COC 3:

SET UP
COMPUTER
SERVERS
SERVER COMPUTER
The function of a computer server is to store, retrieve and send or
"serve" files and data to other computers on its network. Many businesses of
all sizes use a local network or "intranet" in their office facilities. On a larger
scale, the world-wide computer network we know as the "Internet" depends
upon a large number of servers located around the world. The files, data, and
functionality of a given website are based on web servers.
A server is a computer on a network that listens for requests from
other computers, often called clients, and responds to them. Common types of
servers include web servers that deliver webpages, file servers that store files,
print servers that manage printing tasks and database servers that store
organized sets of information. Servers can run on independent computers, or
server software can be run on a computer that's also being used for other
work.
Computer scientists sometimes talk about the client-server model of
networking, where a system is either a client requesting that another system
return data or perform computation, or a server providing the answers to a
client's request. A server can be located in an office, in a dedicated data center
or, in the case of home servers, simply in the corner of a home office or living
room.
In some cases, certain computers function entirely as clients,
outsourcing almost all work to server systems. Low-powered machines that
have such a role are sometimes called thin clients. Computers on the World
Wide Web are usually strictly either clients or servers. Although it's possible
to access a website from a server or to serve up content from a home desktop
or laptop, it's not particularly common.
In other cases, a computer may operate as both a client and a server in
various scenarios. For example, it's common for a web server to receive a
request from a client and then, in response to that request, send a query to a
separate database server, essentially becoming a client itself.
While some servers may have specialized hardware, many servers today
run server software on top of standard operating systems such as Linux
or Microsoft Windows. That software handles requests from clients and is
essentially what turns the computer into a server.
https://www.techwalla.com/articles/what-are-the-functions-of-client-server-
computers-on-a-network

ACTIVE DIRECTORY DOMAIN SERVICES

Microsoft’s Active Directory Domain Services (AD DS) is a core role that
allows users to build a scalable and centralized Windows network.
Furthermore, the AD DS takes care of user logins, security permissions, and
other crucial network services.
The AD DS is a function of the Active Directory, which manages users,
groups, organizational units, and computers, allowing IT administrators to
structure users into logical hierarchical units.
In this article, we’ll cover some AD DS’s basic terminologies, services, and
other features.
First, let’s have a look at the Active Directory (AD).

ACTIVE DIRECTORY
Active Directory is a Microsoft technology that is installed when the Active
Directory Domain Services is set up in the Domain Controller.
As the name suggests, the Active Directory is a repository or database that
stores objects such as groups, computers, printers, file shares, group policies,
and file permissions.
The most crucial role of the Active Directory is to handle user authentication
in the domain network. It accomplishes this by allowing only authorized users
to log into the network.
Additionally, the AD centralizes security by storing user accounts and their
passwords in one location, instead of storing them in client computers.
IT administrators can create and delete users, configure or allow users to
change their passwords, and create group policies, which determine how
users interact with their PCs in the domain environment.
Without an Active Directory, IT administrators are forced to set up local
users on each PC and reset the password for every user on their computers.
The AD DS is the fundamental framework for domain management. Each
domain forms part of an Active Directory Forest, which can also comprise of
more than one domain arranged into various organizational units.

CATEGORIES OF ACTIVE DIRECTORY OBJECTS

Active Directory objects can be categorized into two main categories:
 Container objects: These are objects that contain other objects inside
them, such as Forests, Trees, Domains, and organizational units.
 Leaf Objects: These are objects that do not contain other objects,
such as users, printers, and computers.


KEY TERMINOLOGIES OF ACTIVE DIRECTORY

DOMAIN SERVICES
 Schema: This is a set of instructions that govern attributes and objects
in the AD DS.
  Global Catalog: This is a repository of objects contained in the AD.
It’s in the Global Catalog that you’ll find users’ details such as names and
contacts.
 Sites: This represent the network topology of a Windows network.
 Query and Index Mechanism: This feature ensures users can locate
each other in the Active Directory. A perfect example is when you start
typing a user’s email address in the client’s recipient field and the possible
matches are displayed.
 Lightweight Directory Access Protocol: Commonly abbreviated as
LDAP, this protocol enables the Active Directory to communicate with
LADP enabled directory services in the network.
 Replication Service: As the name suggests, replication ensures the
Domain Controller is replicated onto another Domain Controller, thereby
having the same schema and catalog.

