Windows NT Server/Workstation 4.0 STUDY NOTES

Windows NT features

Portability ­ run on variety of platforms (IBM PowerPC , MIPS , DEC Alpha , Intel)

Co-operative Multitasking

Multithreading (execute multiple threads)

Supports many clients (MS 3.11 , 95 ,OS/2 , MS­DOS , Mac)

Symmetrical multiprocessing (share all tasks among processors)

Compatibility with applications (DOS 16 bit ,Win 16 bit , POSIX , OS/2 , 32 bit)

Ram ­ 4 gig HDD ­ 16 exabytes

Protocol support (TCP/IP , DLC , NetBEUI , AppleTalk , NWLink)

32 bit flat , linear addressing of memory

Windows NT architecture

User mode ­ where user applications and environmental subsystems are executed

Security subsystem handles logon process

Kernel mode ­ privileged processor mode (Executives services)

NT Executive is the interface between Kernel and user mode

Kernel schedules all system activities

HAL hides difference between diff types of hardware platforms

Requirements for installation

  Workstation Server RISC
Processor 486/33 486/33 PreP­compliant Power PC
Memory 12Mb (16 recommended) 16Mb 16Mb (24Mb)
HD Free Space 110Mb 125Mb 110Mb­W 160Mb­S
CDROM Yes/or networked CD-ROM Yes/or networked CD-ROM SCSI CD-ROM/or networked
Display Vga Vga Vga

(32K cluster Hard disks require 200Mb free space for Server)

Differences between Server and Workstation

  Server Workstation
Inbound client sessions Unlimited 10
Processor support 4 2
RAS connections 256 1
Replication Import & export Import
Other Services for Mac ,logon validation Disk fault tolerance None

NT Setup

Winnt.exe is used for the regular Windows NT setup, or an installation through DOS or Windows 95. Can also be used to create the setup disks by running WINNT /OX.

Winnt32.exe is used to upgrade from another version of Windows NT.

When upgrading from 3.51 to 4.0 almost all registry settings are transferred (security, user and group accounts ,network settings and configuration ,desktop environment, preferences set for admin tools). You can't convert to NTFS during installation using Winnt.exe, only afterwards.

Winnt/32 can be used :

  1. Typing in on keyboard
  2. Run in a batch file
  3. Included in network installation startup disk
  4. Issued via SMS













Server & Workstation


Accessibility X X None Optional
Accessories X X None Optional
Communication X X None Optional
Games     None Optional
Exchange     None Optional
Multimedia X X None Optional


/ox ­ Create boot disks only for CD-ROM or floppy installation

/o ­ Create boot floppy

/b ­ Installs without boot floppies

/u ­ Unattended install (MUST USE /S) uses /b automatically

/udf ­ Uniqueness database file

/s ­ Specifies location of source files (use multiple /s to speed up installation)

/f ­ Pr events winnt.exe from verifying files as they are copied

/c ­ Skips free space check

/t ­ Specifies temp directory

/e - specifies command to execute at end of GUI setup

/i- specifies filename of setup info file (DOSNET.INI)

/r - specifies optimal directory to be installed

/rx - specifies optimal directory to be copied

Winnt32.exe doesn't support /f or /c or /rx switches

Winnt /s:e\ /u:unatt.txt /udf:u1,udff.txt

For /u if you have two diff platforms must have two answer files.

To install NT from an unsupported CD-ROM you must have DOS or Windows installed with drivers that support the CD-ROM.

Sysdiff records the diff between a normal NT installation and an installation to which you have added other software. It can automate the distribution of both operating system and application software to a large no of computers. Sysdiff is used to install applications that require interactive installation

Snap ­ snapshot of registry and system files and directories

Diff ­ records the difference between previous snapshot and state of the installation at the time sysdiff is run again

Inf - creates an inf file containing info about installation preferences

Apply ­ applies data in diff file to installation

Dump ­ used to review details of diff file

Don't confuse Sysdiff with Windiff [directory compression tool for NT 3.51]

Setup Manager can be used to create unattended answer files. It has three sections : General ; Networking and Advanced Setup. The answer file contains answers to the prompts you receive during an installation and an UDF file contains info about each specific computer and it is merged with the answer file at the graphics section of the installation process

To install applications that aren't included with the retail version of NT the required files must added to subdirectories of the $OEM$ directory on the distribution sharepoint. Then add "OemPreinstall = Yes" to the [unattended] section of the answer file and add the installation commands to the $OEM$\cmdlines.txt file

Fault Tolerance

Disk Striping

Divides data into 64k blocks and spreads it equally among all disks in the array.

