Tips that every Windows Network Administrator must know

Tarang Agarwal

The core concept tips that every Windows network admin must know. These are the things that you not only need to know in your day to day job as a Windows Network Admin but for anyone who is interviewing as a network admin.

This cover article might be helpful for Windows Network Admins out there who need some "brush-up tips" as well as those who are interviewing for network admins jobs to come up with a list of networking concepts that every network admin should know.
So, here is some of the core networking concepts that every Windows Network Admin (or those interviewing for a job as one) must know:

1. OSI Model encapsulation

One of the core networking concepts is the OSI Model. This is a theoretical model that defines how the various networking protocols, which work at different layers of the model, work together to accomplish communication across a network (like the Internet).
Unlike most of the other concepts above, the OSI model isn't something that network admins use every day. The OSI model is for those seeking certifications like the Cisco CCNA or when taking some of the Microsoft networking certification tests.
Here is the OSI model:

  • Application - layer 7 - any application using the network, examples include FTP and your web browser
  • Presentation - layer 6 - how the data sent is presented, examples include JPG graphics, ASCII, and XML
  • Session - layer 5 - for applications that keep track of sessions, examples are applications that use Remote Procedure Calls (RPC) like SQL and Exchange
  • Transport - layer 4 -provides reliable communication over the network to make sure that your data actually "gets there" with TCP being the most common transport layer protocol
  • Network - layer 3 -takes care of addressing on the network that helps to route the packets with IP being the most common network layer protocol. Routers function at Layer 3.
  • Data Link - layer 2 -transfers frames over the network using protocols like Ethernet and PPP. Switches function at layer 2.
  • Physical - layer 1 -controls the actual electrical signals sent over the network and includes cables, hubs, and actual network links.

At this point, let me stop degrading the value of the OSI model because, even though it is theoretical, it is critical that network admins understand and be able to visualize how every piece of data on the network travels down, then back up this model. And how, at every layer of the OSI model, all the data from the layer above is encapsulated by the layer below with the additional data from that layer. And, in reverse, as the data travels back up the layer, the data is de-encapsulated.
By understanding this model and how the hardware and software fit together to make a network (like the Internet or your local LAN) work, you can much more efficiently troubleshoot any network.

2.      LAN vs WAN

Your local area network (LAN) is usually contained within your building. It may or may not be just one IP subnet. Your LAN is connected by Ethernet switches and you do not need a router for the LAN to function. So, remember, your LAN is "local".
Your wide area network (WAN) is a "big network" that your LAN is attached to. The Internet is a humongous global WAN. However, most large companies have their own private WAN. WANs span multiple cities, states, countries, and continents. WANs are connected by routers.

3.     NAT and Private IP Addressing

Today, almost every local LAN network is using Private IP addressing (based on RFC1918) and then translating those private IPs to public IPs with NAT (network address translation). The private IP addresses always start with 192.168.x.x or 172.16-31.x.x or 10.x.x.x (those are the blocks of private IPs defined in RFC1918).
In Figure-1, you can see that we are using private IP addresses because the IP starts with "10". It is my integrated router/wireless/firewall/switch device that is performing NAT and translating my private IP to my public Internet IP that my router was assigned from my ISP.

4.     Firewalls

Protecting your network from malicious attackers are firewalls. You have software firewalls on your Windows PC or server and you have hardware firewalls inside your router or dedicated appliances. You can think of firewalls as traffic cops that only allow certain types of traffic in that should be in.

5.     Default Gateway

The default gateway, shown in Figure-1 as 10.0.1.1, is where your computer goes to talk to another computer that is not on your local LAN network. That default gateway is your local router. A default gateway address is not required but if it is not present you would not be able to talk to computers outside your network (unless you are using a proxy server).

6.     Ethernet & ARP

Ethernet is the protocol for your local area network (LAN). You have Ethernet network interface cards (NIC) connected to Ethernet cables, running to Ethernet switches which connect everything together. Without a "link light" on the NIC and the switch, nothing is going to work.
MAC addresses (or Physical addresses) are unique strings that identify Ethernet devices. ARP (address resolution protocol) is the protocol that maps Ethernet MAC addresses to IP addresses. When you go to open a web page and get a successful DNS lookup, you know the IP address. Your computer will then perform an ARP request on the network to find out what computer (identified by their Ethernet MAC address, shown in Figure-1 as the Physical address) has that IP address.

