special command line tool available for Special command line tool available for editing individual system settings:editing individual system settings: REGEDT32 REGEDT32
Policy FilesPolicy Files Collection of registry settings in a text fileCollection of registry settings in a text file
downloaded from the domain controller during downloaded from the domain controller during logonlogon
settings depend on the user or group logging onsettings depend on the user or group logging on Can overwrite:Can overwrite:
local machine registry settingslocal machine registry settings current user registry settingscurrent user registry settings
Policies should therefore only be created and Policies should therefore only be created and used by those who know what they are used by those who know what they are doing!!!doing!!!
Group Policy FilesGroup Policy Files
Local Computer (local policy)Local Computer (local policy)read from local machineread from local machine
Domain Controllers (domain policy)Domain Controllers (domain policy)downloaded across the networkdownloaded across the network
Read by CPU on local machine during Read by CPU on local machine during logon procedurelogon proceduresubsequently written to registrysubsequently written to registrycontrol user desktopcontrol user desktop
The Redirector The Redirector (OSI Level 5)(OSI Level 5)
Client-server Client-server serviceservice
Provides file and Provides file and print connectivity print connectivity between between computerscomputers one end must be one end must be
“server”“server” provides the provides the
service…service…
server client
may be logged on
Server Providesservice
redirector requests service
Redirector Redirector (“Workstation” i.e. client-end)(“Workstation” i.e. client-end)
Implemented as a file system driverImplemented as a file system driveronly called if local file system cannot find only called if local file system cannot find
the file or servicethe file or servicesends request to active directory to locate sends request to active directory to locate
the data object via Transport Driver the data object via Transport Driver Interface (TDI)Interface (TDI)» communicates directly with transport protocols communicates directly with transport protocols » allows independence of networking allows independence of networking
components in OSI layers 2-4components in OSI layers 2-4
Redirector Redirector (Workstation Service)(Workstation Service)
Adherence to OSI layers…Adherence to OSI layers… Can independently add or remove: Can independently add or remove:
» transport protocols (layers 3 & 4)transport protocols (layers 3 & 4)» network cards (layers 1 & 2)network cards (layers 1 & 2)
without reconfiguring the whole systemwithout reconfiguring the whole system
Completely transparent in redirection of i/o Completely transparent in redirection of i/o calls not serviced locallycalls not serviced locally esp. important when applications are being usedesp. important when applications are being used
Server ServiceServer Service
Server end of redirector:Server end of redirector: implemented as a file system driverimplemented as a file system driver communicates with lower layers via TDIcommunicates with lower layers via TDI
Supplies the network connections Supplies the network connections requested by the client redirectorrequested by the client redirector
Receives requests via adapter card Receives requests via adapter card drivers, transport protocol (e.g. TCP/IP), drivers, transport protocol (e.g. TCP/IP), and TDIand TDI
Running Client-Server Running Client-Server ApplicationsApplications
Client process & server process provide a Client process & server process provide a mechanism for:mechanism for: pipes to link processes that need bi-directional pipes to link processes that need bi-directional
communicationcommunication mailslots to link processes only requiring one-mailslots to link processes only requiring one-
directional communicationdirectional communication running Winsock to manage the communication running Winsock to manage the communication
channelchannel RPCs (Remote Procedure Calls) allowing RPCs (Remote Procedure Calls) allowing
distributed applications to call procedures distributed applications to call procedures anywhere on the networkanywhere on the network
File and Print SharingFile and Print Sharing
Shared resource access requires use ofShared resource access requires use of redirectorredirector server service…server service…
Multiple UNC Provider allows connection to a Multiple UNC Provider allows connection to a resource on any computer that supports UNC resource on any computer that supports UNC Universal Naming Convention) namesUniversal Naming Convention) names FilesFiles \\server\shared folder[\sub-folder]\filename) PrintersPrinters \\server\shared printer
Multiple Provider Router supports multiple Multiple Provider Router supports multiple redirectorsredirectors
Network BindingNetwork Binding
Binding is about linking network components Binding is about linking network components working at different OSI levels together to working at different OSI levels together to enable communicationenable communication
Windows binding is about linking the Windows binding is about linking the redirector & server service with the transport redirector & server service with the transport protocol and (via NDIS) adapter card driversprotocol and (via NDIS) adapter card drivers happens automatically when:happens automatically when:
» there is a change of protocol, or protocol settingsthere is a change of protocol, or protocol settings» different network adapter drivers are installeddifferent network adapter drivers are installed» existing adapter card settings are alteredexisting adapter card settings are altered
WINS (Windows Internet WINS (Windows Internet Names Service)Names Service)
Client-server protocol like DNS, DHCPClient-server protocol like DNS, DHCP used on first Windows TCP/IP networks to enable used on first Windows TCP/IP networks to enable
computer devices to communicate using IPcomputer devices to communicate using IP manages a dynamic database of IP addresses and manages a dynamic database of IP addresses and
local network (NetBIOS) nameslocal network (NetBIOS) names clients request IP addresses for particular NetBIOS clients request IP addresses for particular NetBIOS
names names WINS server provides that informationWINS server provides that information
Historical, but NETBIOS names still used in Historical, but NETBIOS names still used in some placessome places
Terminal ServicesTerminal Services Allows any PC running a version of Allows any PC running a version of
Windows to remotely run a Windows Windows to remotely run a Windows serverserveruses a copy of the server’s desktop on the uses a copy of the server’s desktop on the
client machineclient machine Client tools must be installed first, but Client tools must be installed first, but
the link can run with very little bandwidththe link can run with very little bandwidthpossible to remotely manage a server possible to remotely manage a server
thousands of miles away using a phone thousands of miles away using a phone connection…connection…
More about the www service
Provided by Microsoft’s Web Server (IIS)Provided by Microsoft’s Web Server (IIS) links to TCP port 80links to TCP port 80 can also provide:can also provide:
» ftp service (port 21)ftp service (port 21)» smtp service (port 25)smtp service (port 25)
Purpose of www service:Purpose of www service: Works with http protocol make html pages Works with http protocol make html pages
available:available:» across the network as an Intranetacross the network as an Intranet» across trusted external users/domains as an Extranetacross trusted external users/domains as an Extranet
Features of IISFeatures of IIS
Provides server end program execution Provides server end program execution environment:environment: runs server-scriptsruns server-scripts
Sets up its own directory structure on the Sets up its own directory structure on the Server for developing Intranets, Extranets, Server for developing Intranets, Extranets, etc.etc.
