Self-Paced MCSE Training Kit
Microsoft Windows 2000
Professional
MCSE Study Guide for Exam
70210
IT Professional (WHITE Book Cover)
Chapter 2: Installing Widnows
2000 Professional
Client Access License (
Per Server licensing
Distribution Server Folder: network share
contains i386 folder and $OEM$ Subfolder.
$OEM$ subfolder:
holds applications and drivers you want Setup to copy to the
target computer.
OEMFILESPATH key:
Answer file allows you to create the $OEM$ subfolder outside of the
distribution folder.
If Setup finds $OEM$ folder in root
of distribution folder, it copies all of the files found in this directory to
the temporary directory created during the text portion of Setup.
Performing
an Installation over the Network
The Windows
2000 Setup program copies the installation files to the target computer.
After copying the installation files, Setup restarts the target computer. From
this point on, you install Windows 2000 in the same way that you install from a
CD-ROM.
The following steps describe the process
for installing Windows 2000 over the network (see Figure 2.8):
1.
On target computer, boot from network client.
2.
Connect
to distribution server
3.
Run Winnt.exe or Winnt32.exe to start the Setup
program.
Winnet.exe for an installation on Windows 3.x
Winnet32.exe for an installation on Windows 95, 98, NT 4 (or NT 3.5), or
2000
1.
Creates
the $Win_nt$.~ls temporary folder on the target computer.
2.
Copies
the Windows 2000 installation files from the shared folder on the distribution
server to the $Win_nt$.~ls folder
on the target computer.
Table 2.2 Available Switches for Winnt.exe
|
Switch |
Description |
|
/a |
Enables
accessibility options. |
|
/e[:command] |
Specifies a
command to be executed at the end of Setup's GUI mode. |
|
/r[:folder] |
Specifies an optional
folder to be installed; retained
after installation. |
|
/rx[:folder] |
Specifies an
optional folder to be copied; deleted
after installation. |
|
/s[:sourcepath] |
Specifies the source location of Windows 2000
files. The location must be a full path of the form x:\ [path]
or \\server\share\ [path]; default is the current folder. |
|
/t[:tempdrive] |
Specifies a
drive to contain temporary setup files.
If not specified, Setup attempts to locate a drive for you. |
|
/u[:answer
file] |
Performs an
unattended setup using an answer file. |
|
/udf:id[,UDF_file] |
Establishes an
identifier (ID) that Setup uses to specify how a Uniqueness Database File
(UDF) modifies an answer file. This switch overrides answer-file values, and
the identifier determines the values in the UDB file that are used. If you
don't specify a UDB file, Setup prompts for the disk containing the $Unique$.udb
file. |
Table 2.3 Available Switches for Winnt32.exe
|
Switch |
Description |
|
/checkupgradeonly |
Checks upgrade compatibility with Windows
2000; generates a report. |
|
/copydir:folder_name |
Creates an
additional folder within the systemroot
folder; if your source folder contains a folder called My_drivers,
type /copydir:My_drivers
to copy the My_drivers folder to your system
folder. |
|
/copysource:folder_name |
Creates an
additional folder within the systemroot
folder. Setup deletes files
created with /copysource
after installation completes. |
|
/cmd: command_line |
Executes a
command before the final phase of Setup. |
|
/cmdcons |
Adds a Recovery Console option to the
operating system selection screen. |
|
/debug[level]
[:file_name] |
Creates a debug log at the specified level. By
default, it creates C:\Winnt32.log
at level 2 (the warning level). |
|
/m:folder_name |
Forces Setup to
copy replacement files from another location and to look in that location
first. If files are present, this switch tells Setup to use those files
instead of files from the default location. |
|
/makelocalsource |
Forces Setup to
copy all installation files to the local HD. Use this switch when installing
Windows 2000 from a CD-ROM if you want to access installation files when the
CD-ROM drive isn't available later in the installation. |
|
/noreboot |
Forces Setup to
not restart the computer following the file copy phase, which enables a
command to be entered by the user prior to completing setup. |
|
/s:source_path |
Specifies the
source location of Windows 2000 installation files. To simultaneously copy
files from multiple paths, use a separate
/s switch for each source path. |
|
/syspart:drive_letter |
Copies Setup
startup files to a hard disk and marks the drive as active. You can then
install the drive on another computer. When you start that computer, Setup
starts at the next phase. Use of /syspart requires use of the /tempdrive switch. |
|
/tempdrive:drive_letter |
Places temporary
files on the specified drive and installs Windows 2000 on that drive. |
|
/unattend [number][:answer_file] |
Performs an unattended installation. The answer
file provides your custom specifications to Setup. If you don't specify an
answer file, all user settings are taken from the previous installation. You can specify the number of seconds
between the time that Setup finishes copying the
files and when it restarts. You can specify the number of seconds only on a
computer running Windows 2000 that is upgrading to a later version of Windows
2000. |
|
/udf:id[,udf_file] |
Indicates an
identifier (ID) that Setup uses to specify how a Uniqueness Database File
(UDF) modifies an answer file. The .UDF file overrides values in the answer
file, and the identifier determines which values in the .UDF file are used.
For example, /udf:RAS_user,
Our_company.udf overrides settings that are
specified for the RAS_user identifier in the Our_company.udf file. If you don't specify a .UDF file, Setup prompts the user to insert a disk that
contains the $Unique$.udf
file. |
Figure 2.7 A network installation's basic
environment
Action log:
description of the actions that Setup performs
Error log: description of any errors that occur during setup; an
indication of the severity of each error.
Additional logs:
Chapter 3: Using Microsoft Management Console and Task
Scheduler
Snap-ins:
applications designed to work in the MMC
Stand-alone snap-ins (snap-ins): Used to perform Windows 2000 administrative tasks.
Extension snap-ins (extensions):
provide additional administrative functionality to another snap-in.
Author
mode: you enable full
access to all MMC functionality, which includes modifying the console.
Table 3.1 Console User Modes
|
Use |
When |
|
Full Access |
Users have all
MMC functionality; ability to add or remove snap-ins, to create new windows,
to create task pad views and tasks, and to gain access to all portions of the
console tree. |
|
Delegated
Access, Multiple Windows |
Users cannot
open new windows or gain access to a portion of the console tree. You do want
to allow users to view multiple windows in the console. |
|
Delegated
Access, Single Window |
Users cannot
open new windows or gain access to a portion of the console tree. You do want
to allow users to view only one window in the console. |
Chapter 4: Windows Control panel [79]
Hardware Profile: Stores config
settings for a set of devices and services.
Win 2k can store diff HW profiles to meet the user’s diff needs. (I.e. A laptop can use diff HW config depending on whether it is docked or not) Control panel à
System icon à HW Tab à
System Properties
Video Adapter Advanced Options:
Adapter Tab à Adapter Type: Lists manufacturer and model
# of the installed adapter.
Adapter Tab à Adapter
Information: Add info like video
chip type, DAC type, memory size, and BIOS.
Multiple Displays:
·
Extends the desktop
across a max of 10 monitors
·
Must use
Peripheral Component Interconnect (PCI) or Accelerated Graphics Port (AGP)
devices
·
HW req for primary and secondary displays differ
·
The coordinates of
the upper-left corner of the primary display always remain 0,0.
If one of the displays is built into the mobo:
·
The mobo adapter always becomes the secondary adapter and must
be multi-display compatible
·
Win 2k must be installed
1st; some mobos disable the onboard
adapter upon detecting an additional card (ie. some
docking stations). If you cannot change
this is the system BIOS, your adapter isn’t multi-display compatible.
Operating System Settings: Performance
options, Registry size, Environment variables, Startup and recovery settings
Performance options:
Application response:
·
Selecting Applications: More resources
are assigned to foreground apps (active apps responding)
·
Selecting Background Services: An equal amount
of resources are assigned to all programs.
Virtual Memory: The win 2k memory model is based on a flat,
linear, 32-bit address space.
Virtual Memory Management (VMM): provides
several advantages:
·
Ability to run
more apps concurrently
·
Protection of
memory resources. VMM helps prevent situations where one process interferes
with the memory space for another process.
Boot delay
Physical Memory: Refers to the
Virtual Memory:
Refers to the way that an OS makes this physical memory available to an
application.
Win 2k represents each memory
byte, both physical and vital, with a unique address. The amt of physical
VMM:
·
Maintains a
memory-mapping table; tracks the list of virtual addresses that belong to each
process and where the actual data referenced by these virtual addresses
resides. When a thread requests access
to memory, it requests a virtual address space.
VMM uses the virtual address requested by the thread to locate the
physical address; then transfers the data requested by the thread.
·
Moves memory
contents to and from the hd
when required. This process is referred
to as paging.
Virtual Address: The address space that an app uses to
reference memory. When a process is
launched in Win 2k, VMM presents the process with 4 GB of virtual address
space.
·
2 GB reserved for kernel-mode
threads
·
2 GB reserved for user-mode
and kernel-mode
threads
Paging: The process of moving data in and out of
physical memory. When physical memory
becomes full and a thread needs access to code or data not currently in
physical memory, VMM moves some pages from physical memory to a storage area n
the disk called a pagefile. The virtual address space assigned to a
process is divided up into either valid or invalid pages.
Valid pages: Located in physical memory and are available
to the process.
Invalid pages: Those pages that don’t exist in physical
memory.
Page fault: When a thread requests access to an invalid
page, the microprocessor issues this.
VMM Paging process:
·
Determines which
pages to remove from physical memory when memory is full. VMM keeps track of the pages currently in
memory for each process. This group of
pages is referred to as a process’s working set.
·
Uses first-in,
first-out replacement policy to decide which pages to move out of
physical memory
·
Brings pages from
disk into physical memory “fetching”
·
Demand paging with clustering: when a page
fault is triggered, VMM loads the needed page into memory, plus some of the
pages that surround it.
·
Determines where
to place pages retrieved from disk.
Paging File: virtual-memory paging file, pagefile.sys, on
the partition where you installed Win 2k.
Min size = 2 MB, Recommended is 1.5 times the total physical
When you run a large number of
applications simultaneously, you might want to use a larger paging file or
multiple paging files.
Increase performance by:
·
Put paging file
multiple disks
·
Move paging file
off the drive containing the Win 2k systemroot folder (boot partition)
·
Set the initial
size to the value displayed in the VM dialog box’s Max Size box. Eliminate the time required to enlarge the
file from initial size to max.
Requirements
for the Write Debugging Info option:
·
Must be at least 1
MB larger than the amt of physical
·
Must be on boot
partition
Environmental Variables:
Define the system and user
environment info, and they contain info such as a drive, path, or
filename. Provide info Win 2k uses to
control various apps. The TEMP environment variable specifies
where an app places its temp files.
Overrides: Add the line SET
Prevent windows from searching Autoexec.bat:
Edit the registry and setting
the value of the ParseAutoexec
entry to 0. The ParseAutoexec
entry is located in the registry under the following subkey:
\HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
System environment variables apply to the entire system. Affect all system users.
User environment variables: Differ for each
user of the computer. Include any
user-defined settings, and any variables defined by apps (ie.
path to the location of app files); Users can add, modify, or remove their user
environment variables in the system properties dialog box.
Registry: Stores HW and SW settings centrally in a hierarchical
database. Replaces
many of the .INI, .SYS, and .COM configuration files used in earlier version of
Windows. Control the Win 2k OS by
providing the appropriate initialization info to start apps, and load
components, such as device drivers and network protocols.
Contains the following types of data:
·
HW installed,
including CPU, bus type, pointing device or mouse, and keyboard
·
Device drivers
·
Applications
·
Network protocols
·
NIC settings - IRQ
#, memory base address, I/O port base address, I/O channel ready,a
nd transceiver type
Components/Data in the Registry:
·
Win NT Kernel (NToskrnl)
·
Device drivers
·
User profiles
·
Setup programs
·
HW profiles
·
NTdetect.com
Components that make up registry:
·
Subtree: (subtree key),
analogous to the root folder. Win 2k has 2 subtrees:
o
HKEY_LOCAL_MACHINE
o
HKEY_USERS
Appear in editor as:
§
HKEY_LOCAL_MACHINE
§
HKEY_USERS
§
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
§
HKEY_CURRENT_CONFIG
·
Keys: Analogous to folders and subfolders. Keys correspond to hw
or sw objects and groups of objects. Subkeys are keys
within higher-level keys.
·
Entries: Keys contain one or more entries. Three parts:
o
Name
o
Data type
o
value
·
Hive: A discrete body of keys, subkeys,
and entries. Each hive has a
corresponding registry file and .LOG file located in systemroot\System32\Config. .lOG file is used
to record changes and ensure the integrity of the registry.
