ISP Point: January 2008

Wednesday, January 30, 2008

Mail Server

To configure a mail server, start the Configure Your Server Wizard by doing either of the following:
From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then double-click Manage Your Server.
To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative Tools, and then double-click Configure Your Server Wizard.
On the Server Role page, click Mail server (POP3, SMTP), and then click Next.
This section covers:

Configure POP3 Service
On the Configure POP3 Service page, under Authentication method, click the appropriate method for your deployment. The Windows Server 2003 family supports the authentication methods listed in the following table.
Use this authentication method
When
Local Windows accounts
Your mail server is not an Active Directory member server, and you want to store user accounts on the server on which the POP3 service is installed
Active Directory-Integrated
Your mail server is a domain controller or a member server
Encrypted Password File
Your mail server is not using Active Directory, or you do not want to have user accounts for the POP3 service on the local computer
The authentication methods that are available to you depend on the configuration of your server:
If the computer on which the POP3 service is running is a member server in an Active Directory domain, all three authentication methods are available.
If the computer on which the POP3 service is running is a domain controller, the available authentication methods are Active Directory integrated authentication and encrypted password file authentication.
Otherwise, the available authentication methods are local Windows accounts authentication and encrypted password file authentication.
Under E-mail domain name, type your registered e-mail domain name. You can create additional e-mail domains later by using the POP3 service snap-in or the Winpop command-line tool.
After you finish, click Next

Summary of Selections
On the Summary of Selections page, you can view and confirm the options that you have selected. If you selected Mail server (POP3, SMTP) on the Server Role page, the following appears:
Install POP3 and Simple Mail Transfer Protocol (SMTP) to enable POP3 mail clients to send and receive mail
To apply the selections shown on the Summary of Selections page, click Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page.
Completing the Configure Your Server Wizard
After the components are configured, the Configure Your Server Wizard displays the This Server is Now a Mail Server page. To review all of the changes made to your server by the Configure Your Server Wizard or to ensure that a new role was installed successfully, click Configure Your Server log. The Configure Your Server Wizard log is located at systemroot\Debug\Configure Your Server.log. To close the Configure Your Server Wizard, click Finish.
At this stage, you have a fully-functioning mail server, but you must also create mailboxes for all of the users in the domain who will be sending or receiving e-mail. Without mailboxes, users cannot send or receive e-mail.

Creating mailboxes
To send and receive e-mail, each user must have a unique mailbox in the e-mail domain. You can create mailboxes from either the POP3 service MMC snap-in or at the command line. This procedure uses the POP3 service MMC snap-in. For more information about creating mailboxes or administering the POP3 service at the command line, see Winpop. For more information about creating mailboxes, see To create a mailbox.
Step
Comments
Open the POP3 service MMC snap-in.
To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.
Create one or more mailboxes.
In the console tree, select the e-mail domain that you specified in the Configure Your Server Wizard (for example, example.com). Right-click the e-mail domain, point to New, and then click Mailbox. Provide the following information:
Mailbox Name—the name of the mailbox. The maximum length for a mailbox name is 20 characters for local Windows accounts authentication, and 64 characters for encrypted password file authentication or Active Directory integrated authentication. The minimum length is 1 character.
Password—the password to access the mailbox.
Confirm Password—retype the password that was specified in Password.
If you are using Active Directory integrated authentication or local Windows accounts authentication, select the Create associated user for this mailbox check box, unless a user account already exists with the same name as the mailbox that you want to create. If the check box is already selected, clear it only if an account already exists with the same name as the mailbox that you want to create.

Removing the mail server role
If you need to reconfigure your server for a different role, you can remove existing server roles. By removing the mail server role, you will uninstall all mail server components, such as the POP3 service and SMTP service. After the mail server components are uninstalled, users will no longer be able to send or receive e-mail using that server. Any e-mail that is stored on the computer will not be affected by removing the mail server role and will remain in the mail store.
To remove the mail server role, restart the Configure Your Server Wizard by doing either of the following:
From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then double-click Manage Your Server.
To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative Tools, and then double-click Configure Your Server Wizard.
On the Server Role page, click Mail server (POP3, SMTP), and then click Next. On the Role Removal Confirmation page, review the items listed under Summary, select the Remove the mail server role check box, and then click Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page. On the Mail Server Role Removed page, click Finish.

Next steps: Completing additional tasks

After you complete the Configure Your Server Wizard and create mailboxes, the computer is ready for use as a mail server. Up to this point, you have completed the following tasks:
Installed the POP3 service and the SMTP service.
Configured the POP3 service to use an authentication method.
Created an e-mail domain.
Created mailboxes.
The Configure Your Server Wizard automatically installs the POP3 service MMC snap-in, which you use to manage your mail server. To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.
The following table lists additional tasks that you might want to perform on your mail server.
Task
Purpose of task
Reference
Provide users with the procedure to configure their e-mail clients to use the mail server.
To connect to the mail server, the user's e-mail client must be configured specifically for the mail server.

Implement disk quotas.
Disk quotas ensure that the mail store does not use an excessive or unanticipated amount of disk space, which could adversely affect the performance of the server on which the POP3 service is running. You must have an NTFS partition to implement disk quotas. NTFS partitions allow for greater directory and folder security, which better protects e-mail stored on the local hard disk.
Configuring disk quotas for the POP3 service
Configure your mail server to require secure e-mail client authentication.
The POP3 service supports Secure Password Authentication (SPA) for Active Directory integrated authentication and local Windows accounts authentication. Secure Password Authentication requires that all e-mail clients transmit both the user name and password using secure authentication. Secure Password Authentication is more secure than the default of plaintext and, therefore, is recommended over plaintext. Secure Password Authentication must be configured on both the server on which e-mail services are running and on every e-mail client that will connect to the mail server.

To configure the mail server to require Secure Password Authentication!

Configuring disk quotas for the POP3 service!

Express for Secure Password Authentication!

To configure the mail server to require Secure Password Authentication
Using the Windows interface
Open POP3 service
In the console tree, right-click the computer_name node and click Properties.
Where?
POP3 Service
computer_name
Select Require Secure Password Authentication (SPA) for all client connections.
Important
If you change this parameter, you must stop and restart the POP3 service. For more information on changing the POP3 service state, see Related Topics.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click POP3 Service.
SPA supports only Active Directory integrated authentication and local Windows accounts authentication.
If you enable SPA, users' e-mail clients must also be configured to use SPA. For more information, see Related Topics.
If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.
Configuring the mail server to require Secure Password Authentication affects only the POP3 service and not the Simple Mail Transfer Protocol (SMTP) service. For more information about the security options for the SMTP service, see Set Security Options.

