my favorite

Check out my Slide Show!

Description of OSI layers

Layer 7: Application layer

Main article: Application layer

This application layer interfaces directly to and performs application services for the application processes; it also issues requests to the presentation layer. Note carefully that this layer provides services to user-defined application processes, and not to the end user. For example, it defines a file transfer protocol, but the end user must go through an application process to invoke file transfer. The OSI model does not include human interfaces. The common application services sublayer provides functional elements including the Remote Operations Service Element (comparable to Internet Remote Procedure Call), Association Control, and Transaction Processing (according to the ACID requirements).

Above the common application service sublayer are functions meaningful to user application programs, such as messaging (X.400), directory (X.500), file transfer (FTAM), virtual terminal (VTAM), and batch job manipulation (JTAM). These contrast with user applications that use the services of the application layer, but are not part of the application layer itself.

1. File Transfer applications using FTAM (OSI protocol) or FTP (TCP/IP Protocol)
2. Mail Transfer clients using X.400 (OSI protocol) or SMTP/POP3/IMAP (TCP/IP protocols)
3. Web browsers using HTTP (TCP/IP protocol); no true OSI protocol for web applications

Layer 6: Presentation layer

Main article: Presentation layer

The presentation layer establishes a context between application layer entities, in which the higher-layer entities can use different syntax and semantics, as long as the Presentation Service understands both and the mapping between them. The presentation service data units are then encapsulated into Session Protocol Data Units, and moved down the stack.

The original presentation structure used the Basic Encoding Rules of Abstract Syntax Notation One (ASN.1), with capabilities such as converting an EBCDIC-coded text file to an ASCII-coded file, or serializing objects and other data structures into and out of XML. ASN.1 has a set of cryptographic encoding rules that allows end-to-end encryption between application entities.

Layer 5: Session layer

Main article: Session layer

The session layer controls the dialogues/connections (sessions) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures. The OSI model made this layer responsible for “graceful close” of sessions, which is a property of TCP, and also for session checkpointing and recovery, which is not usually used in the Internet protocols suite. Session layers are commonly used in application environments that make use of remote procedure calls (RPCs).

iSCSI, which implements the Small Computer Systems Interface (SCSI) encapsulated into TCP/IP packets, is a session layer protocol increasingly used in Storage Area Networks and internally between processors and high-performance storage devices. iSCSI uses TCP for guaranteed delivery, and carries SCSI command descriptor blocks (CDB) as payload to create a virtual SCSI bus between iSCSI initiators and iSCSI targets.

Layer 4: Transport layer

Main article: Transport layer

The transport layer provides transparent transfer of data between end users, providing reliable data transfer services to the upper layers. The transport layer controls the reliability of a given link through flow control, segmentation/desegmentation, and error control. Some protocols are state and connection oriented. This means that the transport layer can keep track of the segments and retransmit those that fail.

Although it was not developed under the OSI Reference Model and does not strictly conform to the OSI definition of the Transport layer, the best known examples of a layer 4 protocol are the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Of the actual OSI protocols, there are five classes of transport protocols ranging from class 0 (which is also known as TP0 and provides the least error recovery) to class 4 (which is also known as TP4 and is designed for less reliable networks, similar to the Internet). Class 4 is closest to TCP, although TCP contains functions, such as the graceful close, which OSI assigns to the Session Layer.

Perhaps an easy way to visualize the transport layer is to compare it with a Post Office, which deals with the dispatch and classification of mail and parcels sent. Do remember, however, that a post office manages the outer envelope of mail. Higher layers may have the equivalent of double envelopes, such as cryptographic presentation services that can be read by the addressee only. Roughly speaking, tunneling protocols operate at the transport layer, such as carrying non-IP protocols such as IBM‘s SNA or Novell‘s IPX over an IP network, or end-to-end encryption with IPsec. While Generic Routing Encapsulation (GRE) might seem to be a network layer protocol, if the encapsulation of the payload takes place only at endpoint, GRE becomes closer to a transport protocol that uses IP headers but contains complete frames or packets to deliver to an endpoint. L2TP carries PPP frames inside transport packets.

Layer 3: Network layer

Main article: Network layer

The network layer provides the functional and procedural means of transferring variable length data sequences from a source to a destination via one or more networks while maintaining the quality of service requested by the Transport layer. The Network layer performs network routing functions, and might also perform fragmentation and reassembly, and report delivery errors. Routers operate at this layer—sending data throughout the extended network and making the Internet possible. This is a logical addressing scheme – values are chosen by the network engineer. The addressing scheme is hierarchical.

