| |
NT
Server 4.0 study notes How do you move a PDC or a BDC to a new
domain? Change the Domain Name System Policy Editor will allow you
to restrict logon times - true or false? False What is the correct
syntax to start a program such as Network Monitor with a low
priority start /low netmon A local group is located in each
computers account database Why would you run Win16 apps in a
separate NTVDMS? To allow a Win16 app to interoperate with other
apps in a separate memory space Will it minimize memory used No Will
you be able to run Win16 apps which rely on shared memory to
exchange data No If you have multiple Mac subnets attached to
multiple Nics and only one subnet can see the server, what is wrong?
You need to enable routing in the AppleTalk Protocol config dialog
box What files are required for a boot disk on a machine with SCSI
drives with their bios enabled NTLDR NTDETECT.COMBOOT.INI When do
you need the NTBOOTDD.SYS file? If your SCSI controller does not
have it’s BIOS enabled? When will the BOOTSECT.DOS file be required?
When you need to boot into another OS on your system, such as MS-DOS
or Win95 What is the proper syntax for sending a print job to a
TCP/IP printer on a Unix host? Lpr -S [IP address of Unix Host] -P
[Printer Name] [filename] Both S and P are capitalized What is the
Directory Replication Service Interval? Interval at which the export
computer checks for changes to the replicated directories Do Shares
use forward slash or backslash in the pathname? Backslash, same as
DOS commands Do Internet names use forward slash or backslash in the
path? Forward slash - (as per Unix) What is the first step you
should take when one disk in a mirror set fails Break the mirror
What is the name of the application which examines memory dump
files, extracts info and writes the info to a text log? Dumpexam
What can you do if you suspect a bottleneck because too many Win95
clients are trying to access the same policy file? Use Policy Editor
to enable load balancing on the Win95 clients What two files are
required in the Winnt.exe command line in order to setup multiple
machines, including applications without physically being at the
client computer? UNATTEND.txt and the file name of the .UDF What
switch calls the UDF? /U If you have Administrator Services loaded
on a Win95 client can you manage the DHCP Server on your PDC? No -
the DHCP service can only be managed locally Which method of
licensing is the default when you install a new copy of NT Server 4?
What is the other method? Per Server - other is Per Seat What types
of networks is the default licensing option good for Small networks
or internet attached machines Why would you switch from the default
licensing option? As you add servers, each client would need a
separate license for each server they attach to. Per Seat licensing
allows the client to connect to as many Servers as necessary? Are
Sparc Ultra RISC machines supported by NT Server 4.0 No Are PA RISC
machines supported by NT Server 4.0 No What does the OSLOADER.EXE
program do? On a RISC machine it replaces the functions of NTLDR,
NTDETECT.COM and BOOTSECT.DOS on a PC What do you use to configure
IIS? Internet Service Manager Program What TCP/IP protocols are
supported by IIS FTP, HTTP and Gopher Is there any user data on the
ERD No Which versions or types of Netware servers require that you
specify a Default Tree and Context? Those not using Bindery
Emulation - Netware 4.x Which versions or types of Netware servers
require that you specify a Preferred Server? Netware 3.x or those
using Bindery Emulation What is an NDS tree? Netware equivalent of a
Domain What is the default frame type used by NT Server 4.0 802.2
Which versions of Netware use 802.3 frames pre 3.12 (1+2=3 802.3)
3.12 actually uses 802.2 frame types - industry standard What is the
role of a Member Server (stand alone server) database server,
communications, resource server etc - do not authenticate users
Where do you add display adapter drivers In the Display applet in
Control Panel Where do you change the Mouse Pointer Icons? In the
Mouse applet in Contol Panel What partition are the WinNT files on?
Boot Partition What partition are the boot files on? System
Partition How do you convert a FAT partition to an NTFS partition?
If it is empty - reformat using Disk Administrator If it has files
on it use the CONVERT.exe program from a DOS prompt. Is Migration
Tool for Netware part of GSNW Yes How do you add an NT machine to
the domain Add it in Server Manager, then boot it into network What
does cacls.exe do? Command line application to set permissions on a
remote share. How do you configure an alert in Performance Monitor
to send a message? Check Send Network Message and add the correct
name to the Net Name field. What all can you automatically configure
for clients when you are running the DHCP service NetBios Name
resolution DNS ServerWins ServerIP address What steps are necessary
to renew an account which has expired Set a new expiry date in the
future (you can also select newer expires Where is the best place
for a paging file On a partition other than the boot partition -
unless you have no choice (eg. Never put it on a stripe set with
parity) What protocols can RAS be configured to use for dial out or
dial in TCP/IP, NetBeui, NWLink What protocols can be used with RAS
autodial TCP/IP and NetBeui Error! Unknown switch argument. HOME |
WIN 2000 | NT 4.0 | INFO | LINKS | BOARDS | CAREERS | BOOKS |
COMPTIA | CONTACT NT SERVER STUDY GUIDE CONTENTS INSTALLATION AND
CONFIGURATION NTFS VS FAT UPS RAID REGISTRY USER ACCOUNTS SYSTEM
SECURITY POLICIES SHARING PRINTING NETWORK CONNECTIONS BROWSING
MANAGING DOMAINS WORKING WITH NETWARE OPTIMIZATION AND TUNING RAS
RECOVERY AND TROUBLESHOOTING STUDY GUIDES BY OTHERS ONLINE TESTS
INSTALLATION --GENERAL INFO-- You can't very well use NT until you
get it installed, right? In order to install NT, your machine must
meet the following requirements: · 16mb Ram · VGA video card ·
486-DX33 or better · 125mb free disk space · CD-ROM unless this will
be a network installation There are a couple of different options
for setup. If you are upgrading from an earlier version of NT, then
you will use WINNT32.EXE. If you are upgrading from DOS or Win95
then you will use WINNT.EXE. At this point installation will begin
and should be pretty self explanatory until you get to the upgrade
or fresh install option. If you are upgrading your server from a
previous version, then you will probably want to select upgrade as
it will preserve your user accts and all directory and share info.