Using a command line
Open Command Prompt.
Type:
winpop set sparequired {01}
Value
Description
winpop set sparequired
Specifies whether Secure Password Authentication is required for all client connections.
{01}
Specifies whether secure authentication is required from all e-mail clients.
The default is 0, which specifies that SPA is not required. 1 requires SPA from all e-mail clients and prevents e-mail clients from authenticating by using plaintext authentication.
Important
If you change this parameter, you must stop and restart the POP3 service. For more information on changing the POP3 service state, see Related Topics.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open a command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt.
SPA supports only Active Directory integrated authentication and local Windows accounts authentication.
If you enable SPA, users' e-mail clients must also be configured to use SPA. For more information, see Related Topics.
If you are using Active Directory integrated authentication, you must log on to the Active Directory domain, not the local computer, to perform this procedure.
To view the complete syntax for this command, at a command prompt, type:
winpop set help
Configuring the mail server to require Secure Password Authentication affects only the POP3 service and not the Simple Mail Transfer Protocol (SMTP) service. For more information about the security options for the SMTP service, see Set Security Options.
To configure Outlook Express for Secure Password Authentication
Click Start, point to All Programs, and then click Outlook Express.
On the Tools menu, click Accounts.
In Internet Accounts, click the Mail tab, click the name of your POP3 e-mail account, and then click Properties.
Click the Servers tab, and then click Log on using Secure Password Authentication.
In Account name, type your POP3 service user name not including the domain. For example, if your e-mail address is someone@example.com, you would type:
someone and then click OK. If a naming conflict occurred when the mailbox was created, the user name is the pre-Windows 2000 logon name. For more information about the pre-Windows 2000 logon name, see Notes.
Notes
Secure Password Authentication (SPA) only supports Active Directory integrated authentication and local Windows accounts authentication.
Be sure to update your e-mail client software and client operating system with the latest service pack available.
If you are using an e-mail client other than Outlook Express, check your product documentation for information about how to configure your e-mail client to use Secure Password Authentication (SPA) (also known as NTLM Authentication).
If a dialog box prompts you for your credentials after you configure Outlook Express for SPA, enter your credentials, as described in the following table:
Value
Description
User Name
Your user name, not including the domain. For example, if your e-mail address is someone@example.com, you would type:
someoneIf a naming conflict occurred when the mailbox was created, the user name is the pre-Windows 2000 logon name.
Password
Your password.
Domain
For Active Directory integrated authentication, this is the network basic input/output system (NetBIOS) name of the domain. For local Windows accounts authentication, this is the name of the local computer.
If you are using Active Directory integrated authentication and Secure Password Authentication and a naming conflict occurred when the mailbox was created, the pre-Windows 2000 logon name must be used for e-mail client authentication. To determine the modified logon name, go to the Active Directory Users and Computers snap-in in Administrative Tools. Go to the Users folder, right-click the user account, and then click Properties. Click the Account tab and the modified account name will appear in User logon name (pre-Windows 2000). You must note the pre-Windows 2000 logon name and provide it to the user.
Related Topics
Configuring disk quotas for the POP3 service
Important
You can configure disk quotas only on NTFS file system partitions.
You can use disk quotas to control and limit the amount of disk space individual mailboxes on the mail server can use. This ensures that individual mailboxes, and the mail store in general, do not use excessive or unanticipated amounts of disk space and adversely affect the performance of the server where the POP3 service is running.
For example, if the mail server suddenly receives a large volume of unsolicited e-mail, the mail store expands rapidly and might use all of the available disk space on the hard disk. If you implement quotas, the mail store only expands to the quota limit that you specified. As a result, no more mail is accepted by the server, and the rest of the server still functions normally.
If you are using Active Directory integrated authentication or local Windows accounts authentication, the e-mail delivered to a POP3 service mailbox will have file ownership assigned to the mailbox user by default. A quota file is created in the mailbox directory that contains the security identifier (SID) of the user account associated with the mailbox. File ownership is then assigned to the user account that corresponds to the SID contained in the quota file. The SID is also used by the NTFS file system disk quota system to enforce the quota limits specified on the user account matching the SID. All e-mail transferred to the mailbox's mail store directory is marked with the SID contained in the quota file; this marks the e-mail so it can be monitored by the quota system.
For more information, see Disk quotas.
createquotafile command
If you are using encrypted password file authentication, there is no valid user account for the mailbox that the quota system can use. You can use the createquotafile /user command, however, to manually associate a given mailbox with a valid user account that is configured to have a disk quota. This association is for disk quota purposes only and is separate from mailbox authentication. If you are using Active Directory integrated authentication or local Windows accounts authentication, a quota file is created by default when you create a mailbox.
For more information about the createquotafile command, see To create a quota file.
Configuring domain disk quotas
Although quotas are designed to be implemented on a per-mailbox basis, you can create a domain-wide disk quota.
To create a disk quota for a domain, you must create a new mailbox and user account with an associated quota. The quota file for the new mailbox functions as a template that you can then copy into all of the other mailbox directories in the domain to create a domain-wide quota policy.
The following table describes the steps for creating a domain disk quota.
Step
Reference
Create a new mailbox and user account. When you create the new mailbox, you must also create an associated user account for the mailbox. This account will be used to create a domain-wide quota. Other accounts in the domain can be configured to reference this account and its associated quota. All accounts associated with this account will have their disk usage aggregated under a single quota limit, which will create a domain-wide quota limit.
To create a mailbox
Enable disk quotas for the partition on which the mail store is configured.
To enable disk quotas
Create a quota to be used as the domain quota and assign it to the domain quota account.
To add new quota entries
Do one of the following:
Copy the quota file from the mail store directory of the domain account to the corresponding mail store directory of all the mailboxes in the domain.
Or, using the winpop createquotafile command and the /user: switch, associate one or more accounts in the domain with the domain account and its quota. For more information on the createquotafile command, see To create a quota file.
N/A
Notes
When a mailbox quota is exceeded, the user is not notified. E-mail intended for the user is not accepted, and a Non-Delivery Report (NDR), a notice that the e-mail was not delivered to the recipient, is returned to the sender.
Be sure that users configure their e-mail client to delete from the server any e-mail that has been successfully retrieved. If users leave successfully retrieved e-mail on the server, they can quickly exceed their quota. Users are likely to be unaware of the disk usage and impact of old e-mail stored on the server.
You cannot set quota limits on the accounts of Administrators or members of the Administrators group.

File and Print Server

How To Install and Configure a File and Print Server in Windows Server 2003

Contents

Install File and Printer Sharing
How to Install a File Server on Windows Server 2003 by Using the Configure Your Server Wizard
How to Manually Install a File Server on Windows Server 2003
How to Install a Print Server on Windows Server 2003 by Using the Configure Your Server Wizard
How to Share a Printer
How to Manually Install a Print Server on Windows Server 2003

Install File and Printer Sharing

By default, a Windows Server 2003-based computer is installed with Client for Microsoft Networks, File and Printer Sharing for Microsoft Networks, and TCP/IP.NOTE: You can view these services in the properties for the local area connection.You can create a Windows Server 2003 file server and print server manually, or you can use the wizards that are provided in the Configure Your Server Wizard administrative tool.

How to Install a File Server on Windows Server 2003 by Using the Configure Your Server Wizard

1.
Click Start, point to Administrative Tools, and then click Configure Your Server Wizard.
2.
Click Next.
3.
Click Next.
4.
Click File server in the Server role box, and then click Next.
5.
On the "File Server Disk Quotas" page, configure any quotas you need to control disk-space usage on the server, and then click Next.
6.
On the "File Server Indexing Service" page, click the indexing configuration that is appropriate for your server, and then click Next.
7.
Click Next.
8.
Click Finish.
9.
The Share a Folder Wizard starts. Click Next.
10.
Click Browse, locate the folder that you want to share, and then click OK.
11.
Click Next.
12.
Type a share name for the folder, and then click Next.
13.
Click one of the basic permissions for the folder, or click Customize to set custom permissions on the folder. Click Finish.
14.
Click Close.

How to Manually Install a File Server on Windows Server 2003

1.
Click Start, and then click Windows Explorer.
2.
Locate the folder that you want to share.
3.
Right-click the folder, and then click Sharing and Security.
4.
Click Share this folder, and then accept the default name or type a different name for the share.
5.
Optionally, configure the number of users who can connect, configure permissions for this folder, and then configure the caching options.
6.
Click OK.
7.
A little hand is displayed in the Windows Explorer window to indicate that the folder is being shared.
8.
Quit Windows Explorer.
Back to the top

How to Install a Print Server on Windows Server 2003 by Using the Configure Your Server Wizard

1.
Click Start, point to Administrative Tools, and then click Configure Your Server Wizard.
2.
Click Next.
3.
Click Next.
4.
Click Print server in the Server role box, and then click Next.
5.
On the "Printers and Printer Drivers" page, click the types of Windows clients that your print server will support, and then click Next.
6.
Click Next.
7.
On the "Add Printer Wizard Welcome" page, click Next.
8.
Click Local printer attached to this computer, click to clear the Automatically detect and install my Plug and Play printer check box, and then click Next.
9.
Click the port for your printer, and then click Next.
10.
Click the printer make and model or provide the drivers from the printer manufacturer media, and then click Next.NOTE: If you are prompted to keep or not keep your existing printer driver, either keep the existing driver or replace the existing driver. If you replace the driver, you must provide the manufacturer driver for this printer. Click Next to continue.
11.
Accept the default name of the printer or provide a different name, and then click Next.
12.
Click the Share as option, type the share name, and then click Next.NOTE: This step is optional because you can share the printer later.
13.
You may provide the location of the printer and a comment to make it easier to locate. Click Next to continue.
14.
Click the Print a test page option, click Next, and then click Finish to quit the Add Printer Wizard. Your printer appears in the Printers and Faxes folder.

How to Share a Printer

1.
Click Start, and then click Printers and Faxes.
2.
Right-click the printer that you just installed, and then click Sharing.
3.
Click Share this printer, and then type a share name for the printer.
4.
Optionally, click Additional Drivers, click the operating systems of the client computers that may attach to this printer, and then click OK. By adding drivers for these operating systems, users on client computers can connect to the print server and automatically download the appropriate drivers for this model of printer without having to configure anything.
5.
When you are prompted to do so, insert the Windows Server 2003 CD-ROM.
6.
Click OK to close the printer properties.
7.
Close the Printers and Faxes folder.

How to Manually Install a Print Server on Windows Server 2003

1.
Click Start, point to Settings, and then click Printers.
2.
Double-click Add Printer to start the Add Printer Wizard.
3.
To complete the Add Printer Wizard, repeat steps 7 through 14 in the "Install a Windows Server 2003 Print Server" section of this article.

