Server/Workstation 4.0 STUDY NOTES
Windows NT features
Portability run on variety of platforms (IBM PowerPC , MIPS , DEC Alpha , Intel)
Multithreading (execute multiple threads)
Supports many clients (MS 3.11 , 95 ,OS/2 , MSDOS , Mac)
Symmetrical multiprocessing (share all tasks among processors)
Compatibility with applications (DOS 16 bit ,Win 16 bit , POSIX , OS/2 , 32 bit)
Ram 4 gig HDD 16 exabytes
Protocol support (TCP/IP , DLC , NetBEUI , AppleTalk , NWLink)
32 bit flat , linear addressing of
Windows NT architecture
User mode where user applications and environmental subsystems are executed
Security subsystem handles logon process
Kernel mode privileged processor mode (Executives services)
NT Executive is the interface between Kernel and user mode
Kernel schedules all system activities
HAL hides difference between diff types of hardware
Requirements for installation
|Processor||486/33||486/33||PrePcompliant Power PC|
|Memory||12Mb (16 recommended)||16Mb||16Mb (24Mb)|
|HD Free Space||110Mb||125Mb||110MbW 160MbS|
|CDROM||Yes/or networked CD-ROM||Yes/or networked CD-ROM||SCSI CD-ROM/or networked|
(32K cluster Hard disks require
200Mb free space for Server)
Differences between Server and
|Inbound client sessions||Unlimited||10|
|Replication||Import & export||Import|
|Other||Services for Mac ,logon validation Disk fault tolerance||None|
Winnt.exe is used for the regular Windows NT setup, or an installation through DOS or Windows 95. Can also be used to create the setup disks by running WINNT /OX.
Winnt32.exe is used to upgrade from another version of Windows NT.
When upgrading from 3.51 to 4.0 almost all registry settings
are transferred (security, user and group accounts ,network
settings and configuration ,desktop environment, preferences set
for admin tools). You can't convert to NTFS during installation
using Winnt.exe, only afterwards.
Winnt/32 can be used :
PDC/BDC MS = REINSTALL NT SERVER
MS PDC/BDC = REINSTALL SERVER
BDC PDC or PDC BDC = USE SERVER
/ox Create boot disks only for CD-ROM or floppy installation
/o Create boot floppy
/b Installs without boot floppies
/u Unattended install (MUST USE /S) uses /b automatically
/udf Uniqueness database file
/s Specifies location of source files (use multiple /s to speed up installation)
/f Pr events winnt.exe from verifying files as they are copied
/c Skips free space check
/t Specifies temp directory
/e - specifies command to execute at end of GUI setup
/i- specifies filename of setup info file (DOSNET.INI)
/r - specifies optimal directory to be installed
/rx - specifies optimal
directory to be copied
Winnt32.exe doesn't support /f or /c
or /rx switches
Winnt /s:e\ /u:unatt.txt /udf:u1,udff.txt
For /u if you have two diff platforms must have two answer
To install NT from an unsupported CD-ROM you must have DOS or
Windows installed with drivers that support the CD-ROM.
Sysdiff records the diff between a normal NT installation and an installation to which you have added other software. It can automate the distribution of both operating system and application software to a large no of computers. Sysdiff is used to install applications that require interactive installation
Snap snapshot of registry and system files and directories
Diff records the difference between previous snapshot and state of the installation at the time sysdiff is run again
Inf - creates an inf file containing info about installation preferences
Apply applies data in diff file to installation
Dump used to review
details of diff file
Don't confuse Sysdiff with Windiff [directory
compression tool for NT 3.51]
Setup Manager can be used
to create unattended answer files. It has three sections :
General ; Networking and Advanced Setup. The answer file contains
answers to the prompts you receive during an installation and an
UDF file contains info about each specific computer and it is
merged with the answer file at the graphics section of the
To install applications that aren't included with the retail
version of NT the required files must added to subdirectories of
the $OEM$ directory on the distribution sharepoint. Then add
"OemPreinstall = Yes" to the [unattended] section of
the answer file and add the installation commands to the
Divides data into 64k blocks and spreads it equally among all disks in the array.
Needs a minimum of two hard disks.
Disk Mirroring (Uses MT fault tolerance driver FTDISK.SYS)
Duplicates a partition on another physical disk.
Disk Duplexing (2nd controller)
Duplicates a partition on another physical disk which is connected to another Hard Drive Controller.
Disk Striping with parity (3-32 disks) (Use regenerate)
Distributes data and parity information across all disks in
the array. The data and the and parity information are arranged
so they are always on separate disks. A parity stripe block
exists for each row across the disk. The parity stripe is used
for disk reconstruction in case of a failed disk. Supports a
minimum of three disks and a maximum of thirtytwo disks.
Merges numerous partitions into one drive mapping. Drives are
read one at a time.
System and boot partitions cannot be
part of a stripe or volume set, but can be a part of disk
mirroring and duplexing partitions.
To create a fault tolerance boot disk
copy Boot.ini , Ntldr , Ntdetect.com , Ntbootdd.sys(SCSI without
BIOS) to a disk formatted in NT and modify Boot.ini to point to
the mirrored boot partition.
Speed factors Disk striping will provide the
fastest read/write performance as it can read multiple disks at a
time. Disk striping with parity is slower, as it has to write the
parity information, but is still faster than disk mirroring and
volume set. Disk mirroring is slow due to the redundancy factor
of writing the same information to two drives at once. Volume set
can only read/write one drive at a time.
To recover from drive failure with disk mirroring,
you must install the new drive, boot the system into NT, run disk
administrator, break the mirror and then recreate the mirror.
To recover from drive failure with disk striping
with parity, you must install the new drive, boot the system
into NT, run disk administrator, and choose the Regenerate
To recover from multiple drive failure with disk striping with
parity, you must install the new drives, boot the system into NT,
and restore the system backup from tape.
Booting Windows NT
The files required to boot NT on Intel are : Ntldr , Boot.ini
, Bootsect.dos , Ntdetect.com , Ntbootdd.sys , Ntoskrnl.exe ,
System(\winnt\sysrem32) , Device Drivers(FTDISK or SCSIDISK)
On a RISC machine : Osloader.exe , *.pal , Ntoskrnl.exe
, System , Device Drivers
The Intel Preboot sequence is :
The Intel Boot sequence is : NTLDR switches processor from real mode to 32-bit flat memory mode
The RISC Preboot sequence is :
The RISC Boot sequence is :
(In all cases, edit boot.ini or use
the Emergency Repair Process)
1. PROBLEM NT boots automatically.
REASON If boot.ini is missing,
NTLDR will attempt to boot directly to NT. If NT is installed in
the default directory, it will boot to NT. If NT is installed in
any other directory, this message will appear:
Windows NT could not start because the following file is missing or corrupt:
Please install another copy of the above file.
2. PROBLEM "NT (default)" suddenly appears as a menu selection.
REASON The path under
"default" does not match any of the paths in the
"Operating System" section
3. PROBLEM After you select an operating system from
the menu, the following message appears:
Windows NT could not start because the following file is missing or corrupt:
Please install another copy of the above file.