This will save you the huge pain in the ass of setting all of this
up all over again. Fresh install should be self-explanatory. The
next step of note is selecting the partition that NT will install
onto. This option will allow you to delete partitions as well, but
don't be a dumbass and delete any vital ones. Next you will be asked
how you would like this partition to be formatted. Your options wil
be something like: · Format to a FAT system · format to an NTFS
system · leave it as is · Convert a FAT partition to NTFS · Convert
an HPFS/HPFS386 partition to NTFS(This is for a LAN Manager upgrade
only) The differences between the file systems will be discussed
later, so read on! Next, setup will run a version of CHKDSK and then
you will be prompted to select a directory to install the NT files
into. The recommended directory is \WINNT. After all of this you
will reboot and the more windows style set up will begin. The next
step of note is to designate whether the machine will be a PDC, BDC
or Server. It is important to select this correctly the first time
as you can't go back and change it later. The first NT Server that
you install will be a PDC. Microsoft recommends 1 BDC for every 2000
users. More than this can cause unneccesary network traffic.
--UNATTENDED INSTALLATIONS-- Now who has time to sit with the NT
machine for 45 minutes to an hour. That kind of time cuts into
cocktail time, which is why Micro$oft provided options for
unattended installations. With a little configuring beforehand, NT
will do the whole installation for you and you can take off for
drinks with your friends. In order for this to work, you need a
script known as an answer file that provides instructions to the
setup program. This script can be handwritten in a text editor such
as notepad or use the utility supplied with NT called Setup Manager.
Listed below are the various command switches that can be used
during installation. SWITCH PURPOSE /B Bypasses the creation of
startup disks /S Sourcepath. Choose location of a source file -
multiple locations will speed up installation. /F Speed up install
by not verifying files /U Denotes unattended setup mode and points
to an answer file location. Must use with /s to specify source file
location. /T Destination. Specifies installation location of temp
files used during installation. /C Bypasses checking for free space
when creating boot disks. Can speed up install. /OX Creates the
setup disks from CD-ROM or network location. Replaces damaged boot
disks. /I Specify an inf file. Default file is DOSNET.INF. --NETWORK
INSTALLATIONS-- Another installation option is to install over the
network which requires that you find a way to point the computer to
an I386 directory somewhere on your network. Here is how it is done.
First, you will need to have a shared I386 directory. Next, you need
to make a boot disk from DOS or Win 95/98. Then go to an NT Server
and go to Network Client Administrator, which is located in the
Administrative Tools section of your start menu. From here you can
create a network startup disk. UNINTERRUPTIBLE POWER SUPPLY(UPS) A
UPS is designed to protect your servers from power surges and
spikes, voltage variations and power outages. Any one of these
things can damage data, cause network problems or even destroy your
server. NT Server is designed to receive information from the UPS
via its serial port and act on it. Here are the messages that it can
receive: · POWER FAILED: This signal goes from the UPS to the
server. This alerts the server that power has failed and it is now
running on battery power. · BATTERY LOW: Some UPS will inform the
server that it the UPS is running low on battery power. · REMOTE UPS
SHUTDOWN: If NT detects that it is getting a crappy electrical
signal from the UPS it will send a message to it to shutdown and
charge itself. While in this state the UPS will continue to forward
power to NT, but will not provide any of it's other services. Once
the UPS is installed, it can be configured in the UPS control panel.
Workstations that have the messenger service installed will receive
broadcast messages when the power fails or when it comes back up.
This gives workers a chance to save what they are working and
gracefully shutdown. NTFS VS FAT --GENERAL INFORMATION-- When using
NT it is a good idea to use NTFS partitions, at least on the
partitions that contain your data. One of the advantages of the FAT
file system is the system that DOS uses. On an NTFS partition, you
can't boot from a DOS boot disk - this is one of the security
features of NTFS. Additionally, a floppy disk cannot be formatted as
NTFS. For this reason it might not be a bad idea to have a small
partition formatted FAT so that you can boot into DOS for recovery
purposes. FAT partitions can be defragmented while NTFS cannot. An
NTFS partition cannot be converted to FAT without erasing the disk
and reformating. Files moved from a FAT partition to an NTFS
partition will retain their filenames and attributes. --FEATURES OF
NTFS-- NTFS partitions provide the following features: · Supports
upper and lower case letters in names. · Allows permissions to be
set on files and directories · Supports Unicode in file names. ·
Forks in files. · File and directory names up to 254 characters in
length. · Ability to access sequential access files over .5mb
faster. · Faster access to all random access files. · Long file name
conversion to the 8+3 convention. · Support for Appletalk and the
ability to share Mac Volumes. · Disk space is used more effeciently.
RAID --GENERAL INFORMATION-- In order to understand how RAID works
it is first best to understand the following concepts regarding hard
disk configurations. · PARTITIONS -- A partition is a portion of a
physical hard disk. A partition can be primary or extended · PRIMARY
PARTITION -- This is a bootable partition. One primary partition can
be made active. · EXTENDED PARTITION -- An extended partition is
made from the free space on a hard disk and can be broken down into
smaller logical drives. There can only be one of these per hard
disk. · LOGICAL DRIVE -- These are a primary partition or portions
of an extended partition that are assigned a drive letter. · VOLUME
SET -- This is a disk or part of a disk that is combined with space
from the same or another disk to create one larger volume. This
volume can be formatted and assigned a drive letter like a logical
drive, but can span more than one hard disk. A volume set can be
extended without starting over, however to make it smaller, the set
must be deleted and re-created. · DISK ADMINISTRATOR -- This utility
is found in the administrative tools section of NT 4. This is the
tool that controls the configuration of the hard disks on an NT 4
system. You can create partitions, volume sets, logical drives,
format disks, etc. --RAID LEVEL 0 - DISK STRIPING WITHOUT PARITY--
Disk striping will distribute data across 2-32 hard disks. This
provides the fastest read/write performance as the system can access
the data from more than one place. This level of RAID does not
provide any redundancy. This means that if one of the disks fails
you lose all of the data and have to delete the stripe set and start
over once the bad disk is replaced. System and boot partitions
cannot be included in a stripe set. --RAID LEVEL 1 - DISK
MIRRORING-- Disk mirroring writes exact copies of data to more than
one disk. Each disk or partition of a disk will contain the exact
same data. If one hard disk fails, the data still exists on the
other disk. This level of RAID also increases disk read performance
as it can pull the data off of both disks. Disk mirroring on NT
Server also uses disk duplexing whereby each disk has it's own disk
controller. This provides redundancy in the case of a controller
failure. To recover from a failure, the new drive must be installed
and then in Disk Administrator break the mirror and re-establish it.