NOTE:

The only difference between the manual installation of the print server and the use of the Configure Your Server Wizard to create the print server is how you start the Add Printer Wizard.

Wednesday, January 23, 2008

Web Server (WEB)

Creating a Web Site

The simplest approach is to use a separate IP address to identify each web site on your machine. Let's say our server has five IP addresses assigned to it from the range 172.16.11.220 through 172.16.11.224. Before we create a new Human Resources web site, let's first examine the identify of the Default Web Site. Open IIS Manager in Administrative Tools, select Web Sites in the console tree, and right-click on Default Web Site and open it's properties:The IP address for the Default Web Site is All Unassigned. This means any IP address not specifically assigned to another web site on the machine opens the Default Web Site instead. A typical use for the Default Web Site is to edit it's default document to display general information like a company logo and how to contact the Support Desk.Let's use IP address 172.16.11.221 for the Human Resources site and make D:\HR the folder where the home page for this site is stored. To create the HR site, right-click on the Web Sites node and select New --> Web Site. This starts the Web Site Creation Wizard. Click Next and type a description for the site:Click Next again and specify 172.16.11.221 as the IP address for the site:Click Next and specify D:\HR as the home folder for the site. We've cleared the checkbox to deny anonymous access to the site because this is an internal intranet so only authenticated users should be able to access it (public web sites generally allow anonymous access):Click Next and leave only Read access enabled since the Human Resources site will initially only be used to inform employees of company policies:Click Next and then Finish to create the new web site:Now let's create another intranet site, this time for Help Desk, which will use IP address 172.16.11.222 and home folder D:\Help. We'll create this one using a script instead of the GUI:And here's the result:The script we used here is Iisweb.vbs, one of several IIS administration scripts available when you install IIS on Windows Server 2003. The basic syntax of this script is easy to figure out from the previous screenshot, and a full syntax can be found here. Note that unlike the Web Site Creation Wizard used previously. you can't use this script create a web site with anonymous access disabled. So if you want to disable anonymous access you should do it by opening the properties sheet for the Help Desk site, selecting the Directory Security tab, and clicking the Edit button under Authentication and Access Control. This opens the Authentication Methods box where you can clear the checkbox to disable Anonymous Access and leave Windows Integrated Authentication as the only authentication method available for clients on your network:Creating a Local Virtual DirectoryLet's say Human Resources keeps their policies in a folder called D:\HR Policies on your web server and you would like users to be able to use the URL http://172.16.11.221/policies when they need to access these policies. To do this we need to create a virtual directory that associates the /policies portion of the URL, called the alias for the virtual directory, with the physical directory D:\HR Policies where these documents are actually located.Let's do this now. Right-click on the Human Resources site and select New --> Virtual Directory to start the Virtual Directory Creation Wizard. Click Next and type the alias for the virtual directory:Click Next and specify the physical folder on the local server to map to this alias:Click Next and specify permissions (again we'll just leave Read enabled) and finish the wizard. Here's the result:Let's do something similar using another IIS script named Iisvdir.vbs, only we'll create a /procedures virtual directory instead:Open IIS Manager to display the new virtual directory:Note the difference in the icons for the two virtual directories. That's because when the script creates a virtual directory it also creates an application starting point for that directory, while the wizard does not. This doesn't matter though, since for now we're only hosting static content in these directories. For the full syntax of Iisvdir.vbs see here.Creating a Remote Virtual DirectoryHelp Desk likes to do things differently than Human Resources does, and their user manual is stored in HTML form in the share \\srv230\helpdesk on a network file server. Let's create a remote virtual directory within the Help Desk site that associates the alias /usermanual with this share. Right-click on the Help Desk site and select New --> Virtual Directory to start the Virtual Directory Creation Wizard again, specify usermanual as the alias for the directory, and type \\srv230\helpdesk as the UNC path to the share:Click Next and a new screen appears prompting you to either specify credentials for accessing the share or use the authenticated user's credentials for this purpose (we'll use the latter):Click Next and finish the wizard. Let's look at the result:The Iisvdir.vbs script can similarly be used for creating remote virtual directories.Controlling Access to a Web SiteNow that we have a couple of web sites and virtual directories created, let's look at a few administration tasks. This will be only a brief overview--you can find a much more detailed treatment of the subject in my book IIS 6 Administration (Osborne/McGraw-Hill).First let's look at how we can control access to our web sites. There are basically four ways you can do this: NTFS Permissions, web permissions, IP address restrictions, and authentication method. NTFS permissions is your front line of defense but it's a general subject that we can't cover in detail here. Web permissions are specified on the Home Directory tab of your web site's properties:By default only Read permission is enabled, but you can also allow Write access so users can upload or modify files on your site.Script source access so users can view the code in your scripts (generally not a good idea), or Directory browsing so users can view a list of files in your site (also not a good idea). Web permissions apply equally to all users trying to access your site, and they are applied before NTFS permissions are applied. So if Read web permission is denied but NTFS Read permission is allowed, users are denied access to the site.IP address restrictions can be used to allow or deny access to your site by clients that have a specific IP address, have an IP address within a range of addresses, or have a specific DNS domain name. To configure this, select the Directory Security tab and click the Edit button under IP Address and Domain Name Restrictions. This opens the following dialog, which by default does not restrict access to your site:The main thing to watch for here is that denying access based on domain name involves reverse DNS lookups each time clients try to connect to your web site, and this can significantly impact the performance of your site.The final way of controlling access to your sites is to use the Authentication Methods dialog box we looked at previously:In summary, the five authentication options displayed here are:Anonymous access. Used mainly for web sites on public (Internet) web servers.Integrated Windows authentication. Used mainly for web sites on a private intranet.Digest authentication. Challenge/response authentication scheme that only works with clients running Internet Explorer 5.0 or later.Basic authentication. Older authentication scheme that transmits passwords over the network in clear text, so use this only in conjunction with SSL..NET Passport authentication. Allows users to use their .NET Passport for authentication.Configuring Web Site LoggingSince web sites are prime targets for attackers, you probably want to log hits to your site to see who's visiting it. By default IIS 6 logs traffic to all content as can be seen on the bottom of the General tab of the properties for a web site or virtual directory:The default logging format is the W3C Extended Log File Format, and clicking Properties indicates new log files are created daily in the indicated directory. It's a good idea to specify that local time be used for logging traffic as this makes it easier to interpret the logs:The key of course is to review log files regularly to look for suspicious activity. IIS doesn't include anything for this purpose, but the IIS 6.0 Resource Kit Tools does include version 2.1 of Microsoft Log Parser, which can be used for analyzing IIS logs. You can download these tools here.Configuring Web Site RedirectionSometimes you need to take your web site down for maintenance, and in such cases it's a good idea to redirect all client traffic directed to your site to an alternate site or page informing users what's going on. IIS lets you redirect a web site to a different file or folder on the same or another web site or even to an URL on the Internet. To configure redirection you use the Home Directory tab and choose the redirection option you want to use:Stopping and Starting Web SitesFinally, if sites become available you may need to restart IIS to get them working again. Restarting IIS is a last resort as any users currently connected will be disconnected and any data stored in memory by IIS applications will be lost. You can restart IIS using IIS Manager by right-clicking on the server node:

Exchage Server (ES)

How to install Exchange Server1.

