System and Network

Administration
Chapter Three
Bule Hora University

1
What is DHCP?
 DHCP stands for Dynamic Host
Configuration Protocol.
 IP address stands for Internet Protocol
address and is four sets of up to three
numbers, separated by dots (128.255.123.76, for
example). It works much like a phone number
for the Internet so that computers can
communicate with each other.
 Before DHCP, you would have had to type in a
static IP address, 12 numbers that would be
your "address" on the Internet.
2
What is DHCP?
 Configuring computers was more difficult
and distributing unique numbers was a
large organizational problem. DHCP
allows IP addresses to be
automatically assigned, instead of having
to manually type them in.

3
What is DHCP?
 Is a protocol that allows client computers
to automatically receive an IP address
and TCP/IP settings from a Server
 Reduces the amount of time you spend
configuring computers on your network
 Is the default configuration for clients.
 The ipconfig /all command will indicate
whether the configuration came from a
DHCP server computer.
4
What is DHCP?
 When you deploy Dynamic Host Configuration
Protocol (DHCP) servers on your network, you
can automatically provide client computers
and other TCP/IP based network devices
with valid IP addresses.

5
What is DHCP?
 Each computer on the network connects
to a central DHCP server which sending
the clients network configuration
including IP address, subnet mask,
gateway, and DNS servers.

 DHCP simplify the task of administration

for client system configuration and
management.
6
How DHCP Works?

 On the left side we have a computer

without IP address. On the right side there’s
a DHCP server configured with static IP
address 192.168.1.254.
 This DHCP server will supply an IP address
to our computer, this is how it works:

7
How DHCP Works?

 The computer will send a DHCP discover

message. This is a broadcast because it doesn’t
have an IP address and it doesn’t know if there
is a DHCP server on the network. Of course in
our scenario we do have a DHCP server so it will
respond to this broadcast as following:

8
How DHCP Works?

 The DHCP server will respond with a

DHCP offer message which contains an IP
address for the computer (we have to
configure the DHCP server to define which
IP addresses we want to give).
 If we want we can also assign a default
gateway and DNS server(s) to the computer.

9
How DHCP Works?
The DHCP server stores the configuration information
in a database, which includes:
 Valid TCP/IP configuration parameters for all clients
on the network.
 Valid IP addresses, maintained in a pool for
assignment to clients, as well as excluded addresses.
 Reserved IP addresses associated with particular
DHCP clients. This allows consistent assignment of a
single IP address to a single DHCP client.
 The lease duration, or the length of time for which the
IP address can be used before a lease renewal is
required.
10
How DHCP Works?
 A DHCP-enabled client, upon accepting a
lease offer, receives:-
 A valid IP address for the subnet to which
it is connecting.

11
Why use DHCP?
 Without DHCP, IP addresses must be
configured manually for new computers
or computers that are moved from one
subnet to another, and manually reclaimed
for computers that are removed from the
network.

 DHCP enables this entire process to be

automated and managed centrally.
12
Why use DHCP?
 For installing DHCP first we have the
following already setup:

Windows Server 2012 Installed

Active Directory Domain Services
Installed
DNS Server Installed
Static IP on DHCP Server

13
Why use DHCP?

14
Advantage of DHCP?
 The main advantage of DHCP is:
1) its capability to automatically allocate IP
addresses to clients booting on the TCP/IP
network for the first time.
2) Using DHCP reduces the labor involved in
managing the network.
3) Because the DHCP server automatically
dispenses IP addresses and other configuration
information, the process of connecting a new
computer to the network is much simpler.
4) DHCP is very flexible and allows the network
administrator to set up the server one time to
serve many thousands of clients.

15
GROUP POLICY

MANAGEMENT

16
Group Policy Management
 Group Policy is an extremely powerful
Microsoft technology which allows
network administrators in charge of an
Active Directory domain to impose
configuration options on computers and
users on that domain.

17
Group Policy Management
 Group policies are used to restrict what
a user can and can’t do.
For example, they can be used to
remove the “run” command from a users
start menu, or to set a specific
background image.

