Windows clients in the network use DNS to locate domain controllers, which hold the Active Directory database. When you decide to promote a Windows Server to become a domain controller, you’ll be prompted to install a DNS server as well, unless another DNS server already exists on the network. After the domain controller has been properly configured, it will register records in DNS that enable clients to find the domain controllers in the domain.

However, you can always install a DNS server on Windows Server whether or not you decide to use the Active Directory. For example, you might have a few Windows servers in a Unix network and decide to use Microsoft’s version of DNS because you find the graphical interface easy to use. Or you might want to install additional DNS servers to provide a backup for a primary DNS server. You don’t have to install the DNS service on just a domain controller, but the system must run Windows 2000 Server or Windows Server 2003.

Installing the service is just as simple as installing the WINS service:

1. Click Start, Programs, Control Panel (Start/Control Panel for Windows Server 2003).
2. From the Control Panel, double-click the Add/Remove Programs icon.
3. When the Add/Remove Programs window pops up, click Add/Remove Windows Components (on the left part of the window). The Add/Remove Programs window now displays a Components button in the upper-right side of the window. Click the Components button, and the Windows Components Wizard dialog box pops up.
4. Scroll down until you find Networking Services and highlight it by clicking it once. Then click the Details button.
5. When the Networking Services dialog box appears, scroll down until you find Domain Name System (DNS). Click the check box next to the component and click OK.
6. When prompted, insert the Windows Server source CD into your CD-ROM drive and then wait a minute or so until while files are copied to your hard drive. When the Windows Components Wizard window reappears, click Next.
7. Another window appears, titled Completing the Windows Components Wizard. Click Finish.
8. When the Add/Remove Programs window reappears, click OK or Close.

By default, the TCP/IP protocol is configured to receive its IP information (IP address, subnet mask, etc.) automatically from a Dynamic Host Configuration Protocol (DHCP) server on the network. Anyway, here’s how it’s done manually:

1. In Windows XP, open the Control Panel and double-click the Network Connections applet. Double-click the Local Area Connection icon. In Windows 2000, click Start> Settings> Network and Dial-Up Connections, and double-click the Local Area Connection icon. In Windows 9x/Me, alternate-click Network Neighborhood and double-click My Network Places to to get to your network settings.

2. Click Properties, highlight the Internet protocol (TCP/IP), and click Properties.

3. In the dialog box, click the Use the Following IP Address radio button.

4. Enter the IP address in the appropriate fields.

5. Press the TAB key to skip down to the subnet mask fields. Note that the subnet mask is entered automatically (this can be overwritten to enter a different subnet mask).

6. Optionally, enter the IP address for a default gateway (router or another computer system that will forward transmissions beyond your network).

7. Optionally, enter the IP address of a primary and secondary DNS server.

8. Click OK to close the dialog box.

9. Click Close to exit the Local Area Connection Status dialog box.

10. Windows will alert you that you must restart the for the changes to take effect.

Access Control Lists (ACL) are used by routers and other networking devices to control traffic that comes in and out of your network. These access lists can be general in nature or specific to certain types of communications. Access Lists are typically used in firewalls to control communications between public and private networks, but they can also be used on internal routers to regulate traffic within the network. An Access List Entry (ALE), which is contained inside the ACL, usually includes where the network packet is coming from, where it’s going, what the protocol is (whether TCP or UDP), the TCP/IP port it uses, and, finally, whether access is allowed or denied. The types of parameters that can be controlled using an access list include the following:

Source Address – This parameter specifies the originating source IP address of a packet. The source address can be an internal or external machine, or an internal address that it proxies to an external address.

Destination Address – The destination IP address specifies where the packet is going. This can be internal or external to the network.

Port Numbers – This parameter specifies the TCP/IP port number the communication is using. Each type of  TCP/IP service uses a standard port.

Protocol – This parameter identifies the protocol being used in the transmission, such as File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), or Dynamic Host Configuration Protocol (DHCP). This is usually used in conjunction with a port number that’s standard to that protocol or service. This parameter can also be used to define whether the protocol is using TCP or UDP.

