Windows Server 2008

window server 2003

The DNS Server service in Windows Server® 2008 makes data retrieval faster by implementing background zone loading. In the past, enterprises with zones containing large numbers of records in Active Directory® experienced delays of up to an hour or more when the DNS Server service in Windows Server 2003 tried to retrieve the DNS data from Active Directory on restart. During these delays, the DNS server was unavailable to service DNS client requests for any of its hosted zones.

To address this issue, the DNS Server service in Windows Server 2008 retrieves zone data from Active Directory in the background after it starts so that it can respond to requests for data from other zones. When the service starts, it creates one or more threads of execution to load the zones that are stored in Active Directory. Because there are separate threads for loading the Active Directory-based zones, the DNS Server service can respond to queries while zone loading is in progress.

If a DNS client requests data in a zone that has already been loaded, the DNS server responds appropriately. If the request is for data in a zone that has not yet been entirely retrieved, the DNS server retrieves the specific data from Active Directory instead.

This ability to retrieve specific data from Active Directory during zone loading provides an additional advantage over storing zone information in files-namely that the DNS Server service has the ability to respond to requests immediately. When the zone is stored in files, the service must sequentially read through the file until the data is found.

The Windows operating systems implements a default set of authentication protocols-Kerberos, NTLM, TLS/SSL, Digest, and PKU2U-as part of an extensible architecture. In addition, some protocols are combined into authentication packages such as the Credential Security Support Provider (CredSSP), Negotiate, and Negotiate Extensions. These protocols and packages enable authentication of users, computers, and services; the authentication process, in turn, enables authorized users and services to access resources in a secure manner.

Windows authentication protocols are conventions that control or enable the connection, communication, and data transfer between computers in a Windows environment by verifying the identity of the credentials of a user, computer, or process. The authentication protocols are security support providers (SSPs) that are installed in the form of dynamic-link libraries (DLLs).

Negotiate

Microsoft Negotiate is an SSP that acts as an application layer between the Security Support Provider Interface (SSPI) and the other SSPs. When an application calls into SSPI to log on to a network, it can specify an SSP to process the request. If the application specifies Negotiate, Negotiate analyzes the request and selects the best SSP to handle the request based on the configured security policy.

Currently, the Negotiate SSP selects either the Kerberos or NTLM protocol. Negotiate selects the Kerberos protocol unless it cannot be used by one of the systems involved in the authentication or if the client application did not provide a target name as a service principal name (SPN), a user principal name (UPN), or a NetBIOS account name. Otherwise, Negotiate will select the NTLM protocol.

A server that uses the Negotiate SSP can respond to client applications that specifically select either the Kerberos or NTLM protocol. However, a client application must first query the server to determine if it supports the Negotiate package before using Negotiate. (Negotiate is supported on Windows operating systems beginning with Windows Server 2003 and Windows XP.) A server that does not support Negotiate cannot always respond to requests from clients that specify Negotiate as the SSP

Kerberos

:The Kerberos version 5 (v5) authentication protocol provides a mechanism for authentication-and mutual authentication-between a client and a server, or between one server and another server

NTLM

The NTLM version 2 (NTLMv2) authentication protocol is a challenge/response authentication protocol. NTLM is used when exchanging communications with a computer running Windows NT Server 4.0 or earlier. Networks with this configuration are referred to as mixed-mode. NTLM is also the authentication protocol for computers that are not participating in a domain, such as stand-alone servers and workgroups.

Negotiate Extensions

NegoExts (NegoExts.dll) is an authentication package that negotiates the use of SSPs for applications and scenarios implemented by Microsoft and other software companies. Pku2u.dll is one of the supported SSPs that is installed by default, and developers can create custom providers.

PKU2U

The PKU2U protocol in Windows 7 and Windows Server 2008 R2 is implemented as an SSP. The SSP enables peer-to-peer authentication, particularly through the Windows 7 media and file sharing feature called Homegroup, which permits sharing between computers that are not members of a domain.

Credential Security Support Provider

Windows Vista introduced a new authentication package called the Credential Security Support Provider (CredSSP) that provides a single sign-on (SSO) user experience when starting new Terminal Services sessions. CredSSP enables applications to delegate users' credentials from the client computer (by using the client-side SSP) to the target server (through the server-side SSP) based on client policies

TLS/SSL

The TLS/SSL protocols are used to authenticate servers and clients, and to encrypt messages between the authenticated parties. The TLS/SSL protocols, versions 2.0 and 3.0, and the Private Communications Transport (PCT) protocol are based on public key cryptography. The secure channel (Schannel) authentication protocol suite provides these protocols. All Schannel protocols use a client/server model and are primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications

Digest

The Digest authentication protocol is a challenge/response protocol that is designed for use with HTTP and Simple Authentication Security Layer (SASL) exchanges. These exchanges require that parties requesting authentication must provide secret keys.

I'm not sure I understand your question ?

User Space is the memory area where all the user mode applications run. Kernel space is the area reserved for kernel use. For some Operating Systems kernel space is never swapped out. Each user space process normally runs in its own virtual memory space, and, unless explicitly requested, cannot access the memory of other processes.

5 for Standard edition, 100 for Enterprise

Yes,

You can

COndition: both should be able to ping each other ie subnet should be recognized by each other

if in a domain or workgroup they will be able to communicate

The PDC Emulator page 86 of you 2008 server book, Mr. ITT student.