·
Data types:
o
o
o
o
o
o
HKEY_LOCAL_MACHINE Subtree:
·
HARDWARE:
type/state of devices attached; (volatile) info gathered during startup; apps
query this subkey to determine ethe
type and state of physical devices attached to the computer.
·
·
SECURITY: this hive maps to the Security and Security.log files; apps can’t modify the keys contained in
this subkey; instead, apps must query security info
by using the security APIs.
·
SOFTWARE: independent of per-user config
info; maps to
the Software, Software.log, and Software.sav
files; also contains file assocaitons and OLE info.
·
SYSTEM: system devices and services info;maps to the System, System.log, and System.sav
files; registry keeps a backup of the
data in the SYSTEM hive in the System.alt file.
Reasons for this subtree:
o
Structure of all subtree is similar
o
Contains info
specific to the local computer and is always same name, regardless of user
Registry Editor:
manual edits on the registry,
it is intended for troubleshooting and problem resolution. It saves data automatically as you make
entries or corrections. New registry
data takes effect immediately.
Regedt32.exe: located in systemroot\System32 folder.
Regedit.exe: Doesn’t contain a security menu or read-only
mode and doesn’t support
Size: The setting doesn’t allocate the specified
space initially.
System failure (fatal
system error or blue screen errors): severe error that causes OS to stop all
processes.
Dump file: Memory.dmp; Written to after the system crashes. Rename to
prevent from being overwritten.
Hardware Device Resources:
Interrupts (IRQ 0-15): HW devices use
interrupts to send messages. The CPU knows this as an IRQ. The CPU uses the info to determine which
device needs its attention and the type of attention it needs.
Input/output (I/O) ports: A section of
memory that a hardware device uses to communicate with the OS. When the CPU receives an IRQ, the OS checks
the I/O port address to retrieve add info about what the HW device wants it to
do. Represented as a
hexadecimal number. [105]
Direct memory access (DMA 0-7): Are channels
that allow a hw device to access memory directly,
without interrupting the CPU; DMA channels speed up access to memory. NIC = IRQ 5
Memory: Many hardware devices, such as NICs, use onboard memory or reserve system memory.
Multiple Languages à Regional
Options in Control Panel
Input Locale tab: allows you to add additional
locations.
Keyboard Options:
-SoundSentry: Visual warnings when your computer makes a sound.
-StickyKeys: press a multiple key combination, one key at a time.
-FilterKeys: configure the keyboard repeat rate- rate at which a
key continuously held down repeats the keystroke.
-ToggleKeys: high-pitched
sound each time the Caps, Num, or Scroll Lock keys are switched on.
-SerialKeys: configures Win
2k to support an alternative input device (also called an augmentative communication device) connected to your computer’s
serial port.
Chapter 6: Managing Disks
Storage types: physical
disk must be either basic or dynamic.
Basic storage: Dictates the division of a HD into
partitions. Win 2k recognized primary
and extended partitions. A basic disk can contain primary partitions, extended partitions, and logical
drives.
You must remove all volumes
from the dynamic disk before you can change it back to a basic disk.
Basic Disks: can contain up to 4 primary partitions, or up to 3 primary partitions and 1
extended partition.
Primary Partitions: Only these can be marked as the
active partition, where the HW looks for the boot
files to start the OS. Only one
partition on a single HD can be active at a time. Multiple primary partitions allow you to
isolate diff OS or types of data.
Dynamic Storage: creates a single partition that includes the
entire disk. You divide dynamic disks into
volumes, which can consist of a portion, or portions, of one or more physical
disks. You can create simple
volumes, spanned
volumes, and striped
volumes.
Removable storage devices contain primary partitions only.
Extended Partition: Created from free space. There can be only one
extended partition on a hard disk.
You don’t format extended partitions or assign drive letters to
them. You divide extended partitions
into segments. Each segment is a logical drive;
assign a drive letter to each logical drive and format it.
System Partition: is the active
partition that contains the hw-specific files required to load the OS.
Boot partition: primary partition
or logical drive where the OS files are installed.
Simple Volume: Contains disk space from a single disk and isn’t
fault tolerant
Spanned Volume: Includes disk space from multiple disks (up to
32). Writes data to a spanned volume on
the first disk, completely filling the space, and continues through each disk
that you include in the volume. Not
fault tolerant. Enables use of the
total available free space on multiple disks more effectively.
·
Combine space from
2 – 32 disks
·
Data is written to
one disk until full
·
Only NTFS-spanned
volumes can be extended
·
Deleting any part
of a spanned volume deletes the entire volume
Striped volume: Combines areas of free space from multiple hds, up to 32, into one logical volume. Optimizes performance by
adding data to all disks at the same rate. If a disk in a striped volume fails, the data
in the entire volume is lost. Best
performance option. Data is written
evenly across all physical disks in 64KB units.
Convert from FAT or FAT32 to
NTFS w/out having to reformat your volume:
Convert volume /FS:NTFS
/V
Convert C: /FS:NTFS
/V
Chapter 7: Installing and Configuring Network Protocols:
·
Routable
networking protocol
·
Connects
dissimilar systems
·
Robust, scaleable,
cross-platform C/S framework; support the MS Sockets (Winsock) interface
·
Method of gaining
access to Internet resources
Map to a four-layer conceptual model: 1) network
interface, 2) Internet, 3) transport, and 4) application.
Network Interface Layer: Puts frames on
the wire and pulls frames off the wire.
4 Internet Layer: Encapsulate packets into
Internet datagrams and run all the necessary routing
·
IP: connectionless
packet delivery for other protocols in suite; no guarantee packet arrival or
correct packet sequence.
·
ARP: Provides IP address mapping to the
·
ICMP: Provides special communication between hosts,
allowing them to share status and error info.
Higher-level protocols use this info to recover from transmission
problems. Network admins,
use this info to detect network trouble.
The print utility uses ICMP packets to determine whether a particular IP
device on a network is functional.
·
IGMP: Provides multicasting, which is a
limited form of broadcasting, to communicate and manage info between all member
devices in a multicast group, IGMP informs neighboring multicast routers of the
host group memberships present on a particular network. (NetShow Services)
Transport Layer: Provides communication sessions between
computers; either
UDP: connectionless, doesn’t guarantee packet
deliver.
Winsock: standard interface between socket-based
applications and TCP/IP protocols.
NetBT: standard interface for NetBIOS services,
including name, datagram, and session services; provides a standard interface
between NetBIOS-based applications and TCP/IP protocols.
Subnet mask: Blocks out part of the IP address so that
TCP/IP can distinguish the network ID from the host ID.
Default Gateway: The intermediate device on a LAN that stores
network IDs of other networks in the enterprise or Internet. TCP/IP sends packets for remote networks to
the default gateway (if no route is configured), which forwards the packets to
other gateways until the packet is delivered to a gateway connected to the
specified destination.
Utilities for Troubleshooting
1.
2.
ARP: displays
locally resolved IP addresses as physical addresses
3.
Ipconfig: current
4.
Nbtstat: displays
statistics and connections using NetBIOS over
5.
Netstat: displays
6.
Route: displays or modifies the local routing table
7.
Hostname: Returns the local’s computer’s host name for
authentication by the Remote Copy Protocol (RCP), remote shell (
8.
Tracert: check the route
to a remote system.
Utilities for testing
1.
FTP: bidirectional file transfer
2.
TFTP: bidirectional file transfer
3.
Telnet: terminal emulation
4.
RCP: Remote Copy Protocol; copies files between a
client and a host that support RCP; ie. computer running Win 2k and a UNIX host.
5.
6.
(Remote Execution) REXEC: Runs a process
on a remote computer.
7.
Finger: Retrieves system info from a remote computer
that supports
Ipconfig/all | more: prevents text from scrolling, use enter key to move to
next page.
Using ipconfig and ping to verify a computer’s config and
for testing router connections.
1.
ipconfig
2.
ping 127.0.0.1
(loopback)
3.
ping ip address of the computer
4.
ping ip address of default gateway
5.
ping ipaddress of remote host
Disable Automatic Private IP Addressing:
IPAutoconfigurationEnabled value set to 0 in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
NWLink (NWLink
Winsock: Supports existing NetWare apps written to
comply with the NetWare
NetBIOS over
Frame type: defines the way that the NIC formats
data. Configure NWLink
frame type to match the frame type on the NetWare server. (Ethernet II, 802.3,
802.2, and SNAP [Sub Network Access Protocol])
Network number: Each frame type configured on a NIC requires
a network number, which must be unique for each network segment.
Ipxroute config: displays the network number, frame type, and device in
use.
Editing a network number in the registry for a given
frame type:
·
Network Number: an 8 character hexadecimal number; 4 bytes;
if value is 0, NWLink gets the network number from
the network while it is running; NetworkNumber entry takes the data type
·
PktType: specifies the
packet form to use. Takes a data type
In this subkey:
HKEY_LOCAL_MACHINES\SYSTEM\CurrentControlSet\Services\Nwlinkipx\Parameters\Adapters\Adapter
If adapter uses multiple packet types, you can specify the
network number for each packet type by adding corresponding values in the NetwrkNumber entry.
|
Packet Types or Forms Supported by NWLink: |
|
|
|
Value |
Packet form |
|
|
0 |
Ethernet_II |
|
|
1 |
Ethernet_802.3 |
|
|
2 |
802.2 |
|
|
3 |
|
|
|
4 |
ArcNet |
|
|
FF (default) |
Auto-detect |
|
NetBEUI: protocol for LANs w/ 20–200 nodes; non-routable
– unsuitable for use in a WAN environment.
·
Connection-oriented
and connectionless
·
Self-config and self-tuning
·
Error protection
·
Small memory
overhead
·
Non-routable
·
Broadcast-based
DLC: Isn’t designed to be primary protocol for use
between personal computes. Special
purpose, non-routable protocol allows
Win 2k computers to communicate with the following:
·
Other computers
running the DLC protocol Stack (
·
Network
peripherals that use a NIC to connect to
network (HP LaserJet 4Si)
Network Monitor driver on a Win 2k-based computer collects and display
statistics about activity detected by the NIC in the computer. You can view these statistics on a computer
running Network Monitor Agent Service. You can also use MS Systems Mangament Server (SMS) and Network Monitor to collect statistics
from computers that are running Network Monitor Agent.
Network bindings: Enable communication between NIC
drivers, protocols, and services.
Binding: The process of linking network components on
different levels to enable communication between those components. A network
component can be bound to one or more network components above or below
it. The services that each component
provides can be shared by all other components that are bound to it.
Domain Name Space: The naming scheme that provides the hierarchical structure for the DNS
database. Each node represents a
partition of the DNS database. These
nodes are referred to as domains.
Root domain: Top of the hierarchy and is represented as a
period. The Internet root domain is
managed by several organizations, including Network Solutions, Inc.
Top-level domains: Top-level domains are 2 or 3
character name codes. Arranged
by organization type or geographic location.
Second-level domains: Organizations, such as Network
Solutions, Inc., assign and register second-level domains to individuals and
organizations for the Internet. A
second-level name has two name parts: a
top-level name and a unique second-level name.
Host name: refers to specific computers on the Internet
or private network. A host name is the left most portion of a FQDN, which describes the exact position
of a host within the domain hierarchy.
* DNS uses a host’s FQDN to resolve a name to an IP address
Zone: Represents a discrete portion of the domain
name space. Provide a way to partition
the domain name space into manageable parts.
Zone database file stored in DNS name server.
·
Multiple zones in
a domain name space are used to distribute admin tasks to different groups
·
Must encompass a
contiguous domain name space.
Multiple name servers provide these advantages:
·
Perform zone
transfers; Provide redundancy; Improve access speed for remote locations; Reduce
the load of the name server
Forward lookup: Query resolves a name to an IP address.
Reverse lookup: Query resolves an IP address to a name.
Name Server Caching: Caches query results to reduce
network traffic; TTL for caching defaults = 60 m
Reverse lookup query. Special second-level domain
called in-addr.arpa created for this.
IP: 169.254.16.200
Subnet: 255.255.255.0
16.254.169.in-addr.arpa
domain
Chapter 8: Using the DNS Service [187]
Domain Name System
(DNS) is a distributed database that
is used in
DNS is most commonly associated with the
Internet. However, private networks use DNS extensively to resolve computer
names and to locate computers within their local networks and the Internet. DNS
provides the following benefits:
* For more information on DNS, see RFC 1034 and RFC 1035. A
Request for Comment (RFC) is a
published document on a standard, protocol, or other information pertaining to
the operation of the Internet.
Domain name space: naming scheme that provides the hierarchical structure for the DNS
database. Each node represents a partition of the DNS database. These nodes are
referred to as domains.
The DNS
database is indexed by name; therefore, each domain must have a name. As
you add domains to the hierarchy, the name of the parent domain is appended to
its child domain (called a subdomain). Consequently, a domain's name identifies
its position in the hierarchy. sales.microsoft.com
Root domain:
at the top of the hierarchy and is represented as a period (.). The Internet
root domain is managed by several organizations, including Network Solutions, Inc.
