Chapter Two

Windows Network Concepts

5/7/2024 1
 Workgroups
In computer networking a workgroup is a collection of computers on a
LAN that share common resources and responsibilities.

Windows WORKGROUPs can be found in homes, schools and small

businesses. Computers running Windows Oss in the same work group
may share files, printers, or Internet connection. Workgroup contrasts
with domain, in which computers rely on centralized authentication.

5/7/2024 2
A Windows workgroup is a group of standalone computers in a peer-
to-peer network. Each computer in the workgroup uses its own local
accounts database to authenticate resource access.

The computers in a workgroup also do not have a common

authentication process. The default-networking environment for a
clean windows load is workgroup.

5/7/2024 3
• In general, a given Windows workgroup environment can contain
many computers but work best with 15 or fewer computers. As the
number of computers increases, a workgroup eventually become very
difficult to administer and should be re-organized into multiple
networks or set up as a client-server network.

5/7/2024 4
• The computers in a workgroup are considered peers because they are
all equal and share resources among each other without requiring a
server. Since the workgroup doesn‘t share a common security and
resource database, users and resources must be defined on each
computer. Joining a workgroup requires all participants to use a
matching name, all Windows computers (Windows 7, 8 and 10) are
automatically assigned to a default group named WORKGROUP
(MSHOME in WindowsXP).
5/7/2024 5
To access shared resources on other PCs within its group, a user must
know the name of the workgroup that computer belongs to plus the
username and password of an account on the remote computer.

5/7/2024 6
The main disadvantages of workgroups are:
If a user account will be used for accessing resources on multiple
machines, the user account will need to be created on those machines
this requires that the same username and password be used.
The low security protocol used for authentication between nodes.
Desktop computers have a fixed limit of 15 or less connections. Note
that this is in reference to connections to an individual desktop

5/7/2024 7
• One of the most common mistakes when setting up a peer-to-peer network
is misspelling the workgroup name on one of the computers. For example,
suppose you decide that all the computers should belong to a workgroup
named MYGROUP.
• If you accidentally spell the workgroup name MYGRUOP for one of the
computers, that computer will be isolated in its own workgroup. If you
can‘t locate a computer on your network, the workgroup name is one of
the first things to check.

5/7/2024 8
5/7/2024 9
5/7/2024 10
5/7/2024 11
 Windows Workgroups vs Home groups and Domains
Domain Controller
• Windows domains support client-server local networks. A specially configured computer
called Domain Controller running a Windows Server operating system serves as a
central server for all clients. Windows domains can handle more computers than
workgroups due to the ability to maintain centralized resource sharing and access control.
• A client PC can belong to either to a workgroup or to a Windows domain, but not both.
Assigning a computer to the domain automatically removes it from the workgroup.

5/7/2024 12
Microsoft HomeGroup

Microsoft introduced the Homegroup concepts in windows 7. Homegroups

are designed to simplify the management of workgroups for administrators,
particularly homeowners. Instead of requiring an administrator to manually
set up shared user accounts on every PC, HomeGroup security settings can
be managed through one shared login.

5/7/2024 13
• Joining a Homegroup does not remove a PC from its Windows
WORKGROUP, the two sharing methods co-exist. Computers running
versions of Windows operating systems older than Windows 7 (like
XP and vista), however cannot be members of HomeGroups.

5/7/2024 14
 Domain Controllers
• A domain controller (DC) is a server computer that responds to
security authentication requests within a computer network domain. It
is a network server that is responsible for allowing end devices to
access shared domain resources.

• It authenticates users, stores user account information and enforces

security policy for a domain. It is most commonly implemented in
Microsoft Windows environments, where it is the centerpiece of the
Windows Active Directory service.
5/7/2024 15
• Domain controllers are typically deployed as a cluster to ensure high-
availability and maximize reliability. In a Windows environment, one
domain controller serves as the Primary Domain Controller (PDC) and
all other servers promoted to domain controller status in the domain server
as a Backup Domain Controller (BDC).
• In Unix-based environments, one machine serves as the master domain
controller and others serve as replica domain controllers, periodically
replicating database information from the main domain controller and
storing it in a read-only format.

5/7/2024 16
• On Microsoft Servers, a domain controller (DC) is a server computer that
responds to security authentication requests (logging in, etc.) within a Windows
domain. A Windows domain is a form of a computer network in which all user
accounts, computers, printers and other security principals, are registered with a
central database located on one or more clusters of central computers known as
domain controllers.
• A domain is a concept introduced in Windows NT whereby a user may be granted
access to a number of computer resources with the use of a single username and
password combination.

5/7/2024 17
5/7/2024 18
• Windows Server can be one of three kinds: Active Directory “domain controllers”
(ones that provide identity and authentication), Active Directory “member servers”
(ones that provide complementary services such as file repositories and schema)
and Windows Workgroup “stand-alone servers”. The term “Active Directory Serve”
is sometimes used by Microsoft as synonymous to “Domain Controller” but the
term is discouraged.