SERVICES PROVIDED IN THE ACTIVE DIRECTORY

DOMAIN SERVICES
The Active Directory provides a myriad of services that fall under the Active
Directory Domain Services.
Here is a description of some of the services.

 Domain Services
The AD DS offers core services such centralization of data and management
of communication between users in the domain, search functionality, as well
as login authentication.

 Lightweight Directory Services

This feature supports applications that are directory enabled using the LDAP
protocol.
  Rights Management
Rights management handles information rights. It encrypts and limits the
access to personal content such as emails, documents, and other confidential
data.

 Directory Federation Services

DFS provides a single-sign-on functionality that enables secure user
authentication, especially when they are interacting with multiple web
applications during a single session.

 Certificate Services
These features allow for the generation, management, and sharing of security
certificates. The certificates encrypt data sent over the Internet and guarantee
their privacy and confidentiality, thereby averting attempts by hackers to steal
the information.

FUNCTIONS OF DOMAIN CONTROLLERS WITH ACTIVE DIRECTORY

DOMAIN SERVICES

A Domain Controller (DC) is a server in the Windows network that allows

users to access domain resources. Its main purpose is to authenticate users in
a network.
The DC listens to authentication requests from users in the network and
verifies them based on their usernames and passwords.
The Domain Controller hosts the Active Directory Domain Services as well
as a wide range of other services that complements Active Directory Domain
Services.
These services include:
NetLogon: It’s a service that runs silently in the background. Its main
purpose is to validate users’ login credentials in the domain network. If
stopped, many server functions would be adversely affected and users in the
domain would be unable to access their accounts. Additionally, any services
that depend on it will also fail.
 Kerberos Key Distribution Center (KDC): KDC is basically a
service that issues, validates, and performs encryption of Kerberos tickets.
It consists of an Authenticating Server and a Ticket Granting Server
(TGS). The service authenticates users when the Kerberos protocol is
used. Kerberos is a protocol designed for security and authentication
purposes. It provides a mechanism for authenticating users to use the
services on a Windows network; for example, accessing a file server
while, at the same time, encrypting the connections between clients and
servers.
 W32time service: Also referred to as Windows time, W32time is a
service that uses Network Time Protocol (NTP) to synchronize time and
date for all computers joined to the Active Directory. The NTP
synchronizes all the clocks on the computers in the domain network. For
Kerberos to function properly, it demands that date and time for all
computers in the network are synchronized.
 Intersite Messaging (IsmServ). This is a service that allows the
exchange of information between computers in a networked environment
with Windows servers. This protocol also allows replication between mail
sites by employing SMTP over a TCP/IP network.

https://blog.foldersecurityviewer.com/overview-of-active-directory-domain-
services/

Active Directory Forests

The best way to think of a forest is to imagine it in its traditional sense. A
forest is a group of one or more trees. It is the same within ADDS. In ADDS,
however, forests do not have to share the same geographic boundary. The
outermost boundary is the forest or a group of one or more trees. The next
layer is the tree. Unlike a forest, a tree must have a unique name. In Figure 1,
there are two trees: 1) abc.com and 2) xyz.com. Trees are a group of one or
more domains. A domain is a group of shared resources such as computers or
users. The domains within a tree share the same namespace as the tree. For
example, asia.abc.com and europe.abc.com share the same namespace as
abc.com.
https://study.com/academy/lesson/forests-in-windows-server-active-
directory-definition-purpose.html

ORGANIZATIONAL UNIT
An organizational unit (OU) is a subdivision within an Active Directory into
which you can place users, groups, computers, and other organizational units.
You can create organizational units to mirror your organization's functional
or business structure. Each domain can implement its own organizational unit
hierarchy. If your organization contains several domains, you can create
organizational unit structures in each domain that are independent of the
structures in the other domains.