--RAID LEVEL 5 - DISK STRIPING WITH PARITY-- Very similar to RAID
level 0, however, parity information is written to each of the 3-32
disks in the array. If one of the disks fails, the data can be
reconstructed by installing a working hard disk and using Disk
Adminstrator. The parity information will be used to reconstruct the
data that was lost when that drunk employee peed in your computer
case. If more than one disk fails then you are screwed and will
spend your weekend fixing this *censored*. RAID 5 offers increased
disk read speeds, but slower write speeds because it has to write
the parity info. System and boot PARTITIONS cannot be included in a
stripe set. To recover from a failure, you must select the
regenerate option in Disk Administrator. REGISTRY --GENERAL
INFORMATION-- Ok...Now we're getting into the meat! Maybe you have
been sitting around with a bunch of computer geek wannabes who are
throwing the word registry around in every sentence so that they
sound smart and wondered what the hell they are talking about. After
this you will be able to do that too. The registry is a big-ass
hierarchical database that stores all of NT's settings. It can be
accessed by running regedt32.exe or regedit which has a few new
features. Below are the 5 subtrees and the information that each
controls. SUBTREE DESCRIPTION hkey_local_machine This subtree
contains most of the information that you will use. It holds
information about hardware, systems and programs running on the
machine. hkey_classes_root Stores file associations such as which
application should be used to open files based on the extension. It
also contains the OLE registration database and also provides
redundancy as all of its info is found in the hkey_local_machine
subtree. hkey_users Holds 2 user profiles. One is a default used for
settings when nobody is logged in and the other is for a user that
is already known to the system. hkey_current_user This subtree
contains the user profile for whoever is currently logged in to the
server. hkey_current_config Contains information about the hardware
configuration that was used during boot. Each subtree contains keys
and within most of the keys are subkeys. Once you browse deep enough
you will get to the final subkey. When this is opened, the first
line you see will be the value entry. The value entry will contain 3
parts called name, data type(5 types) and value. Most of the
registry(the static items) are contained in hive files which are
located in 2 places. Machine hive files are located in
\WINNT\SYSTEM32\CONFIG and user files are located in
\WINNT\PROFILES. The registry editors will allow you to remotely
edit the registry of another computer. The registry can be backed up
and restored in the event that mistakes are made. USER ACCOUNTS
--GENERAL INFO-- One of the most important tools in NT is the User
Manager for Domains on the PDC. On non-PDC servers and workstations,
it is called User Manager. The difference is that User Manager
creates and maintains accounts that are only applicable for that
machine, while User Manager for Domains creates domain accounts that
can be used on any machine that participates in the domain. When
user accounts are added or edited, changes are made to a SAM file.
User Manager for Domains changes the SAM file on the PDC while User
Manager changes the SAM file that is local to the machine that it
exists on. When a new acct is created it is assigned a unique
Security Identifier(SID). --GROUPS-- Using user groups is a way to
greatly simplify account administration, especially on larger
networks. If you place a group of users into a group, you only have
to change permissions for the group and it applies to all of the
users in the group. There are 2 kinds of groups, global and local.
Local groups are local to the NT machine. For fun let's say that
your company just hired some rod named Rod. He will be the
adminstrator for the network so he will need administrative rights
on all 1000 NT workstation and server computers. He would have to be
given administrative rights on all 1000 computers if we were using
local groups, which is a whole lot of work and overtime for Rod.
That is why NT also has global groups which can only be created on a
domain controller. Once this is done, Rod will be seen as the
administrator for the whole domain. NT comes with a set of
pre-installed local groups listed in the tables below: GROUP
DESCRIPTION Administrators Most powerful group so that they can
manage the configuration of the domain. Server Operators Have
necessary rights to manage domain servers. Account Operators This
group has rights to manage user accounts. Print Operators
Responsible for managing printers. Backup Operators Have rights to
control backup and restoration functions Users Have minimal rights
on the NT servers, but do have some rights on their local
workstations. Guests Very limited abilities. No rights on NT server.
Replicator Supports directory replication functions. GROUP RIGHTS
Administrators · log on locally · Take ownership of files · Access
computers from network · Create and manage user accts · Create and
manage global groups · Manage auditing and the security log ·
Shutdown or remotely shutdown the system · Assign user rights · lock
system · Bypass server lock · Format server hard disk · Change the
time · Backup files and directories · Keep a local profile · Create
and remove shares · Create common groups Server Operators · Log on
locally · Lock server and bypass lock · Change time · Format hard
drive · Shutdown or remotely shutdown the system · Backup files and
directories · Keep a local profile · Restore files and directories ·
Create and remove shares · Create common groups Account Operators ·
Log on locally · Create and manage user accounts, local and global
groups · Shutdown the system · Keep a local profile Print Operators
· Log on locally · Keep a local profile · Shutdown the system ·
Create and remove printer shares Backup Operators · Log on locally ·
Keep a local profile · Shutdown the system · Backup files and
directories · Restore files and directories Users · Create and
manage local groups(only if user has permissions to log on locally
at server or has access to user manager for domains. Guests · None
And now for the global groups. There are 3 global groups which can
only be created on a domain controller. GROUP DESCRIPTION Domain
Admins By default this group can administer the servers(also from
trusted domains) and any NT Workstation logged into the domain.
Domain Users By default, this group is a member of the Users local
groups for for the domain and NT Workstations in the domain. Domain
Guests If given permissions by the domain admin, this group permits
guest accounts to access resources across domains. SYSTEM SECURITY
POLICIES --GENERAL INFO-- In order to understand system policies,
you need to understand the difference between rights and
permissions. Rights give a user or group the ability to perform a
certain task, such as the ability to create user accounts.