18
Group Policy Management
 Group policies can be applied to either a
particular computer, or a particular
user.
 When applied to a computer, the
settings are applied to all users who log
onto that computer.
 When applied to a user, the settings
apply to that particular user, no matter
which computer he/she logs on to.
19
Group Policy Management
 Group policies are used for:

Efficiency – reducing network traffic, thus

lowering running costs.
Security - preventing users from tampering
with things they shouldn’t, thus increasing
productivity and reducing administration costs.

 This is the “Effective Setting” for a machine joined

to a domain, and group policy provides the
centralized management and configuration of
operating systems, applications and users setting
in an active directory environment. 20
 Group Policy Management
Amongst the capabilities of Group Policy are:
The ability to deploy software to computers or
users automatically
Apply startup and shutdown scripts to computers,
and logon/logoff scripts to users.
Deploy printers to users or computers.
Redirect system folders (such as My Documents) to
a network location
Apply password and security policies to computer
or users
 Enforce any of thousands of different configuration
options relating to Windows, Explorer, the Start
Menu, the Desktop, as well as specific software
packages such as Microsoft Office.
21
Group Policy Management
 Group Policy is a fully hierarchical system,
with policies implemented at lower levels
inheriting settings from those defined
above. Administrators can apply policies
to Active Directory sites, domains and
organizational units, and configure filtering
by security group.
 We can apply group policy management
when active directory and DNS work
properly.

22
Group Policy Management
 Configuring Policies
To configure a policy, right click on it
in Group Policy Management and
choose 'Edit'. The image below shows the
Group Policy editor, and a number of policy
areas you can edit.

23
Group Policy Management

24
 Group Policy Management
 The policy editor is split into two main parts
Computer Configuration and

User Configuration.

25
Group Policy Management
 Computer policies apply to everyone
who logs on to a particular computer,
whereas User policies apply to users
whatever computer they log on to.

 Policies are fairly logically organized

26
Group Policy Management
 Computer Configuration: is a
configuration to give or deny access
for computer. it is to say that we install
some kind of software to one computer
and not install in another.
 When we put rule to computers to or
not to do we call it computer
configuration.

27
Group Policy Management
 Software Settings
Software Installation - define Windows
Installer packages to install on computers
 Windows Settings
 Scripts (Startup/Shutdown) - defines
scripts which will run when a computer starts
up or shuts down.
Security Settings - Account policies
(password length, lockout policy), registry
security, file system security and more
28
Group Policy Management
 Administrative Templates - the bulk of
the computer related policy elements are
here. You can control network settings,
printer settings, system settings, as well as
settings for various built in Windows
components such as Internet Explorer, Task
Scheduler,Windows Update and many more.
 Preferences - set environment variables,
create and remove files, shortcuts,
directories, ini files and registry entries
29
Group Policy Management
 User Configuration: is a configuration
used to enforce any user to give or to
deny permition. We can give a permition
to one user for example to add and
remove program and hide or deny this
permition for other user user.

30
Group Policy Management
 Software Settings
Software Installation - define Windows Installer
packages to make available to users
 Windows Settings
Scripts (Logon/Logoff) - defines scripts which
will run when a user logs on or off.
Folder Redirection - redirect Windows special
folders (such as My Documents, Downloads and
My Music) to administrator specified locations,
usually on the network.
Internet Explorer Maintenance - configure
Internet Explorer options.

31
Group Policy Management
 Administrative Templates - the bulk of
the user related policy elements are here.
You can control network settings, printer
settings, system settings, as well as settings
for various built in Windows components
such as Internet Explorer, Task Scheduler,
Windows Update and many more.
 Preferences - set control panel settings, as
well as create and remove files, shortcuts,
directories, ini files and registry entries
32
Group Policy Management
 Policies are stored in the Active
Directory.
 computer policies are evaluated and
applied when a computer starts up.
 User policies are applied when a user
logs on.

33
How to Install the Group Policy Management

1. Open the Server Manager. By default,

the Server Manager application is pinned
down at the taskbar. But if you can’t find it
there, you can hold the combination of
Win + R keys to open the Run window.
Then type “Server Manager” and click
“Ok.”
2. In Server Manager’s dashboard, click
“Add roles and features.”

