Differences
between window server 2000 and 2003
WINDOWS SERVER 2000 WINDOWS SERVER 2003
1.Domain
Renaming is not possible
|
1.Domain
Renaming possible
|
2.No
inbuilt firewall
|
2.inbuilt
firewall
|
3.IIS
5.0
|
3.IIS
6.0
|
4.IE
5.0
|
4.IE
6.0
|
5.32
bit version
|
5.64
bit version
|
6.No
enhancement in terminal service.
|
6.Enhancement
in terminal service.
|
7.no
|
7.DNS
Stub zone
|
8.no
|
8.shadow
copy
|
9.No
changes in schema version
|
9.Schema
version changes ver13to30
|
10.Support
4-node clustering
|
10.Support
8-node of clustering
|
11.no
hcl support
|
11.Hardware
Compatability list issued by microsoft
|
12. Code name of 2000 is Win NT 5.0
|
12. Code name of 2000 is Win NT 5.1
|
13.create
1 million users
|
13.create
I billion users
|
14.no
improvment
|
14.Improve
the print managment
|
15.support
ipv4
|
15.ipv4
and ipv6
|
16.no
|
16. telnet sessions available
|
17. we can apply 620 group policies
|
17. we can apply nearly 720 so Win2003
server is more secure than win 2000 server.
|
18.does
not support .net
|
18.support
|
19. it supports of 8 processors and 64 GB
RAM.
|
19. supports up to 64 processors and max of
512GB RAM
|
20. Win2000 has Server and Advance Server
editions.
|
20. Standard, Enterprise, Datacenter and Web
server Editions.
|
21.basic
concept of DFS
|
21.Enhance
concept of DFS with multiple root.
|
22.complexity
in administration
|
22.Easy
administration.
|
23.2000 doesn’t have this service.
|
23. In 2003 we have concept of Volume shadow
copy service which is used to create hard disk snap shot which is used in
Disaster recovery.
|
24.we
don’t have end user policy managment
|
24. End user policy management which is done
in GPMC (Group policy management console).
|
25. cross domain trust relation ship
|
25. Cross forest trust relationship.
|
26.no
|
26.2003 has service called ADFS (Active
Directory Federation Services) which is used to communicate between branches
with safe authentication.
|
27.
|
27. In 2003 their is improved storage
management using service File Server Resource Manager (FSRM).
|
28.
|
28.2003 has service called Windows Share
point Services (It is an integrated portfolio of
collaboration and communication services designed to connect people, information, processes, and systems both within and beyond the organizational firewall). |
29.
|
29.When installing terminal services for
win2000 u r prompted to select application server functions or administrative
functions sets can be installed sequently on one server but it performs only
one function at one time. But in 2003 still distinguishes between application
and administrative services but installation and management are now
consolidated
|
Differences
between window server 2000 ADS and 2003 ADS
WINDOWS
SERVER 2000 ADS WINDOWS SERVER 2003 ADS
1. Only one million
object can be created.
|
1. 2 Million object can
be created .
|
2. Universal group
membership is not present.
|
2.Present
|
3.no present.
|
3.Application directory
partition is present
|
4. In Win 2000 server we
can apply 620 group policies .
|
4. 2003 we can apply
nearly 720 so Win2003 server is more secure than
win 2000 Server.
|
5. Between parent and
child, there is no built in trust .It is called as non-transitive trust.
|
5.built-in trust is
called transitive trust.
|
6. Emergency Repair
Disk(ERD) is there.
|
6. Automated System
Recovery(ASR) is there.
|
Differences
between windows server 2003 and 2008
WINDOWS SERVER 2003 WINDOWS SERVER 2008
1.
|
1.RODC
(Read only domain controller) introduced in it.
|
2.RIS(Remote
installation service)
|
2.WDS(Window
deployment services) introduced in it.
|
3.Boot
Sequence changed.
|
|
4.Role
based installation Services are known as role in it.
|
|
5.Group
policy option is separate in ADS
|
|
6.Hyper-V
introduced.
|
|
7.IIS
6.0
|
7.IIS
7.0
|
8.Better
Security
|
|
9.Enhance
Terminal Services
|
|
10.Network
Access Protection
|
|
11.Power
Shell
|
|
12.Window
Aero
|
|
13.Bit
locker Drive Encryption
|
|
14. 2003 we can only install fully O.S.
|
14. we can install windows 2008 server
either in full version(install all services& applications) or server
core(only install minimal required services)
|
15. Active Directory has been renamed to
Active Directory DomainServices (AD DS).
|
|
16. 2003 was made to control XP
networks.
|
16. is made to control Vista and win 7..
and win 8 is aslo( i think so) networks.
|
17. The group policy and active
directory schemas have been altered to include Vista polices.
|
|
18.
|
18.Active
Directory Recycle bin.
|
19. Information
technology (IT) professionals can use Active Directory Recycle Bin to
undo an accidental deletion of an Active Directory object. Accidental
object deletion causes business downtime. Deleted users cannot log on or
access corporate resources.
|
|
20.