Permissions give access to specific objects like files and
directories. Rights are determined by the administrator, whereas
permissions are determined by the owner of the object being
accessed. Generally rights carry more weight than permissions. NT
allows new groups and users to be created with a customized set of
rights. --EVENT AUDITING-- NT allows auditing to be enabled which
allows security information to be stored in a security log. The
table below should sum it up. EVENT DESCRIPTION File and object
access Tracks jobs sent to printers and access to files or
directories. Logon and logoff Keeps track of logging on and off
activity as well as connections to servers. Process tracking Tracks
the running and quitting of programs. Restart, shutdown and system
Self-explanatory Security policy changes Audits any changes made to
user rights, trust relationships and the auditing process itself.
Use of user rights Displays when a particular right is used. User
and group management Notes any alterations of user accounts or
groups. --PROFILES-- A user profile is a bunch of configuration
settings that comprise a users desktop. There are several different
ways that these can be configured and each is listed below. LOCAL ·
LOCAL PROFILE - Each user creates and maintains there own profile. ·
PRECONFIGURED LOCAL PROFILES - Users have local profiles that are
partially or entirely preconfigured by the admin. · PRECONFIGURED
DEFAULT USER PROFILE - Users have local profiles, but admin uses a
template for new users. This can be modified by user. NETWORK ·
ROAMING PROFILES - A path is created to the users profile and is
maintained on the server. Users can alter this profile. ·
PRECONFIGURED ROAMING PROFILE - A path is added to users account
info and a preconfigured version is stored on the server. · NETWORK
DEFAULT USER PROFILE - A default user profile that is stored in the
netlogon shared directory. Users will be able to change this
profile. · MANDATORY PROFILE - A path is made to the users profile
and a preconfigured profile is copied to that path. The user may not
modify this profile. The %systemroot%/profiles directory contains
profiles for every user that has ever logged in to the NT box. Each
user's profile contains the following folders: Application data,
desktop, favorites, personal, sendto and start menu. Any setting
that is not a part of the desktop settings is stored in the
NTUSER.DAT file. This file can be altered by editing the registry in
the HKEY_CURRENT_USER subtree. Most changes that you would want to
make can also be done in the control panels. SHARING --GENERAL
INFO-- Sharing is a bitch in NT so strap yourself down and I will
try to explain as best I can. There are 3 ways to create a share: 1)
Explorer 2) My Computer 3) NET SHARE command at a DOS prompt Lets
talk about sharing a directory. First of all, NT comes with default
shares if the server service is running. All root directories of
partitions, Netlogon and CDROM drives have default shares. These
shares can only be accesed by admins. For others to access these
resources, a new share must be made by a member of the
Administrators or Server Operators groups. A single file cannot be
shared under NT, it must be a directory. Share names can be up to 12
characters long, but it is recommended to keep them under 8 as DOS
redirectors can't handle anything longer. Spaces are allowed, but if
the share name has a space in it you will have to enclose the name
in quotations in order to access it. If you wish to hide a share so
that it does not show up on the browse list, all you have to do is
add a $ sign at the end of it(eg. isuck$). If a share is hidden then
you can only access it from a DOS prompt or via the map network
drive option in explorer. When a share is created, you have the
option of specifying permissions(see below) for the share and the
maximum number of users that can access it at one time. The NT
Resource kit contains a program called Server Manager that can be
installed on an NT Workstation or Win9x computer and will allow you
to create shares remotely so you don't have to get off of your lazy
ass and walk over to the server. When you create a share, you have
the ability to assign permissions to it so that crazy Joe with the
wandering eye doesn't get in and start erasing files. There are 3 of
sets share-level permissions: 1) Share-level 2) File-level 3)
Directory-level Now more in depth on each of these- --SHARE-LEVEL
PERMISSIONS-- When assigning permissions to a share, the users and
or group/s that are given access to a share is defined by the access
control list or ACL. For example, lets say that you have a company
called Smack City...You can assign a certain level of permission to
the Processing group such as read only and full control to the
refining group. Or you can specify by user or both groups and users.
It is very flexible and can also be very complicated. Here are the
different types of share-level permission. No access Can't get in or
access at all Read View files and subdirectories. Execute
applications. No changes can be made. Change Includes read
permissions and the ability to add, delete or change files or
subdirectories Full Control Includes change permissions and the
ability to change permissions(NTFS only) and take ownership(NTFS
only) If you are a member of multiple groups and different
permissions are assigned to each group, your permissions will be for
whichever group gives you the greater permissions unless one of your
groups is given no access. No access would override any other
permissions for any other group of which you are a member. --FILE
AND DIRECTORY PERMISSIONS-- Lets say you have an NT workstation with
3 users that share it. NT will allow you to create shares that
permissions can be assigned to the other users of the same
workstation to prevent or limit their ability to access the other
users' files or directories. This type of security occurs at the
local file system. File and directory permissions apply to NTFS
permissions only. The following permissions can be applied to
directories: · No access · List · Read · Add and Read · Change ·
Full control · Special directory access · Special file access The
following permissions can be applied to files: · No access · Read ·
Change · Full control · Special access Permission Description No
access Directory: Can't view or change directory or directory
permissions.File: Can't view or change file or file permissions.
Read Directory: Users can view files and their attributes inside
directories. User can browse through directory.File: Users can open
or execute the file and view the file's attributes and and
permissions. Add Directory: Can add files to a directory but can't
access files put into that directory.File: N/A Add and read
Directory: Users can open/execute and add files in the directory.