The term "organizational unit" is often shortened to "OU" in casual

conversation. "Container" is also often applied in its place, even in
Microsoft's own documentation. All terms are considered correct and
interchangeable.

https://kb.iu.edu/d/atvu

What is a User?
User accounts are created and stored as objects in Active Directory
Domain Services. User accounts can be used by human users or programs
such as system services use to log on to a computer. When a user logs on, the
system verifies the user's password by comparing it with data stored in the
user's user object in the Active Directory server. If the password is
authenticated, that is, the password presented matches the password stored in
the user object, the system produces an access token. An access token is an
object that describes the security context of a process or thread. The data in a
token includes the security identity and group memberships of the user
account associated with the process or thread. Every process executed on
behalf of this user has a copy of this access token.

Each user or application that accesses resources in a Windows domain must

have an account in the Active Directory server. Windows uses this user
account to verify that the user or application has permission to use a resource.

A user account can be used to:

 Enable human users to log on to a computer and to access resources

based on that user account's identity.
 Enable programs and services to run under a specific security context.
 Manage user access to shared resources such as objects and their
properties, network shares, files, directories, printer queues, and so on.

Groups can contain members, which are references to users and other
groups. Groups can also be used to control access to shared resources. When
assigning permissions for resources, for example file shares, printers, and so
on, administrators should assign those permissions to a group rather than to
the individual users. The permissions are assigned once to the group, instead
of several times to each individual user. This helps simplify the maintenance
and administration of a network.

https://docs.microsoft.com/en-us/windows/win32/ad/what-is-a-
user#:~:text=User%20accounts%20are%20created%20and,log%20on%20to
%20a%20computer.&text=Windows%20uses%20this%20user%20account,pe
rmission%20to%20use%20a%20resource.

GROUP POLICY
Group Policy is a hierarchical infrastructure that allows a network
administrator in charge of Microsoft's Active Directory to implement specific
configurations for users and computers. Group Policy is primarily a security
tool, and can be used to apply security settings to users and computers. Group
Policy allows administrators to define security policies for users and for
computers. These policies, which are collectively referred to as Group Policy
Objects (GPOs), are based on a collection of individual Group Policy
settings. Group Policy objects are administered from a central interface called
the Group Policy Management Console. Group Policy can also be managed
with command line interface tools such as gpresult and gpupdate.

The Group Policy hierarchy

Group Policy objects are applied in a hierarchical manner, and often multiple
Group Policy objects are combined together to form the effective policy.
Local Group Policy objects are applied first, followed by site
level, domain level, and organizational unit level Group Policy objects.

https://searchwindowsserver.techtarget.com/definition/Group-
Policy#:~:text=Group%20Policy%20is%20a%20hierarchical,settings%20to%
20users%20and%20computers.

DHCP SERVER

A DHCP Server is a network server that automatically provides and assigns

IP addresses, default gateways and other network parameters to client
devices. It relies on the standard protocol known as Dynamic Host
Configuration Protocol or DHCP to respond to broadcast queries by clients.
A DHCP server automatically sends the required network parameters for
clients to properly communicate on the network. Without it, the network
administrator has to manually set up every client that joins the network,
which can be cumbersome, especially in large networks. DHCP servers
usually assign each client with a unique dynamic IP address, which changes
when the client’s lease for that IP address has expired.

