DataOptions.com > Windows NT Server Notes

Windows NT Server Notes Data Options Travel Links www.dataoptions.com

The date and time is:

NT Server

Hardware Requirements:

CPU: 486/33 or higher Intel-based processor (486 must be running in Enhanced Mode).

Microsoft Windows 95 or later (including Windows NT).

RAM: 16 MB (32 MB recommended)

Display: VGA, Super VGA, or better

Hard disk: SCSI or IDE; 124 MB of space required for OS

Floppy disk: 3.5", 1.4 MB

CD-Rom: SCSI or IDE (not required for network installations)
Network interface card: Any support by NT

Windows NT Logon

Top

Hardware Support

HCL (Hardware Compatibility List):

Current list of supported hardware

NTHQ (NT Hardware Qualifier): Utility to check compatibility.

Use MAKEDISK.BAT to create disk, then boot the disk.

Top

RAID 1 - RAID 5

RAID 1 Mirroring or Duplexing

RAID 5 Striping with Parity

Top

Backups

Full backup copies all of the files every time; clears archive bits

Differential backup includes all of the files that have changed since the last full backup, does not clear archive bits

Incremental backup copies files that have changed since the last backup, whether full or incremental; clears archive bits

Copy includes all files, does not modify archive bit

Daily copy includes files modified on the the current data; does not modify archive bit

Top

Migration Tool for NetWare

Copies files from NetWare server to NT Server

Migrates users and groups from NetWare to NT Server

Does not migrate passwords

May not fully migrate file ownership, permissions, and defaults.

FPNW Must be installed on Windows NT Server before migrating if you want to preserve users logon scripts.

The configurable options include:

Handling duplicate usernames and groups
Setting up passwords on user accounts that are migrated
Maintaining logon scripts
Selecting which files and directories are to be migrated and their destinations

Top

RAS Server

Up to 256 incoming connections under NT Server

Supports TCP/IP, NetBEUI, IPX/SPX

Configure and manage with Remonte Access Admin utility

Top

Remote Access Administrator (rasadmin)

Monitors live connections

Rasadmin is used to configure the remote access service on a Windows NT computer

Configure and manage with Remonte Access Admin utility

Top

Remote Access Service Configuration Options

RAS Communications

RAS Protocols

RAS Security

Dial-up Networking Clients

RAS can connect to a remote computer using any of the below media:

Public Switched Telephone Network (PSTN)
Also known as the phone company. RAS can connect using a modem through an ordinary phone line

X.25
A packet-switched network. Computers access the network via a Packet Assembler Disasembler device (PAD). X.25 supports dial-up or direct connections.

Null modem cable
A cable that connects two computers directly. The computers then communicate using their modems (rather than network adapter cards).

ISDN
A digital line that provides faster communication and more bandwidth than a normal phone line. (It also costs more-that's why not everybody has it.) A computer must have a special ISDN card to access an ISDN line.

Top

Built-in Groups on Domain Controllers

The Windows NT Domain
Local Groups

Administrators
Users
Guests
Backup Operators
Replicator
Print Operators
Server Operators

The Windows NT Domain
Global Groups

Domain Administrators
Domain Users
Domain Guests

The Windows NT Domain
Workstations and Member Servers Groups

Administrators
Backup Operators
Power Users
Guests
Replicator
Users

The below, other than the Administrator, have the right by default to log on locally to a Windows Domain Controller:

Server Operator
Account Operator
Backup Operator
Print Operator

Top

Local Groups

Equivalent to groups in NT Workstation

Used to control users access to a computer or domain resources

Can contain users and global groups

Users cannot be added to Local Groups.

Cannot put a Local Group in another domain's Local Group.
Permissions are assigned to Local Groups.

Remember:

Users are only assigned to global groups
Individual users are not assigned to local groups
Rights are only granted to local groups
Only local groups can access resources
Global groups are added to local groups.

Top

Global Groups

Available in NT Server domain model only

Used to group users with similar functions

Can contain users only

Can be made members of local groups on trusted domains

Remember:

Users are only assigned to global groups
Individual users are not assigned to local groups
Rights are only granted to local groups
Only local groups can access resources
Global groups are added to local groups.