Needs a minimum of two hard disks.

Disk Mirroring (Uses MT fault tolerance driver FTDISK.SYS)

Duplicates a partition on another physical disk.

Disk Duplexing (2nd controller)

Duplicates a partition on another physical disk which is connected to another Hard Drive Controller.

Disk Striping with parity (3-32 disks) (Use regenerate)

Distributes data and parity information across all disks in the array. The data and the and parity information are arranged so they are always on separate disks. A parity stripe block exists for each row across the disk. The parity stripe is used for disk reconstruction in case of a failed disk. Supports a minimum of three disks and a maximum of thirty­two disks.

Volume Set

Merges numerous partitions into one drive mapping. Drives are read one at a time.

System and boot partitions cannot be part of a stripe or volume set, but can be a part of disk mirroring and duplexing partitions.

To create a fault tolerance boot disk copy Boot.ini , Ntldr , , Ntbootdd.sys(SCSI without BIOS) to a disk formatted in NT and modify Boot.ini to point to the mirrored boot partition.

Speed factors ­ Disk striping will provide the fastest read/write performance as it can read multiple disks at a time. Disk striping with parity is slower, as it has to write the parity information, but is still faster than disk mirroring and volume set. Disk mirroring is slow due to the redundancy factor of writing the same information to two drives at once. Volume set can only read/write one drive at a time.

To recover from drive failure with disk mirroring, you must install the new drive, boot the system into NT, run disk administrator, break the mirror and then recreate the mirror.

To recover from drive failure with disk striping with parity, you must install the new drive, boot the system into NT, run disk administrator, and choose the Regenerate option.

To recover from multiple drive failure with disk striping with parity, you must install the new drives, boot the system into NT, and restore the system backup from tape.

Booting Windows NT

The files required to boot NT on Intel are : Ntldr , Boot.ini , Bootsect.dos , , Ntbootdd.sys , Ntoskrnl.exe , System(\winnt\sysrem32) , Device Drivers(FTDISK or SCSIDISK)

On a RISC machine : Osloader.exe , *.pal , Ntoskrnl.exe , System , Device Drivers

The Intel Preboot sequence is :

The Intel Boot sequence is : NTLDR switches processor from real mode to 32-bit flat memory mode

The RISC Preboot sequence is :

The RISC Boot sequence is :

Boot Errors

(In all cases, edit boot.ini or use the Emergency Repair Process)

1. PROBLEM NT boots automatically.

REASON If boot.ini is missing, NTLDR will attempt to boot directly to NT. If NT is installed in the default directory, it will boot to NT. If NT is installed in any other directory, this message will appear:

Windows NT could not start because the following file is missing or corrupt:


Please install another copy of the above file.

2. PROBLEM "NT (default)" suddenly appears as a menu selection.

REASON The path under "default" does not match any of the paths in the "Operating System" section

3. PROBLEM After you select an operating system from the menu, the following message appears:

Windows NT could not start because the following file is missing or corrupt:


Please install another copy of the above file.

REASON The path to windows NT is incorrect for the selection made on the menu. NT will go to the path for the OS specified and look for Ntoskrnl.exe but will not find it.

4. PROBLEM After you select an operating system from the menu, the following message appears:

OS Loader V4.0

Windows NT could not start because of a computer disk

hardware configuration problem. Could not read from the

selected boot disk. Check boot path and disk hardware.

Please check the Windows NT documentation about blah, blah, blah

REASON The arcpath name is pointing to an invalid or non­existent device.

Error message problem fix

BOOT: couldn't find NTLDR

Please insert another disk.

(appears before boot menu) NTLDR is missing Use the emergency repair process.

NTDETECT V1.0 checking Hardware E ...


(appears on same screen as menu, after you select) is missing Use the emergency repair process.