Can't change or delete filesFile: When a directory is Add and read,
the files in that directory are read only. Add and read cannot be
applied directly to files. List Directory: User can view files and
view file and directory permissions. Can open/execute files.File:
N/A Change Directory: Able to make new files and directories, change
or delete files, open/execute files. Can't change permissions.File:
View, change and delete files. Can't change permissions. Full
Control Directory: All of the permissions included with change and
the ability to change permissions and take ownership of files.File:
Same as change permissions, but can also change permissions and take
ownership of files. Special access Directory and file: Create custom
permissions using NT's 6 basic permissions which are read, write,
execute, take ownership, change permissions and delete. In order to
access data over the network, you must have share-level and file and
directory-level permissions. Share-level and file and
directory-level permissions can be used in conjunction with each
other. NOTE: New files will take on the permissions of the directory
that they are created in by default. --OWNERSHIP-- Files have owners
who have administrative rights to a particular object. This
permission is not stored in an ACL file and is typically given to
the creator of that object. NT includes this feature so that users
can administer their own machines and supply resources for their own
stuff. An admin would be dirty pissed if he/she had to make every
little change for a user because they didn't have permission to. So,
when a user creates an new file, for example, they are the owner of
that file and can do whatever the hell they want with it. Now let's
say that you are the admin at a company and you want to find out why
Billy the slacker is getting no work done. You access his hard drive
and you find a folder called nudie pics and you try to open it and
get denied. You can then take ownership of the file and then add
yourself to the ACL as you have administrative permission to do so.
You then kick Billy's ass out and say to yourself, Ahhh, its good to
be the king! PRINTING --DON'T BE A DICKHEAD-- This section will
discuss network printing and the like. This section hits close to
home as I used to do tech-support for a printer manufacturer. I
would like to first make a plug to all of you future admins. Don't
be a *censored*head! Just because a printer won't print doesn't mean
that the printer is the problem. Do your homework and
trouble-shooting before calling the printer manufacturer and blaming
them for having a crappy printer. I will give you an example of what
I am talking about. I was dealing with a PC support person for the
Cleveland Cavaliers. I got an email stating that the printer has
never worked since the day that they got it and has cost them
thousands of dollars in down-time and he wanted to know what we
planned on doing about it. I asked him what the problem was and he
said, It doesn't print jobs sometimes. Well, that is certainly
helpful - I know exactly what your problem is... you are a retard, I
though to myself. This guy had done 0 troubleshooting and really had
no problem desription. So, I gave him a list of things to check(not
sure if he ever did) and told him to CALL me. So, a month later I
get an email from him and he tells me that he has checked everything
and still having the same problem and said that he was 100% sure
that it was the network card. After arguing in vain with him I told
him that I would send a new network card and when it didn't fix the
problem he could CALL me with a decent problem description. A month
later he emails me again and tells me that it is still happening and
they are losing thousands of dollars per day and blah blah blah. I
basically emailed him back and told him that I wouldn't work with
him anymore because he was an idiot and sucked at his job and sucked
as a human being. Then his boss emailed me and we got in touch with
each other and had it fixed in 1 hour as it turned out to be a
simple timeout setting. Moral of the story? Don't be that guy(or
girl). --INSTALLATION AND CONFIGURATION-- Ok, got that off of my
chest. Network printing has a couple advantages over a parallel or
serial connection. The most obvious reason is that a network
connection allows multiple users easily share the same printer and
allows for permissions to be set for that device. It will typically
be faster to connect to printer via ethernet than a parallel
connection. How much faster depends on a variety of variables
including, printer processor speed, computer processor speed,
network traffic, data format, etc. In order to put a printer on a
network, you will typically need a print server. During driver
installation on an NT server, you will want to select local printer
if this NT box will be the print server. The clients, on the other
hand would select network printer and browse to the printer or enter
the UNC path to it. When installing on the print server you have to
select shared and give it a share name(under 12 characters) in order
for clients to be able to use the print queue. When you select
shared you have the option of specifying the operating systems that
will be sharing the printer. If you select any of these you will
need to supply drivers for those operating systems. If you are
accessing a shared printer from an NT workstation, you do not have
to load the drivers. The workstation will pull them off of the
server during installation. NT allows you to pool your printers so
that your job will print on the first available printer. This only
works if you have more than one identical printer with an equal
amount of memory in each. Once your drivers are all installed, you
need to worry about spool settings. By default, an NT server will
spool print jobs so that the client computer is freed up so that the
user can continue with their work. This is called background
printing. There may be occasions where you will not want to spool
the jobs to the server - maybe you have a crappy server that can't
handle the workload or for trouble-shooting reasons. In these
situations, you can change the scheduling to print directly to the
printer. --PRINTER PERMISSIONS-- Printer permissions are only
slightly different than NT's regular permissions. The table below
should explain it. Permission Description No access Can't print or
do anything else. Print Can print, pause, resume, delete and restart
their own documents only. Manage Documents Have print permissions
for all documents(not just their own). Can also control document
settings. Full access Have manage document permissions and can also
change printing order and change the printer's permissions and
properties. In addition to permissions, priorities for print jobs
can be set. For example, If you are the president of a company and
you feel that your documents are more important than the
secretaries', then on the server you can creat 2 printer objects and
assign a different print priority to each so that your documents
come out first. Like other things in NT, a printer can be audited by
enabling file and object access auditing in the user manager. Then
in the printer properties, you can select the users and/or groups
that you would like audited. --PRINTER CONNECTION PROBLEMS-- I may
include more info here than is needed for the test, but after
working for a printer company I found that most people are pretty
ignorant about printers. Even Administrators would call and would be
completely clueless as to where to start. Having said that, I will
start off with the famous can't print problem. Please note that the
following discussion focuses on TCP/IP printer connections, whereas
on the exams Microsoft will be referring to HP printers using the
DLC protocol. · No matter what the problem is, whether it be print
quality or connection related, print an internal page. Most printers
have some sort of startup or configuration page that it will print
and this page may also have the printers network settings on it.
This will verify that the printer is working properly. · Treat the
printer just like you would a computer that is not participating on
the network properly. I.E. if it is a TCP/IP printer, try to ping
it. If the printer uses a jet direct box with IP, ping the box. If
this doesn't work make sure that you can ping another device on the
network. · Check your network settings. Make sure that someone
hasn't fiddled with the printers settings and that the printer's and
computers IP settings are correct. · Make sure that everything is
plugged in correctly even if you are sure that it is. Don't be
cocky, you don't want to be that guy that calls techsupport and they
help you determine that the printer isn't connected. Believe me it
happens. I have also seen a case where an ethernet cable was chewed
up by rats, so take a good look at it. One of the best ways to test
cabling, is to take the drop in question and connect it to another
printer or computer. Can you ping the new device? If not then you
probably have a cable problem. · If you were able to ping it, then
see if you can print from the server. If not, then do the following:
Make sure that NT is pointing at the correct port. Verify that the
correct driver is installed(you may need to consult your printer
manufacturer to find out which is the correct one). Reinstall the
driver. · If you were able to print from the server just fine, then
try to narrow down whether it is just one client or several or all
that are unable to print. This is where it starts to get tricky and
you have to do your homework. If only a certain group of users can't
print, it may be a routing problem. If it is all, then something
probably isn't set up correctly on the server. If it is just one
user that can't print, then it is probably a driver problem(assuming
that they can access the rest of the net.). · If for some reason a
document gets stuck in the spooler, restart the spooler service.
