Homework Title/No.

Course Code :INT-502 Course Tutor(if applicable) Date of submission : 21-04-11

Course Instructor: lect.yash raj Goswami __________ Date of Allotment :____________________ Students Roll No. :A13 Declaration :

Section No. E2802

I declare that this assignment is my individual work. I have not copied from any other students work or from any other source except where due acknowledgement is made explicitly in the text,nor has any part been written for me by another person. Students Signature;- PANKAJ KUMAR Evaluators comments

Q1: How can you edit metabase file while running in IIS6.0? Ans: Edit the metabase file using a text-based program such as Notepad. Two methods of editing the metabase can be used: editing while the server is running and editing while the server is stopped. Editing While the Server Is Running.
In IIS Manager, right-click the local computer, and then click Properties. Select the Enable Direct Metabase Edit check box.

The Metabase History option must be enabled for 'edit-while-running' to be enabled. Since this option is enabled by default, it shouldn't be a problem. The Metabase History feature stores versioned copies of the metabase with each change saved on the hard disk. That way, if a catastrophic error occurs in the metabase file, you can easily restore it using an older version.Once edit-while-running is enabled, you can open the MetaBase.xml file with Notepad and make the appropriate changes. They will take effect immediately upon saving.

Q2: Describe the physical and logical structure of Metabase file. Also differentiate the Metabase.XML and MBSchema.XML. Ans: Physical Structure The first thing you should know is that there are actually two XML files that make up the metabase:
MetaBase.xml is the actual XML file that contains IIS configuration settings. MBSchema.xml is the schema that defines the XML elements of MetaBase.xml

and enforces their data types. Both of these files are found in %SystemRoot%\System32\Inetsrv and Administrators have Full Control permission to modify them. In fact, if edit-while-running is enabled then you can even edit MetaBase.xml while IIS is running, though you're actually editing an in-memory version of this file that is then flushed to disk within 5 minutes of any changes having been made . Logical Structure From a logical point of view, the structure of MetaBase.xml is that of a typical XML file with elements defined by tags. Here's a quick peek at the beginning of the metabase for a default installation of IIS.

This means you can view the logical structure of the metabase two ways:

 A key structure, starting with IIS_Global, then IIS_ROOT then IIsComputer and so on.

This is the way the metabase actually appears as you read through the XML. A location hierarchy, starting with . then / then /LM and so on. This is the way metabase properties are organized from an inheritance point of view, with directories inheriting properties of sites, which inherit properties of services, which inherit properties of servers MetaBase.xml file. This file stores IIS configuration information that is specific to an installation of IIS. whereas MBSchema.xml file. This file contains the metabase schema. The MBSchema .xmlfileis a master configuration file that defines default attributes for all metabase properties and enforces rules for constructing and placing metabase entries within the metabase. Q3: Write an example to describe an object for a key in the metabase file. Ans: The IIS ADSI objects are COM Automation objects that you can use within commandline scripts, ASP pages, or custom applications to change IIS configuration values stored in the IIS Metabase. For example, instead of using IIS Manager, you can write a script to set permissions for the AppRoot, LogType, and ConnectionTimeout properties in the metabase. For example, when using the IIsWebServer ADSI object to connect to the default Web site on your Web server, you create an instance of the IIsWebServer object whose properties, like Server Comment, contain the information seen above. The following VBScript code creates an instance of the IIsWebServer ADSI object that is connected to the default Web site on a machine named MachineName: Set IIsWebServerObj = GetObject("IIS://MachineName/W3SVC/1") Because modifying an IIS ADSI Object property changes the value of the corresponding metabase property, you can configure individual elements of IIS, such as the local machine (LM,) using the IIsComputer object; the FTP server (MSFTPSVC) using the IIsFtp* objects; the Web server (W3SVC) using the IIsWeb* objects; the Network News server (NNTPSVC) using the IIsNntp* objects; and the Simple Mail server (SMTPSVC) using the IIsSmtp* objects. Q4: Discuss the advantages of WMI editor over ADSI for changing metabase properties. Ans: WMI has some advantages over ADSI that make it a good fit for administration scripting. Query Support: WMI uses Structured Query Language (SQL) to select objects and properties. This is great, because you can write a detailed query that will select only the data that you want. When you create the object, you can use either the instancesof, which isnt supported with every WMI object, or you can use a SQL query; you then step through the query response to get your data.