NT could not start because the following file is either missing or corrupt:


Please re­install a copy of the above file.

(appears after last known good prompt) Ntoskrnl.exe is missing or boot.ini is missing or NT is installed in another directory (not \Winnt) or boot.ini directs the OS to a location that doesn't contain a valid Ntoskrnl.exe. Use the emergency repair process.

/O Error accessing boot sector file

Multi(0)disk(0)rdisk(0)partition(1): \bootsect.dos

(appears on same screen as menu, after you select) Bootsect.dos is missing Use the emergency Repair process.

OS Loader V4.00

Windows NT could not start because of a computer disk hardware configuration problem.

Could not read from the selected boot disk. Check boot path and disk hardware.

Please check the Windows NT documentation about hardware disk configuration and your hardware reference manuals for additional information.

(appears on same screen as menu, after you select) Indicates that the NT entry in boot.ini points to a missing or malfunctioning device or to a disk partition that doesn't contain a file system recognised by NT boot loader. NT loader can't access the partition on which NT is stored or NT is confused about which is the primary hard disk controller : STOP : 0x000007E : Inaccessible Boot Device error is shown (SCSI devices that don't conform completely to the SCSI standard can cause this problem) . This is an unrecoverable "blue screen" problem.

Emergency Repair

NT will use the Last Known Good Configuration when the system is recovering from a severe or critical device driver loading error , or if it is selected during the boot process. Booting from the Last Known Good Configuration provides a way to recover from a problem with a driver that was recently added or if modified registry entries prevent NT from booting . If it is used any configuration changes made during the last system boot will be lost .

The Emergency Repair Disk can be used to return NT to a state of the last emergency repair update. This disk can repair missing or corrupt NT files and restore the registry (SAM database , security info , disk configuration info , software registry entries , system info). The RDISK.EXE utility is located in the \winnt\system32 directory and has two options : update repair info , or create repair info. The RDISK utility will copy the system hive , SAM , Security hive , software hive , default hive , config.nt , autoexec.nt and creates setup.log (/s switch does not back up default , Sam , or security). To use the Emergency Repair process you must boot with the NT Setup Boot disks and choose to repair and also have the NT CD-ROM handy in case files are needed off it. If SAM is to be replaced you need the administrators password on the Emergency Repair Disk. There are four options when using the ERP : Inspect registry files , Inspect the start-up environment , Verify NT system files , and Inspect boot sector.

The Windows NT Boot Disk contains boot.ini , NTLDR , NTDETECT.COM , NTBOOTDD.SYS and the disk must be formatted in NT using /s switch to copy the system files to the disk. This disk can be booted and you can copy any of the files to the boot drive if you are having a problem with them.

ARC Paths


multi/scsi - identifies the adapter controller (scsi = scsi bios not enabled)

disk - scsi bus number (varies on scsi for successive disks)

rdisk - ordinal number of disk (changes for multi )

partition - number of partition

Switches :-

/NOSERIALMOUSE -disables serial mouse detection

/BASEVIDEO - load in standard vga mode

/CRASHDEBUG - enables automatic recovery and restart features of NT

/SOS - displays names of device drivers as loaded

/NODEBUG - debugging info not monitored

/MAXMEM :n- limits amount of memory NT uses

/SCSIORDINAL:n - selects which SCSI controller to use to boot NT


When upgrading from NT 3.51 to NT 4.0 you must convert HPFS to NTFS first.



NT does not support Windows95 FAT32 file system.

RISC based systems require a 2meg fat partition minimum

Dual boot to DOS, 16­bit Windows, or 95 requires C: to be fat.

Long file names : take first 6 characters and add ~1.* up to ~4 . If there are spaces in path you must use "" when at the command prompt. An alias is created THISIS~1.DOC and another entry is created for every 13 characters. FAT root directory can contain 512 entries so don't store too many LFN's in root.

Environmental Variables

NT sets environmental variables in order :

  1. System
  2. Autoexec.bat
  3. User

System policy is a collection of registry settings that overwrites the current user and local machine areas of the registry. It is saved in NTConfig.pol in winnt\system32\repl\import\scripts folder in boot partition of PDC and is also shared as \\server_name\netlogon$. (NTConfig.pol only copied to BDC if replication configured). System policy for users modifies the HKEY_CURRENT_USER and for computers it modifies HKEY_LOCAL_MACHINE.