Top-level
domains: two- or three-character name codes; arranged by organization
type or geographic location. (can contain second-level
domains and host names)
Second-level name has two name
parts: a top-level name and a unique second-level name. Table 8.2 provides some
examples of second-level domains.
|
Root Domain: “.” |
|
|
Second-level domain |
Description |
|
Ed.gov |
United States Department of
Education |
|
Microsoft.com |
Microsoft Corporation |
Host
names refer to specific computers
on the Internet or a private network; leftmost portion of a fully qualified domain name (FQDN),
which describes the exact position of a host within the domain hierarchy.
DNS uses a host's FQDN to resolve a
name to an IP address.
The host name doesn't have to
be the same as the computer name. By default,
When you create a domain name space, consider
the following domain guidelines and standard naming conventions:
The name-to-IP address mappings for a zone are
stored in the zone database file.
Each zone is anchored to a specific domain, which is referred to as the zone's
root domain. The zone database file doesn't necessarily contain information for
all subdomains of the zone's root domain, only those subdomains within the zone.
A DNS name
server stores the zone database
file; can store data for one zone or multiple zones. A name server is said
to have authority for the domain name space that the zone encompasses.
Master
zone database file (the primary zone database file) for the specified zone; there must be at least one
name server for a zone. Changes to a zone, such as adding domains or hosts, are
performed on the server that contains the primary zone database file.
Multiple
name servers act as a backup to the
name server containing the primary zone database file. Multiple name servers
provide the following advantages:
DNS
name servers resolve forward and reverse lookup queries.
Forward lookup query resolves a name to an IP address
Reverse lookup query resolves an IP address to a name. A name server can
resolve a query only for a zone for which it has authority. If a name server
can't resolve the query, it passes the query to other name servers that can
resolve the query. The name server caches the query results to reduce the DNS
traffic on the network.
Troubleshooting tools, such as the nslookup
command-line utility, use reverse lookup queries to report back host names.
Additionally, certain applications implement security based on the ability to
connect to names, not IP addresses.
Name
Server Caching
When a name server is processing a query, it
might be required to send out several queries to find the answer. With each
query, the name server discovers other name servers that have authority for a
portion of the domain name space. The name server caches these query results to
reduce network traffic.The name server caches the
query result for a specified amount of time; this is referred to as Time to
Live (TTL).
Once the name server caches the query result, TTL starts counting down from its
original value.
When TTL expires, the name server deletes the query result from its cache.
Shorter TTL values
help ensure that data about the domain name space is more current across the
network. Shorter TTL values do increase the load on name servers,
however. A longer TTL value decreases the time required to resolve information.
Because the DNS distributed database is
indexed by name and not by IP address, a reverse lookup query would require an
exhaustive search of every domain name. To solve this problem, a special
second-level domain called in-addr.arpa was created.
The in-addr.arpa domain follows the same hierarchical naming
scheme as the rest of the domain name space; however, it is based on IP
addresses, not domain names:
IP address
169.254.16.200.
IP address range 169.254.16.0 to 169.254.16.255
Subnet mask of 255.255.255.0 will have authority over
16.254.169.in-addr.arpa domain.
Configuring
a DNS Client
The Internet Protocol (
Obtain
DNS Server Address Automatically
Use The Following DNS Server Addresses
If there isn’t a Primary
DNS Server, use 192.168.1.203 as Preferred DNS Server IP address.
If there isn’t an Alternate
DNS Server, use 192.168.1.205 as Alternate DNS Server IP address.
Configure some DNS clients to use the Alt Name Server as the Preferred Name
Server to reduces the load on the primary server.
Chapter 9 : Active Directory Directory Services
Directory Service: a network sevice
that identifies all resources on a network and makes them accessible to users
and applications.
The Directory: Which stores info about
network resources, as well as all the services that make the info available and
useful.
Domain: a logical grouping of servers and other
network resources under a single domain name.
Single point of administration
Scalability – Directory can
expand as organization grows
Active Directory services integrate the Internet concept of namespace with the
Windows 2000 directory services. Shares info with other directory services that support LDAP version
2 and version 3, such as Novell Directory Services (NDS).
Active Directory Standard Name Formats:
RFC 822: names are in the form somename@domain
HTTP URL: http://domain/path-to-page
UNC: \\microsoft.com\xl\budget.xls
LDAP URL: specifies the server on which the Active
Directory directory services reside and the attributed name of the object. RFC 1779 and use attributes in the
following example:
·
LDAP://someserver.microsoft.com/CN=FirstnameLastname,OU=sys,
·
OU=product,OU=division,DC=devel
·
CN represents CommonName
·
OU represents OrganizationalUnitName
·
DC represents DomainComponentName
-Object: A distinct, named set of attributes that
represents a network resource. Object
attributes are characteristics of -objects in the Directory.
-Classes: used
to organize objects, which are logical groupings of objects.
-Containers: Can
contain other objects. A domain is a
container object.
-Organizational Unit (OU): A container
that you use to organize objects within a domain into logical administrative groups;
can contain objects such as user accounts, groups, computers, printers,
applications, file shares, and other OUs.
-Domain [211]
-ACL
-Tree: Grouping or hierarchical arrangement of one
or more Windows 2000 domains that share a contiguous namespace.
-
-Sites: The physical structure of Active Directory directory services. Combination of one or more IP subnets.
-Replication within a site
-Multimaster replication
-Affect fault tolerance
-Ring structure
-Schema: Contains a formal definition of the contents
and structure of Active Directory directory services,
including all attributes, classes, and class properties.
-Active Directory Services Interface (ADSI)
-Global catalog: Central repository of information about
objects in a tree or forest. A service and physical storage location that contains a replica of
selected attributes for every object in Active Directory directory
services.
-Global catalog server: A Domain
Controller that stores a copy of the global catalog.
-Namespace: Any bounded area in which a name can be
resolved.
-Contiguous namespace: The name of the
child object in an object hierarchy always contains the name of the parent
domain. A tree is a contiguous namespace.
-Disjointed namespace: The names of a
parent object and of a child of the same parent object are not directly related
to one another. A forest is a disjointed
namespace.
-Distinguished name (DN): Uniquely
identifies an object and contains sufficient information for a client to
retrieve the object from the Directory. Must be unique in the Direcotry.
/DC=COM/DC=Microsoft/OU=dev/CN=Users/CN=Firstname Lastname
Relative distinguished name (
Globally unique identifier (GUID): 128bit number that is guaranteed to be
unique. Assigned to objects when the
objects are created; never changes, even if you move or rename an
object.
User principal name (UPN): “friendly
name”; composed of a shorthand name for the user account and the DNS name of
the tree where the user account object resides. (Firstname@microsoft.com)
Active Directory directory services: make up the directory service included in the Windows
2000 Server products; providing a single point of administration for all
objects on the network.
Directory
service: network service that identifies all resources on a network
and makes them accessible to users and applications.
The Directory: stores info about network resources, and
all the services that make the info available and useful; resources stored: user
data, printers, servers, databases, groups, computers, and security policies,
are known as objects.
Domain:
is a logical grouping of servers and other network resources under a single
domain name. The domain is the basic unit of replication and security in a
Windows 2000 network. Each domain
includes one or more domain controllers.
Domain
controller is a computer running Windows 2000 Server that stores a
complete replica of the domain directory. To simplify administration, all domain controllers in the domain are
peers.
Active Directory directory services also share information with other
directory services that support LDAP version 2 and version 3, such as Novell
Directory Services (NDS).
Windows 2000 Server uses Dynamic DNS (DDNS), which enables clients with dynamically assigned
addresses to register directly with a server running the DNS Service and update
the DNS table dynamically; eliminates the need for other Internet naming
services, such as WINS, in a homogeneous environment.
*Active Directory directory services and associated client software to
function correctly, you must have installed and configured the DNS Service.
LDAP is an Internet standard for accessing directory
services, which was developed as a simpler alternative to the Directory Access Protocol (
HTTP: You can display every object
in Active Directory directory services as an HTML
page in a Web browser. Thus, users receive the benefit of the familiar Web
browsing model when querying and viewing objects in Active Directory directory services.
*Active Directory directory services use LDAP to exchange information between
directories and applications.
Table 9.1 Active Directory Standard Name Formats
|
Format |
Description |
|
RFC 822 |
Names in the form somename@domain |
|
HTTP URL |
Take the form http://domain/path-to-pag |
|
UNC |
Windows 2000 Server-based
networks to refer to shared volumes, printers, and files; \\microsoft.com\xl\budget.xls |
|
LDAP URL |
specifies the server on
which the Active Directory directory services
reside and the attributed name of the object; draft to RFC 1779; and use the attributes in the following example: LDAP://someserver.microsoft.com/CN=FirstnameLastname,OU=sys, OU=product,OU=division,DC=devel |
Many companies have a centralized structure.
Typically, these companies have strong IT departments that define and implement
the network structure down to the smallest detail. Other organizations,
especially large enterprises, are decentralized. These companies have
multiple businesses, each of which is quite focused. They need decentralized
approaches to managing their business relationships and networks.
In Active Directory directory
services, you organize resources in a logical structure. Grouping resources
logically enables you to find a resource by its name rather than by its
physical location. Since you group resources logically, Active Directory directory services make the network's physical structure
transparent to users.
Some objects, known as containers,
can contain other objects; a domain is a container object.
organizational unit (OU): a container that you use to organize objects within a
domain into logical administrative groups; can contain objects such as user
accounts, groups, computers, printers, applications, file shares, and other OUs.
You can delegate administrative tasks by assigning permissions to OUs.
Resources organized in a logical
hierarchical structure
The OU hierarchy within a domain is independent of the OU hierarchy structure
of other domains—each domain can implement its own OU hierarchy. The depth of
the OU hierarchy is unrestricted. However, a shallow hierarchy performs better
than a deep one, so you should not create an OU hierarchy any deeper than
necessary.
DOMAIN: The core unit
of logical structure in Active Directory directory
services is the domain. Grouping objects into one or more domains allows
your network to reflect your company's organization. Domains share these
characteristics:
TREE: Grouping or
hierarchical arrangement of one or more
Win
2k domains that share a contiguous namespace:
SITES: The physical
structure of Active Directory directory services is
based on sites.
Combination of one or more IP subnets, which should be connected by a high-speed link.
Typically, a site has the same boundaries as a
With Active Directory directory
services, sites are not part
of the namespace. When you browse the logical namespace, you see computers
and users grouped into domains and OUs, not sites.
Sites contain only computer objects
and connection objects used to
configure replication between sites.
A single domain can span
multiple geographical sites, and a single site can include user accounts and
computers belonging to multiple domains.
Fn’s of Domain Controllers (DCs):
Within a site, ADDS automatically generate a
ring topology for replication among DCs in the same
domain. The topology defines the path for directory updates to flow from one
domain con- troller to another until all domain
controllers receive the directory updates (see Figure 9.3).
Replication topology among domain
controllers (DC)
The ring structure ensures that at
least two replication paths flow from one DC to another; if one DC is down
temporarily, replication still continues to all other domain controllers.
ADDS periodically
analyze the replication topology within a site to ensure that it is still efficient.
If you add or remove a DC from the network or a site, ADDS reconfigure the
topology to reflect the change.
Schema
contains a formal definition of the contents and structure of ADDS, including all attributes, classes, and class
properties. For each object class,
the schema defines which attributes an instance of the class must have, which
additional attributes it can have, and which object class can be a parent of
the current object class.
*The schema defines the contents and structure of Active Directory directory services
Installing ADDS on
the 1st computer in a network creates the domain and the schema. The
default schema contains definitions of commonly used objects and properties
(such as user accounts, computers); contains definitions of objects and
properties that ADDS uses internally to function.
The AD schema is extensible- you can define
new directory object types and attributes and new attributes for existing
objects. You can extend the schema by using the AD Schema snap-in or the ADS
Interface (ADSI).
The schema is implemented and stored within ADDS
itself (in the global catalog), and
it can be updated dynamically. An
application can extend the schema with new attributes and classes and then can
use the extensions immediately.
Write access to the schema is limited to members of the Administrators group,
by default.
Global catalog: central repository of info about objects in a tree or forest; ADDS automatically generate the contents of the global
catalog from the domains that make up the Directory through the normal
replication process.
Contiguous namespace. The name of the child object in an object hierarchy
always contains the name of the parent domain. A tree is a contiguous
namespace.
Disjointed namespace. The names of a parent
object and of a child of the same parent object are not directly related to one
another. A forest is a disjointed namespace.