Top

Workgroups

A loose association of computers which does not provide centralized administration. Each computer's user is the administrator of that computer.

Each user must have an account on each computer where a needed resource is located.

Scenario: If you have more than 6-10 computers you need to connect or you need to provide centralized administration, a workgroup is not the right choice.

Workgroup structure works well in a small office where the primary aim of networking is the sharing of a printer or a few files.

Top

Installation Phases

Pre-copy: Copies files to temporary directory or creates boot disks

Phase 0: Text-based phase

Phase 1: Beginning of GUI (Setup Wizard) phase

Phase 2: Set up network components

Phase 3: Final setup; time zone, display properties

Top

Computer Types

PDC: Primary domain controller (one per domain); must be installed first

BDC: Backup domain controller; PDC must be up when installing

Member Server: Participates in domain but is not a controller

Adding computers to domain requires Administrator password to create computer account

Top

PDC - Primary Domain Controller

PDC: Primary domain controller
One per domain
Must be installed first
The PDC's functions are the maintenance of trusts, synchronization of domain controllers and user authentication if the BDCs are overloaded.
The PDC has control of the SAM.
The PDC has the only editable copy of the SAM and has the responsibility of ensuring that the Backup Domain Controllers (BDC) have an up-to-date copy of the SAM.
If the PDC is offline, users cannot change their passwords and administrators cannot add or delete user accounts, change user and group accounts, trusts, policies and so on.

Top

BDC - Backup Domain Controller

BDC: Backup domain controller
PDC must be up when installing
The primary role of a BDC is user authentication.
The BDCs each contain a read-only copy of the SAM that is synchronized periodically with the original, authoritative SAM on the PDC.

Top

Member Server - Stand-Alone Server

Member Server
Participates in domain but is not a controller
Also called a stand-alone server
May participate in a workgroup
Does not validate domain user logons.
Used as file servers, print servers, application servers.
Using Server Manager, an administrator can create an account. Then from the member server, use the Network applet to join the domain. A computer account can be created at the same time that the server joins the domain. Username and password for an account that has the right to create computer accounts is required. Of course!

Top

File Systems

FAT: DOS standard; 2 GB maximum; 8.3 filenames
VFAT: Windows 95 and NT; 4 GB maximum; long filenames
NTFS: NT 4.0 and later; 16 EB (exabytes) maximum; long filenames; security
HPFS: OS/2 and NT 3.51 and earlier; includes security; cannot be migrated to HPFS in NT 4.0

Top

Installation Program

WINNT32 (Windows NT) or WINNT (Windows 3.1; DOS; Windows 95)
WINNT /B: Do not create boot disks
WINNT /OX: Create boot disks, but do not start installation
WINNT /T: drive: Specify temporary storage drive
WINNT /U: Use unattended answer file

Top

Unattended Installation

Answer file: Contains answers to installation prompts
Uniqueness database file (UDF): Contains specific exceptions for one or more computers

Top

SYSDIFF

SYSDIFF /snap: Create snapshot
SYSDIFF /diff: Create difference file
SYSDIFF /apply: Apply difference file to computer
SYSDIFF /inf: Create INF file based on difference file
SYSDIFF /dump: Create report of difference file contents

Top

TCP/IP Network Component

Transport Control Protocol and Internet Protocol
Routable
Used for UNIX and the Interent
Main protocols: TCP (connection-oriented); UDP (connectionless)
IP address consists of network address and node address
Bytes for network address: 1 (Class A); 2 (Class B); 3 (Class C)
First octet: 1-126 (Class A); 128-191 (Class B); 192-223 (Class C

Top

SLIP - Serial line Internet protocol

Simple; TCP/IP only; UNIX servers

Top

Point-to-Point Protocol

PPP - Supports authentication and error control; TCP/IP or other protocol; NT Servers

For more on Protocols!

Top

NetBEUI

Used to support NetBIOS
Low overhead
Non-routable; used for small networks

Top

IPX/SPX (NWLink)

Used for NetWare connectivity or as a general network transport
Main protocols: IPX (connectionless); SPX (connection oriented)
Routable

Top

DLC

Non-routable
Used for mainframe connectivity and network printers

Top
WINS - Proxy Server

For NetBIOS name resolution and NetBIOS name registration. A WINS proxy agent extends the name resolution capabilities of the WINS server to non-WINS clients by listening for broadcast name registrations and broadcast resolution requests and then forwarding them to a WINS server.