7.     IP Addressing and Subnetting

Every computer on a network must have a unique Layer 3 address called an IP address. IP addresses are 4 numbers separated by 3 periods like 1.1.1.1.
Most computers receive their IP address, subnet mask, default gateway, and DNS servers from a DHCP server. Of course, to receive that information, your computer must first have network connectivity (a link light on the NIC and switch) and must be configured for DHCP.
You can see my computer's IP address in Figure 1 where it says IPv4 Address 10.0.1.107. You can also see that I received it via DHCP where it says DHCP Enabled YES.
Larger blocks of IP addresses are broken down into smaller blocks of IP addresses and this is called IP subnetting. I am not going to go into how to do it and you do not need to know how to do it from memory either (unless you are sitting for a certification exam) because you can use an IP subnet calculator, downloaded from the Internet, for free.

8.     DNS Lookup

The domain naming system (DNS) is a cornerstone of every network infrastructure. DNS maps IP addresses to names and names to IP addresses (forward and reverse respectively). Thus, when you go to a web-page like www.windowsnetworking.com, without DNS, that name would not be resolved to an IP address and you would not see the web page. Thus, if DNS is not working "nothing is working" for the end users.
DNS server IP addresses are either manually configured or received via DHCP. If you do an IPCONFIG /ALL in windows, you will see your PC's DNS server IP addresses.

9.     Routers

Routers route traffic between different IP subnets. Router work at Layer 3 of the OSI model. Typically, routers route traffic from the LAN to the WAN but, in larger enterprises or campus environments, routers route traffic between multiple IP subnets on the same large LAN.
On small home networks, you can have an integrated router that also offers firewall, multi-port switch, and wireless access point.

10.     Switches

Switches work at layer 2 of the OSI model and connect all the devices on the LAN. Switches switch frames based on the destination MAC address for that frame. Switches come in all sizes from small home integrated router/switch/firewall/wireless devices, all the way to very large Cisco Catalyst 6500 series switches.

Security Tips

1.  Define correct user rights for the correct task

Users with administrator rights have the ability to perform activities that could be damaging, such as:

  • accidentally making changes that decrease the overall level of network security
  • being fooled into running malware, which would adopt user's administrator privileges
  • having logon details stolen, which would allow third parties to log in and carry out damaging actions

To increase security, ensure that your users have the appropriate privilege level for the task at hand, and limit the number of users that have administrator usernames and passwords.

2. Download files from trusted sites only

Many files can be downloaded from multiple locations on the Internet, but not all locations are created equal. Some are more secure than others. Ensure  your users only download from trusted sites, which are often main source websites rather than file-sharing or generic websites. Also consider who in the company needs to download files and applications from a website: consider restricting this permission to only those trusted users who are required to download files as part of their day-to-day activities, and ensure that these select few are educated in how to download files safely.

3. Undertake an audit of network shares

A lot of malware can spread via networks. This is commonly due to there being little or no security on network shares. Remove unnecessary shares and secure the others and their contents to limit network-aware malware from spreading.

4. Control network connections

When computers connect to networks, they can adopt that network's security settings during that specific session. If this network is external or outside the administrator's control, the security settings may be insufficient and put the computer at risk. Consider restricting users from connecting computers to unapproved domains or networks — in most instances, most users need only connect to the main corporate network.

5. Change the default IP range for your network

Networks often use standard IP ranges, such as 10.1.x.x or 192.168.x.x. This standardization means machines configured to look for this range may accidentally connect to a network outside your control. By changing the default IP range, the computers are less likely to find a similar range. You can also add firewall rules, as an added precaution, which allows only approved users to connect.

6. Audit the open ports on your network regularly and block unused ones.

Ports are like windows in a house. If you leave them open for long periods of time without surveying them, you increase the chance of letting in uninvited intruders. If ports are left open, Trojans and worms can use them to communicate with unauthorized third-parties. Ensure all ports are regularly audited and  unused ports are blocked.

7. Regularly audit the entry points into your network

Networks change shape and size all the time, so it is important to look into all the routes into your organization on a regular basis. Be aware of all entry points. Consider how to best secure the routes to stop unwanted files and applications entering undetected or sensitive information leaking out.

8. Consider placing business critical systems on a different network

When business critical systems are affected, they can slow business processes significantly. To help protect them, consider having them on a different network from the one used for day-to-day activities.

9. Test new software on a virtual network before you deploy

Although most software developers test software as much as they can, they are unlikely to have your network's exact configuration and setup. To ensure that a new installation or update does not cause any problems, test it on a virtual system and check its effects before deploying to the real live network.

10. Disable unused USB ports

Many devices, when connected to a USB port, will be automatically detected and mounted as a drive. USB ports can also allow devices to autorun any software connected to it. Most users are unaware that even the safest and most trusted devices can potentially introduce malware into the network. To prevent any accidents, it is much safer to disable all unused ports.

11. Disable Remote Administration

Virtually all routers have a remote administration feature that lets you log in to view or modify network settings from the Internet. To minimize the risk of an unauthorized outsider gaining access to your network, you should disable remote administration so administrative chores can only be performed from inside the network.

