System administration complete course from beginner to advanced | IT administrator full course

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

before we get started I want to congratulate you on making it to this point in the program you're halfway done just pretty incredible let's take a moment to think about all the skills you've learned in your journey so far you've learned the fundamentals of information technology from how binary works to the importance of user support in IT to even building your own computer you learned the fundamentals of computer networking and how the internet really works and finally you learned how to navigate the windows and linux operating systems managing processes and software in the command line like a true power user great work so far before we dive deep into systems administration's and infrastructure I'll take this opportunity to introduce myself or reintroduce myself but those who might remember me from way back in course one my name is Devin Shree Darin I've been working in IT for ten years I'm a corporate operations engineer at Google where I get to tackle challenging and complex IT issues thinking back my first experience with tech began when I was about nine years old when my dad brought home the family's first computer I remember my dad holding a floppy disk and telling me that there was a game on it to my dads amazement I somehow managed to copy the game from the disk onto the computer's hard drive while it may seem like a trivial task now this device was just so new to us back then sure I love the different games I could play but what I really loved was tinkering with the machine trying to get it to do what I wanted to do what that floppy disk and computer might have ignited my passion for technology it was actually my first few job experiences that really started to shape my IT career one Joe was in retail selling baby furniture and the other was at a postal store where I help customers ship their package and became the one person IT crew it might sound odd that working in retail inspired my career but I realized that I really enjoyed communicating with customers trying to understand their needs and offering a solution my first experience working directly in IT was in college as an IT support specialist intern from there I worked as an IT consultant to decommission an entire IT environment this was my first experience working directly with a large IT infrastructure and pushing myself outside my comfort level as a college student I bring these first few jobs for a reason these experiences helped my Korean IT I knew at that time that I wanted to go into tech but I struggled with where I wanted to focus my career starting at Google as an IT journalist allowed me to experience many different areas of technology it allowed me to figure out the jobs I didn't want to do and before I was able to identify exactly what I did want to do I'm really passionate about IT infrastructure this program is designed to help prepare you for roles in tech support desktop support or at a helpdesk but it doesn't stop there in this course we're going to open up an even wider net of possibilities in IT by teaching you the skills you need to manage computers for a whole organization if you're working in a small organization you might need to do this from day one if not stretching your skill set will make you stand out in the field and prepare you for potentially taking on this work further on in your career in this course we're gonna build upon what you learned in the operating systems course by teaching you system administration skills and a high level system administration is the field in IT that's responsible for maintaining reliable computer systems in a multi-user environment while systems administration responsibilities can overlap with other roles in IT a person who works only in system administration is colorist Systems Administrator systems and Mintz traders have a diverse set of roles and responsibilities they can range from configuring servers monitoring the network provisioning or setting up new users and computers and more think of system administrator as a tech generalist they handle many different things to keep an organization up and running it's actually very similar to how IT support specialists work you need to apply a diverse set of tech skills in different situations to help solve problems in an organization as an IT support specialist doing systems administration tasks might be part of the job so we're going to introduce the skills and knowledge you need to manage organizations and systems to keep your skills well-rounded by the end of this course you'll learn what services are used in IT infrastructure you will also learn about essential user software for your organization and how to imagine entire organizations users and computers using directory services finally you'll learn the skills you need to backup your organization's data and recover it in the case of a disaster all right it's time to get started so let's die you before we can get into the nitty-gritty of what systems administration is we need to talk about what these systems are organizations don't just run on their own employees need computers along with access to the Internet to reach out to clients the organization website needs to be up and running the files have to be shared back and forth and so much more all of these requirements make up the IT infrastructure of an organization IT infrastructure encompasses the software the hardware network and services required for an old station to operate an enterprise IT environment without 19:4 structuring employees wouldn't be able to do their jobs and the whole company will crumble before it even gets started so organizations employ the help of someone like a Systems Administrator to manage the company's IT infrastructure system administrators or as we like to call them sis admins are the unsung here as an organization they work in the background to make sure a company's IT infrastructure is always working constantly fighting to prevent IT disasters from happening notice all of the really hard work that sis admins put in so show a little appreciation for your sis admin by celebrating system administrator appreciation day worldwide yes that's a real thing in all seriousness sis admins have a lot of different responsibilities any company that has an IT presence needs a sysadmin or someone who handles those responsibilities the role of a sysadmin can vary depending on the size and organization as an organization gets bigger you need teams of sis admins their responsibilities may be separated out into different roles with job tiles like network administrators and database administrators companies like Facebook and Apple don't have a single person running the IT show but in smaller companies it's usually a single person who manages an entire company's IT infrastructure in this course will focus on how just one person you can't single-handedly managing IT infrastructure you learn the skills you need to manage an organization of less than hundred people as a sole IT person as you start to scale up to large organizations you also need to level up your knowledge of systems administration you need to pick up skills that allow you to automate workflows and manage configurations or computer settings automatically don't worry we'll discuss how to do this in an upcoming course and Automation right now let's focus on systems administration in a small organization in the next couple of lessons we're gonna talk in detail about the responsibilities of a sysadmin and how that relates to a role of an IT support specialist who handles system administration you basically a sysadmin is responsible for their company's IT services employees need these IT services so that they can be productive this includes things like email file storage running a website and more these services have to be stored somewhere they don't just appear out of nowhere any thoughts on where they're stored if the answer servers you're correct we talked about servers in an earlier course and you've learned that the term servers can have multiple meanings in one course we discussed how servers have web content that they serve to other computers in another course we talked about how service can be software that perform a certain function in this video we're going to talk about service more in depth because in many cases sis admins are responsible for maintaining all of the company's servers if you're working as an IT support specialist and have systems administration responsibilities these tasks could be something you'll perform a server is essentially software or a machine that provides services to other software or machines for example a web server stores and serves content to clients through the internet you can access the web server through a domain name like Google calm would dive deeper into web servers in the later course right now let's run down some other examples of servers an email server provides email services to other machines and an SSH server provides SSH services to other machines and so on and so forth we call the machines that use the services provided by a server clients clients request the services from a server and in turn the servers respond with these services a server can provide services to multiple clients at once and a client can use multiple servers any computer can be a server I can start up a web server on my home computer that would be able to serve my own personal website on the internet for me but I don't really want to do that because I have to leave my computer on all the time in order for my web site to be available all the time industry standard servers are typically running 24/7 and they don't run on dinky little hardware like my home laptop they run on a really powerful and reliable hardware server hardware can come in lots of different forms they can be towers that sit upright that look very similar to the desktops we've seen those towers can be put in a closet or can sit on the table if you want them to but what if you needed to have 10 servers the towers would start taking up way too much space instead you can use rack servers which lay flat and are usually mounted in a 90 inch wide server rack if you needed even more space you could use blade servers that are even slimmer than racks there are other types of form factors for servers but these are the most common ones you can also customize the hardware on your service depending on the services for example on a file server you'll want more storage resources so that you can store more files what about connecting to our servers working in a small IT organization you could potentially deal with a handful of servers you don't want to have a monitor keyboard and a mouse but each of these servers do you fortunately you don't have to thanks to something we learned in an earlier course we can remotely connect to them with something like SSH even so you should always have a monitor keyboard on hand sometimes when you're working your network might be having issues an SSH won't be an option a common industry practice is to use something known as a KVM switch KB M stands for keyboard video and mouse a KVM switch looks like a hub that you can connect multiple computers to and control them using one keyboard mouse and monitor you can read more about using KB M's in the next supplemental reading okay now that we've got a better understanding of servers and what they do you can go out and start buying server hardware and setting up services for your organization or maybe not you don't actually have to buy your own server hardware or even maintain your own services in the next video we're to learn about a wave of computing that's starting to overtake the IT world cloud computing see you there you oh the cloud the magical wonderful cloud that you hear about in the news that moves data across the white fluffy wonders in the sky the magical cloud dispersed bits of data across in the world in itty-bitty raindrops right no that's not how the cloud works at all but you'd be surprised how many people believe that there's no doubt you've heard the term cloud in the news or from other people your photos are stored in the cloud your email is stored in the cloud cloud computing is the concept that you can access your data use applications store files etc from anywhere in the world as long as you have an internet connection but the cloud isn't a magical thing it's just a network of servers that store and process our data you might have heard the word data center before a data center is a facility that stores hundreds if not thousands of servers companies with large amounts of data have to keep their information stored in places like data centers large companies like Google and Facebook usually own their own data centers because they have billions of users that need access to their data at all times smaller companies could do this but usually rent out parts of a data center for their needs when you use the cloud service this data is typically stored in the data center or multiple data centers anywhere that's large enough to hold the information of millions maybe even billions of users it's easy to see why the cloud has become a popular way of computing in the last few years now instead of holding on to terabytes of storage space on your laptop you can upload that data to a file storage service like Dropbox which stores that data in a managed location like a data center the same goes for your organization instead of managing your own servers you can use internet services that handle everything for you including security updates server hardware routine software updates and more but with each of these options come a few drawbacks the first is cost when you buy a server you pay upfront for the hardware that way you can set up your services like a fall storage at potentially very little cost because you're the one managing it when you use internet services like box Dropbox that offer file storage online the starting cost may be smaller but in the long-term costs could add up since you're paying a fixed amount every month when comparing the cost of services always keep in mind what a subscription could cost you for every user in your organization weigh that against me in maintaining your own hardware in the long term and then make the decision that works best for your organization the second drawback is dependency your data is beholden to these platforms if there's an issue with the service someone other than users responsible for getting it up and running again that could cost your company precious lots of productivity and data no matter what method you choose remember that you're still responsible for the problems that arise when there's an issue if Dropbox is having an issue with your important user data it's still your problem and you have to get it working again no matter what to prevent a situation like that from popping up you might consider backing up some critical data in the cloud and on a physical disk that way if one system goes down you have another way to solve the problem whether you choose to maintain physical servers or use cloud services these are the type of things you need to think about when providing services to your company in the next couple of lessons we're gonna talk about some of the other responsibilities of the sysadmin we'll give you a high-level overview of these then dive even deeper later in this course you in a small company and usually assists Abney's responsibility to decide what computer policies to use in larger companies with hundreds of employees or more this responsibility usually falls under the chief security officer but in smaller businesses or shops as the IT lingo goes the sysadmin has to think carefully about computer security and whether or not to allow access to certain users there are a few common policy questions that come up in most IT settings that you should know should users be allowed to install software probably not you could run the risk of having a user accidentally install malicious software which we'll learn about in the upcoming course in security should users have complex passwords at certain requirements it's definitely a good rule of thumb to create a complex password that has symbols random numbers and letters a good guideline for a password length is to make sure it has a minimum of 8 characters that make it more difficult for someone to crack should users be able to view none work-related websites like Facebook that's a personal call some organizations prefer that their employees only use their work computer and network strictly for business but many allow other uses so their employee can promote their business or goods on social media platforms stay up to date on current events and so on it would definitely be a policy that you and new organizations leaders can work out together if you hand out a company phone to an employee should you set a device password absolutely people lose their mobile devices all the time if a device is lost or stolen it should be password-protected at the very least so that someone else can easily view company emails will dive way deeper into the broader impact and implications of security and organizational policies in the security course that's last up in this program these are just a few of the policy questions that can come up whatever policies are decided upon have to be documented somewhere as you know from our lesson on documentation in the first course it's super critical to maintain good documentation if you're managing systems you'll be responsible for documenting your company's policies routine procedures and more you can store this documentation on an internal wiki site file server software wherever the takeaway here is that having documentation of policies readily available to your employees will help them learn and maintain those policies you we've talked a little bit about the services that are potentially used in an organization like file storage email web content etc but there are many other infrastructure services that you need to be aware of as an IT support specialist doing system administration you'd be responsible for the IT infrastructure services in your organization spoiler alert there are a lot of them ahead as always make sure to re-watch any lessons if you need some more time for the material to sink in rome wasn't built in a day you know and neither our IT support specialists so how about getting network access that's a service that needs to be managed what about secure connection to websites and other computers you guessed it that's also a service that has to be managed and matching services doesn't just mean setting them up they have to be updated routinely patched for security holes incompatible with the computer within your organization later in this course we'll dive deeper into the essential infrastructure services that you might see in an IT support specialist for all you another responsibility sis admins have is managing users and hardware sysadmin x' have to be able to create new users and give them access to their company's resources on the flip side of that they also have to remove users from an IT infrastructure if users leave the company it's not just user accounts they have to worry about sis admins are also responsible for user machines they have to make sure a user is able to log in and that the computer has the necessary software that a user needs to be productive sis admins also have to ensure that the hardware at their provisioning or setting up for users is standardized in some way we talked in an earlier course about imaging a machine with the same image this practice is industry standard with dealing with multiple user environments not only do sis admins have to standardize settings on a machine they have to figure out the hardware lifecycle of a machine they often think of the hardware lifecycle of a machine in their literal way when was it built when was it fresh shoes did the organization buy it brand new or was it used who maintained it before how many users have used it in the current organization what happens to this machine if someone needs a new one these are all good questions to ask when thinking about an organization's technology sis admins don't want to keep a 10 year old computer in their organization or maybe they do even that's something they might have to make a decision on there are four main stages of the hardware lifecycle procurement this is the stage where hardware is purchased or reused for an employee deployment this is where hardware is set up so that the employee can do their job maintenance this is the stage where software is updated and hardware issues are fixed if and when they occur retirement in this final stage Hardware becomes unusable or no longer needed and it needs to be properly removed from the fleet in a small organization a typical hardware life cycle might go something like this first a new employee is hired by the company Human Resources tells you to provision a computer for them and set up their user account next you allocate a computer you have from your inventory or you order a new one if you need it when you allocate Hardware you may need to tag the machine with the sticker so that you can keep track of which inventory belongs to the organization next you image the computer with the base image preferably using a streamlined method that we discussed in our last course operating systems in you next you name the computer with the sanitized hostname this helps with managing machines more on that when we talk about directory services later regards to the name itself we talked about using a format such as username - location but other host name starters can be used check out the supplemental reading to find out more after that you install software the user needs on their machine then the new employee starts and you streamline the setup process for them by providing instructions on how to log into their new machine get email etc eventually if the computer sees a hardware issue a failure you look into it and think through the next steps if it's getting too old you have to figure out where to recycle it and where to get new hardware finally if a user leaves the company you'll also have to remove their access from IT resources and wipe the machine so that you can eventually reallocate it to someone else Imaging installing software and configuring settings on a new computer can get a little time-consuming in a small company you don't do it often enough where it makes much of a difference but in a larger company a time-consuming process just won't cut it you have to learn automated ways to provision new machines so that you only spend minutes on this and not hours luckily for you we discussed how to do this in the next course of IT automation see we got you covered you when you manage machines for a company you don't just set it and forget it you have to constantly provide updates and maintenance so that they run the latest secure software when you have to do this for a fleet of machines you don't want to immediately install updates as they come in that would be way too time-consuming instead to effectively update and manage Hardware you do something called batch update this means that once every month or so you update all your servers with the latest security patches you have to find time to take their services offline perform the update and verify that the new update works with the service you also don't have to perform an update every single time a new software becomes available but it's common practice to do batch updates for security updates and very critical system updates and the security course we dive deeper into security practices but a good guideline is to keep