Windows Server 2003 – Configuration as domain controller and other options – Part 5

Part 5-Crea and connect an access script, set local authorizations, DHCP reservations for client, create and connect an access script

This part begins with the creation of a simple access script, which connects the letter of unit S: with the release of data on the server during the registration of a user.

To do this, we open Explorer on the server, move on to the Netlogon folder and create a new text file called Login.bat there.

New access file Click the image to enlarge

Make sure you have removed the hook in the folder options for «hiding extensions for well -known file types», otherwise the script is called Login.bat.txt and will not work.

The script itself is very simple:

Content of scripts

After saving the script, it is now important to assign it to users, there are two ways: the «classic» path – which should be known to those who have worked with NT – is known to enter the script individually in the account properties for each user. This works using the Snapin «Active Directory User and Computer» tab => double click on the user account tab => «» «profile».

Assign the script in the profile

With a hand full of users, this is certainly not the problem, but it is also more skilled by integrating the access script through the group directive. To do this, we start the GPMC and create a new GPO called Logins Script.

Assign the script on the group directive Click the image to enlarge

We click with the right mouse button on this new GPO, select «Edit» and browse User Configuration => Windows taxes => scripts (access).

Assign the script on the group directive Click the image to enlarge

The double click on «Registration» opens the «Access property» dialog box.

Assign the script on the group directive

Here we now click on «Add», then on «Search» and browse the Netlogon folder (this is better performed via Network Environment => Full Network => Microsoft Windows Network => Mydomain => Test Server => Netlogon or entering Test Operating Net Logon).

Assign the script on the group directive

Now we confirm all the dialogues with ok and voila, the login.bat is integrated. Now we are closing the editor of the group guidelines and we connect the new CRO object via drag & drop with our domain (as described in part 4 for the redirection of CRO folders).

Drag the fall into the local domain Click the image to enlarge

Notes:
Never use both methods at the same time, which inevitably leads to problems. Due to the simplest distribution for users, I now only use the variant through the group guidelines.
The access script is very simple, obviously you can do much more with the access scripts. Just look at the collection of scripts of the Wintotal software archive.

Set up local authorizations

Now we come to establish local authorizations:
Default users have national customers on customers to register in group users (local), that is, they are almost nothing, with the exception of the applications provided by the administrator.
Now it can make sense that, for example, the administrator himself wants to have local administration rights on each computer without registering as a domain administrator with his «normal» registration of users.
Once again, there are two ways to achieve this goal: a «manual» way through computers management and a group directive via. Since the route is no longer completely trivial through the group directive and an incorrect configuration or an not complete acquisition of GPS by customers cannot lead to anything else, I will not explain this path in more detailed way here.
For a handful of computers, the way through computers is quite useful, especially because you can do more than putting rights.
To manage the other computers directly via the network, they must obviously be turned on; A user, on the other hand, must not be registered.
We have the management of computers on the server (start => administration => computer management), click with the right button on the upstairs item «computer administration (local)» and select «connect the connection with another computer». Here we now enter the name of the administration computer.

Computers management, other computers

After clicking OK, the remote computer's computer management console appears after a short time.

Computers management, other computers

Here we move on to System => users and local groups => groups and do a double click on the group administrators.

Group administrators

Now we add the desired user of the administrators of the local group.

Group administrators, Add

After confirmation with OK, this user now has on the machine from the moment of the next registration to the rights of this customer.
Keep in mind that administration rights must not always be if, for example, an application based on a normal user account does not work, it is already possible to remedy the user's «main user» group.

DHCP reservations for customers

Let's now move on to the last section of this part, the DHCP reserves. What is a DHCP reserve actually and what sense does it make?
As explained in part 3, the clients of our network automatically receive their IP addresses from the server or its DHCP server. Once a lease has expired, the client requires a new lease and therefore receives the same IP address again or the other from the defined area. In short: the client can be accessible today with another IP address compared to yesterday.
The actual functionality of the network remains unchanged, but if you have set up a port forwarding for certain services on the router, for example, this is precisely this fact that the evolving IP addresses are discounted.
This is exactly where DHCP reservations arrive:
With their help, the client still receives its IP address via DHCP, but always the same, since the server recognizes the client based on the Mac address of its network card and reserves the IP address defined for it, then assigns it only a client.
To set the reservations, we open the corresponding console on the server via start => dhcp and navigate on «lease contracts of the address».

Dhcp

Here we see that the «Testpc» computer received the IP address 192.168.110 from the pool of addresses defined and is therefore accessible in the network. However, now we would like to assign this computer to the IP address 192.168.1.80 and we must create a reservation for this. The IP addresses used for reservations must not come from the addresses pool!
The determination of the Mac address of this computer is quite simple, we open a control line on the server and the computer.

Ping at IP

After carrying out the ping we perform an ARP -a in the same command line; The somewhat cryptic part under «physical address» is the Mac address.

Mac address via ARP -A

We copy this Mac address in the notes (we mark the left mouse button and then press sending) and we move on to the DHCP console. Here we run a right click on «reservations» and select «New booking».
We give feed the «new booking» dialog box with the requested data, add the Mac address using [STRG]+[V] In the Mac address field and select «only DHCP» for «supported types».

Booking via Mac address

After clicking OK, it should appear like this:

Booking via Mac address

From now on, our «Testpc» client always gets the IP address 192.168.1.80 and therefore can always be reached with this IP address. However, the client still uses the IP address assigned by the addresses pool.

An address from the addresses is still used Click the image to enlarge

This changes after a restart at the latest, but it can also be reached on the client by IPconfig /Release or renewed on the console.

Loosen the IP

New IP

In the DHCP console this is so.

Correct setting Click the image to enlarge

It is necessary to repeat this procedure for each network client which should always receive the same IP address via DHCP. To discover the Mac addresses of several computers simultaneously, you can also use the small Getmac script.

Part 6 will only address the topic of software update services (su), or a way to automatically provide all computers online (from Win2000 upwards) the most important updates, so the download from the internet is only once on the server and clients, then extract the updates locally from the server.

(35 votes, media: 4.40 out of 5)
Loading …