The best-known example of a layer 3 protocol is the Internet Protocol (IP). It manages the connectionless transfer of data one hop at a time, from end system to ingress router, to router to router, and from egress router to destination end system. It is not responsible for reliable delivery to a next hop, but only for the detection of errored packets so they may be discarded. When the medium of the next hop cannot accept a packet in its current length, IP is responsible for fragmenting into sufficiently small packets that the medium can accept it.

A number of layer management protocols, a function defined in the Management Annex, ISO 7498/4, belong to the network layer. These include routing protocols, multicast group management, network layer information and error, and network layer address assignment. It is the function of the payload that makes these belong to the network layer, not the protocol that carries them.

Layer 2: Data Link layer

Main article: Data link layer

The data link layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the physical layer. Originally, this layer was intended for point-to-point and point-to-multipoint media, characteristic of wide area media in the telephone system. Local area network architecture, which included broadcast-capable multiaccess media, was developed independently of the ISO work, in IEEE Project 802. IEEE work assumed sublayering and management functions not required for WAN use. In modern practice, only error detection, not flow control using sliding window, is present in modern data link protocols such as Point-to-Point Protocol (PPP), and, on local area networks, the IEEE 802.2 LLC layer is not used for most protocols on Ethernet, and, on other local area networks, its flow control and acknowledgment mechanisms are rarely used. Sliding window flow control and acknowledgment is used at the transport layers by protocols such as TCP, but is still used in niches where X.25 offers performance advantages.

Both WAN and LAN services arrange bits, from the physical layer, into logical sequences called frames. Not all physical layer bits necessarily go into frames, as some of these bits are purely intended for physical layer functions. For example, every fifth bit of the FDDI bit stream is not used by the data link layer.

WAN Protocol Architecture

Connection-oriented WAN data link protocols, in addition to framing, detect and may correct errors. They also are capable of controlling the rate of transmission. A WAN data link layer might implement a sliding window flow control and acknowledgment mechanism to provide reliable delivery of frames; that is the case for SDLC and HDLC, and derivatives of HDLC such as LAPB and LAPD.

IEEE 802 LAN Architecture

Practical, connectionless LANs began with the pre-IEEE Ethernet specification, which is the ancestor of IEEE 802.3. This layer manages the interaction of devices with a shared medium, which is the function of a Media Access Control sublayer. Above this MAC sublayer is the media-independent IEEE 802.2 Logical Link Control (LLC) sublayer, which deals with addressing and multiplexing on multiaccess media.

While IEEE 802.3 is the dominant wired LAN protocol and IEEE 802.11 the wireless LAN protocol, obsolescent MAC layers include Token Ring and FDDI. The MAC sublayer detects but does not correct errors.

Layer 1: Physical layer

Main article: Physical layer

The physical layer defines all the electrical and physical specifications for devices. In particular, it defines the relationship between a device and a physical medium. This includes the layout of pins, voltages, cable specifications, Hubs, repeaters, network adapters, Host Bus Adapters (HBAs used in Storage Area Networks) and more.

To understand the function of the physical layer in contrast to the functions of the data link layer, think of the physical layer as concerned primarily with the interaction of a single device with a medium, where the data link layer is concerned more with the interactions of multiple devices (i.e., at least two) with a shared medium. The physical layer will tell one device how to transmit to the medium, and another device how to receive from it (in most cases it does not tell the device how to connect to the medium). Obsolescent physical layer standards such as RS-232 do use physical wires to control access to the medium.

The major functions and services performed by the physical layer are:

• Establishment and termination of a connection to a communications medium.
• Participation in the process whereby the communication resources are effectively shared among multiple users. For example, contention resolution and flow control.
• Modulation, or conversion between the representation of digital data in user equipment and the corresponding signals transmitted over a communications channel. These are signals operating over the physical cabling (such as copper and optical fiber) or over a radio link.

Parallel SCSI buses operate in this layer, although it must be remembered that the logical SCSI protocol is a transport-layer protocol that runs over this bus. Various physical-layer Ethernet standards are also in this layer; Ethernet incorporates both this layer and the data-link layer. The same applies to other local-area networks, such as Token ring, FDDI, and IEEE 802.11, as well as personal area networks such as Bluetooth and IEEE 802.15.4.

Interfaces

Neither the OSI Reference Model nor OSI protocols specify any programming interfaces, other than as deliberately abstract service specifications. Protocol specifications precisely define the interfaces between different computers, but the software interfaces inside computers are implementation-specific.

For example, Microsoft Windows‘ Winsock, and Unix‘s Berkeley sockets and System V Transport Layer Interface, are interfaces between applications (layers 5 and above) and the transport (layer 4). NDIS and ODI are interfaces between the media (layer 2) and the network protocol (layer 3).

Interface standards, except for the physical layer to media, are approximate implementations of OSI Service Specifications.

Examples

Layer		Misc. examples	TCP/IP suite	SS7	AppleTalk suite	OSI suite	IPX suite	SNA	UMTS
#	Name
7	Application	HL7, Modbus, CDP	NNTP, SIP, SSI, DNS, FTP, Gopher, HTTP, NFS, NTP, DHCP, SMPP, SMTP, SNMP, Telnet,	ISUP, INAP, MAP, TUP, TCAP,	AFP, ZIP, RTMP, NBP	FTAM, X.400, X.500, DAP	RIP, SAP	APPC
6	Presentation	TDI, ASCII, EBCDIC, MIDI, MPEG	MIME, XDR, SSL, TLS (Not a separate layer)		AFP	ISO 8823, X.226
5	Session	Named Pipes, NetBIOS, SAP, SDP	Sockets. Session establishment in TCP. SIP. (Not a separate layer with standardized API.)		ASP, ADSP, PAP	ISO 8327, X.225	NWLink	DLC?
4	Transport	NBF, nanoTCP, nanoUDP	TCP, UDP, IPsec, PPTP, L2TP	SCTP, SCCP, RTP	DDP	TP0, TP1, TP2, TP3, TP4	SPX
3	Network	NBF, Q.931	IP, ARP, ICMP, RIP, OSPF, BGP, IGMP, IS-IS	MTP-3	ATP (TokenTalk or EtherTalk)	X.25 (PLP), CLNP	IPX		RRC (Radio Resource Control) PDCP (Packet Data Convergence Protocol) and Broadcast/Multicast Control (BMC)
2	Data Link	802.3 (Ethernet), 802.11a/b/g/n MAC/LLC, 802.1Q (VLAN), ATM, HDP, FDDI, Fibre Channel, Frame Relay, HDLC, ISL, PPP, Q.921, Token Ring	PPP, SLIP	MTP-2	LocalTalk,AppleTalk Remote Access, PPP	X.25 (LAPB), Token Bus	IEEE 802.3 framing, Ethernet II framing	SDLC	LLC (Logical Link Control), MAC (Media Access Control)
1	Physical	RS-232, V.35, V.34, I.430, I.431, T1, E1, 10BASE-T, 100BASE-TX, POTS, SONET, DSL, 802.11a/b/g/n PHY		MTP-1	RS-232, RS-422, STP, PhoneNet	X.25 (X.21bis, EIA/TIA-232, EIA/TIA-449, EIA-530, G.703)		Twinax	UMTS L1 (UMTS Physical Layer)

How To Set Up an FTP Server in Windows Server 2003

Install Internet Information Services and the FTP Service

Because FTP depends on Microsoft Internet Information Services (IIS), IIS and the FTP Service must be installed on the computer. To install IIS and the FTP Service, follow these steps.

NOTE: In Windows Server 2003, the FTP Service is not installed by default when you install IIS. If you already installed IIS on the computer, you must use the Add or Remove Programs tool in Control Panel to install the FTP Service.

1.	Click Start, point to Control Panel, and then click Add or Remove Programs.
2.	Click Add/Remove Windows Components.
3.	In the Components list, click Application Server, click Internet Information Services (IIS) (but do not select or clear the check box), and then click Details.
4.	Click to select the following check boxes (if they are not already selected): Common Files File Transfer Protocol (FTP) Service Internet Information Services Manager
5.	Click to select the check boxes next to any other IIS-related service or subcomponent that you want to install, and then click OK.
6.	Click Next.
7.	When you are prompted, insert the Windows Server 2003 CD-ROM into the computer’s CD-ROM or DVD-ROM drive or provide a path to the location of the files, and then click OK.
8.	Click Finish.

IIS and the FTP service are now installed. You must configure the FTP Service before you can use it.

How to Install the DHCP Service

Before you can configure the DHCP service, you must install it on the server. DHCP is not installed by default during a typical installation of Windows Standard Server 2003 or Windows Enterprise Server 2003. You can install DHCP either during the initial installation of Windows Server 2003 or after the initial installation is completed.

How to Install the DHCP Service on an Existing Server

1.	Click Start, point to Control Panel, and then click Add or Remove Programs.
2.	In the Add or Remove Programs dialog box, click Add/Remove Windows Components.
3.	In the Windows Components Wizard, click Networking Services in the Components list, and then click Details.
4.	In the Networking Services dialog box, click to select the Dynamic Host Configuration Protocol (DHCP) check box, and then click OK.
5.	In the Windows Components Wizard, click Next to start Setup. Insert the Windows Server 2003 CD-ROM into the computer’s CD-ROM or DVD-ROM drive if you are prompted to do so. Setup copies the DHCP server and tool files to your computer.
6.	When Setup is completed, click Finish.

How to Configure the DHCP Service

After you have installed the DHCP service and started it, you must create a scope, which is a range of valid IP addresses that are available for lease to the DHCP client computers on the network. Microsoft recommends that each DHCP server in your environment have at least one scope that does not overlap with any other DHCP server scope in your environment. In Windows Server 2003, DHCP servers in an Active Directory-based domain must be authorized to prevent rogue DHCP servers from coming online. Any Windows Server 2003 DHCP Server that determines itself to be unauthorized will not manage clients.

How to Create a New Scope

1.	Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
2.	In the console tree, right-click the DHCP server on which you want to create the new DHCP scope, and then click New Scope.
3.	In the New Scope Wizard, click Next, and then type a name and description for the scope. This can be any name that you want, but it should be descriptive enough so that you can identify the purpose of the scope on your network (for example, you can use a name such as “Administration Building Client Addresses”). Click Next.
4.	Type the range of addresses that can be leased as part of this scope (for example, use a range of IP addresses from a starting IP address of 192.168.100.1 to an ending address of 192.168.100.100). Because these addresses are given to clients, they must all be valid addresses for your network and not currently in use. If you want to use a different subnet mask, type the new subnet mask. Click Next.
5.	Type any IP addresses that you want to exclude from the range that you entered. This includes any addresses in the range described in step 4 that may have already been statically assigned to various computers in your organization. Typically, domain controllers, Web servers, DHCP servers, Domain Name System (DNS) servers, and other servers, have statically assigned IP addresses. Click Next.
6.	Type the number of days, hours, and minutes before an IP address lease from this scope expires. This determines how long a client can hold a leased address without renewing it. Click Next, and then click Yes, I want to configure these options now to extend the wizard to include settings for the most common DHCP options. Click Next.
7.	Type the IP address for the default gateway that should be used by clients that obtain an IP address from this scope. Click Add to add the default gateway address in the list, and then click Next.
8.	If you are using DNS servers on your network, type your organization’s domain name in the Parent domain box. Type the name of your DNS server, and then click Resolve to make sure that your DHCP server can contact the DNS server and determine its address. Click Add to include that server in the list of DNS servers that are assigned to the DHCP clients. Click Next, and then follow the same steps if you are using a Windows Internet Naming Service (WINS) server, by adding its name and IP address. Click Next.
9.	Click Yes, I want to activate this scope now to activate the scope and allow clients to obtain leases from it, and then click Next.
10.	Click Finish.
11.	In the console tree, click the server name, and then click Authorize on the Action menu.

Troubleshooting

The following sections explain how to troubleshoot some of the issues that you may experience when you try to install and configure a Windows Server 2003-based DHCP server in a workgroup.

Clients Cannot Obtain an IP Address

If a DHCP client does not have a configured IP address, this typically indicates that the client was not able to contact a DHCP server. This can be caused by a network problem, or because the DHCP server is unavailable. If the DHCP server started and other clients can obtain valid addresses, verify that the client has a valid network connection and that all the related client hardware devices (including cables and network adapters) are working properly.

The DHCP Server Is Unavailable

If a DHCP server does not provide leased addresses to clients, it is frequently because the DHCP service did not start. If this is the case, the server may not be authorized to operate on the network. If you were previously able to start the DHCP service, but it has since stopped, use Event Viewer to check the System log for any entries that may explain why you cannot start the DHCP service.

