Kerberos Authentication Explained | Kerberos in window server |Window server Tutorial online course

can I see my screen listening we are able to see thank you okay so let's have a let's talk about directly first firewall okay firewall then iPad then we'll talk about uh one third solar is joint we will talk about so firewall is basically what purpose it's a network security right so let's say 2008 2023 okay so firewall using that two type you know in a basic bigger Network related okay Network related okay there is a pretty team would be there and separate team you can ask me network security or network team okay security or Network separate team would be there to dedicately managing for the firewall firewall basically what is it is network security so network security entire environment to manage network security just comes under for firewall which is you need to define the rule okay define the role so what needs to be a low right what needs to be alone what needs to be denied so in this case you should have the specific port number right you need to be managed by default every service you have the port number right you can talk about DNS you can talk about DHCP you can talk about ldap you can talk about them any uh and it did so I'm talking about Windows right FTP if you talk about Windows air now or file server kind of SMTP the port number for mail related by default some Port must be opened right so some Port are not open due to the security icmp right and RDP it's a oral security they will not be opened all the port default right so if you open the default it will be open the door for the hackers you have to have a restrict a certain incoming and outgoing there is a traffic right there is Network uh traffic you have to manage and maintain uh which is basically from the source to destination distance to source which is incoming and outgoing right outgoing so in a bigger picture this dedicate team would be there they know that is in how they are defining the role what are the default port number default the network security to be defined it's a unload or denied so if you talk of this is a dedicated where in a bigger picture and windows level you have a firewall right in the server level you have a firewall you might have observed sometime when we are going to Ping the server between two server and it was not able to connecting but it is not able to pinging right you heard about uh we were troubleshooting we have checked right we have a system one and we have a system two so everything is connected right IP address is provided 192 168.0.1 and uh this IP address 192.168.0.2 right both the machines needs to be ping right so sometime everything is okay everything is perfectly right but unable to Ping so here who is blocking here right when we are it's a it's a lab kind of right enable unable to Ping so by default what's happening that icmp protocol for the Ping icmp protocol we use right protocol we use protocol we use but default it is a blocked right to Ping it's a blocked so what do we need to do we need to open the firewall firewall and we need to turn off turned off this firewall to don't block it open this so then we were able to connect we were able to pinkish it's a lab environment but in a production environment it won't be blocking entire firewall they won't be blocking or turning up the firewall they will block only icme protocol right but since if they block that is an icmp protocol due to security but they can able to they can able to RDP the server but RDP port number RDP protocol protocol bind port number it is allowed number allowed to access it right so ultimately when you open the firewall here right when you open Windows level you can see the firewall dot CPL if you see here in the in the default operator system right you see this uh uh the by default this firewall we have turned up right if you see uh at one setting if you open this in firewall configurations part many port number protocol incoming and outgoing you can see that in in bond and outbound rule we can say right Windows Defender and firewall uh with Advanced security right if you see this inbound role you will be able to managing which are the role you want to be action right action you see this allow here right so depends on the requirement you can it is just server level and individual server level right but we never we never managed like that we never manage like in the individual server level but it is centrally Network related in the router configurations point of view they will be managing with the tool with the subject tool for the separate applications for them managing which is uh connections which is a security related to piano or denied right so default these are all Windows Firewall settings would be there but network settings something they wanted to manage they will be defining their internal only but certain some group policies you want to manage you can manage it but all are in you can see this in an inbound end or Bond rules right give me Point what I'm talking about so what type of group policies we make for uh firewalls as a customer administrator system you see the requirement again right if you want to uh you know many many settings are there for firewall right if you see uh firewall settings from group policy right there are many not only a single one or two but depends a requirement if you see uh we need to manage it right the the configuration settings are more right what are the firewall settings in group policy right if you see if you go to this setting right computer configuration policies window setting security settings Windows Firewall with Advanced security you will be see this is a many list of many list of under specific service related you would be able to managing but before that we would but when when they have done for the network level for the all the firewall part which we don't worried about which is centrally which is they will be managing further network security network traffic wise individual service right DNS related DHCP related active date related those kind of firewall you wanted to manage we need to find the requirement come to you and then you need to find that is in all the you know settings perspective settings to be enabled we have to find the settings you need to find the settings and it will be see here these are all list out further from the group policy one by one right assign the security group filter to the GPU change rule from the requester require mode configure authentication methods configure Group Policy to Auto enroll and deploy the certificate configure the role to require encryptions Windows Firewall log there might be you can see some uh icmpc here create an inbound double icmp rule create in bundle Port rule if centrally required to administrator from the Windows server side yes we should manage for these role you know already so if the requirement come to you and you got the settings what to do get the design settings test the one of the development environment and make a document then Implement in production see here if you go to the Group Policy Management console open the navigation in one tool actions click a new role make it custom all program you can Define what is that requirement is here right and and apply the reason policy if is required to the OU level or domain level create a WM filter from the GPU you know already dribbling filter is already how to create it correct is this the blue field is also part of whenever security filter and firewalling whatever that network security comes to you that will be firewall right you know this already which we discussed about WM filter how do you write the query and all right operating