Working group domain lesson microsoft. How to fix a domain or workgroup

We have already mentioned working groups and domains. Let's see how these two models fundamentally differ. networking on Microsoft networks.

Working group Is a logical grouping of computers under a common name to facilitate navigation within a network. It is fundamentally important that every computer in the workgroup equal(i.e., the network turns out to be peer-to-peer) and maintains its own local Security Accounts Manager (SAM) database.

This leads to the main problem that does not allow the use of working groups in large corporate networks... Indeed, if we recall that the entrance to the protected system is mandatory, and the direct and network inputs are fundamentally different (direct local computer, and network - remote), then, for example, a user logged into the Comp1 computer under the local user1 account will be denied access to the printer installed on the Comp2 computer, since there is no user named User1 in its local database (Fig. 9.1). Thus, to ensure "transparent" interaction in the working group, it is necessary create the same accounts with the same passwords on all computers, where users work and resources are located.

Windows XP Professional for Workgroups provides special treatment: "Use simple general access to files ", which allows you to bypass the specified problem (this mode is enabled by default). In this case, connect to any network computer is carried out on behalf of its local guest account, which is enabled with Network Setup Wizards(it is disabled by default) and for which the required access level is configured.

For Windows XP Home Edition, this method of networking is the main one and cannot be disabled (therefore, computers with this OS cannot be made members of the domain).

It is clear that it is possible to manage accounts and resources in a workgroup only with a small number of computers and users. IN large networks domains should be used.

Domain is a logical grouping of computers united by a common database of users and computers, security policy and management.

Domains are created on the basis of Windows network OS, and the database, as we said, is supported domain controllers. It is important in domains that all computers here do not perform user verification themselves at logon, but delegate this procedure to controllers (Fig. 9.2). This organization of access makes it easy to perform a one-time verification of a user when logging on to the network, and then, without verification, grant him access to the resources of all computers in the domain.

Hello dear readers of the blog site. This blog post has a detailed one. After or while reading this publication, I advise you to familiarize yourself with that article in order to get a complete picture. I also advise you to familiarize yourself with my publications on the topic of what and means.

Today we have a question on our agenda - what is domain or Domain name (in fact, these are synonyms). Well, it's actually simple here. This is the name for the site, which is assigned to him instead of the hard-to-remember IP address of the server on which this site is hosted (see). Enter this name in the address bar of your browser and the site opens.

But it is in the details that the difficulties arise. What they are, how it all works, what domain zones are, how to understand which level domain and which of them can be registered, where it can be done and which zone to choose. There are many questions and I will try to answer everything in this "small note".

What is a domain?

As I mentioned above, domain is the name for the site..162.192.0. And besides, imagine the situation. You have placed the site on the hosting server (see above for what it is) and received an IP address. But moving to a different hosting IP will change, which will cause disaster. But in the case of domain names, this will not happen. Why?

The fact is that there are thousands of DNS servers (domain name systems) on the Internet, which will state that the site's domain is available at the IP address 108.162.192.0. If I move to another hosting, I will go to the panel of the domain name registrar (where I bought it), change something and in all DNS servers Internet, it will be written that the site must be searched for at a different IP address. Convenient, right?

Convenient, but probably not yet clear. The main thing to understand is the name for the site is a very important thing and it is for life (as a rule, although you can, if you wish, transfer the site to another domain, it is not easy). As you name the boat, so it will float. True, not only the name is important, but also the level of the domain, as well as the zone to which it belongs. Again, not clear? Well, let's go in order.

How a domain name works

Let's start with the basics. The domain record (site name) must include all levels of nesting of the domain (all the zones it belongs to) so that it is unique and there is no confusion.

There are two main domain name recording rules:

1. The zones that this domain belongs to are listed from right to left.
2. Dots are used as separators.

It may look like this, for example:

Net.blog.site

We get the fourth-level domain net, which is part of the third-level domain zone "blog", which is part of the second-level zone "ktonanovenkogo" belonging to the first-level.ru zone. Nonsense, right? (my spouse, checking errors in the article, will be happy to confirm this).

What domain levels distinguish

1. Root domain(level zero) is considered to be an empty entry, denoted simply by a period (.). In theory, the full domain name record should always end with a dot, but in most cases it is omitted (as if meaning) and instead of the record: site.