Permit or Deny – This parameter is used to permit or deny the communication specified in the access list entry.

The following is an example of an ACL entry for a router:

L 8-1        permit source 192.168.13.2 destination 10.1.5.25 tcp port 80

The syntax used by your router or network device will be similar to this entry, but it varies from vendor to vendor. ACLs can be a valuable security tool for locking down access to certain networks or hosts. This type of access control is critical for preventing spoofing attacks, where an unauthorized user tries to masquerade their external host as an internal system by spoofing the IP address to look like it’s coming from the internal network. An ACL can be set up to prevent external traffic coming in as an internal address.

Windows Virtual Memory system works  by writing data that won’t fit into RAM into a page file that holds the overflow. For efficient operation, the page file should be unfragmentedand positioned either on its own physical disk drive (preferably a disk that’s seldom used), or on the Windows disk but not on a drive that’s really just an alternate partition on the same physical drive as the Windows installation drive.

To configure Page File sizes and locations, you must be logged on as a Computer Administrator. Right-click My Computer and select Properties to open the System Properties dialog. Select the Advanced tab, and click the top Settings button under Performance. Select the Advanced tab and click the Change button under Virtual Memory.

After first installing Windows, there will probably be a page file located on drive C: (or the boot drive) with the System Managed Size option selected. You can create page files on more appropriate, faster drives and leave the original file as is, or delete it.

To create a new page file, select a drive letter in the upper part of the dialog and select either Custom Size or System Managed Size. If you want to prevent the page file from fragmenting, create it on a freshly formatted or defragmented drive or and set a custom initial size at 1.5 to 3 times the amount of physical RAM installed in your computer. To prevent the page file from growing or fragmenting, set its maximum size at the same amount. The new file will be created and used immediately.

If you are not sure what your system’s memory demands will be, leave the page file set to System Managed Size and let Windows manage it.

To delete a page file, select a drive letter in the upper-hand part of the dialog and select No Paging File. The file will be freed and deleted when you restart Windows.

For years, techs have accepted as their lot in life the curse of having to use dozens of different command line and GUI tools that simply did not behave in a consistent way. Microsoft addresses this issue in Windows 2000 and XP with the Microsoft Management Console (MMC). The MCC enables Microsoft, and third-party vendors, to create tools that present a consistent face while maintaining a high degree of flexibility.

Another tool that is built into Windows 2000/XP is the Task Manager. The Task Manager enables you to monitor currently running programs and processes, change their priority, and stop them if necessary.

Microsoft Management Console (MMC)
The MMC is simply a shell program that holds individual utilities called snap-ins. You can start the MMC by opening the Run option and typing in MMC to get a blank MMC console. Blank MMC consoles aren’t much to look at. The function of the MMC changes depending on what snap-in is loaded. Many of the tools in the Control Panel’s Administrative Tools folder are simply pre-configured MMC’s. Virtually every traditional windows tool – and a lot of new ones – are now snap-ins. You can easily create custom MMC’s with the snap-ins of your choice loaded. Let’s look at how to do that by manually loading one of your most important tools, the Device Manager.

Device Manager
As you know, the Device Manager is one of the most used tools we have (it’s oddly not included with Windows NT). It’s easy enough to get to it the traditional way – by opening the System Properties applet in the Control Panel, clicking the Hardware tab, and then clicking the Device Manager button – but it makes more sense to “cut to the chase” and configure a custom MMC with the Device Manager. Open up a blank MMC, then in Windows 2000, click Console; in Windows XP, click File. In either O/S, select Add/Remove Snap-in, and then click the Add button to see a list of available snap-ins. After you click Add, choose the computer the snap-in will manage. Select Local Computer to focus on the local system, or browse to always focus the tool on a different computer on your network, and click Finish. After this, close the Add Standalone Snap-in box. The Device Manager will be listed in the Standalone page of the Add/Remove Snap-in box. Click OK to close it, and then click Device Manager under Console Root. Once you’ve added the snap-in you want, just save the console under any name you want (with the extension of .msc). Now, you’re only a double-click away from the Device Manager! Microsoft also knows that some folks like things the old way, so the company has created a bunch of pre-made, locked consoles for you and dropped them in the same places, where you’d expect them to be (if you have previous experience with Windows 9x). You can open the Windows System Utility in Windows 2000/XP, for example, by clicking Start/Programs/Accessories/System Tools/System Information. It’s the good ol’ System Information Utility, but it’s an MMC-style snap-in.