REASON The path to windows
NT is incorrect for the selection made on the menu. NT will go to
the path for the OS specified and look for Ntoskrnl.exe but will
not find it.
4. PROBLEM After you select an operating system from
the menu, the following message appears:
OS Loader V4.0
Windows NT could not start because of a computer disk
hardware configuration problem. Could not read from the
selected boot disk. Check boot path and disk hardware.
Please check the Windows NT documentation about blah, blah, blah
REASON The arcpath name is
pointing to an invalid or nonexistent device.
Error message problem fix
BOOT: couldn't find NTLDR
Please insert another disk.
(appears before boot menu) NTLDR
is missing Use the emergency repair process.
NTDETECT V1.0 checking Hardware E ...
(appears on same screen as menu, after you select) Ntdetect.com is missing Use the emergency
NT could not start because the following file is either missing or corrupt:
Please reinstall a copy of the above
(appears after last known good prompt) Ntoskrnl.exe
is missing or boot.ini is missing or
NT is installed in another directory (not \Winnt) or boot.ini
directs the OS to a location that doesn't contain a valid
Ntoskrnl.exe. Use the emergency repair process.
/O Error accessing boot sector file
(appears on same screen as menu, after you select) Bootsect.dos is missing Use the emergency
OS Loader V4.00
Windows NT could not start because of a computer disk hardware configuration problem.
Could not read from the selected boot disk. Check boot path and disk hardware.
Please check the Windows NT
documentation about hardware disk configuration and your hardware
reference manuals for additional information.
(appears on same screen as menu, after you select) Indicates
that the NT entry in boot.ini points to a missing
or malfunctioning device or to a disk partition that
doesn't contain a file system recognised by NT boot loader. NT
loader can't access the partition on which NT is stored or NT is
confused about which is the primary hard disk controller : STOP : 0x000007E : Inaccessible Boot Device
error is shown (SCSI devices that don't conform completely to the
SCSI standard can cause this problem) . This is an unrecoverable
"blue screen" problem.
NT will use the Last Known Good
Configuration when the system is recovering from a
severe or critical device driver loading error , or if it is
selected during the boot process. Booting from the Last Known
Good Configuration provides a way to recover from a problem with
a driver that was recently added or if modified registry entries
prevent NT from booting . If it is used any configuration changes
made during the last system boot will be lost .
The Emergency Repair Disk can be used to return NT to a state
of the last emergency repair update. This disk can repair missing
or corrupt NT files and restore the registry (SAM database ,
security info , disk configuration info , software registry
entries , system info). The RDISK.EXE
utility is located in the \winnt\system32 directory and has two
options : update repair info , or create repair info. The RDISK
utility will copy the system hive , SAM , Security hive ,
software hive , default hive , config.nt , autoexec.nt and
creates setup.log (/s switch does not back up default , Sam , or
security). To use the Emergency Repair process you must boot with
the NT Setup Boot disks and choose to repair and also have the NT
CD-ROM handy in case files are needed off it. If SAM is to be
replaced you need the administrators password on the Emergency
Repair Disk. There are four options when using the ERP : Inspect
registry files , Inspect the start-up environment , Verify NT
system files , and Inspect boot sector.
The Windows NT Boot Disk
contains boot.ini , NTLDR , NTDETECT.COM , NTBOOTDD.SYS and the
disk must be formatted in NT using /s switch to copy the system
files to the disk. This disk can be booted and you can copy any
of the files to the boot drive if you are having a problem with
multi/scsi - identifies the adapter controller (scsi = scsi bios not enabled)
disk - scsi bus number (varies on scsi for successive disks)
rdisk - ordinal number of disk (changes for multi )
partition - number of partition
/NOSERIALMOUSE -disables serial mouse detection
/BASEVIDEO - load in standard vga mode
/CRASHDEBUG - enables automatic recovery and restart features of NT
/SOS - displays names of device drivers as loaded
/NODEBUG - debugging info not monitored
/MAXMEM :n- limits amount of memory NT uses
/SCSIORDINAL:n - selects which
SCSI controller to use to boot NT
NTFS vs. FAT
When upgrading from NT 3.51 to NT 4.0 you must convert HPFS to
NT does not support Windows95 FAT32 file system.
RISC based systems require a 2meg fat partition minimum
Dual boot to DOS, 16bit Windows, or 95
requires C: to be fat.
Long file names : take first 6 characters and add ~1.* up to
~4 . If there are spaces in path you must use "" when
at the command prompt. An alias is created THISIS~1.DOC and
another entry is created for every 13 characters. FAT root
directory can contain 512 entries so don't store too many LFN's
NT sets environmental variables in order :
System policy is a collection of registry settings that
overwrites the current user and local machine areas of the
registry. It is saved in NTConfig.pol in
winnt\system32\repl\import\scripts folder in boot partition of
PDC and is also shared as \\server_name\netlogon$. (NTConfig.pol
only copied to BDC if replication configured). System policy for
users modifies the HKEY_CURRENT_USER and for computers it
System policies categories :
Windows NT uses Common.adm and Winnt.adm as policy templates.
Windows 95 uses Common.adm and Windows.adm. (Save in
config.pol in netlogon$ share on PDC)
HKEY_LOCAL_MACHINE configuration data about local computer
HKEY_USERS : default system default settings
SID security id of user logged on
HKEY_CURRENT_USER data about user currently logged on
HKEY_CLASSES_ROOT software configuration data (compatibility with 3.1 database)
HKEY_CURRENT_CONFIG data about
the active hardware profile
HKEY_LOCAL_MACHINE contains five subkeys :
Hardware volatile gathered each time computer booted
SAM directory database for computer
Security security info for computer
Software info about software on computer
System info about devices and services
UPS immediately pauses the server service during a power failure. Uses RS232 port and use /noserialmice switch if UPS shuts off during startup.
Power failure signal Clear to send (CTS)
Low battery signal Data carrier detect (DCD)
Remote UPS shutdown Data terminal ready (DTR)
OLE is a method for transferring and sharing info between applications.
component object model) uses remote procedure calls (RPC) and
windows security features to enable applications to communicate
across networks. DCOM configuration options are applications ,
default properties and default security. DCOM can be accessed by
typing dcomcnfg at command prompt
To start an application at a diff priority use start at the command prompt :
Source compatible application must be recompiled for each
hardware platform and binary compatible applications can run on
any platform supported by NT.
|Win32||Win16 & DOS||POSIX||OS/2 1.x|
|RISC , etc.||source||binary||source||binary (bound only)|
Change foreground application responsiveness in control panel - system - performance. None doesn't raise background application at all , middle increase foreground one level and maximum increases foreground two.
