My Pix’z

| View Show | Create Your Own

Using Group Policy Objects to hide specified drives

With Group Policy Objects in Windows, there is a “Hide these specified drives in My Computer” option that lets you hide specific drives. However, it may be necessary to hide only certain drive, but retain access to others.

There are seven default options for restricting access to drives. You can add other restrictions by modifying the System.adm file for the default domain policy or any custom Group Policy Object (GPO). The seven default selections are:

•	Restrict A, B, C and D drives only
•	Restrict A, B and C drives only
•	Restrict A and B drives only
•	Restrict all drives
•	Restrict C drive only
•	Restrict D drive only
•	Do not restrict drives

Microsoft does not recommend to change the System.adm file, but instead to create a new .adm file and import this .adm into the GPO. The reason is that if you apply changes to the system.adm file, these changes might get overwritten if Microsoft releases a new version of the system.adm file in a Service Pack.

The whitepaper “Implementing Registry-Based Group Policy for Applications” explains how to write custom .ADM files. To view this whitepaper, please see the following Microsoft Web site:

MORE INFORMATION

The default location of the System.adm file for a default domain policy is:

%SystemRoot%\Sysvol\Sysvol\YourDomainName\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Adm\System.adm

The contents of these folders are replicated throughout a domain by the File Replication service (FRS). Note that the Adm folder and its contents are not populated until the default domain policy is loaded for the first time.

To make changes to this policy for one of the seven default values:

1.	Start the Microsoft Management Console type mmc to run. On the Console menu, click Add/Remove Snap-in.
2.	Add the Group Policy snap-in for the default domain policy. To do this, click Browse when you are prompted to select a Group Policy Object (GPO). The default GPO is Local Computer. You can also add GPOs for other domain partitions (specifically, Organizational Units).
3.	Open the following sections: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
4.	Click Hide these specified drives in My Computer.
5.	Click to select the Hide these specified drives in My Computer check box.
6.	Click the appropriate option in the drop-down box.

These settings remove the icons representing the selected hard disks from My Computer, Windows Explorer, and My Network Places. Also, these drives do not appear in the Open dialog box of any programs.

This policy is designed to protect certain drives, including the floppy disk drive, from misuse. It can also be used to direct users to save their work to certain drives.

To use this policy, select a drive or combination of drives in the drop-down box. To display all drives (hide none), disable this policy or click the Do not restrict drives option.

This policy does not prevent users from using other programs to gain access to local and network drives or prevent them from viewing and changing drive characteristics by using the Disk Management snap-in.

The default values are not the only values that you can use. By editing the System.adm file, you can add your own custom values. This is the portion of the System.adm to be modified:

POLICY !!NoDrives     EXPLAIN !!NoDrives_Help       PART !!NoDrivesDropdown          DROPDOWNLIST NOSORT REQUIRED          VALUENAME "NoDrives"           ITEMLIST                 NAME !!ABOnly           VALUE NUMERIC 3                 NAME !!COnly            VALUE NUMERIC 4                 NAME !!DOnly            VALUE NUMERIC 8                 NAME !!ABConly          VALUE NUMERIC 7                 NAME !!ABCDOnly         VALUE NUMERIC 15                 NAME !!ALLDrives        VALUE NUMERIC 67108863                                                                   ;low 26 bits on (1 bit per drive)                    NAME !!RestNoDrives     VALUE NUMERIC 0 (Default)           END ITEMLIST      END PART                   END POLICY   [strings] ABCDOnly="Restrict A, B, C and D drives only" ABConly="Restrict A, B and C drives only" ABOnly="Restrict A and B drives only" ALLDrives="Restrict all drives" COnly="Restrict C drive only" DOnly="Restrict D drive only" RestNoDrives="Do not restrict drives"                                                  

The [strings] section represents substitutions of the actual values in the drop-down box.

This policy displays only specified drives on the client computer. The registry key that this policy affects uses a decimal number that corresponds to a 26-bit binary string, with each bit representing a drive letter:

11111111111111111111111111 ZYXWVUTSRQPONMLKJIHGFEDCBA                                                  

This configuration corresponds to 67108863 in decimal and hides all drives. If you want to hide drive C, make the third-lowest bit a 1, and then convert the binary string to decimal.

It is not necessary to create an option to show all drives, because clearing the check box deletes the “NoDrives” entry entirely, and all drives are automatically shown.

If you want to configure this policy to show a different combination of drives, create the appropriate binary string, convert to decimal, and add a new entry to the ITEMLIST section with a corresponding [strings] entry. For example, to hide drives L, M, N, and O, create the following string

00000000000111100000000000 ZYXWVUTSRQPONMLKJIHGFEDCBA                                                  

and convert to decimal. This binary string converts to 30720 in decimal. Add this line to the [strings] section in the System.adm file:

LMNO_Only="Restrict L, M, N and O drives only"                                                  

Add this entry in the ITEMLIST section above and save the System.adm file.

NAME !!LMNO_Only         VALUE NUMERIC 30720                                                  

This creates an eighth entry in the drop-down box to hide drives L, M, N, and O only. Use this method to include more values in the drop-down box. The modified section of the System.adm file appears as follows:

POLICY !!NoDrives     EXPLAIN !!NoDrives_Help       PART !!NoDrivesDropdown          DROPDOWNLIST NOSORT REQUIRED          VALUENAME "NoDrives"           ITEMLIST                 NAME !!ABOnly           VALUE NUMERIC 3                 NAME !!COnly            VALUE NUMERIC 4                 NAME !!DOnly            VALUE NUMERIC 8                 NAME !!ABConly          VALUE NUMERIC 7                 NAME !!ABCDOnly         VALUE NUMERIC 15                 NAME !!ALLDrives        VALUE NUMERIC 67108863                                                                   ;low 26 bits on (1 bit per drive)                 NAME !!RestNoDrives     VALUE NUMERIC 0 (Default)                    NAME !!LMNO_Only        VALUE NUMERIC 30720           END ITEMLIST      END PART                   END POLICY   [strings] ABCDOnly="Restrict A, B, C and D drives only" ABConly="Restrict A, B and C drives only" ABOnly="Restrict A and B drives only" ALLDrives="Restrict all drives" COnly="Restrict C drive only" DOnly="Restrict D drive only" RestNoDrives="Do not restrict drives" LMNO_Only="Restrict L, M, N and O drives only"                                                  

This [strings] section represents substitutions of the actual values in the drop-down box.