your system secure by sawing the latest security patches routinely staying on top of your security is always a good idea you not only do sis admins in a small company work with users and computers they also have to deal with printers and phones too whether your employees have cell phones or desk phones their phone lines have to be set up printers are still used in companies which means they have to be set up so employees can use them sis admins might be responsible for making sure printers are working or if renting a commercial printer they have to make sure that someone can be on-site to fix it what if a company's fax machine isn't working if you don't know what a fax machine is that's not totally surprising they've been slowly dying since the invention of email fax machines are still alive and kicking at companies and they're a big pain to deal with sis admins could be responsible for those two video audio conferencing machines yep they're probably need to handle those two in an enterprise setting sis admins have to procure this Hardware one way or another working with vendors or other businesses to buy hardware is a common practice setting up businesses accounts with vendors like hewlett-packard Dell Apple etc is usually beneficial since these companies can offer discounts to businesses these are things that sysadmin have to think about it's typically not scalable just to go out and purchase devices on Amazon although if that's what's decided they could do that to you sis admins must be sure to weigh their option before purchasing anything they need to think about hardware supply so if a certain laptop model isn't used anymore they need to think of a suitable backup that works with their organization price is also something to keep in mind they will probably need formal approval from their manager or another leader to establish this relationship with a vendor it's not just technical implementations of hardware that societies have to consider it's so many things you we talked about troubleshooting a lot in an earlier course but it's worth mentioning again when you're managing an entire IT infrastructure you'll constantly have to troubleshoot problems and find solutions for your IT needs this will probably take up most of your time as an IT support specialist this could involve a single client machine from an employee or a server or service that isn't behaving normally some folks who start their careers in IT support deepen their knowledge to become system administrators they go from working on one machine to multiple machines for me I made the leap during my internship as an IT support specialist in college at a semiconductor lab the lab ended up closing and they needed help deprecating the environment so what start is an IT Help Desk support quickly transition to a sysadmin role that opportunity was my golden ticket to download into Active Directory subnetting and decision making which is a core part of this job sis admins also have to troubleshoot and prioritize issues at a larger scale if a server that sysadmin managed stop providing services to a thousand users and one person had an issue about the printer which do you think would have to be worked on first whatever the scenario there are two skills that are critical to arriving at a good solution for your users and we already covered them in an earlier course do you know what they are the first is troubleshooting asking questions isolating the problem following the cookie crumbs and reading logs are the best ways to figure out the issue you might have to read logs from multiple machines or even for the entire network we talked about centralized logging a little bit in the last course on operating systems and new becoming a power user if you need a refresher to how centralize logging works check out the supplemental reading anyway the second super important skill that we covered is customer service showing empathy using the right tone of voice and dealing well with difficult situations these skills are essential to all IT roles in some companies sis admins have to be available around the clock if a server or network goes down in the middle of the night someone has to be available to get it working again don't worry a sysadmin doesn't have to be awake and available 24/7 they can monitor their service and have it alert them in case of a problem we'll discuss service monitoring in detail in the next course IT automation so how do you keep track of your troubleshooting a common industry standard is to use some sort of ticketing or bug system this is where users can request help on an issue and then you can track your troubleshooting work through the ticketing system this helps you organize and prioritize issues and document troubleshooting steps throughout this course will introduce types of services that assist admin needs to maintain and what responsibilities they have in an organization we'll also share some best practices for troubleshooting when it comes to systems administration when you work as an IT support specialist systems administration can become part of your job so it helps to think about all aspects of managing an IT infrastructure in an organization the more prepared you are the better you let's take a bit of a dark turn and talk about disasters like you know not something at some point will start working no matter how much planning you do this happens in both small and large companies it's an equal opportunity problem you can't account for everything but you can be prepared to recover from it how it's super important to make sure that your company's data is routinely backed up somewhere preferably far away from its current location one if a tornado struck your building and your backups got swept away with it you wouldn't have a building to work in let alone be able to recover your data and get people up and running again later in this course we'll talk more about what methods you can use to back up your organization's data and to recover from a disaster we'll try to keep things a little lighter in the meantime so far you've learned a lot about the roles and responsibilities of a sysadmin some of it may seem like a lot of work some might even seem scary being responsible for keeping data available isn't easy but it's rewarding rolling IT and you're already building your essay or sysadmin skill set by learning the fundamentals of IT support next up we're gonna quiz for you then in the next module we'll discuss the technical details of the infrastructure services used in IT see you there [Music] my name is Dion Paul and I am an operation specialist with the G Tech Chris team gtex hands for Google Technical Services I was always too familiar with IT but one misconception is that you can you can know enough and what I found out is that you can never know you know if there's never a threshold of learning things are always gonna be changing especially in IT so it's very important to keep learning keeping abreast of the latest technologies wherever it wherever it leads me to I'm never gonna stop learning and I'm always gonna be open to learning new things and applying those in different ways my most memorable career moment was actually getting to meet the former first lady Michelle Obama during our work trip I was selected for to participate in a project at the White House based on the work that my team was doing and we were able to not only engage her in a virtual reality shoot but I also was tasked with ensuring that all the equipment was working placing it directly in front of her meeting her and the content was gonna be ruled out to millions of kids around the world being able to operate a camera with the first lady right in front of me which is a moment I won't ever forget success to me is a journey and I define it as just peace just being at peace with your work career being at peace with your family whatever that means to you whether that I personally means I like being able to have some quiet time on the weekends outsider with to spend my family and stuff I'm at work as being involved in projects that you're passionate about and feel like you're contributing to just agree to agree to thing but to me success is a journey and to me it's defined as just being at peace with whatever you're working at you welcome back the last module we learned that system administrators have lots of responsibilities like maintaining infrastructure services IT infrastructure services are what allow an organization to function these include connecting to the Internet managing networks by setting up the network hardware connecting computers to an internal network etc in this lesson we're going to learn about the common IT infrastructure services out there and what you need to know to start integrating them into an organization we'll also dig deeper into each infrastructure service individually we will focus more on the physical infrastructure services like servers along with network infrastructure services that keep your company connected to the Internet in short we'll be servicing all infrastructure services needs you there are lots of IT infrastructure services that keep a company running in a smaller company a single person could be responsible for all these services in larger companies teams of sis admins might manage just one service in this course we're going to discuss what you'll need to set up these services as the sole IT person in a company we'll also give you an overview of some of the cloud services that you can utilize if you wanted another company to run your services reminder as we mentioned before cloud services are services that are accessed through the internet like Gmail we can access our Gmail accounts from any computing device as long as we're connected to the Internet by the end of this module you should be well-versed in what services you'll need to have a functioning IT infrastructure for your company you there are lots of types of IT infrastructure services out there we'll start by giving you a high-level overview of them in this lesson then we'll dive into the nitty-gritty details on how you configure and maintain these services in later lessons sounds good let's get started we talked about physical infrastructure components of an IT environment in an earlier lesson remember that you can set up different servers to run your services on like a server to run your file storage service you can buy or rent hardware for these servers and setup and store them either on-site or at another location essentially you manage these servers and to end there's another option if you don't want to be responsible for managing the hardware tasks and updating your server operating systems security patches and updates you can use the cloud alternative to maintain your own infrastructure which is called infrastructure as a service or IAA si8 AS providers give you pre-configured virtual machines that you can use just as if you had a physical server some popular IaaS providers are Amazon Web Services and their Elastic Compute cloud or ec2 instances line ode which runs out virtual servers windows Azir and Google compute engine which you've been using throughout this course you can read more about the different IaaS providers in the supplemental reading right after this video your company's internal network is it gonna be like your network at home you're going to have multiple computers that need to be on a certain sub that you have to assign them IP addresses statically or using DHCP the networking hardware has to be set up wireless internet will probably need to be available DNS needs to be working etc if your company is large networking is usually taken care of by a dedicated team but in smaller companies you probably be responsible for setting up the network network can be integrated in an ia a s provider but in recent years it's also been branched off into its own cloud service networking as a service or Naas and AAS allows companies to offshore their networking services so that they don't have to deal with the expensive networking hardware companies also won't have to set up their own network security manage their own routing set up a wine and private intranets and so on for more about Naas providers check out the supplemental reading let's talk about the software that your company might want to use do you need a type out Word documents use an email client communicate with other people use operating systems process spreadsheets or have any other software needed to run a business I bet yes the right software has to be available to your company's users we've already discussed how to install and maintain software and machines you have to deal with things like licenses security updates and maintenance for each machine the cloud alternative to maintaining your own software is known as software as a service or SAS instead of installing a word processor on every machine you can use Microsoft Office 365 or Google's G suite these are both services that you can purchase that allow you to edit Word documents process spreadsheets make presentations and more all from a web browser you can check out the next supplemental reading for more about SAS providers some companies have a product built around a software application in this case there are some things that software developers need to be able to code build and ship their software first specific applications have to be installed for their programming development environment then depending on the product they might need a database to store information finally if they're serving web content like a web site they'll need to publish their product on the Internet if you're building this entire pipeline yourself you may need to set up a database and a web server the programming development environment will also have to be installed on every machine that needs that if you want an all-in-one solution to building and deploying a web application you can use something called platform as-a-service or paas this cludes an entire platform that allows you to build code store information in a database and serve your application from a single platform popular options for paas are Heroku Windows Azure and Google App Engine as you might have guessed you can read more about paas providers in the supplemental reading the last IT infrastructure service we'll discuss is the management of users access and authorization a directory service centralizes your organization's users and computers in one location so that you can add update and remove users and computers some popular directory services that you can set up are Windows Active Directory open LDAP and we'll dive a little deeper into both these later on in this course directory services can also be deployed in the cloud using directory as a service or daas providers guess we can read more about das providers that's right in the supplemental reading there you have it there's a general overview of the most common IT infrastructure services you'll encounter when handling system administration tasks while cloud services are a great option it's super important that you understand how a service works and how to maintain before you employ the help of a cloud service even though cloud service are widely used in the industry and have a lot of pros there are also some cons these include recurring cost and the need to depend on the providers service we're going to teach you about the technical details and the implementation of these common IT infrastructure services we'll cover everything from setting up your own server and figuring out which applications you need to be productive to how to set up multiple users and get your network services in order by the end of this course you have the foundational knowledge required to set up the IT infrastructure for small organization I grew up in a small town in the desert and there wasn't really much to do except read play with computers and study and this is where I really learned to love technology to understand how this computer worked how it did what it did and how I could make it do something different and when I went to college I began to study the UNIX operating system and I learned just enough to get an internship at the local ISP and this was quite alarming for me because the first day of my internship I walked in and they said great we're so happy you're here you know UNIX right yes here's a radius server we want you to set it up it needs to be done by the end of the week and I said how exciting I get to do something that will have an impact on our users and I will get to learn something there was just one problem I didn't know what radius was so this is going to be quite a difficult challenge for me so I had to read the manuals and man pages and I had to scour the library for books and it took me about three days to learn what radius was and how to set it up but in the end I knew more about it than anyone else at the ISP and that expertise really I think drove me to become an expert in more areas it gave me a lot of confidence that I could do that work and it was actually really invigorating and so I ended up as a eunuch sysadmin and sort of went from there you you when you want to set up a server you essentially install a service or application on that server like a file storage service then that server will provide those services to the machines that request it maybe you thought you'd install services on a user operating system like Windows 10 well that's an option typically in an organization you'll want to install your services on a server operating system server operating systems are regular operating systems that are optimized for server functionality this includes functions like allowing more network connections and more RAM capacity most operating systems have versions specifically made for servers in Windows you have Windows Server in Linux many distributions come with server counterparts like computer server which is optimized for server use Mac OS is also available in Mac OS server server operating systems are usually more secure and come with additional services already built in so you don't have to setup these services separately you can read more about the different server operating systems in the next supplemental reading for now just keep in mind that when you install services on a server you should be sure to use a dedicated server operating system you we discussed virtual machines in the last course and covered how to set up a virtual machine on a personal computer in this lesson we're going to talk about why virtualization can be an important part of infrastructure services and systems administration there are two ways you can run your services either on dedicated hardware or on a virtualized instance on a server when you virtualize a server you're putting lots of virtual instances on one server each instance contains a service there are a bunch of pros and cons to running your services on either of these platforms here's the rundown performance a service running on a dedicated hardware will have better performance than service running in a virtualized environment this is because you only have one service using one machine as opposed to many services using one machine costs server hardware can be pretty expensive if you put a service on one piece of dedicated hardware and have to do that for nine other services it starts to add up one of the huge benefits to realizing your service is that you can have 10 services running on 10 different virtual instances all on one physical server here's another way to think about this in a typical server if you only have one service running it's probably only taking up 10 to 20 percent of your CPU utilization the rest of the hardware isn't being utilized you could add plenty more services to the physical server and still have a good start short for resource utilization it's cheaper to run several services on one machine than it is to run many services on multiple machines maintenance service require hardware maintenance and routine operating system updates sometimes you need to take the service offline to do that maintenance with virtualized servers you can quickly stop your service or migrate them to another physical server then take as much time as you need for maintenance virtualized servers make server maintenance much easier to do points of failure when you put a service on one physical machine and that machine has issues you're entering a world of trouble with virtualized servers you can easily move services off a physical machine and spin up the same service on a different machine as a backup you could also do this with a physical server but that could become costly if you account from multiple service tip you can prevent a single point of failure on a physical machine if you have a redundant servers set up meaning you have duplicate servers as a backup you learn about backups in an upcoming module as you can see there are lots of benefits to using virtualized servers just make sure to weigh the pros and cons of virtualizing your servers and using dedicated server hardware that way you can make the right choice for your company you another important part of physical infrastructure services is the ability to connect to your infrastructure from anywhere in the world we talked about remote access in an earlier course and we've been using it all throughout this program to connect to our lab machines in this lesson we're gonna discuss what's needed to set up for remote access for small organization as a systems administrator or as anyone in IT support you'll want to be able to remotely access another server or users machine so that you can troubleshoot an issue or do maintenance from wherever you may be in Linux the most popular remote access tool is open SSH we've already learned how to SSH into a remote computer in the last course we talked a bit about what's needed to set up SSH but we'll quickly show you how to do this to SSH into another machine you need to install an SSH client on the machine you're connecting from then install an SSH server on the machine you're connecting to to learn more about open SSH you can check out the next supplementary reading but let's keep rocking and rolling with how to install the open SSH client on a machine it's super easy what you're gonna do is I want to go to my client machine and simply run this command sudo apt-get install open is a CH client and going downloading package and perfect so it looks like my client has been installed next you need to install the open SSH server on the machine you want to access remember the SSH server is just a process that listens for incoming SSH connections so let's go to the server and install the open SH server 20 student ID get install open SSH server perfect so it looks like my serve is up and running so let's go back to the client and do a test I do SSH and to my server IP address with my username so I ask for my password which is a good thing perfect so as you can see I'm connected to my server and one true way to test this is if I go into my desktop of my server let me create a folder now if I go back to my server which is on this window I list the files you can see the folder test and that's it they were able to SSH into a machine from another machine not too complicated right Windows has similar tools that you can use a popular tool to access the CLI remotely is win RM or putty RDP is also popular if you want to access the GUI remotely we've already discussed how to connect to a machine using putty in the last course just remember to install an SSH server on the machine you want to connect to we also already discussed how to setup RDP in the last cost feel free to review those lessons as a refresher you can read more about the windows remote access tools in the next reading the takeaway here is that when