The following DN identifies the Firstname Lastname user object in the microsoft.com domain (where Firstname and Lastname
represent the actual first and last names of a user account):
/DC=COM/DC=microsoft/OU=dev/CN=Users/CN=Firstname Lastname
|
Distinguished Name
Attributes |
Description |
|
DC |
DomainComponentName |
|
OU |
OrganizationalUnitName |
|
CN |
CommonName |
DNs must be unique. Active Directory directory
services do not allow dupli- cate
DNs.
Chapter 10: User Accounts [222]
User profile: Collection of folders and data that stores
the user’s current desktop environment and application settings, network
connections, as well as personal data.
Roaming user profile:
Mandatory user profile: Read-only
roaming profile.
Logon script: A file you can create and assign to a user
account to configure the user’s working environment.
Home folder: Can be stored on local computer or network share.
·
Usrs can gain access to their home folders from any client
on network
·
Backing up and
administration of user documents is centralized
·
Home folders are
accessible from a client computer running any MS OS
Group
Permissions
Local group
Built in local groups:
·
Administrators
·
Backup operators
·
Guests
·
Power users
·
Replicator
·
Users
Chapter 11: Setting Up and Managing Groups
A group is a collection of user
accounts; allow you to assign permissions and rights to a group of users rather
than having to assign permissions to each individual user account.
Groups
simplify administration
Permissions control what
users can do with a resource, such as a folder, file, or printer. When you
assign permissions, you give users the capability to gain access to a resource,
and you define the type of access that they have. Rights allow users to perform system tasks, such as changing the
time on a computer, backing up or restoring files, or logging on locally.
* Local security database
* You can't create local groups on DCs
because DCs cannot have a security database that is
independent of ADDS.
* The Computer Management snap-in used to create groups
New Local Group Options
|
Option |
Description |
|
Group Name |
A unique name for the local
group. This is the only required entry. Use any character except for the
backslash (\). The name can contain up to 256 characters; however, very long
names might not display in some windows. |
|
Description |
A description of the group. |
|
Add |
Adds a user to the list of
members. |
|
Remove |
Removes a user from the list
of members. |
|
Create |
Creates the group. |
|
Close |
Closes the New Group dialog
box. |
* Use the Computer Management snap-in to
delete local groups. Each group that you create has a unique, non-reusable
identifier (ID). Windows 2000 uses this value to identify the group and the
permissions that are assigned to it.
* When you delete a group, you delete only the group and remove the permissions
and rights that are associated with it.
Built-in
local groups :
Stand-alone servers/member servers/ Win 2k Pro; give rights to perform system
tasks on a single computer, such as backing up and restoring files, changing
the system time, and administering system resources.
Table 11.2 Built-In Local Groups
|
Local group |
Description |
|
Administrators |
Admin tasks; by default, the Admin user
account for the computer is a member. |
|
Backup Operators |
Members can use Windows Backup to back up and restore the
computer. |
|
Guests |
Tasks for which
you have specifically granted rights; can't make permanent changes to their
desktop environment. By default, the built-in Guest account for the computer
is a member. |
|
Power Users |
Create and
modify local user accounts on the computer and share resources. |
|
Replicator |
Supports file
replication in a domain. |
|
Users |
Tasks for which
you have specifically granted rights; By default, Windows 2000 adds local
user accounts that you create on the computer to the Users group. |
System
groups don't have
specific memberships that you can modify, but they can represent different
users at different times, depending on how a user gains access to a computer or
resource. You don't see system groups when you administer groups, but they are
available for use when you assign rights and permissions to resources. Windows
2000 bases system group membership on how the computer is accessed, not on who
uses the computer.
Commonly Used Built-In System Groups
|
System group |
Description |
|
Everyone |
Includes all
users who access the computer. Windows 2000 will authenticate a user who does
not have a valid user account as Guest. |
|
Authenticated
Users |
Includes all
users with a valid user account on the computer (or all users in ADDS). Use this group instead of the Everyone group to
prevent anonymous access to a resource. |
|
Creator Owner |
Includes the
user account for the user who created or took ownership of a resource. |
|
Network |
Includes any
user with a current connection from another computer on the network. |
|
Interactive |
Includes the
user account for the user who is logged on at the computer. |
|
Anonymous Logon |
Includes any
user account that Windows 2000 didn't authenticate. |
|
Dialup |
Includes any
user who currently has a dial-up connection. |
Why
should you use groups? How do you create a local group? Are there any consequences
to deleting a group? What's the difference between built-in local groups and
local groups?
Chapter 12: Setting Up and
Configuring Network Printers
Common Printer Problems and Possible
Solutions (Printer Troubleshooting)
|
Problem |
Probable cause |
Possible solution |
|
Test page
doesn’t print-the print device is connected and turned on. |
The selected
port is not correct. |
Configure with
correct port. Check network address is correct. |
|
Test page or
documents print incorrectly, as garbled text. |
The installed
printer driver is not correct. |
Reinstall the
printer with the correct printer driver. |
|
Error message “install
a printer driver” when printing to a print server running Win 2k. |
Printer drivers
for the client are not installed on the print server. |
On print server,
add appropriate printer drivers for the client. Use the client OS CD-ROM or a
printer driver from the vendor. |
|
Docs from one
client don’t print, but other clients do. |
Client is
connected to the wrong printer. |
On the client,
remove the printer and then add the correct printer. |
|
Docs print
correctly on some print devices in a printer pool but not all. |
Print devices in
the printer pool are not identical. |
Verify print
devices in printer pool are identical or they use the same printer driver.
Remove inappropriate devices. |
|
Docs don’t print
in the right priority. |
Printing
priorities between printers are set incorrectly. |
Adjust printing
priorities for the printers associated with the print device. |
Common Printing Problems, Causes, and
Solutions
|
Problem |
Possible cause |
Solution |
|
user receives an
Access Denied message when trying to configure a printer from an application |
user doesn't
have the appropriate permission to change printer configurations |
Change the
user's permission, or configure the printer for the user |
|
a document doesn't print completely or
comes out garbled. |
printer driver is incorrect. |
Install the
correct printer driver |
|
The hard disk
starts thrashing and the document doesn't reach the print server |
Hard disk space
is insufficient for spooling |
Create more free
space on the hard disk |
Printer [255] : The software
interface between the OS and the print device.
Printer device: Hardware device.
Printer port: Software interface through which a computer
communicates with aprint device by means of a locally
attached interface.
Print server
Printer driver: One or more files containing information that
the OS requires to convert print commands into a specific printer language,
such as PostScript.
Netware; File and Print Services for NetWare (FPNW)
Unix;
Adding a printer [270]:
Connect using:
UNC name, browse the network, URL name, Active Directory
directory services (win 2k + only)
Windows-based client computer can make a connection to
a network printer by using the following command:
Net use lptx: \\server_name\share_name
* x is the number of the
printer port
Using a web browser:
http://server_name/print_share_name
printer pool: multiple print devices thru multiple ports on a print server. Local or networked print devices; should be
identical; you can use print devices that are not identical but that use the
same printer driver.
* Priorities between printers;
set priorities between groups of docs that all print on the same print device.
-Assigning forms to paper
trays
-Setting a separator page
-Pausing, resumeing,
anc canceling docs
-Redirecting documents to a
diff printer
-Take ownership of a printer
-Printer management
Chapter 13: Administering
Network Printers [283]
Printer
Permissions
Separator Page: A file that contains print device commands.
Windows includes 4 default separator
pages found in systemroot\System32
folder. Serves two functions:
·
To identify and
separate printed documents
·
To switch print
devices between print modes.
Sysprint.sep:
Prints a page before each document. Compatible with PostScript print devices
Sysprtj.sep: A version of Sysprint.sep
that uses Japanese characters.
Pcl.sep:
Switches the print mode to PCL for
HP-series print devices and prints a page before each document.
Pscript.sep:
Switches print mode to PostScript for
HP-series print devices; but doesn’t’ print a page before each document.
Redirect Documents:
If a print device becomes
faulty, you can redirect documents so that users do not have to resubmit
them. You can redirect all print jobs
for a printer, but you can’t redirect specific documents.
* Go to printer Properties à Ports tab à
Chapter 14: Securing
Resources with NTFS Permissions [309]
NTFS Folder Permissions
|
NTFS folder permission |
Allows the user to |
|
Read |
See files and
subfolders in the folder and view folder ownership, permissions, and
attributes (such as Read-Only, Hidden, Archive, and System). |
|
Write |
Create new files
and subfolders within the folder, change folder attributes, and view folder
ownership and permissions. |
|
List Folder
Contents |
See the names of
files and subfolders in the folder. |
|
Read &
Execute |
Move through
folders to reach other files and folders; perform actions permitted by the
Read permission and the List Folder Contents permission. |
|
Modify |
Delete the
folder, plus perform actions permitted by the Write permission and the Read
& Execute permission. |
|
Full Control |
Change
permissions, take ownership, and delete subfolders and files, plus perform
actions permitted by all other NTFS folder permissions. |
* You assign file permissions to control
the access that users have to files.
NTFS File Permissions
|
NTFS file permission |
Allows the user to |
|
Read |
Read the file,
and view file attributes, ownership, and permissions. |
|
Write |
Overwrite the
file, change file attributes, and view file ownership and permissions. |
|
Read &
Execute |
Run
applications, plus perform the actions permitted by the Read permission. |
|
Modify |
Modify and delete
the file, plus perform the actions permitted by the Write permission and the
Read & Execute permission. |
|
Full Control |
Change
permissions and take ownership, plus perform the actions permitted by all
other NTFS file permissions. |
Permissions Problems and Troubleshooting
Solutions
|
Problem |
Solution |
|
A user can't gain access to
a file or folder. |
Was the file/folder moved to another NTFS
volume? |
|
You add a user account to a
group to give that user access to a file or folder, but the user still can't
gain access. |
For access permissions to be
updated to include the new group the user must either log off and then log on
again, or close all network connections to the computer on which the file or
folder resides and then make new connections. |
|
A user with Full Control
permission to a folder deletes a file in the folder- user doesn't have
permission to delete the file itself. You want to stop the user from being
able to delete more files. |
You have to clear the special access permission—the Delete Subfolders And Files check box—on
the folder to prevent users with Full Control of the folder from being able
to delete files in the folder. |
Win 2k supports POSIX apps that are designed to run on UNIX. On UNIX systems, Full Control
permission allows you to delete files in a folder. In Win 2k, the Full Control
permission includes the Delete Subfolders
and Files special access permission, allowing you the same ability to
delete files in that folder regardless of the permissions that you have for the
files in the folder.
Assign the most
restrictive NTFS permissions that still enable users and groups to
accomplish necessary tasks.
Assign all permissions at the folder level; group files in a separate folder for which you want
to restrict user access, and then assign that folder restricted access.
For all application-executable files, assign
Read &
Execute and Change Permissions to the Administrators group, and assign Read & Execute
to the Users
group; assigning Read & Execute to Users and Read & Execute
and Change Permissions to Administrators, you can prevent users or viruses from modifying or deleting
executable files. To update files, members of the Administrators group can
assign Full Control to their user account to make changes and then reassign
Read & Execute and Change Permissions to their user account.
Assign Full Control to
the CREATOR OWNER group for public data folders
so that users can delete and modify files and folders that they create. Doing
so gives the user who creates the file or folder (CREATOR OWNER) full access to
only the files or folders that he or she creates in the public data folder.
For public
folders, assign Full Control to the CREATOR OWNER group and Read
and Write to the Everyone group. This gives users full access to the files
that they create, but members of the Everyone group
can only read files in the folder and add files to the folder.
Use long,
descriptive names if the resource will be accessed only at the computer. If
a folder will eventually be shared, use folder and filenames that are accessible
by all client computers.
Allow permissions rather than denying
permissions. If you don't want a user or group to gain access to a
particular folder or file, don't assign permissions. Denying permissions should
be an exception.
Chapter 15: Administering
Shared Folders [343]
Shared folders: provide network users with access to file resources.
Home folder: shared folder which contains applications, data, or a user's
personal data.
Shared Folder Permissions
|
Shared folder permission |
Allows the user to |
|
Read |
Display folder
names, filenames, file data, and attributes; run program files; and change
folders within the shared folder. |
|
Change |
Create folders,
add files to folders, change data in files, append data to files, change file
attributes, delete folders and files, plus, it allows the user to perform
actions permitted by the Read permission. |
|
Full Control |
Change file
permissions, take ownership of files, and perform all tasks permitted by the
Change permission. |
How
Shared Folder Permissions Are Applied
Applying shared permissions to user
accounts and groups affects access to a shared folder. Denying permission takes
precedence over the permissions that you allow. The following list describes
the effects of applying permissions.
Multiple
Permissions Combine.