This is, of course, isn't even the tip of the iceberg but these are
the basics. The main point is that when troubleshooting anything,
try to narrow it down first. You probably won't figure it out on
your first try - use the process of elimination. NETWORK CONNECTIONS
--CONNECTING A DOS WORKSTATION TO NT-- DOS is the most complicated
one to connect to NT because it has no built-in networking support.
There are several different ways to do this and we will look at
each. The first way is to use NT's NCA(Network Client
Administrator). The NCA setup will ask for your Network card type,
protocol info, etc and will then create a file on a floppy that you
would use as a boot disk on the DOS client after modifying the
protocol.ini file. This will provide enough network support to
connect to the NT server. Then a batch file will be run that will
install the Microsoft Network Client 3 for DOS. There is an easier
way to set up the Microsoft Network client 3 for DOS that bypasses
using NCA. Browse to the clients directory and look in the msclients
subdirectory. In here, you will find a disk1 and a disk2 directory.
Copy each of these to a separate floppy disk. Now all you have to do
is install disk one into the DOS client, switch to the A drive and
type setup. This will run the installation program and ans should be
pretty straight forward from there. When you first try to logon, you
will get a message that your password has expired so you will have
to change it using the following command: net password /domain:(your
domain)(username)(old password)(new password). You will probably get
an error message, but the password has been changed and should work
when you try to logon again. --GETTING AROUND THE NETWORK WITH DOS--
To browse the network, use the net view command without the quotes.
To view shared resources on a particular server, use net view
\\(server name). To connect to a shared resource, use net use (drive
letter): \\(server name)\(resource). If you need to map to drive
letters higher that E, then you will have to edit your config.sys
file and add LASTDRIVE=(whatever you want the last drive letter to
be). To use a printer type net use (port such as
lpt1:)\\(server)\(printer share name). To disconnect a network
connection type net use /delete. --CONNECTING WINDOWS FOR WORKGROUPS
TO NT NETWORKS-- During installation of Windows for Workgroup you
will install the network card. If it was not done at this time or
you installed a new network card, then go to the Network Group and
run the network setup program. Once the network card is setup and
you have logged into the domain, you can browse shared network
resources and servers. To do this, open file manager and click disk
and then connect network drive and you will see the browse list.
Working with printers is similar except you open Printer Manager and
click Printer and then Connect Network Printer. --CONNECTING WINDOWS
95/98 TO NT NETWORKS-- Like Windows for Workgroups you will have the
option of setting up network support during Windows installation.
But again let's pretend that it didn't happen that way or that you
are adding a new network card. To set this up, all you have to do is
go to the networking control panel, click the configuration tab,
select add and you will see choices of client, adapter, protocol and
service. Select adapter. Select your adapter type or go to have disk
if you wish to install 3rd party drivers. IPX and NetBeui protocols
will automatically be installed. Clicking on the add or remove
buttons from the configuration tab to add or remove protocols. In
order to enable the workstation to log into the domain, you will
need to go to the properties of Client for Microsoft Networks. In
this dialog box, you will need to select log on to Windows NT domain
and enter the domain name. Once finished with all of this you will
have to reboot and will then be able to log in. Like NT. Windows
95/98 uses the Network Neighborhood interface to browse the network.
--WINDOWS TERMINAL SERVER-- What the hell is it? It is similar to a
centralized network - remember that from networking essentials?
Essentially, the network would have 1 or more terminal servers and
the rest of the computers would be almost like dumb terminals which
are also known as thin clients. Thin clients can be any crappy old
computer that you have laying around which is one of the attractions
to this type of set up - hardware savings, although you have to have
enough beefed up servers to support them. This is not the only
advantage however, you also save on support as Winterm can be
configured to run all of the applications on the servers. This means
that if there is a problem, odds are good that it is occurring at
the server which makes for easy and centralized support.
Installation of the Terminal Server is very similar to an NT
installation. Once installed, you will notice some differences in
the administrative tools from NT 4.0 as it will now include the
following: · Terminal Server Client Creator -- Will create floppies
for Client installation on the workstations. · Terminal Server
Administration -- The Big Brother application that allows you to
view what the clients are running, disconnect them and view protocol
information. · Terminal Server License Manager -- Allows you to add
or subtract client licenses that you must pay for. · Terminal Server
Connection Configuration -- Used to configure the RDP protocol, set
security and a bunch of other stuff. In order to set this up for a
workstation, the Windows Terminal Client must be installed. On the
server side, you will need to select either Remote Desktop
Protocol(RDP) or MetaFrame. MetaFrame is faster as it only sends the
changed information from the client as opposed to RDP which will
resend the whole desktop if a user deletes a file from it, for
example. --MACINTOSH CONNECTION TO NT NETWORKS-- NT offers Services
for Macintosh to allow MACs to access shared resources as well as
provide other services including: · Support for appletalk protocols
without the need for a gateway. · MAC filename attribute support. ·
Support for Appleshare protocol · Allows MAC users to access
non-PostScript printers without the need to convert documents. ·
Ability to map extensions for PC files which allows MAC apps to
recognize PC file extensions. · Allows PC users to access
Laserwriter printers without the need to convert documents. · Allows
for 255 simultaneous appletalk sessions per NT server. So how do you
set this all up? On the server side, you need to install services
for Macintosh which requires an NTFS partition. If there are routers
on the network, they will need to be configured to route the
Appletalk protocol or NT server can be set up to perform this
function. If you will be using NT as the router, you will need to
specify the zones and the network range. Each number in the network
range will support up to 256 devices per network segment. After
rebooting, the NT server should show up in the chooser on the MACs
and a Microsoft UAM Volume will appear on the NTFS partition. Now
MAC volumes can be created using server manager. Finally, you will
need to set your permissions for the MAC volumes. Following are the
MAC permissions: Permission Description See Files Like NT's read
permission. Permits the everyone, a primary group or everyone to
view files in the MAC volume. See Folders Same as see file
permissions except it applies to folders within the MAC volume. Make
Changes Similar to NT's change permissions. Permission to view, add
and delete files or folders. Can also save changes. Replace
permission on subdirectories Whatever permissions are set and copies
them to all of the folders within the MAC volume or a folder within
the volume. Cannot remove, rename or delete. Users can't rename,
remove or delete a MAC volume or a folder within it. Not much setup
needs to be done on the MAC side unless you would like to maintain
NT's C2 security and allow for encrypted passwords. The software for
this is included with NT server and would need to be installed on
every participating MAC client. You are now ready to move files back
and forth, except you will undoubtedly run into problems. Obviously,
Macs and PCs use different file systems and this also means that
they won't recognize each others file types without some
configuration. For DOS extensions, you will need to use file manager
to change the extension mappings for ones that aren't correctly
configured. If an application isn't listed then you will need to get
to the type and creator codes for the files it supports. On the Mac
you will probably need a 3rd party converter application like
Maclink. Many applications have cross platform versions available.