system related and Hardware related and that this query you can map it with the prospective policies that it should be enabling getting but but but if you ask me that question I have not managed individual firewall okay which is uh apart from this respective service even the group also have not created additional uh if some cases it would it would come right that firewall it will be by default it was defined nothing to take an additional task only wanted to if something they will tell that they need to add some additional setting on the existing policy then we can add it we would have already been there on that policies if anything newly implemented required then you take a help from the Google check that exactly sections what is required and those settings and we need to do the configurations group also you know that already right if the requirement come to you get the complete uh settings configurations correct either it is required for uh computer configuration right we need to find that it is is a computer configuration we never know the reason we are not recalling uh our remembering that is in uh which settings are there right we need to get the help from the Google only computer configuration and user configurations so if the setting says computer configurations where you need to go you can plan it again you will be going to with the separate place where you know uh Security Options right security options that where the options are there and under this you can go and see that you know uh advance audit policy something you will have this name and there you can see the right side you would have that is in in a list of settings and whichever required you can configure it by default all are not configured correct list of settings are there default it was not configured and you can see whichever the requirement is match that settings can be settings can be configured correct and this level we can do it but Network level Network level firewall we never managed and we will not get a chance to you know look into that because already it's been taken care infrastructure level because we will We since as a Windows Server administrator activated administrator we no need to worry about this one but requirement come to you for the individual ad related or group also related to implement get the requirement find that isn't exactly where is the settings comes to you and test it and implement it clear yeah okay now another important call is a TCP so you have is a very very important for the dis you know default and basic uh basic skill required for in Windows server you heard about IP IP address TCP is a you know Transmissions control protocol internet IP address right why we need to use but basically we need to there is I will not go to that again basically if that is I know seven layer for the network uh fundamental when you when you talk about right OS OSI layer model right I say layer model okay please do not Trust trust please do not trust do not delivery boy something is please do not trust transport delivery something easier what if I am seeing here to understand that ah physical layer physical okay physical layer data link layer okay and uh transport layer uh physical data transport Network no no I think transport is the third one and so the network is the third one all right network is that is there is a formal actually yeah please do not trust something user which I remember actually network network is following data link all right okay so Network right transport and then you have a application application the uh okay please do not trust uh some deliverable last one is uh what is that application they uh hey see here so it's only yeah yeah session layer very long time okay application layer presentation layer session layer transport layer Network layer right please do not trust state for something is there I was just recalling right okay now what is physical data link Network Transportation presentation and application okay so it should be a session presentation [Music] in the applications correct presentation application these are the layers basically would use source to destination how the data will be transferred from the over the network right these people will be having individual responsibilities physically connected to the uh connected to the network right from the using cable RJ45 connector the data it will be passing right Network it when it comes to network here is again whom should I reach out how do I reach out should we have some destination address right so these are all there but actually when you understood this IP address right then uh you know it just just not required for it to you know more detail but you should have knowledge purpose uh you are dedicatedly network then you must need to to understand this but in a Windows Server administrator required IP address concept because IP address is most most important we when we are talking about the site and configuration right it decides and services right activated set Services we have seen that is in subnet right we have seen that subnet and network address right so what you mean be here Network and network address and subnet here we can ask to the network team if some time Network team is not available then we need to know the reason what is the network address what is the subnet but before that we should understand that is in what are the IP address range do you know the what is range and which type of IP address we are using we have a two type of two type of IP addresses correct yes IP address which one is version four and six happy version four and six correct already the IPO agent 6 is Sorry 4 is exhausted and already we are trying to use for ipogen 6 correct but since when you talk about types is there any place where IP version 6 is being used yeah many many places they were using and many of uh services using I have seen that is in a couple of years in my previous project yeah I've not seen yeah there are some you know ipg6 are basically used for banking project and some security confidential uh people they were rather than ipvision 4. which I have seen that uh some some you know Financial related uh Financial related uh companies banking companies and uh some secret related they are using foreign calculating but calculation is different calculation is different but uh the configurations are all same when you talk about April 6 right it will come to the hexadecimal have you heard about hexadecimal yes right it overall we I position 4 we use only for till binary numbers right only 0 and 1. right zero and one so when you talk about the you should it should be like having that is an iPhone 6 like that to a right uh uh 0 1 F what do you mean by hexadecimal basically right how do we write in a decimal and hexadecimal and how do you write in binary word about I did those computation when I was in the university university yeah in the college days in the college right okay see same things because when as I said right we are as an administrator we are not involved much on this basically but we must understand that how exactly the IP Engine 4 and how the when you talk about the network subnet right we must have a report how do we divide and how do we manage for the subnet and how what do you mean by Network address how do we think about it this concept is comes under either you can use the application for our iPhone 6 but we must understand that but for that we default using for default using decimal number to configure the IP address correct default using when you configuring the IP address configuring IP address we use decimal number correct yes or no which is 192 168 like that yes or no and 10.1.1.1 right

