Installing NT
Installation Options
/x Prevents setup from making installation
floppies.
/ox Specifies floppies be made for
installation from the compact disk.
/b Installs boot files to harddrive only for
floppy-less installation.
/c Prevents free space check on floppies.
Not available with winnt32.
/f Copies files without verification. Not
available with winnt32.
/s Specifies the location of the installation
source files. /s:d:\i386. Multiple sources
can be specified to speed installation
over a network.
/u Specifies unattended installation using
the answer file specified as
/u:d:\answer.txt. Must be used in
conjunction with /s.
/udf Specifies the use of a uniqueness
database file. /udf:id,d:\unique.txt.
/t Specifies a directory for temporary
installation files.
/l Creates a log file for errors
encountered during installation. Not
available with winnt32.
File Systems
Use NTFS when:
Dual Boot to FAT operating systems not
needed.
Using services for Macintosh.
File level and local security needed.
Permissions must be preserved from
Netware.
NT file compression will be used.
Dual Boot
The system partition must be FAT in a
dual boot configuration.
The Bootable partition can be FAT or
can be converted to NTFS.
The operating system files for NT will
reside in the boot partition.
The boot partition does not have to be
primary and can reside on another disk.
DOS will not be able to see the NTFS
partition.
Removing WindowsNT
DOS FDISK: Versions from 5.0 and
higher. Cannot remove NTFS from a
logical drive in an extended partition.
NT installation disks: Load all three disks
and delete the installation partition at the
screen following the license agreement.
Removing the NT boot loader. Boot to
DOS and use sys c: (DOS or WIN95).
Remove the following files:
1.boot.ini
2.pagefile.sys
3.nt*.*
4.bootsec.dos
5.system root folder
6.Program files\Windows NT
NT Documentation
Workstation: support\books on
CD-ROM.
Server: support\books includes
Concepts and Planning (Book_cp.hlp).
Configuring NT
Registry
regedt32.exe:
HKEY_LOCAL_MACHINE:
configuration data for local computer.
Data in this tree is constant regardless of
user. Has five subkeys;
1.Hardware: generated each time
computer is booted. Does not
have an associated hive.
2.SAM: Security Account Manager
holds local and group account
information.
3.Security: contains all security
information for the local computer.
4.Software: contains software
information common to all users.
5.System: contains information
about system devices and
services.
HKEY_USERS: contains DEFAULT
tree and SID of currently logged on user.
HKEY_CURRENT_USER: contains
data about the user currently logged onto
the computer. Points to the same data as
HKEY_USERS\SID.
HKEY_CLASSES_ROOT: contains
information about file associations and
data associated with COM objects.
HKEY_CURRENT_CONFIG: contains
data about the current active hardware
profile.
Registry Data Types
1.REG_DWORD: 1-8 hexadecimal digits.
2.REG_SZ: string data type of variable
length.
3.REG_BINARY: A string of hex digits;
each pair of digits forms a byte value.
4.REG_MULTI_SZ: a multiple string
entry.
5.REG_EXPAND_SZ: expandable string
entry.
Regedit:
The Windows95 version of the registry
editor. Not recommended for NT use
but contains more powerful search
engine.
Control Panel
Per-user settings (modifies the key
HKEY_CURRENT_USER\Control
Panel\):
Accessibility Options
Console
Display
Keyboard
Mouse
Regional Settings
Sounds
Per-computer settings (same for all users
of the machine):
Note: You must be a member of
the Administrators group to
modify these settings:
Add/Remove Programs
Date/Time
Devices
Display
Fonts
Internet
Multimedia
Network
Ports
Printers
SCSI Adapters
Server
Services
System
Tape Devices
UPS note: if UPS switches off
during boot add
/NoSerialMice=comX switch to
boot.ini file for the port the UPS is
attached.
Hardware Profiles
System/Hardware Profiles Tab.
Copy and modify current Hardware
Profile.
Use Devices and Services applets to
enable and disable devices and services
for that profile.
Use Hardware Profile tab to move
profile up or down to set default and
change time-out value.
At boot, hit spacebar to select Hardware
Profiles.
Page Files
System/Performance tab in Control
Panel.
Workstation: size of RAM + 12 MB.
Server: size of RAM. Note: if less than
22MB RAM; 22MB or size of free
space, whichever is smaller.
Create pagefiles on each physical disk to
increase performance.
Move pagefile from drive that contains
the systemroot folder to increase
performance.
Environment Variables
System/Environment tab in Control
Panel.
System: common to all users of the
system.
User: Specific to the logged on user of
the computer.
Set in this order: Autoexec.bat, System,
User. Thus User variables will override
previously set variables.