Event Viewer
Another important snap-in is Windows Event Viewer. Work with Event Viewer (available in Windows NT, 2000 and XP). Work with Event Viewer for a while and you’ll see that monitoring various log files reveals things about the health of the operating system through the behavior (logged events) of its services and applications. Event Viewer is usually started from the Administrative Tools. In Windows 2000, open the Control Panel, double-click the Administrative Tools icon, and double-click the Event Viewer icon. In Windows XP, open the Control Panel, double-click the Performance and Maintenance icon, then Administrative Tools, then Event Viewer. The Event Viewer will display events from three log files: Application, Security and System. 

Types of Events
Event Viewer displays five types of events. The System and Applications logs have Error, Warning, and Information events, while the Security log displays Success Audit and Failure Audit events. An Error event is bad news – something’s broken or data has been lost. In the Application log, this can mean an entire application hung up or an operation failed. In the System log, this can mean that a service failed. A service is a special program that provides specific functionality to the O/S. A warning is something that isn’t critical, but may mean there is trouble to come. For instance, if disk space is low, a Warning event is logged. An information event is the only good news, because it means an application, driver, or service successfully completed an operation.

Event Viewer Settings
In Event Viewer, alternate-click System select Properties. In Properties, look at the Log Size box, which defines the maximum size a log file may grow to, and what action should be taken when the log file reaches the maximum. The defaults are 512 KB and Overwrite Events Older Than 7 Days. You can easily reconfigure these settings, but be aware that large log files take up a lot of space on the hard disk drive. If scrolling through large log files makes you dizzy, you can use Filter settings to make the viewer show only specific selections. Change the filter settings so that when you are viewing a large log file, you can filter out events by type, source, category ID, user, computer, and date. Keep in mind that this controls only what Event Viewer displays: all events will still be logged to the file, so you can change your filter settings without worrying about losing logged data.

Clearing, Archiving and Opening a Log File
Clear the System Log by alternate-clicking System Log and selecting Clear All Events. You’ll be prompted to save the System Log. To do so, click the Yes button. You can archive a log file that you want to be able to view later by saving it with a unique filename. To open the file you just saved, click the Action menu, select Open Log File, select the file, then the log type (System, Application, or Security), and then click Open.

Task Manager
The Task Manager is another important utility in the tech’s toolbox. Not an MMC snap-in, but a freestanding utility, the Task Manager enables you to monitor, in real time, your PC’s currently running programs and processes and gauge overall system performance. There are several ways to look at the Task Manager. The following work in Windows NT, 2000 and XP:

Press the CTRL-SHIFT-ESC key combination
Press CTRL-ALT-DEL once
Alternate click on a blank area of the task bar and select Task Manager from the pop-up menu
Select Start | Run and type taskmgr

The Task Manager displays three property sheets: Applications, Processes, and Performance. Windows XP also adds tabs for Networking and Users. At the bottom of the utility window is a summary of the total number of processes running, total CPU usage, and total RAM usage (called Commit Charge in Windows XP).

Applications
The Applications property sheet shows all applications currently running on your system, along with their active status (Running, Not Responding, or Stopped). Using the Application property sheet,  you can close an application (End Task), make an application active (Switch To), or start an application (New Task).

Processes
Every program or service running on your system is actually one or more discrete process. The Processes property sheet lists processes and services currently running on the system. There’s a lot you can do from the Processes tab. Look at the Processes tab on your system and compare it to the Application tab. Notice that there’s a lot of stuff showing in process that doesn’t show applications.That’s because the Applications tab shows only applications started by the user. It does not show any services or any child processes started by applications or by services. You can end a process in the Processes tab by alternate clicking and selecting End Task from the pop-up menu. The End Process Tree will close that process and any other processes started by that process. Notepad is a simple program that does not start any other processes, so just click End Process – Windows gives you a warning screen – then click OK. You can do a lot more than just close processes in the Processes tab. For each process running, you will see a unique Process ID (PID), the amount of CPU time that the process is using, the amount of time the process has been running, and the amount of system memory usage. One of the handiest aspects of the Process tab is the memory usage. Try starting a few bigger programs – Microsoft Word is a good example – and see how much memory they use.  You can also set the priority for processes in the Process tab – a very handy way to give more important programs more of the CPU’s time. the priority determines the order in which the threads of a process are scheduled for the CPU. To set a base priority for a process, alternate click the process and select Set Priority from the pop-up menu, then select a base priority for the process to run at. Choices are Real-Time, High, Above Normal, Normal, Below Normal, and Low. Be aware that increasing the base priority of one process may adversely affect other processes running on the system. This is especially so if you assign a process Realtime base priority, which, depending on the application, can cause the system to stop responding.

Performance
The Performance property sheet gives you a graphical overview of the system’s CPU and memory usage. You can see real-time graphs of CPU and memory usage and the total number of handles, threads  and other processes.

Handles are values assigned to open resources such as files or Registry keys. Threads are discrete chunks of processes. Just as a program is made of processes, a process is made of threads.

The Performance tab gives some very nice details on memory usage, particularly the physical, commit charge, and kernel memory statistics.

Physical memory is the actual RAM on your system. The Performance tab shows the total amount of RAM, the amount available, and the amount used for the system cache (the system cache is basically just the disk  cache).

Commit Charge memory is the amount of memory that is actually being used. The Limit is the total amount of both physical and virtual memory, and the Peak is the most you have used recently.

Kernel Memory statistics show the memory used by the core Windows files. This one is probably the least useful.

Networking
Available only on Windows XP, the Networking tab shows the State, Link, Speed and Percentage of Network Utilization for NICs installed on the system. Aside from providing a pretty graph, the Networking tab doesn’t enable you to perform any real technical tasks on your NIC or network connection.

Users
The Users tab shows names and session status of users configured to access the PC. You can use this tab to disconnect users currently logged onto the system, or send messages to users on other systems in the same workgroup. The Users tab is available on Windows XP PCs that belong to a workgroup (no domain) and have Fast User Switching enabled.

If you are unable to connect to a VPN server, check the following:

Check basic settings such as username, password and host name or IP address. These settings are easy to change, and a single digit or letter error is enough to prevent a successful connection.

Compare the settings used by your VPN client to those expected by the VPN server. Adjust client settings to match those used by the server.

If you use a router to connect your computer to the Internet, make sure the router is configured to provide IPSec and PPTP pass-through. With a Linksys router, check the filters dialog to check these settings. For other routers, check your documentation. If either or both pass-through settings are disabled, you are not able to connect to a VPN server.

If you use a router to connect your computer to the Internet and another user has a VPN connection running, but you can’t connect at the same time, this is normal. Most low-cost routers for home and small office support IPSec and PPTP pass-through for only one user at a time.

When you sit down and power the machine on, the first thing that happens is that the system BIOS loads the underlying programs that fire up the computer. The last thing the BIOS does is to load the Master Boot Record (MBR) data into memory.

1. The MBR contains code that locates the system bootable partition.
2. From the system partition, NTLDR executes and gets the operating system startup process rolling.
3. This brings us to the BOOT.INI file. NTLDR locates and reads the BOOT.INI file for information such as which operating system to launch, where to find the appropriate files to launch that system, and boot menu items.
4. The boot menu displays.
5. NTDETECT.COM launches.
6. NTOSKRNL.EXE runs and the HAL is loaded.
7. Low-level system device drivers load.
8. Operating system kernel and subsystems load and initialize.
9. Any remaining drivers and services are loaded, and Windows 2000 is up and running.

Boot Files and Locations:

NTLDR: System  partition root (e.g. “C:\”)
BOOT.INI: System partition root (e.g. “C:\”)
BOOTSECT.DOS: System partition root (e.g. “C:\”) Only needed on multi-boot systems with Windows 9x/Me
NTDETECT.COM: System partition root (e.g. “C:\”)
NTBOOTDD.SYS: System partition root (e.g. “C:\”) Only used if system partition is on SCSI disk with BIOS disabled
NTOSKRNI.EXE: %SystemRoot%\System32 (e.g. “C:\WINNT\System32″)
HAL.DLL: %SystemRoot%\System32 (e.g. “C:\WINNT\System32″)
SYSTEM: %SystemRoot%\System32\Config (e.g. “C:\WINNT\System32\Config“)

One of the more confusing aspects of the Windows NT/2000/XP family lies in the way Microsoft distinguishes between what they call the system partition and the boot partition. Only a few vital files are required to start the boot process, and these files are stored on the system partition. This is the first, active partition on the system: by default, this is the C:\ drive. The boot partition, interestingly, is not the the partition the O/S boots from, but rather the partition that the O/S boots to. The boot partition is the partition that holds the O/S files themselves (in the \WINNT folder).
The system partition and the boot partition can be the same partition (and, if your hard disk drive has only one partition, then they are the same), but they don’t have to be. During Windows NT/2000/XP setup, you can specify any partition as your boot partition. In fact, on systems with more than one O/S installed – multiboot systems – Microsoft highly recommends that you install each O/S on its own partition.
As an example, let’s say you have a system with a single hard disk drive split into two partitions: C:\ and D:\, with Windows 98SE installed on the C:\ drive (i.e. C:\Windows) and Windows 2000 installed on the D:\ drive (i.e. D:\WINNT). The C:\ drive is called the system partition, and the D:\ drive is called the boot partition.

In the NT/2000/XP world, every folder and file on an NTFS partition has a list that contains two sets of data. First, the list details every user and group that has access to that file or folder. Second, the list specifies the level of access that each user or group has to that file and folder. The level of access is defined by a set of restrictions called “Permissions.”

Permissions – These define exactly what a particular account can or cannot do to the file or folder and are thus quite detailed and powerful. You can make it possible, for example, for a person to edit a file but not delete it. You can create a folder and not allow other people to make subfolders.

Ownership – When you create a new file or folder on an NTFS partition, you become the owner of that file or folder. A newly-created file or folder by default gives full permission for everyone to access, delete and otherwise manipulate that file or folder. Owners can do anything they want to the files or folders they own, including changing the permissions to prevent others from accessing them.

Take Ownership – One special permission, however, called Take Ownership, enables anyone with that permission to do just that – seize control of a file or folder. Administrator accounts have Take Ownership permission for everything.

Change Permissions - An account with this permission can take away permissions for other accounts.

Folder Permissions – In Windows NT/2000/XP, every folder in an NTFS partition has a Security tab. Every Security tab contains two main areas. The top area shows the list of accounts that have permissions for that resource: the lower area shows exactly what permissions have been assigned to that account.

Windows permissions are quite powerful and complex. The list of permissions shown in the permission area, for example, is not really permissions, but rather preset combinations of permissions that cover the most common types of access. Click the Advanced button, and then click View/Edit to see the real NTFS permissions; Microsoft calls them special permissions. Even the most advanced NT/2000/XP support people rarely need to access these.

File Permissions – File permissions are quite similar to folder permissions. Permissions are cumulative, and the accumulate according to inheritance. There is an inheritance relationship between a folder and the files or subfolders that it contains. Permissions that are configured on a folder are passed down, or inherited, to the contents of that folder by default. This means that if you have Full Control on a folder, you get Full Control on the files in that folder. If you look at the bottom of the Security tab, you will see a little check box that says, “Allow inheritable permissions from parent to propagate to this object.” In other words, any files or subfolders created in this folder get the same permissions for the same user/groups that the folder has. This enables you to stop a user from getting a specific permission via inheritance. Windows 2000 and XP (unlike Windows NT) provide explicit Deny functions to each option.

Ok… I don’t condone black hat hacking or password stealing, but I found this very interesting. I found this article in the Summer 2008 (Volume 25, #2) issue of 2600, the Hacker Quarterly. While it explains how to capture login and password information, it speaks volumes to the ineptitude of Best Buy’s “Geek Squad.” The article is written by Turgon.