like that we use it and to directly using this IP address we must understand some little fundamental in class in IP addresses has classes of IP address [Music] what are those you have class A Class B Class C class D [Music] uh D and Class E so basically we would be using for click Class C only we don't we don't use a Class D and a these are all two uh range of classes of April as a result for so this is for testing scientific and research scientific and research okay which is uh NASA and ISRO people who use for the you know satellite and space right rocket which use right they'll be using for this dedicated for the security related they won't be mixer by the way they won't be connecting for the regular Network due to the high security correct this kind of environment to touch or hack this and it's very difficult so these are these people are not in the completely in a public level it's a very confidential level and very secure level so they have already reserved for this right but when we talk about in our actual our internal Network so we should understand that class A there is a range of IP address right in a class A the range of IP address foreign start with 1 2 126 what do you mean by that one to 126 means what again Class B it's a range of IP address Class B range of IP address 120s A2 191. and Class C range of IP address 192. 192 to 223 right 192 to 223 so what do you mean by this actually how do I write and how do I know that is in 1 to 126 means what so where is the 127 here so 127 is 127 is reserved for 127 range result for range of IP address is reserved for or blowback okay so test your whatever look back here to test network network correct physical network connection testing even though sometime everything is works fine right the physical physical Network NIC card I wanted to test is working or not if it is a pinging 127.1.1.1 if it's a ping if it's pinging then we can confirm the network addressee network card which Nic is working fine network interface card so I thought is 127.0.0.1 yeah interface so usually when you talk about So when you say uh one right it should be you can say that 0.126 correct but actually you're going to start for start for the reason one only so you don't have you know valid for the zero it should be like that right it start right zero there's no value for that so I have written here in a four dot here right why it is how it is going to be when I say 0.126 here

how do I write how do I write and how do I know that can I use for the 255 256 IP address can I start it dot 1.1.1 can I use it can I configure like that no why because this is not class [Music] that is Class C or Plus no it's not constant of a class you can use till 254 can I use it to 54. can I use it like that can I use it is it the subnet Max you are talking about no okay I'm not talking about still subnet mask okay 254 I don't know if it I don't think can I can I use it this 254 no no no no no no no you sure first yes yes so what is message saying here it's outside the range right 255 4254 is not a valid entry please specify value between 19223 so there is a 223 last range here right 223 where it is here see here yes is there okay so you cannot use the 254 and cannot use it 224 223 more than this correct range but you know already when I talk about the class A what would be the default subnet mask in a Class A what would be the default subnet mask if I zero sorry people zero two double five zero zero dot zero dot zero is correct what would be the default subnet mask on a Class B 0.0 255 dot 255 .0.0 what would be the default subnet mask in a class C 255 255 250 per perfect right now observe here I can I can give a subnet mask like 255. right why why can't I manage for 256 here if you go to the same okay let's say 2 for 25.1 Dot

