Today we discussed the variousu ways we have to connect to network devices.  Many times, for us, that will mean the patch cable in the back of our computers connecting to the wall (unshielded twisted pair), but many times, especially in the server room, this could mean serial cables as well.  In really old networks, this could mean coaxial cable as well.

Next, we took some time and constructed our own patch cables.  We looked at straight-through cables, crossover cables, and rollover  cables.

Homework:

• Chapter 6 Review Questi0ns.

Today’s class covered chapters 10 and 11.

For us, that meant a slight break from the normal intensity that is NSA 150/151, and a look at the larger picture of safety and customer service.

Computers are electronic objects.  As such, they have the capacity to hurt us.  Just like any electronic object.  Are the chances good that they’ll hurt us?  No, but anything we can do to improve our odds of not being hurt or killed is a good idea in my book!

So, how not to get hurt?  Well, first of all, I’d suggest leaving the guts of the power supply and any CRT monitors you may still have alone!  Printers?  Well, be careful.   The main thing to remember with printers is not to get yourself destroyed, but to keep the area around you clean.  So doing things like not turning hte printer upside down to shake something out is a good idea.

Also, dealing with safety, cords can be a monumental issue.  So any cables that are on the floor need to be packed under a floor cable guard, and it’s generally a good idea to bind up any cables coming off the back of a desk up out of the way.  I realize that I’m a hypocrite on both of these counts, but note that I said it’s a good idea, not that I necessarily follow that good idea.  Heh.

My wife will appreciate taking care to keep the environment safe as well.  As tempting as it is, please do not put old computers and monitors in the trash, as these electrical components have lead in them that can then leak into our water supply.

We also talked about protecting the computer itself.  It’s a known fact that electrostatic discharge can fry the snot out of computers, and to keep ESD at a minimum is absolutely required.  We can do this by way of anti-static mats, wristbands and just grounding yourself against metal inside the computer case (my favorite grounding spot?  The power supply.).

The next chapter covered communication skills.  It’s no secret that most computer people are NOT people people too.  And most normal people are not computer people.  This combination can equal disaster, and it’s important as professionals to remember that not everyone knows the facts that you do about computers.  In summary, pick out something you know very little about and think you’d feel if someone berated you for not knowing about it.  There ya go.

Homework:

• Chapter 10 Review Questions
• Chapter 11 Review Questions

We had a big day today, covering 3 chapters, and finishing up our discussion on Group Policy.  Next week, we’ll finish up the remaining two chapters in the book and work the remaining time on our “Show Me the Money” network implementation!!

Anyway, chapter 8 covered the user and computer environments when configured by Group Policy.  The first area of focus was the area of security policies.  As you know from previous discussion (earlier today!?) that we can configure security policies on our machines to allow or disallow (or block, even) certain kinds of behavior, or limit that behavior to certain individuals.  The nice thing is is that, using Group Policy, we can configure those settings once in a GPO and then assign it to a large number of computers by attaching that GPO to an object associated with the computers we wish to control (inside the Sales OU, for example).

We also looked at a concept called Folder Redirection.  With Folder Redirection, we are able to control where user files end up during backup or in day-to-day use.  A common use of Folder Redirection is to configure a GPO that makes the client computers store files on a network location instead of on the local computer when a user saves in the “Documents” folder.  To the end user, nothing is too different from their home machine, but the files are actually saved to the server without the user having to know to save their documents to the \\srv-01\files\ directory.  It’s just easier that way.  Especially if we ever have to move those files!   Oh, and also, the .zap files only work on software assigned to user groups — not computers.  Very important!

Disk Quotas, we’ve looked at before, are ways of limiting your users from gobbling up a bunch of server space.  Especially in this day of digital media, it’s not uncommon for users to rip a  bunch of CDs to their computers thinking they’re storing them on their local HDD, when in fact they are being stored on the server (aha! Folder Redirection!).  Disk Quotas ensures that your server doesn’t get filled up with a bunch of 320 kbps Menudo .mp3 files.

Chapter 9 talked about the installation of software titles via Group Policy.  This is perhaps one of the most useful things you can do with GP — imagine having to install something like MS Office onto 200 computers (especially if you only had 1 disc) — it would be a nightmare!

By copying the disc to a network share and then configuring a GPO to put that software onto the computers that fell within its scope, you could install that software automatically, with no walking around and mindlessly configuring.

There is a downside, however.  In order for GP to install software programs, the program installation file must be a Windows Installer file (.msi extension).  .EXEs won’t work, unfortunately, unless you want to configure a .zap file.  .Zap files work like old .ini files and simply are directions for GP to use .EXEs in their deployments.  The downside is that the installations often will need user intervention and in many cases will need someone with local administrator rights present.