System policies categories :

Windows NT uses Common.adm and Winnt.adm as policy templates.

Windows 95 uses Common.adm and Windows.adm. (Save in config.pol in netlogon$ share on PDC)


HKEY_LOCAL_MACHINE configuration data about local computer

HKEY_USERS : default ­ system default settings

SID ­ security id of user logged on

HKEY_CURRENT_USER data about user currently logged on

HKEY_CLASSES_ROOT software configuration data (compatibility with 3.1 database)

HKEY_CURRENT_CONFIG data about the active hardware profile

HKEY_LOCAL_MACHINE contains five subkeys :

Hardware ­ volatile gathered each time computer booted

SAM ­ directory database for computer

Security ­ security info for computer

Software ­ info about software on computer

System ­ info about devices and services


UPS immediately pauses the server service during a power failure. Uses RS­232 port and use /noserialmice switch if UPS shuts off during startup.

Power failure signal ­ Clear to send (CTS)

Low battery signal ­ Data carrier detect (DCD)

Remote UPS shutdown ­ Data terminal ready (DTR)

Application Support

OLE is a method for transferring and sharing info between applications.

DCOM (distributed component object model) uses remote procedure calls (RPC) and windows security features to enable applications to communicate across networks. DCOM configuration options are applications , default properties and default security. DCOM can be accessed by typing dcomcnfg at command prompt

To start an application at a diff priority use start at the command prompt :

Source compatible application must be recompiled for each hardware platform and binary compatible applications can run on any platform supported by NT.

Win32 Win16 & DOS POSIX OS/2 1.x
INTEL source binary source binary
RISC , etc. source binary source binary (bound only)

Change foreground application responsiveness in control panel - system - performance. None doesn't raise background application at all , middle increase foreground one level and maximum increases foreground two.

Windows NT supports : Win32 , VDM , Win16 , OS/2 , POSIX

NTVDM is where DOS application are run and it simulates a DOS environment. The key components are ntvdm.exe , Ntio.sys (io.sys) , ntdos.sys (msdos.sys) and an instructional execution unit which emulates a 486. The vdredir.dll redirects file system requests to Win32 subsystem. The equivalent to autoexec.bat and config.sys are autoexec.nt and config.nt. Each DOS program gets its own VDM and doesn't share memory , can be pre-emptively multitasked and can be started with diff priorities.

Win16 applications use WOW (win16 on win32) to run in the win32 subsystem but they also use NTVDM. The key components are wowexec.exe , wow32.dll , krnl386.exe , user.exe and gdi.exe. WOW thunks 16-bit calls into 32-bit ones and win16 programs share memory as run in default NTVDM , aren't pre-emptively multitasked and cant be started with different priorities.

The default NTVDM is the only NTVDM, which can run multiple Win 16 applications.

If a Win 16 application is run in an NTVDM other than the default NTVDM, it can be the only one in that NTVDM. If Win 16 applications need to share memory space, they must run in the default NTVDM.

To start in own NTVDM :

  1. command prompt - start/separate [path] application
  2. Run - tick start in separate memory space
  3. Explorer - View , Options , File Types , click Edit , double click Open. Edit the open line to include cmd /c start /separate <path><application>
  4. Tick Run in separate memory space in applications shortcut

OS/2 1.x applications are supported by NT and the key components are os2.exe , os2srv.exe , os2ss.exe , netapi.dll and doscalls.dll. Use forcedos.exe to run OS/2 in NTVDM and use OS/2 text editor to edit config.sys to change OS/2 subsystem configuration.

POSIX applications (UNIX) interact directly with the POSIX subsystem and the key components are psxss.exe , posix.exe and psxdll.dll. POSIX applications require case sensitive naming and hard links (file with more than one name).


Workgroup ­ recommended for networks containing under 20 users. Users in this type of network administer all shares and methods of access on their personal computers.

Single Domain ­ No trust relationships are involved in this domain model. Network administration and management is all controlled from a central location. Can contain up to 40,000 user accounts, but is usually recommended for 20­500 users.