When to use a router/switch as your DHCP Server

There are many enterprise companies who are still using DHCP for IPv4 on
their routers/switches. This is typically done by the network administrator
who needs to get a DHCP capability up and running quickly but does not
have access to a DHCP server. Most routers/switches have the ability to
provide the following DHCP server support:
 a DHCP client and obtain an interface IPv4 address from an upstream
DHCP service
 a DHCP relay and forward UDP DHCP messages from clients on a LAN
to and from a DHCP server
 a DHCP server whereby the router/switch services DHCP requests
directly. However, there are limitations to using a router/switch as a
DHCP server
 Running a DHCP server on a router/switch consumes resources on the
network device. These DHCP packets are handled in software (not
hardware accelerated forwarding). The resources required make this
practice not suitable for a network with a large number (> 150) of DHCP
clients.
 Does not support dynamic DNS. The router/switch DHCP server cannot
create an entry into DNS on behalf of the client based on the IPv4
address that was leased to the client.
 No ability to e asily manage the scope and see the current DHCP
bindings and leases across multiple routers. Administrator must log into
the switch/router individually to get information about DHCP bindings.
 No high availability or redundancy of the DHCP bindings. This could
cause problems if the current DHCP server and default gateway fails.
 It is more difficult to configure DHCP options on router/switch platform.
 The DHCP service running on a router/switch is not integrated with IP
address management (IPAM) for address tracking and scope utilization
or security forensics.

The Benefits of a dedicated DHCP Server

A better approach than trying to use DHCP on your router/switch is to use a

centralized DHCP server. This is particularly true for network environments
that require support of both DHCP for IPv4 and DHCP for IPv6 at the same
time. Virtually all DHCP server vendors support both protocols so you can
use the same management interface for IPv4 and IPv6. There are several
benefits that make it advantageous for an enterprise to use DHCPv6.
 Having a DHCPv6 server that is integrated into your IP Address
Management (IPAM) system for IPv6 gives visibility to the IPv6-
enabled client nodes.
 You also would want this same functionality for IPv4. As IPv4 address
space becomes increasingly constrained, you will want to keep track of
your DHCP scopes and determine if your lease time is adequate with the
plethora of BYOD systems joining your networked environment.
 DHCP servers provide logging and management interfaces that aid
administrators manage their IP address scopes. Your organization will
want an accounting of what is on your network regardless of IP version
being used.
 DHCP servers can provide redundancy and high availability. If one
DHCP server were to fail, the clients will preserve their current IP
addresses and not cause an interruption for the end-nodes.
 Organizations will prefer a DHCPv6 server that has been tried and
tested. For example, The Infoblox DHCPv6 server has been certified as
“IPv6 Ready” by the USGv6 certification laboratory.

Organizations that are beginning to implement IPv6 should migrate DHCP

for IPv4 scope off the routers/switches and put them on a robust DHCP server
infrastructure. This change will also mean that your organization would want
to have DHCP operate the same for both protocols. Enterprise organizations
will want to take advantage of the centralized dual-protocol DHCP server to
provide IPv4 and IPv6 addresses to client devices.

https://www.infoblox.com/glossary/dhcp-
server/#:~:text=A%20DHCP%20Server%20is%20a,to%20broadcast%20quer
ies%20by%20clients.

FILE SERVICES
A file server provides a central location on your network where you can store
files and share them with users across your network. When users require an
important file that is intended to be accessed by many users, such as a project
plan, they can access the file remotely on the file server instead of having to
pass the file between their separate computers.
If your network users need access to the same files and applications, or if
centralized backup and file management are important to your organization,
you should configure this computer as a file server by adding the File
Services role.
https://winintro.ru/fsm.en/html/4981929e-311d-4d08-bb6b-
a33b4fac8980.htm
What is "Folder Redirection" and what does it do?
Folder Redirection is defined by automatically re-routing standard folders to
use storage on another server. There are specific folders on a WSU
employee's workstation that are storing the files or data on a separate server.
The separate server can also be described as file shares. These specific
locations are "redirecting" the data onto a separate server. Folders that are
being redirected are being cached in a encrypted location on the current
workstation for off-line usage.

List of folders/locations being redirected

 Desktop Folder
 Documents Folder
 Downloads Folder
 I Drive
 H Drive

The folder redirection provides a number of useful tools.

1. Backing Up

Since these specific locations store information on a separate server. It creates

a back up for any files you place in the folders listed above. In case of an
emergency, this provides a simple way to keep data from being removed.

2. Synchronizing information to other workstations

It also provides a portable alternative when trying to access files on another

WSU workstation. For example, you can store a PDF on your desktop. Then,
you can log onto another workstation and that PDF file will still be there on
your desktop.

https://www.weber.edu/financialservices/Folder_Redirection.html#:~:text=Fo
lder%20Redirection%20is%20defined%20by,data%20on%20a%20separate%
20server.&text=These%20specific%20locations%20are%20%22redirecting,d
ata%20onto%20a%20separate%20server.
Print and Document Services
Print and Document Services is a server role in Windows Server 2008 R2 that
enables you to share printers and scanners on a network, set up print servers
and scan servers, and centralize network printer and scanner management
tasks. You can do these tasks using the Print Management and Scan
Management Microsoft Management Console (MMC) snap-ins. You can use
the snap-ins to monitor network printers and scanners, and to manage
Windows print servers and scan servers in your organization.
Managing print and scan resources
There are three primary tools that you can use to manage Windows print
servers and scan servers:

 Server Manager

 Print Management

 Scan Management

In Windows Server 2008 R2, you use Server Manager to install the Print and
Document Services server role and role services. These role services also
install the Print Management and Scan Management snaps-ins.
The Print Management and Scan Management snaps-ins are also available on
computers running Windows 7.
Print Management helps you to monitor print queues and receive notifications
when print queues stop processing print jobs. It also enables you to migrate
print servers and deploy printer connections using Group Policy.
Scan Management enables you to monitor network scanners and scan servers,
process scanned documents, and then route the scanned documents to
network folders, Windows SharePoint Web sites, and to e-mail recipients.

Print and Document Services role services

The Print and Document Services role in Windows Server 2008 R2 includes
four relevant role services for managing print and scan resources. The first
three role services provide the functionality for a print server, while
Distributed Scan Server provides the functionality for a scan server. You can
add these role services while you are installing the Print and Document
Services role using the Add Roles Wizard for Server Manager. Or you can
install them at a later time using the Add Role Services Wizard for Server
Manager.

Note

Because Windows 7 is a client operating system, it does not include role services.
Instead, it includes the Print Management and Scan Management MMC snap-ins.
Windows 7 also includes the Line Printer Daemon (LPD) Print Service role service
as an optional Windows feature. Windows 7 does not include the Internet Printing
or Distributed Scan Server role services.

Print Server role service

Print Server is a role service of the Print and Document Services role, and
installs the Print Management snap-in. You can use Print Management to
manage multiple network printers or print servers, and migrate printers to and
from other Windows print servers.
LPD Service role service

The LPD Service role service that installs and starts the TCP/IP Print Server
(LPDSVC) service, which enables UNIX-based computers or other
computers that are using the Line Printer Remote (LPR) service to print to
shared printers on this server.

Internet Printing role service

The Internet Printing role service in Windows Server 2008 R2 creates a Web
site hosted by Internet Information Services (IIS). This Web site enables users
to manage print jobs on the server, and to use a Web browser to connect and
print to shared printers on the server by using the Internet Printing Protocol
(IPP). (Users must have Internet Printing Client installed.)

Distributed Scan Server role service

Distributed Scan Server is a role service that installs the Scan Management
snap-in. You can use Scan Management to monitor multiple network
scanners, configure scan servers, process scanned documents, and then route
the scanned documents throughout your network.
http://winintro.ru/pmc.en/html/12485e2d-bf0f-4640-96b7-
f29fa19025f5.htm#:~:text=Print%20and%20Document%20Services%20is,pri
nter%20and%20scanner%20management%20tasks.
Printer Deployment
Deploying printers via Group Policy lets you manage your printers from a
single console and also gives you granular control over which printers to
deploy to individual client PCs without needing any additional software.
https://4sysops.com/archives/deploying-printers-using-group-policy/
REMOTE DESKTOP
Remote desktop is a program or an operating system feature that allows a
user to connect to a computer in another location, see that computer's desktop
and interact with it as if it were local.

People use remote desktop access capabilities to do a variety of things,

including the following:

 Access a workplace computer from home or when traveling.

 Access a home computer from other locations.
 Fix a computer problem.
 Perform administrative tasks.
 Demonstrate something, such as a process or a software application
https://searchenterprisedesktop.techtarget.com/definition/remote-desktop