Active Directory Administrative Center:- The Active Directory
Administrative Center has a task-oriented administration model, with support
for larger datasets. The Active Directory Administrative Center can help
increase the productivity of IT professionals by providing a scalable,
task-oriented user experience for managing AD DS. In the past, the lack
of a task-oriented user interface (UI) could make certain activities, such as
resetting user passwords, more difficult than they had to be. The Active Directory
Administrative Center enumerates and organizes the activities that you
perform when you manage a system.
|
|
21. Active Directory
Best Practices Analyzer. The Active Directory Best Practices Analyzer
(BPA) identifies deviations from best practices to help IT professionals
better manage their Active Directory deployments. BPA uses
Windows PowerShell cmdlets to gather run-time data. It analyzes
Active Directory settings that can cause unexpected behavior. It then
makes Active Directory configuration recommendations in the context of
your deployment.
|
|
22.
|
1.Virtualization
Although it will not be available with the initial launch of Server 2008, Microsoft's Hyper-V hypervisor-based virtualizationtechnology promises to be a star attraction of Server 2008 for many organisations.
Although it will not be available with the initial launch of Server 2008, Microsoft's Hyper-V hypervisor-based virtualizationtechnology promises to be a star attraction of Server 2008 for many organisations.
Although some 75 percent of large businesses have started using
virtualization, only an estimated 10 percent of servers out are running virtual
machines. This means the market is still immature. For Windows shops,
virtualization using Server 2008 will be a relatively low-cost and low-risk way
to dip a toe in the water.
At the moment, Hyper-V lacks the
virtualized infrastructure support virtualization market leader VMware can
provide. Roy Illsley, senior research analyst at U.K.-based Butler Group, noted
that Microsoft is not as far behind as many people seem to think, however.
"Don't forget Microsoft's System Center, which is a fully integrated
management suite and which includes VM Manager. Obviously it only works in a
Wintel environment, but if you have Server 2008 and System Center, you have a
pretty compelling proposition.
"What Microsoft is doing by
embedding virtualization technology in Server 2008 is a bit like embedding
Internet Explorer into Windows," said Illsley. "This is an obvious
attempt to get a foothold into the virtualization market."
At launch, Microsoft is unlikely
to have a similar product to VMware's highly popular VMotion (which enables
administrators to move virtual machines from one physical server to another
while they are running), but such a product is bound to available soon after.
2.ServerCore
Many server administrators, especially those used to working in a Linux environment, instinctively dislike having to install a large, feature-packed operating system to run a particular specialized server. Server 2008 offers a Server Core installation, which provides the minimum installation required to carry out a specific server role, such as for a DHCP, DNS or print server. From a security standpoint, this is attractive. Fewer applications and services on the sever make for a smaller attack surface. In theory, there should also be less maintenance and management with fewer patches to install, and the whole server could take up as little as 3Gb of disk space according to Microsoft. This comes at a price — there's no upgrade path back to a "normal" version of Server 2008 short of a reinstall. In fact there is noGUI at all — everything is done from the command line.
Many server administrators, especially those used to working in a Linux environment, instinctively dislike having to install a large, feature-packed operating system to run a particular specialized server. Server 2008 offers a Server Core installation, which provides the minimum installation required to carry out a specific server role, such as for a DHCP, DNS or print server. From a security standpoint, this is attractive. Fewer applications and services on the sever make for a smaller attack surface. In theory, there should also be less maintenance and management with fewer patches to install, and the whole server could take up as little as 3Gb of disk space according to Microsoft. This comes at a price — there's no upgrade path back to a "normal" version of Server 2008 short of a reinstall. In fact there is noGUI at all — everything is done from the command line.