you managed IT infrastructure you can utilize tools like remote access to work on your physical infrastructure you'll need to do a little bit of setup beforehand like installing an SSH client SSH servers and allowing remote desktop connections etc but it'll be worth it in the long run next up we'll tackle a network service see you there you now that we're a little more familiar with some of the common aspects of physical infrastructure let's move on to network services a network service that's commonly used in organization is a file transfer service so why would you want to have a service dedicated file transfer well sure you could probably carry around a flash drive and copy files to each machine you work on or even use a remote copy tools we learned in the last course or you could centrally store your files and transfer files from one computer to another using the Internet there are a few different file transfer protocol services that are used today let's take a quick rundown of what's out there and what they do FTP in the second course of this program the bits and bytes are computer networking we mentioned FTP aka the File Transfer Protocol it's a legacy way to transfer files from one computer to another over the Internet and is still in use today it's not a super secure way to transfer data because it doesn't handle data encryption the FTP service works much like our SSH service clients that want to access an FTP server have to install an FTP client on the FTP server we install the software that allows us to share information located in the directory on that server FTP is primarily used today to share web content if you use a website host provider you might see that they have an FTP connection already available for use so they can easily copy files to and from your web site SFTP is a secure version of FTP so it makes sense to choose this option over FTP during this SFTP process data is sent through SSH and is encrypted TFTP stands for trivial FTP it's a simpler way to transfer files than using FTP TFTP doesn't require user authentication like FTP so any files that you store here should be generic and not need to be secure a popular use of T FTP is to host installation files one method of booting a computer that we haven't discussed yet is PXE or pixie boot which stands for pre-boot execution this allows you to boot into software that's available over the network a common use case for organization that want to install software over a network is to keep operating system installation files a TFTP server that way when you perform a network boot you can be automatically launched into the installer this is a lot more efficient than having to carry around a USB with an operating system image you can learn more about pixie boot in the next reading depending on your usage of file transferring services you might want to weigh the option we mentioned we courage you to read about popular FTP clients using the Supplemental reading if you just want to share files between your computers in a secure way and have a nice directory where you can access all the shared files and is there transferring them to your machine you'll want to look at network file storage services instead we'll discuss those in an upcoming module you one of the oldest internet protocols in use today is the network Time Protocol or NTP it's used to keep the clock synchronized on machines connected to a network you've probably seen NTP implemented in your personal life if you've ever been in an airport airports utilize synchronized clock systems and many of those systems use NTP this is because the information that you see on your departure and arrival screen has to match the time that the air traffic control team seems for their airplanes if only NTP could solve for airport delays anyway in the IT world machines need to have accurate time across a network for a lot of reasons there are some security service like Kerberos a network authentication protocol that depend on the time being consistent across the network to work you'll learn more about that in the IT security course coming up it is important to keep the time consistent and accurate across your company's fleet you can't depend on the hardware itself to keep consistent time so you might want to setup an NTP server there are different ways that the 90 support specialist or sysadmin can do this for an organization you can use a local NTP server or a public NTP server to set up a local NTP server you can install NTP server software on your manage server then used all NTP clients on your machines until those computers which NTP servers to sync their time to this is a great option because you can then manage the entire process from end-to-end the other way to set up NTP is to use a public entity server public NTP servers are managed by other organizations that your client machines connect to in order to give synchronized time this is an awesome way to utilize NTP without having to run a dedicated NTP server but if you have a large fleet of thousands of machines it's better etiquette to be running your own NTP servers another good practice is to run your own NTP server and then have that point to a public entity server this makes it so that you don't connect all your clients to a public NTP server and you don't have to measure time synchronization whether you run your own NTP server or use a public one NTP is an important network service that you should definitely integrate into your own sleep you there are a few network services that are used internally in an IT Enterprise environment to improve employee productivity privacy and security while they're pretty common you might not encounter them in small organizations we discussed these services in course to our networking but let's do a refresher we're sure that you'll encounter them at some point in your IT career there are Internet's and proxy servers an intranet is an internal network inside a company it's accessible if you're on a company's network intranets can provide a wide range of information and are meant to improve productivity by giving employees and great a medium to share information thank you for like the company's website that's only accessible to people on the company network on this site documentation can be centrally located teams can post news updates employees can write to forms and start discussions and more intranets are most commonly seen in large enterprises and can be incredibly valuable tool for employee productivity another internal support service that's widely used is a proxy server proxy service acts as an intermediary between a company's Network and the Internet they receive network traffic and relay that information to the company network this way company network traffic is kept private from the internet the internet gets traffic through a proxy server but it doesn't know where it originally came from it only knows the proxy proxy servers can also be used to monitor and log internal company network activity they can be configured so certain websites are filtered from being accessed proxy servers are useful for providing privacy and security on the internet and regulating access inside a company in the next few lessons we'll talk about what are probably the most essential network services DNS and DHCP you we did a deep dive on DNS or domain name system in the networking course if you need a refresher on it make sure to review the material there as a super quick recap DNS is what Maps human understandable names to IP addresses it's an important network service to set up and maintain when managing a company's IT infrastructure you don't set up correctly no one will be able to access websites by their names we don't really have to think about DNS on our personal computers when you connect a brand-new machine to the Internet and start typing in the web address it just works automatically you don't have to type in IP address or anything but something is happening in the background when you connect to a network you're using the DNS server address that was provided by the router you connected to it updates your network setting to use that DNS server address which is usually your ISPs DNS server from there you're able to access pretty much any website so why do you need to set up your own DNS servers that DNS just works out of the box well there's two reasons first if you're running a web service like a website you want to be able to tell the internet what IP address to reach your website had to do that you need to set up DNS the second reason is that you probably want to work on your server or user machines remotely in theory you could remote access into them through an IP address but you could also just use an easy-to-remember hostname to do that you need dns to map the IP address to the hostname the next couple of lessons we'll discuss what's needed for dns set up for websites and internal networks you you might remember that we can use a web server to store and serve content to clients that request our services we'll probably want to store website content on our web server if clients want to reach our website we need to set up DNS so that they can just type a URL to find us so let's talk about how DNS gets set up for a website first we need a domain name we can buy a domain name like setting up DNS is fun at example.com we can purchase domain names like this from companies called domain registrar's like GoDaddy calm or Bluehost calm once we have our domain name we want to point our website files to this domain name our website files can be stored on a cloud hosting provider or we can decide to control this ourselves and store it on our own servers typically domain registrar's also provide cloud hosting services but they can try to a monthly fee to host your web files for you Pro sip if you don't want to utilize cloud hosting services you can just run your own web server don't forget there are always pros and cons to hosting a service yourself or offshoring it somewhere else so if you are the sole IT support specialist for an organization make sure to wait all your options before committing to an infrastructure service let's assume that we do want to host our website files ourselves from here we still need to point our new domain name to where web content is located we can do this in two ways the most domain registrar's can provide you with DNS settings and you can give the IP address of where your content is stored if you decide not to use your domain registrar to host DNS for you then you have to set up an authoritative DNS server for your website remember from our discussion and course to that authority DNS servers are the DNS servers that know exactly what the IP address is for the domain name since we own the domain name and hosting web content ourselves it makes sense for us to have the DNS servers that know that information you the other reason we might want our own DNS servers is so we can map our internal computers to IP addresses that way we can reference a computer by name instead of IP address there are a few ways we can do this one is using a local host file which contains static IP addresses - host name mappings let's take a look at an example of this remember that we learned that host files in networking allows us to map IP addresses - host names manually in Linux our host file is called Etsy slash hosts it has an IP address that points to 127.0.0.1 which points to a name called local host this just references back to the computer local host is commonly used as a way to access a local webserver we'll talk about web servers in an upcoming module so for now let's not worry too much about local host instead if I change this IP address mapping to wwo com then save and open a web browser and type wwo com it won't take me there let me show you that someone go ahead and change my local host to www.google.com/mapmaker it just takes me back to my local computer this is because a DNS query first checks our local host file then our local DNS servers so if there's an entry for google.com in my hosts file you'll go to that IP address instead let's say I wanted to access Natalie's computer at 192.168.1.5 and her host name is cat lady duck example company comm I would have to enter this in my hosts file for every single computer in my fleet that's definitely not the scalable option ok so what's our next choice we can set up a local DNS server that contains all the organization's computer names mapped to their IP addresses this is a most central storage location for this information then we change our network settings for all our computers to use this DNS server instead of the one given to by our ISP finally let's look at one of the last DNS option we can use for an internal network it can be integrated with a directory service which handles user and machine information in a central location like Active Directory and LDAP once we set up DNS and our directory service it will automatically populate with machine to IP address mappings so there's no need to enter this information in manually we'll talk more about these directory services in a later module and voila that's an overview of why you need a DNS along with your options for configuring them we won't dive too deeply into the technical details of setting up a DNS server but if you're interested in learning about which DNS software to use there are a few popular options like bind or power DNS I bet you can guess where you can read more about them in the supplemental reading one thing about DNS that we haven't discussed is what to do if we use something like DHCP which doesn't use static IP addresses don't worry we'll cover this in the next lesson you another network service that will make your job in IT support easier is DHCP a dynamic host configuration protocol need a refresher on DHCP just check out the DHCP lessons the networking course when managing IT infrastructure and you want to connect a computer on a network you have two options you can grant it a static IP address or give it a DHCP assigned IP address when you use the static IP address you have to keep track of every IP address you assign a computer and manually enter it in the network settings if you enable DHCP your computers will be leased an IP address from a DHCP server will automatically get IP addresses and you don't have to worry about manually setting addresses if you ever decide you need to expand your IP address range you don't have to change anything on the client machines either it just happens automatically to configure a DHCP server you'll need to figure out which IP range you can use to assign IP addresses if you want to integrate with DNS you need the address of your local DNS servers what gateway you should assign and the subnet mask that gets used once you saw the DHCP server software you have to configure the settings with this information different DHCP server software manufacturers have different configuration setting layouts so you have to investigate the specific one you want to use there are a lot of popular DHCP server software you can use for this Windows server versions come with DHCP service built-in but you can read more about the options in the next reading once you turn on your DHCP server and your clients are set to receive DHCP addresses instead of static IP addresses you should have working DHCP settings in the last lesson we talked about how DNS ties in with DHCP well in our DHCP configuration settings we can specify a DNS server locations the two servers then sync up and when DHCP leases out new addresses DNS updates its IP address mappings automatically that's a super quick overview how DHCP servers are configured hopefully you can now see why DHCP and DNS are critical network services for your organization you there will be times when you're working in an IT support role and you won't be able to resolve or get the IP address of a website name this particular problem could be tricky to identify when you see it you might just think that your network connection isn't working let's go ahead and try to navigate to Google com for my web browser so let me get to my web browser and navigate to Google com oh it doesn't look like we can get to Google com let's go over some of the tools that we learned in our networking class they can help first up if you're unable to resolve a domain name check that your network connection is actually working you can do a quick check and ping a website that you know is available an oldie but goodie is to ping wo com it's pretty rare that Google be down although it can't happen so let me go into my terminal and type in ping wwo comm looks like we're getting responses let's move on to isolating another problem DNS to verify that your DNS server is giving you a correct address for google.com you can use nslookup remember that nslookup gives us the name server of a host or domain name so let me go and do that one on my terminal from here we can rule out if DNS is an issue by verifying that the host name points to a name server if we copy the IP address of the result and paste it into the web browser it should resolve the website name if DNS is working let's go ahead and do that so I'm gonna go ahead and copy the nun authoritative IP address open my web browser oh I see that's working hmm what's going on looks like my DNS settings aren't working correctly let's look at my ping results again so I'm gonna go ahead to my terminal and ping wwo com hmm I see that it checks an IP address different from what I have here if I go to this IP address it doesn't take me anywhere so I want to take this IP address copy this huh remember that when a DNS query is performed you compete a first checks host file now if I access my hosts file here I can see that I'm an entry for wwe.com and it points to a fake IP address if I remove this line right here where it says one two 7.1.1 dot three and save that configuration file and then restart my browser if I typed me wwo com there we go we're there and the correct DNS setting should be applied to wwo com there are some situations where DNS can be tricky to navigate since there can be many contributing factors but as with any troubleshooting scenario remember to keep isolating the problem down until you can get to a root cause with time and experience you'll learn a lot more about DNS and how to troubleshoot it in the real world we've covered a lot of information in this module you learned about all the overall services needed in an IT infrastructure on top of that you learned about physical infrastructure services like remote access and virtualization that help your organization run more efficiently you even learn about essential networking services like DNS and DHCP along with the overall picture of what's needed to set up DNS for an organization and why you'd want to do that now we're going to test you on all that learning and don't forget you can always go back and review the material again if you need to before you take the quiz in the next module we're gonna cover two of the other IT infrastructure services software and platform services I'll see you there you welcome back in the last module we learned about the physical infrastructure and network services that are used in an IT organization in this lesson we're going to discuss the other services that make up an IT infrastructure the software and platform services software services are the services that employees use that allow them to do their daily job functions this can include applications like word processors internet browsers email clients chat clients and so on platform services provide a platform for developers to code build and manage software applications this way developers don't have to deal with operating system maintenance and other services that are needed to use for the platform tools when managing IT infrastructure it's important that you implement software services for your users to enable their productivity depending on what type of company you might manage you may also need to manage platform services for software developers you software services include a wide range of functions we'll cover the major ones here first up is communication services which enable employees in a company to talk to one another then the security services which add a layer of security protection to our IT infrastructure will also discuss user productivity services and some of the aspects of managing software in a business that you'll probably have to think about in your work there's lots of software out there that's used for intercompany communication like email or phone communication these are important communication services but in this video we're only going to discuss software that's used in instant communication instant communication has drastically changed how we communicate in both our personal lives and in the workplace we can have multiple conversations with different people in real time using chat applications you probably use something like facebook Messenger on your smartphones to chat with your friends in a business setting there are similar methods of instant communication the first is internet channel relay or IRC which is a protocol that's used for chat messages IRC operates in a client-server model so lots of IRC client software can be used to connect to an IRC server IRC was widely used in the 1990s as a way to facilitate all kinds of chats group chats individual chats and more it's not as widely used today given the wave of social media instant chat messages but if you're considering setting up an IRC it is a free alternative to other chat applications paid for options are another method of instant communication there are a lot more sophisticated and advanced chat applications out there that offer enterprise support a few popular options are hip chat and slack you can read more about these in the supplemental reading there are also other communication protocols called open IEM protocols that are widely used and integrated into different communication applications one of the most popular communication protocol is XMPP or extensible messaging and presence protocol it's an open source protocol used in instant messaging applications and social networking services XMPP is even used in Internet of Things applications and other things a few popular and free applications that use XMPP are pigeon and pay diem feel free to check out more about these alternatives in the supplemental reading right after this video instant communication is a fantastic tool you can use to promote team collaboration and efficiency when managing an IT infrastructure it should be one of the communication services that you consider implementing for your organization they'll definitely thank you maybe even over instant communication you one communication service that you're almost guaranteed to use today is email we use email for a wide range of communication in an enterprise setting it's important versus admin or a sole IT support specialist to be able to configure email services for the company to do this you need to have a domain name set up for your company that you can use as your email domain like Devan at example.com when you send or receive email you want to use this email address there are two ways to set up email for a company the first is to run your own manage server using this option you set up the email server software on a server then you create a DNS record for your mail server there are different DNS records remember that the a record is used for host names but for email servers we use MX for the mail exchange record email server setup can be one of the most complicated service to set up for sysadmin you have to get the email to actually work protect your email addresses from spam filter out viruses and more if you'd like to learn more about setting up an email server