Obtaining the Windows Desktop Search Group Policy file

The WDS .adm file is available for download here. (You may need to right-click the download link/button and select Save Target As to download the file). Only WDS versions 2.6 and later provide Group Policy support. Therefore, make sure that you are deploying WDS 2.6 or later. When you download the DesktopSearch.adm file, note where you save it to avoid confusion later.

To import the administrative template into the Microsoft Management Console (MMC), follow these steps:

1.	Start the MMC. To do this, click Start, click Run, type mmc in the Open box, and then press ENTER.
2.	Start the Group Policy Editor: a Click File. b Click Add/Remove Snap-in. c Click Add. d Select Group Policy. e Click Add, click Finish, click Close, and then click OK.
3.	Load the DesktopSearch.adm file into the Group Policy Object Editor: a Under Console Root, click Computer Configuration or User Configuration, depending on the type of policy you are creating. b Right-click the Administrative Templates folder, and then click Add/Remove Templates. c Click Add. d Locate and then click the DesktopSearch.adm file. e Click Open, and then click Close. f Under Administrative Templates, expand the Windows Desktop Search node.
4.	Save these settings for later use. To do this, click File, click Save As, type DesktopSearch.msc, and then click Save.

WDS policies are organized into three categories:

•	Setup—policies about Setup, such as whether to show or hide certain components, such as the First Run Customization Wizard.
•	Index—policies about what to index, where to index, and so on.
•	Search—policies about Web search settings, intranet search settings, and more.

OSI Model

OSI Model
7	Application layer
6	Presentation layer
5	Session layer
4	Transport layer
3	Network layer
2	Data link layer
1	Physical layer

The Open Systems Interconnection Reference Model (OSI Reference Model or OSI Model for short) is a layered, abstract description for communications and computer network protocol design, developed as part of the Open Systems Interconnection initiative. It is also called the OSI seven layer model.

Contents [hide] 1 Purpose 2 Description of OSI layers 2.1 Layer 7: Application Layer 2.2 Layer 6: Presentation Layer 2.3 Layer 5: Session Layer 2.4 Layer 4: Transport Layer 2.5 Layer 3: Network Layer 2.6 Layer 2: Data Link Layer 2.7 Layer 1: Physical Layer 3 Interfaces 4 Examples 5 Parallel 6 Humor 7 See also 8 External links

[edit]

 

Purpose

The OSI model divides the functions of a protocol into a series of layers. Each layer has the property that it only uses the functions of the layer below, and only exports functionality to the layer above. A system that implements protocol behavior consisting of a series of these layers is known as a ‘protocol stack‘ or ’stack’. Protocol stacks can be implemented either in hardware or software, or a mixture of both. Typically, only the lower layers are implemented in hardware, with the higher layers being implemented in software.

This OSI model is roughly adhered to in the computing and networking industry. Its main feature is in the interface between layers which dictates the specifications on how one layer interacts with another. This means that a layer written by one manufacturer can operate with a layer from another (assuming that the specification is interpreted correctly). These specifications are typically known as Requests for Comments or “RFC”s in the TCP/IP community. They are ISO standards in the OSI community.

Usually, the implementation of a protocol is layered in a similar way to the protocol design, with the possible exception of a ‘fast path’ where the most common transaction allowed by the system may be implemented as a single component encompassing aspects of several layers.

This logical separation of layers makes reasoning about the behavior of protocol stacks much easier, allowing the design of elaborate but highly reliable protocol stacks. Each layer performs services for the next higher layer and makes requests of the next lower layer. As previously stated, an implementation of several OSI layers is often referred to as a stack (as in TCP/IP stack).

The OSI reference model is a hierarchical structure of seven layers that defines the requirements for communications between two computers. The model was defined by the International Organization for Standardization in the ISO standard 7498-1. It was conceived to allow interoperability across the various platforms offered by vendors. The model allows all network elements to operate together, regardless of who built them. By the late 1980’s, ISO was recommending the implementation of the OSI model as a networking standard.

Of course, by that time, TCP/IP had been in use for years. TCP/IP was fundamental to ARPANET and the other networks that evolved into the Internet. (For significant differences between TCP/IP and ARPANET, see RFC 871.)

Only a subset of the whole OSI model is used today. It is widely believed that much of the specification is too complicated and that its full functionality has taken too long to implement, although there are many people who strongly support the OSI model.

[edit]

Description of OSI layers

OSI Model
	Data unit	Layer	Function
Host layers	Data	Application	Network process to application
		Presentation	Data representation and encryption
		Session	Interhost communication
	Segments	Transport	End-to-end connections and reliability
Media layers	Packets	Network	Path determination and logical addressing (IP)
	Frames	Data link	Physical addressing (MAC & LLC)
	Bits	Physical	Media, signal and binary transmission

[edit]

Layer 7: Application Layer

The Application layer provides a means for the user to access information on the network through an application. This layer is the main interface for the user(s) to interact with the application and therefore the network. Some examples of application layer protocols include Telnet, File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP) and Hypertext Transfer Protocol (HTTP).