To restart the DHCP service:

1.	Click Start, and then click Run.
2.	Type cmd, and then press ENTER.
3.	Type net start dhcpserver, and then press ENTER.

-or-

1.	Click Start, point to Control Panel, point to Administrative Tools, and then click Computer Management.
2.	Expand Services and Applications, and then click Services.
3.	Locate and then double-click DHCP Server.
4.	Verify that Startup is set to Automatic and that Service Status is set to Started. If not, click Start.
5.	Click OK, and then close the Computer Management window.

Install the DNS server service.

To do this, follow these steps:

a.	Click Start, point to Control Panel, and then click Add/Remove Programs.
b.	Click Add/Remove Windows Components.
c.	In the Windows Components list, double-click Networking Services.
d.	Click to select the Domain Name System (DNS) check box, and then click OK.
e.	Click Next, and then click Finish.

DCET 2/2/1

 

ETHERNET CABLE: COLOR-CODE STANDARDS

 

 

T-568A Straight-Through Ethernet Cable

 

T-568B Straight-Through Ethernet Cable

 

RJ-45 Crossover Ethernet Cable

 

Basic Theory:

List of FTP commands

• 
• ABOR – Abort an active file transfer.
• ACCT – Account information.
• ALLO – Allocate sufficient disk space to receive a file.
• APPE – Append.
• CDUP – Change to Parent Directory.
• CLNT – Send FTP Client Name to server. (not RFC 959)
• CWD – Change working directory.
• DELE – Delete file.
• EPSV – Enter extended passive mode. (not RFC 959)
• EPRT – Specifies an extended address and port to which the server should connect. (not RFC 959)
• FEAT – Get the feature list implemented by the server. (not RFC 959)
• GET – Use to download a file from remote. (not RFC 959. RFC 959 version is RETR)
• HELP – Returns usage documentation on a command if specified, else a general help document is returned.
• LIST – Returns information of a file or directory if specified, else information of the current working directory is returned.
• LPSV – Enter long passive mode. (not RFC 959)
• LPRT – Specifies a long address and port to which the server should connect. (not RFC 959)
• MDTM – Return the last-modified time of a specified file. (not RFC 959)
• MGET – Use to download multiple files from remote. (not RFC 959)
• MKD – Make directory (folder).
• MNT – Mount File Structure. (not RFC 959)
• MODE – Sets the transfer mode (Stream, Block, or Compressed).
• MPUT – Use to upload multiple files to remote. (not RFC 959)
• NLST – Returns a list of filenames in a specified directory.
• NOOP – No operation (dummy packet; used mostly on keepalives).
• OPTS – Select options for a feature. (not RFC 959)
• PASS – Authentication password.
• PASV – Enter passive mode.
• PORT – Specifies an address and port to which the server should connect.
• PUT – Use to upload a file to remote. (not RFC 959. RFC 959 version is STOR)
• PWD – Print working directory. Returns the current directory of the host.
• QUIT – Disconnect.
• REIN – Re initializes the connection.
• REST – Restart transfer from the specified point.
• RETR – Retrieve (download) a remote file.
• RMD – Remove a directory.
• RNFR – Rename from.
• RNTO – Rename to.
• SITE – Sends site specific commands to remote server.
• SIZE – Return the size of a file. (not RFC 959)
• SMNT – Mount file structure.
• STAT – Returns the current status.
• STOR – Store (upload) a file.
• STOU – Store file uniquely.
• STRU – Set file transfer structure.
• SYST – Return system type.
• TYPE – Sets the transfer mode (ASCII/Binary).
• UMNT – Unmount file structure. (not RFC 959)
• USER – Authentication username.

HOW TO: Apply Local Policies to All Users Except Administrators on Windows Server 2003 in a Workgroup Setting

SUMMARY

loadTOCNode(1, \’summary\’);

This article describes how to apply local policies to all users except administrators on a Windows Server 2003-based computer that is in a workgroup setting.When you use a Windows Server 2003-based computer in a workgroup setting (not a domain), you may have to implement local policies on that computer that can apply to all users of that computer, but not to administrators. This exception permits the administrator to retain unlimited access and control of the computer, and also permits the administrator to restrict the users who can log on to that computer.