check out the next reading an alternative approach to setting up your own email servers is to use an email service provider like Google suite these service providers allow you to create email inboxes and more by paying a monthly fee for every user in the organization this ties you into the Gmail webmail client and allows you to access your email from anywhere as long as you're connected to the internet whatever option you choose you'll have to understand the differences between email protocols when you set up your email accounts there are lots of email protocols out there but we'll only do a rundown of the more common ones you'll hear about pop3 IMAP and SMTP post office protocol app up version 3 is an email protocol that downloads email from an email server onto your local device and then deletes the email from your email server if you want to retrieve your email through pop3 you can only view it from one device there are a few reasons why you might want to use three to get your email if you need to keep your email storage under a certain quota pop3 is a good way to maintain that storage limitation another benefit of pop3 is privacy your email can only be seen from your local device if storage limitations and security are concerned for you you might want to consider using pop3 over something like IMAP speaking of IMAP or internet message access protocol allows you to download emails from your email server onto multiple devices it keeps your messages on the email server this email protocol is one of the more popular ways to retrieve email last up is Simple Mail Transfer Protocol or SMTP which is a protocol used for sending emails while pop3 and IMAP and other protocols can be used to retrieve email there's really only one email protocol for sending email SMTP so there are lots of different email protocols that can be implemented depending on the email software you choose you can read more about them in the supplemental reading email service is critical for any organization companies need to be able to contact clients and business partners and communicate internally if you work in an IT support specialist role where your handling system administration tasks you need to weigh the pros and cons of a dedicated email server or cloud email service decisions decisions decisions you in any organization the software that employees need to do their job is the software than IT support specialists managing IT infrastructure needs to provide depending on the organization you might need to get your users things like software development programs word processing graphical editors finance software and so on whatever software you provide there are different things to consider when using it in a commercial setting that might not have crossed your mind when you used a similar software personally remember when we discuss software licensing in an earlier lesson when you use software you're doing so under the agreement of the developers license for example when you use open source software the License Agreement usually says that it's free to use share and modify when software is used as a consumer agreements can say that only a specific person can use a software in a business or commercial setting most software distributors will have a separate agreement in most cases you can buy ten licenses and any ten people in your company can use it if someone leaves a company or doesn't need the software anymore you can take their license and give it to someone else in the company when considering software licenses it's important to review the terms and agreements then move forward with whatever option works best for your company things get a little more complicated when it comes to cloud software services you might have to deal with some of the same stipulations and also think through whether to purchase added features for businesses and enterprises like dedicated customer support whatever method you use to provide software whether it's installing software on every machine or utilizing cloud software services there's one thing to keep in mind software used as a consumer won't be the same as software used as a business you the last software services that we'll discuss our security services security is super important to all organizations it's integrated into pretty much all aspects of an IT infrastructure service we'll dive deeper into this in the last course on IT security for now remember that there are lots of different security protocols that are put in place for all sorts of things keeping data encrypted authentication etc if you ever manage a web server that serves content to other users you want to let them know that when they access your website you're keeping their interaction with you as secure as possible let's say that you have an online bank account that you're logging into the URL will most likely begin with an HTTPS remember that HTTP stands for hypertext Transfer Protocol which is used to format and transfer web content around the internet when you enter in a URL you notice that the HTTP comes before everything else HTTP or hypertext Transfer Protocol secure is a secure version of HTTP it makes sure the communication your web browser has with the website is secured through encryption HTTPS is also referred to as HTTP over TLS or HTTP over SSL this is because there are two protocols that enable us to make our web servers secure the first is transport layer security protocol or TLS which is a most popular way to keep communication secure over a network TLS is widely used to keep web browsing secure but it can be used in a lot of other applications too we'll do a deep dive into the technical details of TLS than later course the second protocol is secure socket layer protocol or SSL it's a way of securing communication between a web server and client but it's pretty old and insecure so it's been deprecated in favor of TLS you may still see its name being used to refer to the TLS protocol like SSL / TLS the two protocols are often used interchangeably in fact SSL version 3.0 was essentially TLS version one point now but TLS is new features and updates have made it more secure than SSL so if you're managing an organization's website on a server how do you enable TLS on the server so that the site can be using HTTPS well you need to get a digital certificate of trust from an entity called a certificate authority the certificate authority grants a certificate to your website saying that I'd trust that you control the web server and verifies that you are who you say you are once it does that you can install the certificate on your web server that way when users visit your site they'll see the HTTPS in the URL instead of just HTTP you'll learn more about certificates and certificate authorities in an upcoming course for now think of certificates as a way to verify that something is trustworthy security is an integral part of IT and it's not just a responsibility of security engineers everyone should be thinking about security and all layers of your infrastructure should have a layer of security built upon them there are lots of other security software that you could add to your IT infrastructure which we'll dive into the last course for now it's a good idea to know the basics of keeping a web server secure with HTTPS knowing what I know now the advice I would give my younger self is to not be afraid to talk to people because I'm very shy and I think also you know my imposter syndrome tells me don't look stupid don't look stupid right don't ask dumb questions don't ask silly questions don't ask questions at all and I think what I would tell myself is do your research do your reading teach yourself and educate yourself continue to do that but it will speed up the process so much faster if you can find somebody you trust to collaborate with to learn and to really find that good mentor so that as a student you always have somebody that you can lean on I have impostor syndrome every time I walk in the door yeah every morning gosh I'm going to work at Google I have a meeting with the following people I can't believe I'm having a meeting with the following people and again I just try hard to focus on what I really want to get out of it what I want the outcome to be because even if it goes spectacularly wrong I'm still going to have learned something once you have a few passed you it's gonna feel better and you're gonna understand what what the successes look like and how you get them and you'll be able to repeat those patterns over and over again but in the end if you don't like doing that or the outcomes don't sound interesting to you finding new outcomes because you will eventually find that thing that really drives you and that you're passionate about you you in the operating systems course we discussed files in depth and how we use and modify them on our OSS in this lesson we're gonna run down some of the file services we can use that will allow us to be productive as an organization employees need to be able to share files with each other whether that's to collaborate or exchange information we talked about shared folders in Windows in the last course but in this lesson we're going to talk about more scalable and efficient ways to share data enter file storage services file storage services allow us to centrally store files and manage access between files and groups you can set up a file storage server that will let users access a shared directory to modify or add files and much much more in the next lesson we'll go into depth on two of the more popular ways you can use to manage store and share files of our network the other way to maintain a faster service is by using a cloud file storage provider there are lots of providers that offer secure and easily managed file storage you can read about some of the more popular ones in the supplemental reading for now let's see how to manage a file storage service ourselves you in the last course we mentioned that very few file systems can be used across all major operating systems fat32 is a popular file system that's compatible with Windows Linux and Mac OS --is but it has severe limitations on the amount of data you can store on a volume what happens if you have multiple users that want to share files between each other well they need to store the file somewhere and they need to be able to retrieve the files over a network network file system or NFS allows us to do this it's protocol that enables files to be shared over a network the file system is compatible on all major operating systems the easiest way to set up an NFS server is by using a Linux environment you can install NFS server software then modify the configuration files for the directories that you want to allow shared access to once you do that the NFS service will be running in the background of the server on each client machine that once acts as a server if you just mount the filesystem the way you would any other file system except you'd use a hostname instead of a physical disk device from there you can access the shared directory like you would any other folder on your computer check out the next supplementary reading for some examples of NFS server software you can configure for Linux NFS is a good solution to file sharing within a network but as with anything on a network heavy usage will slow down the file system while NFS works with all major operating systems there's still interoperability issues with Windows if your fleet consists mostly Windows machines you might want to look at using something like Samba Samba services are similar to NFS since you can centrally share and manage file services also all major operating systems can use a Samba file share the only reason you might want to consider samba over NFS is because it works better with Windows operating systems it also includes other services that can be integrated with your organization like printer services will talk about printer services in an upcoming lesson one thing to note is that you may hear the term Samba or SM be these two are different SMB is a protocol that samba implements you can read more about SMB in the supplemental reading fun fact when you create a windows shared folder it's actually using the SMB protocol some by itself is a software service suite used for file services which you can also read more about in the supplemental reading there are lots of other file storage services that you can use and you can read more about them in wait for it the supplemental reading a relatively affordable solution for file storage hardware is to use a network attached storage or mas pronounced nas instead of setting up a dedicated server like you would other services naz's are computers that are optimized for file storage they usually come with an operating system that stripped down in order just to serve files over a network they also come with lots of storage space whatever method you choose central file storage and management is an important part of IT infrastructure for any organization you I told you would cover printing services and here we are well our world is moving more and more into the digital space there are still aspects of our lives that require good old-fashioned paper many organizations still use printers and as an IT support specialist you have to manage them as you would any other device if you have a printer at home you probably connect it directly to your computer maybe you even print over your home network through Wi-Fi some small organizations can get away with this type of printer management but most large organizations have lots of printers I need to be managed and large volumes of information that need to be printed when managing printer IT infrastructure you need to have a place to centrally manage all your printers you will probably be running commercial printers that also can report Diagnostics information like loeb toner levels along with managing printers centrally you'll also need to be able to deploy printer drivers software so that your users can print from their computers there are a few different ways that printers can be managed setting them up really depends on how many printers you have and how many people are in your company in a small company with less than 100 people setting up one or two commercial printers should be more than enough to set up a print server all you have to do is install a print service on a server most server operating systems already come with the printer service readily available for example let's look at windows in the windows server operating system there's a print and document services that can be enabled all you have to do is add your network printer to the service and install the drivers for those printers nice and simple right in Linux a common print service usually pre-installed on machines as cups or common UNIX printing system let me show you cup's allows you to easily manage printers from a simple web URL you can read more about both the windows print and document services and cups in the next reading when your print server is set up you need to add the printer to the client machine just search by the printer server name and connect to the device and start printing there are lots of ways you can optimize this process when you start learning about directory services we'll take you through how to set rules up on machines so that the printer and their drivers are automatically installed on a client computer another way you can manage printers is by using a cloud service provider this allows you to manage your printers through a web browser it also lets your users print through a web browser so no setup is involved on their machines printer setup is pretty easy to do most of it depends on what printer service you decide to go with we've learnt a lot about software services in our IT infrastructure from important communication services to security and now printing let's keep charging ahead in the next lesson we're going to discuss platform services you platform services provide a platform for developers to completely build and deploy software applications without having to deal with our West's maintenance server hardware networking or other services that are needed to use the platform tools a web server that we deploy our web applications to all the development software that we used to code our applications are both examples of platform services in this day and age most businesses have a digital presence whether that's a website that promotes their business or even a website that is their business businesses that run web services keep their services stored on a web server a web server stores and serves content declines through the internet you can access web service using a domain name like Google com a web server itself stores web bars and runs and HTTP service all HTTP server that processes HTTP requests remember that HTTP is how the web formats and transfers web pages you can think of the web server as the physical server that stores web files and the HTTP server software when your web browser makes a request to fetch a web page from a URL it sends an HTTP request that gets processed by the HTTP server then the HTTP server sends out an HTTP response with the content that you requested there are a lot of popular HTTP server software out there but the most widely used is the apache HTTP server most commonly referred to as Apache Apache is free and open source it helps serve a large percentage of webpages on the Internet let's actually see how a web server serves content to the web I'm going to install the Apache web server software on my Linux computer here you don't have to understand the specifics of the setup I just want you to see how easy it is to run a web service so let me go ahead and install Apache so I'm gonna go ahead and do sudo apt-get install Apache to and then hit the flag yes to accept all my packages perfect now I will web server services running on our machine we're actually able to start hosting web content the machine that we're hosting our content on is well this machine right here remember that our computer has an IP address that's associated with itself 127.0.0.1 or a hostname of local host local host itself is reserved for this purpose so it's not possible to get the domain name local host so now that we know our machines location let's enter it to the web browser and here it is our local web server content running on our machine the files we see here come with the default Apache installation but if you wanted to upload our own web content we can just navigate to the directory where this is stored and replace it with our web content remember that since this content is hosted on our local machine we will need to use DNS to let the world know that our web server exists if you need a refresher on this feel free to go back to the lesson on DNS services that's a quick rundown of how web servers work you can read more about Apache and other HTTP servers in the next supplemental reading system administrators are responsible for creating the content that gets served but they might be responsible for making sure that content is available if you're an IT support specialist with a web service that needs to be marriage you should have a pretty good understanding of how it works you when you are a service that operates on the web you need to have a web server that serves web pages two clients are requested like we just covered but you may also need to store information have you ever thought about what happens to your information when you create an account online for a web site where do they store that info do they put in a folder on a web server if they do you need to stop using that service immediately customer information like news articles videos large amounts of text image or audio files generally get stored in a database databases allow us to store query filter and manage large amounts of data when you build a web product you'll probably store the data in a database database servers consist of database software that's running that you're able to read and write from common database systems like my sequel and Postgres sequel are widely used in application and web development and data analytics these database systems usually require knowledge of special languages or syntaxes to be able to parse and filter through large amounts of data if you want to dig deeper into database systems check out the next reading administrating and managing a database can be incredibly complex losing precious data could cost a company dearly there's actually an entire job specialization within IT that deals with databases just like that call it database administrators we won't talk about their role in this program but if you're interested in learning more you should know where to look the supplemental reading you web servers and servers in general are prone to breakage just like any other machine troubleshooting the web server could involve lots of different variables we won't discuss a specific troubleshooting scenario in this lesson but we'll talk about some easy troubleshooting tools you can use to diagnose a faulty web server or browser caught HTTP status codes when we want to go to google.com our browser is sending an HTTP request to the HTTP server on the web server in turn we get an HTTP response sometimes this response returns the content that we want almost all the time it will return a status message of the response HTTP status codes are codes or numbers that indicate some sort of error or info messages that occurred when trying to access a web resource knowing common HTTP status code comes in handy when you're troubleshooting a website error they'll usually tell you useful information that can help you isolate the root cause here's a common HTTP status code you might recognize the dreaded 404 not found a 404 error indicates that the URL you entered doesn't point to anything let's see what happens if I type in google.com /a SDF let's type that in I get this error message the requested URL fourth slash asdf was not found on this server that's exactly what I expected to happen I typed in an address I knew didn't exist and the web server confirmed it for me but how do we know it's a 404 error code depending on the website HTTP error messages could be displayed right on the page when you try to access it however to be absolutely sure you can just view the HTTP response itself to do that we'll have to do a bit of work browsers today have built-in tools that help people diagnose issues with the web browser or website itself since I'm using Chrome I'm going to use a chrome developer tools let me go and should do that so I'll click on this I get into tools then click on developer tools this will open up the developer tools side-by-side to my web browser developer tools is a great resource for testing and debugging issues with the website or browser we won't go through this tool though if you want to learn more you can check out the supplemental reading for now we just want to see the HTTP response code to get to that I'm gonna go to the network tab here and refresh my page if I try to go to google.com for slash asdf I'll see the request I made in the left hand side here if I click that I'll see the status code says 404 not found pretty neat right HTTP status codes that start with 4 X X indicated an issue on the client side the client tried to do something that I couldn't like enter a bad URL access something it wasn't authorized to do etc the other common HTTP status codes you might see start with 5 X X these errors indicate an issue on the server side the web server that hosts this web content is experiencing issues and hopefully the serve administrators are looking into it HTTP status codes tell us more than just errors they can also tell us when our request is successful which is denoted by