Ahh, the Geek Squad: love them or hate them, they’re here to stay. Best Buy’s computer “task force” can be found in every store, at your home or office, or on the road in their black and white VW Beetles.
A majority of their employees, who are known as Agents, are high school kids with a basic understanding of Windows Vista and XP, but more than a few of them really know their stuff. Some even read and contribute to 2600 Magazine.
What is this article about? Well, it isn’t a rant about incompetence. Sorry guys and gals, but you can find plenty of that on consumerist.com or on countless forums. No, what I am here to talk about is a tiny security issue with huge consequences. Here’s how to wreak havoc in five easy steps:

First Step: Call the Geek Squad at 1-800-433-5778 and set up and appointment for a wireless network security install. This is their cheapest and quickest service. Unfortunately, it will cost you $59; as we’ll see later, though, this is a small price to pay for such a prize.

Second Step: Install a keylogger on your laptop or desktop computer. Software, hardware, doesn’t matter.

Third Step: Reset your wireless router settings to the defaults; disable WEP and WPA, and use the default SSID. Then, sit back and wait for your appointment. A field tech, who we’ll call Double Agent, will show up at your door. He or she will take a look at your situation and secure your router with WPA: piece of cake! Thank the agent for their amazing WPA-typing skills and reject any other additional services they may try to “up-sell.”

Fourth Step: Your hero agent will now sit down at your computer, open a Web browser, and go to https://sts.geeksquad.com/sts. Once there, they will type in their login credentials. The username will be something like 123456; the password will be a case-sensitive combination of letters and numbers. The agent will pull up your name and account on the Geek Squad system, which is called “STS,” and which is able to take credit cards via a shopping cart feature, print receipts, add charges, remove charges, and so on. Your receipt will print out, and the Agent will log out and close the browser.

Fifth Step: With the agent gone, you should first change your WPA key to something else. You’ve now got the agent’s STS login and password.
Thanks to your keylogger, you now have login credentials for STS, giving you access to Geek Squad’s entire customer database of literally millions of customers. Addresses, phone numbers, and e-mail addresses are just the beginning. Most agents, per corporate policy, also log copious notes of every customers’ WPA or WEP key, SSID, IP address, PC make and model, O/S, RAM amount, viruses found, and lots more. The Geek Squad database contains information not only about individuals but also about their numerous small business clients.

Note that agents are required to reset their STS passwords on a regular basis, and a hacked password is easily reset by corporate. Therefore, having an agent’s login credentials is only good for information gathering; once an agent realizes that his password has been changed, he’ll have it reset in minutes. There’s no easy way for an agent to know if an account is being abused, as it’s possible to login from multiple computers or browsers at the same time. One could theoretically have unfettered access for months before the agent is forced to change the password at a server prompt.
Agents are usually clever enough to find keyloggers if they are performing virus removals, system optimizations or upgrades, and similar jobs. The simple fact that they’re only out to encrypt your wireless router means they won’t even look twice to check background programs or physically examine the machine and inspect for hardware loggers.
Best Buy likes to cut corners, and its employees and customers always get the short end of the stick. A workable solution to the security issue I have discussed would be for Best Buy to provide a laptop to its agents for on-site use. Companies like HP, Toshiba or Gateway would probably even split the cost to have these “respected” Geek Squad agents toting their brand’s laptop into impressionable customers’ homes. Other prevention techniques that Best Buy might employ include a server-side upgrade requiring a SecurID token for access to STS or limiting lowly Agents’ access to the huge database of customer information.
For a company at the cutting edge of new technology, Best Buy is setting their Geek Squad brand up for major trouble. There’s huge risk that any of their over 2,000 field agents might enter their credentials into a comprimised computer. There’s also the risk of abuse. At all times, any agent, Best Buy manager, or call center phone jockey has access to an extravagant amount of customer data. I am no whistle blower or disgruntled employee, but corporations like Best Buy are reactionary. They only act on behalf of customers or employees when they get in trouble. When all other methods fail, I turn to the community!