Use the registry editor or System Policy
Editor to prevent parsing (reading) of the
Autoexec.bat file.
System Policies
Created with System Policy Editor
(poledit.exe) on NT Server only.
Gives administrators control over the
environments of Users, Groups or
Workstations in a domain.
Default Computer: Used to configure
logon and network settings. Affects all
computers in the domain.
Default User: Used to configure the
User's desktop. Affects all users in the
domain.
NT searches for Ntconfig.pol by default
at logon. This file must be stored on the
PDC in the
systemroot\System32\Repl\Import\Scripts
directory which is shared as
\\pdc\netlogon. Win95 policies are saved
as Config.pol in the same share.
Logon sequence for policies is:
1.User Profile loaded.
2.User Policy loaded.
3.Group Policy loaded according to
priority set in Policy Editor.
4.Default Profile loaded if User or
Group not defined.
5.Computer policy loaded. Default
used if none defined.
Policy editor works in two modes:
Registry and Policy. Registry directly
edits the local computer registry. Policy
mode saves the policy in the Netlogon
share as Ntconfig.pol.
Load Balancing allows Win95 computers
to obtain policies from multiple domain
controllers to increase performance.
File Systems
FAT
System partition must be FAT to dual
boot Win95/DOS NT.
Supports long file names; 255 characters
maximum.
No local security.
4GB maximum.
Low Overhead.
Not recommended for partitions over
200MB.
NTFS
Preferred for NT.
Supports long file names.
Supports Local Security.
Maximum partition of 2 terabytes.
High overhead. Minimum partition of
50MB.
Supports NTFS file compression.
Highly recoverable.
Supports cluster remapping.
Supports Macintosh files.
Supports POSIX.
File and Folder security.
Separate Recycle Bin for each user.
Reduces fragmentation.
Conversion from FAT to NTFS is one
way (convert d: /fs:ntfs).
Long File Names
Aliases for 8.3 system are generated
from the first six characters and ~# for
the first four files then a hashing algorithm
is used.
When using long filenames from the
command prompt, place quotes around
the entire path: "d:\My Files\notepad" or
net share folders="d:\My Files\My
Folder".
Quotes are not need when changing
directories.
Use dir /x to view long filenames and
aliases from command prompt.
NTFS Compression
Compression attribute may be set for
files or folders.
Files created within a compressed folder
will automatically be compressed.
Files can be compressed using the
Properties/General tab in Explorer or the
compact command at the command
prompt.
Any user with Read or Write permission
to a folder can apply compression.
When a file is copied, the compression
attribute changes to that of the target
folder.
When a file is moved, the compression
attribute stays the same. If it is moved to
a different partition, it will inherit the
attribute of the new partition.
Managing Partitions
Volume Sets
Volume set combines 2 to 32 areas of
unformatted free space on one or more
harddisks. The volume set is treated as a
single partition.
Volume set can be created from SCSI
and IDE drives or both.
System and Boot partitions cannot reside
in a volume set.
No fault tolerance.
Data fills the members in sequence.
No increase in performance.
Can be extended using free space for
NTFS volumes only in Disk
Administrator.
Stripe Sets
Requires at least two harddisks.
The amount of space used on each disk
is equal to the smallest free partition.
Can include different types of disks.
System and Boot partitions cannot reside
in stripe set.
No fault tolerance (actually more
susceptible).
Data is written evenly across the disks in
64K blocks.
Increases performance.
Partitions must be of approximately the
same size.
Cannot be extended.
Managing Fault Tolerance
RAID
NT Server supports software
implementations of RAID levels 1 and 5.
Both support NTFS and FAT.
Implemented in Disk Administrator with
Fault Tolerance menu.
RAID 1; mirror sets
Simultaneously writes the same data to
two physical drives.
Implemented at the logical drive level.
Disk duplexing increased fault tolerance
by using a second controller.
50% of disk space is lost.
System and Boot partitions can be
mirrored.
RAID 5; stripe sets with parity.
3 to 32 disks are supported.
Data can be regenerated if one and only
one disk fails.
Less disk space lost with more disks in
set.
Better performance than mirror sets.
Cannot stripe System or Boot partitions.
Regeneration
Mirror set:
1.Break the Mirror set in Disk
Administrator.
2.Delete the failed partition.
3.Create a new mirror in free space
on another disk.
Stripe set with parity:
1.Select an area of free or replace
the failed drive.
2.Select Regenerate from the Fault
tolerance Menu.
Fault Tolerance Boot Disk
Used to regenerate a failed mirrored
Boot or System partition.
Format a floppy on NTServer.