Log on using the primary Exchange account that you specified when you ran the Exchange 2003 ForestPrep. When you specified this account, ForestPrep gave it the full Exchange Administration rights.2. Insert the Exchange 2003 installation CD-ROM.3. Start Windows Explorer, navigate to the \setup\i386 folder on the CD-ROM, then double-click setup.exe.4. The Microsoft Exchange Installation Wizard will start. Click Next.5. Click "I agree" to the license agreement, then click Next.6. You now need to select which components you want to install; under Action, click Typical as this figure shows, then click Next.7. Select the option to "Create a new Exchange Organization," as this figure shows, then click Next.8. The wizard will prompt you for the organization name--enter a name, as this figure shows (typically the company name). Be aware that after you enter it, the organization name isn't easy to change.9. Confirm the license regarding per-seat licensing by selecting the "I agree that I have read and will be bound by the license agreements for this product" check box, then click Next.10. The wizard will display the summary of installation actions. Click Next.11. The installation will start and a progress screen will display the current actions. After the installation is complete, click Finish.12. If the system prompts you to restart the machine, click Yes.You're now ready to start configuring and using Exchange 2003.Configure Exchange 2003 ServerConfiguring your new Exchange 2003 server for internet email with POPcon for downloading the email from POP3 mailboxes isn't hard if you just do it step by step as shown in this configuration sample. In this guide we will step through a sample installation of Exchange 2003 for a company we will call "Mycompany". Mycompany consequently owns the internet domain name "mycompany.com".Actually it only takes these four steps:Adding your internet domain name to the recipient policiesConfiguring the SMTP server for inbound emailAdding a SMTP Connector for outbound emailsConfiguring the email addresses of your usersAnd this is how to configure the Exchange Server to accept email for mycompany.com and work with POPcon:First install the software from CD. You may have to go back to the "Add/remove Software" utility in the control panel to add NNTP support if you did not do so during initial setup of your windows installation. Then open the Exchange System Manager and configure the new Exchange installation.1. Adding your internet domain name to the recipient policiesOpen the Exchange System-Manager. It should look like this:One of the problems most often encountered when configuring an Exchange 2003 Server system is the fact that often the internet domain nane you want to receive email for ("mycompany.com") does not match your standard active directory domain name (i.e. "servername.mycompany.com"). The Exchange 2003 Server component handling incomming emails - the SMTP server - does not accept emails for other domains than the ones entered in the "recipient policies", even if you entered the correct email addresses ("user@mycompany.com") in the active directory.To make Exchange accept email for additional domains like your internet domain you need to add the domain names to the default recipient policy like this:On the main tree panel of the exchange system manager expand the tree "Recipients" and then click on "Recipient Policies". The policies will be shown on the right panel. Normally only the "Default Policy" will be there:Open the properties of the "Default Policy" by double-clicking it:In the Default Policy Properties please choose the tab "E-Mail Addresses". There you will find a list of domains supported by your exchange server. Usually only your internal active directory server domain will be listed here:Like you can see, after installing our Exchange Server from scratch only our AD domain "Christensen.local" was listed as accepted SMTP address. But emails from the internet will be comming in addressed to "@mycompany.com" and not Christensen.local!Choose "New..." here to add another accepted inbound domain. Since emails on the internet are sent via the SMTP protocol we want to add an "SMTP Address":Now enter the domain name you want to receive email for. Please add a leading "@" to the domain name. This is what we entered to support emails addressed to @mycompany.com:This is how the Default Policy Properties look like after entering the additional SMTP domain:Enable the newly created entry with a check mark next to it:When you OK the above dialog, Exchange will ask you with the next dialog box if you want to add the new address to all new users. Usually you do want exactly that to save some typing later.Please note: You may need to restart your server to activate the new domain!2. Configuring the SMTP server for inbound emailNext we will configure the SMTP-Server. This is the part of Exchange that accepts incomming emails from POPcon. No special settings are needed to work with POPcon but these are the standard settings in any case:You will find the settings for the SMTP server under Servers/Protocols/SMTP/Default SMTP Virtual Server. Open the properties by right-clicking on the Default SMTP Virtual Server and choosing "Properties":The settings on tab "General" can normally be left to the defaults.On the tab "Access" you can find some configuration settings that might interfere with POPcon.POPcon only works with a standard SMTP connection WITHOUT authentication, so allow "Anonymous access" in the "Authentication" dialog:Choose "Connection" to grant or refuse the right to connect to the SMTP server to individual or multiple IP Address Ranges. Please ensure the system POPcon runs on does have the right to connect granted. With this setting ALL systems will have access to your SMTP server:Under "Relay..." you can assign the right to relay through your SMTP-Server to some systems. This might be needed in some configuration and to be sure you should grant the system POPcon runs on relay rights. All other systems will need to authenticate before accessing the SMTP server to prevent unauthorized users using your system to relay spam:Under the "Messages" tab you can restrict message size and number of messages accepted for each connection. Please make sure these settings are liberal enough to allow POPcon to transmit large messages to your server.Also, on this tab you can choose an internal additional recipient for copies of the non-delivery reports. These NDRs will be sent back to senders of mails addressed to recipients unknown in your Exchange Server and they include a copy of the original message sent. You can use these postmaster copies of the NDRs to manually forward emails sent to mistyped recipients to the correct users.Under tab "Delivery" some more configuration settings for outgoing emails can be found:3. Adding the SMTP Connector for outbound emailsNow we need to add an SMTP-Connector (vs. SMTP Server) to handle outgoing email to the Internet.Right-click "Connectors" in the Exchange System Manager and choose "New", "SMTP-Connector" to start adding the new connector and name it appropriately (like "SMTP-Out" in our case):On the "General" tab you can now choose wether Exchange will send outgoing emails directly to the recipients system ("Use DNS...") or if all emails should be relayes through a SMTP relay server ("smart host").The first option, DNS, is more direct but can sometimes cause problems when you use a dialup internet connection because some recipient systems will not accept emails that are coming from you ISP's dialup IP range while pretending to come from your real internet domain. Sending via your ISP's smart host / smtp relay server is the better option in this case. We chose our ISPs smtp relay server here.Also, on this tab you need to add the "local bridgehead" server (as shown above)On the tab "Address Space" we need to add a wildcard address space for SMTP. We want to allow emails to any domain, so we use the wildcard "*" here:Side note about the "Cost" entry: If you want to send emails to some domains via a different route you can create multiple SMTP connectors and set the "Cost" entry of this wildcard connector to a higher value while setting the cost entry of the special domain route to a lower cost but with only the special domain allowed on this page. This is especially useful if you generally want to send via DNS and only route to some systems that won't accept your email via some relay server.If your ISP's SMTP server requires authentication (and almost all of them do today) you can set the username and password on the "Advanced" tab of the SMTP connector. Select "Outbound Security":Select "Basic authentication" and chose "Modify" to enter the username and password:And that's alreay it - Your Exchange is now configured to send email to the internet and receive an SMTP email feed like it will come from POPcon or a direct internet connection. All you should do now is configure your users' email addresses in the Active directory.4. Configuring your user's email addresses in the Active DirectoryYou can set one or multiple email addresses for each user to receive email at. We will step through the neccessary actions when creating a new user called John Galt.First open the active directory and right-click the "Users" item to select "New", "User":The resulting dialog will allow you to create a new AD user to log into your server and creates an Exchange mailbox all in one wizard pass:Next...Next...Now the wizard continues into the Exchange Server realm and lets us create a new exchange mailboxWe just accepted the default alias here. Next...Ok, fine - but wait: What about our desired email address? john@servolutions.com? We need to add this mail address manually. We are back at the AD configuration console and select the properties of our new user "John Galt" by right-clicking on the name:Lot's of tabs on this resulting dialog:We go to the "E-mail Addresses" tab:And surprise: john@servolutions.com is already there, but in suspiciously non-bold print. Actually, Exchange automatically entered this additional email address because we choose so during the editing of the default recipient policies. But we want this address to be the primary address meaning all email sent by John will get this address as the "senders" and "reply" addresses in the mail headers. So we click on "Set As Primary" and are done:We could also add more email addresses like info@servolutions.com or sales@servolutions.com but only one of these addresses can be the primary address that will be the default senders' address in all emails sent out by john.And that's really it - just step through you other user's AD entries and set the appropriate primary and additional email addresses.

Access Point (AP)