Finally, Chapter 10 covered GP management, and here’s where things can get fun.  Or hairy.  Or both, if that’s your thing.

Group Policy is an object just like anything else, and can therefore have an ACL attached to it.  This ensures that certain users within an OU keep from having GPOs attached to them.  For example, if I wnated a particular user in an OU to *not* have their taskbar locked, I could place a deny read on that particular GPO for that particular user.

In addition, I can use something called WMI filters.  WMI stands for Windows Management Instrumentation, and is used in Windows 2003 to filter down for particular requirements on our machines.  For example, if I want to apply a certain GPO to only Windows XP machines, I could apply a WMI filter that selects out Windows XP machines.  How, you ask?  Well, WMI uses a mechanism that is very similar to the SQL database language, and a query is written in very much the same way.  So to only apply a particular GPO to Windows XP machines, I would apply a WMI filter that looks like this:

SELECT * from Win32_operatingsystem WHERE caption = "Microsoft Windows XP Professional"

The downside here, of course, is that I can only apply 1 WMI filter to a GPO.  (I can use the same WMI filter attached to several GPOs though).

Homework:

• Take Home Test #05 – download it here!
• Continue working on MS E-Learning Modules!

Today’s topic is one of those quintessential networking topics — security.  Today was our first real discussion about the various security methodologies that are out there, but we definitely have brushed over them before.

As you’ll remember, there are several approaches we can take when looking to secure our intellectual property, and we should choose several in order to protect it.  We can choose authorization methods, which have the network require that people prove they are who they say they are (usually by way of username and password) before being allowed access to network assets — as well as setting up user rights and permissions to go along with their accounts.

We looked at the built-in groups that  come with Windows’ initial installation and discussed some of the things users in those groups can do.  For instance, we talked about two common local groups — the administrators and power users groups.  We talked about how the groups are similar in that they have elevated rights, but how the administrator account is able to accomplish so much more (driver installation and most “system” tasks).

We also talked about setting security templates — collections of security settings that we can apply to our machines so that we aren’t spending an inordinate amount of time tweaking mundane settings.  We discussed how Windows comes with its own security templates and how we can come up with our own and apply them to our computers.

The EFS (Encrypted File System) was also discussed — how the file system itself can encrypt files that are only open-able by the user that created them.  In order to do this, you must have the NTFS file system in place.

Finally, we discussed the Microsoft Baseline Security Analyzer (MBSA), which will comb through your system and compare it to the current state your server should be (regarding updates) and known security implementations (requiring compelx passwords, etc.).  It will then show you a report you can use to harden your network, which is a good idea, all around.

Homework:

• Take Home Test #5 – download it here.
• Continue work on MS E-Learning Modules!!!

Welcome to first day of Microsoft Word.  We dug in with Chapter 5, hopefully learned a lot, and were on our way.

Homework:

• Chapter 5: Matching
• Chapter 5: Fill-in-the-Blank
• Chapter 5: Project 1C
• Chapter 5: Project 1D

Today we talked about chapter 7, virtual servers.  Virtual servers, in the context of Exchange, refers to the services that are running on that physical server, such as POP3, IMAP, NNTP, etc.  It is possible to stop, start and restart those servers independently of the physical server, which makes the entire network infrastructure more stable.

Homework:

• Because I’m such a nice guy, have the week off.

Today’s class was all about network operating systems.  Of course, today, virtually all operating systems that are on the market are technically Network Operating Systems — meaning that they are operating systems with the ability to access a network.  Operating systems with this capability haven’t always been the norm, however, and we discussed the history of some of the more common NOSs.  We basically covered the ins and outs of Novell, Apple, Unix and Windows.

Homework:

• Chapter 5 Review Questions

Today we took a look at basic networking topics.  Since almost all computing we do today has something to do with networking at some level, networking is actually a very important part of PC repair.  We discussed what a LAN, MAN and WAN are and what the similarities are between them.  We also looked at peer-to-peer distribution models and compared them to a client/server distribution model and discussed the pros and cons of each.  Next, I introduced the concept of topologies, there are four physical topologies (bus, star, ring and mesh) and two logical ones (star bus, star ring).

Next, I introduced the concept of the OSI model.  We didn’t dive too horribly deep into this, since we will cover this in depth next quarter in Network+ (just ask JD!), but for now, just be able to reproduce it.  We had a brief introduction into IP addressing and finally ended up the chapter talking about common network connectors.

The next chapter took networking concepts and went just a little further with them, exploring the security angle of things.  Our technology is so exposed to the rest of the world today, and its important to be able to know about the security technologies in place that are designed to protect us.