If you would like to find out more about how Appletalk works, click
here to read our tutorial. BROWSING --GENERAL-- The browsing service
allows one to view what recources are available on your network. In
order for this to work, at least one computer has to be the Master
Browser that is responsible for maintaining a browse list. Keep in
mind that every computer on the network is either a master browser,
backup browser, potential browser or not participating. There are
several rules that govern who becomes the master browser as follows:
· Each subnet on a tcp/ip network must have its own master browser.
· As long as a PDC is up and running, it will be the master browser
and any BDCs will be backups. This can be changed by editing a
couple of registry keys, however. · There will be 1 backup browser
for every 15 computers on the network. · If the master browser
cannot be reached, then an election is held to determine the most
suitable candidate. Priority is based on the type of computer(NT
Server then NT Workstation then Win95 then ETC) MANAGING DOMAINS
--BACKGROUND-- Whenever you log in to an NT Server, a session is
created. Server Manager is a very important tool for managing your
domain as it allows you to: · Synchronize a PDC's security database
with the BDCs. · Setup directory replication · Add and remove NT
machines from your domain. · Create and remove shares · Change an NT
server from BDC to PDC or vice versa · View users with open sessions
on a particular machine · View how long the user has been using a
particular resource · The resources being accessed during the
session · View all non-hidden computers on the network · View
Macfiles · Send messages or alerts to clients(for Win 95/98 must
have Winpopup running) Allows you to configure the services on your
other NT servers. Remote administration will only work on other NT
Servers, NT workstations or LAN Manager 2.x and will only include
current data. If you want to view statistics over a period of time
then you will need to set up Performance Monitor or use the set
statistics server from a command prompt. Server Manager also gives
you the ability to disconnect users from a server, however, certain
things must be in place in order for it to work. When a user logs on
to a server, the server verifies the users login information with a
domain controller and a Security Access Token(SAT) is created that
allows the user to reaccess a share. If you disconnect the user, the
next time they attempt to access a particular share the server will
look at the SAT and let them back in and the user will never even
know that they had been given the boot. Instead, change the users
permissions to no access and then boot them. Then the server will
have to query a domain controller to create a new SAT and the domain
controller will report to the server that the user doesn't have
access to that share. Next, I want to mention the system shares that
Server Manager allows you to view. They are as follows: Share What
is it? ADMIN$ This share is used for the remote administration of a
server. NETLOGON You will only see this one on domain controllers.
It is used by the net logon service, which keeps your PDCs and BDCs
synchronized. It is responsible for handling login attempts. REPL$
Used when NT server is acting as an replication export server. IPC$
Shares the named pipes that are used for the creation of sessions
between apps. Used during remote administration or viewing shared
resources. PRINT$ The share for printers driveletter$ This is the
root directory for a storage device on an NT server. --DIRECTORY
REPLICATION-- Server Manager is also used to set up replication.
Directory replication is used to export directories to another NT
server or Workstation such as the exportation of login scripts from
a PDC to a BDC, for example. This is useful for server load
balancing and redundancy. Only NT servers can export, NT servers, NT
workstations and OS/2 LAN Managers can import. Replication occurs in
the followin manner: Let's say that you have a domain called crap.
Crap has a server called poop that is configured as an exporter to
the crap domain. You also have 3 NT workstations that have the
directory replicator service running and are configured as
importers. Once the service has been configure a directory at
C:\winnt\system32\REPL\EXPORT will be created. Directories that are
to be exported will go in subdirectories that you create within the
C:\winnt\system32\REPL\EXPORT directory. Once everything is
configured on the importer, a directory called
C:\winnt\SYSTEM32\REPL\IMPORT will be created. This is where the
directories will be copied to. Then, run server manager and click
the replication button to set up the rest. Note that the importers
and exporters must support the same file system. You also must make
sure that the Directory Replication service is started in the
services control panel. WORKING WITH NETWARE --BACKGROUND--
Unfortunately, most networks will be a mix of network operating
systems which makes the process of everything working together a
little more complicated. The big one that you have to wory about in
real life and in the exam is Netware, so really know this section.