right when you click here automatically is coming can you give the 256 here no what it says it's invalid correct why it is in coming to the 256 is 250 page limit why it is coming into 55 millimeter it's outside the range which range which range it is the subnet Mass range correct but it's a default we know the difference there are 56 only allowed from zero from we are counting from 0 to 56 is that two two phaser 256 number how how what is the reason for that why I need to fix under the only range of 255 why can't I know the power 2 to the power to the power what is the two to the four no it's not 2 to the power we using for ipogen 4 right the version we're using for the ipvision 4 what do you mean by ipusion 4 here what do you mean by equation 4 there are four digits foreign in a binary language is it is at 16 bit is it 28 bit is a 32 bit is at 64 bit you know you heard you heard about uh binary number yes yes we use for what is the number zero and one correct we have that is in a bit single bit right yes or no [Music] and you you heard about 8-bit you heard about 16 bit you heard about 32-bit right so what you mean by this now IP version 4 means ipusion 4 means it is equivalent to 32-bit correct so 32-bit it's divided into what is that 4 octet right 4 octet what do you mean by 4 octet each octet each octet which octet must be eight bits right yes or no each octet must be enough four bits so now when we have a IP version 4 32-bit so how do we write it in a IP address 8-bit means how do I write it I can say like that one two three four five six seven eight one two three four five six seven eight one two three four five six seven eight one two three four five six one eight correct [Music] is it my I'm writing correct way yes right so now here is eight bit eight bit here is 8 bit [Music] here is 8-bit and here is 8-bit add one more zero two three four five six seven eight correct now total how many bits are there equal to um correct now now Class A what's the default subnet mask 255.0.0.0 how do I write in a binary number for this eight ones so one one one one one one one one how do you make that one two three four five six seven eight correct dot uh zero zero three four five six seven eight nine two three four five six seven eight now one two three four five six seven eight correct so how do I return for the all four one eight ones what is the basis here now you will be calculating to the binary number there is a calculation right there is uh not to to the power of you can say like that but you can calculate like that here uh calculate here 0 right 2 4 4 6 8 16 because it's late 2 4 x will not come now 16 16 32 32 64 128 right 128 that's all right now if you see rehab now what is the value of if I say all the ones here right we are putting all the ones right one one one one one and one correct what would be the value 128 plus 64 255 total 128 plus 64 128 Plus 64. 32 plus 16 plus 8 plus 4 plus 2 plus 1. what is the value here if you see it comes under 128 plus 64 192 192 plus 32 224 224 plus 16 240 248 to 52 to 54 and the value would be 250 255 right to 55.

so how how we can how how we can manage it here right this is come Center for 255 overall it is have a 8 bit correct [Music] now that's what I'm going to I'm going to give a value is called 255 Dot zero dot 0.0 right but now there's a question arising here you understood how you are going to defining right now in this if you talk about the subnetting part right if you talk about submitting part how many Network I can use in a class C A and how many host I am going to use in a class A the question will arise in here how many Network means how many Network we are using how many hosts we are using Network means what physical dividing the network correct okay physical uh dividing the network right host means what individual individual machine right machine you must need a IP address okay okay guys give me one minute someone has came here I'll disconnect it hey Abhishek right yeah give me one minute come hey guys I'm back sorry yeah please please take it please take it yeah yeah all right I'm backing so this is important since you asked of Faisal thanks okay so just to I'm just refreshing this IP address topic uh it is sometime required for this okay so now what's happening if I ask I am using uh in a class A IP address range uh how many Network would come here and how many hosts would come here there is a calculation there is a calculation methodology comes here but default in a class A or in a in a binary level I can say 0 indicate okay zero indicate 0 indicate host okay one indicate for Network right for Network yes or no yes so now how many Network and how many hosts I'm using in a Class A in this in this calculation part three different Networks sorry in a class A how many books are there eight ones right foreign [Music] but it is not like this calculation it's not like this calculation you should make to overall calculation 2 to the power of 2 to the power of your either host and a network so now if I ask you for the network what is the 2 to the power of 2 to the power of 2 to the power of 8 right correct and for host 2 to the power of how many are there 24. so now tell me what would be the calculation here so if you ask me 2 raised to power 256 networks over half of 2 to the power of 8 to 56 256 right so you will be using 256 Network in classic how many hosts you are using 2 to the power of 24 the value should be t one six seven think about you are using the class a IP address how many IP addresses are coming actually valid I printed someone using this remaining I put Source are are losses one crore 67 lakh round is seven thousand seventy seven thousand two hundred one six IP address you are using in a Class A actually there's a calculation okay so this is default methodology I'm explaining you when you when you talk about little deeper level there is a calculation when it is comes under for customized now you are talking about default right with the same methodology if I ask you Class B how many how many Class B how many IPS how many networks are using true to the power 16 2 to the power 16 2 to the power of 16 Perfect Right total power of 16 I enter 2 to the power because 255.255.0 you already know this right so in a class yeah I can say I can say Class A I can say slash eight I can say slash yet here plus a [Music] I can say slash eight slash eight means what all our ones correct um now Class B can I say slash 16 can I say class 16 16 . yeah and the same thing is classy can I say slash 24 correct yeah and what would be the host and network in a class see it's a reverse of Class A correct it's a reverse of Class A it means network is network is 2 to the power of 24 correct network is 2 to the power of 24. yeah 2 to the power of eight now if I ask you when you talk about in a subnetting we have given the Slash 23 24. what do you mean by that if I

tell you I am going to using class a IP address okay you tell me I'll give you that is an IP address range I'll give you IP address range which is 10 Dot 1.1.0 slash 22. find the Network address and the subnet mask can be able to manage if I say slash 22 how do I you know already what do you mean by slash 8 here 16 months right 24 24 ones now when I say slash 22 what do you mean by slash 22 here how many ones you need to write 22 once correct how do I write these 22 ones how do I write 22 once here one two three four five six seven eight one two three four five six seven eight one two three sixteen 17 18 19 20 21 22 right zero zero two three four five six seven eight correct yes correct so what would be that what would be the subnet mask for this how do I write it 255 you know already default perfect now tell me how do I write here um it would be less than 2.5 um 249.