Homework:

• Chapter Eight Review Questions
• Chapter Nine Review Questions

Ok, you’ve heard me blather on and on since the A+ class about how my favorite topic to talk about is Group Policy.  Well, good news (me), we’ve reached the point in your educational career where we get to dive into Group Policy head-first!

Group Policies make it easier to configure large amounts of computers identically, correctly and quickly.  Imagine if you had to travel around to hundreds of client computers and set up a corporate wallpaper on everyone’s desktop!  This would take literally hours to accomplish, and several users would simply change the wallpaper back to their kids after you left anyway.  With Group Policy, you can literally make about 10 clicks, do some minimal typing, and then when each user logs back on to their computers, they have the corporate wallpaper in place and, if you set it up this way, are forced into keeping it that way!

A set of settings is called a Group Policy Object (GPOs), and the various objects that can have GPOs attached to them can have many GPOs attached at a time.  The various objects that can have GPOs attached to them are the local machines, the AD site, the domain and the Organizational Unit (OU).  Interestingly, Security Groups can not have GPOs attached to them, despite having the name Group Policy.  Weird, eh?

We took a look at where GPOs are actually stored, and took a look inside them.  Each GPO is about 4MB in a Server 2003 system, and so having a BUNCH of them can really start to affect replication, so try to use them sparingly.  Server 2008 solves this problem with XML making the GPO system a lot more lightweight.  But I digress.

We took a look at the Group Policy Editor inside Server 2003, and then installed the Group Policy Management Console.  This is an invaluable tool not included with the Server 2003 media, but you are expected to know how to use it, so make sure you download it from Microsoft’s site and practice with it.

So, what happens if you have a GPO attached to one place that requires one thing, and a separate GPO attached to a different place that requires something totally different?  The GPOs will be in conflict — which one wins?

The answer lies in a) which object the GPO is attached to and possibly b) how high on the priority list the GPO is.

Active Directory attaches GPOs in the following order: local machine, sites, domains and finally OU.  If a GPO is already assigned and another one comes along that is different, the newest one takes precedence.  Let’s explore this with an example user that is in the BG site of the greedycorp domain.  Furthermore, this particular user lives in an OU called “Sales”.  If I have a policy of “Lock the Taskbar” set to enabled at the local machine level, and a different policy of “Don’t Lock the Taskbar” attached to the BG site, the user’s task bar is not going to be locked?  Why?  Because the BG site’s GPO was attached later, and therefore overwrote the policy attached ot the local machine.  If another policy attached to the greedycorp.com domain indicated “Lock the Taskbar”, then that particular user’s taskbar would be locked, since the policy attached to the domain was applied after the local computer and the site.  Make sense?

There’s a really easy way to remember the order in which GPOs are applied: LSD… Ohhhh.  (I’m sure this blog is going to get all kinds of unintended attention now).

Homework:

• Take Home Test #04 – Chapter 07 – download it here.
• Continue work on MS E-Learning modules.

Welcome to November!

If you remembered, two weeks ago, we discussed DNS — what it does and how it does it.  This week, we return to the concept of DNS and, perhaps more importantly, how to manage it in an organization.  We looked at a number of ways of keeping your thumb on DNS.

The first way we looked at was simply the Monitor tab of your DNS server properties dialog box.  The main use of this tab is to perform some queries against your DNS servers.  You can perform either recursive or iterative queries against your servers (remember those?)

The next tool we looked at was NSLOOKUP.  NSLOOKUP is a command line tool and uses reverse lookup zones (remember those?) to lookup your name servers, hence the name.  We discussed the various things you can do with NSLOOKUP, and instead of rehashing them here, check out this link to get more information.

The next tool we looked at was a powerful DNS tool called DNSLint.  This tool is available from the Windows Support Tools and is used to do some advanced DNS troubleshooting.  Depending in which options we use with the command, we can do various things.  For example, running dnslint /d boston.contoso.com will test the boston.contoso.com domain to ensure that it has proper DNS connectivity.  Again, TechNet has more information here.

Next up, we looked at the DNSCMD command, which can be used to directly manipulate the DNS database.  If, for example, I want to insert a Host (A) record pointing traffic aimed at mailserver.contoso.com to 10.1.5.1 I would type in this from the command prompt:

dnscmd dnsserver.contoso.com /recordadd mailserver A 10.1.5.1

The last thing we discussed was Replication Monitor, which is launched simply by issuing the replmon command from the command prompt.  This command allows us to ahem, monitor replication to discover any errors that might be happening.

Homework:

• Take Home Test #4 – download it here.
• Continue working on MS E-Learning Modules.