System and Network Administration

Chapter 2
2. Windows network Concepts:
In this lesson we will learn several networking concepts: the workgroup, the computer name, the
IP address, the network location and the Homegroup. Our objective is for to understand what
these concepts are and what their role in network sharing is.

Even though the workgroup is a very old concept that may not seem relevant in today’s operating
systems, it is still important and it can negatively impact your networking experience. That’s
why we will explain it in detail.

While we may already know what a computer name and IP address are, you may not fully
understand the concept of network locations that was introduced in Windows 7. The location
assign to a network has a great impact on your network sharing experience. With only one
setting you completely change the way we can or cannot do sharing.

The Homegroup is another subject that doesn’t seem to be easily understood by users. Even
though it is simple to set up and, not that many people understand why they should use it and
how. In this lesson we will explain the basics about the Homegroup while in future lessons we
will share in detail how it works.

Without getting these basics right, you won’t be able to successfully share folders and devices,
especially when we have multiple operating systems in your network. Let’s get started.

2.1 Workgroup

The workgroup is a collection of computers that are part of the same network. All the computers
are peers and do not have control over another computer. The workgroup facilitates the detection
of the computers that are part of it and the sharing of resources like folders or printers.

1
Workgroups are not protected by the use of a password and they can be created only for
computers that are part of the same local network. They are designed for small networks like
those found in your home or small businesses. According to Microsoft, there should not be more
than 20 computers in the same workgroup, so that the management of the network doesn’t get
too complicated.

The workgroup can be joined by computers with diverse operating systems. You don’t have to
have the same operating system or the same version in order to use this feature.

How to Learn Whether Your PC is Part of a Workgroup

By default, all Windows computers are part of a workgroup named WORKGROUP. Therefore,
when setting up your network, you should not need to configure this setting.

However, you can double check that your Windows PC or device is part of a workgroup by
going to “Control Panel > System and Security > System”. There you will find a section named
“Computer name, domain, and workgroup settings”.

Look for the entry named “Workgroup”.

2
What is the Computer Name?

Every operating system asks you to give a computer name when you install it on a PC or device.
Windows is no exception to this rule. That’s because this name is important to identify the
computer when it is part of a network.

Your computer’s name can be learned by going to “Control Panel > System and Security >
System”. There you will find a section named “Computer name, domain, and workgroup
settings”. Look for the entry named “Computer name”.

In order to successfully join a workgroup and use all the available network sharing features, your
computer must have a unique computer name. This name should have a maximum of 15
characters and should not include spaces or special characters like : \ * , . ” or @.

3
What is the IP Address?

When you connect to a network, you will always receive an IP address. IP address means
“Internet Protocol” address and it is a numerical label for your computer. This concept is similar
to the computer name in the sense that it is used to identify your PC or device on the network and
provide a unique address where other computers or devices can find it.

IP addresses are binary numbers but they are displayed in human-readable notations, such as
192.168.0.2. In a home network, the IP addresses are automatically given to every device or PC
by the router, when the network connection is established.

There are several ways to learn the IP address of your computer. The simplest way that works in
all versions of Windows is to open the “Command Prompt”. Open a Run window by pressing
“WIN + R” on your keyboard, type “cmd” and press “Enter”.

Then, type the “ipconfig” command and press Enter. A list is displayed with all your network
adapters and their properties. For each network adapter, there is a field named IPv4 Address,
displaying its IP address.

If you are using multiple network cards or virtualization software, make sure that you look at the
network device that’s connected to your home network. There you will see the IP address you
have for your active network connection.

4
The Basic Concepts in Network Sharing
While browsing the network, you can find computers by using both their IP address and their
computer name. For example, you can open the “Run” window in Windows by pressing “WIN +
R” on your keyboard. Then, type \\ followed by the name of a computer in your network or its IP
address.

After pressing “Enter”, you will see the same thing: that computer’s shared folders and devices.

What is the Network Location?

A network profile or network location is a collection of network and sharing settings that are
applied to your active network connection.

Each time you connect to a new network in Windows 7, you are asked to select a location for it.
The available choices are home, work and public.

5
Depending on the location you assign, features such as file and printer sharing, network
discovery, and others might be turned on or off. When creating your own home network, you
should always choose “Home network”.

In Windows 8.x, you have only two profiles: private and public. When connecting to a new
network, you are asked to decide whether you want to find PCs, devices, and content on your
network.

If you are connecting to your home network or a network you trust, select “Yes” and the private
network profile is activated for that connection.

Network locations are very useful on laptops and tablets. If you travel a lot, you will connect to a
lot of different networks. With one simple setting, Windows will automatically adjust the
location assigned to each network connection and all the relevant network sharing settings.

How to Learn the Active Network Location

6
If you would like to learn what location is assigned to your active network connection, open the
“Control Panel”, and go to “Network and Internet > Network and Sharing Center”.

In the middle of the window, there is a section named “View your active networks” where you
will see the name of the network and the location assigned to it.

Remember, in Windows 8.x you will see only one of two values for the network location
(“private network” or “public network”) while in Windows 7, you will see only one of three
values (“home network”, “work network” or “public network”).

What is the Homegroup?

The Homegroup is a networking feature introduced in Windows 7 and continued in Windows

8.x.

7
A Homegroup’s purpose is to easily facilitate the sharing of files and printers with other people
on a home network. This feature doesn’t work on public or business networks because it is
designed specifically for home users. This means that you can create or join a Homegroup only
if the profile for your active network connection is set as “home” in Windows 7 or “private” in
Windows 8.x.

In order for a computer to join a Homegroup, it must first be a member of the same “workgroup”
as the other computers in the Homegroup. The Homegroup is protected with a password but you
need to type it only when first joining it.

As you will see in lesson 4, setting up sharing with the Homegroup is much faster than
traditional network sharing in Windows Vista or Windows XP.

How to Learn Whether Your Computer is Part of a Homegroup

If you would like to learn whether your PC or device is part of a Homegroup, open the “Control
Panel” and go to “Network and Internet > Network and Sharing Center”.

In the middle of the window, there is a section named “View your active networks”.

There you will find a line named HomeGroup. If it says “Joined” near it, then your computer is
part of a Homegroup.

If it says anything else, than your computer is not part of the Homegroup.
8
2.2 Server Domain:
Windows Server Domain or often referred to as the Windows NT Domain is a logical group that consists
of computers that are running the operating system Windows that uses a database of user accounts
concentrated in one center. This centralized database (on Windows 2000 and later versions of Windows
Server that is later referred to as Active Directory ) contains user accounts and security information for each
resource contained in the domain of the. Everyone who uses a computer in a domain will have its own unique
account. These user accounts can also be assigned to access the resources contained in the relevant domain.

A Windows Server domain does not refer to a single site or a particular type of network
configuration. The computers are joined in a same domain can be considered as though he netted
in the same physical location, despite the fact it is located far away. During these computers can
communicate with each other, the position and the physical location of the computer will have no
effect in Windows Server domain.
The benefit of Windows Server domains are:

 Centralized administration: management domain as a whole can be done simply by accessing

a single database only.
 The logon process is simple and just once: access to resources in a domain can be given only
by using a logon processes only.
 Scalability: a large network can be created with a Windows Server domain.
The computers contained in the domain Active Directory can be divided into logical groups,
called the Organizational Unit (OU) to further simplify management. On Windows Server
systems original domain (brought by Windows NT 3.1 / 3.5 / 3:51 / 4.0 ), the machines can only
be seen from administration software into two states only: 1) computer detected on a network,
and 2) a computer belonging to a domain. Active Directory is easier for administrators to
perform domain management and change the configuration and network policies to all machines
connected to the domain. Computers may be associated with a domain simply by using
a LAN or WAN using connections Virtual Private Networking (VPN).

2.3 Domain Controllers:

On Microsoft Servers, a domain controller (DC) is a server computer that responds to security
authentication requests (logging in, checking permissions, etc.) within a Windows domain.
A domain is a concept introduced in Windows NT whereby a user may be granted access to a
number of computer resources with the use of a single username and password combination.

Windows 2000 and later versions introduced Active Directory ("AD"), which largely eliminated
the concept of PDC and BDC in favor of multi-master replication. However, there are still
several roles that only one domain controller can perform, called the Flexible single master
operation roles. Some of these roles must be filled by one DC per domain, while others only
require one DC per AD forest. If the server performing one of these roles is lost, the domain can
still function, and if the server will not be available again, an administrator can designate an
alternate DC to assume the role in a process known as "seizing" the role.

9
Primary domain controller

In Windows NT 4, one DC serves as the primary domain controller (PDC). Others, if they exist,
are usually a backup domain controller (BDC). The PDC is typically designated as the "first".
[5]
The "User Manager for Domains" is a utility for maintaining user/group information. It uses
the domain security database on the primary controller. The PDC has the master copy of the
user accounts database which it can access and modify. The BDC computers have a copy of
this database, but these copies are read-only. The PDC will replicate its account database to the
BDCs on a regular basis.[6] The BDCs exist in order to provide a backup to the PDC, and can also
be used to authenticate users logging on to the network. If a PDC should fail, one of the BDCs
can then be promoted to take its place. The PDC will usually be the first domain controller that
was created unless it was replaced by a promoted BDC.

PDC emulation

In modern releases of Windows, domains have been supplemented by the use of Active
Directory services. In Active Directory domains, the concept of primary and secondary domain
controller relationships no longer applies. PDC emulators hold the accounts databases and
administrative tools. As a result, a heavy workload can slow the system down. The DNS service
may be installed on a secondary emulator machine to relieve the workload on the PDC emulator.
The same rules apply; only one PDC may exist on a domain, but multiple replication servers may
still be used.

The PDC emulator master acts in place of the PDC if there are Windows NT 4.0 domain
controllers (BDCs) remaining within the domain, acting as a source for them to replicate from.

The PDC emulator master receives preferential replication of password changes within the
domain. As password changes take time to replicate across all the domain controllers in an
Active Directory domain, the PDC emulator master receives notification of password changes
immediately, and if a logon attempt fails at another domain controller, that domain controller
will forward the logon request to the PDC emulator master before rejecting it.

The PDC emulator master also serves as the machine to which all domain controllers in the
domain will synchronise their clocks. It, in turn, should be configured to synchronise to an
external NTP time source.

Samba

PDC has been faithfully recreated on the Samba emulation of Microsoft's SMB client/server
system. Samba has the capability to emulate an NT 4.0 domain, running on a Linux machine.

Backup domain controller: In Windows NT 4 domains, the backup domain controller (BDC)
is a computer that has a copy of the user accounts database. Unlike the accounts database on the
PDC, the BDC database is a read-only copy. When changes are made to the master accounts
database on the PDC, the PDC pushes the updates down to the BDCs. These additional domain
controllers exist to provide fault tolerance. If the PDC fails, then it can be replaced by a BDC.

10
In such circumstances, an administrator promotes a BDC to be the new PDC. BDCs can also
authenticate user logon requests and take some of the authentication load from the PDC.

When Windows 2000 was released, the NT domain as found in NT 4 and prior versions was
replaced by Active Directory. In Active Directory domains running in native mode, the concept
of the PDC and BDC do not exist. In these domains, all domain controllers are considered
equals. A side effect of this change is the loss of ability to create a "read-only" domain
controller. Windows Server 2008 reintroduces this capability.

2.4 LDAP & Windows Active Direcory

Active Directory (AD) is a directory service that Microsoft developed for Windows
domain networks. It is included in most Windows Server operating systems as a set
of processes and services.[1][2] Initially, Active Directory was only in charge of centralized
domain management. Starting with Windows Server 2008, however, Active Directory became an
umbrella title for a broad range of directory-based identity-related services.
A server running Active Directory Domain Services (AD DS) is called a domain controller.
It authenticates and authorizes all users and computers in a Windows domain type network—
assigning and enforcing security policies for all computers and installing or updating software.
For example, when a user logs into a computer that is part of a Windows domain, Active
Directory checks the submitted password and determines whether the user is a system
administrator or normal user.[4] Also, it allows management and storage of information at admin
level and provides authentication and authorization mechanisms and a framework to deploy other
related services (AD Certificate Services, AD Federated Services, etc.).
Active Directory uses Lightweight Directory Access Protocol (LDAP) versions 2 and 3,
Microsoft's version of Kerberos, and DNS.
Active Directory Services consist of multiple directory services. The best known is Active
Directory Domain Services, commonly abbreviated as AD DS or simply AD.
 Domain Services
Active Directory Domain Services (AD DS) is the cornerstone of every Windows
domain network. It stores information about members of the domain, including devices and
users, verifies their credentials and defines their access rights. The server (or the cluster of
servers) running this service is called a domain controller. A domain controller is contacted when
a user logs into a device, accesses another device across the network, or runs a line-of-
business Metro-style app sideloaded into a device.
Other Active Directory services (excluding LDS, as described below) as well as most of
Microsoft server technologies rely on or use Domain Services; examples include Group
Policy, Encrypting File System, BitLocker, Domain Name Services, Remote Desktop
Services, Exchange Server and SharePoint Server.
 Lightweight Directory Services
Active Directory Lightweight Directory Services (AD LDS), formerly known as Active Directory
Application Mode (ADAM),[13] is a light-weight implementation of AD DS. [14] AD LDS runs as
a service on Windows Server. AD LDS shares the code base with AD DS and provides the same

11
functionality, including an identical API, but does not require the creation of domains or domain
controllers. It provides a Data Store for storage of directory data and a Directory Service with an
LDAP Directory Service Interface. Unlike AD DS, however, multiple AD LDS instances can run
on the same server.
 Certificate Services
Active Directory Certificate Services (AD CS) establishes an on-premises public key
infrastructure. It can create, validate and revoke public key certificates for internal uses of an
organization. These certificates can be used to encrypt files (when used with Encrypting File
System), emails (per S/MIME standard), network traffic (when used by virtual private
networks, Transport Layer Security protocol or IPSec protocol).
AD CS predates Windows Server 2008, but its name was simply Certificate Services.
AD CS requires an AD DS infrastructure.
 Federation Services
Active Directory Federation Services (AD FS) is a single sign-on service. With an AD FS
infrastructure in place, users may use several web-based services (e.g. internet
forum, blog, online shopping, webmail) or network resources using only one set of credentials
stored at a central location, as opposed to having to be granted a dedicated set of credentials for
each service. AD FS's purpose is an extension of that of AD DS: The latter enables users to
authenticate with and use the devices that are part of the same network, using one set of
credentials. The former enables them use this same set in a different network.
As the name suggests, AD FS works based on the concept of federated identity.
AD FS requires an AD DS infrastructure, although its federation partner may not.
 Rights Management Services
Active Directory Rights Management Services (AD RMS, known as Rights Management
Services or RMS before Windows Server 2008) is a server software for information rights
management shipped with Windows Server. It uses encryption and a form of selective
functionality denial for limiting access to documents such as corporate e-mails, Microsoft
Word documents, and web pages, and the operations authorized users can perform on them.

12