34
35
3.The Add Features and Roles Wizard
will open.
Leave the “Installation Type” with its default
values: “Role-based or Feature-based
installation.”

36
 .
4 Select a server from your server pool. Find the server running
Windows where you want to install the GPMC. Click “Next.”

37
4. Skip Server Roles and Go to “Features.” In the “Features” section,
you should find the “Group Policy Management” tool. Go ahead, tick the
box, click “Next,” and click on “Install.”

38
5. The installation process should take a few
minutes to complete.

39
Windows Deployment
Service

40
Window Deployment Service
 Windows Deployment Services role in
Windows Server 2012 is the updated and
redesigned version of Remote
Installation Services (RIS).

 Windows Deployment Services enables

you to deploy Windows operating
systems. You can use it to set up new
computers by using a network-based
installation
41
Window Deployment Service
 Windows Deployment Services enables you
to manage images and un attend
installation scripts, and provide attended
and unattended installation options.
 Windows Deployment Services facilitates
basic configuration of installations, including:
Partitioning and formatting physical media
Installing the operating system and post-
configuration tasks
Simplifying installation
Providing consistency across your computer
environment
42
Window Deployment Service

 Windows Deployment Services is

intended for administrators who are
responsible for deployment of new
computers in medium and large
organizations.

43
 Window Deployment Service
 In order for WDS to work,
You must have a network card and an active
network connection.
Your computer must be connected to and
registered with the campus network and
using the campus DHCP servers.
AD DS (Active Directory Domain Services) A
Windows Deployment Services server must be
either a member of an AD DS (Active
Directory Domain Services) domain or a
domain controller for an AD DS domain.

44
Window Deployment Service

 DHCP You must have a working DHCP

Server with an active scope on the
network because Windows Deployment
Services uses PXE, which relies on DHCP
for IP addressing .

 PXE (Windows Pre-Boot Execution

Environment ):-all allows you to use other
PXE servers on campus

45
Window Deployment Service
 DNS You must have a working DNS
Server on the network before you can
run Windows Deployment Services.
 NTFS volume the server running
Windows Deployment Services requires
an NTFS File system volume for the
image store.
 Credentials to install the role, you must
be a member of the Local
Administrators group on the server.
46
Domain Name System
(DNS)

47
Host Names vs. IP addresses
 Host names
◦ Mnemonic name appreciated by humans
◦ Variable length, full alphabet of characters
◦ Provide little (if any) information about location
◦ Examples: www.google.com and www.bhu.edu.et
 IP addresses
◦ Numerical address appreciated by routers
◦ Fixed length, binary number
◦ Hierarchical, related to host location
◦ Examples: 64.236.16.20 and 212.58.224.131

48
Human Involvement
 If you want to…
◦ Call someone, you need to ask for their phone
number
 You can’t just dial “X”
◦ Mail someone, you need to get their address first
 What about the Internet?
◦ If you need to reach Google, you need their IP
◦ Does anyone know Google’s IP?
 Problem:
◦ People can’t remember IP addresses
◦ Need human readable names that map to IPs
49
Internet Names and Addresses
 Addresses, e.g. 129.10.117.100
◦ Computer usable labels for machines
◦ Conform to structure of the network
 Names, e.g. www.bhu.edu.et
◦ Human usable labels for machines
◦ Conform to organizational structure
 How do you map from one to the other?
◦ Domain Name System (DNS)

50
 NEED FOR DNS

To identify an entity, TCP/IP protocols use the IP

address, which uniquely identifies the connection of
a host to the Internet.

