Wednesday, May 30, 2012

Net Share Command-line Syntax

The first step in learning to use the net share command is to gain a basic understanding of the command line syntax of the tool. In basic terms, the syntax for net share is as follows:
          sharename=drive:path [/GRANT:user,[READ | CHANGE | FULL]]
                               [/USERS:number | /UNLIMITED]
                               [/CACHE:Manual | Documents| Programs | None ]
          sharename [/USERS:number | /UNLIMITED]
                    [/CACHE:Manual | Documents | Programs | None]
          {sharename | devicename | drive:path} /DELETE
          sharename \\computername /DELETE
As illustrated above, many of the tasks which can be performed using the graphical tools can also be performed using the command line. In the remainder of this chapter, some of the more common sharing tasks using net share will be covered.
Note that to perform any tasks other than viewing the current shares, the command-prompt must be running with administrator privileges. This can be achieved by right clicking on the Command Prompt in the Start menu and selecting Run as administrator.

Getting Share Information using Net Share

To obtain information about currently configured shares on a Windows Server 2008 system simply execute the net share command will no command-line options:
C:\Windows\system32>net share

Share name   Resource                        Remark

C$           C:\                             Default share
E$           E:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\Windows                      Remote Admin
MyFolder     C:\Users\bill\MyFolder
Users        C:\Users
The command completed successfully.

Creating a Share using Net Share

Perhaps the most common requirement when working with shared folder and folders is to create a new share. The most basic of commands simply creates the share and assigns a share name. For example:
C:\Windows\system32>net share MyFolder=c:\users\bill\MyFolder
MyFolder was shared successfully.
In the above example, the folder located at c:\users\bill\MyFolder has been shared using the share name MyFolder. By default, Windows will assign read permission to Everyone when a share is created without specifying any permissions.
In order to grant specific permissions to individual users or groups, the /GRANT option must be used when creating the share to specify the share permissions to be assigned. For example, the following command creates the MyFolder share assigning full permission to user fred:
C:\Windows\system32>net share MyFolder=c:\users\bill\MyFolder /GRANT:fred,FULL
MyFolder was shared successfully.
If permissions need to be granted to multiple users or groups, the /GRANT option may be used multiple times in a single net share command. In the following example, full share permissions are granted to user fred while bill is only assigned read permission:
C:\Windows\system32>net share MyFolder=c:\users\bill\MyFolder /GRANT:fred,FULL 
MyFolder was shared successfully.
To create a share with comments use the /REMARK argument following by the comment text:
C:\Windows\system32>net share MyFolder=c:\users\nas\MyFolder /REMARK:"My SharedFolder"
MyFolder was shared successfully.

Using Net Share to Delete a Share from a Local Server

To remove a share from a local server using the net share command together the share name of the share to be deleted together with the /DELETE option. For example:
C:\Windows\system32>net share MyFolder /DELETE
MyFolder was deleted successfully.

Using Net Share to Delete a Share from a Remote Server

The net share command may also be used to delete a share from a remote server. In order to achieve this, the name of the Remote Computer on which the share resides must be specified before the /DELETE option prefixed with \\. In the following command-line, the share named MyFolder is removed from a remote server named winserver-2:
C:\Windows\system32>net share MyFolder \\winserver-2 /DELETE
MyFolder was deleted successfully.
Once executed, the above command will delete the share named MyFolder from the remote server named winserver-2 such that it is no longer available for remote shared access.
Standard and Public File Sharing
Windows Server 2008 supports two types of file sharing, referred to as public file sharing and standard file sharing.
In the case of public file sharing any files to be shared must be copied to the server's Public folder located at %SystemDrive%\Users\Public. Once placed in this folder the files are accessible to any users logged locally onto the machine and, if enabled, to any network users. Public sharing provides some control over access to the files. For example, when the server belongs to a workgroup the public folder can be password protected. In addition, network access to files within the public folder can be restricted to reading and executing only or given permission to read, write, create and delete files.
Standard file sharing, which is only permitted on NTFS volumes, allows individual folders files and volumes to be shared to specific users. This provides far greater levels of security over network access through a combination of NTFS file and folder permissions and share permissions, and avoids the necessity to move files from their existing location in order to share them.
Enabling Windows Server 2008 File Sharing
File sharing in Windows Server 2008 is managed from the Network and Sharing Center, accessed by selecting Start -> Network and clicking on the Network and Sharing Center button in the toolbar. Once invoked, the Network and Sharing Center will list the current file sharing configuration and options as illustrated in the following figure:

To enable public file sharing, click on the down arrow next to the
 Public folder sharing in the section entitled Sharing and discovery. This will provide the following list of public folder sharing options:
§  Turn on sharing so anyone with network access can open files - Allows network users to open, but not delete, modify or create files in the server's public folder.
§  Turn on sharing so anyone with network access can open, change and create files - Allows network users to open, modify, delete and create files in the public folder.
§  Turn off sharing (people logged on to this computer can still access this folder) - Allow public folder access only to those users locally logged on to the server. Network users are denied access.
Similarly, standard file sharing can be configured by click the down arrow next to File sharing. When unfolded, this panel provides the option to either enable or disable standard file sharing on this server. When enabled, a dialog will appear providing the option to make the shared folders available only to the private network on which the system resides, or to make sharing available to public networks. The choice here depends on the requirements of the organization but for security purposes it is typically best to limit sharing to the private network unless external access is required.
The Network and Sharing Center also allows password access to shared folders to be configured. When the arrow next to Password protected sharing is selected the options to enable or disable password protection sharing are provided. When enabled on workgroup servers, only users with user accounts and passwords on the server will be able to access shared files and folders.
Creating Shared Folders with Windows Explorer
Shared folders can be configured using Windows Explorer, simply by navigating to the folder to be shared, right clicking on the folder and selecting Properties from the menu. In the properties dialog, click on the Sharing tab to display and modify the current shared folder settings as illustrated in the following figure:

Within the sharing property panel, click on the Share... button to access the File Sharing dialog. Within this dialog, the users who may access this shared folder are specified. If file sharing has been restricted to users with local accounts and passwords, a list of users can be obtained by clicking on the down arrow. In this situation, select and add users, or select Everyone if access is to be made available to all users with local accounts:

Once these settings are complete, click on the
 Share button to initiate the file sharing process. Once this initial phase of the share setup is complete a dialog will appear announcing this fact, listing the full Universal Naming Convention (UNC) path to the shared folder and providing the option to email users to notify them of this fact:

Having specified which users will have access to the folder the next step is to enable the sharing of the folder, specify
 share permissions and configure a Share Name by which the folder will be referenced and accessed. In addition caching of shared files can be configured. Caching allows users to maintain local copies of shared files so that they can be accessed off-line(for example when the server hosting the files is not available to the user's local system). With caching configured, local copies of shared files are stored on the user's local system so that they can be accessed without a connection to the server. When a connection is re-established, any changes made to the local copy of the file are synchronized with the original copy on the server.
To configure these settings, click on the Advanced Sharing button to display the following dialog:

In this dialog, set the
 Share this folder option to enable the sharing of the folder. Once this has been selected the Share name field and associated button will activate enabling a share name to be entered. By default the name of the folder being shared will be displayed, although this may be changed to another name if desired. If the number of concurrent users accessing a shared folder is of concern, modify the number of simultaneous users accordingly. Enter optional comments about the share before clicking on Caching to configure the off-line file settings. This will invoke the Offline Settings dialog where a number of options are available including allowing each user to specify which files they would like to be able to access off-line, only having files that users actually access available off-line and disabling off-line sharing all together:
The final step in the folder sharing setup is to click on Permissions to configure the share permissions, details of which are covered in a later section of this chapter.
Creating Shared Folders on Remote Servers with Computer Management
Windows Explorer provides an excellent mechanism for configuring shares on the local system. This approach falls a little short in terms of convenience, however, when it is necessary to configure shares on a remote server. Fortunately Windows Server 2008 addresses this need by allowing shares to be configured from the Computer Management tool. One point to note is that while this section will focus on the remote configuration of file shares, the steps outlined here may equally be used to share files on a local server. In fact, the Create a Shared Folder Wizard can be invoked on a local machine either from Computer Management or by entering shrpubw at the command prompt or in a Run dialog.
After starting Computer Management on the local system, right click on Computer Management in the left panel tree and select Connect to another computer... In the resulting dialog box either enter the name of the remote computer or click on Browse and then Advanced... to search the network or domain for the remote system. Once a connection has been established to the remote server the Computer Management interface will refresh and the Computer Management link in the tree will also display the name of the selected remote server.
Once Computer Management is configured to administer a remote server, the next step is to begin the folder sharing process. Begin by unfolding the System Tools, then Shared Foldersbranches of the tree in the left panel. Select Shares to obtain a list of current shares configured on the remote system. The following figure illustrates Computer Management with a list of shares configured on a remote system named WINSERVER-2:

The creation of a new shared folder on the remote server (although as previously mentioned this can also be used on local computers) involves the use of something called the
 Create A Shared Folder Wizard, which, as the name suggests provides a user friendly way of configuring shared folders. To invoke this wizard, simply right click on New Share..., then click on Nexton the wizard's welcome screen. In the resulting Folder Path screen, either type in the path of the folder to be shared, or browse the file systems to locate it. With the required folder path selected click on Next to configure the name and description settings. On this screen, specify the share name by which the folder will be accessed from remote computers together with an optional description of the shared folder. Next, configure the off-line file settings for the folder contents by clicking on Change.
Once these settings are configured, click on Next once again to configure the share permissions for the selected folder. Either select one of the pre-configured options or select Customize permissions and click on Custom to configure share permissions on a per user basis.
Finally, click on finish to complete the sharing process. If the configuration is successful a summary screen similar to the one illustration in the following figure will be displayed:

Creating Hidden Shares
By default, shared folders are listed when users browse for shared resources. From time to time, however, it may be necessary to share a folder but have it hidden such that only users who know of its existence can access it by referencing the share name. This concept is known as hidden share access. The most important point to note about hidden shares is that it does nothing to prevent access other than hiding the fact that the share exists. If, for example, a user learns of the existence of a hidden share (perhaps because another user tells them about it), and the share permissions are such that they have access to the folder, the fact that it is hidden will do nothing to keep the user out of that folder.
Shares are made hidden by placing a $ at the end of the share name. For example, to hide a share located at C:\accounts simply give it a share name with a trailing $, such as accounts$.
Understanding and Configuring Share Permissions
As outlined at the beginning of this chapter, Windows Server 2008 provides two levels of permissions for shared files and folders, namely share permissions and file and folder permissions. Share permissions are applied when access is made via the network. When shared files and folders are accessed locally from the server on which they reside these permissions serve no purpose. File and folder permissions, on the other hand, take effect both when accessing files and folders both locally and over the network. In the case of network access to shared files and folders, the shared permissions are applied first, followed by any file and folder permissions. The key issue to note is that file and folder permissions provide a far greater level of control over access than the more general permissions options provided by share permissions. In this section, share permissions will be covered. For details on file and folder permissions refer to the chapter entitled Understanding Windows Server 2008 File and Folder Ownership and Permissions.
Share permissions are granted on a per user and per group basis. In addition to allowing a cap on the number of concurrent users accessing a share to be defined, share permissions also provide three permission options, each of which can be set to Allow or Deny:
§  Full Control - Grants the specified users permission to change file and folder permissions, execute, read, modify, create and delete files and sub-folders.
§  Change - Grants users permission to change file and folder attributes, read, modify, execute, create and delete files and sub folders.
§  Read - Grants users permission to read and execute files and view and access file lists and sub-folders.
Permissions are cumulative in that a user will inherit the permissions of all the groups of which he or she is a member. If a permission is Denied, however, it overrides any cases where that permission may have been granted. For example, if a user is a member of a group where full control is provided over a folder, and also a member of a second group where full control is specifically denied, the user will be denied full control regardless of the fact that it was granted in the first group.
To configure share permissions, start Computer Management, connect to a remote server if not working on local shares, unfold System Tools and select Shares to list all currently shared folders. To configure share permissions for a folder, select it from the list, right click and select Properties. In the properties dialog select the Share Permissions tab as illustrated in the following figure:

This screen displays the current share permissions and provides the ability to configure additional permission controls. To change the settings for a currently configured group or user select the user from the list, modify the permissions accordingly and click on
 Apply to commit the changes.
To add permissions for a specific user or group click the Add button and enter one or more users or groups into the text box (separating multiple entries with a semi-colon) and click onCheck Names to verify the names are correct. Click on OK to return to the properties dialog where the added users and groups will appear in the list. Once again, select each name in turn and configure the desired share permissions. Finally, click Apply to commit the new permissions.

Saturday, May 26, 2012

Creating a New Console File
  1. On the Start Menu, click Run, type MMC, and then click OK. Microsoft Management Console opens with an empty console (or administrative tool) as shown in Figure 1 below. The empty console has no management functionality until you add some snap-ins. The MMC menu commands on the menu bar at the top of the Microsoft Management Console window apply to the entire console.
    Figure 1: Beginning Console Window
    Figure 1: Beginning Console Window
  2. Click Console (under Console1). On the Console Menu, click Add/Remove Snap-in. The Add/Remove Snap-in dialog box opens. This lets you enable extensions and configure which snap-ins are in the console file. You can specify where the snap-ins should be inserted in the Snap-in's "added to drop-down box." Accept the default, Console Root, for this exercise.
  3. Click Add. This displays the Add Standalone Snap-in dialog box that lists the snap-ins that are installed on your computer.
  4. From the list of snap-ins, double-click Computer Management to open the Computer Management wizard.
  5. Click Local computer and select the check box for "Allow the selected computer to be changed when launching from the command line."
  6. Click Finish. This returns you to the Add/Remove Snap-ins dialog box. Click Close.
  7. Click the Extensions tab as shown in Figure 2 below. By selecting the check box Add all extensions, all locally-installed extensions on the computer are used. If this check box is not selected, then any extension snap-in that is selected is explicitly loaded when the console file is opened on a different computer.
    Figure 2: Select All Extensions
    Figure 2: Select All Extensions
  8. Click OK to close the Add/Remove Snap-in dialog box. The Console Root window now has a snap-in, Computer Management, rooted at the Console Root folder.

Customizing the Display of Snap-ins in the Console: New Windows

After you add the snap-ins, you can add windows to provide different administrative views in the console.
To add windows
  1. In the left pane of the tree view in Figure 3 below, click the + next to Computer Management. Click System Tools.
    Figure 3: Console1: System Tools
  2. Right-click the Event Viewer folder that opens, and then click New window from here. As shown in Figure 4 below, this opens a new Event Viewer window rooted at the Event Viewer extension to computer management.
    Figure 4: Event Viewer
    Figure 4: Event Viewer
  3. Click Window and click Console Root.
  4. In the Console Root window, click Services and Applications, right-click Services in the left pane, and then click New Window. As shown in Figure 5 below, this opens a new Services window rooted at the Event Viewer extension to Computer Management. In the new window, click the Show/Hide Console Tree toolbar button to hide the console tree, as shown in the red circle in Figure 5 below.
    Figure 5: Show/Hide Button
  5. Close the original window with Console Root showing in it.
  6. On the Window menu, select Tile Horizontally. The console file should appear and include the information shown in Figure 4 and Figure 5 above.
  7. You can now save your new MMC console. Click the Save as icon on the Console window, and give your console a name. Your console is now saved as a .msc file, and you can provide it to anyone who needs to configure a computer with these tools.