The 2 basic Netware situations that you will need to worry about for
this exam are: NT Server on a Netware network and Netware on an NT
Server network. --CONNECTION OPTIONS-- · NWLink is a routable
transport protocol that imitates Netware's IPX/SPX protocol and is
all that is necessary to allow NT to run applications from a Netware
server, but does not allow file and print sharing. After this is
installed you will now have multiple protocols bound to your
ethernet card(if you didn't already). To improve your network
performance change the binding order so that the most frequently
used protocol is first. · File and Print Services for Netware(FPNW)
is add on software that allows Netware clients to access an NT
Server. The NWLink protocol must be installed for this method to
work. · Client Services for Netware(CSNW) allows NT workstations
file and print sharing access to a Netware server. The NWLink
protocol will automatically be installed with CSNW. · Gateway
Services for Netware(GSNW) creates a gateway that allows NT clients
to access a Netware network via an NT Server without having to
install any clent software. GSNW will also allow you to run many
Novell commands from a command prompt. NWLink is required and will
be installed automatically when GSNW is installed. You must create a
group called NTGATEWAY on the Netware server and then map a drive on
the NT Server for the clients to access. The account used for the
gateway must be a member of the NTGATEWAY group and have appropriate
permissions for the resources on the Netware server. Only the
NTGATEWAY account is necessary to allow all users to access Netware
resources. Accessing a Netware server via a gateway will be slower
than connecting directly. Go here for our new whitepaper dedicated
to Gateway Services For Netware with installation instructions. ·
Netware Client Software is Novell's solution to the whole mess and
substitutes ODI(what Netware uses) based network drivers for the
NDIS ones that come with NT. This would be used if you were
connecting a few NT workstations or Win 95/98 machines to a Netware
network and did not want to use CSNW. This situation doesn't really
apply to this exam, but I included it just in case. --FRAME TYPES--
Once you have all of this figured out, you then need to worry about
the frame type. If mismatched frame types are used then
communication will not happen. By default, NWLink and GSNW will only
allow you to connect to Netware 3.12, 4.1, 4.11, which use Ethernet
802.2 frame type. Auto-detection should work fine in this situation
as NWLink also uses 802.2. Auto-detect is only capable of selecting
one frame type so to connect to NetWare 3.11 or lower, you need to
use manual configuration and select both frame types as these lower
versions of Netware use the Ethernet 802.3 frame type. --MIGRATION
TOOL-- NT has a file called NWCONV.EXE that is designed to aid in
the event that you are moving away from a Novell based network to an
NT network. You must first set up GSNW as described above. After
running the conversion, you need to make sure that all of the
Netware workstations have the SMB redirectors installed so that they
will be able to access the NT server. OPTIMIZATION AND TUNING
--PERFORMANCE MONITOR-- Performance Monitor uses counters not only
allows you to view statistics on a local NT Server, but on others
located on the network as well. Perfmon allows you to locate trouble
areas and bottlenecks on your NT Server. The main sources of these
bottlenecks are the network card and drivers, CPU, memory and the
disk subsystem. These problems will vary depending on whether your
server is a file server or an application server. Perfmon gives you
several ways to handle your statistics as follows: · Report - view
statistics. · Chart - good for finding problems over a period of
time. · Log - used to view data over a period of time. · Alerts -
Alerts can be configured so that you are notified when a particular
counter has passed a benchmark that you have set. The results can
only be sent to one user. Following are how to tell where the
problem is: · DISK - If the %disk time is over 90% or the disk queue
length is over 2, then there is a problem with either the disk or
the controller. You must type DISKPERF -Y at a command prompt to
enable disk performance counters. · NETWORK CARD - Use the
network/%network utilization counter. You won't be able to use this
unless you have the Network Monitor Agent installed and running. If
this value is over 30% then the network card is the problem. As
previously mentioned, make sure that you bind your most used
protocols first. · CPU - Check the %processor time. If it is running
above 80% then there is a problem. To get TCP/IP statistics you will
need to have SNMP running. · MEMORY - The pages/sec counter should
be less than 20. The available bytes should be more than 4mb and
committed bytes should not exceed the amount of physical memory
installed in the computer. You will also want to use Performance
Monitor to keep an eye on your paging file(virtual memory) by using
the %usage and %usage peak counters. Microsoft recommends that the
paging file is set to a value equal to the amount of RAM +12. So if
you had 32mb of RAM, your initial paging file size would be 44, but
using Perfmon and viewing the %usage and %usage peak counters is the
best way to tell whether it is cutting the mustard. --MISC-- The
Event Viewer is a configurable tool that keeps track of what happens
on your server and tracks 3 categories of information: System,
Security and Application. The system log will contain information
about drivers and services that fail to start. The security log will
keep track of events that you enable in auditing. The Application
log keeps track of application errors and processes. Task manager
allows you to list and stop running programs, start programs, view
CPU and memory usage, view running processes and change their
priority. REMOTE ACCESS SERVICE(RAS) --GENERAL-- RAS is basically
NT's dial up networking service that allows NT to dial out to other
computers and to receive calls as well. On the client side it is
called Dial Up Networking(DUN) which is not as robust as RAS.
Essentially, RAS turns your dial-up-communications into a network
card. In NT 4.0 a new software layer called TAPI has been added
which allows software vendors to not have to provide support and
worry about the type of modem being used. TAPI handles this for
them. RAS supports the SLIP and PPP dialup protocols. PPP is most
commonly used as it allows for dynamic addressing. RAS supports
modem, frame relay, direct serial, x.25 and ISDN connections.
Additionally, RAS has an option for multilink PPP that allows for
connections to automatically be pooled. By default RAS uses the
NetBeui protocol but can also use TCP/IP and IPX/SPX. TCP/IP must be
used with programs that use Winsock. An LMHOSTS file on a RAS client
can speed up NetBios name resolution. --LOGIN AUTHENTICATION-- RAS
provides several different authentication possibilities as follows:
· Allow any authentication including clear text -- Allows for a
variety of password authentication protocols including PAP. This is
a good option if you have a variety of RAS client types. · Require
encrypted authentication -- Will allow any password authentication
except for PAP. · Require Microsoft encrypted authentication -- This
will use CHAP(Challenge Handshake Authentication Protocol) or MSCHAP
and means that only Microsoft clients will be able to attach. ·
Require data encryption -- Will require all data to be encrypted By
default nobody is able to dial in to the RAS server. These
permissions have to be set in the Remote Access Service
Administrator. Once this is done, there is a callback security
option that must be set. Callback security can be set so that the
RAS server will call back a user trying to login to verify that
their phone number matches their login ID and password. Not only
does it provide security, but it can also save customers money if
they are dialing in long distance. There are 3 possible options: ·
No call back -- Default option that provides no added security. ·
Set by caller -- Once the user is validated, RAS will then call the
user back. Provides no additional security. ·
|