However, people prefer to use names instead of

numeric addresses. Therefore, we need a system that
can map a name to an address or an address to a
name.
 Eventually, the hosts.txt system fell apart
◦ Not scalable, couldn’t handle the load
◦ Hard to enforce uniqueness of names
 e.g ASTU
 Adama Science and Technology University?
 Addis Ababa Science and Technology University?
◦ Many machines had inaccurate copies of
hosts.txt
 Thus, DNS was born

52
 Towards DNS
Host Names vs. IP addresses

 Names are easier to remember

www.cnn.com vs. 64.236.16.20 (but not tiny urls)

53
Domain Name System
 The “Domain Name System”
◦ Created in 1983 by Paul Mockapetris (RFCs
1034 and 1035), modified, updated, and
enhanced by a myriad of subsequent RFCs
 What Internet users use to reference
anything by name on the Internet
 The mechanism by which Internet
software translates names to addresses
and vice versa

Lecture 13: 02-22-2005 54

What is DNS?
 DNS is a host name to IP address
translation service
 DNS is
◦ a distributed database implemented in a
hierarchy of name servers
◦ an application level protocol for message
exchange between clients and servers

55
Why DNS?
 It is easier to remember a host name than it is
to remember an IP address.
 An name has more meaning to a user than a 4
byte number.
 Applications such as FTP, HTTP, email, etc., all
require the user to input a destination.
 The user generally enters a host name.
 The application takes the host name supplied by
the user and forwards it to DNS for translation
to an IP address.

56
How does it work?
 DNS works by exchanging messages
between client and server machines.
 A client application will pass the
destination host name to the DNS
process (in Unix referred to as the
gethostbyname() routine) to get the IP
address.
 The application then sits and waits for the
response to return.

57
Domain Name System
 A lookup mechanism for translating objects into
other objects
 Users generally prefer names to numbers
 Computers prefer numbers to names
 DNS provides the mapping between the two
◦ I have “x”, give me “y”
 DNS is NOT a directory service
◦ No way to search the database
 No easy way to add this functionality

 A globally distributed, loosely coherent, scalable,

reliable, dynamic database

Lecture 13: 02-22-2005 58

Domain Name System Goals
 Basically a wide-area distributed database
 Scalability
 Decentralized maintenance
 Robustness
 Global scope
◦ Names mean the same thing everywhere

Lecture 13: 02-22-2005 59

DNS at a High-Level
 Domain Name System
 Distributed database
◦ No centralization
 Simple client/server architecture
◦ UDP port 53, some implementations also use
TCP
 Hierarchical namespace
◦ As opposed to original, flat namespace
◦ e.g. .com  google.com  mail.google.com
60
 Naming Hierarchy
Root

net edu com gov mil org uk fr etc.

 Top Level Domains (TLDs) are at

neu bhu the top
 Maximum tree depth: 128
 Each Domain Name is a subtree
ccs ece husky
◦ .edu  neu.edu  ccs.neu.edu 
www.ccs.neu.edu
 Name collisions are avoided
www login mail ◦ neu.com vs. neu.edu
61
Distributed, Hierarchical Database
Root DNS Servers

com DNS servers org DNS servers edu DNS servers

pbs.org poly.edu umass.edu

yahoo.com amazon.com
DNS servers DNS serversDNS servers
DNS servers DNS servers

Client wants IP for www.amazon.com; 1st approx:

 client queries a root server to find com DNS server
 client queries com DNS server to get amazon.com DNS
server
 client queries amazon.com DNS server to get IP address for
www.amazon.com

62
 TLD and Authoritative Servers
 Top-level domain (TLD) servers:
◦ responsible for com, org, net, edu, etc, and all top-level
country domains uk, fr, ca, jp.
◦ Network Solutions maintains servers for com TLD
◦ Educause for edu TLD
 Authoritative DNS servers:
◦ organization’s DNS servers, providing authoritative
hostname to IP mappings for organization’s servers (e.g.,
Web, mail).
◦ can be maintained by organization or service provider

63
 Basic Domain Name Resolution
Mapping a name to an address or an address to a
name is called name-address resolution.

25.64
 Recursive DNS Query
www.google.com
Where is www.google.com?

 Puts the burden of resolution

on the contacted name server
 How does know who to
forward responses too?
ns1.google.com
◦ Random IDs embedded in DNS asgard.ccs.neu.edu
queries
 What have we said about
keeping state in the network?
com