Installing Your Access Point

Now that you've installed at least one wireless client adapter, it's time to install and configure your access point or wireless router. There are four basic steps in this section, and you may be able to skip one of them:Survey your wireless LAN to make sure you have good wireless communication between the AP and the clients.Connect your AP or wireless router to the rest of the LAN.Configure your AP and wireless clients.Secure your wireless LAN.Surveying Your Wireless LANMany people think they don't need to do a survey because their wireless AP is rated for several hundred feet indoors. But you're unlikely to get that "several hundred feet" range in your own home unless you live in a big, open space—such as an airplane hangar.Here in the real world, the actual maximum range of a typical AP in a typical home is about 100 feet—or even less. There are all sorts of things that can conspire to reduce the range of your AP, including wiring and metal studs inside interior walls, refrigerators, filing cabinets, and other large metal objects, fish tanks, microwave ovens, 2.4 GHz cordless telephones, and even your neighbor's wireless LAN!If you plan to use your portable computer in very close proximity to your wireless AP, you can probably skip the survey and simply install the AP in the most convenient location. As a general rule, if you can see the AP, you can connect to the AP. For more suggestions on positioning your AP, see the "Where to Put the AP" sidebar later in this section.To perform your site survey, you'll need a laptop with a wireless network adapter, and a wireless AP or combination AP/router. Don't have a laptop? If you plan to link several desktop PCs with a wireless network, you still may want to do a site survey first. Instead of moving your desktop PC from room to room, you can simply move the AP to several locations and check the wireless signal quality on each of your wireless desktop PCs. Of course, you'll need to install the wireless adapters in the desktop PCs before you perform the survey.To perform the survey, follow these steps:Decide where you would prefer to place the AP, and put the AP in that location.Plug the AP into a power source so that you can establish a connection to the AP to make sure that your wireless adapter is working correctly. The AP does not need to be connected to your network or broadband modem for this test.Within view of the AP, turn on your wireless client PC. After the system starts up, you should see a message on the lower right-hand corner of the screen, as shown in Figure 7-7 . If you don't see this message, your machine is not within range of the AP.Click on the notification balloon. If the balloon has disappeared, right-click on the network icon (it looks like two computer screens, one in front of the other), and select View Available Wireless Networks. You will see the wireless network connection dialog, shown in Figure 7-8 .You should see the name of your wireless network on the screen, under the list of available wireless networks. Select your wireless network, then check the box marked Allow Me to Connect . . . and click the Connect button.Note: If one of your neighbors has a wireless network, you may see more than one network in the list of wireless networks.Right-click on the network icon on the taskbar, and select Status from the pop-up menu. You'll see a display like the one shown in Figure 7-9 .Move your computer around the house while monitoring the speed and signal strength indicators on the wireless connection status screen. Be sure to test the signal strength and connection speed at the locations where you are most likely to use your computer. Keep in mind that the signal strength indicator isn't as important as the link speed.If you have one or more desktop computers on your wireless network, check the signal strength and connection speed on each desktop.If you are satisfied with the coverage area, signal strength, and link speed, you're finished with the survey, and you can move on to the next section. If not, move the AP to another location and repeat the survey.Where to Put the AP?If you encounter problems finding a spot for your AP, some of the tips here may help.· Many access points can be mounted on a wall. While an AP isn't the most attractive thing you can hang on your wall, you may find that you'll get better coverage from your AP by mounting it up high, clear of your furniture and other obstructions.· If you don't want to wall-mount your AP, you can also place it on a high shelf, or on top of a tall piece of furniture.· The best place to put your wireless router is as close as possible to the center of the area that you want to cover.· The weakest signal area is located directly above and below the AP. Keep this in mind if you live in a multistory home.· Keep your AP's antenna(s) vertical if possible.· Don't put your AP near large metal objects like metal filing cabinets and desks.· Try to keep your AP as far as possible from microwave ovens and 2.4 GHz telephone base units. These products operate intermittently but can cause severe interference when they are in use.· Avoid large, water-filled objects like fish tanks and water heaters.· Keep the AP away from exterior walls. If you want your wireless LAN to cover part of the outside area of your home, place the AP close to a window.Connecting and Configuring the Access Point?Once you've determined the best location for your AP, you're ready to connect the AP to the rest of your network. If you are adding a wireless AP to an existing Ethernet network, you'll need to connect an Ethernet cable from the AP to an unused port on your Ethernet switch. If you are installing a combination AP/router, you'll also need to connect an Ethernet cable from your cable or DSL modem to the router.Note: The examples in this section show how to configure a standalone access point. If you are installing a combination AP/router device, the procedure will be similar to the example shown here but will include one or two additional steps. I'll cover those additional steps in Chapter 9, so you may want to read both chapters first.Virtually all wireless access points feature a browser-based configuration wizard. To configure the router, you start your Web browser, enter the IP address of the access point, and answer a few questions. The D-Link AP in the following example uses this approach.Some access points come with a configuration program on a CD-ROM. To configure these products, you install the configuration program, which walks you through the steps required to configure your AP.In either case, the steps required are very similar. The following example shows the steps required to configure a D-Link access point using the Web browser interface.Before you can configure the AP, you must establish a connection from your PC's Web browser to the AP's browser interface. In most cases, the AP will come from the factory set for a specific IP address, usually in the 192.168.x.x private address range. You'll need to start your browser and enter the IP address of the AP in the address bar, as shown in Figure 7-10 .As you can see in Figure 7-10 , the browser interface has a button marked Run Wizard that starts the setup wizard. The wizard walks you through the configuration. Figure 7-11 shows the first step in the setup wizard.The first step is to set a password for your AP, as shown in Figure 7-12 . I strongly recommend that you change the password from the factory's default setting. If you leave the AP set with the default password, it is very easy for someone to break into your wireless network and change your network settings. Use a password with a mix of alphabetic and numeric characters.The next step is to set a name (called an SSID) and a channel number for your AP, as shown in Figure 7-13 . The SSID name can be anything you like. For security reasons, I suggest that you not use your family name or house address as part of the SSID.You can set your AP to one of 11 channels. Virtually all APs come from the factory set to operate on channel 6. If you experience interference from a nearby AP at a neighbor's home, set your AP to channel 1 or channel 11. If you are planning to install a second AP in your home, set one AP for channel 1 or 6, and the other for 6 or 11. Do not set both APs to the use the same channel.Next, you can enable your AP's encryption security feature. For the time being, I recommend that you leave encryption turned off until you have installed and configured all of the wireless PCs on your network. I'll cover encryption at the end of this chapter. Figure 7-14 shows the encryption settings screen for the D-Link router.The final step (shown in Figure 7-15 ) is to accept the settings you have just changed and apply them to the AP. In most cases, the AP will need to reset itself, and you will momentarily lose the connection between the AP and your wireless PC. If you changed the SSID setting, you will need to reconfigure your wireless PCs to use the new SSID setting. If this happens, you will see the "One or more wireless networks are available" message that you saw in Figure 7-8 . Click on the message, and then select the new network name from the list and click Connect.If everything went according to plan, your AP is now configured and operating properly, and you have at least one wireless PC installed and configured to operate with the wireless network. The next step from here depends on your network configuration:· If you have more wireless clients to install, this is a good time to install and configure each of them.· If you are installing a separate router or a combination AP/router, go on to Chapters 8 and 9, and then come back here and enable the encryption feature on your wireless LAN.Securing Your Wireless LANWireless networks are very convenient, but they pose a problem for security-conscious users.Because wireless signals can penetrate through walls and floors, it is possible for anyone with a wireless laptop to connect to your network. Once connected, they can poke around in your shared files, introduce virus or Trojan horse programs onto your network, or send malicious e-mails or spam.Shortly after the introduction of 802.11b wireless networks, the equipment manufacturers realized that they had a major security problem on their hands. The industry responded by introducing two different types of data encryption for wireless networks: Wired Equivalent Privacy and WiFi Protected Access.The Wired Equivalent Privacy (WEP) encrypts data using a shared password called an encryption key. The AP and each client PC must be configured to use the same key. Although WEP uses relatively strong 128-bit data encryption, researchers (and crackers) have found a way to crack the WEP encryption. As a result, the WiFi organization introduced a newer, stronger form of encryption called WiFi Protected Access, or WPA—which is in turn based on the IEEE 802.1X authentication protocol.WPA EncryptionWPA is similar to WEP, but WPA combines encryption with user authentication. WPA was just becoming available as this book went to press, but it should be a standard feature in most home access points beginning in early 2004. Instead of using a shared encryption key, WPA first requires users to identify themselves with a user name and password. If the user passes the authentication test, the AP sends the user a unique key that is valid for a limited period of time. The data connection between the user's PC and the AP is encrypted using the temporary key.WEP EncryptionWhile WEP isn't as secure as WPA, it is still reasonably secure and is much better than no protection at all. Virtually all APs provide WEP encryption, and WEP is very easy to configure. In the following example, I show you how to configure WEP on a typical AP and on a Windows XP client PC.Keep in mind that once you have enabled WEP on your AP, you will need to configure each client PC on your wireless LAN to use the same WEP encryption key.To begin, connect to your AP's management screen, and locate the WEP settings screen. In the example shown in Figure 7-16 , the WEP information is located on the same screen as the SSID and channel settings. It is not necessary to change the SSID or channel to enable WEP.To enable WEP, select the Enabled radio button. If your router or AP offers multiple levels of encryption, choose the one with the strongest encryption. In this example, the AP supports 40-, 64-, and 128-bit encryption, and I have selected 128 bit.Most APs allow you to enter the WEP key as a string of hexadecimal numbers or as a string of readable (ASCII) text. Unless you have a thing for hex numbers, choose the ASCII setting, and enter a string of text to use as the encryption key. Although I've used a readable phrase (mumbo-jumbo) in the example, you should use a random string of numbers and letters for your key. Whatever key you choose, be sure to write it down in a safe place; you'll need to enter the key into each of your client PCs.After you've enabled WEP on the access point, you need to configure the WEP key on each of your wireless client PCs. The first time you attempt to connect to the wireless LAN after you enable WEP, you'll see a screen like the one in Figure 7-17 . Carefully enter the key in each of the two boxes, and click the Connect button. If you change the key on the AP, you will need to reenter the key on each of the client PCs