Copy Ntldr, Ntdetect.com,
Ntbootdd.sys (scsi no bios) and Boot.ini.
Edit Boot.ini to point to the mirrored
partition.
Test the boot disk.
ARC Paths
Example:
multi|scsi(w)disk(x)rdisk(y)partition(z)
multi(w): specifies IDE or SCSI with
BIOS enabled where w is the number of
the hardware adapter.
scsi(w): indicates SCSI adapter w with
BIOS not enabled.
disk(x): indicates the scsi bus number.
Always 0 with multi.
rdisk(y): number of the non-scsi disk.
partition(z): number of the partition.
Supporting Applications
User Mode
Less privileged than Kernel Mode.
No direct access to Hardware.
Applications run in User Mode.
Are limited to an assigned address
space.
Can be paged to virtual memory.
Processed at a lower priority than Kernel
Mode.
Kernel Mode
Can access hardware directly.
Can access all the memory on the
computer.
Cannot be paged.
Processed at a higher priority than User
Mode.
Environment Subsystems
Win32: supports DOS, Win31 and
Win32 applications.
POSIX
OS/2
Security: supports the logon process
only.
Task Manager
Applications: Use to switch tasks or end
tasks.
Processes: Use to end and set process
priorities.
Performance: Use to monitor CPU
Usage History.
Win32-Based Applications
Can be multithreaded.
Reliable: runs in its own address space
and will not affect other Win32 programs
if it fails.
Supports OLE/ActiveX, OpenGL and
DirectX.
OS/2 Subsystem
OS2SS.exe and OS2SRV.exe adapt
Win32 services to OS/2 applications.
OS2.exe:manages program-specific
aspects of the OS/2 environment. One
instance of this file runs for every OS/2
application.
NETAPI.dll and DOSCALLS.dll: NT
versions of the API's that OS/2
programs are written to.
Posix Subsystem
Portable Operating System Interface.
Can be started from the Command
Prompt, Explorer or from within another
POSIX application.
Requires file system to support
hard-links (a single file having more than
one name) and case sensitive naming.
Requires NTFS.
Each POSIX applications runs in a single
protected POSIX subsystem and are
preemptively mutitasked.
Bound Applications
An application that is compiled to run
under DOS or OS/2.
Can be forced to run in a VDM with
forcedos.exe.
Used when presentation manager is not
installed on NT.
Compatibility
A Source compatible application must be
recompiled for each hardware platform.
A Binary compatible application can run
on any hardware platform supported by
NT.
Win3.x, DOS and OS/2 bound
applications are binary compatible on all
NT hardware platforms.
Win32 and Posix are source compatible
and must be recompiled.
NTVDM (NT Virtual DOS Machine)
Each DOS application runs in its own
NTVDM.
Each NTVDM has one thread.
If one NTVDM fails, it will not affect
other NTVDM's.
Autoexec.bat and Config.sys files can be
specified with the WindowsNT button in
the PIF.
Win16 on Win32 (WOW)
Allows Windows 16-bit applications to
run in a Win32 environment.
By default, a single NTVDM starts for
the first Win16 application. Subsequent
Win16 applications will run in that same
NTVDM.
If one Win16 application fails, it will
affect all other applications running in that
NTVDM.
Memory is not shared between WOW
and NT applications.
Multiple NTVDM's
Win16 applications can be run in
separate NTVDM's.
Advantages:
Reliability that does not affect
other Win16 programs.
Interoperability with other Win16
that are OLE and DDE
compliant..
Preemptive multitasking.
Multiprocessing on multiprocessor
systems.
Disadvantages:
Additional memory usage.
Lack of interoperability with
Win16 applications that are not
OLE and DDE compliant.
To start a Win16 application in its own
NTVDM:
Type start /separate d:\path\app.exe.
Select Start/Run and type the application
path and select Run in Separate Memory
space.
From the properties/shortcut tab, select
Run in Separate Memory space.
By file association: In Explorer under
View/Options/File Types, edit the open
line to cmd /c start /separate d:\app.exe
%1.
To start an application in the shared
NTVDM type start /shared
processname.
DCOM
Distributed Component Object Model.
Integrates Client/Server applications
across a network, including the Internet.
Use the DCOM configuration tool
(dcomcnfg.exe) to configure 32-bit
applications for communication over a
network.
Managing Applications
Command Prompt can:
Start all subsystem type
applications.
Start any batch (.bat) or command
(.cmd) file.
Issue any NT command.
Administrate or use network
resources.
Cut and paste between
applications.
Mix command from different
subsystems.
Be configured from the Console
applet in Control Panel.
Prioritizing Applications
Range from 0 to 31.
