Name:
Due date:
Topic: computer networking
A global catalogue is a distributed data depot that contains searchable object that is partially represented in every domain in a Multidomain Active Directory Domain Service. It is stored on domain controllers that have been selected as global catalogue servers and is distributed in multi-master replication. Some of the benefits that we acquire from the global catalogue are that we can locate objects without having to identify the domain name and also is a domain controller.
Fault tolerance is the ability of a system to continue working even if its hardware fails. This is achieved when multiple vital components are present in the same computer system such as the CPUs, memories, power supplies. In such a way that when one component fails the other takes over. A team of computers can benefit if there is as sub team. In fault tolerance there is the presence of a similar component that can act in place of the other in the case of a failure. It allows the recovery of any account settings that might have been lost .e.g. when memory fails. If there was back up memory storage the information to set up the original account is recovered. Having dual operating system also enables security to the account.
A server core is a minimal option installation that is done while deploying standard, Enterprise and data-centre windows server 2008. It provides partial installation of windows server 2008 that allows several sever roles. Unlike any other operating system sever core does not have the desktop options such as the taskbar, start up menu and other features that one may be used to seeing, instead it has a command prompt interface that shows the user most of his/her time will be spent carrying out configurations and entering commands. One of the main purposes of the server core is the securing of branch offices. It does so because of the various attributes it has, which includes the Read Only Domain Controllers. Another attribute is its updated version when installed provides minimal environment for running specific supported server roles such as the DC role.
Windows server password is usually stored in the Active Directory called AD password setting container located in the system container of the AD domain naming setting. How to configure a new password: the first step is through creating a new AD object of the msDS password setting object class container. Objects that belong to this class are referred to as PSO (password setting objects). Only members of the domain administration group can create the password since they are the only ones with the permission. To apply the object created one requires to link PSO to msDS and to do so one requires permission from the administrator. The msDS password d=settings allow the configuration of an integer password which in our case will be a 10 character log on password. In the case of a multi-PSO this kind of password with a low value count is usually given higher priority over others.
To configure the number of attempts that a user will enter the password one requires opening the group management console. Once you open the management group, expand the list of options on the left side of your window, domains, your domain, group policy objects, and find default domain controllers policy and choose the edit option. Scroll down through your computer configuration options, Policies, windows settings and security settings and click Account policies. In the right pane of your window several options do appear the password policy, Account lockout policy that we require and the Kerberos policy. By clicking any of the options one is able to edit each of the policies as required, to change the lockout to be three attempts we click on to the account lockout policy and there we can change the number of attempts to be three. This gives the person logging in to the domain account three attempts to enter the password. The first step to configuring the volume if a domain account is the installation of File System Resource Manage; this is installation id enabled through the use of manage your server to add the file server role to your machine. Once the FRSM is installed right click on the root node and select connect to another computer then select the quota management node. The next step is to right click the Quota node and select create Quota. Browse to select the folder and select monitor 500MB. To select the limit lower limit to which a default warning level is achieved set the percentage limit to which a file size should be which in our case is 450MB. This is done in the same quota management window.
Active Directory certificate services is windows 2008 server role, referred to as certificate services in previous windows version, it provides the services of producing a production key infrastructure which will be discussed in the next question. The key allows administrators to manage public key certificates. ADCS an implementation of Microsoft that secures transfer information and identify management and verification
Public Key Infrastructure is a security design that provides protection of files and data in the internet. It supports secure transfer and exchange of information between members in the internet. However it can also be used the simple setting of a private network. How are they used? There are three ways they are used in both the private and internet settings; they can be used for signature, encryption and decryption.
To create a new user account we first log on server 2008 R2 domain controller with administrator account. On the desktop screen click start then go to the administrative tools, the click the Administrative Directory Users and Computers. On the active directory users and computers on the left pane expand the tree go down the list of options and choose users. Click on users and scroll down and choose new> user. A new window (new object-user) pops up. Next type the domain name .e.g. DomAdmin then after typing the name type the date to which the account will expire 30th September2013.When you are through click next, the next box appears and type and retype the password then check and uncheck the check boxes as required. Click next button then the finish box to create a new account.
Steps to installing the Certificate Authority; open the server manager, select roles then add roles in the centre pane. In the select server roles window select the Active Directory Certificate Services by placing a check mark next to it and click next. In the next step an introduction to ADCS is provided and points to note after the installation of CA >next select role services which in our case we choose the Certification Authority >next. On the specify setup type click Enterprise. On the next step, click root CA on the specify ca type. Next we create a new private key on the setup private keys> next, on the Configure Cryptography page select the default cryptographic service provider key length and hash algorithm> next, on the Configure name choose a unique CA name >next, the next step is Set the Validity Period, set the Validity period to be 2 years>next, on the Configure Certificate Database, accept the default locations >next, to finalize on, the Confirm Configuration Options page check through all settings selected; if all of them are okay click install.