The Windows Server 2003-based computer must be in a workgroup setting for this procedure to work. In this situation, the domain policies cannot overwrite the local policies because the domain policies do not exist. Microsoft recommends that you make backup copies of all the files that you edit during this procedure.

Apply Local Policies to All Users Except Administrators

loadTOCNode(2, \’summary\’);To implement local policies to all users except administrators, follow these steps:

1.	Log on to the computer as an administrator.
2.	Open your local security policy. To do this, do one of the following: • Click Start, click Run, type gpedit.msc, and then press ENTER.-or- • Click Start, click Run, type mmc, press ENTER, add the Group Policy Object Editor, and then configure it for the local security policy. If the removal of the run command is one of the policies that you want, Microsoft recommends that you edit the policy by means of Microsoft Management Console (MMC), and then save the results as an icon. Then, you do not need the run command to reopen the policy.
3.	Expand the User Configuration object, and then expand the Administrative Templates object.
4.	Enable whatever policies that you want (for example, Desktop for “Hide My Network Places” or “Hide Internet Explorer Icon on Desktop”).NOTE: Make sure that you select the correct policies; otherwise, you may restrict the ability of the administrator to log on to the computer (and to complete the necessary steps to configure the computer). Microsoft recommends that you record any changes that you make (you can also use this information for step 10).
5.	Close the Gpedit.msc Group Policy snap-in. Or, if you use MMC, save the console as an icon to make it accessible later, and then log off the computer.
6.	Log on to the computer as an administrator.You can verify in this logon session the policy changes that were made earlier, because, by default, the local policies apply to all users, which includes administrators.
7.	Log off the computer, and then log on to the computer as all of the other users for this computer for whom you want these policies to apply. The policies are implemented for all of these users and the administrator.NOTE: Any user account that is not logged on to the computer at this step cannot have the policies implemented for that account.
8.	Log on to the computer as an administrator.
9.	Click Start, point to Control Panel, and then click Folder Options. Click the View tab, click Show Hidden Files and Folders, and then click OK so that you can view the Group Policy hidden folder. Or, open Windows Explorer, click Tools, and then click Folder Options to view these settings.
10.	Copy the Registry.pol file that is located in the %Systemroot%\System32\GroupPolicy\User folder to a backup location (for example, to a different hard disk, floppy disk, or folder).
11.	Open your local policy again by using either the Gpedit.msc Group Policy snap-in or your MMC icon, and then enable the exact features that were disabled in the original policy that was created for that computer.NOTE: When you do this, Policy Editor creates a new Registry.pol file.
12.	Close your policy editor, and then copy the backup Registry.pol file that you created in step 10 back into the %Systemroot%\System32\GroupPolicy\User folder.When you are prompted to replace the existing file, click Yes.
13.	Log off the computer, and then log on as an administrator.You can verify that the changes that were originally made are not implemented for you because you have logged on to the computer as an administrator.
14.	Log off the computer, and then log on as another user (or users).You can verify that the changes that were originally made are implemented for you because you have logged on to the computer as a user (not an administrator) to that computer .
15.	Log on to the computer as an administrator to verify that the local policy does not affect you as the local administrator to that computer.

Restore Original Local Policies

loadTOCNode(2, \’summary\’);To reverse the process described in the “Apply Local Policies to All Users Except Administrators” section of this article, follow these steps:

1.	Log on to the computer as an administrator.
2.	Click Start, point to Control Panel, and then click Folder Options. Click the View tab, click Show Hidden Files and Folders, and then click OK so that you can view the Group Policy hidden folder. Or, open Windows Explorer, click Tools, and then click Folder Options.
3.	Move, rename, or delete the Registry.pol file from the %Systemroot%\System32\GroupPolicy\User folder.Another default Registry.pol file is created by the Windows File Protection system after you log off from or restart the computer.
4.	Open the local policy. To do this, click Start, click Run, and then type gpedit.msc. Or, click Start, click Run, type mmc, and then load the local security policy. Then, set all of the items that are set to either disable or enable to not configured to reverse any policy changes that were implemented to the Windows Server 2003 registry as specified by the Registry.pol file.
5.	Log off the computer as an administrator, and then log on to the computer again as an administrator.
6.	Log off the computer, and then log on to the computer as all of the users on the local computer so that the changes can be reversed on their accounts too.