Root 65
 Recursive vs. Iterative Queries
 Recursive query root DNS server

◦ Ask server to get

answer for you 2
3
◦ E.g., request 1 TLD DNS server
4
and response 8 local DNS server
dns.poly.edu 5
 Iterative query
◦ Ask server who
to ask next 1 8
7 6

◦ E.g., all other

authoritative DNS server
request-response dns.cs.umass.edu
pairs requesting host
cis.poly.edu

66
DNS Caching
 Performing all these queries takes time
◦ And all this before actual communication takes place
◦ E.g., 1-second latency before starting Web download
 Caching can greatly reduce overhead
◦ The top-level servers very rarely change
◦ Popular sites (e.g., www.cnn.com) visited often
◦ Local DNS server often has the information cached
 How DNS caching works
◦ DNS servers cache responses to queries
◦ Responses include a “time to live” (TTL) field
◦ Server deletes cached entry after TTL expires

67
DNS components
There are 3 components:
 Name Space:
Specifications for a structured name space
and data associated with the names
 Resolvers:
Client programs that extract information
from Name Servers.
 Name Servers:
Server programs which hold information
about the structure and the names.

68
DNS Name Space
 The name space is the structure of the DNS database
◦ An inverted tree with the root node at the top
 Each node has a label
◦ The root node has a null label, written as “”

The root node

""

top-level node top-level node top-level node

second-level node second-level node second-level node second-level node second-level node

third-level node third-level node third-level node

69
 Domain name space
To have a hierarchical name space, a domain name
space was designed. In this design the names are
defined in an inverted-tree structure with the root at the
top. The tree can have only 128 levels: level 0 (root) to
level 127.

25.70
DNS Name Space
 Domain Names
 A domain name is the sequence of labels from a node to the root,
separated by dots (“.”s), read left to right
◦ The name space has a maximum depth of 127 levels
◦ Domain names are limited to 255 characters in length
 A node’s domain name identifies its position in the name space
""

com edu gov int mil net org

nominum metainfo berkeley nwu nato army uu

west east www

dakota tornado

71
DNS Name Space
 SubDomain Names
 One domain is a subdomain of another if its
apex node is a descendant of the other’s apex
node
 More simply, one domain is a subdomain of
another if its domain name ends in the other’s
domain name
◦ So sales.nominum.com is a subdomain of
 nominum.com
 com
◦ nominum.com is a subdomain of com
72
DNS Name Space
 Delegation
 Administrators can create subdomains to group hosts
◦ According to geography, organizational affiliation or any other
criterion
 An administrator of a domain can delegate
responsibility for managing a subdomain to someone
else
◦ But this isn’t required
 The parent domain retains links to the delegated
subdomain
◦ The parent domain “remembers” who it delegated the
subdomain to

73
DNS Name Space
 Delegation Creates Zones
 Each time an administrator delegates a
subdomain, a new unit of administration is
created
◦ The subdomain and its parent domain can now be
administered independently
◦ These units are called zones
◦ The boundary between zones is a point of delegation
in the name space
 Delegation is good: it is the key to scalability

74
 Dividing a Domain into Zones
Tree is divided into zones nominum.com
Each zone has an domain
administrator
Responsible for the
part of the heirarchy ""
nominum.com
zone

.arpa .com .edu

ams.nominum.com
rwc.nominum.com zone
zone acmebw nominum netsol

rwc www ftp ams

molokai skye gouda cheddar

DNS Name Servers
 Name servers store information about the
name space in units called “zones”
◦ The name servers that load a complete zone are said
to “have authority for” or “be authoritative for” the
zone
 Usually, more than one name server are
authoritative for the same zone
◦ This ensures redundancy and spreads the load
 Also, a single name server may be authoritative
for many zones

76
Hierarchy of name servers
Types of Name Servers
 Two main types of servers
◦ Authoritative – maintains the data
 Master – where the data is edited
 Slave – where data is replicated to
◦ Caching – stores data obtained from an authoritative
server
◦ The most common name server implementation
(BIND) combines these two into a single process
 Other types exist…
 No special hardware necessary
Name Server Architecture
 You can think of a name server as part:
◦ database server, answering queries about the
parts of the name space it knows about (i.e., is
authoritative for),
◦ cache, temporarily storing data it learns from
other name servers, and
◦ agent, helping resolvers and other name
servers find data that other name servers
know about
DNS Name Resolution
 Name resolution is the process by which
resolvers and name servers cooperate to find
data in the name space
 To find information anywhere in the name
space, a name server only needs the names and
IP addresses of the name servers for the root
zone (the “root name servers”)
◦ The root name servers know about the top-level
zones and can tell name servers whom to contact for
all TLDs

Copyright © 2001, Nominum,

Inc.
Name Resolution
 A DNS query has three parameters:
◦ A domain name (e.g., www.google.com),
 Remember, every node has a domain name!
◦ A class (e.g., IN), and
◦ A type (e.g., A)
 A name server receiving a query from a
resolver looks for the answer in its
authoritative data and its cache
◦ If the answer isn’t in the cache and the server isn’t
authoritative for the answer, the answer must be
looked up

Copyright © 2001, Nominum,

Inc.
 The Resolution Process
 Let’s look at the resolution process step-
by-step:

annie.west.sprockets.com
ping www.google.com.
Copyright © 2001, Nominum,
Inc.
 The Resolution Process
 The workstation annie asks its configured name
server, dakota, for www.nominum.com’s address

dakota.west.sprockets.com

What’s the IP address

of
www.nominum.com?

annie.west.sprockets.com
ping www.google.com.
Copyright © 2001, Nominum,
Inc.
 The Resolution Process
 The name server dakota asks a root name server, m, for
www.nominum.com’s address

m.root-servers.net
dakota.west.sprockets.com

What’s the IP address

of
www.nominum.com?

annie.west.sprockets.com
ping www.google.com.
Copyright © 2001, Nominum,
Inc.
 The Resolution Process
 The root server m refers dakota to the .com name servers
 This type of response is called a “referral”

m.root-servers.net
dakota.west.sprockets.com Here’s a list of the
com name servers.
Ask one of them.

annie.west.sprockets.com
ping www.google.com.
Copyright © 2001, Nominum,
Inc.
 The Resolution Process
 The name server dakota asks a com name server, f,
for www.nominum.com’s address
What’s the IP address
of
www.nominum.com?

m.root-servers.net
dakota.west.sprockets.com

f.gtld-servers.net

annie.west.sprockets.com
ping www.google.com.
Copyright © 2001, Nominum,
Inc.
 The Resolution Process
 The com name server f refers dakota to the
nominum.com name servers
Here’s a list of the
nominum.com
name servers.
Ask one of them.
m.root-servers.net
dakota.west.sprockets.com

f.gtld-servers.net

annie.west.sprockets.com
ping www.google.com.
Copyright © 2001, Nominum,
Inc.
 The Resolution Process
 The name server dakota asks an nominum.com name
server, ns1.sanjose, for www.nominum.com’s address
What’s the IP address
of
www.nominum.com?

m.root-servers.net
dakota.west.sprockets.com

ns1.sanjose.nominum.net

f.gtld-servers.net

annie.west.sprockets.com
ping www.google.com.
Copyright © 2001, Nominum,
Inc.
 The Resolution Process
 The nominum.com name server ns1.sanjose
responds with www.nominum.com’s address

m.root-servers.net
dakota.west.sprockets.com

Here’s the IP ns1.sanjose.nominum.net

address for
www.nominum.com
f.gtld-servers.net

annie.west.sprockets.com
ping www.google.com.
Copyright © 2001, Nominum,
Inc.
 The Resolution Process
 The name server dakota responds to annie with
www.nominum.com’s address
Here’s the IP
address for
www.nominum.com

m.root-servers.net
dakota.west.sprockets.com

ns1.sanjose.nominum.net

f.gtld-servers.net

annie.west.sprockets.com
ping www.google.com.
Copyright © 2001, Nominum,
Inc.
 DNS MESSAGES
DNS has two types of messages:
query message and
Response message .
Both types have the same format. The query
message consists of a header and question records;
the response message consists of a header, question
records, answer records, authoritative records, and
additional records.
Query and response messages
The End!!!

93