How to install and configure a modem

In: Categories » Computers and technology » Network Hardware » Modems ~ How to install and configure a modemA modem is a device that modulates a digital signal into an analog signal. The signal then is demodulated back into a digital signal at the receiving modem. (If you haven’t guessed, the term modulate was the basis for the word modem.) A modem allows a user to do a variety of tasks, including:Connect to the InternetConnect to a remote networkConnect to another PC directlySend and receive faxesAccept incoming phone callsModem attributes There are several attributes of a modem that will effect its installation and configuration: whether the modem is internal or external, the available resources on the computer, and the speed of the modem. The most prominent of these is the speed of the modem. Speed is measured in bits per second (bps)—and in today’s world, the more bps the merrier. Realistically, as far as analog modems are concerned, dial-up connection speed begins promptly at 56K, or 56,000bps.Installing a modemInstalling a modem is not difficult work. As most computers today ship with a modem installed already, you’re likely to find yourself replacing modems more often than installing them from scratch.STEP BY STEP: Installing a Modem1. Power off the computer and disconnect all cords from the PC. Open the case of the computer according to the manufacturer’s guidelines.2. If you are replacing a modem, remove the old modem from its bus. If you’re adding a new modem, confirm that the modem you’re about to add has an available bus on the motherboard.3. If necessary, remove the plate that allows access to the modem on the back of the PC. Insert the new modem into the appropriate slot. The card should fit snugly and firmly with a satisfying snap.4. Screw the modem into place and replace the case’s cover and all of the cords.5. Most modems have two “jacks” or receptacles. The first jack connects to the telephone line. The second jack connects to a telephone, caller-ID station, or fax machine. The modem can route the call to the appropriate device if the call is not meant for it. Connect the modem directly to the incoming phone line and then connect the phone to the modem’s second phone port. Modems accept RJ-11 connectors, the transceiver on the end of a standard phone line.Configuring a modemWindows 9x and Windows 2000 both use Plug-and-Play to detect and install modems. In some instances, the modem may not be detected properly through Plug-and-Play. You can use either the Device Manager in the System or Modems applets in the Windows Control Panel to confirm that your modem has been detected and installed properly. If you find that your modem has not been installed, you’ll have to add your modem manually using the Add New Hardware Wizard in the Add/Remove Hardware applet of the Control Panel.As with most hardware, the drivers for the modem are typically included with the modem on a floppy or CD. Additionally, the manufacturer’s Web site should supply updated drivers for the device

Wireless Router (WR)

How to install a wireless routerYour broadband connection isn’t limited to serving just one PC.

A wireless router makes it easy to connect all the computers in your home – and more.Wireless sharing is an easy way to make the most of your broadband connection, and although it also raises security issues, a well-configured wireless network can actually make your PCs safer, thanks to the router’s built-in firewall. Not only can all your computers access the Internet at once, but setting up a wireless router also helps you to take advantage of the wireless capabilities now built into other devices such as printers, cameras, PDAs and Internet telephone handsets.Using a wireless router isn’t the only way to share an Internet connection, but it’s definitely the most convenient. Using a wired router, you’d have to trail chunky Ethernet cables all over your house. With similar wiring, you could do without a router and use Windows Internet Connection Sharing to turn one of your PCs into an Internet gateway. But with this setup, the other computers will only have constant Internet access if you keep the gateway machine switched on, which could be an expensive waste of electricity.Installing a WiFi router solves all these problems, and it’s easy to do. We’ll show you how to set up your router and connect all your PCs to it so that the whole family can surf the Internet in harmony.CHOOSING A WIRELESS ROUTERA wireless router creates a network that all your PCs can use to access a single broadband connection. This may sound as if it’s going to be complicated, but it’s really very straightforward. The router acts as a junction box that joins your network together. The router connects to your broadband line through a modem (which may be built into the router, or could be your existing cable modem, for example), and each of your PCs connects to the router either wirelessly or, if it happens to be in the same place as the router, through one of its wired ports.For wired connection, the PC must have an Ethernet adaptor, which most recent systems do, often built into the motherboard. To connect wirelessly, a PC must have a wireless network adaptor. Most laptops now have one built in, and they’re easy to add to desktop PCs too.The kind of router you should buy depends on your broadband connection and your existing hardware. If you have a cable modem with an Ethernet port, you can use this with your new router. If you have any kind of ADSL modem – that means any broadband connection via a phone line, rather than a cable installation such as NTL or Telewest – then we recommend that you bin it and buy a router with an ADSL modem built in, as it’s a lot easier to set up and costs hardly any more.Next, you need to consider which wireless standard you want your router (and all your wireless adaptors) to support. It’s important that all your devices conform to a common standard, of which there are several. The faster the standard your kit supports, the better the speed you’ll get. This is most significant when you use your wireless network to transfer data between your own PCs, because this can potentially reach much higher speeds than Internet access.The 802.11b and 802.11g WiFi standards use frequencies in the 2.4GHz band. The older ‘b’ standard runs at 11 megabits per second (Mbit/s), while the newer ‘g’ standard runs at 54Mbit/s. As they both use the same frequencies, ‘b’ and ‘g’ devices can communicate with each other, but only at the slower speed of the ‘b’ devices. If possible, you should use only ‘g’ devices in your network.The next standard to use the 2.4GHz band will be called 802.11n and will run at 100Mbit/s. Unfortunately, some problems have emerged with the technology behind this, and a final version won’t be officially agreed until July 2007 at the earliest. Although some products already claim to use the ‘n’ standard – sometimes described as ‘pre n’ – it could still change, meaning that any device you buy today might have trouble communicating with later 802.11n products.There is one other wireless network standard, 802.11a, which runs at 54Mbit/s, like 802.11g. Instead of the 2.4GHz frequency band, it uses frequencies clustered around 5GHz. Because of this, ‘a’ products can’t communicate with other types of wireless networking devices and are best avoided. We recommend that you buy an 802.11g router. 802.11b routers aren’t much cheaper and are increasingly hard to find. If your PC has a ‘b’ adaptor built in, it’ll work with your ‘g’ router, but you might consider upgrading it to get the fastest speeds possible.To find out which standards an existing wireless adaptor supports, go to System Properties. In the Hardware tab, open Device Manager and expand the Network adaptors section. If your WiFi card has just a letter ‘b’ at the end of its name, it conforms to the 802.11b standard; if it has ‘bg’, it’s a ‘g’ adaptor.The best routers offer greater speed and range than budget models. Any router will usually mange to connect to devices within a small to medium-sized house, but if you want to browse the web at the bottom of the garden, consider a pricier router that uses MIMO technology. Rather than a single aerial, a MIMO router can have anything between two and seven. At any given moment, atmospheric conditions, interference and other factors mean that some of these aerials receive a better signal than others. MIMO continually shifts the load to whichever aerials work best at the time. In our experience, MIMO routers have a much greater range.For an extra burst of speed, look for a router with a ‘turbo’ mode. These typically run at up to 108Mbit/ s. The catch is that, because they’re non-standard versions of 802.11g that manufacturers have enhanced in different ways, you must buy your network adaptors and router from the same manufacturer.NETWORK SECURITYIf you leave a wireless network unsecured, anyone within range who has a WiFi-equipped PC will be able to use your broadband line, and if they were so inclined they might even be able to gain access to your files. Although it may seem unlikely that you’ll be targeted by a local hacker, ‘bandwidth stealing’ is very common and can even happen without your neighbours realising they’re using your connection. One of our writers checked his router and found no less than nine users on it.The most common WiFi encryption standard is Wireless Protected Access (WPA). Most routers support this; it’s easy to set up and very secure. However, only Windows XP Service Pack 2 supports WPA natively. If any of your PCs lacks SP2 or has an older version of Windows, make sure the software with its WiFi adaptor allows WPA. A new standard, WPA2, is even more secure, but isn’t so widely supported yet.Your router should let you hide the name of your network (its SSID) so that you can connect to it but snoopers won’t see it. You should also be able to limit network access to specified WiFi adaptors using a feature called MAC address filtering or authentication. A MAC address is a unique ID given to each network device when it’s made. If only your own PCs, specified by the MAC addresses of their WiFi adaptors, are allowed on your network, it’s harder for intruders to get in. If you have cable broadband, your router may also need to support MAC address spoofing.Cable providers often allow access only to the MAC address of the PC you signed up with. With spoofing, your router can show that MAC address, not its own, to the cable provider’s server. Finally, your router should act as a DHCP server. This means it can hand out network settings, such as IP addresses, automatically to any PC or other device you add. Just about all routers can do this, but it’s worth checking.CHOOSING NETWORK ADAPTORSEach computer you want to link wirelessly to the router needs a WiFi adaptor. If you bought your PC recently it may have one built in, but if not, several types are available. For a desktop system, you can use either a WiFi card that plugs into a free PCI slot or an external WiFi adaptor that plugs into a USB or Ethernet port.Adaptors that connect to a separate aerial with a cable are useful if your PC sits with its back to the wall, because you can place the aerial where it’s likely to get a good signal, instead of having it stuck behind your PC. USB is a good choice if you often move from PC to PC and need to take your wireless connection with you. 802.11g models will need a USB 2.0 (HiSpeed) port to transfer data at full speed. Notebook PCs may have a built-in WiFi chip; if yours hasn’t, you can buy a WiFi adaptor for the PC Card slot.MODEM CONNECTIONCheck your broadband modem’s connections to find out if you can use it with a router. Regardless of whether it’s for ADSL or cable, it’ll have either a USB or an Ethernet socket to link to your PC. Ethernet, above left, looks similar to a telephone socket (but isn’t), while USB, on the right, is marked with a distinctive symbol.WINDOWSCheck each PC’s version of Windows before buying a WiFi card for it. For 98 SE or Me, you’ll need your Windows install CD, and you’ll be relying on your adaptor’s software for security features. Windows XP already supports WiFi; with Service Pack 1 you can use WEP security, while SP2 supports the more secure WPA. An update for WPA2/WPSIE can be downloaded from www.microsoft.com.PORTS AND SOCKETSTo connect wirelessly, a PC needs a WiFi adaptor. PCI adaptors fit into a spare slot in a desktop PC; USB adaptors plug into USB ports on any kind of PC (preferably USB 2.0); and CardBus cards plug into a laptop’s PC Card slot. Access points that plug into an Ethernet port are pricey, but may help connect older computers. For wired connections, you can add Ethernet on a PCI card if necessary.Check out our latest wireless networking deals