[edit]

Layer 6: Presentation Layer

The Presentation layer transforms data to provide a standard interface for the Application layer. MIME encoding, data compression, data encryption and similar manipulation of the presentation is done at this layer to present the data as a service or protocol developer sees fit. Examples: converting an EBCDIC-coded text file to an ASCII-coded file, or serializing objects and other data structures into and out of XML.

[edit]

Layer 5: Session Layer

The Session layer controls the dialogues (sessions) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for either duplex or half-duplex operation and establishes checkpointing, adjournment, termination, and restart procedures. The OSI model made this layer responsible for “graceful close” of sessions, which is a property of TCP, and also for session checkpointing and recovery, which is not usually used in the Internet protocols suite.

[edit]

 

 

 

Layer 4: Transport Layer

The Transport layer provides transparent transfer of data between end users, thus relieving the upper layers from any concern while providing reliable and cost-effective data transfer. The transport layer controls the reliability of a given link through flow control, segmentation/desegmentation, and error control. Some protocols are state and connection oriented. This means that the transport layer can keep track of the packets and retransmit those that fail. The best known example of a layer 4 protocol is the Transmission Control Protocol (TCP). It is the layer that converts messages into TCP, User Datagram Protocol (UDP), Stream Control Transmission Protocol (SCTP), etc. packets.

[edit]

Layer 3: Network Layer

The Network layer provides the functional and procedural means of transferring variable length data sequences from a source to a destination via one or more networks while maintaining the quality of service requested by the Transport layer. The Network layer performs network routing functions, and might also perform segmentation/desegmentation, and report delivery errors. Routers operate at this layer—sending data throughout the extended network and making the Internet possible (there also exist layer 3 (or IP) switches). This is a logical addressing scheme – values are chosen by the network engineer. The addressing scheme is hierarchical. The best known example of a layer 3 protocol is the Internet Protocol (IP).

[edit]

Layer 2: Data Link Layer

The Data Link layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the Physical layer. The addressing scheme is physical which means that the addresses (MAC address) are hard-coded into the network cards at the time of manufacture. The addressing scheme is flat. Note: The best known example of this is Ethernet. Other examples of data link protocols are HDLC and ADCCP for point-to-point or packet-switched networks and Aloha for local area networks. On IEEE 802 local area networks, and some non-IEEE 802 networks such as FDDI, this layer may be split into a Media Access Control (MAC) layer and the IEEE 802.2 Logical Link Control (LLC) layer.

This is the layer at which the bridges and switches operate. Connectivity is provided only among locally attached network nodes. However, there’s a reasonable argument to be made that these really belong at “layer 2.5″ rather than strictly at layer 2.^{[verification needed]}

[edit]

Layer 1: Physical Layer

The Physical layer defines all the electrical and physical specifications for devices. This includes the layout of pins, voltages, and cable specifications. Hubs, repeaters, network adapters and Host Bus Adapters (HBAs used in Storage Area Networks) are physical-layer devices. The major functions and services performed by the physical layer are:

• Establishment and termination of a connection to a communications medium.
• Participation in the process whereby the communication resources are effectively shared among multiple users. For example, contention resolution and flow control.
• Modulation, or conversion between the representation of digital data in user equipment and the corresponding signals transmitted over a communications channel. These are signals operating over the physical cabling (such as copper and fiber optic) or over a radio link.

Parallel SCSI buses operate in this layer. Various physical-layer Ethernet standards are also in this layer; Ethernet incorporates both this layer and the data-link layer. The same applies to other local-area networks, such as Token ring, FDDI, and IEEE 802.11.

[edit]

Interfaces

In addition to standards for individual protocols in transmission, there are also interface standards for different layers to talk to the ones above or below (usually operating-system–specific). For example, Microsoft Windows’s Winsock, and Unix’s Berkeley sockets and System V Transport Layer Interface, are interfaces between applications (layers 5 and above) and the transport (layer 4). NDIS and ODI are interfaces between the media (layer 2) and the network protocol (layer 3).

 

 

 

[edit]

Examples

Layer		Misc. examples	TCP/IP suite	SS7	AppleTalk suite	OSI suite	IPX suite	SNA	UMTS
#	Name
7	Application	HL7, Modbus, SIP, SSI	HTTP, SMTP, SMPP, SNMP, FTP, Telnet, NFS, NTP, RTP	ISUP, INAP, MAP, TUP, TCAP	AFP	FTAM, X.400, X.500, DAP		APPC
6	Presentation	TDI, ASCII, EBCDIC, MIDI, MPEG	XDR, SSL, TLS		AFP	ISO 8823, X.226
5	Session	Named Pipes, NetBIOS, SAP, SDP	Session establishment for TCP		ASP, ADSP, ZIP, PAP	ISO 8327, X.225	NWLink	DLC?
4	Transport	NetBEUI, nanoTCP, nanoUDP	TCP, UDP, SCTP		ATP, NBP, AEP, RTMP	TP0, TP1, TP2, TP3, TP4, OSPF	SPX, RIP
3	Network	NetBEUI, Q.931	IP, ICMP, IPsec, ARP, RIP, BGP	MTP-3, SCCP	DDP	X.25 (PLP), CLNP	IPX		RRC (Radio Resource Control)
2	Data Link	Ethernet, 802.11 (WiFi), Token Ring, FDDI, PPP, HDLC, Q.921, Frame Relay, ATM, Fibre Channel		MTP-2	LocalTalk, TokenTalk, EtherTalk, AppleTalk Remote Access, PPP	X.25 (LAPB), Token Bus	IEEE 802.3 framing, Ethernet II framing	SDLC	MAC (Media Access Control)
1	Physical	RS-232, V.35, V.34, I.430, I.431, T1, E1, 10BASE-T, 100BASE-TX, POTS, SONET, DSL, 802.11b, 802.11g		MTP-1	RS-232, RS-422, STP, PhoneNet	X.25 (X.21bis, EIA/TIA-232, EIA/TIA-449, EIA-530, G.703)		Twinax	PHY (Physical Layer)