the codes that begin with 2 X X HTTP status codes can tell us a lot about an issue with the website if you encounter one that you aren't familiar with just look it up it'll probably tell you exactly what the issue is for a list of HTTP status codes take a look at the Supplemental reading well you've done it again you covered a lot of information in this module about software and platform services you learned about IT infrastructure services that help a business stay productive like communication services you learned about security services that keep information secure between web browsers and servers you also learnt about platform services that are used to deliver applications to users now you can put that knowledge to the test in a short test we've cooked up for you in the next module we'll talk about managing users and policy is using directory services you're doing an awesome job I know we covered a lot but stick with it you got this you congratulations you're almost done covering the essential IT infrastructure services involved in an organization you're so close you got this in the last module we learned about the software services used in an organization like communication software security and file storage services then we talked about platform services involved in organizations that build a software product finally we learned about some of the servers that support those organizations like web and database servers in this module we're going to learn about the last major IT infrastructure service directory services it's the beginning of the end ready let's jump in you have you ever looked up someone's phone number in a phone directory or use a directory listing out of shopping more to find a specific store a directory server essentially provides the same functionality a directory server contains a lookup service that provides mapping between network resources and their network addresses it's used to organize and lookup organizational objects and entities ranging from things like user accounts user groups telephone numbers and Network shares instead of managing user accounts and computer information locally on every machine all that information can be stored on a directory server for easy access and management the ideal enterprise quality directory server should support replication this means that the stored directory data can be copied and distributed across a number of physically distributed servers but still appear as one unified datastore for acquiring and administering why is replication important it provides redundancy by having multiple servers available simultaneously so there'll be minimal disruption to the service in the event that one of the server explodes replication also decreases latency when you access the directory service by having replicas of your directory server located in each office you're able to answer directory service queries more quickly the directory service should also be flexible allowing you to easily create new object types as your needs change access to the information stored in the directory server database should be accessible from a variety of OS types and from the designated areas of the corporate network directory services are useful for organizing data and making it searchable for an organization this is achieved through the use of a hierarchical model of objects and containers the containers are referred to as organizational units or I'll use and they can contain objects or more organizational units this is similar in organizational structure to a file system OU's are like folders which can contain individual files or objects for a directory service all use can also contain additional folders the management benefits of this structure are pretty clear can you imagine trying to keep your music library organized if there was no such thing sub orders crazy this hierarchal structure it can be used to convey additional information about what's stored within take your directory structure as an example you may have a know you called users which contains all user accounts within this so you there could be additional or use which represent the actual team structure of your organization the users oh you could contain additional or use like sales engineering and marketing which include the user account objects for the individuals that belong to these tech teams this structure can be used to convey differences between these sub OU's of users for example we could enforce stricter password requirements for members of engineering without affecting sales or marketing sub members inherit their characteristics of their parent or you so any changes made to the higher level users or you would affect all sub well use including sales marketing and engineering someone with the responsibilities of a systems administrator whether that's a system admin or IT support specialist would be responsible for the setup configuration and maintenance of the directory server this include z/os itself on which the directory service would run standard OS management tasks are involved here like ensuring that updates are installed in configuring standard services other responsibilities include the installation and configuration of the directory service itself so installing the service and configuring any related services if multiple servers are used in a replication setup this needs to be configured to it's very likely that the hierarchy and overall structure of the directory itself would also be up to the sysadmin to design and implement well that cop is the high level overview of what exactly a directory service is we'll dive deep into more specific details later in this course but for now let's review some of the concepts we just covered with the short quiz then let's meet back at the next video where we'll do a more detailed rundown on how to implement directory services you directory services became an open network standard for interoperability among different software vendors in 1988 the X dot 500 directory standard was approved and included protocols like directory access protocol or da P directory system protocol or DSP directory information shadowing protocol or D ISP and directory operational bindings management protocol or DOP alternatives to da P were designed to allow clients to access the extra 500 directory the most popular of these alternatives was lightweight directory access protocol or LDAP since these are open standards for communication and access for directory services a bunch of different implementations of these services cropped up there are offerings from Apache Oracle IBM and Red Hat but we'll cover two in more detail later in this module the first is Microsoft implementation which is referred to as Active Directory or ad it has some customization and added features for the Windows platform there are also open source implementations of directory services using LDAP a popular example of this is open LDAP which were also covering greater detail open LDAP supports a wide range of platforms like Windows Unix Linux and various unique derivatives in addition to the server software there are also client tools used for accessing and administering the directory server microsoft offers Active Directory users and computers or a/d you see which works well with Microsoft Active Directory server there are also other more open tools that can be used to interface with a lot of other directory server implementations along with clients for administering and managing a directory server there are also client applications that can interface with and query a directory server all major OS platforms support integrating into a directory server for login and authentication purposes the advantage here is that this allows for centralized management of user accounts we'll cover the details of centralized management in the next lesson so don't worry too much about that right now when looking at specific implementations for your directory server you'll want to consider OS support not just a server that will be running the directory service itself but also what OS is your client fleet runs and the compatibility or support for your directory services you can read more about why this is important in the next reading you the job of assistant administrator is to well administer systems sis admins have a set of systems they're responsible for and they have to manage those systems so they're available to serve their function to the organization for example as a sysadmin I might be responsible for making sure that all of the servers in my network are kept up-to-date with security patches and application updates should I go around and log into each server checking each one at a time what if I need to manage user accounts on end-user devices should I go to each employees desk and set their account up that way I guess I could but that'll be super time-consuming and probably inconsistent instead what I want to do is use centralized management a central service that provides instructions to all of the different parts of my IT infrastructure directory services are one of these services remember in earlier lessons when you created accounts and gave them access to resources on your computer imagine that you work for an organization that has dozens hundreds or even thousands of computers and people who use them you can't possibly go into each of those computers to set them up directory services provides a centralized authentication authorization and accounting also known as eh-eh-eh when computers and applications are configured to use directory services for aaaa services decisions about granting or denying access to computers file systems and other IT resources are now centralized now you can create a user account once and it's available for the entire network at once easy well sort of you'll learn a lot more about aaaa services in an upcoming course for now you should understand that your directory service will be responsible for granting or denying access to computers file systems and other IT resources now let's go one step further let's say you have a network file system that you need to give everyone in the IT department access to you you could set up the network share then give it a list of user accounts to grant access to the share but what happens when someone new joins the IT department what about when someone leaves instead of granting access based on who what if you granted access based on what you do in most organizations access to computer and network resources is based on your role in the organization when you manage access to resources on a computer and on the network you'll often grant and deny access based on user groups user groups can be used to organize user accounts in all sorts of ways you might create groups with buildings that people work out of or the person's role in the organization or really almost anything else what's important is that you use groups to organize accounts based on the way that you will manage them if your assistance administrator then you might have permission to do things like creating user accounts and resetting passwords you are allowed to do that because of your role as a systems administrator if you add another assistance administrator to your organization you don't want to have to find out all of the things that a sysadmin should have access to then grant them individual account access to each of those resources that would just take forever instead we'll create a group for sis admins and add all the system administrators to that group then we can give the system administrators group access to any resources they need if you or another person change roles in the company then all you have to do is change the groups that you're a part of not the rights that you have to directly access resources we call this role based access control or RBAC controlling access to resources isn't all you can do you can also centralize configuration management just like you don't want to run around to every computer to configure user accounts you wouldn't want to do that to set up printers configure software or mount network file systems by centralizing the configuration management of your computers and software you can create rules about how things should work in your organization there are many ways to centralize your configuration management an easy way to get started is with as simple a tool as log on scripts that run each time someone logs on to a computer later in this module we'll look at Active Directory and its group policy objects which are a way to keep manage the configuration of Windows machines there are also dedicated configuration management frameworks like chef puppet or SCCM that can be used for super simple or super powerful configuration management these are outside the scope of this module so check out the supplemental reading right after this video for more information you Before we jump into directory services let's talk about the underlaying protocol that's used in directory services called LDAP or lightweight directory access protocol LDAP is used to access information in directory services like over a network two of the most popular directory services that use LDAP are active directory and open LDAP which we'll talk about more in upcoming lessons there are lots of different operations you can use in LDAP you can add a new entry in the directory server database like creating a new user objects called Christy you can delete an entry in the directory server database you can modify entries and much much more when we say entry we're referring to the LDAP entry format or LDAP notation for records in the directory service and LDAP entry is just a collection of information that's used to describe something take a look at this example don't worry too much about what this says the format of LDAP entries basically has a unique entry name denoted by DN or distinguished name then attributes and values associated with that entry so CN is the common name of the object in this case since it's a person we use Devon Sri Darren as the name Oh u is the organizational unit such as a group and in this case sysadmin is used DC is the main component so example.com is split into example then come again it's not necessary to remember these attributes you can reference them in the next reading the takeaway here is that LDAP notation is used for entries in directory services to describe attributes using values you if you were around when phone books were used you might remember that these big old books contain the names addresses and phone numbers of people in your neighborhood or community who wanted the information to be publicly listed this is way different from the phone book or contact list you have in your mobile phone the people who are in your contacts directory gave you then phone numbers for your use only when using LDAP there are different authentication levels that can be used to restrict access to certain directories similar to those big public phone directories are those private mobile phone directories maybe you have a directory that you want to make public so anyone can read the entries in the directory or maybe you just want to keep that data private to only those who need it we'll discuss how LDAP does this authentication and what methods it uses we talked about the different operations you can do without app like add remove or modify entries in a directory another operation that you can perform is the bind operation which authenticates clients to the directory server let's say you want to log in to a website that uses the directory service you enter your account login information and password your information is then sent back to the website it will use LDAP to check if that user account is that a user directory and that the password is valid if it's valid then you'll be granted access into that account you want your data to be protected encrypted when it's completing this process there are three common ways to authenticate the first is anonymous then simple in the last is sasl or simple authentication and security layer when using anonymous binding you want actually authenticating at all depending on how its configured anyone could potentially access that directory just like our public phone book example when you use simple authentication you just need the directory entry name and password this is usually sent in plain text meaning it's not secured at all another authentication method that's commonly used is sasl authentication this method can employ the help of security protocols like TLS which we've already learned about in Kerberos which we'll discuss a minute sasl authentication requires a client and the directory server to authenticate using some method one of the most common methods for this authentication is using Kerberos Kerberos is a network authentication protocol that is used to authenticate user identity secure the transfer of user credentials and more Kerberos by itself can be a complex topic that we'll revisit in the IT security course if you want to learn more about Kerberos right now you can check out the supplemental reading by after this lesson once the client has successfully authenticated with the LDAP server or directory service the user will be authorized to use whatever access levels they have in the next few lessons we're gonna go dive deeper into two of the most popular directory services that use out DAP active directory and open LDAP the hardest part of my career has easily been joining Google I joined in 2002 when the company was quite small all men for the most part I was the only woman in the room most of the time and the way I got through it was to find that thing that I wanted to be the expert at find the thing I wanted to achieve and to really focus on that every day break it down into small pieces celebrate your milestones when you hit them and then at the end I had achieved something that no one else in the team could have they had all tried and I was the one who got it done and so I get to seem to reflect on that occasionally and think I yeah I did that every time a packet passes between an end users computer and Google it crosses a barrier that I put in place for the first time so I got more and more interesting projects and people began to rely on me more and it really helped me overcome the shyness it helped me overcome my questioning of whether or not I belong here because I actually got to contribute and in a meaning [Music] you you welcome back in this lesson we'll learn more about Active Directory or AD the native directory service for Microsoft Windows Active Directory has been used to centrally manage networks of computers since it was introduced with Windows Server 2000 if there are computers running Windows in your organization then ad pro has a huge role Active Directory works in a similar fashion to open LDAP it actually knows how to speak the LDAP protocol and can interoperate with Linux OSX and other non Windows hosts using that protocol when you use Active Directory to manage a fleet of Windows service and client machines it does a lot more than just provide directory services and supplies authentication it also becomes the central repository of group policy objects or GPOs which are ways to manage the configuration of Windows machines we'll show you how to do this later in this lesson now let's take a look at a typical Active Directory domain and see what it contains Active Directory administration relies on a whole suite of tools and utilities we're going to use a tool call the active directory administrative center or a tank a tank is a tool that we'll use for lots of the everyday tasks that you'll learn in this course it's great for getting work done and for learning how things work behind the scenes as you'll see remember that much like file systems directory services are hierarchical everything that you see in Active Directory is an object some objects are containers which can contain other objects so several of the default containers are just called containers and they serve as default locations for certain types of objects another type of container is called an organizational unit or oh you which we talked about in an earlier lesson you can think of an O you like a folder or directory for organizing objects within a centralized management system ordinary containers can't contain other containers but all use can contain other oh use that's a little confusing so to show you the hierarchical structure of AD better click this button of the left hand pane to switch Adak to tree view there are lots of things listed here a DAC tells us what kind of object each of these are and gives us a description for some of them we're not going to work with all of these but we want to call out some parts of the directory that are more common to work with the very first node in this tree is our domain a domain will have a short name like example and the DNS name like example.com objects particularly computers in the domain will be given a DNS name that lives in the domains DNS zone there's actually one level of hierarchy above a domain that we don't see in this tool and that's a forest if you look at the logical shape of a domain it looks like a tree so the name even makes sense a forest contains one or more domains accounts can share resources between domains in the same forest in our example environment example comm is the only domain in the forest the next example that we look at is computers this container is where new ad computer accounts are created if I go here you can see my computer's computer accounts are created when a computer is joined to the ad domain the next thing that we'll look at is domain controllers this container is where domain controllers are created by default next we'll look at users this container is where new ad users and groups are created by default the service that hosts copies of the Active Directory database are called domain controllers or DC's domain controllers provides several services on the network they host a replica of the Active Directory database and group policy objects DCs also serve as DNS service to provide name resolution and service discovery to clients they provide central authentication through a network security protocol called Kerberos as I mentioned we'll talk more about cover-ups in the IT security course for now what you should understand is that domain controllers get to decide when computers and users can log on to the domain they also get to decide whether or not they have access to shared resources like file systems and Printers this allows system administrators to make changes to the network really quickly and easily if someone new joins the organization sis admins can create a user account for them and almost immediately every device on the network knows who that person is if someone changes jobs in the org or leaves a sysadmin can disable or delete their account and within seconds their access to devices adjust its common from most domain controllers in Active Directory Network to be the readwrite in lab replicas this means that each have a complete copy of the ad database and are able to make changes to it those changes are then replicated to all other copies of the database on other dcs replication is usually quick and the last change wins in almost all cases this isn't perfect but it works for most tasks some changes to the ad database can only be safely made by one DC at a time we task those changes to a single domain controller by granting it a flexible single master operations or also known as feasible wrong we won't go into depth here on the nitty-gritty details around what each of these female roles are responsible for and how they operate but you can check out the next reading for more if your job will involve domain controller management you'll need to understand how