two make sure you should should calculate here there's a calculation how many ones one two three four five six ones are there you need to calculate still here right four three four five six it means 128 plus 64 192 192 plus 30 to 224 224 plus 16 240 248 to 52 your value would be 252.0 bill yeah you go to subnet mask if the if the someone gave you 192.168.10.0 slash 13. what will be the default subnet mask here in this last 13. how many ones [Music] how many ones you need to write 13 months right green ones so 8 already written 9 10 11 12 13 and remainings are 0 correct yes uh 8 9 10 11 12 13 8 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8. so you have written already here 250.

now in this you you know the term networks and how many hosts are coming when you go to the kill two to the power of 22 2 to the power of 8. now same things now you can see eight which is 255 again Dot what would be the value here 128 plus 64 192 192 plus 32 224 224 plus 16 240 and 240 plus 1 to 50 to 48 correct 248 dot 0.0 is that subnet must you go to for the last 13 yes or no sorry what what normally confused me about this is like this 10 now sorry what is that I was I was like this 192.168.10

I was I was thinking that the figure will be in this in this update not getting a question so can you repeat please what I'm saying is that look at this 192.168.10. okay yes I was thinking that uh on this second zero that there will be a figure they are not zero just find the first Subnet Mask right default subnet mask so for here again there is one more calculation will come each Network this is your finding for the subnet mask only correct now you are just finding the subnet mask but now they will give you the network okay they will give you network address and find the find the first find the number of network number of network right number one and find the hosts no each Network each Network how many IP addresses are coming and also find the each Network when you found the IP network each Network what would be the valid IP address we are using so when you come under this part right we are using when you when you talk about this one there is a IP address calculations which is part called as a subnetting you might have heard about IP address IP address calculation part right so till now we discussed about it's a fundamental of your IP addresses right so when you talk about the IP address calculation right IP address calculation right see that that is called as a cidr classless Intel domain routing and vlsm right I put a subnet calculator now I see that you are using for any classes of IP address you are using network classes either a b c right and you mentioning that is in uh uh 255.5 out of 55.255.252 you can use any of the range here see here you can use any of the range here you want to use this 250.0.8 and it will give you that is in IP address just calculate here see this Network addresses 103.0.0 usable IP address ranges 103.0.021 and these many IP addresses

are coming how is the total number of I bits is coming 16 I know 16 lakh 77 it's one crore 67 lakh this one is right and if I am using for the same one Class E if I'm using for the class C okay and this one 31 and see how many IP addresses are coming total see here number of forces is coming four number of usable IPS is two so this is a different topic altogether for calculate which we don't require but we need to know this is a network team can do it see here this is what you are going to do here Network range address usable IP addresses and broadcast IP addresses which I was asked these questions here find the number of network find the each Network how many IP addresses are coming and find the each Network valid IP addresses we are using which is range of IP address see here getting my point this can be this this table can be done by using network team not bias but till now we should understand what is the default subnet mask how this default subnet mask has been defining and if they gave us the customized Network address Network address means what number of ones then how do we Define or how do we calculate the subnet mask this is you should have a clarity clear guys Faisal clear yes now just little little Clarity on IP address range yes or no yeah yes now let's talk about Kerberos the main topic sorry before you go to this um I wanted to ask you uh two questions the first one is what what exactly are we um what are the list of what we need to do when we are doing uh active directory health check we discussed everything right one second and and secondly uh I wanted to find out uh what is a certificate of authority okay early health check and certificate yes basically you should manage for first point your talk about activity replications okay okay you should talk about your FSM role talk about DNS Taco board services talk about uh what else fsmo overall you should be managing for this right so there is a script I have given you all that right I have shown you the script one no I I I understand the okay so basically you see right you you should be having this script okay let me just show you okay let me have a look if I already have it let me see I have this one let me just show you thank you let me download it see ya these are all you're going to be checked okay [Music] okay now you can just download this script here foreign

2023-09-01 07:35

Other news