Advanced

Seizing of Roles: 

DC & ADC, when DC abruptly goes down, irreparable, no hopes of bringing back DC online we should seize the FSMO roles onto ADC

Permanently configures ADC as DC

Implementing: 

On ADC
Start - run – cmd – (ntdsutil)
Roles
Connections
Connect to server ADC’s server name
Q
Seize schema master
Seize Domain naming master
Seize RID master
Seize Infrastructure master
Seize PDC – q – q – exit.

Volume shadow copy services: VSCS
It is a new feature available only in 2003 flavor. Useful for taking online backup and access recent versions of files and folders.

Useful when the users inadvertently delete their files from network share and want them back. In case an administrator had taken a snapshot of the volume can retrieve the recent versions of the files.

Implimenting VSCS:

On server /DC
Create a folder with 2, 3 files in D or E drive
Share the folder
Give full access permissions
Taking a snapshot (VSCS):
Open my computer
Go to the drive properties where we’ve created the folder.
Click on shadow copies
Select the volume
Click on enable
Click on create now
Apply -ok

Verification:

Login from the client machine access the network resources from my network places
Delete 1or 2 files we’ve created – logoff
Login as administrator

To restore a deleted file

Access the network share from my network places
Right click on the share folder
Properties
Previous versions
Click on restore
Apply – ok

Try to access the network share from client machine
We should notice the deleted file restored.

SUS (Software Update Services):

It is a new feature of 2003. When our network client or servers wat their updates from internet, if internet is available to all the client machines whole network will be busying updating OS &software. This leads to network traffic
To overcome this problem we have to use a separate server configure as SUS, which is connected to Internet and obtains updates. Client machines instead of contacting Internet for updates contact the intranet SUS server for updates. This can be scheduled.

SUS software has to be downloaded from the internet and also I.I.S.

Implimenting SUS:

Install SUS in one of the member servers
On DC

Configuring client machines to contact SUS server for updates.

On DC
Open ADUC
Create an OU
Join the client machines to this OU
OU properties
Group policy
GPO name
Edit
Expand computer configuration
Administrative templates
Windows components
Windows updates
Double click on specified intranet
Enable – specify the server’s add in both the boxes.

To schedule the updates:

Double click o configure automatic updates
Specify the schedule

MBSA (Microsoft Baseline Security Analyzer):

It is a new feature of 2003. It is a service responsible for preparing a report which reveals a loop holes and draw backs of the OS and the applications installed in the server. Using this report an administrator can take some precautions.

It is also freely available software in internet. We can download it.
File name is mbsa.msi

It acts like a guide to the administrator

Using MBSA:

Start - programs – MBSAselect scan a computer/scan more than one computer
Provide the IP address of the computer
Click on start scan
It creates a report contains the information about the system.

RSOP: (Resultant Set of Policies):

It is a new feature of 2003 using which we can gather all the policies implemented by group policy in the entire forest.

RSOP works in two modes logging and planning

Logging: Generates the reports for the users who all have logged in and effected with the policy.

Planning: it is useful for experimentation. I.e. as an admin Would like to see the result of the policy before it is implemented.

Using RSOP

Open ADUC
Right click on the OU
Select RSOP
CIMOM (Common Information Management Object Model) is database where GP settings are registered.

GPMC (Group Policy Management Consol):

It is a new feature in 2003 which centralizes the management of group policies for ex. multiple forests, sites, OUs; Domains can be administered from a central location.

Gathering of group policies implemented in the entire forest is easy.
Implementing Group policy is also very easy
Back and restore of G.Ps is easy
Once installed, disables group policy option for local, sites & domain.
Software available in internet. Filename is gpmc.msi