Single Master Domain ­ Master domain is trusted by one or several single domains. The master domain provides central administration. Can contain up to 40,000 user accounts, and is usually recommended for 500­10,000 users.

Multiple Master Domain ­ Several master domains are setup with complete trusts between each of them, and all single domains are setup to trust the master domains. Is usually recommended for more than 10,000 users.

Complete Trust Domain ­ All domains in this model have complete trusts setup with each other.

You must remember how trusts work for the test. Domain A trusts Domain B. Domain A is trusting Domain B to access Domain A's resources. Domain A is the trusting domain and Domain B is the trusted domain.

To migrate to a new domain an account must first be created for the server or workstation on the PDC and then you must use the change button in control panel - network - identification (restart computer).


Global groups ­ General domain grouping used to access resources in its own domain. Can access resources in other domains by being a member of another domains local group.

Local groups ­ Group used for local domain access to resources. Global groups from other domains go into these global groups for resource access across domains.

Backup Operators ­ Group designated for members to backup and restore computers from tape. Backup Operators can only backup and restore from tape when logged in locally to the computer.

Account Operators ­ Group designated for members to manage user and group accounts.

Server Operators ­ Group designated for members to manage resources, but cannot manage user accounts.

Replicator ­ Group designated for NT computers to perform directory replication.

Computer Name Resolution

DNS (Domain Name Services) ­ Used to resolve DNS host name to an IP address.

WINS (Windows Internet Naming Service) ­ Used to resolve NetBIOS computer name to an IP address.

HOSTS ­ File which contains mappings between DNS host names and their IP addresses.

LMHOSTS ­ File which contains mappings between NetBIOS computer names and their IP addresses.

WINS Proxy ­ Picks up b­node broadcast sent by a non­WINS enabled computer for NetBIOS computer name resolution, and forwards the request to a WINS server. WINS server replies to the WINS proxy, which then relays the reply to the PC. Is enabled by editing the registry.

Virtual Memory

Virtual memory can be controlled in the System properties under the Performance tab.

The paging file size can be in/decreased here, and even distributed across multiple drives. The recommended initial paging file size equals the amount of RAM in the system plus 12mb.

12 Steps To Windows NT

Step 1 : Install NT server in NetWare environment running GSNW or Microsoft Services for NetWare and NWLink protocol so as to simulate a NetWare server

Step 2 : Copy NetWare user account information to NT domain

Step 3 : Create a Dfs tree to match NDS tree

Step 4 : Add Microsoft redirector to all clients and enable Services for Macintosh

Step 5 : Migrate shared resources on NetWare servers to NT servers using Migration Tool for NetWare or use NT as gateway to NetWare servers

Step 6 : Change MS-DOS clients from NetWare clients to NT client software

Step 7 : Remove NetWare client software from all workstations

Step 8 : Complete the migration of resources remaining on NetWare servers to NT servers

Step 9 : Configure NT server Multi-Protocol Router to replace any NetWare servers acting as routers in your network

Step 10 : Remove GSNW and Microsoft Services for NetWare from NT servers ,then clients no longer have access to NetWare servers

Step 11 : Install NT Server on NetWare computers

Step 12 : Sell NetWare software


NWLink (IPX/SPX) is the protocol used by NT to allow Netware systems to access its resources. NT computer running NWLink can connect to client/server applications on a NetWare server.

Gateway Services for Netware (GSNW) can be implemented on your NT Server to provide an MS client system access file and print resources on your Netware server by using the NT Server as a gateway. Any MS network client running Server Message Block (SMB) can access NetWare via NT server running GSNW and therefore they don't need the NetWare requester or IPX/SPX protocol. The NT server attaches to the NetWare server as a client though a single logged in account and then shares all resources it has access to on the Microsoft network.

You must have a group account setup on the Netware server called NTGATEWAY with trustee rights to the resources you want to share. Create a user on the NetWare server that is a member of that group and NT will use this account to logon to the NetWare server.(use SYSCON to create the group and user account in 3.12 and for 4.1 use NWADMIN in Windows or NETADMIN in DOS).Configure GSNW to attach to the preferred server (3.12) or default tree and context (4.1). With NetWare 4.1 you must enter the default tree and context where the user account exists and with NetWare 3.12 you just enter the preferred server.