3.IIS
IIS 7, the Web server bundled with Server 2008, is a big upgrade from the previous version. "There are significant changes in terms of security and the overall implementation which make this version very attractive," said Barb Goldworm, president and chief analyst at Boulder, Colorado-based Focus Consulting. One new feature getting a lot of attention is the ability to delegate administration of servers (and sites) to site admins while restricting their privileges.
IIS 7, the Web server bundled with Server 2008, is a big upgrade from the previous version. "There are significant changes in terms of security and the overall implementation which make this version very attractive," said Barb Goldworm, president and chief analyst at Boulder, Colorado-based Focus Consulting. One new feature getting a lot of attention is the ability to delegate administration of servers (and sites) to site admins while restricting their privileges.
4. Role-based installation Role-based installation is a less extreme version of Server Core.
Although it was included in 2003, it is far more comprehensive in this version.
The concept is that rather than configuring a full server install for a
particular role by uninstalling unnecessary components (and installing needed
extras), you simply specify the role the server is to play, and Windows will
install what's necessary — nothing more. This makes it easy for anyone to
provision a particular server without increasing the attack surface by
including unwanted components that will not do anything except present a
security risk.
5.ReadOnlyDomainControllers(RODC)
It's hardly news that branch offices often lack skilled IT staff to administer their servers, but they also face another, less talked about problem. While corporate data centers are often physically secured, servers at branch offices rarely have the same physical security protecting them. This makes them a convenient launch pad for attacks back to the main corporate servers. RODC provides a way to make an Active Directory database read-only. Thus, any mischief carried out at the branch office cannot propagate its way back to poison the Active Directory system as a whole. It also reduces traffic onWAN links.
It's hardly news that branch offices often lack skilled IT staff to administer their servers, but they also face another, less talked about problem. While corporate data centers are often physically secured, servers at branch offices rarely have the same physical security protecting them. This makes them a convenient launch pad for attacks back to the main corporate servers. RODC provides a way to make an Active Directory database read-only. Thus, any mischief carried out at the branch office cannot propagate its way back to poison the Active Directory system as a whole. It also reduces traffic onWAN links.
6.Enhancedterminalservices
Terminal services has been beefed up in Server 2008 in a number of ways. TS RemoteApp enables remote users to access a centralized application (rather than an entire desktop) that appears to be running on the local computer's hard drive. These apps can be accessed via a Web portal or directly by double-clicking on a correctly configured icon on the local machine. TS Gateway secures sessions, which are then tunnelled over https, so users don't need to use a VPN to use RemoteApps securely over the Internet. Local printing has also been made significantly easier.
Terminal services has been beefed up in Server 2008 in a number of ways. TS RemoteApp enables remote users to access a centralized application (rather than an entire desktop) that appears to be running on the local computer's hard drive. These apps can be accessed via a Web portal or directly by double-clicking on a correctly configured icon on the local machine. TS Gateway secures sessions, which are then tunnelled over https, so users don't need to use a VPN to use RemoteApps securely over the Internet. Local printing has also been made significantly easier.
7.NetworkAccessProtection
Microsoft's system for ensuring that clients connecting to Server 2008 are patched, running a firewall and in compliance with corporate security policies — and that those that are not can be remediated — is useful. However, similar functionality has been and remains available from third parties.
Microsoft's system for ensuring that clients connecting to Server 2008 are patched, running a firewall and in compliance with corporate security policies — and that those that are not can be remediated — is useful. However, similar functionality has been and remains available from third parties.
8.Bitlocker
System drive encryption can be a sensible security measure for servers located in remote branch offices or anywhere where the physical security of the server is sub-optimal. Bitlocker encryption protects data if the server is physically removed or booted from removable media into a different operating system that might otherwise give an intruder access to data which is protected in a Windows environment. Again, similar functionality is available from third-party vendors.
System drive encryption can be a sensible security measure for servers located in remote branch offices or anywhere where the physical security of the server is sub-optimal. Bitlocker encryption protects data if the server is physically removed or booted from removable media into a different operating system that might otherwise give an intruder access to data which is protected in a Windows environment. Again, similar functionality is available from third-party vendors.
9. Windows PowerShell
Microsoft's new(ish) command line shell and scripting language has
proved popular with some server administrators, especially those used to
working in Linux environments. Included in Server 2008, PowerShell can make
some jobs quicker and easier to perform than going through the GUI. Although it
might seem like a step backward in terms of user friendly operation, it's one
of those features that once you've gotten used to it, you'll never want to give
up.