   They use the already well-established relative domain notation (without a dot at the end):

2. This is followed by the first level - this is usually regional(national) domains (.ru, .su, .ua, .us, .de, .fr, etc.) or thematic(.com, .edu, .org, .net, etc.). But there are also first-level domain names that include national alphabets(for example, .рф).
3. Second level- these are the same domains that we are with you buy(we register with special registrars). Prices for them differ not only depending on belonging to one or another first-level domain (for example, buy xxxxxxx.ru cheaper, as a rule, than xxxxxxx.com), but also depending on the registrar (or its reseller - retailer).
4. Third, fourth, etc. - they no longer need to be bought (as a rule) and can be created independently (without registering anywhere) on the basis of the purchased second-level domain. For example, I can create such a name for a new site - forum..forum ..

Let's explain it all again For example:

1. ... (dot) - zero (root) level domain
2. ru - the first level, also called domain top level or zone
3. site - second level domain name
4. blog.site - third level domain
5. net.blog.site - fourth level

Top (first) level domains

Except for the zero level (root - root domain), because this is emptiness, then the so-called zones or top level domains(it is with them that the name of any site begins, although it seems that it ends with them - but not the essence). They cannot be bought by an ordinary person, but it is from these zones that we will choose when buying a second-level domain (a name for our website).

So what are they:

1. Domains of the first (top) level, assigned to countries, which are usually called by the abbreviation Cctld, which stands for country code top-level domain among helluva smart people. Russia has as many as two of them:
   1. su - a rudiment left over from Soviet Union and now representing the space of resources in Russian
   2. ru - originally assigned to Russia
2. Domains with national alphabets, which are usually denoted by the abbreviation Idn (internationalized domain name). In Russia, it is a zone. In fact, their names are still written in English characters (re-encoding takes place), but this is, as it were, hidden from view. However, if you enter the address in the browser: http: //ktonnovaenkogo.rf/

   and after going to this site copy its address from address bar, then you will get absolutely indigestible nonsense:

   Http: //xn--80aedhwdrbcedeb8b2k.xn--p1ai/ So it turns out that it looks unpleasant. And it is in this form that it will have to be added to different services (such as), and not in the form of a new one.rf. This must be taken into account. Other problems are also possible, although at first they are not obvious.

3. Upper common domains, usually with Gtld, which means generic top-level domain, are registered (sold) regardless of the country where the webmaster lives. The most commonly used ones:
   1. .com - for commercial projects
   2. .org - for non-profit sites of various organizations
   3. .net - for projects related to the Internet
   4. .edu - for educational institutions and projects
   5. .biz - commercial organizations only
   6. .info - for all information projects
   7. .name - for My Sites
   8. .gov - for US government agencies

How and where you can register (buy) a domain in top-level zones

Second-level domain names, as a rule, cannot be obtained just like that (and it is better not to try, because the name for the site is too important to risk registering it from someone else). They cost money. Moreover payment is made per year, and then the domain lease needs to be renewed.

Once again I will draw your attention - buy second level domain names, and all that is above - you can create yourself on their basis. This is usually done in the panel of your hoster in the subdomains section - these are domains of the third and higher level, such as blog..blog.site.

There are not so many such companies ( striking examples can serve RegRu and WebNames), but they may have a whole network of resellers (partners) who will be engaged in the selection and sale of domains on their behalf. If the current reseller does not satisfy you with something or you have some tension with it, then by contacting the registrar, you can choose another reseller or go directly under the wing of the registrar.

At all with no restrictions You can buy domains in the public zones ..com, .net, .org, .info, .biz, and .name. In the .edu, .gov and.mil zones, such an opportunity is provided only for institutions, as well as educational and military institutions of the states. There are also a number of specialized first-level domains, for example, .travel, .jobs, .aero, .asia.

Second-level domain names in these public zones can be bought from any registrar(not only national), which, in fact, is used by some resources that may have conflicts with copyright holders. The same torrents were forced to move to the public zone org, because in the national domain zone ru its resource was blocked.

Second Level Domains - Checking for Occupancy and Whois

About half a billion domain names have already been registered on the Internet in various zones, so choosing a good (short, simple, sonorous) name in the required zone is now quite not an easy task(just as hard). A third of the registered names are not used at all, because they were bought for resale (successful domains can be expensive on the secondary market - sometimes many millions of dollars).