Saturday, May 19, 2012

Hi guys today We discuss here How to  Make the domain controller follow this step by step for creating Active Directory
Click Start -> Run...
Type "dcpromo" and click "OK"
You will see the first window of the wizard.  As it suggests, I suggest reading the help associated with Active Directory.  After this, click "Next"
Click "Next" on the compatibility window, and in the next window keep the default option of "Domain Controller for a new domain" selected, and click "Next"
In this tutorial we will create a domain in a new forest, because it is the first DC, so keep that option selected
Now we have to think of a name for our domain.  If you own a web domain like "", you can use it, but it isn't suggested because computers inside of your domain may not be able to reach the company website.  Active Directory domains don't need to be "real" domains like the one above - they can be anything you wish.  So here I will create "visualwin.testdomain"
Now in order to keep things simple, we will use the first part of our domain ("visualwin"), which is the default selection, as the NetBIOS name of the domain
The next dialog suggests storing the AD database and log on separate hard disks, and so do I, but for this tutorial I'll just keep the defaults
The SYSVOL folder is a public share, where things like .MSI software packages can be kept when you will distribute packages (as I said, AD has a lot of different features).  Once again, I will keep the default selection but it can be changed if you wish to use the space of another drive
Now we will get a message that basically says that you will need a DNS server in order for everything to work the way we want it (i.e., our "visualwin.testdomain" to be reachable).  As I mentioned earlier, we will install the DNS server on this machine as well, but it can be installed elsewhere.  So keep the default selection of "Install and configure", and click "Next"
Because, after all, this is a Windows Server 2003 tutorial website, we'll assume there are no pre-Windows 2000 servers that will be accessing this domain, so keep the default of "Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems" and click "Next"
The restore mode password is the single password that all administrators hope to never use, however they should also never forget it because this is the single password that might save a failed server.  Make sure it's easy to remember but difficult to guess
Now we will see a summary of what will happen.  Make sure it's all correct because changing it afterwards can prove to be difficult
After the previous next was clicked, the actual process occurs.  This can take several minutes.  It's likely that you will be prompted for your Windows Server 2003 CD (for DNS) so have it handy
If your computer has a dynamically assigned address (from DHCP) you will be prompted to give it a static IP address.  Click ok, and then in the Local Area Connection properties, click "Internet Protocol (TCP/IP)" and then "Properties"
In the next window select "Use the following IP address" and select the information that you will use for your domain (and for the primary DNS, because your computer will host DNS.  I still suggest setting up an alternate as well.)  Click "OK" and then "Close" on the next window
And after a while you will see
And we're finished.

Thursday, May 17, 2012

MCITP Overview
The Microsoft Certified IT Professional (MCITP) certification helps validate that an individual has the comprehensive set of skills necessary to perform a particular job role, such as database administrator or enterprise messaging administrator. MCITP certifications build on the technical proficiency measured in the Microsoft Certified Technology Specialist (MCTS) certifications. Therefore, you will earn one or more MCTS certifications on your way to earning an MCITP certification.
Why get certified?
Earning a Microsoft Certification helps validate your proven experience and helps you build your career, whether you are new to technology or a seasoned professional. The benefits you receive after earning a Microsoft Certification provide you opportunities to connect with a vast, global network of Microsoft Certified Professionals (MCPs)
Earning a Microsoft Certification helps validate your proven experience and helps you build your career, whether you are new to technology or a seasoned professional. The benefits you receive after earning a Microsoft Certification provide you opportunities to connect with a vast, global network of Microsoft Certified Professionals (MCPs).
MCITP Certifications
Windows 2008 Enterprise Edition is considered as Microsoft’s most reliable, scalable and high-performing server operating system. It has been designed to simplify the process of Migration from the previous versions of windows; managing mission critical data with enhanced security technology and provides maximum server uptime for sophisticated business needs.
MCITP: Enterprise Administrator on Windows Server 2008 ( 5 Modules)
Windows 2007, Configuring | Exam 70-680
Windows Server 2008 Active Directory, Configuring | Exam 70–640
Windows Server 2008 Network Infrastructure, Configuring     | Exam 70-642
Windows Server 2008 Applications Infrastructure, Configuring | Exam 70-643
Windows Server 2008, Enterprise Administrator | Exam 70-647
MCITP: Server Administrator on Windows Server 2008 ( 3 Modules)
Exam 70-640 | Exam 70-642 | Exam 70- 646