A user can be a member of multiple groups, each with different permissions that
provide different levels of access to a shared folder. When you assign
permission to a user for a shared folder, and that user is a member of a group
to which you assigned a different permission, the user's effective permissions
are the combination of the user and group permissions. For example, if a user
has Read permission and is a member of a group with Change permission, the
user's effective permission is Change, which includes Read.
Denying Permissions Overrides
Other Permissions. Denied
permissions take precedence over any permissions that
you otherwise allow for user accounts and groups. If you deny a shared folder permission to a user, the user won't have that
permission, even if you allow the permission for a group of which the user is a
member.
NTFS Permissions Are Required
on NTFS Volumes. Shared
folder permissions are sufficient to gain access to files and folders on a FAT
volume but not on an NTFS volume. On a FAT volume, users can gain access to a
shared folder for which they have permissions, as well as all of the folder's
contents. When users gain access to a shared folder on an NTFS volume, they
need the shared folder permission and also the appropriate NTFS permissions for
each file and folder to which they gain access.
Copied or Moved Shared Folders Are No
Longer Shared. When you copy a shared folder, the original shared folder is
still shared, but the copy is not shared. When you move a shared folder, it is
no longer shared.
Shared application folders are used for
applications that are installed on a network server and can be used from client
computers. The main advantage of shared applications is that you don't need to
install and maintain most components of the applications on each computer.
While program files for applications can be stored on a server, configuration
information for most network applications is often stored on each client
computer. The exact way in which you share application folders will vary
depending on the application and your particular network environment and
company organization.
When you share application folders, consider
the points in Figure 15.3. These points are explained in more detail as follows:
When you share a data folder for working files, do the following:
Requirements
for Sharing Folders
In Windows 2000 Professional, members of
the built-in Administrators and Power Users groups are able to share folders.
Which groups can share folders and on which machines they can share them
depends on whether it is a workgroup or a domain and the type of computer on
which the shared folders reside:
These shares are appended with a dollar sign ($), which hides the shared folder from users who
browse the computer. The root of each volume, the system root folder, and the
location of the printer drivers are all hidden shared folders that you can gain
access to across the network.
Windows 2000 Administrative Shared Folders
|
Share |
Purpose |
|
C$, D$, E$, and
so on |
The root of each volume on a hard disk is
automatically share also shares CD-ROM drives and creates the share name by
appending the dollar sign to the CD-ROM drive letter. |
|
Admin$ |
The system root
folder, which is C:\Winnt by
default, is shared as Admin$.
Administrators can gain access without knowing in which folder it is
installed. |
|
Print$ |
When you install
the first shared printer, the systemroot\ System32\Spool\Drivers folder is shared as Print$; access to printer driver files for clients. Only members
of the Administrators, Server Operators, and Print Operators groups have the
Full Control permission. The Everyone group has the
Read permission. |
* share additional folders and append a
dollar sign to the share name; now only users who know the folder name can gain
access to it, granted they possess the proper permissions.
Sharing Tab Options
|
Option |
Description |
|
Share Name |
The name used
for remote access to the shared folder. You must enter a share name. |
|
Comment |
Optional description for the share name. The comment appears
in addition to the share name when users at client computers browse the
server for shared folders. |
|
User Limit |
Limit for concurrently
connections to a shared folder; Win 2k Pro supports up to 10 connections.
Windows 2000 Server can support an unlimited number of connections, but the
number of CALs that you purchased limits the
connections. |
|
Permissions |
The shared
folder permissions that apply only when the folder is accessed over
the network. By default, the Everyone group is assigned Full Control for all
new shared folders. |
|
Caching |
The settings to
configure offline access to this shared folder. |
To make shared folders available offline,
copies of the files are stored in a reserved portion of disk space on your
computer called a cache.
Since the cache is on your hard disk, the computer can access this cache
regardless of whether it is connected to the network; default cache size is set to 10 % of the available disk space. You can change
the size of the cache on the Offline
Files tab of the Folder Options dialog box. You can also see how much space
the cache is using by opening the Offline Files folder and clicking Properties
on the File menu.
Shared network
files are stored in the root folder of your hard disk; to change the location
of the cache, the Offline Files Mover (Cachemov.exe)
is available in the Win 2k Pro Resource Kit to change the cache location.
When you share a folder, you can allow
others to make the shared folder available offline by clicking Caching in the folder's Properties
dialog box; Caching Settings dialog boxà the Allow Caching Of
Files In This Shared Folder
The Caching Settings dialog box contains
three caching options:
Manual Caching For Documents
Automatic Caching For Documents
Automatic Caching For Programs
Steps to Modify a Shared Folder
|
To |
Do this |
|
Stop sharing a
folder |
Click Do Not
Share This Folder. |
|
Modify the share
name |
Click Do Not
Share This Folder to stop sharing the folder; click Apply to apply the
change; click Share This Folder, and then enter the new share name in the
Share Name box. |
|
Modify shared
folder permissions |
Click
Permissions. In the Permissions dialog box, click Add or Remove. In the
Select Users, Computers, Or Groups dialog box, click the user account or
group whose permissions you want to modify. |
|
Share folder
multiple times |
Click New Share
to share a folder with an additional shared folder name. Do so to consolidate
multiple shared folders into one while allowing users to continue to use the
same shared folder name that they used before you consolidated the folders. |
|
Remove a share
name |
Click Remove
Share. This option appears only after the folder has been shared more than
once. |
If you stop
sharing a folder while a user has a file open, the user might lose data. If you
click Do Not Share This Folder and a user has a connection to the shared
folder, Windows 2000 displays a dialog box notifying you that a user has a
connection to the shared folder.
You share folders to provide network users
with access to resources. If you are using a FAT volume, the shared folder
permissions are the only resource available to provide security for the folders
you have shared and the folders and files they contain. If you are using an
NTFS volume, you can assign NTFS permissions to individual users and groups to
better control access to the files and subfolders in the shared folders. When
you combine shared folder permissions and NTFS permissions, the more
restrictive permission is always the overriding permission.
When you use shared folder permissions on an
NTFS volume, the following rules apply:
Base your planning decisions on the following
criteria:
|
Folder name and location |
Shared name |
Groups and permissions |
|
Example: |
|
|
|
Management Guidelines |
MgmtGd |
Managers: Full Control |
Chapter
16: Auditing Resources and Events [377]
Auditing allows you to track both user
activities and Windows 2000 activities, which are called events, on a
computer. Through auditing, you can specify that Windows 2000 writes a record
of an event to the security log. The security log maintains a record of
valid and invalid logon attempts and events related to creating, opening, or
deleting files or other objects. An audit entry in the security log contains
the following information:
An audit policy defines the types of
security events that Windows 2000 records in the security log on each computer.
The security log allows you to track the events that you specify.
The types of events that you can audit
include the following:
After you have determined the types of
events to audit, you must also determine whether to audit the success of
events,
Other guidelines in determining your audit
policy include the following:
The requirements to set up and administer
auditing are as follows:
Setting up auditing is a two-part process:
1.
Set the audit
policy. The audit policy enables auditing of objects but doesn't activate
auditing of specific objects.
2.
Enable auditing of
specific resources. You specify the specific events to audit for files,
folders, printers, and Active Directory objects. Windows 2000 then tracks and
logs the specified events.
Settings window, which you
open by selecting Local Security Policy on the Administrative Tools menu.
Table 16.1 Types of Events Audited by Windows 2000
|
Event |
Description |
|
Account Logon Events |
A domain controller received
a request to validate a user account. (This is applicable only if your
computer running Windows 2000 Professional joins a Windows 2000 domain.) |
|
Account
Management |
An administrator created,
changed, or deleted a user account or group. A user account was renamed,
disabled, or enabled, or a password was set or changed. |
|
Directory Service
Access |
A user gained access to an
Active Directory object. You must configure specific Active Directory objects
for auditing to log this type of event. (Active Directory directory
services are available only if your computer running Windows 2000
Professional joins a Windows 2000 domain.) |
|
Logon Events |
A user logged on or logged
off, or a user made or canceled a network connection to the computer. |
|
Object Access |
A user gained access to a
file, folder, or printer. You must configure specific files, folders, or
printers for auditing. Object access is auditing a user's access to files,
folders, and printers. |
|
Policy Change |
A change was made to the user
security options, user rights, or audit policies. |
|
Privilege Use |
A user exercised a right,
such as changing the system time. (This doesn't include rights that are
related to logging on and logging off.) |
|
Process Tracking |
A program performed an
action. This information is generally useful only for programmers who want to
track details of program execution. |
|
System Events |
A user restarted or shut
down the computer, or an event occurred that affects Windows 2000 security or
the security log. (For example, the audit log is full and Windows 2000 starts
discarding entries.) |
Table 16.2 Local Security Policy Setting Dialog Box Fields
|
Field |
Description |
|
Effective Policy
Setting |
Indicates whether or not auditing is turned
on. |
|
Local Policy
Setting |
A check mark in the Success check box
indicates that auditing is in effect for successful attempts. |
Once you have set the audit policy, remember
that the changes that you make to your computer's audit policy don't take
effect until you restart your computer.
User Events and What Triggers Them
|
Event |
User activity that triggers the event |
|
Traverse
Folder/Execute File |
Running a program or gaining
access to a folder to change directories |
|
List Folder/Read
Data |
Displaying the contents of a
file or folder |
|
Read Attributes |
Displaying the attributes of
a file or folder |
|
Create
Files/Write Data |
Changing the contents of a
file or creating new files in a folder |
|
Create
Folders/Append Data |
Creating folders in the
folder |
|
Write Attributes |
Changing attributes of a
file or folder |
|
Delete Subfolders
And Files |
Deleting a file or subfolder
in a folder |
|
Delete |
Deleting a file or folder |
|
Read Permissions |
Viewing permissions or the
file owner for a file or folder |
|
Change
Permissions |
Changing permissions for a
file or folder |
|
Take Ownership |
Taking ownership of a file
or folder |
Printer Events and What Triggers Them
|
Event |
User activity that triggers the event |
|
Print |
Printing a file |
|
Manage Printers |
Changing printer settings,
pausing a printer, sharing a printer, or removing a printer |
|
Manage Documents |
Changing job settings;
pausing, restarting, moving, or deleting documents; sharing a printer; or
changing printer properties |
|
Read Permissions |
Viewing printer permissions |
|
Change
Permissions |
Changing printer permissions |
|
Take Ownership |
Taking printer ownership |
Logs Maintained by Windows 2000
|
Log |
Description |
|
Application log |
Contains errors, warnings,
or information that programs, such as a database program or an e-mail
program, generate. The program developer presets which events to record. |
|
Security log |
Contains information about
the success or failure of audited events. The events that Windows 2000
records are a result of your audit policy. |
|
System log |
Contains errors, warnings,
and information that Windows 2000 generates. Windows 2000 presets which
events to record. |
Additional services might add
their own event log.
Options for Filtering and Finding Events
|
Option |
Description |
|
From and To |
The date range for which to
view events (Filter tab only). |
|
Event Types |
The types of events to view. |
|
Event Source |
The software or component
driver that logged the event. |
|
Category |
The type of event, such as a
logon or logoff attempt or a system event. |
|
Event ID |
An event number to identify
the event. This number helps product support representatives
track events. |
|
Computer |
A computer name. |
|
User |
A user logon name. |
|
Description |
The text that is in the
description of the event (Find dialog box only). |
|
Search Direction |
The direction (up or down)
in which to search the log (Find dialog box only). |
Use the Properties dialog box for each type of
audit log to control the following:
Options for Handling Full Audit Log Files
|
Option |
Description |
|
Overwrite Events
As Needed |
You might lose information
if the log becomes full before you archive it. However, this setting requires
no maintenance. |
|
Overwrite Events
Older Than X Days |
You might lose information
if the log becomes full before you archive it, but Windows 2000 will only
lose information that is at least x days old. Enter the number of days
for this option. |
|
Do Not Overwrite
Events (Clear Log Manually) |
This option requires you to
clear the log manually. When the log becomes full, Windows 2000 will stop.
However, no security log entries are overwritten. |
Archiving
security logs allows you to maintain a
history of security-related events. Many companies have policies on keeping
archive logs for a specified period to track security-related information over
time.
If you want to archive, clear, or view an
archived log, select the log you want to configure in Event Viewer, click the
Action menu, and then click one of the options described in Table 16.8.
