CSED 431 takehome final -- shorter version Due: How about Tuesday, May 6? As before, please feel free to contact me with clarifications about any of these questions. Please cite your sources (provide the specific URL), but also summarize what the source says in your answer. Answer 1-4 and then *either* 5A or 5B. ================================================= 1. During our April 21 "lost admin password" lab, we reset the local machine Administrator account to have no password, using the Nordahl boot-CD to change the Windows SAM database. However, this didn't reset the Active Directory password, so we tried "privilege escalation": we logged in as the local Administrator (after booting with F8 and choosing an appropriate recovery mode), and then made a registry change so that instead of the usual logon screen saver, we'd get a cmd window instead. This cmd window ran with the privileges of the "local service" account (actually a "built-in security principal"). What else can this "local service" account do? What is it meant for? ================================================= 2. Suppose we've built a software RAID volume, as in our lab of March 31. For the sake of simplicity, assume each RAID piece is on a separate disk; we have disk1, disk2, disk3, and disk4. Now one of these disks, disk 4, has gone bad; it makes a loud grinding noise when it starts up, and it is not recognized by the system. You have another disk, disk5, available as a replacement. How do you activate it, so as to recover all the lost data? That is, the RAID set had been {disk1,disk2,disk3,disk4}, and now you want it to be {disk1,disk2,disk3,disk5}. ================================================= 3. How can you arrange for a given program to run when a user logs in? You can put something in Start=>Programs=>Startup, but that is very hard to edit or update centrally. Can you arrange for the programs listed in the file \\server1\stuff\runme.bat to run whenever a user logs in? Alternatively, can you find a group-policy solution? ================================================= 4. Suppose you provide online disk space, and have three servers, server1, server2, and server3. Each user's home directory is on one of these servers, eg: server1: alice, andy, sara, zelda server2: bob, brandon, walt, will server3: carly, dave, pedro, violet Outline how you would implement the following: One large DFS volume is created, containing all the home folders, and each user's individual home directory is mapped at logon to the H: drive. (You will have to decide whether the DFS share \\server1\homes has each user folder as an immediate subfolder, and how you would arrange that, or if instead you have folders \\server1\homes\homes1, homes2, and homes3, corresponding to server1...server3, and the users' folders as subfolders of those.) ================================================================================== ================================================================================== Answer *one* of the following: 5A. You want to make the printer "printer1" on server "server1" available to every machine, as their default printer. You are not using a domain. How can you do this? One way to set this up is to use a logon script. Give such a script (it shouldn't be elaborate; a simple .bat file is sufficient). If you need an account for this, you can either use an account with password and then embed that password in the script, or else use an account with no password and then, on server1, enable one of the following: Network Access: Let Everyone permissions apply to Anonymous Users Network Access: Shares that can be accessed anonymously (in Administrative Tools => Local Security Policy => Local Policies (folder) => Security Options ) ================================================= 5B. One of the options with patch installation under WSUS is to download the patches onto some sort of portable medium and then manually copy the files onto the local WSUS server (the theory here is to allow patching of networks that are completely offline). What are these files (eg .msi files? .exe?) Where do they go? How do they get recognized by the WSUS server?