 

 

 

List of ftp commands for the Microsoft command-line ftp client

 

Command-line options

 

As you’re starting the program from a dos prompt:

ftp [-v]        [-d]    [-i]     [-n]    [-g]    [-s:filename]         [-a]         [-w;windowsize]

[computer]

 

 

 

Windows XP

 

            User                                                     Description

 

Administrator                                    Built-in account for administering the computer/domain

 

Guest                                                 Built-in account for guest access to the computer/domain

 

Help Assistant                                   Account for Providing Remote Assistance

 

SQLAgentCmdExecSQL                      Server Agent CmdExec Job Step Account

 

SUPPORT_388945a0                         This is a vendor’s account for the Help and Support Service

 

 

       Groups                                    Description

 

Administrator                                    Administrators have complete and unrestricted access to the computer/domain

 

Backup Operators                              Backup Operators can override security restrictions for the sole purpose of backing up or restoring files

 

Guests                                               Guests have the same access as members of the Users group by default

 

Network Configuration Operators     Members in this group can have some administrative privileges to manage configuration of networking features

 

Power Users                                      Power Users possess most administrative powers with some restrictions.  Thus, Power Users can run legacy applications in addition to certified applications

 

Remote desktop Users                       Members in this group are granted the right to logon remotely

 

Replictor                                            Supports file replication in a domain

 

Users                                                 Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications

 

Debugger Users                                Debugger users can debug processes on this machine, both locally and remotely

 

Help Service Groups                          Group for the Help and Support Center

 

 

 

 

 

 

 

Windows Server  2003

 

Users                            Description

 

Account Operators                            Members of the account operators group can create, modify, and delete user, group and computer accounts with the exception of those accounts located within the Built-in folder and the Domain Controllers OU.

 

Administrators                         Members of this group have full control within the domain.

 

Backup Operators                     Members of this group can backup and restore data on all domain controllers within the domain.

 

Guest                                   Members of this group have limited access to the     network.

 

Incoming Forest Trust Builders      Members of this group have the right to create one-way incoming trusts to the domain.        

 

Network Configuration Operators    Members of this group can make changes to TCP/IP settings on all domain controllers within the domain.

 

Performance Log Users               Members of this group have access to schedule logging of performance counters on all domain controllers within the domain.

 

Performance Monitor Users           Members of this group have the right to monitor domain controllers.

 

Pre-Windows Compatible Access     This group if for backwards compatibility with Windows NT 4.0. Members of this group have read access on all user and group accounts within the domain.

 

Print Operators                       Members are permitted to administer all domain printers.

 

Remote Desktop Users                Members have the right to remotely logon to domain controllers.

 

Replicator                              This group is used by the file replication service to support directory replication.

 

Server Operators                     Members of this group have the right to administer servers within the domain. They can perform tasks such as backup and restore data, log on locally, stop and start network services, format hard drives, and shut down the system.

 

Users Members of this group have limited ability within a domain.

Acronyms

Acronyms

 

IP      Internet protocol

LAN  local area networking

wan    wide area networking

nic     network interface card

vpn     virtual private network

poe    powers over enternet

utp     unshielded twisted pair

dhcp   dynamic host configuration protocol

imp    interface message processor

http   hypr text transfer protocol

ftp     file transfer protocol

tcp     transfer control protocol

smtp  simple mail transfer protocol

dns     domain name system

pop3  post office protocol 3

imap   internet mail access protocol

ldap    lightweight directory access protocol

arp     address resolution protocol

igmp   internet group message protocol

icmp   internet control message protocol

apipa  atomatic private ip address

iana    internet assignednumbers autority

ap      access point

wifi    wireless fidelity

mac    media acces control

ssid    service set identifiers

ieee   institute of electrical and electronic engineers

w LAN         wide local area networking

wep    wired equivalent privacy

adsl    asmetric digital subscriber line

dns     domain name system

isp     internet service protocol

voip    voices over ip

dos     denial of service

url      uniform resource locator

dsl     digital subscriber line

www   world wide web

nat     network address translation

mdi    medium defendant interface

sid     security identifier

sep    security principals

sam    security account manae

dacl    discretionary access control lists

agdlp  account global domain local permissions

ascii   American standard code for information interface

ou      organization units

How to Create a GPO

To create a Group Policy object (GPO) that you can use to turn on auditing in a domain, follow these steps:

Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

Right-click your domain, and then click Properties.

Click the Group Policy tab, and then click New.

Type the name that you want to use for this policy (for example, Enable auditing policy), and then press ENTER.

Click Properties, and then click the Security tab.

Click to clear the Allow check box next to Apply Group Policy for the security groups that you want to prevent from having this policy applied.

Click to select the Allow check box next to Apply Group Policy for the groups to which you want to apply this policy, and then click OK.

Click OK, click OK again, and then quit Active Directory Users and Computers.

How to set up a FTP server in windows server 2003

1. Click Start, point to Control Panel, and then click Add or Remove Programs.
2. Click Add/Remove Windows Components.
3. In the Components list, click Application Server, click Internet Information Services (IIS) (but do not select or clear the check box), and then click Details.
4. Click to select the following check boxes (if they are not already selected):
5. Common Files
   File Transfer Protocol (FTP) Service
   Internet Information Services Manager
6. Click to select the check boxes next to any other IIS-related service or subcomponent that you want to install, and then click OK.
7. Click Next.
8. When you are prompted, insert the Windows Server 2003 CD-ROM into the computer’s CD-ROM or DVD-ROM drive or provide a path to the location of the files, and then click OK.
9. Click Finish.

IIS and the FTP service are now installed. You must configure the FTP Service before you can use it.

 

Creating Organizational Units and Groups

To create OUs and Security Groups

1.	Click the Start button, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2.	Click the + next to contoso.com to expand it. Click contoso.com itself to show its contents in the right pane.
3.	In the left pane, right-click contoso.com, point to New, and then click Organizational Unit.
4.	Type Accounts in the name box, and then click OK.
5.	Repeat steps 3 and 4 to create the Groups and Resources OUs.
6.	Click Accounts in the left pane. Its contents now display in the right pane. (It is empty at the beginning of this procedure.)
7.	Right-click Accounts, point to New, and then click Organizational Unit.
8.	Type Headquarters, and then click OK.
9.	Repeat steps 7 and 8 to create the Production and Marketing OUs in Accounts.

How to install DHCP Server

How to Install the DHCP Service

Before you can configure the DHCP service, you must install it on the server. DHCP is not installed by default during a typical installation of Windows Standard Server 2003 or Windows Enterprise Server 2003. You can install DHCP either during the initial installation of Windows Server 2003 or after the initial installation is completed.

How to Install the DHCP Service on an Existing Server

	Click Start, point to Control Panel, and then click Add or Remove Programs.
	In the Add or Remove Programs dialog box, click Add/Remove Windows Components.
	In the Windows Components Wizard, click Networking Services in the Components list, and then click Details.
	In the Networking Services dialog box, click to select the Dynamic Host Configuration Protocol (DHCP) check box, and then click OK.
	In the Windows Components Wizard, click Next to start Setup. Insert the Windows Server 2003 CD-ROM into the computer’s CD-ROM or DVD-ROM drive if you are prompted to do so. Setup copies the DHCP server and tool files to your computer.
	When Setup is completed, click Finish.

How to Configure the DHCP Service

After you have installed the DHCP service and started it, you must create a scope, which is a range of valid IP addresses that are available for lease to the DHCP client computers on the network. Microsoft recommends that each DHCP server in your environment have at least one scope that does not overlap with any other DHCP server scope in your environment. In Windows Server 2003, DHCP servers in an Active Directory-based domain must be authorized to prevent rogue DHCP servers from coming online. Any Windows Server 2003 DHCP Server that determines itself to be unauthorized will not manage clients.

How to Create a New Scope

	Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
	In the console tree, right-click the DHCP server on which you want to create the new DHCP scope, and then click New Scope.
	In the New Scope Wizard, click Next, and then type a name and description for the scope. This can be any name that you want, but it should be descriptive enough so that you can identify the purpose of the scope on your network (for example, you can use a name such as “Administration Building Client Addresses”). Click Next.
	Type the range of addresses that can be leased as part of this scope (for example, use a range of IP addresses from a starting IP address of 192.168.100.1 to an ending address of 192.168.100.100). Because these addresses are given to clients, they must all be valid addresses for your network and not currently in use. If you want to use a different subnet mask, type the new subnet mask. Click Next.
	Type any IP addresses that you want to exclude from the range that you entered. This includes any addresses in the range described in step 4 that may have already been statically assigned to various computers in your organization. Typically, domain controllers, Web servers, DHCP servers, Domain Name System (DNS) servers, and other servers, have statically assigned IP addresses. Click Next.
	Type the number of days, hours, and minutes before an IP address lease from this scope expires. This determines how long a client can hold a leased address without renewing it. Click Next, and then click Yes, I want to configure these options now to extend the wizard to include settings for the most common DHCP options. Click Next.
	Type the IP address for the default gateway that should be used by clients that obtain an IP address from this scope. Click Add to add the default gateway address in the list, and then click Next.
	If you are using DNS servers on your network, type your organization’s domain name in the Parent domain box. Type the name of your DNS server, and then click Resolve to make sure that your DHCP server can contact the DNS server and determine its address. Click Add to include that server in the list of DNS servers that are assigned to the DHCP clients. Click Next, and then follow the same steps if you are using a Windows Internet Naming Service (WINS) server, by adding its name and IP address. Click Next.
	Click Yes, I want to activate this scope now to activate the scope and allow clients to obtain leases from it, and then click Next.
	Click Finish.
	In the console tree, click the server name, and then click Authorize on the Action menu.

Troubleshooting

The following sections explain how to troubleshoot some of the issues that you may experience when you try to install and configure a Windows Server 2003-based DHCP server in a workgroup.

Clients Cannot Obtain an IP Address

If a DHCP client does not have a configured IP address, this typically indicates that the client was not able to contact a DHCP server. This can be caused by a network problem, or because the DHCP server is unavailable. If the DHCP server started and other clients can obtain valid addresses, verify that the client has a valid network connection and that all the related client hardware devices (including cables and network adapters) are working properly.

The DHCP Server Is Unavailable

If a DHCP server does not provide leased addresses to clients, it is frequently because the DHCP service did not start. If this is the case, the server may not be authorized to operate on the network. If you were previously able to start the DHCP service, but it has since stopped, use Event Viewer to check the System log for any entries that may explain why you cannot start the DHCP service.

To restart the DHCP service:

1.	Click Start, and then click Run.
2.	Type cmd, and then press ENTER.
3.	Type net start dhcpserver, and then press ENTER.

-or-

	Click Start, point to Control Panel, point to Administrative Tools, and then click Computer Management.
	Expand Services and Applications, and then click Services.
	Locate and then double-click DHCP Server.
	Verify that Startup is set to Automatic and that Service Status is set to Started. If not, click Start.
	Click OK, and then close the Computer Management window.

FTP Command

List of FTP commands for the Microsoft command-line FTP client

Command-line options

As you’re starting the program from a DOS prompt:
ftp [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-w:windowsize] [computer]

-v – Suppresses verbose display of remote server responses.

-n – Suppresses auto-login upon initial connection.

-i – Turns off interactive prompting during multiple file transfers.

-d – Enables debugging, displaying all ftp commands passed between the client and server.

-g – Disables filename globbing, which permits the use of wildcard chracters in local file and path names.

-s:filename – Specifies a text file containing ftp commands; the commands will automatically run after ftp starts. No spaces are allowed in this parameter. Use this switch instead of redirection (>).

-a – Use any local interface when binding data connection.

-w:windowsize – Overrides the default transfer buffer size of 4096.

computer – Specifies the computer name or IP address of the remote computer to connect to. The computer, if specified, must be the last parameter on the line.

Client commands

· ! – Runs the specified command on the local computer

· ? – Displays descriptions for ftp commands

· append – Appends a local file to a file on the remote computer

· ascii – Sets the file transfer type to ASCII, the default

· bell – Toggles a bell to ring after each file transfer command is completed (default = OFF)

· binary – Sets the file transfer type to binary

· bye – Ends the FTP session and exits ftp

· cd – Changes the working directory on the remote computer

· close – Ends the FTP session and returns to the command interpreter

· debug – Toggles debugging (default = OFF)

· delete – Deletes a single file on a remote computer

· dir – Displays a list of a remote directory’s files and subdirectories

· disconnect – Disconnects from the remote computer, retaining the ftp prompt

· get – Copies a single remote file to the local computer

· glob – Toggles filename globbing (wildcard characters) (default = ON)

· hash – Toggles hash-sign (#) printing for each data block transferred (default = OFF)

· help – Displays descriptions for ftp commands

· lcd – Changes the working directory on the local computer

· literal – Sends arguments, verbatim, to the remote FTP server

· ls – Displays an abbreviated list of a remote directory’s files and subdirectories

· mdelete – Deletes one or more files on a remote computer

· mdir – Displays a list of a remote directory’s files and subdirectories

· mget – Copies one or more remote files to the local computer

· mkdir – Creates a remote directory

· mls – Displays an abbreviated list of a remote directory’s files and subdirectories

· mput – Copies one or more local files to the remote computer

· open – Connects to the specified FTP server

· prompt – Toggles prompting (default = ON)

· put – Copies a single local file to the remote computer

· pwd – Displays the current directory on the remote computer (literally, “print working directory”)

· quit – Ends the FTP session with the remote computer and exits ftp (same as “bye”)

· quote – Sends arguments, verbatim, to the remote FTP server (same as “literal”)

· recv – Copies a remote file to the local computer

· remotehelp – Displays help for remote commands

· rename – Renames remote files

· rmdir – Deletes a remote directory

· send – Copies a local file to the remote computer (same as “put”)

· status – Displays the current status of FTP connections

· trace – Toggles packet tracing (default = OFF)

· type – Sets or displays the file transfer type (default = ASCII)

· user – Specifes a user to the remote computer

· verbose – Toggles verbose mode (default = ON)

Runs the specified command on the local computer

Syntax: ! [command]

Parameter(s):
command – Specifies the command to run on the local computer. If command is omitted, the local command prompt is displayed; type “exit” to return to ftp.

? -Displays descriptions for ftp commands. ? is identical to help.

Syntax: ? [command]

Parameter(s):
command – Specifies the name of the command about which you want a description. If command is not specified, ftp displays a list of all commands.

append – Appends a local file to a file on the remote computer using the current file type setting.

Syntax: append local-file [remote-file]

Parameter(s):
local-file – Specifies the local file to add.
remote-file – Specifies the file on the remote computer to which local-file will be added. If remote-file is omitted, the local filename is used for the remote filename.

ascii – Sets the file transfer type to ASCII, the default.

Syntax: ascii

Note
FTP supports two file transfer types, ASCII and binary image. ASCII should be used when transferring text files. See also binary.

In ASCII mode, character conversions to and from the network standard character set are performed. For example, end-of-line characters are converted as necessary, based on the target operating system.

bell – Toggles a bell to ring after each file transfer command is completed. By default, the bell is off.

Syntax: bell

binary – Sets the file transfer type to binary.

Syntax: binary

Note
FTP supports two file transfer types, ASCII and binary image. Binary should be used when transferring executable files. In binary mode, the file is moved byte-by-byte. See also ascii.

bye – Ends the FTP session with the remote computer and exits ftp.

Syntax: bye

cd – Changes the working directory on the remote computer.

Syntax: cd remote-directory

Parameter(s):
remote-directory – Specifies the directory on the remote computer to change to.

close – Ends the FTP session with the remote server and returns to the command interpreter.

Syntax: close

debug – Toggles debugging. When debugging is on, each command sent to the remote computer is printed, preceded by the string —>. By default, debugging is off.

Syntax: debug

delete – Deletes a single file on a remote computer. See also mdelete, which can delete multiple files.

Syntax: delete remote-file

Parameter(s):
remote-file – Specifies the file to delete.

dir – Displays a list of a remote directory’s files and subdirectories. See also mdir, which can list multiple directories.

Syntax: dir [remote-directory] [local-file]

Parameter(s):
remote-directory – Specifies the directory for which you want to see a listing. If no directory is specified, the current working directory on the remote computer is used.
local-file – Specifies a local file to store the listing. If not specified, output is displayed on the screen.

disconnect – Disconnects from the remote computer, retaining the ftp prompt.

Syntax: disconnect

get – Copies a remote file to the local computer using the current file transfer type. See also mget, which can copy multiple files.

Syntax: get remote-file [local-file]

Parameter(s):
remote-file – Specifies the remote file to copy.

local-file – Specifies the name to use on the local computer. If not specified, the file is given the remote-file name.

glob – Toggles filename globbing. Globbing permits use of wildcard characters in local file or path names. By default, globbing is on.

Syntax: glob

hash – Toggles hash-sign (#) printing for each data block transferred. The size of a data block is 2048 bytes. By default, hash mark printing is off.

Syntax: hash

help – Displays descriptions for ftp commands.

Syntax: help [command]

Parameter(s):
command – Specifies the name of the command about which you want a description. If command is not specified, ftp displays a list of all commands.

lcd – Changes the working directory on the local computer. By default, the working directory is the directory in which ftp was started.

Syntax: lcd [directory]

Parameter(s):
directory – Specifies the directory on the local computer to change to. If directory is not specified, the current working directory on the local computer is displayed.

literal – Sends arguments, verbatim, to the remote FTP server. A single FTP reply code is expected in return.

Syntax: literal argument [ …]

Parameter(s):
argument – Specifies the argument to send to the FTP server.

ls – Displays an abbreviated list of a remote directory’s files and subdirectories.

Syntax: ls [remote-directory] [local-file]

Parameter(s):
remote-directory – Specifies the directory for which you want to see a listing. If no directory is specified, the current working directory on the remote computer is used.
local-file – Specifies a local file to store the listing. If not specified, output is displayed on the screen.

mdelete – Deletes one or more files on a remote computer.

Syntax: mdelete remote-files [ …]

Parameter(s):
remote-files – Specifies the remote files to delete.

mdir – Displays a list of a remote directory’s files and subdirectories. Mdir allows you to specify multiple files.

Syntax: mdir remote-files [ …] local-file

Parameter(s):
remote-files – Specifies the directory for which you want to see a listing. Remote-files must be specified; type “-” to use the current working directory on the remote computer.
local-file – Specifies a local file to store the listing. Type “-” to display the listing on the screen.

mget – Copies one or more remote files to the local computer using the current file transfer type.

Syntax: mget remote-files [ …]

Parameter(s):
remote-files – Specifies the remote file(s) to copy to the local computer.

mkdir – Creates a remote directory.

Syntax: mkdir directory

Parameter(s):
directory – Specifies the name of the new remote directory.

mls – Displays an abbreviated list of a remote directory’s files and subdirectories.

Syntax: mls remote-files [ …] local-file

Parameter(s):
remote-files – Specifies the files for which you want to see a listing. Remote-files must be specified; type “-” to use the current working directory on the remote computer.
local-file – Specifies a local file to store the listing. Type “-” to display the listing on the screen.

mput – Copies one or more local files to the remote computer using the current file transfer type.

Syntax: mput local-files [ …]

Parameter(s):
local-files – Specifies the local files to copy to the remote computer.

open – Connects to the specified FTP server.

Syntax: open computer [port]

Parameter(s):
computer – Specifies the remote computer to connect to. Computer can be specified by IP address or computer name (a DNS or HOSTS file must be available). If auto-login is on (default), FTP also attempts to automatically log the user in to the FTP server (see Ftp command-line options to disable auto-login).
port – Specifies a port number to use to contact an FTP server.

prompt – Toggles prompting. Ftp prompts during multiple file transfers to allow you to selectively retrieve or store files; mget and mput transfer all files if prompting is turned off. By default, prompting is on.

Syntax: prompt

put – Copies a local file to the remote computer using the current file transfer type. See also mput, which can copy multiple files.

Syntax: put local-file [remote-file]

Parameter(s):
local-file – Specifies the local file to copy.
remote-file – Specifies the name to use on the remote computer. If not specified, the file is given the local-file name.

pwd – Displays the current directory on the remote computer.

Syntax: pwd

quit – Ends the FTP session with the remote computer and exits ftp.

Syntax: quit

quote – Sends arguments, verbatim, to the remote FTP server. A single FTP reply code is expected in return. Quote is identical to literal.

Syntax: quote argument [ …]

Parameter(s):
argument – Specifies the argument to send to the FTP server.

recv – Copies a remote file to the local computer using the current file transfer type. Recv is identical to get.

Syntax: recv remote-file [local-file]

Parameter(s):
remote-file – Specifies the remote file to copy.
local-file – Specifies the name to use on the local computer. If not specified, the file is given the remote-file name.

remotehelp – Displays help for remote commands.

Syntax: remotehelp [command]

Parameter(s):
command – Specifies the name of the command about which you want help. If command is not specified, ftp displays a list of all remote commands.

rename – Renames remote files.

Syntax: rename filename newfilename

Parameter(s):
filename – Specifies the file you want to rename.
newfilename – Specifies the new filename.

rmdir – Deletes a remote directory.

Syntax: rmdir directory

Parameter(s):
directory – Specifies the name of the remote directory to delete.

send – Copies a local file to the remote computer using the current file transfer type. Send is identical to put.

Syntax: send local-file [remote-file]

Parameter(s):
local-file – Specifies the local file to copy.
remote-file – Specifies the name to use on the remote computer. If not specified, the file is given the local-file name.

status – Displays the current status of FTP connections and toggles.

Syntax: status

trace – Toggles packet tracing; trace displays the route of each packet when running an ftp command.

Syntax: trace

type – Sets or displays the file transfer type.

Syntax: type [type-name]

Parameter(s):
type-name – Specifies the file transfer type; the default is ASCII. If type-name is not specified, the current type is displayed.

Note
FTP supports two file transfer types, ASCII and binary image.

ASCII should be used when transferring text files. In ASCII mode, character conversions to and from the network standard character set are performed. For example, end-of-line characters are converted as necessary, based on the destination’s operating system.

Binary should be used when transferring executable files. In binary mode, the file is moved byte-by-byte.

user – Specifes a user to the remote computer.

Syntax: user user-name [password] [account]

Parameter(s):
user-name – Specifies a user name with which to log in to the remote computer.
password – Specifies the password for user-name. If not specified, but required, ftp prompts for the password.
account – Specifies an account with which to log on to the remote computer. If account is not specified, but required, ftp prompts for the account.