Options to Archive, Clear, or View a Log
File
|
To |
Do this |
|
Archive the log |
Click Save Log File As, and then type a filename. |
|
Clear the log |
Click Clear All Events to
clear the log. Windows 2000 creates a security log entry, stating that the
log was cleared. |
|
View an archived
log |
Click New Log View to add
another view of the selected log. |
Chapter 17: Configuring Group Policy and Local Security
Policy [395]
Password Policy Settings
|
Setting |
Description |
|
Enforce Password
History |
The value you enter in this setting
indicates the number of passwords to be kept in a password history. |
|
Maximum Password
Age |
The value you enter in this setting is the
number of days a user can access a password before he or she is required to
change it. |
|
Minimum Password
Age |
The value you enter in this setting is the
number of days a user must keep a password before he or she can change it. |
|
Minimum Password
Length |
The value you enter in this setting is the
minimum number of characters required in a password. The value can range from
0 up to 14 characters inclusive. |
|
Passwords Must
Meet Complexity Requirements |
The options are Enabled or Disabled. The
default is Disabled. |
|
Store Password
Using Reversible Encryption For All Users In The Domain |
The options are Enabled or
Disabled. The default is Disabled. This enables Windows 2000 to store a
reversibly encrypted password for all users in the domain—for example to be
used with the Challenge Handshake Authen- tication Protocol (CHAP). This option is only applicable
if your computer running Windows 2000 Professional is in a domain. |
Account Lockout Policy Settings
|
Setting |
Description |
|
Account Lockout
Duration |
This value indicates the
number of minutes that the account is locked out. A value of 0 indicates that
the user account is locked out indefinitely until the Adminis-
trator unlocks the user account. You can set the
value from 0 to 99999 minutes. (The maximum value of 99999 minutes is
approximately 69.4 days.) |
|
Account Lockout
Threshold |
The value you enter in this setting is the
number of invalid logon attempts it takes before the user account is locked
out from logging on to the computer. |
|
Reset Account
Lockout Counter After |
The value you enter in this setting is the
number of minutes to wait before resetting the account lockout counter. |
Shutting Down the Computer Without Logging On
Clear Virtual Memory Pagefile When System Shuts Down
Disable CTRL+
Do Not Display Last User Name In Logon Screen
Chapter
18: Managing Data Storage [409]
NTFS Compression
Disk quotas, quota thresholds, quota
limits
Windows
2000 ignores compression when it calculates HD space usage
Microsoft Encrypting File System (EFS)
provides encryption for data in NTFS files stored on disk. EFS encryption is
public key-based and runs as an integrated-system service
Cipher command-line utility, which enables you to encrypt and decrypt files and
folders from a command prompt.
|
cipher
[/e | /d] [/s:folder_name]
[/a] [/i] [/f] [/q] [/h] [/k] [file_name
[...]] |
Table 18.5 Cipher Command Options and Descriptions
|
Option |
Description |
|
/e |
Encrypts
specified folders. Folders are marked so that files that are added later will
be encrypted. |
|
/d |
Decrypts
specified folders. Folders marked so that files that are added later will not
be encrypted. |
|
/s |
Performs
specified operation on folders in the given folder and all subfolders. |
|
/a |
Performs
specified operation on files as well as folders. Encrypted files could be
decrypted when modified, if the parent folder is not encrypted. To avoid
this, encrypt the file and the parent folder. |
|
/i |
Continues
performing specified operation even after errors have occurred. By default,
Cipher stops when an error is encountered. |
|
/f |
Forces the
encryption operation on all specified files, even those that are already
encrypted. Files that are already encrypted are skipped by default. |
|
/q |
Reports only the
most essential information. |
|
/h |
Displays files
with the hidden or system attributes, which are not shown by default. |
|
/k |
Creates a new
file encryption key for the user running the Cipher command. Using this
option causes the Cipher command to ignore all other options. |
|
file_name |
Specifies a
pattern, file, or folder. |
EFS Features
|
Feature |
Description |
|
Transparent
encryption |
In EFS, file
encryption doesn't require the file owner to decrypt and re-encrypt the file
on each use. Decryption and encryption happen transparently on file reads and
writes to disk. |
|
Strong protection
of encryption keys |
Public-key
encryption resists all but the most sophisticated methods of attack.
Therefore, in EFS, the file encryption keys that are used to encrypt the file
are encrypted by using a public key from the user's certificate. (Note:
Windows 2000 uses X.509 v3 certificates.) The list of encrypted
file-encryption keys is stored with the encrypted file and is unique to it.
To decrypt the file- encryption keys, the file owner supplies a private key,
which only the file owner has. |
|
Integral data
recovery |
If the owner's
private key is unavailable, the recovery system agent can open the file using
his or her own private key. There can be more than one recovery agent, each
with a different public key, but at least one public recovery key must be
present on the system to encrypt a file. |
|
Secure temporary
and paging files |
Many
applications create temporary files while you edit a document, and these
temporary files can be left unencrypted on the disk. On computers running
Windows 2000, EFS is implemented at the folder level, so any temporary copies
of an encrypted file are also encrypted, provided that all files are on NTFS
volumes. EFS resides in the Windows operating system
kernel and uses the nonpaged pool to store file
encryption keys, ensuring that they are never copied to the paging file. |
If
the owner's private key is unavailable, a person designated as the recovery agent can open the file using
his or her own private key, which is applied to the DRF to unlock the list of file-encryption keys
Chapter
19: Backing Up and Restoring Data
Normal Backup: all selected files and folders are backed up;
doesn't rely on markers to determine which files to back up; marks are cleared
and each file is marked as having been backed up; up the restore process
because the backup files are the most current and you don't need to restore
multiple backup jobs.
Copy backup: all
selected files and folders are backed up; neither looks for nor clears markers. If
you don't want to clear markers and affect other backup types, use copy.
Incremental backup: only
selected files and folders that have
a marker are backed up, and then the backup
clears markers. Because an incremental backup clears markers, if you did two
incremental backups in a row on a file and nothing changed in the file, the file would not be backed up the second
time.
Differential backup: only
selected files and folders that have
a marker are backed up, but the backup doesn't
clear markers. Because a differential backup doesn't clear markers, if you did
two differential backups in a row on a file and nothing changed in the file, the entire file would be backed up each time.
Daily backup: all
selected files and folders that
have changed during the day are backed up. Backup
Wizard neither looks for nor clears
markers. If you want to back up all files and folders that change during the day, use
a daily backup.
Combining different backup types:
Restoring Data
Chapter
20: Monitoring Access to Network Resources
Information Available in the
Shares Folder
|
Column name |
Description |
|
Shared Folder |
The shared folders on the computer. This is the name that was given to
the folder when it was shared. |
|
Shared Path |
The path to the shared folder. |
|
Type |
The operating system that must be running on a computer so that it can
be used to gain access to the shared folder. |
|
# Client Redirections |
The number of clients who have made a remote connection to the shared
folder. |
|
Comment |
Descriptive text about the folder. This comment was provided when the
folder was shared. |
Information Available in the
Sessions Folder
|
Column name |
Description |
|
User |
The users with a current network connection to this computer |
|
Computer |
The name of the user's computer |
|
Type |
The operating system running on the user's computer |
|
Open Files |
The number of files that the user has open on this computer |
|
Connected Time |
The time that has elapsed since the user established the current
session |
|
Idle Time |
The time that has elapsed since the user last gained access to a
resource on this computer |
|
Guest |
Whether this computer authenticated the user as a member of the
built-in Guest account |
Chapter 21: Configuring Remote Access
Windows NT version 4 included support for several
authentication protocols:
Windows 2000 includes support for these and several additional
protocols that drastically increase your authentication, encryption, and
multilinking options. The new protocols supported by Windows 2000 include
Extensible Authentication Protocol (EAP),
Remote Authentication Dial-in User Service (RADIUS), Internet Protocol Security (IPSec), Layer-Two Tunneling
Protocol (L2TP), and Bandwidth
Allocation Protocol (BAP).
The Extensible Authentication Protocol (EAP) is an extension to the
Point-to-Point protocol (PPP) that works with dial-up, PPTP, and L2TP clients.
EAP allows for an arbitrary authentication mechanism to validate a dial-in
connection. The exact authentication method to be used is negotiated by the
dial-in client and the remote access server. EAP supports authentication by
using the following:
EAP allows for the
support of authentication technologies that are not yet developed. You can add
EAP authentication methods on the Security tab of the remote access server's
Properties dialog box.
RADIUS
provides authentication and accounting services for distributed dial-up
networking. Windows 2000 can act as a RADIUS client, a RADIUS server, or both.
A
RADIUS client, typically an ISP dial-up server, is a remote access server
receiving authentication requests and forwarding requests to a RADIUS server.
As a RADIUS client, Windows 2000 can also forward accounting information to a
RADIUS accounting server. You configure RADIUS clients on the Securities tab in
the remote access server's Properties dialog box.
A
RADIUS server validates the RADIUS client request. Windows 2000 Internet
Authentication Services (IAS) performs authentication. As a RADIUS server, IAS
stores RADIUS accounting information from RADIUS clients in log files. IAS is
one of the optional components that you can add during Windows 2000 installation
or at a later time through Add/Remove Programs in Control Panel. You can find
IAS in Administrative Tools on the Start menu.
Internet
Protocol Security (IPSec) is a set of security
protocols and cryptographic protection services for ensuring secure private
communications over IP networks. IPSec provides
aggressive protection against private network and Internet attacks while
retaining ease of use. Clients negotiate a security association (SA) that acts
as a private key to encrypt the data flow.
You
can use IPSec policies, rather than applications or
operations systems, to configure IPSec security
services. The policies provide variable levels of protection for most traffic
types in most existing networks. Your network security administrator can
configure IPSec policies to meet the security
requirements of a user, group, application, domain, site, or global enterprise.
The Layer Two Tunneling
Protocol
The Layer Two Tunneling
Protocol (L2TP) is similar to PPTP in that its primary purpose is to create an
encrypted tunnel through an untrusted network. L2TP
differs from PPTP in that it provides tunneling but not encryption. L2TP
provides a secure tunnel by cooperating with other encryption technologies such
as IPSec. IPSec doesn't
require L2TP, but its encryption functions complement L2TP to create a secure
VPN solution.
Both PPTP and L2TP use
PPP to provide an initial envelope for the data and then append additional
headers for transport through the transit internetwork.
Some of the key differences between PPTP and L2TP are as follows:
The Bandwidth Allocation Protocol
In Windows NT 4, Remote
Access Service (RAS) supports basic Multilink capabilities. It allows the
combining of multiple physical links into one logical link. Typically, two or
more Integrated Services Digital Network (ISDN) lines or modem links are
bundled together for greater bandwidth.
In Windows 2000,
Bandwidth Allocation Protocol (BAP) and Bandwidth Allocation Control Protocol
(BACP) enhance multilinked devices by dynamically adding or dropping links on
demand. BAP is especially valuable to operations that have carrier charges
based on bandwidth use. BAP and BACP are sometimes used interchangeably to
refer to bandwidth-on-demand functionality. Both protocols are PPP control
protocols and work together to provide bandwidth on demand. BAP provides an
efficient mechanism for controlling connection costs while dynamically
providing optimum bandwidth.
You can enable multilink
and BAP protocols on a serverwide basis from the PPP
tab of each remote access server's Properties dialog box. You configure BAP
settings through remote access policies. Using these policies, you can specify
that an extra line is dropped if link use drops below 75 percent for one group
and below 25 percent for another group. Remote access policies are described
later in this chapter.
Allowing Inbound Dial-up Connections
Configuring Devices for Incoming Connections
Allowing Virtual Private Connections
Specifying Users and Callback Options
Selecting Networking Components
Configuring
Outbound Connections
Dial-up Connections
The Dial-Up To A Private Network Option
The Dial-Up To The Internet Option
Direct Connections to Another Computer Through a Cable
Chapter
22: The Windows 2000 Boot Process
Windows 2000
boot process occurs in five stages: (1) preboot sequence, (2) boot sequence, (3) kernel load, (4) kernel
initialization, and (5) logon.
Files
Used in the Windows 2000 Boot Process
|
File |
Location |
Boot
stage |
|
Ntldr |
System partition root (C:\ ) |
Preboot and boot |
|
Boot.ini |
System partition root |
Boot |
|
Bootsect.dos |
System partition root |
Boot (optional) |
|
Ntdetect.com |
System partition root |
Boot |
|
Ntbootdd.sys |
System partition root |
Boot (optional) |
|
Ntoskrnl.exe |
systemroot\System32 |
Kernel load |
|
Hal.dll |
systemroot\System32 |
Kernel load |
|
System |
systemroot\System32\Config |
Kernel initialization |
|
Device drivers (*.sys) |
systemroot\System32\Drivers |
Kernel initialization |
Preboot Sequence:
During startup, initializes and then locates the boot
portion of the hard disk.
The
following four steps occur during the preboot
sequence:
1.
The
computer runs power-on self test (POST)
routines to determine the amount of physical memory, whether the hardware
components are present, and so on. If the computer has a Plug and Play basic
input/output system (BIOS),
enumeration and configuration of hardware devices occurs at this stage.
2.
The
computer BIOS locates the boot device and loads and runs the master boot record
(MBR).
3.