Sets up communication via TCP port 80 in Sets up communication via TCP port 80 in response to client requestresponse to client request
Client end:Client end: browser HTML display environment on clientbrowser HTML display environment on client
““Static” web page serviceStatic” web page service
client (browser) requests information (HTML page)
server (IIS, web server) processes the request, sends HTML page back to the client…
CLIENT SERVER
RESPONSE
Send RequestRead Results
Process RequestSend Back Results
ClientProgram
REQUEST
ServerProgram
More Features of IISMore Features of IIS
Access to any client-server service can Access to any client-server service can be restricted using username/password be restricted using username/password security at the server endsecurity at the server endor could bypass security with “anonymous or could bypass security with “anonymous
loginlogin» uses a “guest” account – access granted only uses a “guest” account – access granted only
to files that make up the Intranetto files that make up the Intranet» prevents worries about hacking in through prevents worries about hacking in through
guessing passwords of existing usersguessing passwords of existing users
Client-Server Web ApplicationsClient-Server Web Applications Associated with “dynamic” web pagesAssociated with “dynamic” web pages Web servers provides a server-side Web servers provides a server-side
environment that can allow browser data to environment that can allow browser data to query remote online databases using SQL…query remote online databases using SQL… processing takes place at the server endprocessing takes place at the server end centralised and secure!centralised and secure!
Some recent challenges to client-server Some recent challenges to client-server applicationsapplications apps using local processing, even storage (!)apps using local processing, even storage (!) again…issue of availability v securityagain…issue of availability v security
Troubleshooting ResourcesTroubleshooting Resources Task ManagerTask Manager
Applications tab just gives the name and status of Applications tab just gives the name and status of each application that is loaded into memoryeach application that is loaded into memory
Processes tab:Processes tab:» all system processesall system processes» Memory usage of eachMemory usage of each» % CPU time for each% CPU time for each» Total CPU time since boot upTotal CPU time since boot up
Performance tabPerformance tab» Total no. of threads, processes, handles runningTotal no. of threads, processes, handles running» % CPU usage% CPU usage
Kernel modeKernel mode User modeUser mode
» Physical memory available/usagePhysical memory available/usage» Virtual memory available/usageVirtual memory available/usage
Troubleshooting ResourcesTroubleshooting Resources Event viewerEvent viewer
System events recorded into “event log” files System events recorded into “event log” files » Three by default: system, auditing, applicationThree by default: system, auditing, application» customisable customisable
Three types of events:Three types of events:» InformationInformation» WarningWarning» ErrorError
More information for each event obtained by More information for each event obtained by double-clickingdouble-clicking
Event management also required…Event management also required…» E.g. new files daily, old ones archived? dumped? when? E.g. new files daily, old ones archived? dumped? when? » how often to check event files?how often to check event files?» Important to detect security issues and potential failures Important to detect security issues and potential failures
Troubleshooting ResourcesTroubleshooting Resources System Monitor (perfmon.msc)System Monitor (perfmon.msc)
monitormonitor many aspects of system performance many aspects of system performance e.g. capture, filter, or analyses frames or packets sent over e.g. capture, filter, or analyses frames or packets sent over
the network, or capture data from hardware devicesthe network, or capture data from hardware devices» either display current data graphically, in real-timeeither display current data graphically, in real-time» or log data at regular intervals to get a longer term or log data at regular intervals to get a longer term
picturepicture AlertsAlerts
» notify when a particular threshold value has been reachednotify when a particular threshold value has been reached
System Recovery…System Recovery… If a fatal error occurs:If a fatal error occurs:
» immediate dump of system memory is madeimmediate dump of system memory is made can be used for identifying the cause of the problemcan be used for identifying the cause of the problem
» alerts are sent to usersalerts are sent to users» system is restarted automaticallysystem is restarted automatically