NT FAQS | Transcender | Microsoft

Windows 2000 Server
Three Phases of Networking
Administrative Tools

Active Directory Services
Kernel Mode | Kernel Mode Drivers
Windows 2000 Executive | Directory Services
Trees & Forests

Windows 2000 Domains | Windows 2000 Workgroups
Installing & Configuring | Licensing - Per Server and Per Seat
Trust Relationships

TCP/IP
IPX/SPX | NetBEUI | DLC | WINS
DNS
DHCP | ARP

Supports up to four microprocessors. Stores and manages Active Directory services information in the directory. Windows 2000 Server computers are typically configured as a file and print server or application server, such as Terminal Services. Supports 256 simultaneous inbound dial-up sessions. Includes Microsoft Internet Information Server, which is a secure Web server platform used to host Internet and intranet Web sites on network servers.

Trees A tree is a grouping or hierachical arrangement of one or more Windows 2000 domains that allows global resource sharing. A tree can consist of a single Windows 2000 domain. A tree is defined by: A hierarchy of domains A contiguous namespace Kerberos transitive trust relationships between the domains A common schema A global catalog capable of listing any objects in the tree Forests A forest is a grouping of one or more trees. Forests allow organizations to group divisions, or two organizations to combine their networks, that do not use the same naming scheme, operate independently, yet need to communicate with the entire organization. A forest is defined by: One or more sets of trees Disjointed namespaces between these trees Kerberos transitive trust relationships between the trees A common schema A global catalog capable of listing any objects in the forest

A workgroup is a logical grouping of networked computers that share resources such as files and printers. A workgroup does not require a computer running Windows 2000 Server to hold centralized information. A workgroup is simple to design and implement. It does not require the extensive planning and administration that a domain requires. A workgroup is convenient for a limited number of computers in close proximity. Becomes impractible in environments with more than 10 computers. A workgroup is well suited to small groups of technical users who do not require central administration. A workgroup computer running Windows 2000 Server is called a stand-alone server.

A Windows 2000 Domain is a logical grouping of network computers that share a central directory database. Joining a Domain During installation, the Windows 2000 Setup wizard provides access to join an existing domain. When joining a domain, create a computer account for that computer in advance, or create it during the installation process by selecting the check box Create a Computer Account for the Domain. Next, supply a user account and password that have the authority to add computer accounts in the domain. By default, this must be an Administrator account. In Windows 2000, the directory database is known as the directory and the database portion of Active Directory services, which is the Windows 2000 Directory service. In a domain, the directory resides on computers that are configured as domain controllers. A domain controler is a server that manages all security-related user/domain interactions and centralizes administration. The core unit of the logical in Active Directory services is the domain. All network objects exist within a domain and each domain stores information only about the objects it contains. A domain is called a partition of Active Directory services. All domains within a forest make up Active Directory services.

Windows 2000 Executive: The Executive performs most of the I/O and object management, including security.

A directory service provides the means to organize and simplify access to resources of networked computer system. You can use a directory service to perform a number of functions. Enforce security to protect the objects in its database from outside intruders or from internal users who do have permission to access those objects. Replicate a directory to other computers in the network to make it available to more users and make it resistant to failure. Partition a directory into multiple stores that are located on different computers across the network. This makes more space available to the directory as a whole and allows the storage of large numbers of objects.

Active Directory services is the directory service included in Windows 2000. Active Directory services provides a single point of network management, allowing you to add, remove, and relocate users and resources easily. Active Directory services uses DNS as its domain naming and location service. For Active Directory services and associated client software to function correctly, you must have installed and configured the DNS service. The core unit of the logical in Active Directory services is the domain. All network objects exist within a domain and each domain stores information only about the objects it contains. A domain is called a partition of Active Directory services. All domains within a forest make up Active Directory services. A domain controller is a Windows 2000 Server computer that stores a replica of the directory partition (local domain database). Only computers running Windows 2000 Server, Advanced Server, or Datacenter Server can be designated as domain controllers.

A trust relationship is a link between at least two domains in which the trusting domain honors the logon authentication of the trusted domain. Wehn a domain is joined to a Windows domain tree, a trust relationship is automatically established between the new domain and the root or parent domain of the tree. Transitive Trust Relationships The network administrator can define explisit one-way trust accounts for specific domains when a two-way trust is not appropriate. Transitive trust is a feature of the Kerberos system.

Memory 64 MB for networking with one to five client computers; 128 MB minimum is recommended for most network environments. Display VGA monitor capable of 640 x 480 (1024) x 768 recommended). CD-ROM drive 12x or faster recommended, not required for network installations. Additional Drives High-density 3.5-inch disk drive, unless your CD-ROM is bootable and supports starting the Setup program from a CD-ROM. Optional Components Mouse or other pointing device. For network installation: a network adapter and an MS-DOS-based network system that permits connection to a server containing the Windows 2000 Setup files. Disk Partitions The Windows 2000 Server Setup program allows you to install Windows 2000 Server onto an existing partition or to create a partition and then install Windows 2000 onto a new one. File Systems Windows 2000 supports NTFS and the FAT file system. There are two FAT file systems: FAT16 and FAT32. NTFS File-level and directory-level local security NTFS allows you to control access to files and directories regardless of whether access is local or over the network. Disk compression NTFS compresses files to store more data on the partition. Disk quotas NTFS allows you to control disk usage on a per-user basis. Encryption NTFS allows you to encrypt file data on the physical hard disk. FAT16 and FAT32 file systems allow access by, and compatibility with, more than one operating system. To boot between Windows 2000 and another operating system, the Windows 2000 system partition mush be formatted either with the FAT16 or th eFAT32 file system. If the partition is smaller than 2048 MB, Setup formats the hard drive as FAT16. On partitions larger than 2 GB, Setup automatically formats the hard drive as FAT32.