The
MBR scans the partition table to locate the active partition, loads the boot
sector on the active partition into memory, and then executes it.
4.
The
computer loads and initializes the Ntldr file, which
is the operating system loader.
Boot Sequence: After
the computer loads Ntldr into memory, the boot
sequence gathers information about hardware and drivers in preparation for the
Windows 2000 load phases. The boot sequence uses the following files: Ntldr, Boot.ini, Bootsect.dos
(optional), Ntdetect.com, and Ntoskrnl.exe.
Four phases: 1) initial boot
loader,
2) operating system selection, 3) hardware detection, and 4) configuration
selection.
Initial Boot Loader: During the initial boot loader phase, Ntldr switches the microprocessor from real mode to 32-bit
flat memory mode, which Ntldr requires to carry out
any additional functions. Next, Ntldr starts the appropriate
minifile system drivers. The minifile
system drivers are built into Ntldr so that Ntldr can find and load Windows 2000 from partitions
formatted with either FAT or Microsoft Windows 2000 File System (NTFS).
Operating System Selection: During the boot sequence, Ntldr
reads the Boot.ini file. If more than one operating system selection is
available in the Boot.ini file, then the Please Select The
Operating System To Start screen appears, listing the operating systems
specified in the Boot.ini file. If you don't select an entry before the timer
reaches zero, Ntldr loads the operating system
specified by the default parameter in the Boot.ini file. Windows 2000 Setup
sets the default parameter to the most recent Windows 2000 installation. If
only one entry is in the Boot.ini file, the Please Select The
Operating System To Load screen doesn't appear, and the default
operating system is automatically loaded.
Hardware Selection: On Intel-based computers, Ntdetect.com and
Ntoskrnl.exe perform hardware detection. Ntdetect.com executes after you select
Windows 2000 on the Please Select The Operating System To
Start screen (or after the timer times out).
Ntdetect.com collects a list of currently installed
hardware components and returns this list to Ntldr for
later inclusion in the registry under the HKEY_LOCAL_MACHINE\HARDWARE key.
Ntdetect.com detects the following
components:
Configuration Selection: After Ntldr starts
loading Windows 2000 and collects hardware information, the operating system
loader process presents you with the Hardware Profile/Configuration Recovery
Menu screen. The Hardware Profile/Configuration Recovery Menu screen contains a
list of the hardware profiles that are set up on the computer. The first
hardware profile is highlighted. You can press the Down arrow key to select
another profile. You can also press L to invoke the Last Known Good
Configuration option.
If there is
only a single hardware profile, Ntldr doesn't display
the Hardware Profile/Configuration Recovery Menu screen and loads Windows 2000
using the default hardware profile configuration.
Kernel Load: After
configuration selection, the Windows 2000 kernel (Ntoskrnl.exe) loads and
initializes. Ntoskrnl.exe also loads and initializes device drivers and loads
services. If you press Enter when the Hardware Profile/Configuration Recovery
Menu screen displays, or if Ntldr makes the selection
automatically, the computer enters the kernel load phase. The screen clears and
a series of white rectangles appears across the bottom of the screen.
During kernel load phase, Ntldr
does the following:
Kernel Initialization: When the kernel load phase is complete, the
kernel initializes, and then Ntldr passes control to
the kernel. At this point, the system displays a graphical screen with a status
bar indicating load status. Four tasks are accomplished during the kernel
initialization stage:
1.
The Hardware key
is created. Upon successful initialization, the kernel uses the
data collected during hardware detection to create the registry key
HKEY_LOCAL_MACHINE\HARDWARE. This key contains information about hardware
components on the system board and the interrupts used by specific hardware
devices.
2.
The Clone
control set is created. The kernel creates the Clone control set by copying
the control set referenced by the value of the Current entry in the
HKEY_LOCAL_MACHINE\SYSTEM\Select subkey of the
registry. The Clone control set is never modified, as it is intended to be an
identical copy of the data used to configure the computer and should not
reflect changes made during the startup process.
3.
Device drivers
are loaded and initialized. After creating the Clone control set, the kernel
initializes the low-level device drivers that were loaded during the kernel
load phase. The kernel then scans the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services subkey
of the registry for device drivers with a value of 0x1 for the Start entry. As
in the kernel load phase, a device driver's value for the Group entry specifies
the order in which it loads. Device drivers initialize as soon as they load.
If an error occurs while loading and initializing a
device driver, the boot process proceeds based on the value specified in the ErrorControl entry for the driver.
ErrorControl values appear in the
registry under the subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\name_of_service_or_driver\ErrorControl.
4.
Services are
started. After the kernel loads and initializes device drivers,
Session Manager (Smss.exe) starts the higher-order subsystems and services for
Windows 2000. Session Manager executes the instructions in the BootExecute data item, and in the Memory Management, DOS
Devices, and SubSystems keys.
Table 22.3 describes the function of each instruction
set and the resulting Session Manager action.
ErrorControl Values and Resulting Action
|
ErrorControl value |
Action |
|
0x0 (Ignore) |
The boot sequence ignores the error and proceeds without displaying an
error message. |
|
0x1 ( |
The boot sequence displays an error message but ignores the error and
proceeds. |
|
0x2 (Severe) |
The boot sequence fails and then restarts using the LastKnownGood control set. If the boot sequence is currently
using the LastKnownGood control set, the boot
sequence ignores the error and proceeds. |
|
0x3 (Critical) |
The boot sequence fails and then restarts using the LastKnownGood control set. However, if the LastKnownGood control set is causing the critical error,
the boot sequence stops and displays an error message. |
Instruction
Sets Read and Executed by Session Manager
|
Data item or key |
Action |
|
BootExecute data item |
Session Manager executes commands in this data item before it loads
any services |
|
Memory Management key |
Session Manager creates the paging file info required by Virtual
Memory Manager |
|
DOS Devices key |
Session Manager creates symbolic links that direct certain classes of
commands to the correct component in the file system. |
|
SubSystems key |
Session Manager starts the Win32 subsystem, which controls all I/O and
access to the video screen and starts the WinLogon
process. |
Logon process begins at the conclusion of the kernel
initialization phase. The Win32 subsystem automatically starts Winlogon.exe, which
starts Local Security Authority (Lsass.exe) and displays the Logon dialog box.
You can log on at this time, even though Windows 2000 might still be
initializing network device drivers.
Next, Service Controller executes and makes a
final scan of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services subkey,
looking for services with a value of 0x2 for the Start entry. Services with a
value of 0x2 for the Start entry are marked to load automatically. These
include the Workstation service and the Server service.
The services
that load during this phase do so based on their values for the DependOnGroup or DependOnService entries in the registry
subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
Windows 2000 startup is not considered good
until a user successfully logs on to the system. After a successful logon, the
system copies the Clone control set to the LastKnownGood
control set.
Windows 2000 control sets. A control set
contains configuration data used to control the system, such as a list of which
device drivers and services to load and start.
Typical Windows
2000 installation contains the following control set subkeys:
Clone, ControlSet001, ControlSet002, and CurrentControlSet.
Control sets are stored as subkeys of the registry
key HKEY_LOCAL_MACHINE\SYSTEM. The registry might contain several control sets
depending on how often you change or have problems with system settings.
To better
understand control sets, you should know about the registry subkey
HKEY_LOCAL_MACHINE\SYSTEM\Select. The entries
contained in this subkey include Current, Default,
Failed, and LastKnownGood.
Situations
for Using the Last Known Good Configuration Option
|
Situation |
Solution |
|
After a new device driver is installed,
Windows 2000 restarts, but the system stops responding. |
Use the Last Known Good Configuration option to start
Windows 2000 because the LastKnownGood control set
doesn't contain any reference to the new, and possibly faulty, driver. |
|
You accidentally disable a critical device driver (such as
the ScsiPort driver). |
Some critical drivers are written to keep users from
making the mistake of disabling them. With these drivers, the system
automatically reverts to the LastKnownGood control
set if a user disables the driver. If the driver doesn't automatically cause
the system to revert to the LastKnownGood control
set, you must manually select the Last Known Good Configuration option. |
Windows 2000 advanced boot options. These options include
Safe Mode, Enable Boot Logging, Enable VGA Mode, Last Known Good Configuration,
Directory Services Restore Mode, and Debugging Mode.
The other
advanced boot options provide additional troubleshooting avenues that you can
use to circumvent a normal boot and allow you to attempt to determine the cause
of a booting problem. These options are summarized as follows:
Boot.ini file might
contain the following lines:
|
[boot loader] timeout=30 default=multi(0)disk(0)rdisk(1)partition(2)\
WINNT [operating systems] multi(0)disk(0)rdisk(1)partition(2)\
WINNT="Microsoft Windows 2000 Professional" /fastdetect multi(0)disk(0)rdisk(1)partition(1)\
WINNT="Windows NT Workstation Version 4.00"" multi(0)disk(0)rdisk(1)partition(1)\
WINNT="Windows NT Server Workstation 4.00 [VGA mode]" /basevideo /sos C:\ ="Previous Operating System on
C:"" |
|
ARC (Advanced RISC Computing) Paths: During installation, Windows 2000 generates
the Boot.ini file, which contains ARC paths pointing to the computer's boot partition. (RISC stands for reduced
instruction set computing, a microprocessor design that uses a small set of
simple instructions for fast execution.): |
ARC Path
Naming Conventions
|
Convention |
Description |
|
Multi(x) | scsi(x) |
The adapter/disk controller. Use scsi
to indicate a SCSI controller on which SCSI BIOS is not enabled. For
all other adapter/disk controllers, use multi, including SCSI disk
controllers with the BIOS enabled. The x represents a number
that indicates the load order of the hardware adapter. For example, if you
have two SCSI adapters in a computer, the first to load and initialize
receives number 0, and the next SCSI adapter receives number 1. |
|
Disk(y) |
The SCSI ID. For multi, this value (y) is always 0. |
|
Rdisk(z) |
A number (z) that identifies the disk (ignored for
SCSI controllers). |
|
Partition(a) |
A number (a) that identifies the partition. |
In both multi and scsi conventions,
multi, scsi, disk, and rdisk
numbers are assigned starting with (0). Partition numbers start with (1). All nonextended partitions are assigned numbers first, followed
by logical drives in extended partitions.
Boot.ini
Optional Switches
|
Switch |
Description |
|
/basevideo |
Boots the computer using the standard VGA video driver. If
a new video driver isn't working correctly, use this switch to start Windows
2000, and then change to a different driver. |
|
/fastdetect=[comx | comx,y,z.] |
Disables serial mouse detection. Without a port
specification, this switch disables peripheral detection on all COM ports.
This switch is included in every entry in the Boot.ini file by default. |
|
/maxmem:n |
Specifies the amount of RAM that Windows 2000 uses. Use
this switch if you suspect that a memory chip is bad. |
|
/noguiboot |
Boots the computer without displaying the graphical boot
status screen. |
|
/sos |
Displays the device driver names as they are loading. Use
this switch when startup fails while loading drivers to determine which
driver is triggering the failure. |
To change
file attributes by using the command prompt, change to the folder containing
the Boot.ini file, if necessary, and then type
|
attrib -s -r -h boot.ini |
Recovery
Console commands
|
Command |
Description |
|
Chdir (cd) |
Displays the name of the current folder or changes the
current folder |
|
Chkdsk |
Checks a disk and displays a status report |
|
Cls |
Clears the screen |
|
Copy |
Copies a single file to another location |
|
Delete ( |
Deletes one or more files |
|
Dir |
Displays a list of files and subfolders in a folder |
|
Disable |
Disables a system service or a device driver |
|
Enable |
Starts or enables a system service or a device driver |
|
Exit |
Exits the Recovery Console and restarts your computer |
|
Fdisk |
Manages partitions on your hard disks |
|
Fixboot |
Writes a new partition boot sector onto the system
partition |
|
Fixmbr |
Repairs the master boot record of the partition boot
sector |
|
Format |
Formats a disk |
|
Help |
Lists the commands that you can use in the Recovery
Console |
|
Logon |
Logs on to a Windows 2000 installation |
|
Map |
Displays the drive letter mappings |
|
Mkdir (md) |
Creates a folder |
|
More |
Displays a text file |
|
Rmdir (rd) |
Deletes a folder |
|
Rename (ren) |
Renames a single file |
|
Systemroot |
Sets the current folder to the systemroot
folder of the system that you are currently logged on to |
|
Type |
Displays a text file |
Chapter 23: Deploying Windows 2000
Automating
Installations by Using the Windows 2000
Setup Manager
You can create or modify an answer file by using
Setup Manager
Fourn in Deploy.cab file located on your Windows 2000 Professional
CD-ROM Support Tools folder
Setup Manager does the
following:
If you
select the Create A
New Answer File option, you will then need to choose the type of answer
file you want to create. Setup Manager can create the following types of answer
files:
Using Disk Duplication to Deploy Windows 2000
When you install Win 2k on several clients with
identical HW configurations, use is disk duplication
Create a disk image of a Win 2k installation and copy that image to multiple clients.