Checking a domain name for availability

Therefore, the first thing to do when choosing a suitable domain for a website is. This can be done with different registrars (the result will be the same, because they use a common database).

Therefore, when viewing domain information in the so-called whois records, you can find there your personal data, which you had to indicate during registration. In my opinion, it is better to hide this information, because there are enough dashing people on the Internet (although, if you need problems out of the blue ...).

Domain name history and purchase of vacated domains

The history of domain ownership can be traced in the so-called. There you can clearly see what kind of sites were ever hosted on this domain name, what they were like and whether their history will affect the initial attitude. search engines to your site.

Below are the released in this moment domains(for a detailed view, click on the price):

Good luck to you! See you soon on the pages of the blog site

You may be interested

Free domain for a website - where to get and how to register a domain name for free on Freenom WHOIS services- information about the domain (whose it is, what is its age and history, when it is released) or IP address TOP 3 best free website hosting
Checking for employment and buying a domain name, how domain registrars and resellers differ, and what is WHOIS Checking a domain for availability or how to choose a free domain name for a website
MegaIndex Cloud and Bar - free cloud hosting and SEO extension for browsers, as well as other services from MegaIndex
Buying a domain (domain name) on the example of the registrar Reghouse
cPanel - creating and working with databases, adding subdomains and multidomains, as well as parking them
Free online service on the selection of beautiful and free domains for registration (Frishki.ru) How to register a domain (buy a domain name from a registrar)
Hostiman - free hosting from PHP support and MySQL plus a website builder and dozens of CMS with auto installation

Domains and workgroups can be present in the structure of computer networks. What are they?

What is a domain?

Under domain it is customary to understand a fairly large group of computers united in one LAN or through several connected LANs, as well as having access to a wide range of various resources and network interfaces (allowing to organize the exchange of files, streams, arrays, to implement joint access to them).

The main features of domains are as follows:

1. in the structure of domains, dedicated servers are provided that perform basic computing functions and are designed to manage network resources;
2. management of access settings of computers to certain parts of the network included in the domain can be carried out centrally - using servers;
3. a user with a login that is bound to a domain (or access rights) can connect to the network from any PC that interacts with the corresponding domain.

The domain may include great amount computers are common if there are thousands of them. At the same time, their individual groups may belong to different LANs, and, despite this, the domain will be functional.

Servers that are domain masters tend to be significantly more powerful than the average PC connected to a domain. Any of those operating systems that are optimal for solving specific tasks provided by the domain owner - and it may differ significantly from that installed on PCs that are not servers.

When using VPN standards and similar ones, users can connect to domains formed locally from virtually any other networks that physically have access to the corresponding resources. The Internet works according to this principle - when a large number of PCs located in different countries world, can, having connected to a specific domain, receive various resources from it.

What is the working group?

Under working group it is customary to understand a relatively small-scale computer network, created mainly for the purpose of providing shared access of its PCs to various files(however, at the same time, the fundamental possibility remains for the exchange of the corresponding files).

Working groups are characterized by the following features:

• all PCs included in the workgroup are united within the most often peer-to-peer network (it does not have dedicated servers, and, as a rule, it is also impossible to use one PC to manage key resources of other computers or the network as a whole);
• access to the corresponding network is usually possible only on condition that the PC operating system is loaded from a specific login (user account), for which given access open and configured.

The size of a working group usually does not exceed several dozen PCs. It is important that they all be united within a common LAN or subnet - so that the corresponding infrastructure is sufficiently stable.

Comparison

The main difference between a domain and a workgroup is how resource management is implemented in the network infrastructure of the first and second types. So, for home networks, where a particularly intensive exchange of data is not expected, the use of work groups is typical. In corporate (for which such tasks are inherent), domains are used, as a rule. The interaction of computers in large-scale networks - such as the Internet - is almost always carried out using domains.

A team is usually much easier to form than a domain. Interfaces of modern operating systems allow even an inexperienced user to solve this problem. All you need to do is connect the PC physically using a cable or switch (as an option - in wireless mode, via Wi-Fi), as well as configure the network infrastructure using the built-in software tools operating system.

Domain creation is usually more complicated. It presupposes, first of all, the presence of servers with sufficient performance, their detailed configuration, and possibly the installation of a suitable network operating system. You will also need to implement in the domain infrastructure the function of authenticating the rights of those users who connect to the network.

The security of computers included in the working group, as a rule, is implemented by installing anti-virus software and other auxiliary programs on each of them. In the case of a domain, PC security can also be implemented by installing intranet interfaces that allow monitoring various threats and preventing them from spreading over the network.

Domains are usually much easier to scale, allowing everyone to connect to them. more new users (including those outside local network, in which the main domain server is located, as an option - via the Internet). All that is needed is to provide new users with the information required to log in to the domain, or configure its servers so that they recognize and connect certain user groups automatically.

In turn, adding a new user to a workgroup is usually more time consuming. It may be necessary to configure each of the connecting computers separately, to determine the access rights for the corresponding PCs, to make sure that the anti-virus and other auxiliary software installed on them is effective.

Having determined what is the difference between the domain and the working group, we will record the conclusions in a small table.

Table

A - streams in user space

B - threads in kernel space

In case A, the kernel knows nothing about threads. Each process needs a thread table similar to the process table.

Case A benefits:

Such multithreading can be implemented on a kernel that does not support multithreading.

Faster switching, creation and termination of streams

A process can have its own scheduling algorithm.

Disadvantages of case A:

No timer interrupt within one process

When using a blocking system request (the process is put into standby mode, for example: reading from the keyboard, but no data arrives), all other threads are blocked.

Complexity of implementation

Multiplexing user threads in kernel threads

2.2.5 Windows implementation specifics

Four concepts are used:

Job - a set of processes with total quotas and limits

• Fiber - lightweight flow controlled entirely in user space

Threads run in user mode, but switch to kernel mode on system calls. By switching to kernel mode and back, system performance is very slow. Therefore, the concept of fiber was introduced. Each stream can have multiple fibers.

Lecture 2. OS of workstations and servers. Working groups and domains. Active Directory. The main servers and services on the enterprise network.

Working groups and domains.

Domain is a logical grouping of computers on a network that share a central directory database. The directory database contains user accounts and security policy information for the domain. This database is called the directory and is part of the Active Directory database, which is the Windows directory service.

In a domain, the directory is hosted on computers - domain controllers. A domain controller is a server that coordinates all security settings for user-domain interactions and centralizes administration and management of security policies.

You can only designate a computer on one of the Microsoft series platforms as a domain controller Windows Server 2000/2003/2008. If all computers on the network are running on Windows platform XP / Vista / 7/8, then the only available network type will be a working group. In what follows, in the lecture notes, for brevity, we will call all server versions Windows Server, and the operating systems of Windows XP / Vista / 7/8 workstations - Windows for workstations.

A domain is not related to a location on a network or a specific type of network configuration. Computers in a domain can be located side by side on a small local area network (LAN), or be located in different parts of the world. They can communicate with each other over any physical connection, including telephone lines, ISDN lines, fiber optic lines, Ethernet lines, token rings, frame relay connections, satellite communications and leased lines.

Domain advantages obvious:

Centralized administration, because all user information is stored in one place;

One-time user registration to gain access to all network resources (files, printers and programs) with the required access rights. In other words, you can log on to one computer on the network and use the resources of another computer, provided that you have the appropriate access permissions;

Scalability, which allows the creation of very large networks.

The types of computers that a typical Windows domain includes are listed below.

Domain controllers on a Windows Server platform. Each domain controller maintains and maintains a copy of the directory. On the domain, you create a single user account that Windows writes to the directory. When a user logs on to a domain computer, the domain controller authenticates the user by checking the directory for his account, password, and login restrictions. There can be multiple domain controllers in a domain, and they periodically exchange data from their copies of the directory.

Server with no controller status in a specific domain. The member server does not maintain a directory and is unable to authenticate users. Member servers share network resources such as shared folders or printers.

Client computers on the platform Windows XP / Vista / 7/8 or any other operating system Microsoft not used as a server. Client computers are desktop systems users who provide users with access to domain resources.

Windows workgroup - a logical grouping of networked computers that share shared resources such as files and printers.

A workgroup is also called a peer-to-peer network because all computers in it can use shared resources on an equal basis, that is, without a dedicated server.