Infrastructure master

Default Domain Policy and Default Domain Controller Policy

No, you have a choice when installing or downloading server 2008 as to whether or not you want the hyper-V technology. There are some core elements in most versions of Server 2008, but the complete functionality needs to be installed with the main installation.

Anonymous Logon

SOA Resource Records

Every zone contains a Start of Authority (SOA) resource record at the beginning of the zone. SOA resource records include the following fields:

*

The Owner , TTL , Class , and Type fields, as described in "Resource Record Format" earlier in this chapter.

*

The authoritative server field shows the primary DNS server authoritative for the zone.

*

The responsible person field shows the e-mail address of the administrator responsible for the zone. It uses a period (.) instead of an at symbol (@).

*

The serial number field shows how many times the zone has been updated. When a zone's secondary server contacts the master server for that zone to determine whether it needs to initiate a zone transfer, the zone's secondary server compares its own serial number with that of the master. If the serial number of the master is higher, the secondary server initiates a zone transfer.

*

The refresh field shows how often the secondary server for the zone checks to see whether the zone has been changed.

*

The retry field shows how long after sending a zone transfer request the secondary server for the zone waits for a response from the master server before retrying.

*

The expire field shows how long after the previous zone transfer the secondary server for the zone continues to respond to queries for the zone before discarding its own zone as invalid.

*

The minimum TTL field applies to all the resource records in the zone whenever a time to live value is not specified in a resource record. Whenever a resolver queries the server, the server sends back resource records along with the minimum time to live. Negative responses are cached for the minimum TTL of the SOA resource record of the authoritative zone.

The levels of access for local user group include the stewards, authors, check users and editors, while global user groups include domain administrators and users with global rollback access. A local user group is only available on the workstation on which it was created while comprises of users who provide support use on machines other than advanced servers in a domain.

The dynamic DNS integrated DNS refers to the method of automatically updating a name server in the DNS in real time.

no its is not possible . OUs of the same name in different domains are independent..

Organizational Units appear within a top-level Organization grouping or Organization certificate, called a Domain. In many systems one OU can also exist within another OU. When OUs are nested, as one OU contains another OU, this creates a relationship where the contained OU is called the child and the container is called the parent. Thus, OUs are used to create a hierarchy of containers within a domain. Only OUs within the same domain can have relationships.

A windows dedicated server is a server that is leased to one specific client. This server will not be used by any other clients. The service provider will offer IT and customer support for the server.

external trust

Use external trusts to provide access to resources located on a Windows NT 4.0 domain or a domain located in a separate forest that is not joined by a forest trust

When a trust is established between a domain in a particular forest and a domain outside of that forest, security principals from the external domain can access resources in the internal domain. Active Directory creates a foreign security principal object in the internal domain to represent each security principal from the trusted external domain. These foreign security principals can become members of domain local groups in the internal domain. Domain local groups can have members from domains outside of the forest.

Directory objects for foreign security principals are created by Active Directory and should not be manually modified. You can view foreign security principal objects from Active Directory Users and Computers by enabling advanced features. For information about enabling advanced features, see To view advanced features.

In domains with the functional level set to Windows 2000 mixed, it is recommended that you delete external trusts from a domain controller running Windows Server 2003. External trusts to Windows NT 4.0 or 3.51 domains can be deleted by authorized administrators on the domain controllers running Windows NT 4.0 or 3.51. However, only the trusted side of the relationship can be deleted on the domain controllers running Windows NT 4.0 or 3.51. The trusting side of the relationship (created in the Windows Server 2003 domain) is not deleted, and although it will not be operational, the trust will continue to display in Active Directory Domains and Trusts. To remove the trust completely, you will need to delete the trust from a domain controller running Windows Server 2003 in the trusting domain. If an external trust is inadvertently deleted from a domain controller running Windows NT 4.0 or 3.51, you will need to recreate the trust from any domain controller running Windows Server 2003 in the trusting domain

Yes, LDAP exists in both versions.

account management events

Windows Deployment Services (WDS)

The enterprise admin.

Enterprise Admins (only appears in the forest root domain)

Members of this group have full control of all domains in the forest. By default, this group is a member of the Administrators group on all domain controllers in the forest. By default, the Administrator account is a member of this group. Because this group has full control of the forest, add users with caution.

Access this computer from the network; Adjust memory quotas for a process; Back up files and directories; Bypass traverse checking; Change the system time; Create a pagefile; Debug programs; Enable computer and user accounts to be trusted for delegation; Force shutdown from a remote system; Increase scheduling priority; Load and unload device drivers; Allow log on locally; Manage auditing and security log; Modify firmware environment values; Profile single process; Profile system performance; Remove computer from docking station; Restore files and directories; Shut down the system; Take ownership of files or other objects.

Save the file with file name in double quotes comma A for ASCII.

Example: SAVE "myfile.bas",A

Ntds.dit

I like to work with exchange server, but one day something happened with my data. That day I was lucky and rapidly found out a probable solution, which might be suitable for this situation.

When you become unable to access contacts, emails, notes and other stored data then the need to have Quick and complete recovery of exchange serverarises. For this you can use exchange server recovery software. This software is capable enough to resolve entire related problem.