5/7/2024 19
 LDAP & Windows Active Directory
Lightweight Directory Access Protocol (LDAP)
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-
neutral, industry standard application protocol for accessing and maintaining
distributed directory information services over an Internet Protocol (IP)
network.
Directory services play an important role in developing intranet and Internet
applications by allowing the sharing of information about users, systems,
networks, services, and applications throughout the network.

5/7/2024 20
A common use of LDAP is to provide a central place to store usernames and
passwords. This allows many different applications and services to connect to the
LDAP server to validate users.
In the early engineering stages of LDAP, it was known as Lightweight Directory
Browsing Protocol, or LDBP. It was renamed with the expansion of the scope of
the protocol beyond directory browsing and searching, to include directory update
functions. It was given its Lightweight name because it was not as network
intensive as its predecessors and thus was more easily implemented over the
Internet due to its relatively modest bandwidth usage.

5/7/2024 21
 Windows Active Directory
• Active Directory (AD) is a directory service developed by Microsoft
for Windows domain networks. It is included in most Windows
Server operating systems as a set of processes and services. Initially,
it was used only for centralized domain management. However, it
eventually became an umbrella title for a broad range of directory-
based identity-related services.

5/7/2024 22
Active Directory is a directory service. The term directory service
refers to two things — a directory where information about users and
resources is stored and a service or services that let you access and
manipulate those resources.

Active Directory is a way to manage all elements of your network,

including computers, groups, users, domains, security policies, and
any type of user-defined objects.
5/7/2024 23
A Directory Service is a software application that stores and
organizes information about the network users and resources.
 The Directory Service allows the network administrators to
manage the user’s access to the resources.
 The Directory acts as a central point of control and management
of the network operating system.

5/7/2024 24
A server running the Active Directory Domain Service (AD DS) role is
called a domain controller. It authenticates and authorizes all users and
computers in a Windows domain type network, assigning and enforcing
security policies for all computers, and installing or updating software.

 For example, when a user logs into a computer that is part of a Windows
domain, Active Directory checks the submitted password and determines
whether the user is a system administrator or normal user.

5/7/2024 25
• Main advantages of Directory Services are: -
 Directory Services help in Simplifying management: By acting as
a single point of management, a directory can ease the administrative
tasks associated with complex networks.
 Directory Services provide higher level of security. Directories offer
a single logon facility and they provide more secure authentication
process.
 Directory Services allow interoperability:

5/7/2024 26
• Server. A domain is group of nodes, workstations, devices
and other servers, etc that are meant to share resources and
data. A server itself is often a part of a domain along with
other clients and servers.

5/7/2024 27
Microsoft Management Console (MMC)
• The Microsoft Management Console (MMC) is used to
implement and manage Active Directory.
• The goals of Active Directory are the same as those of domain
models
• The two most important are :
1. Users should be able to access resources throughout the
domain using a single logon.
2. Administrators should be able to centrally manage both
users and resources.
• Active Directory allows central control and decentralized
administration of mixed NT 4.0 and 2000 Server
domains.

• Clients can be 2000 Server workstations and servers,

Windows 95, Windows 98, or any other system that has
the Active Directory add-on installed. Because Active
Directory is a Microsoft product.
 FUNDAMENTALS OF ACTIVE DIRECTORY
1. If a client wants to access a service or a resource, it does so
using the resource’s Active Directory name. To locate the
resource, the client sends a standard DNS query to a
dynamic DNS server by parsing the Active Directory name
and sending the DNS part of the name as a query to the
dynamic DNS server.

2. The dynamic DNS server provides the network address of

the domain controller responsible for the name. This is
similar to the way static DNS currently operates — it
provides an IP address in response to a name query.
3.The client receives the domain controller’s address and
uses it to make an Lightweight Directory Access
Protocol (LDAP) query to the domain controller. The
LDAP query finds the address of the system that has the
resource or service that the client requires.

4.The domain controller responds with the requested

information. The client accepts this information.

5.The client uses the protocols and standards that the

resource or service requires and interacts with the server
providing the resource.
 Workgroups
In computer networking a workgroup is a collection of computers
on a LAN that share common resources and responsibilities.

Workgroup is Microsoft’s term for a peer-to-peer.

Windows Workgroups can be found in homes, schools and small

businesses.

Computers running Windows OSs in the same workgroup may share

files, printers, or Internet connection.

Workgroup contrasts with domain, in which computers rely on

centralized authentication.
 A Windows workgroup is a group of standalone
computers in a peer-to-peer network.

Each computer in the workgroup uses its own local

accounts database to authenticate resource access.

 The computers in a workgroup also do not have a

common authentication process. The default-networking
environment for a clean windows load is workgroup

5/7/2024 Windows Network Concepts 33

 In general, a given Windows workgroup environment can
contain many computers but work best with 15 or fewer
computers.

As the number of computers increases, a workgroup

eventually become very difficult to administer and should
be re-organized into multiple networks or set up as a
client-server network.

5/7/2024 Windows Network Concepts 34

 The computers in a workgroup are considered peers
because they are all equal and share resources among
each other without requiring a server. Since the
workgroup doesn’t share a common security and resource
database, users and resources must be defined on each
computer.

Joining a workgroup requires all participants to use a

matching name, all Windows computers (Windows 7, 8
and 10) are automatically assigned to a default group

5/7/2024 Windows Network Concepts 35

 To access shared resources on other PCs within its group,
a user must know the name of the workgroup that
computer belongs to plus the username and password of an
account on the remote computer.

5/7/2024 Windows Network Concepts 36

 The main disadvantages of workgroups are:
• If a user account will be used for accessing resources on multiple
machines, the user account will need to be created on those
machines this requires that the same username and password be
used.

• The low security protocol used for authentication between nodes.

• Desktop computers have a fixed limit of 15 or less connections.

Note that this is in reference to connections to an individual
desktop.

5/7/2024 37
 One of the most common mistakes when setting up a peer-to-
peer network is misspelling the workgroup name on one of the
computers. For example, suppose you decide that all the
computers should belong to a workgroup named MYGROUP.

If you accidentally spell the workgroup name MYGRUOP for

one of the computers, that computer will be isolated in its own
workgroup. If you can’t locate a computer on your network, the
workgroup name is one of the first things to check.

5/7/2024 38
 Windows Workgroups vs Homegroups and Domains
Domain Controller

Windows domains support client-server local networks.

A specially configured computer called Domain

Controller running a Windows Server operating system
serves as a central server for all clients.

Windows domains can handle more computers than

workgroups due to the ability to maintain centralized
resource sharing and access control.

5/7/2024 39
 A client PC can belong to either to a workgroup or to a
Windows domain, but not both. Assigning a computer to
the domain automatically removes it from the workgroup.

5/7/2024 40
 Microsoft HomeGroup
Microsoft introduced the Homegroup concepts in
windows 7. Homegroups are designed to simplify the
management of workgroups for administrators,
particularly homeowners. Instead of requiring an
administrator to manually set up shared user accounts on
every PC.

 HomeGroup security settings can be managed through

one shared login.

5/7/2024 41
 Joining a Homegroup does not remove a PC from its
Windows WORKGROUP, the two sharing methods co-
exist.

Computers running versions of Windows operating

systems older than Windows 7 (like XP and vista),
however cannot be members of HomeGroups

5/7/2024 42
5/7/2024 43
5/7/2024 44
5/7/2024 45
 Domain Controllers
A domain controller (DC) is a server computer that responds to
security authentication requests within a computer network domain.

 It is a network server that is responsible for allowing end devices

to access shared domain resources. It authenticates users, stores user
account information and enforces security policy for a domain.

It is most commonly implemented in Microsoft Windows

environments, where it is the centerpiece of the Windows Active
Directory service.
 Domain controllers are typically deployed as a cluster to
ensure high-availability and maximize reliability.

In a Windows environment, one domain controller serves

as the Primary Domain Controller (PDC) and all other
servers promoted to domain controller status in the domain
server as a Backup Domain Controller (BDC).

5/7/2024 47
 On Microsoft Servers, a domain controller (DC) is a
server computer that responds to security authentication
requests (logging in, etc.) within a Windows domain.

 A Windows domain is a form of a computer network in

which all user accounts, computers, printers and other
security principals, are registered with a central database
located on one or more clusters of central computers
known as domain controllers.

5/7/2024 48
 A domain is a concept introduced in Windows NT
whereby a user may be granted access to a number of
computer resources with the use of a single username and
password combination. You must setup at least one
Domain Controller in every Windows domain. The
following figure shows the Domain Controller in
Windows domain.

5/7/2024 49
5/7/2024 50
Domain Controller
Windows Server can be one of three kinds:
1. Active Directory “domain controllers” (ones that
provide identity and authentication),
2. Active Directory “member servers” (ones that provide
complementary services such as file repositories and
schema)
3. Windows Workgroup “stand-alone servers”. The term
“Active Directory Server” is sometimes used by
Microsoft as synonymous to “Domain Controller”
 System requirements for a Domain Controller
• Processor
1.4 GHz 64-bit processor
Compatible with x64 instruction set
• RAM
The following are the estimated minimum RAM requirements for
the product:
512 MB (2 GB for Server with Desktop Experience installation
option)
• Network adapter requirements

5/7/2024 52
 Difference between Domain and Workgroup :

5/7/2024 53