Association:With WMI, you can select objects and properties that pertain to any number of items, instead of just the ADSI object to which you are linking. This allows you to write more powerful scripts that can affect multiple IIS components. Universally Supported:As stated earlier, Microsoft is building WMI support into all its products. WMI allows you to access data from and administer all your applications through a single interface. As other vendors start to use WMI, their programs data will appear in the WMI repository as well. User Interface Support:You can get a program from Microsoft called the WMI Object Browser. It is available as part of the WMI SDK version 1.0. When youre looking for specific objects so you can write scripts for them, the Object Browser is handy, because it lets you graphically drill down to the item youre looking for. With ADSI, you can look in the metabase to find key names, but thats about it. Q5: What are the services provided by Active Directory in Windows Server 2003? Ans: Active Directory the directory service included with Microsoft Windows is designed as a distributed network data store for information about computers, users, services, and applications. Directory-enabled services and applications can publish globally useful information, such as service availability and properties, in Active Directory. Active Directory management and user interfaces enable administrators and client processes to find and connect to the directory-enabled service as needed. Lightweight Directory Access Protocol Uses LDAP as its directory service Kerberos-based authentication DNS-based naming and other network information Central location for network administration and delegation of authority Information security and single sign-on for user access to networked based resources The ability to scale up or down easily Central storage location for application data Synchronization of directory updates amongst several servers

If you expand the Services node, you will see additional nodes that contain information for services running on your network: MsmqServices: Contains information pertaining to Microsoft Messaging Queue services. _NetServices :Contains information on various network services, such as DHCP Public Key Services: Manages certificate services RRAS: Contains information pertaining to Routing and Remote Access Services Windows NT :Contains information for domain-based services

Q6: Discuss the concept of NAT. How do you configure the Network Address Translation component in Windows Server 2003? Ans: Windows Server 2003 provides network address translation functionality as a part of the Routing and Remote Access service. NAT enables computers on small- to medium-sized organizations with private networks to access resources on the Internet or other public network. The computers on a private network are configured with reusable private Internet Protocol version 4 addresses; the computers on a public network are configured with globally unique IPv4 (or, rarely at present, Internet Protocol version 6 addresses. A typical deployment is a small office or home office (SOHO), or a medium-sized business, that uses Routing and Remote Access NAT technology to enable computers on the internal corporate network to connect to resources on the Internet without having to deploy a proxy server. Translation component The server running Routing and Remote Access on which NAT is enabled translates the IP addresses and TCP/UDP port numbers of packets that are forwarded between the private network and the Internet Configuration of NAT takes place from the Routing and Remote Access mmc found in the Administrative Tools folder in the Control Panel or on the start menu. The screenshot below shows the routing and remote access mmc. Select which interface you wish to configure and double click it. This will bring up the properties window giving you the option to change settings such as packet filtering and port blocking, as well as enabling/disabling certain features, such as the firewall. The remote router (set up previously) properties box is shown below. The NAT/Basic Firewall tab is selected.
You are able to select the interface type to specify what the network connection will be.

In my example I have selected for the interface to be a public interface connected to the internet. NAT and the basic firewall option have also been enabled. The inbound and outbound buttons will open a window that will allow you restrict traffic based on IP address or protocol packet attributes. As per your instructions, certain TCP packets will be dropped before they reach the client computer. Thus, making the network safer and giving you more functionality. This is useful if, for example, you wanted to reject all packets coming from a blacklisted IP address or restrict internal users access to port 21 (ftp). For further firewall configuration, go to the Services and Ports tab. Here you can select which services you would like to provide your users access to. You can also add more services by specifying details such as the incoming and outgoing port number.

 The list of services shown in the above screenshot are preset. Press Add to bring up the window that will allow the creation of a new service or select an available service and

press Edit to modify that service. You will be asked to specify the name, TCP and UDP port number and the IP address of the computer hosting that service.