Normal level is 8.
Dynamic Applications run in 0 to 15.
Used by user applications that can be
paged.
Real-time applications run from 16 to 31.
Used by Kernel applications that cannot
be paged.
Starting applications with specified
priorities:
start /real-time sets priority to 24.
start /high sets priority to 13.
start /normal sets priority to 8.
start /low sets priority to 4.
Priority can be changed using Task
Manager.
Changing Foreground Application
Responsiveness
Changed in Control
Panel/System/Performance Tab.
None: foreground application base
priority is not changed.
Middle: foreground application
base priority is increased by 1.
Maximum: foreground application
base priority is increased by 2.
Printing
Definitions
Print Device: actual hardware that
produces the printed page.
Printer or Logical Printer: software
interface between the operating system
and the print device.
Print Job: the source code containing
both the data and the commands for
processing.
Spooler: a collection of dll's that
receives, processes schedules and
distributes print jobs. Also the process of
writing a print job to a disk.
Rendering: creating a print job.
Print Server: computer that connects one
or more print devices to the network and
shares them.
Printer Drivers: software programs that
enable applications to communicate fully
and properly with print devices.
Print Process
Application calls the GDI (Graphics
Device Interface).
The GDI calls the printer driver and
renders the document for the language of
the print device.
The print job is passed to the spooler.
The client side spooler makes an RPC to
the server side spooler.
The spooler calls the router which passes
it to the local print provider which spools
it to disk.
The local print provider alters the job, if
necessary, to print correctly.
Job is despooled.
Print device receives and prints the job.
Networking Environment
Network Architecture
WindowNT can interoperate with these
networks;
Microsoft NT, Win95, WFW3.11
and LAN Manager.
TCP/IP including UNIX Hosts.
Remote access.
Apple-Talk.
Novell 3.x and 4.x.
NDIS 4.0
Provides communications links between
NIC's and drivers.
Protocols and NIC's remain independent
of each other.
An unlimited number of NIC's.
Unlimited number of protocol bound to a
single card.
Protocols included with NT
TCP/IP: Routable protocol of WAN's
and the Internet.
NWLink IPX/SPX: allows
communication to Netware as well as
DOS, Windows or OS/2.
NetBEUI: Fast, non-routable protocol
used in smaller networks.
AppleTalk: Used with Services for
Macintosh on Server to host Apple
clients.
DLC: Data link control. Used to connect
to SNA mainframes and printers
connected directly to the network.
Transport Driver Interface
A boundary layer that provides a
common programming interface for file
system drivers to communicate with the
transport protocols.
The TDI allows the Redirector and
Server service to remain independent of
the protocols.
Allows protocols to be added, removed
or changed without reconfiguring the
entire network subsystem.
File System Drivers
Used to access files on the system.
Redirector resides above the TDI and
directs requests to local or network
resource.
Server also resides above the TDI and
supplies connections requested by client
side redirectors to provide access to
resources.
IPC Mechanisms
Interprocess communication: The ability
one task or process to exchange data
with another. NT IPC mechanisms
include:
Named Pipes
Mailslots
Winsock
Remote Procedure Calls (RPC)
Network Dynamic Data Exchange
(NetDDE)
Distributed Component Object Model
(DCOM)
Configuring Protocols
NWLink
Used for connection to Novell Netware
servers.
Frame type is 802.3 for Netware 2.2
and 3.11.
Frame type is 802.2 for Netware 3.12
and higher.
Auto detect will default to 802.2 if more
than one frame type is detected.
NetBEUI
Suitable for small networks up to 200
computers.
Cannot be routed.
Small, fast and simple.
TCP/IP
Suitable for large networks and diverse
operating systems.
IP address: a logical 32-bit address used
to identify the host.
Subnet Mask: used to block out a
portion of the IP address so that TCP/IP
can distinguish the network ID from the
host ID. Computers must have the same
subnet mask to communicate on a
network.
Default Gateway: The host computer
sends packets destined for a remote host
to the Default Gateway. If no default
gateway is specified, communication is
limited to the local network.
DHCP: Dynamic Host Configuration
Protocol. Provides automatic
configuration of IP address, Subnet
Mask and Default Gateway on DHCP
clients.
Testing TCP/IP
ipconfig /all at command prompt:
displays current IP, mask and gateway
information.
Ping IP_Address.
Ping the loopback address to verify
proper TCP/IP installation.
Ping the IP address of local computer.
This will check for duplicate IP
addresses
Ping the default gateway to verify the
gateway and communication on the local
network.
Ping a remote host to verify
communication across the router.
Bindings
Configured in the Bindings tab of the
Network applet in Control Panel.