Windows NT supports : Win32 , VDM , Win16 , OS/2 , POSIX
NTVDM is where DOS application are run and it simulates
a DOS environment. The key components are ntvdm.exe , Ntio.sys
(io.sys) , ntdos.sys (msdos.sys) and an instructional execution
unit which emulates a 486. The vdredir.dll redirects file system
requests to Win32 subsystem. The equivalent to autoexec.bat and
config.sys are autoexec.nt and config.nt. Each DOS program gets
its own VDM and doesn't share memory , can be pre-emptively
multitasked and can be started with diff priorities.
Win16 applications use WOW (win16 on win32) to run in
the win32 subsystem but they also use NTVDM. The key components
are wowexec.exe , wow32.dll , krnl386.exe , user.exe and gdi.exe.
WOW thunks 16-bit calls into 32-bit ones and win16 programs share
memory as run in default NTVDM , aren't pre-emptively multitasked
and cant be started with different priorities.
The default NTVDM is the only NTVDM, which can run multiple Win 16 applications.
If a Win 16 application is run in an NTVDM other than the
default NTVDM, it can be the only one in that NTVDM. If Win 16
applications need to share memory space, they must run in the
To start in own NTVDM :
OS/2 1.x applications are supported by NT and the key
components are os2.exe , os2srv.exe , os2ss.exe , netapi.dll and
doscalls.dll. Use forcedos.exe to run OS/2 in NTVDM and use OS/2
text editor to edit config.sys to change OS/2 subsystem
POSIX applications (UNIX) interact directly with the
POSIX subsystem and the key components are psxss.exe , posix.exe
and psxdll.dll. POSIX applications require case sensitive naming
and hard links (file with more than one name).
Workgroup recommended for networks containing under
20 users. Users in this type of network administer all shares and
methods of access on their personal computers.
Single Domain No trust relationships are involved in
this domain model. Network administration and management is all
controlled from a central location. Can contain up to 40,000 user
accounts, but is usually recommended for 20500 users.
Single Master Domain Master domain is trusted by one
or several single domains. The master domain provides central
administration. Can contain up to 40,000 user accounts, and is
usually recommended for 50010,000 users.
Multiple Master Domain Several master domains are
setup with complete trusts between each of them, and all single
domains are setup to trust the master domains. Is usually
recommended for more than 10,000 users.
Complete Trust Domain All domains in this model have
complete trusts setup with each other.
You must remember how trusts work for the test. Domain A trusts Domain B. Domain A is trusting Domain B to access Domain A's resources. Domain A is the trusting domain and Domain B is the trusted domain.
To migrate to a new domain an account must first be created
for the server or workstation on the PDC and then you must use
the change button in control panel - network - identification
Global groups General domain grouping used to access
resources in its own domain. Can access resources in other
domains by being a member of another domains local group.
Local groups Group used for local domain access to
resources. Global groups from other domains go into these global
groups for resource access across domains.
Backup Operators Group designated for members to
backup and restore computers from tape. Backup Operators can only
backup and restore from tape when logged in locally to the
Account Operators Group designated for members to
manage user and group accounts.
Server Operators Group designated for members to
manage resources, but cannot manage user accounts.
Replicator Group designated for NT computers to
perform directory replication.
Computer Name Resolution
DNS (Domain Name Services) Used to resolve DNS host
name to an IP address.
WINS (Windows Internet Naming Service) Used to
resolve NetBIOS computer name to an IP address.
HOSTS File which contains mappings between DNS host names and their IP addresses.
LMHOSTS File which contains mappings between NetBIOS computer names and their IP addresses.
WINS Proxy Picks up bnode broadcast sent by a
nonWINS enabled computer for NetBIOS computer name resolution,
and forwards the request to a WINS server. WINS server replies to
the WINS proxy, which then relays the reply to the PC. Is enabled
by editing the registry.
Virtual memory can be controlled in the System properties under the Performance tab.
The paging file size can be in/decreased here, and even
distributed across multiple drives. The recommended initial
paging file size equals the amount of RAM in the system plus
12 Steps To Windows NT
Step 1 : Install NT server in NetWare environment running GSNW or Microsoft Services for NetWare and NWLink protocol so as to simulate a NetWare server
Step 2 : Copy NetWare user account information to NT domain
Step 3 : Create a Dfs tree to match NDS tree
Step 4 : Add Microsoft redirector to all clients and enable Services for Macintosh
Step 5 : Migrate shared resources on NetWare servers to NT servers using Migration Tool for NetWare or use NT as gateway to NetWare servers
Step 6 : Change MS-DOS clients from NetWare clients to NT client software
Step 7 : Remove NetWare client software from all workstations
Step 8 : Complete the migration of resources remaining on NetWare servers to NT servers
Step 9 : Configure NT server Multi-Protocol Router to replace any NetWare servers acting as routers in your network
Step 10 : Remove GSNW and Microsoft Services for NetWare from NT servers ,then clients no longer have access to NetWare servers
Step 11 : Install NT Server on NetWare computers
Step 12 : Sell NetWare software
NWLink (IPX/SPX) is
the protocol used by NT to allow Netware systems to access its
resources. NT computer running NWLink can connect to
client/server applications on a NetWare server.
Gateway Services for Netware
(GSNW) can be implemented on your NT Server to
provide an MS client system access file and print resources on
your Netware server by using the NT Server as a gateway. Any MS
network client running Server Message Block (SMB) can access
NetWare via NT server running GSNW and therefore they don't need
the NetWare requester or IPX/SPX protocol. The NT server attaches
to the NetWare server as a client though a single logged in
account and then shares all resources it has access to on the
You must have a group account setup on the Netware server
called NTGATEWAY with trustee rights to the resources you want to
share. Create a user on the NetWare server that is a member of
that group and NT will use this account to logon to the NetWare
server.(use SYSCON to create the group and user account in
3.12 and for 4.1 use NWADMIN in Windows or NETADMIN
in DOS).Configure GSNW to attach to the preferred server (3.12)
or default tree and context (4.1). With NetWare 4.1 you must
enter the default tree and context where the user account exists
and with NetWare 3.12 you just enter the preferred server.
Client Services for NetWare (CSNW)
provides a computer running Workstation with basic file and print
connectivity to a NetWare 3.x or 4.x server. NT computers with
GSNW and NWLink IPX/SPX installed can support NetWare Core
Protocol (NCP) [supports NCP & LIP] ,Large Internet Protocol
(LIP) and LFN's. Preferred server is used to connect to a server
by default at logon[3.1x] , and in NDS the default tree defines
the user name that is used at logon and the default context
defines the position of the user name [4.x]. The print options
are Add Form Feed (ejects a page) , Notify When Printed and Print
Banner (separator page). To troubleshoot NetWare connection
verify that NetWare server is running normally , verify
Workstation can connect to MS network , verify NWLink and CSNW
installed , verify CSNW tree and context settings are correct and
verify frame types and network numbers match NetWare server and
NWLink settings in NT workstation. To change passwords in NetWare
3.12 use SETPASS and in NetWare 4.1 use CTRL/ALT/DEL
File and Print Services for
NetWare (FPNW) allows a computer running NT server
to function as a NetWare 3.12 file and print server thus NetWare
clients can gain access to file , print and application services
on a NT server. Grants NetWare clients access to NT Servers.