10. Better security
We've already mentioned various
security features built into Server 2008, such as the ability to reduce attack
surfaces by running minimal installations, and specific features like BitLocker
and NAP. Numerous other little touches make Server 2008 more secure than its
predecessors. An example is Address Space Load Randomization — a feature also
present in Vista — which makes it more difficult for attackers to carry out
buffer overflow attacks on a system by changing the location of various system
services each time a system is run. Since many attacks rely on the ability to
call particular services by jumping to particular locations, address space
randomization can make these attacks much less likely to succeed.
It's clear that with Server 2008
Microsoft is treading the familiar path of adding features to the operating
system that third parties have previously been providing as separate products.
As far as the core server product is concerned, much is new. Just because some
technologies have been available elsewhere doesn't mean they've actually been
implemented. Having them as part of the operating system can be very
convenient, indeed.
If you're running Server 2003
then, now is the time to start making plans to test Server 2008 — you're almost
bound to find something you like. Whether you decide to implement it, and when,
is up to you.
Major
Changes in windows server 2008.
v Active Directory Recycle Bin.
Information technology (IT) professionals
can use Active Directory Recycle Bin to undo an accidental deletion of an
Active Directory object. Accidental object deletion causes business
downtime. Deleted users cannot log on or access corporate resources.
This is the number one cause of Active Directory recovery
scenarios. Active Directory Recycle Bin works for both AD DS and
Active Directory Lightweight Directory Services (AD LDS) objects.
This feature is enabled in AD DS at the Windows Server 2008 R2
forest functional level.
v Active Directory module for Windows
PowerShell and Windows PowerShell™ cmdlets
The
Active Directory module for Windows PowerShell provides command-line scripting
for administrative, configuration, and diagnostic tasks, with a consistent
vocabulary and syntax.
It provides predictable discovery and flexible
output formatting. You can easily pipe cmdlets to build complex operations. The
Active Directory module enables end-to-end manageability with Exchange Server,
Group Policy, and other services.
v Active Directory Administrative
Center
The
Active Directory Administrative Center has a task-oriented administration
model, with support for larger datasets. The Active Directory
Administrative Center can help increase the productivity of IT professionals by
providing a scalable, task-oriented user experience for managing AD DS.
In the past, the lack of a task-oriented user
interface (UI) could make certain activities, such as resetting user passwords,
more difficult than they had to be. The Active Directory Administrative
Center enumerates and organizes the activities that you perform when you manage
a system. These activities may be maintenance tasks, such as backup;
event-driven tasks, such as adding a user; or diagnostic tasks that you perform
to correct system failures.
v
Active Directory Best
Practices Analyzer
The Active Directory Best Practices
Analyzer (BPA) identifies deviations from best practices to help IT
professionals better manage their Active Directory deployments. BPA uses
Windows PowerShell cmdlets to gather run-time data. It analyzes
Active Directory settings that can cause unexpected behavior. It then
makes Active Directory configuration recommendations in the context of
your deployment. The Active Directory BPA is available in Server Manager.
v
Active Directory Web
Services
Active Directory Web Services (ADWS)
provides a Web service interface to Active Directory domains and
AD LDS instances, including snapshots, that are running on the same
Windows Server 2008 R2 server as ADWS.
v
Authentication mechanism
assurance
Authentication mechanism assurance makes
it possible for applications to control resource access based on authentication
strength and method. Administrators can map various properties, including
authentication type and authentication strength, to an identity. Based on
information that is obtained during authentication, these identities are added
to Kerberos tickets for use by applications
v
Offlinedomainjoin
Offline domain join makes provisioning of
computers easier in a datacenter. It provides the ability to preprovision
computer accounts in the domain to prepare operating system images for mass
deployment. Computers are joined to the domain when they first start. This
reduces the steps and time necessary to deploy computers in a datacenter.
v ManagedServiceAccounts
Managed Service Accounts provide simple management of service accounts. At the Windows Server 2008 R2 domain functional level, this feature provides better management of service principal names (SPNs). Managed Service Accounts help lower total cost of ownership (TCO) by reducing service outages (for manual password resets and related issues). You can run one Managed Service Account for each service that is running on a server, without any human intervention for password management. For more information, see the Service Accounts Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=134695).
Managed Service Accounts provide simple management of service accounts. At the Windows Server 2008 R2 domain functional level, this feature provides better management of service principal names (SPNs). Managed Service Accounts help lower total cost of ownership (TCO) by reducing service outages (for manual password resets and related issues). You can run one Managed Service Account for each service that is running on a server, without any human intervention for password management. For more information, see the Service Accounts Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=134695).
v Active Directory
Management Pack
The Active Directory Management Pack enables proactive monitoring of availability and performance of AD DS. It discovers and detects computer and software states, and it is aligned with the health state definitions. The Active Directory Management Pack works with Windows Server 2008 and Windows Server 2008 R2 and Microsoft® Systems Center Operations Manager 2007.
The Active Directory Management Pack enables proactive monitoring of availability and performance of AD DS. It discovers and detects computer and software states, and it is aligned with the health state definitions. The Active Directory Management Pack works with Windows Server 2008 and Windows Server 2008 R2 and Microsoft® Systems Center Operations Manager 2007.
v Bridgehead
Server Selection
The bridgehead server selection process enables domain controllers to load balance incoming connections. The new logic for bridgehead server selection allows for even distribution of workload among bridgehead servers.
The bridgehead server selection process enables domain controllers to load balance incoming connections. The new logic for bridgehead server selection allows for even distribution of workload among bridgehead servers.
Active Directory Domain Services Role
Active Directory Domain
Services (AD DS) in the Windows Server® 2008 operating system
stores information about users, computers, and other devices on the network.
AD DS helps administrators securely manage this information and
facilitates resource sharing and collaboration between users. AD DS is
also required to be installed on the network in order to install
directory-enabled applications such as Microsoft® Exchange Server and for
applying other Windows Server technologies such as Group Policy.
The Windows Server® 2008 operating system provides
organizations with a way to define different password and account lockout
policies for different sets of users in a domain. In Microsoft®
Windows® 2000 and Windows Server® 2003 Active Directory domains,
only one password policy and account lockout policy could be applied to all
users in the domain. These policies were specified in the Default Domain Policy
for the domain. As a result, organizations that wanted different password and
account lockout settings for different sets of users had to either create a
password filter or deploy multiple domains. Both options are costly for
different reasons.
You can use fine-grained password policies to specify multiple
password policies within a single domain. You can use fine-grained password
policies to apply different restrictions for password and account lockout
policies to different sets of users in a domain.
For example, you can
apply stricter settings to privileged accounts and less strict settings to the
accounts of other users. In other cases, you might want to apply a special
password policy for accounts whose passwords are synchronized with other data
sources.
A
read-only domain controller (RODC) is a new type of domain controller in the
Windows Server® 2008 operating system. With an RODC, organizations
can easily deploy a domain controller in locations where physical security
cannot be guaranteed. An RODC hosts read-only partitions of the
Active Directory® Domain Services (AD DS) database.
Before
the release of Windows Server 2008, if users had to authenticate with a
domain controller over a wide area network (WAN), there was no real
alternative. In many cases, this was not an efficient solution. Branch offices
often cannot provide the adequate physical security that is required for a
writable domain controller. Furthermore, branch offices often have poor network
bandwidth when they are connected to a hub site. This can increase the amount
of time that is required to log on. It can also hamper access to network
resources.
Beginning
with Windows Server 2008, an organization can deploy an RODC to address
these problems. As a result, users in this situation can receive the following
benefits:
·
Improved security
·
Faster logon times
·
More efficient access to resources on the network
Inadequate
physical security is the most common reason to consider deploying an RODC. An
RODC provides a way to deploy a domain controller more securely in locations
that require fast and reliable authentication services but cannot ensure
physical security for a writable domain controller.
However,
your organization may also choose to deploy an RODC for special administrative
requirements. For example, a line-of-business (LOB) application may run
successfully only if it is installed on a domain controller. Or, the domain
controller might be the only server in the branch office, and it may have to
host server applications.
In
such cases, the LOB application owner must often log on to the domain
controller interactively or use Terminal Services to configure and manage the
application. This situation creates a security risk that may be unacceptable on
a writable domain controller.
An
RODC provides a more secure mechanism for deploying a domain controller in this
scenario. You can grant a nonadministrative domain user the right to log on to
an RODC while minimizing the security risk to the Active Directory forest.
You
might also deploy an RODC in other scenarios where local storage of all domain
user passwords is a primary threat, for example, in an extranet or
application-facing role.