Per-Server Licensing: Client Access Licenses are assigned to a particular server. Allows one connection per client computer to the server for basic network services. Per-Seat Licensing The Per Seat licensing mode requires a separate Client Access License for each client computer used to access Windows 2000 Server for basic network services. Client Access License (CAL) A Client Access License gives client computers the right to connect to computers running Windows 2000 Server so that the client computers can connect to network services, shared folders, and print resources. When you install Windows 2000 Server, you must choose CAL mode: Per Seat or Per Server.

Upgrading is the process of installing Windows 2000 Server in a directory that currently contains certain versions of Windows NT. The versions of Windows NT from which you can upgrade are: Windows NT Server 3.51, Windows NT Server 4.0 Server or Windows NT 4.0 Terminal Server. Installing is the process of placing the operating system in a new directory, wiping out the previous operating system at setup, or installing Windows 2000 Server on a disk or disk partition with no previous operating system. Installation Methods Setup boot disk CD-ROM Over-the-network Winnt.exe is commonly used for over-the-network installations that use a MS-DOS network client. Winnt32.exe is used to install Windows 2000 Server from an existing Windows 95, Windows 98, or Windows NT computer.

Transport Control Protocol and Internet Protocol Routable Used for UNIX and the Interent Main protocols: TCP (connection-oriented); UDP (connectionless) IP address consists of network address and node address Bytes for network address: 1 (Class A); 2 (Class B); 3 (Class C) First octet: 1-126 (Class A); 128-191 (Class B); 192-223 (Class C

Host/Terminal Networks Client/Server Network Peer-to-Peer Network

Active Directory Domains and Trusts Used to manage trusts between domains. Active Directory Sites and Services Used to manage sites involved in Active Directory replication. Active Directory Users and Computers. Used to manage sites involved in Active Directory replication. Component Services Used to manage COM+ applications. Computer Management Used to start and stop services, manage disks, and provide access to other computer management tools for local and remote administration. Configure Your Server Used to start and stop services, manage disks, and provide access to other computer management tools for local and remote administration. Used to configure a system for network operations. Data Sources (ODBC) Used to manage ODBC drivers and data sources. DHCP Used to manage DHCP, which assigns TCP/IP settings to clients. Distributed File System Used to manage DFS, which creates a single shared hierarchy of resources from multiple hosts. DNS Used to manage DNS, which resolves host names into IP addresses. Event Viewer Used to access various log files under Windows 2000. Internet Services Manager Used to manage Web and FTP Internet services. Licensing Used to manage licenses and client use. Performance Used to monitor the performance of a system or network. Routing and Remote Access Used to manage remote connections and routing activities. Server Extensions Administrator Used to manage FrontPage server extensions. Terminal Services Licensing Used to manage client access to terminal services.

Used to support NetBIOS Low overhead Non-routable; used for small networks

Used for NetWare connectivity or as a general network transport Main protocols: IPX (connectionless); SPX (connection oriented) Routable

Non-routable Used for mainframe connectivity and network printers

For NetBIOS name resolution. To configure a WINS proxy agent, edit the registry on a WINS-enabled client by setting the value for the EnableProxy enty to 1, and then restart the computer. The EnableProxy entry is located in the registry under the subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters.

for HOST name resolution

User Mode layer is made up of two kinds of subsystems: environment subsystems and intregal subsystems. Environment Subsystems allow Windows 2000 to run applications written for different operating systems. Win32 evironment subsystem: Controls Win32-based applications and provides an environment for Win16 and Microsoft MS-DOS-based applications. POSIX evironment subsystem: Provides APIs for POSIX-based applications. POSIX refers to the portable operating system interface standard developed by the Institute of Electrical Envineers to ensure portability of applications across different platforms. The environment subsystems and the applications that run within them have no direct access to hardware or device drivers. Integral Subsystems Integral subsystems perform essential operating system functions. Security: Creates security tokens and tracks rights and permissions associated with user accounts. The Security subsystem also tracks which system resources are audited. Workstation service: A networking integral subsystem that provides an API to access the network redirector. The Workstation service allows a Windows 2000 computer to access the network. Server service: A networking integral subsystem that provides an API to access the network server. The Server service allows a Windows 2000 computer to provide network resources.

Kernel Mode

The kernel mode layer of the Windows 2000 architecture has access to system data and hardware.

Top

Kernel Mode Drivers

Kernel Mode Drivers Kernel mode drivers share many of the design goals of Windows 2000 Portability from one platform to another. Configurability of hardware and software. Always preemptible and always interruptible. Multiprocessor safe on multiprocessor platforms. Object-based. Support for asynchronous I/O. Packet driven I/O with reusable IRPs. There are three basic types of kernel mode drivers: highest-level drivers, intermediate drivers, and lowest-level drivers.