Move the most commonly used binding
higher in the order to increase
performance.
Disable bindings that are not used.
Networking Services
DHCP Requirements
Server (does not have to be a domain
controller):
DHCP Server service must be
installed.
Must be configured with a static
IP address, Subnet Mask and
optional Default Gateway.
A DHCP scope must be created
that contains a range of valid IP
addresses.
Client:
NT Server 3.5 or later.
Windows NT, Win95,
WFW3.11.
Client for MS-DOS.
LAN Manager 2.2c.
Must be set up to obtain IP
address from a DHCP server.
WINS
A mechanism by which a computer
NetBIOS name is resolve to an IP
address.
NetBIOS Names:
Assigned to the computer at installation.
Stored as a Registry Entry that can be
change with the Network applet in
Control Panel.
Can be determined using nbtstat -n at the
command prompt.
Can be up to 15 characters in length with
a 16 character reserved by the system.
Methods of resolving names include:
NetBIOS name cache: local database of
names and IP addresses.
NetBIOS Name Server (NBNS): Server
implemented name resolution. This is
Microsoft WINS.
Local Broadcast: local network
broadcast of IP addresses and
destination NetBIOS names.
LMHOSTS: a local text file that maps IP
addresses to remote hosts.
HOSTS: local text file used for TCP/IP.
DNS: Server configured to maintain a
database of names to addresses in
UNIX environments.
NetBIOS over TCP/IP
b-node: (broadcast) uses broadcasts for
name registration and resolution.
p-node: (peer-peer) uses WINS to
resolve NetBIOS names. Can span
routers.
m-node: (mixed) a combination of b and
p mode. By default functions as b.
h-node: (hybrid) a combination of p and
b. By default functions as p.
MS-enhanced b-node: utilizes the
LMHOSTS file.
How WINS Works
A WINS client registers its NetBIOS
name/IP address each time it starts with
the designated WINS server.
Queries to communicate with a host are
sent to the WINS server instead of being
broadcast to the network.
The Server responds with the address of
the host, if found.
The database is dynamic and so is
always current. If WINS is down, the
client switches to b-node.
WINS Requirements
Server:
WINS server service configured
within the TCP/IP network.
(doesn't have to be a controller).
A static IP address.
Client:
NT Server 3.5 or later.
NT Workstation 3.5 or later.
Win95, WFW3.11.
DOS client 3.0 w/TCP/IP.
LanManager 2.2c for DOS.
IP address of WINS server.
Installation
Server:
Add Windows Internet Naming
Service in Network.
Configure the server TCP/IP
properties to use itself as its
WINS server by manually entering
its IP address.
Client:
Manually: enter the IP address of
the WINS servers in the WINS
address tab in TCP/IP properties.
In conjunction with DHCP:
DHCP server is configured to
provide the WINS information
and node type automatically.
Domain Name System
Computer Browser Service
Ususally the PDC is the master browser
but and Microsoft OS can be a Master
Browser.
Master Browser: Listens for
announcements from computers and
adds them to its Browse List. One per
workgroup or domain.
Backup Browser: receives a copy of the
Master Browse List. If it cannot find the
master browser, it forces and election.
Potential Browsers: does not receive a
copy of the Browse list unless it is
promoted by the Master Browser to
Backup Browser or to Master Browser
in the absences of a Backup Browser.
Non-Browser: does not maintain a
Browse list but periodically announces
itself and its services to the network.
An election is held to determine which
computer will be the master browser.
Hierarchy determines winner;.
Operating system type (PDC,
Member Server, Workstation,
Win95, WFW).
Version (4.0, 3.51, 3.5, 3.1).
Remote Access Service
Features of RAS
Enables incoming connections from
clients using PPP.
Allows client access to an RAS server or
ISP.
NT Server supports 256 simultaneous
connections, NT Workstation, one.
WAN Connectivity
PSTN: Standard modem access using
Public Switched Telephone Network.
ISDN: Integrated Services Digital
Network. Digital service that provides
access at 65Kbps or faster.
X.25: Transmits data with a packet
switching protocols. Uses two methods:
Packet Assemblers/Dissemblers (PAD).
This converts serial data into X.25
packets.
Smart Cards. This is a hardware card
with a PAD built in.
Point to Point Tunneling Protocol
Technology that supports Virtual Private
networks.
Enables remote access of a private
network across the Internet.
Connection is established with an ISP
and then a connection to the RAS server
is established with PPTP.
Protocols
RAS supports LAN protocols TCP/IP,
NetBEUI, IPX/SPX, NWLink.
RAS supports access protocols PPP,
SLIP and Microsoft RAS.