12. Use Strong Passwords

You've undoubtedly heard this one before, but are you actually doing it? All network devices, from routers to NAS drives to printers, etc. should be configured with strong passwords. That means at least eight characters, with mixed case letters, numbers and/or symbols, and no proper names or dictionary words.

Other Tips

1. To quickly list all the groups in your domain, with members, run this command:
dsquery group -limit 0 | dsget group -members –expand

2. To find all users whose accounts are set to have a non-expiring password, run this command:
dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0

3. To list all the FSMO role holders in your forest, run this command:
netdom query fsmo

4. To refresh group policy settings, run this command:
gpupdate

5. To check Active Directory replication on a domain controller, run this command:
repadmin /replsummary

6. To force replication from a domain controller without having to go through to Active
Directory Sites and Services, run this command:
repadmin /syncall

7. To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands:
set l
echo %logonserver%

8. To see what account you are logged on as, run this command:
whoami

9. To see what security groups you belong to, run this command:
whoami /groups

10. To see the domain account policy (password requirements, lockout thresholds, etc) run this command:
net accounts

Windows Networking

11. To quickly reset your NIC back to DHCP with no manual settings, run this command:
netsh int ip reset all

12. To quickly generate a text summary of your system, run this command:
systeminfo | more

13. To see all network connections your client has open, run this command:
net use

14. To see your routing table, run either of these commands:
route print
netstat -r

15. Need to run a trace, but don’t have Netmon or Wireshark, and aren’t allowed to install either one? Run this command:
netsh trace start capture=yes tracefile=c:\capture.etl
netsh trace stop

16. To quickly open a port on the firewall, run this command, changing the name, protocol, and port to suit. This example opens syslog:
netsh firewall set portopening udp 161 syslog enable all

17. To add an entry to your routing table that will be permanent, run the route add command with the –p option. Omitting that, the entry will be lost at next reboot:
route add 0.0.0.0 mask 0.0.0.0 172.16.250.5 –p

18. Here’s a simple way to see all open network connections, refreshing every second:
netstat –ano 1

19. You can add a | findstr value to watch for only a specific connection, like a client ip.addr or port:
netstat –ano | findstr 216.134.217.20

20. You can use the shutdown to shutdown or reboot a machine, including your own, in a simple scheduled task like this:
shutdown –r –t 0 –m \\localhost

21. To make planned DNS changes go faster, reduce the TTL on the DNS records you plan on changing to 30 seconds the day before changes are to be made. You can set the TTL back to normal after you confirm the changes have been successful.

22. Set a short lease on DHCP scopes that service laptops, and set Microsoft Option 002 to release a DHCP leas on shutdown. This helps to ensure your scope is not exhausted and that machines can easily get on another network when the move to a new site.

Windows 7

23. Want to enable the local administrator account on Windows 7? Run this command from an administrative command prompt. It will prompt you to set a password:

net user administrator * /active:yes

24. You can do the same thing during install by pressing SHIFT-F10 at the screen where you set your initial user password.
Windows 7 supports several useful new keyboard shortcuts:

25. Windows Key+G
Display gadgets in front of other windows.

26. Windows Key++ (plus key)
Zoom in, where appropriate.

27. Windows Key+- (minus key)
Zoom out, where appropriate.

28. Windows Key+Up Arrow
Maximize the current window.

29. Windows Key+Down Arrow
Minimize the current window.

30. Windows Key+Left Arrow
Snap to the left hand side of the screen

31. Windows Key+Right Arrow
Snap to the right hand side of the screen.

32. To quickly launch an application as an administrator (without the right-click, run as administrator), type the name in the Search programs and files field, and then press Ctrl-Shift-Enter.

Here are some tips that can save you from buying commercial software:

33. Need to make a quick screencast to show someone how to do something? The Problem Steps Recorder can create an MHTML file that shows what you have done by creating a screen capture each time you take an action. Click the Start button and type ‘psr’ to open the Problem Steps Recorder.

34. Need to burn a disc? The isoburn.exe can burn ISO and IMG files. You can right click a file and select burn, or launch it from the command line.

35. Windows 7 includes a screen scraping tool called the Snipping Tool. I have tons of users request a license for SnagIt, only to find this free tool (it’s under Accessories) does what they need.

36. You can download this bootable security scanner (http://connect.microsoft.com/systemsweeper) from Microsoft that will run off a USB key, which is very useful if you suspect a machine has a virus.

37. A great way to save all your command line tools and make them available across all your computers is to install Dropbox, (http://db.tt/W5FMJvy) create a folder to save all your scripts and tools, and add that folder to your path. That way, they can be called from the command line or any other scripts, and if you update a script, it will carry across to any other machine you have.

 








}