to assign these more roles and recover from DC failure in order for computers to take advantage of the central authentication services of AD they have to be joined or bound to Active Directory joining a computer to actor a directory means two things the first is that ad knows about the computer and has provisioned a computer account for it the second is that the computer knows about the Active Directory domain and authenticates with it from that point forward the computer can authenticate to Active Directory just as any users who log onto the computers are able to you managing Active Directory isn't just a big topic it's a huge topic there are system administrators who spend all their time just managing ad we're going to spend some time showing you some of the most common tasks that assist admin will need to do in an Active Directory environment when an Active Directory domain is first set up it contains a default user account administrator and several default user groups let's do a rundown of the most important groups so I want to first get into my Active Directory window and because you can see I'm an example comm and will run through the users domain admins are the administrators of the Active Directory domain the administrator account is the only member of this group in a new domain remember how a local administrator or root on a computer is able to make any changes they want to the operating system users in the domain admins group can make any changes they want to the domain since the domain can control the configuration of all of the computers that are bound to it domain admins can become local administrators of all of those machines too this is a huge amount of power and responsibility so don't add accounts to this group lightly Enterprise admins are administrators of the Active Directory domain they also have a permission to make changes to the domain that affect other domains in multi-domain forest the administrator account is the only member of this group in a new domain and to price admin accounts should only be needed on a rare occasion like when Active Directory forest is being upgraded to a new version domain users is a group that contains every user account in the domain if you want to give access to a network resource to everyone in the domain you don't need to grant access to every individual account you can use domain users each computer thus joined to the domain has an account too so we have a default group for them also domain computers contains all computers joined to the domain except domain controllers domain controllers contains all domain controllers in the domain I'm going to be able to do everything in this lesson because I'll be playing the role of a domain admin in my example organization as a Systems Administrator our IT support specialist you might also be a domain admin or Enterprise admin because of the power that gives you to make changes in Active Directory you should never use a domain admin account as your day-to-day user account it's too easy to make a mistake that affects the entire organization domain admin accounts should only be used when you deliberately making changes to Active Directory got it your normal user account should be very much like other user accounts in the domain where your permissions are restricted just to those resources that you need to have access to all the time if there are some administrative tasks that you need to perform a lot as part of your day-to-day job but you don't need to have broad access to make changes an ad then delegation is for you just like you can set NTFS decals to give accounts permission in the file system you can set up Eckles on Active Directory objects if you'd like to learn more about this more advanced topic check out the next reading let's start administering Active Directory first up we'll take a look at user account administration you if you have systems administrative responsibilities you might be involved in joining machines to the Active Directory domain remember from our introduction to AD that computers can be joined all balint to Active Directory joining a computer to Active Directory means two things that ad knows about the computer and has provisioned a computer account for it and the computer knows about the Active Directory domain and authenticates with it over here I'm logged into a Windows computer that isn't joined to a domain this is called a workgroup computer the name comes from windows workgroups which are a collection of stand-alone computers that work together Windows work groups aren't centrally administered so they become harder and harder to manage as the size of the network occurs we want central administration and authentication in our network so let's join this computer to the domain let's look at the GUI for this first then PowerShell so I'm going to go ahead and click computer then system properties as you can see this computer is under workgroup so what we need to do is we need to join this machine to the domain to do that I'm going to go ahead and click change settings click on change in the computer name and domain changes window you can see the computer can either be a member of a domain or a workgroup but not both at the same time so I'm going to go ahead and select the domain right here and I'm going to go ahead and enter our domain name which is example.com now when I click OK this computer will reach out on the network to find a domain controller for my ad domain once it finds the DC I'll be asked for a username and password to authorize the computer to be joined to the domain so I put in my domain admin username and password which I'm gonna do right now voila there you go my machine is now joined to my domain the domain controller creates a computer account in the domain for this computer and this computer reconfigures itself to use ad authentication services this will require a reboot so let's jump over to the active directory administrative center to see what it looks like on that end alright so I'm at my active directory window and I'm gonna go ahead and click pootis and all right that is I can see my computer in the computers container now my new computer will use this Active Directory domain for authentication and I can use group policy to manage this machine we can join computers to the domain from PowerShell to I've got this computer over here that also needs to be joined to the domain so let's use a CLI this time so I'm going to go ahead and type in add computer then domain name example.com and server I'm going to connect to you and that knows nice and simple now I'm prompted for my credentials again which I'm going to enter and that's it by default this command won't automatically reboot the machine to complete the domain join if I add the reset parameter the command will take care of that too one final thing over the years there have been several versions of Active Directory we refer to these versions as functional levels an Active Directory domain has a functional level that describes the features that it supports if you're interested in seeing some of these changes to Active Directory over time take a look at the next reading on ad functional levels if you administer Active Directory you will need to know what your domain and forest functional levels are and may someday need to upgrade your Active Directory forest or domain support new features so let's look at the properties on this domain so this domain is at version 2016 we can also find this from PowerShell like this type in get Ad forest and then get ad domain see the forest mon and domain mode properties now that you know what your domains functional level is you can find out what ad features it supports check out the supplemental reading for a whole lot of additional documentation and training materials if you want a deeper dive into ad administration you all right now that we've joined all these computer started domain what are we going to do with them in this lesson we're gonna talk about how to use Active Directory group policy to configure computers and the domain itself like we mentioned before directory service are databases that are used to store information about objects the objects represent things in your network that you want to be able to reference or manage one of these object types in AD is Group Policy object or GPO what's a GPO it's a set of policies and preferences that can be applied to a group of objects in the directory GPOs contains settings for computers and user accounts you may want different software preferences for the marketing team the legal team and the engineering team using group policy would help standardize the user preferences for each of these teams and help make it more manageable for you to configure using group policies you can create login and lock up scripts and apply them to users and computers you can configure the event log telling the computer what events should be logged and where the log should be sent you can say how many times someone can enter the wrong password before their account is locked you can install software that you want to be available and block software that you don't want to run you heard the boss and this is just the beginning you can create as many group policy objects as you want but they don't do anything until they're linked to domains sites or OU's when you link a GPO all of the computers or users under that domain site or oh you will have that policy applied you can use other tools like security filtering and WMI filters to make group policies applying more selectively we'll get into that a bit a group policy object can contain computer configuration use a configuration or both these are applied at different times computer configuration is applied when the computer signs into the Active Directory domain this will happen each time the computer boots into Windows unless it's disconnected from the network at the time it's booted up user configuration is applied when a user account is logged onto the computer in each case once it gpo is an effect is checked and enforced every few minutes remember when I said that GPS contained policies and preferences what's the difference policies are settings that are reapplied every few minutes and aren't meant to be changed even by the local administrators by default policies in the GPL will be reapplied on the machine every 90 minutes this ensures that computers on the network don't drift from the configuration that system administrators defined for them group policy preferences on the other hand are settings that in many cases are meant to be a template for settings system administrators will choose settings that should be the default on computers that apply the GPO but someone using the computer can change the settings from what's defined in the policy and that change won't be overwritten how do you do main join computers actually get the GPOs when a domain joined computer or user signs into the domain by contacting a domain controller that domain controller gives a computer at list of group policies that it should apply the computer then downloads those policies from a special folder called sysvol that's exported as a network share from every domain controller this folder is replicated between all of the domain controllers and can also contain things like login and logout scripts once the computer has downloaded its GPS it applies them to the computer we won't get into too much detail about the sysvol folder but i've included links to more information in the next reading lastly many policies and preferences in GPOs are represented as values in the Windows registry the Windows registry is a hierarchical database of settings that windows and many Windows applications use for storing configuration data the GPO is applied by making changes to the registry the Windows operating system and Windows applications read the registry settings to determine what their behavior should be you can read more about the Windows registry in the supplemental reading group policy management is another huge topic we'll only cover the basics of it in this course now that you understand a little bit about what group policy objects are let's dig in and see how you use them to manage Active Directory and AD joined computers you the most important tool we'll use for creating and viewing crew past the object is called the group policy management console or gpmc you can find this in the Tools menu of server manager or by running gpmc MSC from the command line you can see that the layer of gpmc is similar to other management tools that we've used in Active Directory on the Left we see the structure of Active Directory gpmc at several containers to its GUI these aren't ad containers I will use there are management interfaces that only show up in gpmc the group policy objects container will hold all of the GPOs that are defined in the domain the WMI filters container is used to define powerful targeting rules for your GPOs these filters use properties of windows management instrumentation or WMI objects to decide whether or not a GPO should apply to a specific computer this is a more advanced topic but if you want to dive a little deeper check out the link in the supplemental reading group policy results is a troubleshooting tool that's used to figure out what group policies apply to computer and user in your network you would use this tool to check on group policies that are already applied to a computer or user on the flipside group policy modeling is used to predict which group policies will apply to a computer or user in your network you use this tool if you wanted to test a change to your gpo's or use or WMI filters before making real changes in your Active Directory we'll go into each of these in detail as the lesson goes on you might have also noticed that there are a couple of things missing remember that the users and computer containers are not organizational units group policy objects can only be linked to domain sites and are use if computer and news objects are in the default containers they can only be targeted with GPS that are linked to domains and sites it's a good practice to organize your user and computer accounts in OU's so they can be targeted with the more specific group policies now let's get started with Group Policy objects note in gpmc and take quick look at a GPO that already exists in a brand-new Active Directory domain there'll be two gpo's that are automatically created the default domain controller policy and the default domain policy the default domain policy is as you might guess a default GPO that's linked to the domain it applies to all of the computers and users in the domain the default domain controller policy is linked to the domain controllers oh you and applies you guessed it to the domain controllers what we're looking at here is the settings report for the default domain policy this GPO is designed to enforce policy decisions that we want to make for the entire domain for example the minimum password length policy prevents users from setting passwords that are too short the audit account logon events policy says that the computer should create a Windows Event for each successful and failed logon attempt there are thousands of settings that can be controlled with GPO so it can take some research to find the right setting to change in a group policy object to make a change that you want group policy has been around through several versions of Windows and sometimes things aren't exactly where do you expect to find that don't despair there are lots of documentation online about group policies and where to find specific settings protip something that you might find super useful are the group policy settings reference that Microsoft releases with each new version of Windows this reference is a spreadsheet that details the GPO policies and preferences that are available and where to find them next let's try changing one of the settings in our default domain policy before we get started I'm going to make a backup at the GPL all right click on the policy and choose backup I've created a GPO backup folder on my desktop but in a real environment we'd want to create a network for it that's locked down to only allow domain administrators to access it I can add a description here too to help me remember why I made the backup then I complete the backup wizard and I'm done now I know that if I make a mistake I can restore the policy from backup so I'll right-click on the policy again but this time I'm choosing edit this will open up the default domain policy into the group policy management editor you can see over in the left hand pane that the GPO is due into two sections computer configuration and user configuration each of these is divided into policies and preferences inside this tree of policies and preferences as every individual GPO setting that gpmc knows about whether it's been configured or not every GPO has access to the same settings at every other GPS access to you there aren't special GPOs even so it's a good practice to make different GPOs that each address a specific category of need for example you might have a GPO that handles all of the settings for a specific group of users or one that handles security policies for the whole domain with specific GPOs for specific solutions you can link your GPOs to only the computer or users that need that policy since you're working with the entire universe of group policy in every GPO it can be very difficult to tell from the editor what settings are actually configured in this GPO we refer back to the settings report in gpmc for that information it looks different but you might notice that the Settings report is laid out in the same hierarchical fashion as a GPIO editor I can see that the account lockout threshold is configured to zero invalid logon chunks let's take a look at that policy in the GPIO editor I'm going to use a settings report as a row map to finding that policy in the editor so let me show you how I'm going to go ahead and right click default domain policy hit edit and I'll have this to the side so we can look at our road map so as you can see computer configuration so I click computer configuration think like policies click windows settings want to click security settings and then account policies because we're interested in the lockout policy you can see that there are three policies under account lockout policy the policy column tells us the prime of the policy and the policy setting tells us the current configuration of the policy if a policy is not defined then this GPO won't make any changes to that setting on the computers that it's applied to the policy name is pretty easy to understand but I'm not sure that I understand all of the consequences of changing those values if I double-click on any of these policies it will open up the properties dialog for that policy oh what's this there's an explained tab here awesome the explain - I would tell us what the policy configures it may also tell us what to expect if the policy is not defined and what the default value of the policy is if it's enabled but not customized so looking at the explanation of the account lockout start short policy I see that by having it set to zero accounts will never be disabled for failed login attempts that's not what I want in my domain so I'm gonna change this value Oh interesting it looks like this policy has some dependencies on other policies ok I'm going to accept these defaults and now I'll see that all three of these policies in the account lockout policy have been configured so how do we save these changes as soon as you hit apply or ok in a group policy management and it's a dialogue the change is made in the GPO immediately almost right away computers can receive the update and start applying it that might not be what you wanted when you need to make changes to a production group policy you should test them first for example I was playing around with a default domain policy which is linked to the whole domain so I've just immediately made it so all user accounts will be locked if they enter their password incorrectly once whoops what is the undo button guess what there isn't one don't worry this is why we made a backup before starting to work on this policy let's restore the policy from backup and undo this catastrophe waiting to happen back in the group policy management console I'm going to right click on default domain policy in the group policy objects and then select restore from backup this wizard remembers the last place that I backed up at GPO and assumes that's where I want to restore from so intuitive now it lists each of the GPO backups that are in the folder that we choose the name of the policy and the time that it was backed up are listed here along with any descriptions that we provided when we did the backup if I click on view settings it will launch my web browser with the settings report of the backup cool right okay I need to get this policy restored so my uses tone get locked out of their accounts the summary dialog shows me what I'm about to do so let's go there this all looks right so I'm going to click finish and make sure that my policy has been restored perfect my backup has been restored my mistake has been undone as you've seen in this example before making changes to a GPO you should always back it up but what's another way I could have prevented this mistake that's right I could have tested my changes there are lots of ways to do this I'll summarize some simple steps here and provide additional documentation in the supplemental reading some organizations will have established best practices for testing GPO changes in their environment if that's the case then you should follow those standards you might need to follow a change management process too in order to notify others in the organization about the changes that you are about to make what I'm going to show you is just one way of adding some safety to GPO changes let's say I have a GPO called example policy can name right I want to make changes to example policy but I want to test the changes first to make sure that I don't break production machines first I set up a testing on you that contains test machines or user accounts if example policy is usually linked at example.com Finance than computers then I can create example comm finance computers test and put testing machines in the tester you this lets the test machines keep all of the existing production GPOs but gives me a place to link a test GPO they'll override production let me go and show you how I do that it's on a click example click new click o you then type in Finance and click OK thank her another o you for my computers and then underneath that I'm gonna go ahead and make a test oh you so I can test my GPO and hit okay next I make a copy of the GPO that I want to change and call it something like test example policy let me show you how I do that so this is one policy that I have and hit copy go to my group policy objects hit paste now let's say use the default permission for the GPO s because we want to make a copy of course and hit OK you can see it's called copy of master I'm gonna rename this to test example policy enter now I can make the changes that I want to test in test example policy and link it to my test oh you and let me show you how I link that I'm gonna go into my oh you financed computers and then test right click test and then I say link an existing GPO which is going to be my test example policy right here and then hit OK after it confirmed that my changes were the way that I expected I can make a backup of the test policy then import the backup of test example policy to the production example policy this makes some extra work for me since I'm a systems administrator but I also benefit