SLIP
Supports TCP/IP but not NetBEUI or
IPX/SPX.
Cannot utilize DHCP/WINS.
Sends clear text passwords.
NT Server does not have a SLIP server
component. PPP must be used.
PPP
Supports TCP/IP, NetBEUI, IPX/SPX
RAS clients with IPX and CSNW can
directly access Netware servers.
RAS clients without CSNW can access
Netware through a server with GSNW.
IPX is not required on the client.
PPP Multilink Protocol
Combines multiple physical links into a
logical bundle to increase bandwidth.
Server and client need to have MP
enabled.
RAS Gateways and Routers
NetBIOS Gateway: Enables remote
clients running NetBEUI to access
NetBIOS resources on the network.
IP and IPX Router
Can act as a router to link LAN's and
WAN's.
Connect LAN's of different topologies.
RAS Security
Integrated Domain Security: Allows
clients to logon to the domain with the
same user account allowing the same
privileges and permissions.
Encrypted Authentication: Both logon
and data can be encrypted.
Intermediary Security: A third party
security host can be used between the
RAS server and client.
Callback Security.
PPTP Filtering
Disables all protocol other than PPTP to
disable access through other protocols.
Enabled in
Network/Protocols-TCP/IP/Advanced.
Select checkbox.
Telephony API
Allows centralized configuration of local
dialing parameters.
Accessed in Control Panel/Telephony
Includes:
Area Code
Country Code
Outside line access codes
Calling card numbers (encrypted)
Disable call waiting
Tone or pulse dialing
Autodial
Calls the RAS server when an
application makes a call to a remove
host.
Configured in Dial-up Networking User
Preferences.
Remote Access Autodial Service must
be running.
Does not support IPX; only works with
TCP/IP and NetBEUI.
Troubleshooting RAS
Check Event Viewer for unusual events
or errors.
Create a PPP log file. Stored in
systemroot\system32\Ras folder.
Change
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman\PPP\Logging
to 1.
Lower the level of Authentication if
authentication problems are encountered.
Use Dial-up Networking Monitor to
view the status of a call.
Multilink and Callback will not work if
the two devices have separate callback
numbers. Two channel ISDN with the
same number will work.
Persistent Network RAS network
connections may cause autodial to initiate
upon startup. Autodial must be disabled
or the connections removed.
Internetworking and
Intranetworking
Peer Web Services
Runs on Workstation.
Optimized for small-scale web services.
Internet Information Server
Runs on Server.
Optimized for heavy usage of the
Internet.
Features
File publication
Network Management
Security
Supports common Internet standards
(CGI, PERL)
Scaleable
Supports BackOffice applications
Installation
On NTServer use the desktop icon.
On NTWorkstation use Network icon
and add Peer Web Services.
Disable any previous version of FTP,
Gopher or Web services.
Use the Internet Service Manager,
located on the Start Menu, to configure
the services.
Configuration
Double click the service to access the
property sheet for that service.
Use the Service, Directories, Logging
and on IIS, Advanced tabs to configure.
Security
IUSR_computername account is created
during PWS or IIS installation. This
account is used for anonymous access.
Basic Authentication: clear text
transmission of passwords.
NT challenge/response: encrypted
password provides secure logon. Not
supported by FTP.
NetWare Interoperability
CSNW (Client Services for Netware)
Allows workstations to make direct
connections to NetWare file and print
resources.
Supports NDS and allows users to
browse the NDS tree.
Administration of the tree is not
supported.
Supports bindery based versions of
NetWare 3.x.
GSNW (Gateway Services for Netware)
Enables NTServer computers running
NWLink to access files and printers on
Netware servers.
Allows gateway access to NetWare
servers from Microsoft clients.
Designed for occasional access to
NetWare servers. It is not a
user-intensive high performance gateway.
Clients can access file resources only.
CSNW must be installed to access print
resources.
Installation of GSNW
A common user account must exist on
both the NetWare and NTServers.
The Netware account must have the
necessary permissions for the resources
to be accessed.
The group NTGATEWAY must be
created on the NetWare server.
The user account must be added to the
NTGATEWAY group.
File and Print Services for NetWare
(FPNW)
Installed on NTServer, allows access to
NT file and print resources from
NetWare clients.
Not included with NTServer (add-on).
Makes NTServer appear as any
NetWare 3.12 compatible server.
Administration of NT Servers can be
performed from computers running
FPNW.
Directory Service Manager for NetWare
NTServer add-on utility that extends NT
directory services to NetWare servers.
Merges Netware user and group
accounts to the directory database on the
PDC.
Merges account names from multiple
Netware servers into one account name.
Copies domain user and group accounts
back to the Netware server to ensure
synchronization.
Migration Tool for Netware
Enables transfer of user and group
accounts volumes, folders and files from
a Netware server to an NT Server.
NT Servers with FPNW will migrate
login scripts.
Implementing Clients
Client Access License (CAL)
Per Server: CAL's are assigned to the
server. The number of CAL's determines
the number of simultaneous connections
to the server.
More economical when:
Clients usually connect to only one
server.
Do not all need to connect to the
server at the same time.
Per Seat: A CAL is purchased for each
client computer. Allows the client to
access any server in the network and
make simultaneous connections to
servers.
Choosing a Licensing Mode
Choose per server mode if network
consists of one server.
A one time conversion from per-server
to per-seat is available if an additional
server is added to the network.
If you want to move from per-seat to
per-server, NT Server will have to be
reinstalled.
To calculate the best choice: Add up the
number of per-server connections and
the number of per-seat connections.
Choose the smaller value.
License Administration
License applet in Control Panel or
License Manager from the Start Menu.
Automatically replicates license data
from all PDC on the network.
NT Boot Process
x86
The following files must be located in the
root of the system partition.
Ntldr: loads the operating system.
Boot.ini: used to build the boot
menu selection.
Bootsect.dos: used by Ntldr to
load the bootsector from a
previous operating system such as
DOS.
Ntdetect.com: used to examine
the hardware and build the
hardware list.
Ntbootdd.sys: only on systems
that boot from a SCSI disk with
BIOS disabled.
RISC
RISC based systems use the following
two files:
Osloader.exe: equivalent to Ntldr
on x86 systems.
*.pal (Alpha): software
subroutines that provide the
operating system direct control of
the processor
Common Sequence
Ntoskrnl.exe: the NT kernel located in
systemroot\system32.
System: controls device drivers loaded.
Device drivers: files that support
hardware.
X86 Boot Sequence
Pre-boot:
Power on Self Test (POST)
Boot device located and MBR
loaded.
MBR scans the Partition Boot
Record to locate the active
partition. The boot sector from the
active is loaded.
Ntldr is loaded from the boot
sector.
Boot Sequence: begins after Ntldr is
loaded into memory.
Ntldr switches the processor from
real to 32-bit mode.
Ntldr starts mini file system drivers
to enable loading from NTFS or
FAT.
Boot.ini is read and displayed.
Ntldr loads the operating system.
If an alternate system is chosen,
bootsect.dos is loaded and control
is passed to that operating system.
Ntldr then runs Ntdetect.com.
Hardware is scanned and list is
sent to the registry.
Ntldr loads Ntoskrnl, Hal.dll and
the System hive.
Files Needed to Boot
Intel X86
Folder
Ntldr
system partition root
Boot.ini
system partition root
Bootsect.dos
system partition root
Ntdetect.com
system partition root
Ntbootdd.sys
system partition root
Ntoskrnl.exe
system root\system32
Hal.dll
system root\system32
System
system
root\system32\Config
Device drivers
system
root\system32\Drivers
RISC Boot Sequence
Pre-boot
ROM firmware selects a boot
device.
Firmware reads the MBR to
determine if a system partition is
present.
Firmware reads the first sector
into memory and examines the
BIOS parameter block.
The firmware searches the root
folder of the volume for
Osloader.exe, loads the program
and passes control to it.
Boot Sequence
Osloader.exe loads Ntoskrnl.exe, Hal.dll
the *.pal files and the system hive.
Osloader passes control to Ntoskrnl.exe.
RISC FILE
FOLDER
Osloader.exe
os\nt40
Ntoskrnl.exe
systemroot\System32
Hal.dll
os\nt40
*.pal (Alpha)
os\nt40
System
systemroot\System32\Config
Device
drivers
systemroot\Sytem32\Drivers
NT Load Phase (Common to RISC and
x86)
Kernel Load: progress dot at black
screen
Kernel Initialization: screen painted blue
Services Load: Session Manager starts
and carries out programs in the
BootExecute portion of the registry. The
pagefiles are then set up from data in the
registry. Symbolic links are then created
to DOS devices. Win32 subsystem is
loaded.
Win32 Subsystem Start: starts winlogon
which starts the Local Security Authority
(LSA). CTRL-ALT-DEL is displayed
User logon: boot is considered
successfull when the user logs on.
Troubleshooting Boot
Common Boot Errors
Ntldr missing: BOOT: Couldn't find
NTLDR Please insert another disk.
Ntdetect missing: NTDETECT V4.0
Checking Hardware...NTDETECT
failed
Ntoskrnl missing: Windows NT could
not start because the following file is
missing or corrupt:
\winnt\system32\ntoskrnl.exe Please
re-install a copy of the above file.
Bootsect.dos missing: I/O Error
accessing boot sector file
multi(0)disk(0)rdisk(0)partition(1):\bootss
Boot.ini
Located in the root directory.
Hidden and Read-only by default.
Use attrib -s -h -r boot.ini at the
command prompt.
Two sections: [boot loader] and
[operating systems]
[boot loader] contains the timeout and
the default operating system
[operating systems] contains the other
operating system choices.
Options can be added to the operating
system line:
/basevideo: sets video to VGA
mode.
/sos: displays drivers as they load
during boot sequence.
/NoSerialMice=COMX: prevents
checking for a mouse on that port.
/crashdebug: enables automatic
recovery and restart features.
/nodebug: disables debugging
information. May cause slight
performance increase.
/maxmem:n: limits the amount of
memory that NT can use.
/scsiordinal: selects the SCSI
controller that will be used to boot
when there are two identical
controllers.
Last Known Good Configuration
Current configuration information is
written to the registry after a successful
logon.
This can be used to restart the system if
something was changed that causes a
boot failure.
Stored in
HKEY_LOCAL_MACHINE\SYSTEM
Once a successful logon occurs, this
registry is overwritten.
DO NOT LOGON if problems are
suspected.
Emergency Repair Disk
Use rdisk.exe in systemroot\system32
folder.
Two options:
Update Repair Information:
overwrites files in
systemroot\Repair folder
Create Repair Disk:
rdisk /s can be used to save the Security
Accounts Manager (SAM) and the
Security files.
Emergency Repair Process
Insert Setup Boot disk in drive A: and
start the computer.
Type r to indicate repair at the Setup
screen.
Insert the Emergency Repair Disk
Remove the disk and restart the
computer.
Troubleshooting Tools
Event Viewer
Can be used to view events on a local or
remote computer.
Logs can be saved or printed.
System
Logs events of the operating
system and drivers
Can be viewed by all users
Security
Logs events related to logon/off
file and folder access, account
adminstration.
Off by default. Enabled in User
Manager and User Manager for
Domains.
Can only be viewed by
administrators.
Application
Contains events logged by
applications. Depends on how the
application was originally written.
Event Viewer Icons
Error: significant Problem.
Warning: potential future problem.
Information: significant events such as the
successful load of a driver.
Success Audit: successful security event.
Failure Audit: unsuccessful security
event.
NT Diagnostics
Can be used to view diagnostics on a
local or remote computer.
winmsd.exe, also can be accessed from
Start/Programs/Administrative Tools/NT
Diagnostics.
Report can be saved or printed.
Has the following tabs:
Services
Resources
Environment
Network
Version
System
Display
Drives
Memory
Performance Monitor
Used to look at resource use.
Charts can be saved as logs or reports
Can send alerts when a resource reaches
a specfied value
Counters can be monitored to identify
performance problems.
Logs gather and record data over a
length of time.
Reports display data in non-graphical
format.
Processor: % Processor Time
Shows processor activity.
Levels between 0 and 80 are acceptable
limits.
Processor: Interrupts/Sec
Measures the rate of service requests
from I/O devices.
A dramatic increase without an increase
in system activity means there is a
hardware problem.
Should normally be between 100 and
1000 with spikes to 2000.
System: Processor Queue Length
Indicates number of threads waiting for
processor
A consistent processor queue length
greater than 2 indicates a processor
bottleneck.
Disk Performance
Disk performance counters are disabled
by default.
Type diskperf -y at command prompt
and restart the computer.
Type diskperf -n to stop the counters
and restart the computer.
Use Performance monitor to View
Memory: Pages/sec
Monitors pagefile activity.
%Disk Time
How much processor time is spent
servicing disk activity.
Disk Bytes/Transfer
Shows how large the average transfer is.
Larger values are more efficient.
Current Disk Queue Length
Shows how much data is waiting to be
transferred to the disk.
Network Monitor
Monitors network data stream.
Data frames or packets consist of:
Source.
Destination
Headers from each protocol that sent the
frame.
Data of the packet.
Only frames sent to and from the local
computer can be captured.
Must be installed as Network Monitor
Agent service in Network.
System Recovery
Set in Control
Panel/System/Startup/Shutdown tab can
perform the following:
Write and event to the system log.
Send an administrative alert to users
specified in the Alerts box in Server
Manager.
Write a debug file to the specified file
name. This is a memory dump to the
pagefile. The pagefile must be as large as
memory and must reside on the system
partition.
Restart the system automatically.