Lazarus Graveyard

A subnet mask determines which part of an ipv4 address refers to the network and which part refers to the host. For example a standard class C private address used in many home ADSL networks might be;

192.168.1.1 with a subnet mask of 255.255.255.0

In binary the subnet mask is: 11111111.11111111.11111111.00000000

All the bits that are switched on (1) are naming the network.

All the bits that are switched off (0) are naming the host.

So in this example 192.168.1.1 describes host number 1 on the network segment 192.168.1

On this network the subnet mask informs us that the last octet is available for host addresses. This includes 0 to 255 minus 2. (255 is reserved for broadcasts and 0 is the network name) Meaning we could have a total of 253 hosts on the 192.168.1.0/24 network.

The ‘/24′ at the end refers to the number of bits in the subnet mask. In a 255.255.255.0 subnet mask 24 bits are switched on (1). Subnet masks expressed in this fashion is called ‘bit notation’.

Subnetting is basically altering the bit length of a network subnet mask to either increase the number of available networks (moving the number of ‘on/1′ bits to the right which therefore decrease the number of hosts) or increasing the number of hosts (by moving the number of ‘off /0′ bits to the left).

Cisco recommend that you should not have more than 500 hosts on a network.

Certainly in most private class A network ranges (10.0.0.0 to 10.255.255.255) the default class A subnet mask would be 255.0.0.0 (11111111.00000000.00000000.00000000) allowing 255 networks and millions of hosts. This would obviously be an unmanageable number of hosts and so the subnet mask will normally be ’subnetted’ to increase the number of available networks while also reducing the available number of hosts on each network. This would be accomplished by moving the on (1) bits to the right changing the mask from 255.0.0.0 to, perhaps, 255.255.255.0 or 255.255.128.0 any other combination that gives the desired balance of network/host addresses.

To create more networks

1) determine number of networks and convert to binary (right to left)

2) reserve bits in subnet mask and find your increment (lowest bit, left to right – add the number of bits it takes to represent the desired number of networks in decimal to the subnet mask from left to right – the lowest bit at the far right is the increment.)

3) use increment to find your network ranges

To create more hosts

1) determine number of hosts and convert to binary

2) reserve bits in subnet mask and find your increment

(tweak = save the hosts! work out how may bits it takes to represent the desired number of hosts in binary and save that many zeros in the mask from right to left – all zeros in the mask that aren’t in the reserved portion are converted to 1.)

3) use increment to find your network ranges

if subnetting the next range is 256 carry the one to the left octet until the one can be added without exceeding 255.

Reverse engineering subnets

is this ip address valid? what range does it belong to? = 192.168.1.127, 255.255.255.224

the answer is 224…

what increment was used to build the network ranges? the lowest subnet mask octet and break into binary and find the lowest bit value (left to right) so it’s 32.

192.168.1.0

192.168.1.32

192.168.1.64

192.168.1.96 – 192.168.1.127 = ip address belongs to this range but is invalid as is last address of the range and so is the broadcast address.

192.168.1.128

The great exception

because binary begins counting from zero

these network values may throw off calculations for the number of networks;

2, 4, 8, 16, 32, 128

these host values may throw off calculations for number of hosts,

3, 7, 15, 31, 127

to play it safe;

subtract 1 when finding networks (ie if asked to find 128 networks subtract 1 and find it on 127 networks)

add 1 when finding hosts (ie if asked to find 63 hosts add 1 and find 64 hosts)

Profiles are useful if you move around to different location so you can switch between office exchange and external pop3 to pst.

It could also be used to switch between primary mailboxes – this is useful if you want to set up an out of office notification on a mailbox which is not your primary – however you need to have ‘full mailbox rights’ selected in the mailbox rights section of the exchange advanced tab on the profile of the user who owns the mailbox in question.

1. Go to control panel and open the mail icon
2. Click on show profiles
3. Click on add
4. Name the profile
5. Click ok
6. Go through account wizard
7. You now have two profiles (including default ‘Outlook’)
8. You can set it to always use a profile by default or to prompt you for which one you want to use.

Server level task

1. Open ADUC and create a dummy user account.
   
2. In user properties go to exchange advanced tab/mailbox rights
   
3. Add group and assign all permissions except associate external account (NB till user logs on or mail is sent to the mailbox will only list ‘SELF’ in ACL)
   
4. Go to exchange security tab (view/advanced features)
   
5. Advanced/add (group)/set apply onto ‘this object only’ (top of drop down menu)
   
6. Tick the ’send as’ permission
   

Now all group members should be able to access this mailbox

The users need to add the mailbox to their outlook client.

1. Tools/email accounts/view or change/change/more settings/advanced tab/add mailbox/ok

(or access the same screen by right clicking mailbox/properties/advanced/advanced tab)

Now mailbox is available to user, add the ‘from’ field on the mail (from the options drop down menu)

As multiple users are working on the same mailbox its useful if they turn off ‘mark as read’ which can be accomplished by accessing a menu when you right click on the vertical grey line between the email list and preview pane.

Different from ’send on behalf of’ as the mail is sent with complete control and access rights to the mailbox. The email will not say ’sent on behalf of’.

Server level task

1. Open ADUC
2. Locate user who’s mailbox you want to edit
3. Right click/properties/exchange advanced tab/mailbox rights
4. Add nominated user to ACL and give all rights except associated external account
5. Go to security tab (have to have view/advanced features enabled)
6. Click advanced
7. Add nominated user
8. Edit/apply onto “this object only” (from drop down menu)
9. Select ’send as’
10. Ok/ok/ok.

On designated client add the mailbox.

1. Tools/email accounts/view or change/more settings/advanced tab/add

Add the ‘from’ field on the email (from the options drop down menu in the tool bar)

Emails sent on behalf of the mail box now appear as if they were sent by the mailbox owner.

User/client level task.

1. Select mailbox to delegate.
2. Goto tools/options/delegates tab
3. Add nominated user
4. Choose permissions levels for calendar/tasks/inbox/contacts/notes/journal
5. Give mailbox rights! Right click mailbox and go to properties/permissions/add user choose folder visible rights
   

    

Now delegated user can send on behalf of the mailbox.

In the delegated user’s outlook add the delegated mailbox.

1. To send a message on behalf of the delegated mailbox you need to add the ‘from’ field on the email by clicking on the ‘options’ drop down on the mail toolbar.
   
2. In the from field enter the email address of the mailbox you are sending on behalf of.

Share folders with another user (user/client level task)

This enables the nominated user to see the contents of the folder but not act on the folder owners behalf.

1. Right click on the relevant folder (ie inbox).
2. Go to properties/permissions tab.
3. Add the nominated user.
4. Assign permission level.
5. Give permissions at the mailbox level!! Right click on ‘mailbox – name’ and go to it properties/permissions tab and choose the ‘make folder visible’ option.
   

Now the nominated user has permission to view the folders specified;

1. Right click mailbox/open other folder/other user’s folder.
2. Select name to open global address list.
3. Select the right name from the list/ok.

This enables the user to see one inbox at a time and can be quirky. If the email isn’t displayed try closing and reopening outlook.

To set it up on a permanent basis add the mailbox;

1. Right click on mailbox/properties/advanced/advanced tab/add/mailbox/ok.