Color Coding UTP Cable

Introduction

We will be mainly focussing on the wiring of CAT5 cables here because they are the most popluar cables around ! You will find info on wiring the classic CAT1 phone cables as well. It is very important you know how exactly to wire UTP cables because it’s the base of a solid network and will help you avoid hours of frustration and troubleshooting if you do it right the first time On the other hand, if you are dealing with a poorly cabled network, then you will be able to find the problem and fix it more efficiently.

Wiring the UTP cables !

We are now going to look at how UTP cables are wired. There are 2 popular wiring schemes that most people use today: the T-568A and T-568B, that differ only in which color coded pairs are connected – pair 2 and 3 are reversed. Both work equally well, as long as you don’t mix them! If you always use only one version, you’re OK, but if you mix A and B in a cable run, you will get crossed pairs!

UTP cables are terminated with standard connectors, jacks and punchdowns. The jack/plug is often referred to as an “RJ-45″, but that is really a telco designation for the “modular 8 pin connector” terminated with a USOC pinout used for telephones. The male connector on the end of a patchcord is called a “plug” and the receptacle on the wall outlet is a “jack.”

As I’ve already mentioned, UTP has 4 twisted pairs of wires, we’ll now look at the pairs to see what colour codes they have :

As you can see in the picture on the left, the 4 pairs are labeled. Pairs 2 & 3 are used for normal 10/100Mbit networks, while Pairs 1 & 4 are reserved. In Gigabit Ethernet, all 4 pairs are used.

CAT5 cable is the most common type of UTP around the world ! It’s flexible, easy to install and very reliable when wired properly

The left and center pictures show the end of a CAT5 cable with an RJ-45 connector; used by all cables to connect to a hub or to your computer’s network card. The picture to the right shows a stripped CAT5 cable, indicating the 4 twisted pairs.

And to be a bit fancy, don’t think that UTP CAT5 cable only comes in one boring colour… those days are over ! You get a wide range of choices today :

T-568A & T-568B 4-pair Wiring

Ethernet is generally carried in 8-conductor cables with 8-pin modular plugs and jacks. The connector standard is called “RJ-45″ and is just like a standard RJ-11 modular telephone connector, except it is a bit wider to carry more pins.

Note: Keep in mind that the wiring schemes we are going to talk about are all for straight through cables only ! Cross over cables are examined on a separate page !

The eight-conductor data cable contains 4 pairs of wires. Each pair consists of a solid colored wire and a white wire with a stripe of the same color. The pairs are twisted together. To maintain reliability on Ethernet, you should not untwist them any more than necessary (like about 1 cm). The pairs designated for 10 and 100 Mbit Ethernet are Orange and Green. The other two pairs, Brown and Blue, can be used for a second Ethernet line or for phone connections.

There are two wiring standards for these cables, called “T568A” (also called “EIA”) and “T568B” (also called “AT&T” and “258A”). They differ only in connection sequence – that is, which color is on which pin, not in the definition of what electrical signal is on a particular color.

T-568A is supposed to be the standard for new installations, while T-568B is an acceptable alternative. However, most off-the-shelf data equipment and cables seem to be wired to T568B. T568B is also the AT&T standard. In fact, I have seen very few people using T568A to wire their network. It’s important not to mix systems, as both you and your equipment will become hopelessly confused.

Pin Number Designations for T568B

Note that the odd pin numbers are always the white with stripe color (1,3,5,7). The wires connect to RJ-45 8-pin connectors as shown below:

 

Color Codes for T568B
Pin color – pair name
1 white/orange (pair 2) TxData +
2 orange (pair 2) …….. TxData -
3 white/green (pair 3) ..RecvData+
4 blue (pair 1)
5 white/blue (pair 1)
6 green (pair 3) ………..RecvData-
7 white/brown (pair 4)
8 brown (pair 4)

The wall jack may be wired in a different sequence because the wires are often crossed inside the jack. The jack should either come with a wiring diagram or at least designate pin numbers.
Note that the blue pair is on the centre pins; this pair translates to the red/green pair for ordinary telephone lines which is also in the centre pair of an RJ-11. (green=wh/blu; red=blu)

Pin Number Designations for T568A

The T568A specification reverses the orange and green connections so that pairs 1 and 2 are on the centre 4 pins, which makes it more compatible with the telco voice connections. (Note that in the RJ-11 plug at the top, pairs 1 and 2 are on the centre 4 pins.) T568A goes:

Color Codes for T568A
Pin color – pair name
1 white/green (pair 3) ..RecvData+
2 green (pair 3) ……….RecvData-
3 white/orange (pair 2) TxData +
4 blue (pair 1)
5 white/blue (pair 1)
6 orange (pair 2) ………TxData -
7 white/brown (pair 4)
8 brown (pair 4)

The diagram below shows the 568A and 568B in comparison:

Where are they used ?

The most common application for a straight through cable is a connection between a PC and a hub/switch. In this case the PC is connected directly to the hub/switch which will automatically cross over the cable internaly, using special circuits. In the case of a CAT1 cable, which is usually found in telephone lines, only 2 wires are used, these do not require any special cross over since the phones connect directly to the phone socket.

The picture above shows us a standard CAT5 straight thru cable, used to connect a PC to a HUB. You might get a bit confused because you might expect the TX+ of one side to connect to the TX+ of the other side but this is not the case. When you connect a PC to a HUB, the HUB it will automatically x-over the cable for you by using its internal circuits, this results Pin 1 from the PC (which is TX+) to connect to Pin 1 of the HUB (which connects to RX+).This happens for the rest of the pinouts aswell.

If the HUB didn’t x-over the pinouts using its internal circuits (this happens when you use the Uplink port on the hub) then Pin 1 from the PC (which is TX+) would connect to Pin 1 of the HUB (which would be TX+ in this case). So you notice that no matter what we do with the HUB port (uplink or normal), the signals assigned to the 8 Pins on the PC side of things, will always remain the same, the HUB’s pinouts though will change depending wether the port is set to normal or uplink.