Remote Installaion Service (RIS)

How to Install Remote Installation Service (RIS)

Roll out your desktops the modern RIS way. Choose Windows Server 2003's RIS rather than Ghost. This page will show you how to install and configure Microsoft's RIS. My goal is to help you design and plan a small or medium sized roll-out of XP Professional using RIS.Introduction to RISThere are many ways to install XP clients. Whilst 'Ghost' imaging software is popular, I urge you to try RIS. Take advantage of Microsoft's intellimirror technology which automatically repairs client installations. RIS links with OUs and Group Policies as a result you can control the XP desktop from the outset.Topics for Installing RISPre-requisites and DependenciesPhase 1 - Add or Remove ProgramsPhase 2 - Wizard to Copy the XP ImagePhase 3 - Active Directory Users and ComputersSummary of Installing RISHow to Install RIS (Remote Installation Service)Pre-requisites and DependenciesThe RIS Server can be a Member Server, in fact it's probably BETTER to offer RIS from a Member Server than a Domain Controller.DHCP for the initial PXE (means Pre eXEecution, but is pronounced 'Pixie) boot. Remember to Authorize the Server in Active Directory.Active Directory (DNS). A simple practicality, you need a domain controller available when you install RIS.Another 2GB NTFS partition. There will be a problem if you only have one partition, because the RIS images cannot be on the System Partition. The answer is to create a large partition for all the XP images.Once a RIS failed to install on a server with a DHCP address and with the wrong DNS server. From a troubleshooting point of view, I foolishly changed both factors at once, so I was never sure whether it was the dynamic IP or the incorrect DNS that caused the problem.RIS is a very difficult topic, as an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example DNS or go for a combination of modules. Learn more about RIS 2003 hereDetailed Step-by-Step RIS SetupPhase 1 - Add or Remove ProgramsThink of installing the actual RIS Service as a two stage process. Begin just as you install WINS or Certificate or any other service. Navigate to Add or Remove Programs, Windows Components, select Remote Installation Services.Unlike any another service that I know, there is more work to do after the Add or Remove programs session completes. After you reboot the Windows 2003 Server, seek out the Administrative Tools menu, and Remote Installation Services Setup. The RIS wizard is one of Microsoft's best; it guides you through selecting the partition, and the name for the first XP Professional image.Note: The above method works for Windows Server 2003, but on Windows 2000, return to the Add or Remove programs and see the newly added item, which leads you through to phase 2. Beware this is a truly bizarre experience and many give up at this point.Phase 2 - Wizard to Copy the XP ImageIt sounds silly now, but the first time the RIS wizard prompted me for the CD, I put in the Windows Server 2003 CD. Wrong. I should have put the XP Professional CD in the caddy, clearly the wizard wants to create the client image. (It did not need any server files.) It takes a fair time to copy the image into your NTFS partition. Here is a screen shot taken at the copying stage.Phase 3 - Active Directory Users and ComputersAnother surprise, most of the rest of your RIS configuration is at the Computer object in Active Directory Users and Computers (ADUC). However, if you think about what's going to happen, it makes sense to configure RIS in Active Directory. In the ADUC interface, navigate to the Computers container, or the Domain Controllers if you installed RIS on a DC. The initial surprise is that the Computer Object of the machine where you just installed RIS has extra Tab called, Remote Install. See diagram below.Note that the Respond to client computers requesting service is not checked by default. As an aside, my view is that finding this check box is your passing out test. Officially, the reason its unchecked is that Microsoft don't want rogue laptops picking up images before you are ready.What Next?So, you have successfully installed the Service, What next?Authorize RIS / DHCPMore Configuration at the Remote Install Tab. Including checking Respond to client computers requesting service.Collect more RIS ImagesGet ready at the client to install the actual XP Professional Client using RISSummary of Installing RISRIS is one of the most difficult Services to installing RIS. Let us be realistic, either you need a detailed plan, or you will need at least 3 attempts if you follow your nose and employ trial and error.Configuring Remote Installation Service (RIS)One curiosity of the RIS service is the way you configure the options via the Computer object in Active Directory Users and Computers. This page provides on tutorials explaining the Tabs, Menus and options for optimizing the RIS server in a Windows Server 2003 domain. (Good news, the Windows 2000 RIS configuration is almost identical.)Introduction to Configuring RISOnce you have installed RIS, there is still a great deal of menus to visit before the whole RIS system kicks into effective action. At the simple level, remember that by default, no clients will be given RIS images until you check the box on the Remote Install tab. At the complex level, decide how many RIS Servers you need and whether to install a referral server.Topics for RIS Configuration OptionsPre-Requisites and Assumptions - Before you Configure RISConfiguring RIS in Active Directory Users and ComputersRemote Install Tab - RIS InterfaceComputer Account Generation OptionsSummary of Configuring RISPre-Requisites and Assumptions - Before you Configure RISI am assuming that you have successfully installed the RIS service (Not a trivial task, see here if you need help to install RIS). Most operations in this tutorial can be completed on any machine with Active Directory Users and Computers installed. However there are just a few limitations, such as Verify where you need to be logged on at the very RIS Server Console. (Naturally you have to be an administrator for the domain.)RIS is a very difficult topic, as an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example DNS or go for a combination of modules. Learn more about RIS 2003 hereConfiguring RIS in Active Directory Users and ComputersLet us begin with an easy task:1. Open your MMC (Or select Administrative Tools)2. Launch Active Directory Users and Computers3. Select the computer object corresponding to the RIS Server4. Right click the RIS server and select properties5. Click on the Remote Install TabRemote Install Tab - RIS InterfaceIn passing, note that this where set the RIS server to respond to clients requests for XP images. Before the RIS service is ready for operation, we need to configure options.New ClientsFrom the Remote Install tab, click on the Advanced Option button. From the default tab called 'New Clients' see down at the bottom of the tab how you can control the container or OU where the new XP Machines will born. The Browse button connects through to Active Directory Users and Computers where you can make your choice of OU.If you are at the console of the very RIS server, then the 'Verify' button is active. In particular check that the RIS and DHCP has been Authorized in Active Directory. Incidentally, for the 'Dos diehards' there is a command line program called Risetup, however all it does is invoke the same wizard that you activate through the Remote Install, Verify Button.Images TabYou can check how many versions of XP are available by inspecting the Images tab. It is also possible to add a 'Vanilla' versions of XP from this interface. The most likely reason for using this menu is if the original version became corrupted. See RiPrep for instructions how to add more flavors of XP Professional.Tools TabI have never used the Tools menu. My understanding that this is for 3rd party vendors who hook onto RIS for their installation software.Computer Account Generation OptionsDecide How and Where to Place and What to Call the new XP Professional machines. With care you can control every aspect of the new XP Professionals from birth at the PXE card to death when you decommission in 2020.The naming format is a triumph for %variables to generate the unique name of each and every machine. Take the time to investigate all the options, I guarantee it will give you ideas for naming conventions.Summary of Configuring RISTo me, Configuring RIS is a labor of love. A classic case of combining business with pleasure. As you visit all the menus described in the tutorial, you feel that you are doing a job that needs doing, while at the same time you learn a little more about RIS.Much of the joy of configuring RIS is absorbing how RIS combines with Active Directory in a way that Ghost images could only dream of interacting.

File Transfer Protocol (FTP)

How To Set Up an FTP Server in Windows Server 2003

SUMMARY_This step-by-step article describes how to install and configure a File Transfer Protocol (FTP) server for anonymous access.Back to the topInstall Internet Information Services and the FTP ServiceloadTOCNode(2, 'summary');Because FTP depends on Microsoft Internet Information Services (IIS), IIS and the FTP Service must be installed on the computer. To install IIS and the FTP Service, follow these steps. NOTE: In Windows Server 2003, the FTP Service is not installed by default when you install IIS. If you already installed IIS on the computer, you must use the Add or Remove Programs tool in Control Panel to install the FTP Service.1.Click Start, point to Control Panel, and then click Add or Remove Programs.2.Click Add/Remove Windows Components.3.In the Components list, click Application Server, click Internet Information Services (IIS) (but do not select or clear the check box), and then click Details.4.Click to select the following check boxes (if they are not already selected):Common FilesFile Transfer Protocol (FTP) ServiceInternet Information Services Manager5.Click to select the check boxes next to any other IIS-related service or subcomponent that you want to install, and then click OK.6.Click Next.7.When you are prompted, insert the Windows Server 2003 CD-ROM into the computer's CD-ROM or DVD-ROM drive or provide a path to the location of the files, and then click OK.8.Click Finish.IIS and the FTP service are now installed. You must configure the FTP Service before you can use it.Back to the topConfigure The FTP ServiceloadTOCNode(2, 'summary');To configure the FTP Service to allow only anonymous connections, follow these steps:1.Start Internet Information Services Manager or open the IIS snap-in.2.Expand Server_name, where Server_name is the name of the server.3.Expand FTP Sites4.Right-click Default FTP Site, and then click Properties.5.Click the Security Accounts tab.6.Click to select the Allow Anonymous Connections check box (if it is not already selected), and then click to select the Allow only anonymous connections check box. When you click to select the Allow only anonymous connections check box, you configure the FTP Service to allow only anonymous connections. Users cannot log on by using user names and passwords.7.Click the Home Directory tab.8.Click to select the Read and Log visits check boxes (if they are not already selected), and then click to clear the Write check box (if it is not already cleared).9.Click OK.10.Quit Internet Information Services Manager or close the IIS snap-in.The FTP server is now configured to accept incoming FTP requests. Copy or move the files that you want to make available to the FTP publishing folder for access. The default folder is drive:\Inetpub\Ftproot, where drive is the drive on which IIS is installed.Back to the topAPPLIES TO•Microsoft Windows Server 2003, Standard Edition (32-bit x86)•Microsoft Windows Server 2003, Enterprise Edition•Microsoft Windows Server 2003, 64-Bit Enterprise Edition•Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)•Microsoft Windows Server 2003, 64-Bit Datacenter Edition•Microsoft Windows Server 2003, Web Edition•Microsoft Internet Information Services 6.0

Dynamic Host Configuration Protocol (DHCP)

Installing the DHCP ServiceConfiguring the DHCP ServiceTroubleshooting

SUMMARY_This step-by-step article describes how to build and configure a new Windows 2000 DHCP Server in a Windows 2000 Active Directory domain. The Windows 2000 DHCP service provides clients with IP addresses, and information such as the location of their default gateway, DNS servers, and WINS servers.Back to the topInstalling the DHCP ServiceloadTOCNode(2, 'summary');You can install DHCP either during or after the initial installation of Windows 2000 Server or Advanced Server, although there must be a working DNS in the environment. To validate your DNS server, click Start, click Run, type cmd, press ENTER, type ping friendly name of an existing DNS server in your environment, and then press ENTER. An unsuccessful reply generates an "Unknown Host My DNS server name" message.To install the DHCP Service on an existing Windows 2000 Server:1.Click Start, click Settings, and then click Control Panel.2.Double-click Add/Remove Programs, and then click Add/Remove Windows Components.3.In the Windows Component Wizard, click Networking Services in the Components box, and then click Details.4.Click to select the Dynamic Host Configuration Protocol (DHCP) check box if it is not already selected, and then click OK.5.In the Windows Components Wizard, click Next to start Windows 2000 Setup. Insert the Windows 2000 Advanced Server CD-ROM into the CD-ROM drive if you are prompted to do so. Setup copies the DHCP server and tool files to your computer.6.When Setup is complete, click Finish.Back to the topConfiguring the DHCP ServiceloadTOCNode(2, 'summary');After you install and start the DHCP service, you must create a scope (a range of valid IP addresses that are available for lease to the DHCP clients). Each DHCP server in your environment should have at least one scope that does not overlap with any other DHCP server scope in your environment. In Windows 2000, DHCP servers within an Active Directory domain environment must be authorized to prevent rogue DHCP servers from coming online and authorizing a DHCP Server.When you install and configure the DHCP service on a domain controller, the server is typically authorized the first time that you add the server to the DHCP console. However, when you install and configure the DHCP service on a member server, you need to authorize the DHCP server.Note A stand-alone DHCP server cannot be authorized against an existing Windows Active Directory. To authorize a DHCP server:1.Click Start, click Programs, click Administrative Tools, and then click DHCP.Note You must be logged on to the server with an account that is a member of the Enterprise Administrators group.2.In the console tree of the DHCP snap-in, select the new DHCP server. If there is a red arrow in the bottom-right corner of the server object, the server has not yet been authorized.3.Right-click the server, and then click Authorize.4.After a few moments, right-click the server again and then click Refresh. The server should display a green arrow in the bottom-right corner to indicate that the server has been authorized.To create a new scope:1.Click Start, click Programs, point to Administrative Tools, and then click DHCP.Note In the console tree, select the DHCP server on which you want to create the new DHCP scope.2.Right-click the server, and then click New Scope. In the New Scope Wizard, click Next, and then type a name and description for the scope. This can be any name that you choose, but it should be descriptive enough to identify the purpose of the scope on your network. For example, you might use Administration Building Client Addresses.3.Type the range of addresses that can be leased as part of this scope, for example, a starting IP address of 192.168.100.1 to an ending address of 192.168.100.100. Because these addresses are given to clients, they should all be valid addresses for your network and not currently in use. If you want to use a different subnet mask, type the new subnet mask. Click Next.4.Type any IP addresses that you want to exclude from the range you entered. This includes any addresses that may have already been statically assigned to various computers in your organization. Click Next.5.Type the number of days, hours, and minutes before an IP address lease from this scope expires. This determines the length of time that a client can hold a leased address without renewing it. Click Next to select Yes, I want to configure these options now, and then extend the wizard to include settings for the most common DHCP options. Click Next.6.Type the IP address for the default gateway that should be used by clients that obtain an IP address from this scope. Click Add to place the default gateway address into the list, and then click Next.Note When DNS servers already exist on your network, type your organization's domain name in Parent domain. Type the name of your DNS server, and then click Resolve to ensure that your DHCP server can contact the DNS server and determine its address. Then click Add to include that server in the list of DNS servers that are assigned to the DHCP clients. Click Next.7.Click Yes, I want to activate this scope now, to activate the scope and allow clients to obtain leases from it, and then click Next. Click Finish.Back to the topTroubleshootingloadTOCNode(2, 'summary');•Clients are unable to obtain an IP addressIf a DHCP client does not have a configured IP address, it generally means that the client has not been able to contact a DHCP server. This is either because of a network problem or because the DHCP server is unavailable. If the DHCP server has started and other clients have been able to obtain a valid address, verify that the client has a valid network connection and that all related client hardware devices (including cables and network adapters) are working properly.•The DHCP server is unavailableWhen a DHCP server does not provide leased addresses to clients, it is often because the DHCP service has failed to start. If this is the case, the server may not have been authorized to operate on the network. If you were previously able to start the DHCP service, but it has since stopped, use Event Viewer to check the system log for any entries that may explain the cause.Note To restart the DHCP service, click Start, click Run, type cmd, and then press ENTER. Type net start dhcpserver, and then press ENTER.

ISP Point