Lecture 1: Introduction

Download Report

Transcript Lecture 1: Introduction 

New SA Training
Topic 2: Virtualization

You job requires the use of hardware
virtualization
 Virtualization allows our company to
create virtual computers that act like
traditional server and desktop machines
 During your training period, you will be
using Microsoft’s Virtual PC as your
hypervisor
 Our training focus is on concepts (thus,
you will not necessarily use production
tools, OS versions, etc.)
Differencing disks

You will be creating differencing disk images
for your hard drives
Creating a differencing disk
Disk Differencing works by storing only the
changes to an original image in a new VPC virtual
hard-disk. We can create the disk or the machine
first.
Steps for creating the disk first follow. They were taken from:
http://csciwww.etsu.edu/nielsen/4417/VPC_a.htm.
A machine first example can be found at:
http://csciwww.etsu.edu/nielsen/4417/VPC.htm
Creating a differencing disk (cont.)
Create a new Virtual Hard Disk using the Wizard
Creating a differencing disk (cont.)
Creating a differencing disk (cont.)
Create the differencing VHD in a folder of your choice.
(This is the disk that will hold the changes made to the
parent)
Creating a differencing disk (cont.)
Then select the Parent VHD. (The one with the OS
installed on it)
Creating a virtual machine
Create a New Virtual Machine using the Wizard
Creating a virtual machine (cont.)
Creating a virtual machine (cont.)
New SA Training
Topic 3: User Management
 What is a user to you?
 How do we group classes/categories of
users?
 Location of information (host or centralized)
 Home directory
 Opportunities for pre-login scripting/
initialization
 Passwords
 “Object” identifiers (SID, UID, GID)
Windows Specifics
Domain Controllers
 Active Directory
 Windows user/group setup:
 Local vs. Domain
 GUI vs. Command line (manage via MMC
vs. “net user”, “addusers”, etc.)
 Groups: primarily useful for administration
 Windows groups: complex (stick to domain
groups for now)

Windows Specifics
 Where are passwords stored?

Local? Network?
 What makes a password “acceptable”?

“Complex” passwords –





Can’t contain the username or parts of the user's
full name
At least six characters long
At least three of: uppercase, lowercase, numbers,
special characters/symbols (ex: !, $, #, %)
Additional settings – max age, min age,
history, etc.
http://technet.microsoft.com/en-us/library/cc264456.aspx
Windows Specifics (cont.)
Windows logon:
 Computer logon
 Interactive user logon
 Network user logon
 Service logon
 Profiles (controls the user desktop environment)
 Local profiles
 Roaming profiles
 Mandatory profiles

Windows Specifics (cont.)
Group policies – Computer or user based;
flow down from Site, to Domain, to OU
 Example settings:
 User security
 Application installation
 Boot
 Logon
 Logoff
 Shutdown
 Various “look-and-feel”

Windows Specifics (cont.)

Group Policy Container (GPC)
The AD portion of a GPO is called the Group
Policy Container
 The GPC stores GPO properties, containers
(computer and user), status, version, etc.


Group Policy Template (GPT)
The portion of a GPO that is stored as folders
and files in SYSVOL directory
 The GPT is where the majority of actual
settings are stored when you edit a GPO

Windows Specifics (cont.)
While most policy settings are stored in the
GPT, some policy areas use both the GPC
and GPT, others use only the GPC and some
don’t use either the GPC or GPT.
 Windows Scripting Host and ADSI: Take a
look at Windows 2000 User Management or
Windows 2000 Power Toolkit (in Safari, or
Microsoft).

Windows User/GP/Profile Exercise
 Let’s look at the MMC
Users
 Groups
 Computer accounts
 Group Policy
 View Group Policy Settings with RSoP

 Let’s look at a Default Profile
Linux Specifics
 Linux
user/group setup:
 Local vs. Network
 GUI vs. Command line vs. editing files
(Red Hat User Manager vs.
“useradd”, “addusers”, etc. vs. edit
/etc/passwd)
Linux Specifics
 Where are passwords stored?


Network?
Local?
 Where is group information stored?
 What makes a password “acceptable” to a
Linux system?
Linux Specifics (cont.)

/etc/passwd: username, passwd, uid, gid,
GECOS, home directory, login shell/program


/etc/group: name, passwd, gid, user list


GECOS contains general information about the
user. The exact type of information depends on
the UNIX variant, but for example it may contain
real name and phone number.
Groups: Avoid user private groups (UPG) as it is
RedHat-specific. Why tie yourself to a vendor if
you don't have to?
/etc/shadow: (days, in terms of days since
Jan 1, 1970)
Linux Specifics (cont.)

Shadow file format
 username
 encrypted passwd
 date password was last changed
 days before PW may be changed (minlife)
 days after which PW must be changed
(maxlife)
 days before password expires to warn user
 days after password expires to disable
account
 day that account expires and is disabled
 Reserved (i.e., nothing useful)
Linux Specifics (cont.)
 Shell environments & customizations


/etc/shells - Contains the pathname of every shell
available on your system; Some daemons disallow
access to users with unlisted shells
 /bin/sh – Bourne shell
 /bin/bash – bash shell
 /bin/csh – C shell
 /sbin/nologin – a program to politely disallow
logins
/etc/skel - The home directory for each new user is
initialized with files from the /etc/skel directory; The
SA can use /etc/skel to provide a default
environment for users
Linux Specifics (cont.)

SA Environment settings



/etc/profile – System wide environment and startup
programs that are executed at login (default path,
umask, terminal type, etc.)
/etc/bashrc, /etc/csh_cshrc, or others– System wide
functions, aliases, etc. that are set when shell starts
(may update path, modify your prompt, set command
aliases, etc.)
User Environment settings – similar to above,
but are set by the user in their home directory


.*login / .*profile (.login, .profile, csh.login,
.bash_profile, etc.) - Stores settings executed at login
.*rc (.cshrc, .bashrc, etc.) - Stores settings executed
at shell session start
Linux Specifics (cont.)
NIS (Network Information Service)
 Distributed database that allows one
configuration to be used for many
computers
 Assumes a high degree of trust (so can be
insecure)
 LDAP (Lightweight Directory Access Protocol
– not just Linux)
 Allows for quick location of information
 Can provide enterprise-level user
authentication
 Can provide access control

Linux User/Profile Exercise
 Let’s look at the important files
passwd
 group
 shadow
 /etc/shells
 /etc/skel
 .profile
 ENV (.bashrc)
