WOLAITA SODO UNIVERSITY

SCHOOL OF INFORMATICS

DEPARTMENT OF INFORMATION TECHNOLOGY

Assignment for System and Network Administration

Submitted to Mr. Alemayehu Dereje (M.Sc.)

Prepared by: -

Name ID
1. Abdulhafiz Kemal SOI/R/191/10
2. Sherefa Kedir SOI/R/159/10
3. Abera fufa SOI/R/109/10
4. Eyob shiferaw SOI/R/148/10
5. Misganaw ashebir SOI/R/048/10
6. Melkamu zewdu SOI/R/017/10
7. Amare mengistu SOI/R/069/10
8. Selam bishaw SOI/R/070/10
9. Betelehem habtamu SOI/R/141/10
10. Abebe geremew SOI/R/006/10
11. Sentayew petros SOI/RT/464/10
12. Beimnet birhanu SOI/RT/170/10
13. Melesech teshome NCS/R/576/06
 A. Group policy

Group Policy is an integral feature built into Microsoft Active Directory. Its core purpose is to
enable IT administrators to centrally manage users and computers across an AD domain. This
includes both business users and privileged users like IT admins, and workstations, servers,
domain controllers (DCs) and other machines.

Group Policy is a feature of Windows that facilitates a wide variety of advanced settings that
network administrators can use to control the working environment of users and computer
accounts in Active Directory. It essentially provides a centralized place for administrators to
manage and configure operating systems, applications and users’ settings.

Group Policies, when used correctly, can enable you to increase the security of user’s computers
and help defend against both insider threats and external attacks.

Group Policy is a series of settings in the Windows registry that control security, auditing and
other operational behaviors. For example, Group Policy enables you to prevent users from
accessing certain files or settings in the system, run specific scripts when the system starts up or
shuts down, or force a particular home page to open for every user in the network. Here are
Active Directory Group Policy best practices that will help you to secure your systems and
optimize Group Policy performance.

Group Policy is a critical element of any Microsoft Active Directory (AD) environment. But
exactly what is it and how does it work? How can attackers compromise it, and how can you
defend yourself? Here are all the essential things you need to know.

B. Roaming Profiles
Roaming profile is stored on a central server which can be accessed from all domain computers.
This allows you to have the same environment settings on every machine to which you log on.
Your roaming profile is copied to a machine when you log on and the synchronized back to the
server when you log off. Microsoft's roaming profiles give IT administrators a basic option to
provide users with their personal settings and data on any device or virtual desktop connected to
the corporate network.

1
With a roaming user profile, employees' data follows them from device to device. These profiles
are stored on a network server rather than on a desktop computer. Admins can configure Active
Directory so that it associates the roaming user profile with the user's account.

Members of some groups in the department have a roaming profile. This means that the master
copy of the profile is stored on a fileserver. When you log in to a Windows computer, the
contents of your profile will be synchronized from the fileserver to the local computer. When
you log out of the computer, any changes to the profile are then synchronized back to the server.

A major drawback of roaming profiles is that they can slow down the network. Windows user
profiles often become very large as the user profile data continues to grow. If you have a large
roaming profile, the login and logoff times may take a significant amount of time.

C. Proxies and Gateways

Both a proxy server and a gateway route traffic from inside a network to the Internet. A gateway,
however, is more like a door to get to the Internet, while a proxy server acts like a wall that bars
the inside of the network from being exposed to the Internet. Proxy server filters which
connection is allowed, while a gateway doesn't do any filtering.

Proxies
A proxy server represents the network from the outside. Any user trying to gain access to any
computer inside a network with a proxy will only see the IP address of the proxy server. It acts
like a barrier to hide your network by configuring the Internet options of computers within the
network to first point to the proxy server before going out to the Internet. It keeps computers
inside the network anonymous.

Gateways

For two networks to communicate, a gateway must be provided from each network. The gateway
defines what is internal to the network and what is external. If a computer needs to communicate
with another computer outside the network, it must be configured with a gateway to gain access
outside the network. Without a gateway, a computer will be unable to get out, like someone
locked inside a house.

2
 D. Remote administration
Remote administration refers to any method of controlling a computer from a remote location.
Software that allows remote administration is becoming increasingly common and is often used
when it is difficult or impractical to be physically near a system in order to use it. A remote
location may refer to a computer in the next room or one on the other side of the world. It may
also refer to both legal and illegal (i.e. hacking) remote administration

Common tasks for which remote administration is used

 Shutdown
Shutting down or rebooting another computer over a network
 Accessing peripherals
Using a network device, like printer
Retrieving streaming data, much like a CCTV system
 Modifying
Editing another computer's Registry settings
Modifying system services
Installing software on another machine
Modifying logical groups
 Viewing
Remotely assisting others
Supervising computer or internet usage
Access to a remote system's "Computer Management" snap-in
 Hacking
Computers infected with malware such as Trojans sometimes open back doors into computer
systems which allow malicious users to hack into and control the computer. Such users may then
add, delete, modify or execute files on the computer to their own ends.
E. Routing and NAT
Network routing is the process of selecting a path across one or more networks. The principles of
routing can apply to any type of network, from telephone networks to public transportation. In
packet-switching networks, such as the Internet, routing selects the paths for Internet Protocol

3
(IP) packets to travel from their origin to their destination. These Internets routing decisions are
made by specialized pieces of network hardware called routers.
Routing is a process which is performed by layer 3 (or network layer) devices in order to deliver
the packet by choosing an optimal path from one network to another. There are 3 types of
routing:
Static routing: - is a process in which we have to manually add routes in routing table.
Advantages: –
 No routing overhead for router CPU which means a cheaper router can be used to do
routing.
 It adds security because only administrator can allow routing to particular networks only.
 No bandwidth usage between routers.
Default Routing: –
This is the method where the router is configured to send all packets towards a single router
(next hop). It doesn’t matter to which network the packet belongs, it is forwarded out to router
which is configured for default routing. It is generally used with stub routers. A stub router is a
router which has only one route to reach all other networks.
Dynamic Routing: - Dynamic routing makes automatic adjustment of the routes according to
the current state of the route in the routing table. Dynamic routing uses protocols to discover
network destinations and the routes to reach it. RIP and OSPF are the best examples of dynamic
routing protocol. Automatic adjustment will be made to reach the network destination if one
route goes down
Advantages: –
 Easy to configure.
 More effective at selecting the best route to a destination remote network and also for
discovering remote network.
Disadvantage: –
 Consumes more bandwidth for communicating with other neighbors.

NAT

4
NAT stands for network address translation. It’s a way to map multiple local private addresses to
a public one before transferring the information. Organizations that want multiple devices to
employ a single IP address use NAT, as do most home routers.
When the local address is converted to a public one, this NAT chooses the same one. This means
there will be a consistent public IP address associated with that router or NAT device.
Types of NAT
There are three different types of NATs. People use them for different reasons, but they all still
work as a NAT.
1. Static NAT
When the local address is converted to a public one, this NAT chooses the same one. This means
there will be a consistent public IP address associated with that router or NAT device.
2. Dynamic NAT
Instead of choosing the same IP address every time, this NAT goes through a pool of public IP
addresses. This results in the router or NAT device getting a different address each time the
router translates the local address to a public address.
3. PAT
PAT stands for port address translation. It’s a type of dynamic NAT, but it bands several local IP
addresses to a singular public one. Organizations that want all their employees’ activity to use a
singular IP address use a PAT, often under the supervision of a network administrator.