Each computer in a workgroup only maintains its own local security database. This database is a list of user accounts and information about access rights to resources on the computer where it resides. Therefore, using the local computer security policy database decentralizes the administration of user accounts and resource access policies in the workgroup.

Note: A workgroup, along with computers running the client OS, can include computers running Microsoft platforms such as Windows Server, unless, of course, it is configured as a domain controller. In a workgroup, a Windows Server-based computer is called a stand-alone server.

Because workgroups decentralize administration and resource access policy, the following statements are true: the user must have an account on each computer that he wants to access; Any changes to user accounts, such as changing their password or creating a new account, must be done on each computer in the workgroup.

If you forget to register a new account on one of the computers in your workgroup, then the new user will not be able to access this computer and its resources.

The working group has the following advantages:

It does not require a domain controller to be connected to the network to store centralized security policy information;

It is easy to design and operate. Unlike a domain, it does not require large-scale planning and administration;

It is a convenient networking environment for a small number of computers located not too far apart.

Lecture 3 Creature and managing user and computer accounts (in the domain)

User account Is a record that contains information necessary to identify a user when connecting to the system, as well as information for authorization and accounting. (difference between identification and authorization?)

it username and password (or other similar means of authentication - for example, biometric characteristics). The password or its equivalent is usually stored encrypted or hashed (for security purposes).

To increase the reliability, along with the password, alternative means of authentication can be provided - for example, a special Secret Question(or several questions) of such content that the answer can only be known to the user. Such questions and answers are also stored in the account.

The account may contain the following additional personal data about the user:

• patronymic;

  pseudonym (nickname);

  nationality;

  race;

  creed

  blood group;

  Rh factor;

• date of birth;

  E-mail address;

  home address;

  work address;

  netmail address;

  home phone number;

  work phone number;

  Telephone number;

  ICQ number;

  Skype ID, IRC nickname;

  other contact information for instant messaging systems;

  address home page and / or a blog on the Internet or intranet;

  information about a hobby;

  information about the circle of interests;

  family information;

  information about past illnesses;

  information about political preferences;

  and much more

An account can also contain one or more photos or user avatars. Account the user can also take into account various statistical characteristics of the user's behavior in the system: the age of the last login to the system, the duration of the last stay in the system, the address used when the computer was connected, the intensity of system use, the total and (or) specific number of certain operations performed in the system, and so on. Further.

» domains and workgroups - what is it

The Windows Server 2003 operating system and classic Windows NT use two terms that are not related to each other but are often problematic for
administrators: "domains" and "workgroups". This is how these terms are defined.

• The domain is an element of the security system. Domain members pass
  authentication with dedicated servers which are called domain controllers.
• The working group is an element of the resource allocation system. Team members find each other using special servers called browsers.

Anyone who, like me, survived the Cold War will understand where the source of this confusion lies. Remember Khrushchev or Brezhnev? Each of them had unlimited power in the USSR, since each of them held two posts - the Chairman of the Supreme Soviet and the General Secretary of the Communist Party. Likewise, the Primary Domain Controller (PDC) makes domains and workgroups similar to each other, because the PDC stores both the security database and the browser database.

Using working groups

If you are installing a server that does not need to communicate with other servers, you can make it a stand-alone server that is a member of a workgroup. Clients in the same workgroup on the same IP subnet use the same browser to find the server. Users will be authenticated against the local SAM database on the server every time they connect over the network.
Even with a domain, it sometimes makes sense to set up isolated servers. For example, such a server could be installed within a DMZ, where computers do not need to send registration information back through the firewall.

Domain joining

If the server's authentication database is not strong enough, the server must be added to the domain. The server then becomes a member of the domain. Members of an Active Directory domain authenticate users using the Kerberos protocol. This allows for a high level of security and a fast authentication mechanism. In addition, this authentication mechanism contains authorization information that is required to create the user's local security context.
Classic Windows NT domain members authenticate users using the NT LanMan Challenge-Response protocol. This requires the server to have a direct line of communication with the backup domain controller.
In the operating room Windows system NT required administrator credentials to add a computer to the domain. In Windows Server 2003 (and Windows 2000), any authenticated user can add a computer to the domain. The ability to add computers to the domain is determined group policy for the Domain Controllers Organization Unit in Active Directory. By changing this group policy, you can limit the range of users who are allowed to add computers to the domain.