Installing a WINS Server:
WINS Server is included with Windows NT Server. To installit, select Add from the Services tab of the Network control panel, and select Windows Internet Name Service.

Configuring a WINS (Windows Internet Name Service) Proxy Agent:
To configure a Windows NT client to use a WINS server, use the WINS Address tab in the TCP/IP Properties dialog. You can specify a primary server and a secondary server, which will be used when the primary server is unreachable.

Top
DNS

for HOST name resolution

Top

NetWare

NWLink: IPX/XPX protocol
CSNW: Client for NetWare
GSNW: Gateway for NetWare (NT Server Only)
FPNW: File and print sharing for NetWare (add-on product)
FPNW Must be installed on Windows NT Server before migrating if you want to preserve users logon scripts.

Top

NetWare File and Print Services

NWLink: Gateway Services for NetWare (GSNW)
CSNW: GSNW Translates Novell's NetWare Core Protocol (NCP) to and from the Microsoft Server Message gateway (SMB) Protocol.
GSNW: Gateway for NetWare is installed on a Windows NT Server to provide Microsoft clients with access to NetWare resources from a Windows NTT Server logon.
FPNW: NWLink IPX/SPX must be installed before, or during, the installation of GSNW.
NWLink IPX/SPX is required to log on to and access resources on NetWare file servers.
You do not have to add NWlink IPX/SPX to each client because the gateway translates incoming client SMB requests to NCP requests for a NetWare server regardless of the transport protocols on the client.

Top

Novell Password

Novell 3.x user Password change setpass
Novell 4.x NDS Password change ALT+CTRL+DEL

Top

RAS Security

Auditing
RAS can leave an audit trail, enabling you to see who logged on when and what authentication they provided.
Callback Security
You can enable RAS server to use callback (hang up all incoming calls and call the caller back), and you can limit callback numbers to prearranged sites that you know are safe.
Encryption
RAS can encrypt logon information, or it can encrypt all data crossing the connection.
Security Hosts
In case Windows NT isn't safe enough, you can add an extra dose of security by using a third-party intermediary security host-a computer that stands between the RAS client and the RAS server and requires an extra round of authentication.
PPTP filtering
You can tell Windows NT to filter out all packets except ultra-safe PPTP packets.
PAP (Password Authentication Protocol): Internet Standard; passwords sent as clear text; least secure
Protocols that can be used:
IPX/SPX
TCP/IP
NetBEUI
RAS Line Protocols:
SLIP
PPP
SPAP (Shiva PAP): Shiva's improved version of PAP; passwords sent in encrypted form
CHAP (Challenge Handshake Authentication Protocol): Two-way protocol using encrypted passwords
MS-CHAP (Microsoft CHAP): Microsoft's proprietary version of CHAP; supported only by Windows and Windows NT

Top

RAS AutoDial

Maps network addresses to RAS phonebook entries
Automatically enabled when you start your computer
Requires at least one TAPI dialing location

Top

Registry Utilities

REGEDIT displays entire registry in one window; allows complex searches
REGEDT32 displays subtreesss in separate windows; allows changes to registry key security

Top

Registry Subtrees

HKEY_CLASSES_ROOT stores file associations
HKEY_CURRENT_USER stores control panel settings; loaded from user profile at login
HKEY_LOCAL_MACHINE stores hardware-specific data
HKEY_USERS stores default user settings and settings for each user profile
HKEY_CURRENT_CONFIG stores dynamic configuration information
HKEY_DYN_DATA stores dynamic hardware information

Top

User Profiles

Local profiles only work at a particular workstation
Roaming profiles work at any Windows NT computer in the network
Mandatory profiles are roaming profiles that cannot be modified by users

Top

User Manager

Edit and control individual user accounts and policies from a central location.

Top

Account Policy

Set password restrictions, account lockouts.

Top

System Policies

User policies affect user's environment
Computer policies affect a computer or all computers
Created with System Policy Editor (POLEDIT)
Stored in registry

Top

Security Policies

Account Policy stores defaults for user accounts (password length, etc.)
User Rights Policy assigns rights to users or groups
Audit Policy enables or disables auditing

Top

Volume Sets

Two or more partitions
Total capacity is sum of all partition sizes
Partitions can be added without erasing
Decreases speed
Not fault tolerant

Top
Disk Striping

2-32 partitions on separate disks
Intersperses data between disks
Increases read and write speed
Stripe sets spread data across an array of disks to improve read/write performance
Stripe sets and volume sets are not fault tolerant.
Cannot encompass system and boot partitions

Top

Disk Striping with Parity
RAID 5

A stripe set with parity requires 3 physical disks and cannot include the system partition or boot partition
3-32 partitions on separate disks
Uses a portion of each drive for parity
Total capicity is (number of drives - 1) * (capacity per drive)
Total space used for parity is equal to one drive's capacity
Set of 3 600-MB drives uses 600 MB for parity (200 MB per drive)
Cannot contain system or boot partitions

Top

NTFS Security

Rights: Read, Write, Delete, Change Permissions, Execute, Take Ownership, Full Control, No Access
Combining user and group rights; Least restrictive permission applies unless any right is No Access
Copied files inherit permissions of new directory
Moved files retain permissions

Top

File Sharing

Rights: Read; Change, Full Control, No Access
Combining NTFS and share rights: Most restrictive permission applies
Default shares: NETLOGON; ADMIN$ for WINNT directory; shares for each drive (C$, etc.)

Top

Event Viewer

System Log: System error messages and status messages
Security Log: Security errors and auditing
Application Log: Application-specific errors and messages

Top

Task Manager

Applications: List of currently running applications
Processes: Complete list of current processes
Performance: Graph of CPU and memory usage; information about files, threads, and processes in use

Top

Performance Monitor

Chart: Displays a graph of counter values over time
Alert: Alerts you if a counter exceeds defined boundaries
Log: Creates a log file with counter values
Report: Generates a printable report based on the counters

Top

Client-Based Computer Types

Windows 95 Clients
The Windows 95 client-based network administration tools are:

Event Viewer

File Security tab

Print Security tab

Server Manager

User Manager for Domains

User Manager Extensions for Services for NetWare

File and Print Services for NetWare

Note:
Client for Microsoft Networks must be installed on the Windows 95 computer.

Windows NT Workstation Clients
The Windows NT Workstation client-based network administration tools:

DHCP Manager

Remote Access Administrator

Remoteboot Manager

Services for Macintosh

Server Manager

System Policy Editor

User Manager for Domains

WINS Manager

Note:
The Workstation and Server services must be installed on the Windows NT Workstation.

Top

Network Browser Types

Master Browser: Receives broadcasts from sharing computers; compiles browse list; distributes list to backup browsers; usually PDC or BDC

Domain master browser: Collects information from master browsers in different subnets and distributes it ot the ohter master browsers, usually the PDC

Backup browsers: Maintain a backup copy of the browser list; provides list to clients

Potential browsers: Can act as browsers, but are not currently participating in the browser process; all Windows NT, Windows 95, and Windows for Workgroups machines

Non-browsers: Cannot act as browsers, but can make shares available and broadcast share lists to master browser

Top

Printing

Printer is software representation; print device is actual hardware
Configured from Printers folder
Print pool: Printer with multiple assigned ports, attached to identical print devices
Print priorities: 1-99; 99 is highest; default is 1 for all printers
LPD - Line Printer Daemon
LPR - Line Printer Remote

Top

Dial-up Protocols

SLIP (Serial line internet protocol: Simple; TCP/IP only; UNIX servers
PPP (Point-to-point protocol): Supports authentication and error control; TCP/IP or other protocol; NT Servers

Top

Grant Dial-In Permissions

Remote Access Admin
User Manager for Domains

Top

Network Types

Workgroup (peer-to-peer) networks: Each workstation can share resources; each handles its own user authentication; best suited for small networks (10 workstations or less)
Domain: (client-server) networks: One or more dedicated servers; centralized administration; any number of users; requires PDC (NT Server only)

Top

MS-DOS

DOS applications each have a separate memory space
Each DOS application runs in its own virtual DOS machine (VDM)
AUTOEXEC.NT and CONFIG.NT files provide configuration information for DOS applications.
Applications that attempt to access hardware directly or use their own extended memory managers are not support by Windows NT.

Preemptive multitasking is supported for multiple DOS programs in separate VDMs.

Each DOS application has its own memory space, and DOS applications cannot communicate with other applications.

Top

Win16

16-bit Windows applications are run in the WOW (Windows-on-Windows) subsystem, which also uses a VDM. These applications share a VDM and memory space by default, and are cooperatively multitasked.

Win32

16-bit Windows applications written for Windows NT are support, along with the majority of those written for Windows 95. 32-bit applications each have their own memory space, but can communicate with each other and with 16-bit applications.

Top

Multithreading

The ability of an operating system to allow multiple tasks (threads) within an application to execute at the same time. In a multiprocessor system, these may be executed on different processors.

Top

Multiprocessing

The ability of an operating system to use multiprocessors (CPUs) in a computer at the same time. Windows NT is the only version of Windows that supports multiprocessing.

Top

Cooperative Multitasking

A system for allowing multiple applications to execute at the same time in an operating system. Applications must cooperate, periodically giving up control of the processor for use by other applications.

Top

Emergency Repair Disk

An emergency repair disk can be made through Disk Administrator, or the RDISK utility that allows you to recover disk configuration information in the event of an emergency.

Top

Preemptive Multiprocessing

Multitasking is the ability to run several applications at once using one processor.
This can be either preemptive of cooperative.

Top

File Systems

FAT: DOS standard; 2 GB maximum, 8.3 filenames
VFAT: Windows 95 and NT; 4 GB maximum; long filenames
NTFS: NT 4.0 and later; 16 EB maximum; long filenames; security
HPFS: OS/2 and NT 3.51 and earlier; includes security; cannot be migrated to HPFS in NT 4.0

Top

Domain

Collection of computers defined by the administrator of a Windows NT Server network that share a common directory.
Provides access to the centralized user accounts and group accounts maintained by the domain administrator.
Each domain has a unique name.

PDC: Primary domain controller
One Primary domain controller per domain
Must be installed first
The PDC's functions are the maintenance of trusts, synchronization of domain controllers and user authentication if the BDCs are overloaded.
The PDC has control of the SAM.
The PDC has the only editable copy of the SAM and has the responsibility of ensuring that the Backup Domain Controllers (BDC) have an up-to-date copy of the SAM.
If the PDC is offline, users cannot change their passwords and administrators cannot add or delete user accounts, change user and group accounts, trusts, policies and so on.

BDC: Backup domain controller
PDC must be up when installing
The primary role of a BDC is user authentication.
The BDCs each contain a read-only copy of the SAM that is synchronized periodically with the original, authoritative SAM on the PDC.

Top

Dynamic Host Configuration Protocol

Automatically assigned TCP/IP parameters

Top

Address Resolution Protocol

ARP - Provides IP address to MAC address resolution for IP packets.

Top

Remove NT on FAT

Remove \WINNT directory and other files associated with NT or delete partition.

Top

Remote Administration

Server Tools available for NT Workstation and Windows 95
Windows 95 tools: User Manager for Domains, Server Manager, Event Viewer, Explorer extensions

Top

Disk Mirroring and Duplexing
RAID 1

Disk mirroring requires 2 physical disks and can include the system or the boot partition.
2 partitions on separate drives with identical capacities
Mirroring uses one controller
Duplexing uses two controllers
Total capacity is equal to one drive's capacity
Increased read speed; slight decrease in write speed

Top

Remove NT on NTFS

Remove partition using DOS or Windows 95 FDISK utility (primary partitions) or WIN NT installation boot disks for extended partitions.
Use SYS C: command to rewrite the boot sector.

Top

Hardware Qualifier Tool

A utility called NT Hardware Qualifier that tests a computer for compatibility and detects supported devices.
To use this utility, make an NTHQ disk by executing the MAKEDISK.BAT file in the \SUPPORT\HQTOOL directory.

Home Page | Advertise | Top of Page