from added safety and peace of mind by testing my changes on a copy of the GPO on test machines I make it much harder to accidentally break production with machines your organization might be using advanced group policy management or AG p.m. which is a set of add-on tools from Microsoft that give you some added revision control abilities in gpmc if you do use AG p.m. in your organization you should follow best practices for GPO version control using AG p.m. I've included a link to those best practices in the next reading we've edited a GPO and seen some ways to make editing GPO safe now we need to know a bit more about how to understand all of the policies that are applied to a specific machine or a user account next up GPO inheritance and precedents I'll see you there you if you follow the practice of creating specific GPOs to address specific categories of needs you can end up with a whole lot of policies linked at many levels of your active directory hierarchy group policy objects that control security settings are a really common place where this can happen systems administrators are responsible for protecting the security of the IT infrastructure so it's a good practice to create a very restrictive GPO that uses very secure conservative security policies and link that to the whole domain this gives you a secure default policy but some uses all computers might not be able to do what they need to with those very conservative policies in place the finance department might need to use Excel macros that are disabled in your default security policy for example so we can create GPOs that relax some of the security settings or policies in the OU's that contain those computers or users another example might be that we have a group policy object that standardized the desktop wallpaper of all computers but we have computers that are public access kiosks that need to have a different wallpaper in any of these cases you can have computers or user accounts with multiple GPS assigned to them that contradict one another by design so what happens when there are two or more contradictory group policy objects that apply to the same computer when computers processing the group policy objects that apply to it all of these policies will be applied in a specific order based on set of precedence rules gpo's are applied based on the containers that contain the computer and user account GPOs that are linked to the least specific or largest container are applied first gpo's are linked to the most specific or smallest container or applied last first any GPO is linked at the ad site are applied then any linked at the domain and then any OU's in order from parent to child if more than one policy tries to set the same policy or preferences then the most specific policy wins - see what I mean let's look at this ad structure as you can see my structure I've multiple I'll use we have my IT oh you we have my sales are you I also have my research you and I also have my sites in Australia India and North America if you have a computer in the India site and the example.com sales computer are you then active directory would apply group policy objects that are linked to the India cite the example comm domain the sales are you and the computers are you in that order that's on although you can actually link multiple GPOs to the same container how does ad decide which order to apply the GPO is in if there are more than one in a container each container has a link order for the GPS are a link to it so let's look at ourselves are you the sales are you in our example domain has a GPO for a network drive mapping and a GPO for configuring network printers the link order of each policy determines which GPO takes precedence the highest number is the lowest ranked GPO so its settings are applied first Network printers sales is applied first and network drives sales is applied last if anything the network drive policy contradicts the network printer policy and the drives policy wins out les summarizes so far the highest numbered link order in the least specific container is applied first and the lowest numbered link order in the most specific container is the last GP applied the last GPO to modify any specific setting wins in the group policy management console we can see the president's rules in action I'm going to switch to the computers are you in group policy management I can see that there's a policy linked here called computer security policy will increase this by switching from the linked group policy objects tab to the group policy inheritance like so I can see that objects in this oh you will actually have a quite a few policies applied the precedents column tells us which policy will win if there are conflicting settings and the location column tells us where the policy was linked you might have noticed that there are no site link policy listed here that's because you can have computers from many different ad sites in the same you so site-based GPO links aren't represented in the summary when you add all of the group policies together for a specific machine and apply precedence rules to them we call that the resultant set up our C o RS LP for that machine when you troubleshooting Group Policy who often compared an our SOP report pronounced horse up to what you expect to be applied to that computer there are a lot of ways to get at our self report we'll use the group policy management console for now and look at the other methods when we start troubleshooting let's check on what group policy objects will apply when one of our cell staff logs on to their computers or right-click on the group policy results not in gpmc and select group policy result Wizards let me go and do that this wizard will walk me through generating a resultant set of policy report for the computer and user my choice the computer that I'm using to run this report will make a remote connection to that computer and ask you to run the report the report will then be visible in my local gpmc I like to see the arse up when Emmett is logged into his computer which is Emmett pcs zero one let me go and do that so I'm hitting next I wanna search for his computer so I hit another computer hit browse Naughton type in Emmett PC zero one and hit OK the group policy results in wizard is super simple first I enter Hemet PC 0 1 as a computer that I want to run the report on by default the wizard will only run in our sub report for computer configuration since I want to see the user configuration for Emmett - I'll select display policy setting for him which is actually already selected by default so what I'm gonna do is I'm gonna hit next and it's gonna take us to the summary of selections and then we're gonna hit next and to generate the report we hit finish you can only select users from this list you've already logged on to this computer in the past that's it I review my selection in the summary dialog then finish the wizard I'm for the new item under the group policy resultant nod in gpmc and it contains a resultant sent the policy report that just requested great this are self report contains everything that we need to understand what policies apply to a computer or user it includes a whole lot of detail about where the computer and user are located in AD what their security group memberships are and more I'm going to set that aside for them up for the moment and focus on the setting sections of the report which I once brought down to this looks a lot like the information you see in the settings tab of a GPO but instead of only showing you these settings modified by single GPO you can see the combined effect of all of the applied GPOs the winning GPO column tells you which GPO ultimately took precedence for each policy and preference amazing right remember I'm making a remote request from my group policy management console to emit species 0 1 to run this report there are a bunch of reasons that this could fail to work I'm at PC zero one may be powered off it could be disconnected from the network or my firewall rules that prevent me from running the report remotely if I'm not a local administrator on the machine I won't be able to run the report in any of these cases if I need that R sub report for troubleshooting I might have to run commands locally on Emmett's PC zero one will cover additional troubleshooting techniques in a future lesson you as a Systems Administrator nor IT or specialist you might be called on to troubleshoot issues related to Active Directory let's go through some of the most common troubleshooting tasks that you may encounter this lesson will introduce you to tools that will help you troubleshoot these scenarios keep in mind these are only examples since we're working with complex systems there are lots and lots of ways for things to not work your greatest tool is to learn about these systems and understand how they function don't for troubleshooting and research are your friends one of the most common issues you might encounter is when a user isn't able to log in to their computer or isn't able to authenticate to the Active Directory domain there are many reasons this might happen they may have typed the password with cap locks button on they may have locked themselves out of the computer accidentally changed a system setting or it could be a software bug it's important to think about the steps to troubleshoot and remember to ask questions about what happened make sure to look at the exact conditions under which of the failure occurs and any error message that accompanied the failure this should be enough information to get you started down the right path to troubleshoot let's just talk for a moment about the most common types of failures that can lead to a user account authentication issue as we discussed in an earlier lesson if a user enters a wrong password several times in a row their account may be locked out people sometimes just forget their passwords and need the assistance of an administrator to sort things out make sure to review our earlier lesson on managing user and groups in Active Directory if you need a refresher on resetting user passwords if a domain computer isn't able to locate a domain controller that it can use for authentication then nothing that relies on Active Directory authentication will work if you remember from the customer support module in the first course any time you troubleshoot an issue start with the simplest solution first this could be a network connectivity issue and nothing specific to Active Directory at all if the computer isn't attached to a network that can route communications to the domain controller then this must be fixed you also learnt about network troubleshooting techniques in an earlier module so we won't repeat any of them here any networking issue that would prevent the computer from contacting the domain controller or its configured DNS servers which is used to find domain controller could be an issue now why is DNS so important in order for the computer to contact a domain controller it needs to find one first this is done using DNS records the domain computer will make a DNS request for the SRV records matching the domain that has been down to if the computer can't contact its DNS service or if those DNS servers don't have the SRV records that the computer is looking for then it won't be able to find the domain controller the SRV record that we're interested in are under school LDAP dot underscore tcp dot d c-- dot underscore em s d c-- s dot domain dot name where domain name is the dns name of our domain so i'm gonna go ahead to my partial and i want to go ahead and type in resolved - dns name type s RV name paladin dot underscore TCP dot d c-- dot underscore mas d c-- has dot example.com well that looks good i should see an SRV record for each of my domain controllers and i do perfect now if i can't resolve the SRV records for my domain controllers then my dns servers may be misconfigured how might they be misconfigured well my domain computers need to use the dns service that hosts my Active Directory domain records this will often be one or more of my domain controllers but it can be a different domain server either way the appropriate DNS service to use for your deep domain computers should be known and documented compare the configuration of the machine to the known good configuration and see if it needs to be adjusted on the flip side if your resolving some SRV records but they appear to be incomplete or incorrect then in-depth troubleshooting may be required I've included a link to more information about this in the next reading one more thing to call out depending on the configuration of your domain and new computers it's common that local authentication will continue to work for a little while at least once someone logs into a domain computer information required to authenticate that user is copied to the local machine this means that after the first login you'll be able to login to the computer even if the network is disconnected you won't be authenticate to the domain or authorized to access any domain resource like shared folders just because someone is able to login doesn't mean that they're able to find a domain controller another issue that can prevent users from authenticating has to do with the clock Kerberos is the authentication protocol that anyd uses and it's sensitive to time differences I'm not talking about local time zones here I mean the relative UTC time if the domain controller and computer don't agree on the UTC time usually within five minutes the authentication attempt will fail domain computers usually synchronize their time with domain controllers with the windows time service but this can sometimes fail if the computer is disconnected from a domain network for too long or if the if the time has changed by software or a local administrator to be too far out of sync then the computer may not automatically resync with a domain controller you can manually force a domain computer to resync by using the w 32 t m4 /r sync command I've included links with more information about this in the next reading now let's talk a bit about troubleshooting group policy issues a common issue that you might have to troubleshoot is when a GPO defined policy or a preference fails to apply to a computer you might learn about this failure in a number of ways like a person in your organization telling you that something on their computer is missing or not working if you're using GPO to manage configuration on your machines then maybe there will be a piece of software that should be present or there may be a map network drive that's missing or a number of things the common factor will be that something that you created a GPO to configure won't be configured on one or more computers let's look at the three most common reasons that this might happen the first and possibly most common type of GPO failure has to do with the way crew pulses are applied depending on how your domain is configured the group policy engine that applies policy settings to a local machine many sacrifice the immediate application of some types of policies in order to make Oakland faster this is called fast logon optimization and it can mean that some GPO changes take much longer to be automatically applied than you might expect also the group policy engine usually tries to make GPO application faster by only applying changes to a GPO instead of the whole GPO in either of these examples you can force or GPOs to be applied completely and immediately with gpupdate slash force if you want to be really thorough you can run a GP update slash force slash sync adding the slash sync parameter will make you log off and reboot the computer some types of group policy can only when the computer is first booted or when a user first logs on so a logoff and reboot is the only way to make sure that a forced update to GPO has a chance to apply all of the settings replication failure is another reason that a GPO might fail to apply is expected remember that when changes are made to Active Directory those changes usually take place on a single domain controller those changes then have to be replicated out to other domain controllers if replication fails then different computers on your network can have different ideas about the state of directory objects like policy objects the logon server environment variable would contain the name of the domain controller that the computer used to log on remember that you can see the contents of the variable with this command in power shell which is dollar sign environment : log on server and shows me DC one you can also get the same results using command prompt which uses percentage log on server percentage knowing which domain controller you are connected to is useful information to have if you suspect a replication issue from the group policy management console we can check on the overall health of the group policy infrastructure I'm going to select my domain and take a look at the Status tab this tab will summarize the Active Directory and sysvol replication status for the domain it may be showing result from a recent test so I'm going to force it to run a new enough analysis by clicking on detect now what we want to see is that all of our domain controllers are listed under domain controllers with replication in sync if they are then we can be sure that there are no replication issues that will affect our group policy objects if we do see any domain controllers in the domain controller with replication and progress list then we may have a replication issue depending on the size and complexity of your Active Directory infrastructure and the reliability and throughput of the network links between your ad sites it's possible for a replication to take a few minutes to complete if replication doesn't complete in a reasonable amount of time you may need to troubleshoot Active Directory replication in the Supplemental reading you'll find a handy guide to help you through this more advanced topic we focused on the simplest cases for managing Group Parsi but the reality is that controlling the scope of a group policy object can get super complicated take a look at the supplemental reading to learn more about this topic - if you're trying to work out why a particular GPO is supplying to a computer the first thing to do is to run the resultant set a policy or horse up you can use the group policy management console like we did in an earlier lesson or you can run the command on a computer directly to generate the report the GP result command will help us out there if I run GP result for /r you can see that I get a summary report in my terminal let me go and show you that so I'm switching to my powershell GP result for slash our reports been created and I get this report if I want the full report like I get for my GP MC I can run a GP result for /h filename HTML undo GP result /h and then test dot HTML this will give me a report that's an HTML web page that I can open in my browser and then we go and get that okay so with this report in hand I want to look for some things is the GPO that I want to apply listed what was it linked to annoy you that contains the computer that I'm troubleshooting is the GPO that I care about listed under ply gpo's or under deny GPIOs if it was denied what was the denied reason did another GPL win for the policy of preference that I'm trying to configure each GPO can be configured with an echo called a security filter is the security filter set to something besides authenticated users if so then that may mean that you have to be in a specific group in order to read or apply the GPO each GPO can also be configured with the WMI filter a WMI filter that she applied a GPO based on the configuration of the computer Delta here my filters are powerful but expensive and easy to miss configure this is because they look at windows management instrumentation values to decide if a policy should apply or not for example you can create a GPO that installs a piece of software but only if a.w in my reports that a specific piece of hardware is present these filters are expensive because they require the group pass engine to perform some sort of query or calculation on every computer let's make to the policy but then only apply the GPO to computers that match the filter many policies and prophecies can be configured to apply to the computer or to use as a logon did you meet a configure a computer setting but accidentally configure a user setting or the reverse there's a really in-depth group policy troubleshooting guide in the supplemental reading that you should refer to if you get into a really tricky GPO troubleshooting session ok we've really covered a lot out here if you aren't clear on any of the concepts we've covered that's ok just make sure to re-watch the lessons remember though that the more you work with Active Directory and the group policy the more familiar you become with them if you use what you've learned about these systems combined with your research skills you can troubleshoot just about anything you in the last lesson you don't head first into the popular directory service active directory you learnt how to add users password groups and even modify access level for groups using group passes another popular directory service that's used today is the free and open source service open LDAP which stands for lightweight directory access protocol operates very similar to Active Directory using LDAP notation or LDAP data interchange format or LD if' you can authenticate add/remove users groups computers and so on in a directory service open LDAP can also be used on any operating system including Linux Mac OS even Microsoft Windows however since Active Directory is Microsoft's proprietary software for directory services we recommend that you use that on Windows instead of open in LDAP but it's helpful to know that open LDAP is open source so it can be used on a variety of platforms there are a few ways you can interact with an open LDAP directory first you can use the command line interface and passing commands to create and manage directory entries you can also use a tool like PHP LDAP admin which offers you a web interface that you can use to manage your directory data much like the at Windows Active Directory GUI that you're familiar with you can read more about how to set up open LDAP and PHP LDAP admin in the next reading in this lesson we'll give you a high-level overview of the operations you can do in open LDAP via commands and how they work to begin we'll just open the open LDAP package using this command I want to get into my Linux environment and type of this command sudo apt-get install slap D held app utils my password in and except once you install the packages it'll prompt you to enter in an administrator password for alle dot so let's go ahead and do that and then hit OK then confirm your password then hit OK now that its installed we're actually going to reconfigure the snap D package so that we can fine-tune our setting to do that we're gonna run the following command I'm gonna clear my window and then run sudo dpkg reconfigure slap D this is gonna ask us a bunch of questions about our new setup we won't cover all of these options but you can learn more about them and you guessed it the Supplemental reading for now let's just fill out the settings with these values so the first option is omit open LDAP server configuration I'm gonna go ahead and say no next DNS domain name is similar to Windows ad this is our organization domain let's use example calm and then hit OK organization name let's use example administrator password just the same thing that we entered before for the database let's use MD be do you want the database to be removed when Slappy's purged let's go ahead