Administrators can stop and restart
Active Directory® Domain Services (AD DS) in the
Windows Server® 2008 operating system by using Microsoft Management
Console (MMC) snap-ins or the command line.
Restartable AD DS reduces the time that is required to
perform certain operations. AD DS can be stopped so that updates can be
applied to a domain controller. Also, administrators can stop AD DS to
perform tasks, such as offline defragmentation of the Active Directory
database, without restarting the domain controller. Other services that are
running on the server and that do not depend on AD DS to function, such as
Dynamic Host Configuration Protocol (DHCP), remain available to satisfy client
requests while AD DS is stopped.
he Active Directory® database mounting tool (Dsamain.exe) can
improve recovery processes for your organization by providing a means to
compare data as it exists in snapshots or backups that are taken at different
times so that you can better decide which data to restore after data loss. This
eliminates the need to restore multiple backups to compare the
Active Directory data that they contain.
By using the Active Directory database mounting tool, you can
examine any changes that are made to data that is stored in
Active Directory Domain Services (AD DS). For example, if an object
is accidentally modified, you can use the Active Directory database
mounting tool to examine the changes and help you better decide how to correct
them if necessary.
Steps
to create Active Directory
1.Start->Run>dcpromo
2.This wizard window will appear.click next
3.Choose domain controller for the new domain.
4.crete new domin in a new forest.
5. Enter the full DNS name of the new domain, for example -
kuku.co.il - this must be the same as the DNS zone you've created in step 3,
and the same as the computer name suffix you've created in step 1. Click Next.
6. Accept the the down-level NetBIOS domain name, in this
case it's KUKU. Click Next
7. Accept the Database and Log file location dialog box
(unless you want to change them of course). The location of the files is by
default %systemroot%\NTDS, and you should not change it unless you have
performance issues in mind. Click Next.
8. If
your DNS server, zone and/or computer name suffix were not configured correctly
you will get the following warning:This means the Dcpromo wizard could not
contact the DNS server, or it did contact it but could not find a zone with the
name of the future domain. You should check your settings. Go back to steps 1,
2 and 3. Click Ok.You have an option to let Dcpromo do the configuration for
you. If you want, Dcpromo can install the DNS service, create the appropriate
zone, configure it to accept dynamic updates, and configure the TCP/IP settings
for the DNS server IP address.To let Dcpromo do the work for you, select
"Install and configure the DNS server...".
Otherwise,
you can accept the default choice and then quit Dcpromo and check steps 1-3.
9.
If your DNS settings were right, you'll get a confirmation window.
10.
Accept the Permissions compatible only with Windows 2000 or Windows Server 2003
settings, unless you have legacy apps running on Pre-W2K servers.
11.
Enter the Restore Mode administrator's password. In Windows Server 2003 this
password can be later changed via NTDSUTIL. Click Next.
12. Review your settings and if you like what you see -
Click Next
13. See the wizard going through the various stages of
installing AD. Whatever you do - NEVER click Cancel!!! You'll wreck your
computer if you do. If you see you made a mistake and want to undo it, you'd
better let the wizard finish and then run it again to undo the AD.
14. If all went well you'll see the final confirmation
window. Click Finish.
15. You must reboot in order for the AD to function properly
Order
of processing setting
- Local Group Policy object--Each computer has
exactly one Group Policy object that is stored locally.
- Site--Any Group Policy objects that have been
linked to the site are processed next. Processing is synchronous and in an
order that is specified by the administrator.
- Domain--Processing of multiple
domain-linked Group Policy objects is synchronous and in an order
specified by the administrator.
- Organizational units--Group Policy objects
that are linked to the organizational unit that is highest in the Active
Directory hierarchy are processed first, then Group Policy objects that
are linked to its child organizational unit, and so on. Finally, the Group
Policy objects that are linked to the organizational unit that contains
the user or computer are processed.
At the level of each organizational unit in the Active Directory hierarchy, one, many, or no Group Policy objects can be linked. If several Group Policy objects are linked to an organizational unit, their processing is synchronous and in an order that is specified by the administrator.
This order means that the local
Group Policy object is processed first, and Group Policy objects that are
linked to the organizational unit of which the computer or user is a direct
member are processed last, which overwrites the earlier Group Policy objects.