Directory Service Manager for
NetWare (DSNW) copies NetWare user and group
account info to NT servers and then incrementally distributes any
account changes back to NetWare servers. DSNW allows for : 1>
Central administration of NetWare and NT account policy , 2
> All NT and NetWare compatible accounts bound
by NT account policy , 3 > Allow NetWare
clients single logon for NT and NetWare , 4 >
Synchronise NetWare account changes made on NT back to NetWare.
Migration Tool for NetWare
transfers user and group accounts , logon scripts and file and
directories from NetWare servers to NT server domain controllers.
Version control problems occur when a new NT server is installed
and shared files are copied to it. The problem is that when users
attached to the new system make changes to the files that users
on the old system have also changed , thus creating two versions
of the files. GSNW allows you to use one coherent set of files on
the NetWare server during migration when you have both NetWare
and NT servers on your network at the same time.
Services for NetWare
includes FPNW and DSMN
If you decide to convert a Netware server to an NT Server, you
will first need to implement the Gateway Services for Netware on
the NT Server. Once the conversion has completed, you will need
to make sure all Netware workstations have had the Microsoft
(SMB) redirector installed on their systems to access the NT
Make sure to remember that the frame types for the NWLink
protocol must match the computer that the Server is trying to
connect with. Unmatching frame types will cause connectivity
problems between the two systems.
To share a printer on a NetWare network first install GSNW
then you share it the same way as per a normal NT printer. Print
queues is NetWare parlance to the NT term printers.
Server Stop Errors
In the System Properties Shutdown tab, there are options to
configure where you would like the Server stop errors to be
written. The errors are written to
memory.dmp which is readable by the program dumpexam.exe(resides in the
\support directory on NT CD-ROM). SAVEDUMP
writes the contents of RAM to the pagefile. The memory.dmp file
is as large as physical memory plus 1Mb and it is written to the
pagefile and thus the pagefile must reside on the same partition
as \Winnt for this to work
When you logon to NT with your username and password (security
identifiers) you are given a personal key (account security
identifier) for things only you can access and a key for each of
the groups you belong to (group security identifiers). When
crtl-alt-del is pressed the win32 subsystem starts the WinLogon process (process -
software that is running ) which generates the logon dialog box
and once the info is entered it is passed to the Security
Accounts Manager - SAM. SAM queries the security account database
to check the validity of the username and it then generates an access token and passes it
back to the WinLogon process (all processes have access tokens
even if started by the system). Each object
(directory,printer,processes,devices,ports,threads,etc) has a
access control list ACL that NT uses to determine whether a user
has the authority to access that object.
Distributed File system
Dfs allows you to create links to other servers that look like subdirectories on a single
server ,thus you get a single view of
all the shares on your network. Dfs is roughly analogous to NDS
and it works by replacing universal naming convention (UNC) path
names that point to grafted subdirectories in the Dfs root with
the UNC path name of the actual network share. When a Dfs server
receives a UNC request that resolves to a share located on
another computer , the Dfs service tells the multiple UNC router
on the client to replace the Dfs root path with the UNC path of
the server where the files are actually located.
Server Tools for Windows
The server tools for Windows 95 are : Event Viewer , Server
Manager , User Manager for Domains , and Explorer
Extensions. With these tools you can create Trust
relationships but you can't verify them , may have to provide
username and password when connecting to new domains or servers ,
must have admin privileges on any computer you wish to administer
, and you cannot administer shared printers.
Profiles are the user settings which are loaded when a user
logs in. They can contain desktop and start menu preferences.
These files can be located either locally or on a server which
has been mapped in the User Manager.
NTUser.dat and *.dat files are the typical, userconfigurable profiles used.
NTUser.man and *.man files are readonly, so the user can
configure their desktop, etc. however, the *.man file will not be
updated. When the user logs in again, it will restore the
You may copy profiles using the menu located under System
Roaming profiles will only
work if the computers where they are used are exactly the same ,
else shortcuts won't work because the program is stored in
different locations on each computer. Also roaming profiles only
work in NT and most organisations don't only have NT and also use
Windows 95. A folder must be created on the PDC called profiles
which will be used to store the roaming profiles. Then in User
Manager for Domains type \\servername\Profiles\%username% in the
profiles section for the individual user. Logon as administrator
to the computer where the profile is stored and go to System -
User profiles and change the account type to a roaming profile
and then copy it to the profile share on the PDC by typing
Mandatory User Profile
uses the locally cached profile if the PDC (where profile stored)
is down and only if user has logged onto the PDC before , else
user can't logon.
To create an Emergency Repair diskette, you can choose to do so either during the
installation of NT Server, or you can run RDISK.EXE
To use the Emergency Repair diskette, you will need to boot
the server with the NT installation boot diskettes, and choose to
repair your NT Server with the Emergency Repair disk that was
RAS (Remote Access Services)
Supported Dial-in Operating Systems :
Supported Network Interfaces :
Supported Protocols :
IPX-Supported WAN Connections :
RAS is capable of using the following connection protocols:
SLIP, PPP, and RAS. SLIP requires a static IP address and can't
use DHCP/WINS (NT server can't be a SLIP server - accept a
connection using SLIP and can't use SLIP to connect two computers
using RAS nor can you connect to Win95 using SLIP ). PPP
used in multi-vendor environment and supports AppleTalk ,DECnet ,
OSI , TCP/IP ,IPX and NetBEUI. PPP multilink protocol (MP)
combines multiple physical links into a logical bundle that
increases bandwidth. If you have two 28.8 modems and two PSTN
lines MP can be used to establish a single 57.6 connection to an
MP server (both the dial-up -networking client and RAS server
must MP enabled).
RAS uses NetBEUI as the default network protocol, but can also
use TCP/IP and IPX/SPX. TCP/IP will need to be used if you are
using programs that utilise the Windows Sockets (WinSock)
interface over the RAS services. PPTP is used to allow
secure tunnelling of encrypted data over a TCP/IP network and
allows accessing of RAS servers via the internet. PPTP can route
TCP/IP ,IPX or NetBEUI over a TCP/IP network. PPTP filtering will
disable all protocols on the selected network adapter thus
NetBIOS gateway translates encrypted NetBEUI packets
into IPX or TCP/IP formats that can be understood by remote
servers and thus a NetBIOS gateway allows computers running
NetBEUI to access RAS servers regardless of which protocol is
installed on the server.
If NT has IP and IPX routers capabilities it can act as
a router to link different LANs and WANs ,and connect LAN's that
have different network topologies (ethernet to token ring).
RAS will write to a log file which can be used for
troubleshooting RAS services. In order to enable RAS to write to
the log, you have to enable it in the Registry.
Permissions : Dial-up
permissions can be set in User Manager for Domains and in Remote
Access Service and the permissions can be no call back , set by
caller or preset to a number: Permissions can only be set for
Callback : callback will
call only a predefined number and thus adds additional security.
Encrypted Passwords and data encryption : the way in which the RAS server and RAS client exchange the username and password is called the authentication protocol. NT supports three such protocols : Password Authentication Protocol (PAP) , Challenge Handshake Authentication Protocol (CHAP) , and Microsoft extensions to CHAP (MS-CHAP).
There are a few different options you can set in RAS for
Allow any authentication including clear text This
will allow RAS to use a number of password authentication
protocols including the Password Authentication Protocol (PAP)
which uses a plaintext password authentication. This option is
useful if you have a number of different types of RAS clients, or
to support thirdparty RAS clients.
Require encrypted authentication This option will
support any authentication used by RAS except PAP.
Require Microsoft encrypted authentication This
option will only make use of Microsoft's CHAP (Challenge
Handshake Authentication Protocol). All Microsoft operating
systems use MSCHAP by default.
Require data encryption This option will enable the
encryption of all data sent to and from the RAS server.
NT Server 4.0 has the option to maintain drivers for different
operating systems on the server. Each operating system uses
different drivers. For example, NT 3.51 systems cannot use NT 4.0
printer drivers. If the system which is trying to connect to the
printer off of the server does not have drivers for the printer,
or if they are out of date, then the server will automatically
install the updated drivers.
Print Pooling A number of identical print devices controlled by the same printer. The printer directs the print jobs to an available print device in the pool.
Availability This option allows you to specify which hours the printer can be printed to.
Priority This option
specifies which printer should print first if other printers are
trying to print to the same physical print device at the same
time. Priorities range from 1 99 with 1 being the lowest and
99 the highest.
You can select more than one local port for a printer only if the printers on each port are exactly the same.
You can change the directory containing the print spooler in the advanced server properties for the printer.
To remedy a stalled spooler, you will need to stop and restart
the spooler services in the Server Manager.
The NT print process :
The DOS print process :
Remote printing with MS-DOS requires one to use net use LPTx :\\server\print_share
Print jobs can be redirected
to another identical printer in the printers properties window by
adding a local port and entering the server and printer's name
Printers connected directly to the network : HP printers require DLC and network address ,Digital Network require TCP/IP or DECnet , and Lexmark printers require DLC ,TCP/IP or IPX.
When connecting to a print device using the LPR protocol
you must first install Microsoft TCP/IP printing and then when
you create the printer , the add port button will display another
type of port called an LPR. Select this port , give the TCP/IP
address of the LPR printer and then create it normally. In order
to print to NetWare printer you must have GSNW installed.
AppleTalk allows Macintosh clients to print to NT printers and NT
clients to print to Macintosh clients.
From the printers menu in the printers window you can do the following :
MS-DOS print job never printed - appropriate printer driver must be installed locally
Access denied when configuring printer - appropriate privileges
Not print completely or garbled - Incorrect print driver
Win-16 applications give out of memory error - No default printer selected
Hard disk starts thrashing - out of space for spooling
No one can print to a server and jobs can't be deleted -
stalled print spooler(start & stop)
Basic Print Problem Resolution
Is it plugged in?
Is it on-line?
Is the cable attached?
Is the print driver installed properly and is it the correct version?
Are you printing to correct print device?
Is there sufficient hard disk space for spooling?
Can you print from other Win32 applications to that print
MS Client 3.0 supports MS-DOS computers that don't have
network connectivity and need to access NT server and supports
NetBEUI , IPX , TCP/IP and DLC.
LAN Manager 2.2c Clients for MS-DOS and OS/2 are
supported by NT server.
Network Client Administrator is used to install and configure the network client software and tools contained in the NT server CD-ROM for Win95 , MS-DOS 3.0 , and LAN Manager 2.2c. Network Client Administrator is in the Admin tools folder and the options are Make Network Installation Startup Disk , Make Installation Disk set , Copy Client-based Network Administration Tools , and View Remoteboot client Information. Make Network Installation Startup Disk creates a single unique floppy disk for each client you want to install automatically by booting from the disk. Make Installation Disk Set creates a set of floppy disks you can use to install any number of clients for the specific operating system you select.
The Network Client administrator can make installation disks for the following :
1> Client for Microsoft Networks (DOS & Windows 3 or 3.1)
The Network Client Administrator can make Network Installation Startup Disks for the following clients : 1> MS-DOS and Windows
Window 95 , Windows NT OS/2 v2.0 And up , and macintosh
clients don't need installation startup disks as networking
support is built into them. The Network Client administrator
works only with network adapters that are on the NT CD-ROM.
Services for Macintosh is used to manage mixed Windows-based
or DOS-based and Macintosh environments from NT Server. AppleTalk
, File Services for Macintosh and Print Services for Macintosh
are installed automatically when Services for Macintosh is
NT uses the browser service to identify and list the available
network resources. The election criteria ranking is based on
operating system (server-work-95-3.11), OS version and current
role (MB, BB, PB).
All NT Servers have browser services available. The Master browser will maintain a master browse list which contains a list of all workstations, servers and domains on the
network. Every domain or workgroup can have only one master
browser. There can be only one master browser per subnet. In a
TCP/IP network TCP/IP does not route broadcasts so there must be
a master browser in each TCP/IP network , with the PDC acting as
a co-ordinating or domain master browser .A preferred master
browser will always win an election.
The PDC will always be the domain
master browser. All BDC'S will be backup browsers and are capable of
becoming domain master browsers in the event of a PDC failure and
receive a copy of the browse list from the master browser every
15 minutes. The max number of backup browsers is 3 and potential
is infinite. In a workgroup there is one backup browser for every
32 workstations. All member servers are capable of becoming
master browsers or backup browsers. A potential browser does not
receive a copy of the browse list unless it is promoted to a
master or backup browser
You can set the browser type for a computer by changing in the registry key : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList
No - not a network browser
Yes - either a master or backup browser (default for PDC and BDC)
Auto - potential browser (default for Workstation or MS)
You can configure your NT Server to be a master browser in the
absence of a PDC by making IsDomainMaster = Yes/True (default is
no or false)
The registry contains settings which set the time between
synchronization's of domain controllers. Sometimes this can cause
much traffic. In order to reduce traffic, increase the value of
the Pulse setting in the registry of the PDC, and decrease
the value of the PulseConcurrency setting in the registry
of the PDC.
Directory replication is used to replicate logon
scripts(batch files , command files or executable files that
can be assigned to user accounts that run each time a user logs
on), system policy files and common info to
computers in a domain. NT requires an export server that
replicates updated info and an import server that receives the
info. The default export directory is \Winnt\System32\Repl\Export
and is shared as Repl$ (hidden). The default import directory is
\Winnt\...\Import. Create subdirectories in these directories of
files that need to be ex/imported and the default directories are
managed in Server Manager.
To set replication on an export server : 1> Create a user account in UMD with all logon hours , member of domains Backup Operators or Replicators , Password Never Expires , and User Must Change Password At Next Logon cleared. 2> Start the Directory replicator service in Server Manager or services to start auto and log on with the account. 3> place directories to be replicated in \winnt\System32\Repl\Export
If NT is on an NTFS partition other than the system partition:
Backup files on NTFS partitions or copy to FAT partition
Delete NTFS partition and the NT system files will go with it.( Some versions of MSDOS FDISK cannot do this. No version of MSDOS FDISK can delete an NTFS logical partition in an extended MSDOS partition. Use Windows NT setup to remove NTFS partitions.)
Run sys.exe from DOS and reboot with a DOS floppy (changes bootstrap routing)
Run fdisk to create a primary partition and format with
/s to install system files.
To remove NT from a FAT partition (simple!)
Delete the following folders: %system_root% (usually Winnt) and Windows NT in the Program files directory
Delete the following files: Ntldr, Ntdetect.com, boot.ini,
pagefile.sys and bootsect.dos
Client Access License
Each client which access a resource on an NT server needs a
Client Access License (CAL) even if the client doesn't run a
Per sear / per server
PER SEAT Each client on the network requires a CAL and can access resources across the entire network.
PER SERVER Each client requires a CAL and the CAL is applied to only one server. Number of clients connecting to the server cannot exceed the number of per server licenses.
MULTIPLE SERVERS = PER SEAT
ONE SERVER = PER SERVER
MS allows a one time one way switch from Per
Server to Per Seat
provide an established method for applications to interact with
any of a number of file system drivers and network services and
NT supports NetBIOS ,WinSocket , RPC and Network Dynamic Data
File System Drivers are
networking components that are treated as NT local storage file
systems so that you can use applications written for a local
computer across the network. These components are : workstation
service , server service , named pipes and mailslots (also called
redirectors as they redirect I/O that would go to a local drive
across the network).
Network Driver Interface (NDIS) compatible network adapter card drivers co-ordinate communications between adapter cards and computers hardware, firmware and software.(NDIS.SYS)
The NDIS 4.0 layer controls the interface between NDIS
compliant drivers and transport protocols and to enable services
to pass from one layer to another. NDIS allows a unlimited no of
network adapter and an unlimited no of protocols can be bound to
a single adapter.
Protocols govern the
communication between hosts and NT supports TCP/IP , NWLink
IPX/SPX , NetBEUI , DLC and Appletalk.
The transport driver interface
(TDI) makes all the transport protocols look the same to higher
level services such as redirectors and file systems. (TDI.SYS)
The following components are installed by default :
The redirectors and server allow user mode applications to
access system resources and are treated the same as NT logical
file systems. Redirector (workstation service) identifies the
appropriate service that can provide the resources requested by
an application and the server service creates and secures shared
The Servers overall performance
can be optimised through the server service in the network
control panel program. Minimise Memory Used - if computer
rarely used as a server , Balance - is server typically
used as a workstation and as a server , Maximise Throughput
for File sharing - if computer is a dedicated file server , Maximise
Throughput For Network Applications - if computer is a
Distributed processing components are named pipes , mailslots
, windows sockets , remote procedure calls (RPC) , network
dynamic data exchange (NetDDE) and distributed component object
Named pipes build a bi-directional connection-orientated communication channel between server and client.
Mailslots build a unidirectional communication channel between server and client.
WinSock enables a distributed application to access protocols (TCP/IP & IPX)
NetDDE allows the sharing of info between applications.
Remote procedure call (RPC)
calls a procedure that resides in a server process running on a
remote machine (starts a program on a remote computer)
TCP/IP provides broad connectivity among all types of
computers and servers ,has strong support for routing (connects
diff networks) ,and supports SNMP ,DHCP and WINS (ip - netbios).
It is the slowest protocols and is difficult to set up.
IP address is used to
identify a TCP/IP host and if first number is the network ID and
last three are the host ID (computer ID) = class A network .Class
B if 2-2 and class A if 3-1 .
The subnet mask marks
which part is the network ID and which part is the station ID and
255.255.255.0 means that this is a class A network . If it was
255.255.255.128 then its class A with less than 127 available
The default gateway is
used to forward communications to other networks ,as when a
computer recognises that the address isn't on your network it
sends the message to the default gateway instead.
IPCONFIG is used to verify the TCP/IP configuration parameters
on a host (ipconfig /all) and PING is used to test connectivity
(ping IP-address) [ping the loopback address to test if TCP/IP
installed correctly - ping 127.0.0.1]
Microsoft's 32-bit NDIS 4.0 compliant version of Novell's
IPX/SPX protocol and NT uses WinSock (tool used for supporting
connections between computers) and NetBIOS over IPX to
communicate with computers running IPX/SPX. It is easy to set up
, routable , doesn't support SMNP and is slower than NetBEUI. A
frame type is the way in which the network adapter card formats
data to be sent over a network. The frame type must be set to the
same type as the Netware server and NWLink can be used with
ethernet II and 802.3 and 802.2 , token ring 802.5 and snap and
FDDI 802.2 and snap (fiber optic).
The default frame format for NetWare 2.2 and 3.11 is 802.3 and
for NetWare 3.12 and up it's 802.2. NT automatically detects the
frame type when NWLink is installed but defaults to 802.2 if more
than one detected.
NetBEUI stands for NetBIOS extended user interface and it is a
very fast protocol that is used in LAN's as it can't be routed .
NetBEUI is self tuning and self configuring and has good error
protection and has small memory overhead.
Appletalk is used by Apple Mac's and it is not TDI compliant
and thus can't use the full range of networking features of NT.
The main feature of AppleTalk is so that Mac's can access NT
Server file and print services by using AppleTalk and Services
for Macintosh. AppleTalk is automatically installed when Services
for Macintosh's is installed.
DHCP centralises and manages the allocation of TCP/IP
configuration info by automatically assigning IP addresses to
computers configured to use DHCP. The DHCP server leases an IP
address to a client for a specified period of time and to
implement DHCP the server requires a static IP address, subnet
mask and default gateway , and the DHCP server service must be
configured on at least one NT server within the internetwork ,
and the DHCP scope of addresses must be created on the DHCP
server. The client must be running server, workstation, 95, 3.11,
network client 3.0, or LAN manager 2.2c. DHCP
Scope is a range of IP addresses in a TCP/IP subnet.
Windows networking names IP
WINS is used to register Windows networking UNC names
(NetBIOS) and resolve them to IP addresses. The requirements for
a WINS server are that the WINS server service must be configured
on NT server and it must have a static IP address. The client
requirements are it must be running server, workstation, 95,
3.11, MS network client or LAN manager and know the IP address of
a WINS server.
Domain Name Service transforms internet textual addresses into
internet numerical addresses and this process is called name
resolution (domain names => IP addresses). A DNS server
maintains a list of Internet names of computers on the TCP/IP
network and their associated address. The difference between DNS
and WINS is that WINS is fully dynamic whereas DNS requires
static configuration for computer name-to-IP address mapping and
thus DNS database must be changed manually.
Simple Network Management Protocol
SNMP is a Internet protocol that allows network managers to
control network hardware and computers from a central site. Hubs
, routers , bridges , switches , gateways , and computers support
SNMP and with SNMP you can view the operational status of a
device , various statistics such as throughput and collisions ,
and send commands to reconfigure the device. Most network
hardware is sold as managed hardware ( has a microprocessor and
software to support SNMP )or unmanaged hardware.
Services For Macintosh
NT Server looks exactly like an AppleShare server to macintosh
clients and they don't need any additional software. NTFS
supports the multiple-fork like structure of the Macintosh
Hierarchical File Structure (HPS) and the AppleTalk protocol is
installed by default when Services for Macintosh is installed (It
is not TDI compliant so it doesn't show up in the Transport Tab
of the network control panel). You can use Server Manager or File
Manager to manage your Macintosh-accessible volumes , not Windows
Explorer. Printing support is also installed by default.
|Boot||Booting , Boot.ini , NTFS boot problems , bootsect.dos , or problems after boot starts||Try booting from NT boot disks or use ERD|
|Devices||Interrupt conflicts and SCSI problems||Use Last Known Good Configuration before user logs on , or use WinMSD to check IRQ's|
|Logon||Inability to log on to the system||Log on using a different account or restore accounts database using ERD|
|Resource Access||incorrect permissions ,inability to access resources||Try different user account or server , or check spelling of server or share name|
|File System||FAT or NTFS problems||Run CHKDSK or reformat|
|Printing||Inability to print , problems with network printers||Try different remote printer or user account. Remove and recreate printer|
|Network||Cable , adapter , IRQ conflict , protocol or external network problems||Use a network cable analyser , network protocol analyser ,run diagnostics on adapter card.|
|Services||services that don't start||Check the Event Viewer System Log|
System Log contains events generated by all NT internal services and drivers
Security Log contains security events when auditing is enabled (only admin can view)
Application Log contains events generated by
The list of axioms for troubleshooting NT are 1> Be patient
Windows NT Diagnostics Services (state of services and devices listed in
(system resources in use) Environment
(user , process and system environments) Network
(network related configuration info) Version
(OS version ,serial number, owner) System
(BIOS,HAL and CPU info) Drives
(drives and their types) Display
(video adapter, settings and drivers) Memory
(physical and virtual memory info ,pagefile location and
The Event Viewer records
problems experienced by NT and records a log. It records system
events (recorded by kernel and drivers) , security events (audit
policy) , and application events. Events are recorded according
to priorities and a blue icon represents an informative message ,
a yellow icon an alert (a noncritical service isn't operating
correctly) , and a red icon represents a critical warning.
Network failures can be divided into four categories which are
client problems , server problems , data link problems and cable
Client Problems affect only a single computer
Server Problems affect only the server
Data Link Problems occurs when a device that connects the network physically or logically fails and this usually affects entire subnetworks
if two subnetworks can't connect replace the bridge between them
Cable Faults are very common
Troubleshooting Computer Hardware
|No Power to system||Cable or power supply||Inspect cable and wall socket and plug||Replace power supply or cable|
|System inoperable, lights on & HD spins||Expansion card dislodged or defective||Check cards and disconnect floppy||Put cards in properly|
|System doesn't boot from HDD only floppy||Damaged HD or controller, or connection out or FAT scrambled||INVALID DRIVE SPECIFICATION message appears or run FDISK||Check cable from HD or format HD and if unable its damaged|
|System only boots from floppy and HD can be read and applications used||HD boot program destroyed||Lighting strike or power surge||Back-up data and reformat HDD|
|SECTOR NOT FOUND appears or data cant be retrieved||A number of causes||Backup HDD||Low level format, partition HD, then high level format|
|Disk formatted on IBM PS/2 not operate||IBM PS/2 uses different format||IBM PS/2 not work with AT type computer||Format HD in AT computer|
|After installing expansion card system not working||No power to the monitor||All or part of the system may not work||Change the interrupt or RAM address of the card|
|IVALID CONFIGURATION or CMOS FAILURE appears||incorrect info entered into setup program||Check the configuration program and replace incorrect info||Review systems equipment and make sure info correct in setup program|
|Screen is Blank||No power to monitor ,cable out or NIC I/O address conflict||Check power connection and change I/O address of NIC|
|Greek looking letters||Memory problems, display jumpers set incorrectly or computer virus||Reboot computer. Reinstall memory and check jumpers on display adapter or reformat HDD|
|Screen goes blank periodically||Screen saver is enabled||disable screen saver|
|Keyboard failure||Keyboard is disconnected||Reconnect or replace|
|Floppy drive light stays on||Floppy cable not connected||Reconnect|
|Error reading drive A:||Bad floppy disk or not formatted||Format or try new disk|
|C: drive failure||SETUP info incorrect or HD cable not connected||Boot from A: and put correct into Setup or reconnect|
|Cannot boot system after installing second HDD||Master/Slave jumpers not set correctly or HDD not compatible||Set jumpers correctly and run SETUP and select correct HDD|
|Missing operating system on HDD||CMOS settings changed||Run SETUP and select correct drive type|
|Certain keys not working||Keys jammed or defective||Replace keyboard|
|Keyboard is locked ,no keys function||Keyboard is locked||Unlock keyboard|
|No colour on screen||Faulty monitor or CMOS incorrectly set||Connect monitor to another computer|
Windows NT Object Counters :>
Processor performance monitors =>
performance involves checking if you have sufficient processor
cache , and if your external and internal caches enabled.
To enable the disk performance Counters type diskperf - y
at the command prompt and to disable type diskperf - n.
These counters cause about a 2% degradation in overall
performance on Intel machines , but you won't see any disk data
unless they are enabled.
Disk performance monitors =>
Troubleshooting Disk performance
is best done by adding more RAM , thus increasing the size of the
disk cache. If you can't add more RAM then add a newer disk drive
, disk controller , create stripe sets or use RAID.
Threads are software chains of execution that run concurrently
to perform the functionality of a process within the address
space of that process (a process is one or more threads
[paint.exe is a process] ).
To improve network performance
: 1> Reduce traffic by
finding top talkers , eliminating diskless workstations , or
store applications locally ; 2> Splitting networks
into subnetworks joined by
bridges , routers or servers only works if computers that
communicate to each other are still on the same subnetwork , thus
subnetworks must be based on departments. Splitting is done by
putting each subnetwork on a different network interface card on
a single server , or putting each subnetwork on a different
server and connecting the server with a high-speed backbone ; 3> Increasing
speed is the last option and this involves moving from Ethernet
or Token Ring to Fast Ethernet or Fiber Distributed Data
Interface (FDDI) , but you may only need to upgrade your backbone
Fast Ethernet is 10 times the speed of Ethernet and runs at
100 megabits per second and there are two major varieties
100Base-X and 100Nase-VG (AnyLAN).
Fiber Distributed Data Interface (FDDI) is 100 megabit Token Ring over fiber optic cable
with a second counter-rotating ring that provides a measure of
fault tolerance in case of cable faults. It is very stable and
NT Self-Tuning Mechanisms
Symmetrical Multiprocessing is a process
where total processor load is split evenly among processors.
However two processors are only 150% faster than one as it takes
processor time to schedule the process's between the processors
and a one thread process can run on only one processor.
Memory Optimisation involves the dividing up of memory into 4k chunks
called pages and each page can only be used by a single thread
(thread may be stored on several pages) , thus more memory is
available to other processes as there isn't must memory wastage
as with the 64K page size of other systems. The Pagefile is used
to swap memory and NT supports simultaneous writing to more than
one hard disk thus the pagefile should be split among separate
Prioritising Threads and Processes is done according to their importance to system
responsiveness or any requirements it may have to respond to
external events in a timely fashion. Processes start with a base
priority of 7 on a scale of 0 to 31 and NT can vary the priority
by two levels up or down. Real-time processes start with
priorities of 23 or higher and only administrators can start
processes with priorities higher than 23. You can change
priorities in the Task Manager.
Caching Disk Requests is used by NT to reduce the amount input/output
traffic to the hard disk drive and it works by NT reserving a
portion of memory as a staging area for hard disk reads and
writes , so when data is read from the disk it is stored in the
cache and if it needs to be read again it can be retrieved very
The Network Monitor
The network Monitor monitors data sent over the network and it
uses a special mode supported by most modern network cards called promiscuous mode which allows it
to capture all data packets on the network. However the network
monitor shipped with NT Server 4 doesn't support promiscuous mode
and can only capture frames sent to or from the server ,
broadcast frames or multicast frames (full version with SMS).
Data that the network monitor captures is saved in the
\Winnt\System32\Netmon\Captures directory as a .CAP file. This
data can be filtered based on protocol , computer address , or
protocol properties. Network Monitor is password protected so not
just anyone can use it.
Permissions are cumulative. For example, if John is a member of the Sales and Marketing groups, and a file is granted permissions so that Sales have Change (RWXD) access and Marketing have Read (RX) access, John will have Change (RWXD) access to the file. However, the No Access permission is an exception to this rule; if John was also a member of the External group which had No access (None) permissions for the above file, John would be unable to access the file at all.
Files created in a directory initially retain the permissions
from the directory level. If the file permissions are changed,
these new permissions override any other permissions
Printer security is controlled by four security levels: No
Access, Print, Manage Documents and Full Control. No Access is
the same as for file security. Print allows you to print
documents and manage your own documents (e.g. cancelling jobs).
Manage Documents permissions allow you to change the order and
status of other people's print jobs to that printer in addition
to your own, and Full Control allows you to change permissions of
print queues and take ownership of printers as appropriate.
There are four special nonmachine identifiers which do not
appear in User Manager but can be used for assigning permissions
from the File Manager / Windows NT Explorer (4.0 and above).
CREATOR OWNER is the user who owns the file; this is the user who
created the file unless ownership has been changed. INTERACTIVE
represents users accessing the object locally (as opposed to
accessing it across the network). NETWORK is the converse of
INTERACTIVE, and represents users accessing the object across the
network. Lastly, SYSTEM is the operating system object itself
SHARE / NTFS PERMISSIONS
- On fat partitions, share permissions is the only way to secure files and folders.
- Share permissions apply to network access only. A user logged on locally will be able to access all folders and files that use only share level security.
- Shared folders permissions apply to all subfolders and files within the shared folder.
- If a user or group is not assigned any permission, the user or group will have no access.
- If a user is a member of multiple groups and one group is not assigned any permission and the other is assigned permissions, the user will have permissions.
- DOS, Windows 3.x and WFWG will tolerate only 8 characters in a share name. Longer names will appear as xxxxxx~1.
- Windows NT will tolerate up to 12 character share names.
Levels of share security
ONLY THESE GROUPS CAN
Administrators can share folders on any network computer
Server Operators can share folders on PDC and BDC only.
Power Users can share
folders on Member Servers and WS only.
_ Can be applied to folders and to individual files within a folder.
_ Are applied to local resources and those accessed over the network. A user with no access
cannot gain access by logging on
NTFS permissions are either Individual Permissions or combinations of individual permissions that
Microsoft thought would be useful called Standard Permissions.
_ Can be applied one at a time or in any combination to both users and groups.
_ Are called special access
permissions when they are used to customise permissions for
users and groups.
|NTFS Permission||As applied to a Folder||As applied to a File|
|Execute (X||Display folder attributes, make changes to subfolders, display owner and permissions||Display file attributes, owner, permissions, Run an executable|
|Write (W)||Add files and folders, change a folder's attributes, display owner and permissions||Display owner and permissions, Change file attributes, modify file data (write).|
|Read (R)||Display folder names, attributes, owner and permissions||Display file data (read)|
|Delete (D)||Delete the folder||Delete the file|
|Change Permission (P)||Change the folders permissions||Change the files permissions|
|Take Ownership (O)||Take ownership||Take ownership of the file|
COMBINED NTFS AND SHARE PERMISSIONS !!
This is an ancient art, closely related
to a form of religion practised on the island of Haiti called
Voodoo. It is the art of actually doing this as an administrator
and can only be learned through many years of angry phone calls.
Move / Copy
A newly created
file will inherit the permissions and compression of its
always override folder permissions, except...
Assign NTFS Full Control access
to a folder and NTFS No Access to a file within the folder, a user will still
be able to delete it.
This is because NT supports POSIX applications for UNIX (in UNIX, write has the ability to delete).
This is the only time
that file permissions do not override folder permissions.
Workaround: Assign the equivalent individual permissions
(with the exception of delete) in "Special Directory
Only administrators can set up auditing for files ,directories and printers on domain controllers.
The user right "Manage Auditing and
security" is only assigned to administrators and both
administrators and server operators can view and archive security
logs. Before file auditing can be performed you must enabled
Audit policy in User Manager for Domains.
Windows NT Backup
A user with the Read permission can back up that file and to
back up all files and folders a user must have the user right
"Back Files and Directories". To restore he must have
the user right "Restore Files and Directories". Members
of the Backup Operators and Serve Operators have these rights by
The types of back ups are :
Backup Set is a group of files on a single volume from a single backup operation.
Family Set is a single backup on multiple tapes.
A Catalog is a graphical representation of a backup and a Tape Catalog shows all backup sets on a tape and a Backup Set catalog shows all files in a backup set.
A Backup Log is a text
file that records backup operations.
The backup options are :
Windows NT Backup can only restore the Registry or event logs
on computers where the tape drive is installed. If the last tape
in a family set is missing or damaged then use the /missingtape option. The options
for restoring are : Restore Local registry , Restore File
Permissions and Verify After Restore.
The at command can
be used to schedule a backup using the ntbackup backup
[pathname[options]] command or it can be used to run any command
automatically. The schedule service in server Manager must be set
to automatic ,so as to ensure the command runs regardless of who
is logged on.