This method also creates a convenient baseline
One of the tools that you will use for disk
duplication is the improved System
Preparation tool (Sysprep.exe) from Deploy.cab; adds a system service to the master image that
will create a unique local domain SID
the first time the computer to which the master image is copied is started.
The System Preparation tool also adds a Mini-Setup wizard to the
master copy; runs the first time the computer to which the master image is
copied is started; guides the user through entering such user-specific info as:
Available
Switches for Sysprep.exe
|
Switch |
Description |
|
/quiet |
Runs with no user interaction |
|
/pnp |
Forces Setup to detect Plug and Play devices on the
destination computers |
|
/reboot |
Restarts the source computer |
|
/nosidgen |
Doesn't regenerate SIDs on the
destination computers |
Performing Remote Installations
Remote installation is the process of connecting to a server running
Remote Installation Services, called the RIS server, and then starting an
automated installation of Windows 2000 Professional on a local computer.
RIS is available only on computers running one of the Windows 2000 Server family of products. The RIS server can be a domain
controller or a member server. Table 23.2 lists the network services required
for RIS and their RIS function. These network services don't have to be
installed on the same computer as RIS, but they must be available somewhere on
the network.
Network
Services Required for RIS
|
Network
service |
RIS
function |
|
DNS Service |
RIS relies on the DNS server for locating both the directory
service and client accounts. |
|
DHCP Service |
Clients that can perform a network boot receive an IP
address from DHCP server. |
|
Active Directory directory
services |
RIS relies on the DS based on AD technology in Win 2k for
locating existing clients as well as existing RIS servers. |
Remote installation: requires RIS be installed on a volume that is
shared over the network. This shared volume must:
Using the Remote Installation Services
Setup Wizard: RIS, you can run the RIS
Setup wizard, which:
Client
computers that support remote installation must have one of the following
configurations:
The Net PC: is a highly
manageable platform with the ability to perform a network boot, manage
upgrades, and prevent users from changing the hardware or operating system
configuration. Additional requirements for the Net PC are the following:
Creating Boot Floppies: If the network
interface card in a client isn't equipped with a PXE boot ROM or the BIOS
doesn't allow starting from the network interface card, create a remote
installation boot disk.
E:\RemoteInstall\Admin\i386\rbfg
in the Open box.
Windows 2000 Professional Upgrade Paths for Client
|
Upgrade
from |
Upgrade
to |
|
Windows 95 and Windows 98 |
Windows 2000 Professional |
|
Windows NT Workstation 3.51 and 4 |
Windows 2000 Professional |
|
Windows NT 3.1 or 3.5 |
Windows NT 3.51 or 4 first, then upgrade to Windows 2000
Professional |
Windows
2000 Professional Minimum Hardware Requirements
|
Hardware |
Minimum
requirements |
|
Processor |
One processor, Intel Pentium 166 MHz or higher |
|
Memory |
Pentium-based: 32 MB |
|
Hard disk |
At least 650 MB of free space on the boot partition |
|
Video |
VGA or higher video card and monitor |
|
Other components |
CD-ROM installation: CD-ROM or DVD-ROM drive |
|
Networking |
Network interface card and related cables |
|
Accessories |
Keyboard and mouse or other pointing device |
Generating The Report: You can generate a compatibility report using
the Win 2k Compatibility tool in two ways:
Software Compatibility: Most applications that run in either Windows NT Workstation 4 or Windows NT
Workstation 3.51 will run in Windows
2000 Professional. However, some applications will be incompatible. You
should remove the following software applications before you upgrade to Windows
2000 Professional:
Chapter 24: Configuring
Windows 2000 for
To configure
offline folders and files on a laptop
1.
Log on
as Administrator.
2.
Right-click
My Computer and then click Open.
3.
On the
Tools menu, click Folder Options.
The Folder Options dialog box appears.
4.
Click
the Offline Files tab.
5.
Ensure
that the Enable Offline Files and the Synchronize All Offline Files Before Logging Off check boxes are selected, and then click
OK.
To enable a
network share to provide files to be used offline
1.
Ensure
that you are still logged on as Administrator, and start Windows Explorer.
2.
Create
a folder named C:\Offline.
3.
Right-click
Offline and then click Sharing.
The Offline Properties dialog box appears with the Sharing tab active.
4.
Click
Share This Folder, and then click Caching.
The Caching Settings dialog box appears.
5.
Click
the Setting drop-down list arrow.
Notice that caching has the following three settings:
o
Manual
Caching For Documents.
o
Automatic
Caching For Documents
o
Automatic
Caching For Programs
6.
Ensure
that Manual Caching For Documents is selected and then
click OK.
7.
Click
OK to close the Offline Properties dialog box.
Leave the Windows
Explorer window open.
The following configurable settings are
available on the On Idle tab:
If your computer doesn't have an APM-BIOS installed, then Windows 2000
will not install APM, and the Power Options Properties dialog box will not have
an APM tab. However, your computer can still function as an ACPI computer if it
has an ACPI-based BIOS. The ACPI-based BIOS takes over
system configuration and power management from the Plug and Play BIOS.
If your laptop has an ACPI-based BIOS, you can insert and remove PC cards on the fly and
Windows 2000 will automatically detect and configure them without requiring you
to restart your machine. This is known as dynamic configuration of PC cards.
Two other similar features rely on dynamic Plug and Play and are important to
mobile computers: Hot and Warm Docking/Undocking and Hot Swapping of IDE and
floppy devices.
Hot
and Warm Docking/Undocking means
you can dock and undock from the Windows 2000 Start button without turning off
your computer. Windows 2000 automatically creates two hardware profiles for
laptop computers, one for the docked state and one for the undocked state. (For
more information on hardware profiles, see Chapter 4,
"Using Windows Control Panel.")
Hot
Swapping of IDE and floppy devices
means that you can remove devices such as floppy drives, DVD/CD drives, and hard
disks, you can swap devices, or you can do both, without shutting down your
system or restarting it. Windows 2000 automatically detects and configures
these devices.
Offline Folders and files [
562]
Folder options à Offline files à Enable Offline Files
Folder options à Offline files à Advanced à
Folder à Properties à Sharing à Caching à Allow caching of files in this shared folder
Synchronization Manager [565]
: Tools à Synchronize à
·
When I am Using
This Network Connection
·
Synchronize the
Following Checked Items
·
Synchronize The
Selected Items While My Computer Is Idle
APM-BIOS not
installed, Windows 2000 will not install APM, and Power Options. [569]
ACPI-based BIOS
supports dynamic configuration of PC cards:
Hot and Warm Docking/Undocking
Hot Swapping of IDE and floppy
devices
System Information Snap-In [579]:
System Summary, HW Resources,
Components, SW Environment, IE 5
Driver Signing: Ignore, Warn, Block
SFC command-line utility
Sfc [/scannow] [/scanonce] [/scanboot] [/cancel] [/quiet] [/enable] [/purgecache] [/cachesize=x]
File Signature Verification Utility [582]:
sigverif
Scaling [584]: Adding additional processors to a computer to improve
performance.
You must user Device Manager to update drivers to convert your computer from a
single processor system to one that supports multiple processors.
Performance Counters [586]
--Processor à %Processor
Time: % of time the processor spends executing a non-idle thread; indicator of % of
time the processor is active.
--Processor à %DPC Time: How
much time the processor is spending processing deferred procedure calls (DPCs). DPCs are software
interrupts or tasks that require immediate processing, causing other tasks to
be handled at a lower priority. DPCs represent further processing of client requests.
--Processor à Interrupts/Sec:
Avg. # of HW interrupts the processor is receiving and servicing in each
second. Indicator of the activity of
devices that generate interrupts, such as the system clock, mouse, NICs, and other peripheral devices. If value is more than 90% and the
Interrupts/Sec value is greater than 15 %, the processor probably needs
assistance to handle the interrupt load.
--Queue Length: # of threads in the processor queue; single queue for processor time, even on
computers with multiple processors; a
sustained processor queue of greater than two threads usually indicates that
the processor is causing a problem to the overall system performance.
Chapter
25: Implementing, Managing, and Troubleshooting Hardware Devices and Drivers
Properties Dialog Box Tabs for Selected
Devices
System Information Snap-in Nodes
|
Node |
Description |
|
System Summary |
Displays
information such as the OS, the version number of the OS, and the
manufacturer of the OS. It displays the NetBIOS computer name, the computer
manufacturer, model number, and type, as well as information about the
processor and the BIOS. It also lists the installation folder, locale, and
time zone information. Finally, it lists the total and available physical
memory, the total and available virtual memory, and the page file size. |
|
Hardware
Resources |
Displays
hardware resource settings such as any conflicts or resource sharing, DMA, IRQs, I/O addresses, and memory addresses. |
|
Components |
Displays
information about the configuration and status of devices including the
following categories: multimedia, display, infrared, input, modems, network,
ports, storage, printing, problem devices, and USB. |
|
Software
Environment |
Displays what is
loaded into memory at a particular instant. The display includes the drivers,
environment variables, network connections, tasks, and services loaded into
memory. |
|
Internet Explorer
5 |
Displays
configuration settings for Microsoft Internet Explorer. The summary displays
the version, build, product ID, install location, language, and cipher
strength. It also displays a list of associated files and version numbers,
settings for connectivity, file caching, and security. |
driver signing:
|
Sfc [/scannow] [/scanonce] [/scanboot] [/cancel]
[/quiet] [/enable] [/purgecache] [/cachesize=x] |
System File Checker's Parameters
|
Parameter |
Description |
|
/scannow |
Causes the SFC
utility to scan all protected system files immediately |
|
/scanonce |
Causes the SFC
utility to scan all protected system files at the next system restart |
|
/scanboot |
Causes the SFC
utility to scan all protected system files every time the system restarts |
|
/cancel |
Cancels all
pending scans of protected system files |
|
/quiet |
Replaces all
incorrect system file versions without prompting the user |
|
/enable |
Returns Windows
File Protection to default operation, prompting the user to restore protected
system files when files with incorrect versions are detected |
|
/purgecache |
Purges the file
cache and scans all protected system files immediately |
|
/cachesize=x |
Sets the file
cache size |
Sigverif = File
Signature Verification Utility
Scaling: Adding processors to your system to improve
performance is called scaling.
This is really more of a Windows 2000 Server family of products issue than it
is a Windows 2000 Professional issue because multiprocessor configurations are
typically used for processor-intensive applications, such as those found on
database servers or Web servers. However, any computer that runs applications
that perform heavy computation such as scientific or financial applications,
and complex graphics rendering, such as computer aided design (CAD) programs,
also benefit from multiprocessor systems.
Updating Drivers: You use Device Manager to upgrade drivers. You upgrade a driver whenever a newer version of the
driver is released. You also update drivers to convert your computer from a single processor system to one that supports multiple processors, for
example.
You can monitor the activity of your symmetric multiprocessing (SMP) system by using Performance Console and
its counters. Performance Console helps you to gauge a computer's efficiency
and locate and resolve current or potential problems.
Performance Console Objects
|
Object |
Description |
|
Cache |
Monitors the file
system cache that is used to buffer physical device data |
|
Memory |
Monitors the
physical and virtual memory on the computer |
|
PhysicalDisk |
Monitors a hard
disk as a whole |
|
Processor |
Monitors CPUs |
Performance Counters
|
Counter |
Description |
|
Under Processor,
choose % Processor Time |
The percentage
of time that the processor spends executing a non-idle thread; this counter
is an indicator of percentage of time that the processor is active. During
some operations, this can reach 100 percent. These periods of 100 percent
activity should occur only occasionally and should not reflect the normal
amount of activity for the processor. |
|
Under Processor,
choose % DPC Time |
Determines how
much time the processor is spending processing deferred procedure calls (DPCs). DPCs are software
interrupts or tasks that require immediate processing, causing other tasks to
be handled at a lower priority. DPCs represent
further processing of client requests. |
|
Under Processor,
choose Interrupts/Sec |
The average
number of hardware interrupts the processor is receiving and servicing in
each second. It doesn't include DPCs. This counter
value is an indicator of the activity of devices that generate interrupts,
such as the system clock, mouse, network adapter cards, and other peripheral
devices. If the processor time value is more than 90 percent and the
Interrupts/Sec value is greater than 15 percent, this processor probably
needs assistance to handle the interrupt load. |
|
Under System,
choose Processor Queue Length |
The number of
threads in the processor queue. There is a single queue for processor time,
even on computers with multiple processors. A sustained processor queue of
greater than two threads usually indicates that the processor is causing a
problem to the overall system performance. |
:: END DOCUMENT: