LOVELY

Professional UNIVERSITY

Homework Title / No. – 4 Course Code:

INT-406

Course Instructor: Ms. Monal

Date of Allotment: 20/04/2011 Date of submission:

22/04/2011

Student’s Roll No. –B30 Section No.

E2801

Declaration:

I declare that this assignment is my individual work. I have not copied from any
other student’s work or from any other source except where due acknowledgment
is made explicitly in the text, nor has any part been written for me by another
person.

Student’s name:
Rohit kapoor
 Part A

Ques 1:-How Disk Management is done in Windows 2003 Server?

Ans: - You can use the Windows Server 2003 Disk Management snap-in tool to manage your hard disks
and the volumes or partitions that they contain. With Disk Management, you can create and delete
partitions; format volumes with the FAT, FAT32, or NTFS file systems; change basic disks to dynamic
disks, and change dynamic disks back to basic disks; and create fault-tolerant disk systems. You can
perform most disk-related tasks without having to restart your computer because most configuration
changes take effect immediately. This article describes some of the more common disk storage
management tasks that you can perform by using Disk Management.

Start Disk Management

Note:-

You must be logged on as Administrator or a member of the Administrators group to use Disk
Management.

1. Click Start, point to Administrative Tools, and then click Computer Management.
2. In the console tree, click Disk Management.

The Disk Management window that appears displays your disks and volumes in a graphical view
or list view.

To customize whether you view your disks and volumes in the upper or lower pane of the window,
point to Top or Bottom on the View menu, and then click the view that you want.

Note:-

Before a new, unpartitioned disk can be used in Windows (partitioned or upgraded to Dynamic Disk), it
must contain a disk signature. The first time that you run the Disk Management snap-in after a new hard
disk is installed, the Disk Signature and Upgrade Disk Wizard starts. If you cancel the wizard, you may
find that when you try to create a partition on the new hard disk, the Create Partition option is
unavailable (appears dimmed).

Ques 2:- What are the two main applications to configure the Terminal Server? Apply a Group Policy
to ‘Remove disconnects option from Shut Down dialog’.

Ans: -
Using the Terminal Services Client
Before you can manage your Terminal Services servers remotely, you must create a connection to these
servers. This procedure uses the Client Connection Manager tool to create icons for all of the Terminal
Services servers you want to manage.

To Create a Connection to the Terminal Services Server

1. Click Start, point to Programs, point to Terminal Services Client, and then click Client
Connection Manager.
2. When the Client Connection Manager Wizard starts, click Next.
3. In the Connection name box, type a descriptive name for the connection.
4. In the Server name or IP address box, type the server's name or IP address, or click Browse to
search for the server. When you are done, click Next.
5. Leave all automatic logon information blank. Using automatic logon information might present a
security problem if a non-administrator has access to the computer from which you run the
client. Click Next.
6. Click a screen resolution that is appropriate for you. It is best to use the largest area you can
select (the client does not let you select an area that is larger than your local screen can display).
Do not select Full screen at this time; you can toggle between windowed and full screen modes
later. Leaving the initial connection in a window helps reinforce the fact that you are working on
a remote computer rather than your local workstation. Click Next.
7. Leave the Enable data compression and Cache bitmaps check boxes clear. They are useful only if
you are working over a slow dial-up link. Click Next.
8. Leave the Start the following program check box clear. You want the client to display the server's
desktop. Click Next. Change the icons if you want to. Click Next. Click Finish to complete the
wizard.

This process creates an icon for your server. Double-clicking the icon connects you to the server. You
can also right-click the icon to change the connection properties if you need to.

To Connect to the Server Using Terminal Services

1. Double-click the server icon in Client Connection Manager.

2. The Terminal Services client window appears and displays the server's logon dialog box. You
might need to double-click the window's title bar to see it all.
3. Type an appropriate set of credentials to log on to the server. Typically, you will log on as some
kind of administrator (local, domain, or enterprise).
4. If you use correct credentials, you see the server's desktop.

Note that this is very different from using a remote-control product. You are not manipulating the
keyboard, mouse, and screen at the server. Instead, you are logged on to the computer and have created
a new session, but this session is displayed remotely, over Terminal Services, rather than locally at the
computer. You do, however, have full access to the computer's programs just as if you were working at its
local console.
Disconnecting the Terminal Services client

There is an important distinction between disconnecting from a session and logging off. If you only close
the Terminal Services client window, your session remains active on the server. When you connect again,
Terminal Services reconnects you to that session. Any programs that you left running in the session are
still available. To end the session, you need to log off by using the remote computer's Start menu. Note
that this logs you off and ends the remote session. It does not log off the user at the computer's local
console.

To remove the Disconnect item from the Shut Down dialog

1. Open Group Policy.

2. In Computer Configuration, Administrative Templates, Windows Components, Terminal Services,

double-click the Remove Disconnect item from Shut Down dialog setting.

3. Click Enabled, and then click OK.

Important

Ques 3:-How we convert dynamic disk to basic disk?

Ans:- In Windows 2000/XP/Server 2003/Vista/Server 2008 and Windows 7, it is easy to the conversion
of basic disk to dynamic disk, but convert/change a dynamic disk to basic disk very annoying, because in
many cases "Revert to Basic Disk" option is greyed out in disk management, and cannot revert back to a
basic drive. When using DiskPart.exe tool in command line, it's requisite to clean all of volumes on the
dynamic disk for the conversion. This topic is the summary about converting/reverting a dynamic disk to
basic disk.
 There are the three ways:-
• Convert a dynamic disk to basic disk via deleting all volumes on the dynamic disk.
• Convert a dynamic disk to basic disk via using Partition Recovery Software.
• Convert a dynamic disk to basic disk with NO DATA LOSS by using Dynamic Disk
Converter.
The first way: Convert to basic disk via deleting all volumes on the dynamic disk
• Tip:
This way is the simplest and most commonly, and it most can not guarantee data security, so you
need to back up all the data on all the volumes on the dynamic disk you want to convert to a
basic disc.
• Principle:
After backing up data, delete all the volumes on the dynamic disc by using Windows Disk
Management, and then revert/convert a dynamic disk to a basic disk.
• Steps:
 1. First, let us to see the following graph:

By the above graph, we have saw "Convert to Basic Disk" that is unavailable state if there are
volumes on the dynamic disk, so we cannot revert it to Basic Disk.
2. Log on Windows as Administrator Privilege please, click Start Menu -> Run, and type
"diskmgmt.msc" to input box, and press Enter key or click OK to open Windows Disk
Management.
3. On Disk Management opened, delete all the volumes on the dynamic disk in turn.

Here, respectively, to delete the volume (I:), volume(F:) and volume (C:) on the dynamic disk.
4. After the deleting, right-click the gray area that contains the disk title on the left side of the
Details pane. For example, right-click Disk 1.

After does not any volume on the dynamic disk, the "Convert to Basic Disk" item will be
available, now you can change the dynamic disk to basic. And then, copy the previous backup
data to the basic disk.
The second way: Convert to basic disk via using Partition Recovery Software
• Tip:
In this way, more complicated, work base on the first way, and it is still necessary to delete all
the volumes on the dynamic disk. Use Partition Recovery software to assist you convert to basic
disk. However, this recovery partition is at risk, but the advantage of the way is that the data not
need to be backed up, because this partition deleted can be recovered by Partition Recovery
Software.
• Principle:
Delete all the dynamic volumes on the disk via the first way, and convert the disk to basic, and
then recover the previous deleted partition by using Partition Recovery Software.
• Steps:

1. Boot your operating system from the other disk (The other disk means is that the disk you do not
want to convert), and delete all the dynamic volumes on the disk you want to convert to basic.
(Detail step see the first way)
2. Here, using the partition recovery tool to revert the previous partition that you have deleted.
The best way: Convert to basic disk by using Dynamic Disk Converter
• Tip:
The above two ways are relatively complex and cumbersome. If you do not want to do these
things manually, it is a good choice that using Dynamic Disk Converter fulfills dynamic disk
conversion to basic disk. Dynamic Disk Converter directly and safely convert a dynamic disk
back to basic disk without loss of data, and also sector by sector clone from spanned, striped,
mirrored and RAID 5 volume to a basic partition.
• Principle:
Automatically and safely complete the conversion of the dynamic disk to basic disk with NO
DATA LOSS via Dynamic Disk Converter.
• Steps:

1. Launch the Dynamic Disk Converter as Administrator Privilege to enter into Welcome to use,
and click Next to skip the welcome screen go to main interface as follows.

Check Method 1 to convert directly one disk to basic, and click on Next.
2. And then, select a dynamic disk that you look forward to convert in the below:

On the above graph click Next to continue.

 3. Here, Dynamic Disk Converter let you confirm the conversion operation as follows:

And then click Proceed to start this conversion process. After completing, you must restart your
computer to take effect.

Part B

Ques 4:-Describe various RAID Levels. Which RAID level use Striping with Parity?

Ans: - A number of standard schemes have evolved which are referred to as levels. There were five
RAID levels originally conceived, but many more variations have evolved, notably several nested levels
and many non-standard levels (mostly proprietary). RAID levels and their associated data formats are
standardized by SNIA in the Common RAID Disk Drive Format (DDF) standard.

 Following is a brief textual summary of the most commonly used RAID levels.

• RAID 0 :-

(block-level striping without parity or mirroring) has no (or zero) redundancy. It provides
improved performance and additional storage but no fault tolerance. Hence simple stripe sets are
normally referred to as RAID 0. Any disk failure destroys the array, and the likelihood of failure
increases with more disks in the array (at a minimum, catastrophic data loss is twice as likely
 compared to single drives without RAID).

A single disk failure destroys the entire array because when data is written to a RAID 0 volume,
the data is broken into fragments called blocks. The number of blocks is dictated by the stripe
size, which is a configuration parameter of the array. The blocks are written to their respective
disks simultaneously on the same sector. This allows smaller sections of the entire chunk of data
to be read off the drive in parallel, increasing bandwidth. RAID 0 does not implement error
checking, so any error is uncorrectable. More disks in the array means higher bandwidth, but
greater risk of data loss.

• RAID 1:-

(Mirroring without parity or striping), data is written identically to multiple disks (a "mirrored
set"). Although many implementations create sets of 2 disks, sets may contain 3 or more disks.

Array provides fault tolerance from disk errors or failures and continues to operate as long as at
least one drive in the mirrored set is functioning. With appropriate operating system support,
there can be increased read performance, and only a minimal write performance reduction.
Using RAID 1 with a separate controller for each disk is sometimes called duplexing.

• RAID 2:-

(bit-level striping with dedicated Hamming-code parity), all disk spindle rotation is
synchronized, and data is striped such that each sequential bit is on a different disk. Hamming-
code parity is calculated across corresponding bits on disks and stored on one or more parity
disks. Extremely high data transfer rates are possible
• RAID 3:-

(byte-level striping with dedicated parity), all disk spindle rotation is synchronized, and data is
striped such that each sequential byte is on a different disk.

Parity is calculated across corresponding bytes on disks and stored on a dedicated parity disk.
Very high data transfer rates are possible

• RAID 4:-

(block-level striping with dedicated parity) is identical to RAID 5 (see below), but confines all
parity data to a single disk, which can create a performance bottleneck. In this setup, files can be
distributed between multiple disks.

Each disk operates independently which allows I/O requests to be performed in parallel, though
data transfer speeds can suffer due to the type of parity. The error detection is achieved through
dedicated parity and is stored in a separate, single disk unit.

• RAID 5 :-

(block-level striping with distributed parity) distributes parity along with the data and requires
all drives but one to be present to operate; drive failure requires replacement, but the array is
not destroyed by a single drive failure. Upon drive failure, any subsequent reads can be
 calculated from the distributed parity such that the drive failure is masked from the end user.

The array will have data loss in the event of a second drive failure and is vulnerable until the
data that was on the failed drive is rebuilt onto a replacement drive. A single drive failure in the
set will result in reduced performance of the entire set until the failed drive has been replaced
and rebuilt.

• RAID 6:-

(block-level striping with double distributed parity) provides fault tolerance from two drive
failures; array continues to operate with up to two failed drives. This makes larger RAID groups
more practical, especially for high-availability systems. This becomes increasingly important as
large-capacity drives lengthen the time needed to recover from the failure of a single drive.
Single-parity RAID levels are as vulnerable to data loss as a RAID 0 array until the failed drive
is replaced and its data rebuilt; the larger the drive, the longer the rebuild will take. Double
parity gives time to rebuild the array without the data being at risk if a single additional drive
fails before the rebuild is complete.

• RAID 10: a mix of RAID 0 & RAID 1

RAID 10 combines the advantages (and disadvantages) of RAID 0 and RAID 1 in a single system.
It provides security by mirroring all data on a secondary set of disks (disk 3 and 4 in the drawing
below) while using striping across each set of disks to speed up data transfers.
RAID 5 level use Striping with Parity:-

A RAID 5 uses block-level striping with parity data distributed across all member disks. RAID 5 has
achieved popularity because of its low cost of redundancy. This can be seen by comparing the number of
drives needed to achieve a given capacity. RAID 1 or RAID 1+0, which yields redundancy, give only s / n
storage capacity, where s is the sum of the capacities of n drives used. In RAID 5, the yield is
where Smin is the size of the smallest disk in the array. As an example, four 1 TB
drives can be made into a 2 TB redundant array under RAID 1 or RAID 1+0, but the same four drives
can be used to build a 3 TB array under RAID 5. Although RAID 5 may be implemented in a disk
controller, some have hardware support for parity calculations (hardware RAID cards with onboard
processors) while some use the main system processor (a form of software RAID in vendor drivers for
inexpensive controllers). Many operating systems also provide software RAID support independently of
the disk controller, such as Windows Dynamic Disks, Linux md RAID, or RAID-Z. A minimum of three
disks is required for a complete RAID 5 configuration. In some implementations a degraded RAID 5 disk
set can be made (three disk set of which only two are online), while mdadm supports a fully-functional
(non-degraded) RAID 5 setup with two disks - which function as a slow RAID-1, but can be expanded
with further volumes.

In the example, a read request for block A1 would be serviced by disk 0. A simultaneous read request for
block B1 would have to wait, but a read request for B2 could be serviced concurrently by disk 1.

RAID 5 parity handling

A concurrent series of blocks (one on each of the disks in an array) is collectively called a stripe. If
another block, or some portion thereof, is written on that same stripe, the parity block, or some portion
thereof, is recalculated and rewritten. For small writes, this requires:

• Read the old data block

• Read the old parity block
• Compare the old data block with the write request. For each bit that has flipped (changed from 0
to 1, or from 1 to 0) in the data block, flip the corresponding bit in the parity block
• Write the new data block
• Write the new parity block

The disk used for the parity block is staggered from one stripe to the next, hence the term distributed
parity blocks. RAID 5 writes are expensive in terms of disk operations and traffic between the disks and
the controller.
The parity blocks are not read on data reads, since this would add unnecessary overhead and would
diminish performance. The parity blocks are read, however, when a read of blocks in the stripe fails due
to failure of any one of the disks, and the parity block in the stripe are used to reconstruct the errant
sector. The CRC error is thus hidden from the main computer. Likewise, should a disk fail in the array,
the parity blocks from the surviving disks are combined mathematically with the data blocks from the
surviving disks to reconstruct the data from the failed drive on-the-fly.

This is sometimes called Interim Data Recovery Mode. The computer knows that a disk drive has failed,
but this is only so that the operating system can notify the administrator that a drive needs replacement;
applications running on the computer are unaware of the failure. Reading and writing to the drive array
continues seamlessly, though with some performance degradation.

Ques 5:- Why are File-level and Share-level permissions required? What are Tweaking Permissions?

Ans: -
File vs. share permissions

You can set resource permissions in two places within Windows NT: at the file level or at the share level.
Each method has advantages and disadvantages.

Share-level security

If you have experience with peer-to-peer networking, you're probably already familiar with share-level
permissions. Share-level permissions are permissions that you can set for network shares. You can set
share-level permissions by right-clicking on a folder and choosing Sharing from the resulting context
menu. Once you've assigned a share name, you can grant access to the share by clicking the Permissions
button and editing the share's permissions, as shown in Figure A.
Figure A: You can give users or groups access to a share.

Although share-level permissions work well across a network, they offer absolutely no protection against
a user who's logged on locally to the computer containing the share. For example, let's say that Joe Smith
wants to gain access to a file that's protected by share permissions. If the share was set to deny access to
Mr. Smith, he wouldn't be able to access the file across the network. However, if he logged on locally at
the server that's hosting the share, he would have no problem gaining access.

Another downside to share-level security is that your server can eventually contain so many shares that
it's hard for users to remember what they all do. Keep in mind that if users want to search for information
and they don't know which share it's contained in, they'll have to find the server in Network
Neighborhood and search each share on the server for the desired information. Although there's
technically nothing wrong with having a zillion shares on a server, doing so can cause frustrations for
users.

File-level security

File-level security usually provides more efficient protection than share-level security. The only real
downside to file-level security is that it only works on an NTFS partition. For example, suppose your C
partition is formatted as FAT and your D partition is formatted as NTFS. You can use either file-level or
share-level permissions on your D partition, but you're limited to using share-level permissions on your
C partition.

File-level permissions offer more protection than share-level permissions. Suppose Joe Smith is at it
again and tries to access a file protected by file-level permissions. The permissions you assign will stop
him from gaining access to the file both across the network and locally.

File-level permissions also offer a greater range of flexibility when assigning permissions. As we
discussed earlier, setting share-level permissions requires you to share a directory and assign
permissions to the share. When using file-level permissions, you can set access to a directory and all the
files within it, or you can control access to an individual file, as shown in Figure B.
Figure B: File-level permissions allow you to set permissions to individual files.

Although you can use a combination of file-level and share-level permissions, it's best to stick to one or
the other. Mixing them on the same volume can result in contradictory user rights.

Ques 6:- Explain the concept of Kerberos Authentication? Give the procedure to apply a Login-Script
that calculator.exe file is running when any User logs on to the domain.
Ans:-The Kerberos version 5 authentication protocol provides a mechanism for authentication — and
mutual authentication — between a client and a server, or between one server and another server.
Windows Server 2003 implements the Kerberos V5 protocol as a security support provider (SSP), which
can be accessed through the Security Support Provider Interface (SSPI). In addition, Windows
Server 2003 implements extensions to the protocol that permit initial authentication by using public key
certificates on smart cards.
The Kerberos Key Distribution Center (KDC) uses the domain’s Active Directory service database as its
security account database. Active Directory is required for default NTLM and Kerberos implementations.
The Kerberos V5 protocol assumes that initial transactions between clients and servers take place on an
open network in which packets transmitted along the network can be monitored and modified at will. The
assumed environment, in other words, is very much like today’s Internet, where an attacker can easily
pose as either a client or a server, and can readily eavesdrop on or tamper with communications between
legitimate clients and servers.