Exceptions to the default order
The default order for processing
settings is subject to the following exceptions:
·
Any Group Policy object that is linked to a site, domain, or
organizational unit (not a local Group Policy object) can be set to No
Override with respect to that site, domain, or organizational unit, so
that none of its policy settings can be overridden. When more than one Group
Policy object has been set to No Override, the one that is highest
in the Active Directory hierarchy (or higher in the hierarchy that is specified
by the administrator at each fixed level in Active Directory) takes
precedence.
Note that No Override and Disabled are settings on Group Policy objects links, not on the Group Policy objects. A Group Policy object can be linked several times to the same organizational unit, and No Override and Disabled can be configured independently on each of the links. (Although multiple links from one Group Policy object to a single organizational unit are seldom useful, this capability illustrates the flexibility of the Group Policy infrastructure.)
For information about how to set links as No Override and Disabled, see Prevent a Group Policy object from being overridden and Disable a Group Policy object link.
Note that No Override and Disabled are settings on Group Policy objects links, not on the Group Policy objects. A Group Policy object can be linked several times to the same organizational unit, and No Override and Disabled can be configured independently on each of the links. (Although multiple links from one Group Policy object to a single organizational unit are seldom useful, this capability illustrates the flexibility of the Group Policy infrastructure.)
For information about how to set links as No Override and Disabled, see Prevent a Group Policy object from being overridden and Disable a Group Policy object link.
·
At any site, domain, or organizational unit, you can mark Group
Policy inheritance selectively as Block Policy inheritance. Group
Policy object links that are set to No Override are always
applied, however, and they cannot be blocked.
The Block Policy inheritance setting is applied directly to the site, domain, or organizational unit. It is not applied to Group Policy objects, nor is it applied to Group Policy object links. Block Policy inheritance deflects all Group Policy settings that would reach the site, domain, or organizational unit from above (by way of links to parents in the Active Directory hierarchy), no matter what Group Policy objects those settings originate from. However, Block Policy inheritance does not deflect Group Policy settings from Group Policy objects that are linked directly to the site, domain, or organizational unit that has Block Policy inheritance enabled.
The Block Policy inheritance setting is applied directly to the site, domain, or organizational unit. It is not applied to Group Policy objects, nor is it applied to Group Policy object links. Block Policy inheritance deflects all Group Policy settings that would reach the site, domain, or organizational unit from above (by way of links to parents in the Active Directory hierarchy), no matter what Group Policy objects those settings originate from. However, Block Policy inheritance does not deflect Group Policy settings from Group Policy objects that are linked directly to the site, domain, or organizational unit that has Block Policy inheritance enabled.
·
A computer that is a member of a workgroup processes only the
local Group Policy object.
·
Loopback is an advanced Group Policy setting that is useful on
computers in certain closely managed environments, such as kiosks,
laboratories, classrooms, and reception areas. For a description of loopback,
click the Explain tab after you double-click User
Group Policy loopback processing mode in the details pane of the
Microsoft Management Console (MMC), which is located under Computer
Configuration\Administrative Templates\System\Group Policy.
Loopback provides alternatives to the default method of obtaining the ordered list of Group Policy objects whose User Configuration settings affect a user. By default, a user's settings come from a Group Policy object list that depends on the user's location in Active Directory. The ordered list goes from site-linked to domain-linked to organizational unit-linked Group Policy objects, with inheritance determined by the location of the user in Active Directory and in an order that is specified by the administrator at each level.
Loopback can be set to Not Configured, Enabled, or Disabled, as can any other Group Policy setting. In the Enabled state, loopback can be set to Merge or Replace.
Loopback provides alternatives to the default method of obtaining the ordered list of Group Policy objects whose User Configuration settings affect a user. By default, a user's settings come from a Group Policy object list that depends on the user's location in Active Directory. The ordered list goes from site-linked to domain-linked to organizational unit-linked Group Policy objects, with inheritance determined by the location of the user in Active Directory and in an order that is specified by the administrator at each level.
Loopback can be set to Not Configured, Enabled, or Disabled, as can any other Group Policy setting. In the Enabled state, loopback can be set to Merge or Replace.
·
Loopback with Replace--In the case of Loopback with Replace, the Group Policy
object list for the user is replaced in its entirety by the Group Policy object
list that is already obtained for the computer at computer startup (during step
2 in Order of events when starting up
and logging on). The User Configuration settings from this list are applied to
the user.
·
Loopback with Merge--In the case of Loopback with Merge, the Group Policy
object list is a concatenation. The default step 2 list for computers in Order of events when starting up
and logging on is appended to the default step 7 list for users, and the
user gets the User Configuration settings in the concatenated list. Note that
the Group Policy object list that is obtained for the computer is applied
later, and therefore it has precedence if it conflicts with settings in the
user's list.
Group
Policy
You can use Group Policy to manage
features included with the Microsoft® Windows Server 2003 family, such as
Group Policy Software Installation, Administrative Templates, Folder
Redirection, Remote Installation Services, Security Settings, Scripts
(Startup/Shutdown and Logon/Logoff) and Internet Explorer Maintenance.
Group
Policy Managment
The Group Policy Management
Console snap-in provides a single user interface through which to manage Group
Policy across an enterprise. The Group Policy Management Console consists of a
Microsoft Management Console (MMC) snap-in and a set of scriptable interfaces
for managing Group Policy
Group
Policy setting are processed in the following order.
- Local Group Policy object—Each computer has
exactly one Group Policy object that is stored locally. This processes for
both computer and user Group Policy processing.
- Site—Any GPOs that have been linked to the
site that the computer belongs to are processed next. Processing is in the
order that is specified by the administrator, on theLinked Group Policy
Objects tab for the site in Group Policy Management Console
(GPMC). The GPO with the lowest link order is processed
last, and therefore has the highest precedence.
- Domain—Processing of multiple domain-linked GPOs
is in the order specified by the administrator, on the Linked Group
Policy Objects tab for the domain in GPMC. The GPO with the
lowest link order is processed last, and therefore has
the highest precedence.
- Organizational units—GPOs that are linked to
the organizational unit that is highest in the Active Directory hierarchy
are processed first, then GPOs that are linked to its child organizational
unit, and so on. Finally, the GPOs that are linked to the organizational
unit that contains the user or computer are processed.
At the level of each organizational unit in the Active Directory hierarchy, one, many, or no GPOs can be linked. If several GPOs are linked to an organizational unit, their processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the organizational unit in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence.
Group
Policy Applied in the following order.
Domain.
Sites.
Organizational Unit(OU)
Forest.
Types of servers.
The multiple types of servers or types of network servers are
as follows:
- Server
Platform: Server
platform is the fundamental hardware or software for a system which acts
as an engine that drives the server. It is often used synonymously with an
operating system.
- Application
Server: Also
known as a type of middleware, it occupies a substantial amount of
computing region between database servers and the end user, and is
commonly used to connect the two.
- Audio/Video
Server: It
provides multimedia capabilities to websites by helping the user to
broadcast streaming multimedia content.
- Chat
Server: It
serves the users to exchange data in an environment similar to Internet
newsgroup which provides real-time discussion capabilities.
- Fax
Server: It
is one of the best options for organizations that seek minimum incoming
and outgoing telephone resources, but require to fax actual documents.
- FTP
Server: It
works on one of the oldest of the Internet services, the file transfer
protocol. It provides a secure file transfer between computers while
ensuring file security and transfer control.
- Groupware
Server: It
is a software designed that enables the users to work together,
irrespective of the location, through the Internet or a corporate intranet
and to function together in a virtual atmosphere.
- IRC
Server: It
is an ideal option for those looking for real-time discussion
capabilities. Internet Relay Chat comprises different network servers that
enable the users to connect to each other through an IRC network.
- List
Server: It
provides a better way of managing mailing lists. The server can be either
open interactive discussion for the people or a one-way list that provides
announcements, newsletters or advertising.
- Mail
Server: It
transfers and stores mails over corporate networks through LANs, WANs and
across the Internet.
- News
Server: It
serves as a distribution and delivery source for many public news groups,
approachable over the USENET news network.
- Proxy
Server: It
acts as a mediator between a client program and an external server to
filter requests, improve performance and share connections.
- Telnet
Server: It
enables the users to log on to a host computer and execute tasks as if
they are working on a remote computer.
- Virtual
Servers:
A virtual server is just like a physical computer because it is committed
to an individual customer's demands, can be individually booted and
maintains privacy of a separate computer. Basically, the distance among
shared and dedicated (hosting) servers is reduced providing freedom to
other customers, at a less cost. Now, it has become omnipresent in the
data center.
- Web
Server: It
provides static content to a web browser by loading a file from a disk and
transferring it across the network to the user's web browser. This
exchange is intermediated by the browser and the server, communicating
using HTTP.
No comments:
Post a Comment