and say you know that's asking us if you would like to move the old database we're gonna say yes for now and they'll say allow LDAP version 2 protocol I'm gonna say no that's it now you have a running open LDAP server we're really cooking now let's keep going you it's easier to manage open LDAP through a web browser and tool like PHP LDAP admin but you can also use command line tools to achieve the same result I'd recommend you look into setting up a PHP l-dub admin if this is your first setup with open LDAP for instructions about how to set up PHP a Badman check out the supplementary reading in this lesson we're gonna quickly run down a few of the commands that will allow you to add modify and remove entries in your directory to begin using command-line tools you need to use something known as LD if' files pronounced out if we've already seen LD format or LDAP notation in action it's just a text file that lists attributes and values that describe something here's a simple example of an LD file for a user even without understanding what the syntax of this file is saying we can infer that it's talking about an employee named Cindy who works in the engineering department of the company example.com we've talked a little bit about what the attributes are referring to in an earlier lesson but you can refer to the Supplemental reading if you want to know what the specific fields mean for our purposes here though we just want to see a high-level overview of how this works once you've written your LD files you practically done depending on what task you want to do to your directory you'd run commands like these l-dub ad this takes the input of an LD file and adds the context of the files l adapt modify as you can guess this modifies an existing object I'll adapt delete this will remove the object that the LD fr refers to LDAP search this will search for entries in your directory database it's not important to know the syntax of these commands you can always look up the syntax on official documentation but as you can see it's not scary to work for the open LDAP it operates in a very similar way to Windows Active Directory or AD you can take this knowledge and populate your directory just like you did in Windows ad if you're curious about the syntax of these commands check out the supplemental reading on using out diff files and adapt commands again if you're considering open LDAP as your solution to your directory service needs I'd recommend looking into the web manager tool PHP LDAP Mad Men that we've included a link to in the next reading just like windows ad this topic can be pretty extensive so think about which directory solution best fits the IT needs for your organization there are lots of reasons why you might want to deploy the help of a directory service like open LDAP or Active Directory or working in a systems administration role directory services are great for centralized authentication keeping track of what computers are in your organization who can access them and more make sure to play around and familiarize yourself with open LDAP or PHP LDAP admin to get a better sense of how these our tree services work checking out the official documentation is always a good place to start by now you've learned about all the essential IT infrastructure services the next topic will shift to is how to make sure all the hard work you put into your IT infrastructure doesn't go to waste by learning about disaster recovery and backups your hard work is really paying off high five to that now take a moment to complete the quiz we put together for you then we'll meet you back in the next video you have you ever had something unexpected and catastrophic happened to a piece of tech you owned maybe you dropped your cell phone in a shattered or split a glass of water all over your laptop I know it's happened to me and no it's not fine well Hardware may be hard to replace data can be even harder to get back especially those photos of special moments important documents are more in this module we're going to arm you with tools you need to be prepared for these accidents so you can minimize the impact and loss of data all right let's get right into it data recovery you what exactly is data recovery if you've ever broken a cell phone you probably lost some good pictures along with the phone itself data recovery is a process of attempting to recover the data that's lost from the broken phone but this is just one example attempting to recover from unexpected data loss data recovery in general terms is the process of trying to restore data after an unexpected event the results in data loss or corruption may be a device that contains data was physically damaged or attacker perform malicious actions or malware deleted critical data whatever the cause the effect is the same you've suddenly lost some really important data and you need to figure how to get it back how you go about trying to restore this lost data depends on a few factors one is the nature of the data loss if the device has been damaged you might be able to recover data from the damaged Hardware this could involve using data recovery software which can analyze failed hard disks or flash drives and try to locate and extract data files another factor that would affect your data recovery is the presence of backups if you're lucky or you had the foresight to plan for the unexpected you have data backed up and you can restore the data that was lost data recovery is an important part of an IT system or organization since data is critical component of any business operations as an IT support specialist part of your role is to ensure that this data is available and protected from corruption or loss so if something goes wrong the organization can continue with their business operations with minimal disruptions that's why it's critical to be able to recover from unexpected events that could impact your business data when an unexpected event occurs your main objective is to resume normal operations as soon as possible while minimizing the disruption to business functions by the end of this module you'll have practical tools and methods that you can use to protect your data one of the most important techniques you'll learn is how to effectively backup your data the best way to be prepared for a data loss event is to have a well-thought-out disaster plan and procedure in place disaster plans should involve making regular back of any and all critical data that's necessary for your ongoing business processes this includes things like customer data system databases system configs and financial data you learn more about how to design and implement a data disaster plan throughout this module and lastly you'll learn more about what IT folks call a post mortem imagine that something did go wrong with your systems and you had to use a disaster plan you might have discovered issues when recovering your data that wasn't covered in the disaster plan a post mortem is a way for you to document any problems you discovered along the way and most importantly the ways you fix them so you can make sure they don't happen again being unprepared for a major data loss event can and has really impacted businesses in the upcoming lessons you'll learn how to prepare for data loss which is a key part of any IT role if you're interested in hearing more about how real companies have been impacted by unexpected data loss check out the supplementary reading otherwise we're going to kick start our journey of data recovery with learning how to backup data ready let's get started you so you want to protect your organization from critical data loss good instincts but where do you start let's run down some of the key things to keep in mind when designing a data backup and recovery plan the first thing to figure out is what data you need to backup in a perfect world you should only be backing up data that's absolutely necessary for operations and can't be found in another source so things like emails sales databases financial spreadsheets server configurations and databases should all be included but what about the Downloads directory on your laptop is it really necessary to backup all those cat pictures - probably not backing up data isn't free every additional file you backup takes up a little more disk space increasing the overall costs of your backup solution once you figured out what data do you like to backup you should find out how much total data you currently have but it's not enough just to think about what your backup storage requirements are right now your organization may continue to grow and your backup niece should grow with it make sure that you account for future growth and choose a solution that's flexible enough to easily accommodate increases in data backups data can be backed up either locally to systems on site or the backup data can be sent off-site to remote systems both approaches have positives and negatives and can help reduce different risks the advantage of on-site backup solutions is that the data is physically very close this makes accessing the data a lot quicker you won't need as much outbound bandwidth since you aren't sending the data out of your internal network if you need to restore data from backups that should happen pretty quickly since the data is close at hand but what if the unexpected event is a building fire now the systems we were backing up along with the backup server have been lost in the fire yikes we've lost everything this is why off-site backups are strongly recommended this involves making backups of critical data than sending the backed up data off-site to remote systems in a different physical location this could be another backup server that you control in a different office or a cloud hosted backup service but there are trade-offs yeah off-site helps better prepare us for catastrophic events that can wipe out data from an entire office but sending data off-site means that you need to transmit the data outside of your network this means you need to consider things like encryption and bandwidth your internet connection will be used to transmit the backup data depending on how much data you're sending off-site and how fast the internet connection is this could take a lot of time another important thing to consider is encryption of backups since backups will often contain sensitive and confidential business data it's important the data is handled securely and stored in a way that prevents unauthorized access when sending data off-site is especially important to make sure that data is being transmitted securely preferably encrypted via TLS but that's not all the resulting backup data that stored should also be encrypted at rest this is just good security practice in the next video we'll discuss some of the practical tools that you can use to backup your data you so you're looking to bring a backup solution into your organization but how do you choose between a DIY backup system or one of the many cloud providers well let's start by looking at the trade-offs between the two on-site or self-managed backups could be as simple as buying commercial NAS device loading it with a bunch of hard drives and sending data to it over the network this would definitely work but it might not be the best long-term solution how do you grow the disk capacity when you need more storage space how do you handle the failed hard disk because hard disks will fail eventually by the way it's important to call out these options aren't mutually exclusive there's nothing stopping you from implementing both on-site and off-site backups actually it's often recommended to have both if it's within your organization's budget one more thing that you should consider when evaluating the backup strategy for an organization is backup time period how long do you need to hang on to backups for this answer will impact your long-term storage needs and overall cost to maintain a backup system one approach which balances cost with convenience is to archive order data using a slower but cheapest storage mechanism the standard media for archival backup data storage is data tapes these are a lot like audio cassette tapes since the use pools of magnetic tape run through machines that allow data to be written to and read back from the tape tape storage is pretty cheap but isn't as easier quick to access as data stored on hard drives for solid-state drives this storage system is usually used for long-term archival purposes where data isn't likely to be needed if it is needed some delay in getting the data isn't a concern there are dozens and dozens of backup solutions available we won't cover specific ones since there are way too many but we'll cover some common tools and give you some examples of backup solutions available one is the command-line utility our sink our sink isn't explicitly a backup tool but it's very commonly used as one it's a file transfer utility that's designed to efficiently transfer and synchronize files between locations or computers our sink supports compression and can use SSH to securely transfer data over a network using SSH it can also synchronize files between remote machines making it super useful for simple automated backups Apple has a first-party backup solution available for their Mac operating systems called Time Machine it operates using an incremental backup model time machine supports restoring an entire system from backup or individual files it even allows restoring older versions of backed up files Microsoft also offers a first-party solution called backup install this has two modes of operation is a file based version where files are backed up to a zip archive or there's the system image where the entire disk saved block-by-block to a file file based backup support either complete backups or incremental ones system image backup support differential mode only backing up blocks on the disks that have changed since the last backup if you want to learn more about these tools for their links in supplemental readings after this lesson you there's one last super important topic when it comes to backups testing them the field of I t's littered with tragic tales of IT support specialists and society means attempting to restore data from a backup after a data loss incident only to discover that their backups are invalid that's not just embarrassing it's completely terrifying the takeaway here is that it isn't sufficient to just set up regular backups there's only half of the equation the other half is a recovery process and that process needs to be tested regularly recession procedures should be documented and accessible so that anyone with the right access can restore operations when needed you don't want your time off to be interrupted because your colleague back at the office doesn't know how to restore the sequel database from the backup right of course not so document the procedure and make sure you regularly test the documentation to make sure it works now and in the future this process is called disaster recovery testing and it's critical to ensuring a well-functioning recovery system disaster recovery testing should be a regular exercise that happens once a year or so it should have different teams including IT support specialists going through simulations of disaster events they'll test and evaluate how well prepared or unprepared your organization is for lots of unexpected events these scenarios can be anything from a simulated natural disaster like an earthquake to a fictional event like a hoard of zombies shutting down an office if that's the case backups would be the least of your worries but it's still important whatever the scenario you'll help your IT team to test their emergency procedures and figure out what works and most importantly what doesn't these simulated events are the perfect way to discover any gaps in your planning if you discover that you aren't protected from data loss in any given scenario it's an opportunity to learn and fix this gap without risking real data loss sounds like a win-win doesn't it you so we talked about how important backups are and why you should be backing up any important data and some tools that can use to help you backup data but how exactly do you decide when and how to backup data well let's explore those options there's a couple of ways to perform regular backups on data that's constantly changing you can do a full backup on a regular basis which involves making a copy of the data to be fully backed up the full unmodified contents of all files to be backed up is included in this backup mechanism whether the data was modified or not in the case of data that doesn't change very often like operating system configuration files this approach can be inefficient you're backing up multiple copies of data that isn't changing which wastes space and users bandwidth unnecessarily that doesn't seem like the best idea does it a more efficient approach is to only backup files that have changed or been created since the last full backup this is called a differential backup the advantage is that you aren't storing back to some duplicated unchanging data only the files that changed are backed up saving us some storage space and time to form the backup but you wouldn't want to completely stop taking full backups all the time you wind up tracking and storing lots of copies of files that change a lot which will also take up more and more disk space over time to avoid this it's a good practice to perform infrequent full backups while also doing more frequent differential backups how often you perform a full backup will depend on how far back you want changes to be tracked let's say we perform full backups once every week and differential backups daily in the worst case scenario would lose close to 24 hours of data changes that's not bad another efficient way to backup changing data is to perform regular incremental backups while the differential backup backs files that have been changed or created an incremental backup is when only the data has changed in files is backed up this is even more efficient in terms of both disk space and time required compared to differential backups again you'll want to use frequent incremental backups along with less frequent full backups but because this approach only saw differences in the files that have changed since the last incremental backup it's possible that all incremental backups are needed to fully reconstruct the files if one of these incremental backups is missing or corrupt it might not be possible to recover data any more recently than the last full backup another drawback is that recovery might be more time-consuming this is because the most recent version of backed up data and has to be recreated by integrating the last full backup with each incremental backup that follows the super large files that are changing frequently this could require a lot of time to process one more thing backup systems can do to help save space is bulk compression when creating a backup or the files and folder structures will be copied and put into an archive archives are useful for keeping files organized and preserving folder structure Bucyrus archiving the files backups can also be compressed this is a mechanism of storing the same data or requiring less to space by using complex algorithms those are way too complicated to go into detail here but it's important to call out that not all data types lend themselves to being compressed this means that space savings from compression will depend on what you're backing up another thing you should know about compressing backups is the expense of restoration to recover data from the backup it needs to be decompressed first depending on the size of your backups this could take a lot of time and displace expand we touched on backup storage location a bit in the last lesson but let's dive into a little more detail good news there's a pretty cheap and easy to maintain option out there for storing backup data on site you can use a commercial nas device or configure a false server with a large amount of disk space wherever you choose to store your backup data you need a lot of space you could go out and buy a giant 10 terabyte hard disk which could work for a little while but what do you do once your backup data grows to fill that one disk are they even making disks larger than 10 terabytes yet another thing to worry about is what you do if that one disk coding or your backed up data fails yikes that wouldn't be good these are issues a radar I can address raid stands for redundant array of independent disks it's a method of taking multiple physical disks and combining them into one large virtual disk there are lots of types of raid configuration called levels depending on the characteristics desired from the array various raid levels prioritize features like performance capacity or reliability raid arrays are a great inexpensive way of printing a lot of data capacity or minimizing risk of data loss in the event of disk failure they can't even be flexible enough to allow feature growth in disk capacity we won't go into the nitty gritty details of the different raid levels available but if you want to learn more check out the supplemental readings at the end of this lesson I want to stress the fact that raid isn't a backup solution it's a data storage solution that has some hardware failure redundancy available in some of the raid levels but storing data on a raid array doesn't protect against accidentally deleting files or malware corrupting your data this is so important that I'm going to say one more time raid is not a replacement for backups you as an IT support specialist working closely with users in your organization the topic of user backups is sure to come up we've already covered backing up mission-critical operational data but what about des spreadsheets and PDFs on Carley's laptop she's going to want to make sure that she doesn't lose those if her laptop gets stolen while it's important to have a backup solution for infrastructure and critical systems you also have to think about your users and their valuable files ensuring reliable backups for client devices it's a bit more challenging than infrastructure devices there are likely to be lots of more client devices to backup compared to infrastructure ones plus there are laptops phones and tablets that won't be in the office all the time one solution to user backups is to use a cloud service designed for syncing and backing up files across platforms and devices some examples of these are things like Dropbox Apple iCloud and Google Drive which are simple and straightforward to use there's no complicated scheduling or configuration compared to infrastructure backups they make it easy for users to configure what files or folders they want to have backed up and then ensure the files are synchronized with what's stored in the cloud as an IT support specialist this is especially relevant when users accidentally spilled a cup of coffee on their laptop they're going to come to you hoping their precious family photos can be saved getting users set up with an easy to use and effective backup system for their files is a great way to avoid this situation

Info

Channel: Geek's Lesson

Views: 2,898,201

Rating: 4.8768716 out of 5

Keywords: system administration, how to become a system administrator without a degree, system admin roadmap, system administration tutorial point, system administrator salary, is being a system administrator hard, system administrator job description, system administration course, system administration in linux, system administration complete course, geek lesson, system administration tutorial for beginner

Id: 1DvTwuByjo0

Channel Id: undefined

Length: 209min 29sec (12569 seconds)

Published: Mon Aug 06 2018