Client Services for NetWare (CSNW) provides a computer running Workstation with basic file and print connectivity to a NetWare 3.x or 4.x server. NT computers with GSNW and NWLink IPX/SPX installed can support NetWare Core Protocol (NCP) [supports NCP & LIP] ,Large Internet Protocol (LIP) and LFN's. Preferred server is used to connect to a server by default at logon[3.1x] , and in NDS the default tree defines the user name that is used at logon and the default context defines the position of the user name [4.x]. The print options are Add Form Feed (ejects a page) , Notify When Printed and Print Banner (separator page). To troubleshoot NetWare connection verify that NetWare server is running normally , verify Workstation can connect to MS network , verify NWLink and CSNW installed , verify CSNW tree and context settings are correct and verify frame types and network numbers match NetWare server and NWLink settings in NT workstation. To change passwords in NetWare 3.12 use SETPASS and in NetWare 4.1 use CTRL/ALT/DEL

File and Print Services for NetWare (FPNW) allows a computer running NT server to function as a NetWare 3.12 file and print server thus NetWare clients can gain access to file , print and application services on a NT server. Grants NetWare clients access to NT Servers.

Directory Service Manager for NetWare (DSNW) copies NetWare user and group account info to NT servers and then incrementally distributes any account changes back to NetWare servers. DSNW allows for : 1> Central administration of NetWare and NT account policy , 2 > All NT and NetWare compatible accounts bound by NT account policy , 3 > Allow NetWare clients single logon for NT and NetWare , 4 > Synchronise NetWare account changes made on NT back to NetWare.

Migration Tool for NetWare transfers user and group accounts , logon scripts and file and directories from NetWare servers to NT server domain controllers. Version control problems occur when a new NT server is installed and shared files are copied to it. The problem is that when users attached to the new system make changes to the files that users on the old system have also changed , thus creating two versions of the files. GSNW allows you to use one coherent set of files on the NetWare server during migration when you have both NetWare and NT servers on your network at the same time.

Services for NetWare includes FPNW and DSMN

If you decide to convert a Netware server to an NT Server, you will first need to implement the Gateway Services for Netware on the NT Server. Once the conversion has completed, you will need to make sure all Netware workstations have had the Microsoft (SMB) redirector installed on their systems to access the NT Server.

Make sure to remember that the frame types for the NWLink protocol must match the computer that the Server is trying to connect with. Unmatching frame types will cause connectivity problems between the two systems.

To share a printer on a NetWare network first install GSNW then you share it the same way as per a normal NT printer. Print queues is NetWare parlance to the NT term printers.

Server Stop Errors

In the System Properties Shutdown tab, there are options to configure where you would like the Server stop errors to be written. The errors are written to memory.dmp which is readable by the program dumpexam.exe(resides in the \support directory on NT CD-ROM). SAVEDUMP writes the contents of RAM to the pagefile. The memory.dmp file is as large as physical memory plus 1Mb and it is written to the pagefile and thus the pagefile must reside on the same partition as \Winnt for this to work

Security Architecture

When you logon to NT with your username and password (security identifiers) you are given a personal key (account security identifier) for things only you can access and a key for each of the groups you belong to (group security identifiers). When crtl-alt-del is pressed the win32 subsystem starts the WinLogon process (process - software that is running ) which generates the logon dialog box and once the info is entered it is passed to the Security Accounts Manager - SAM. SAM queries the security account database to check the validity of the username and it then generates an access token and passes it back to the WinLogon process (all processes have access tokens even if started by the system). Each object (directory,printer,processes,devices,ports,threads,etc) has a access control list ACL that NT uses to determine whether a user has the authority to access that object.

Distributed File system

Dfs allows you to create links to other servers that look like subdirectories on a single

server ,thus you get a single view of all the shares on your network. Dfs is roughly analogous to NDS and it works by replacing universal naming convention (UNC) path names that point to grafted subdirectories in the Dfs root with the UNC path name of the actual network share. When a Dfs server receives a UNC request that resolves to a share located on another computer , the Dfs service tells the multiple UNC router on the client to replace the Dfs root path with the UNC path of the server where the files are actually located.

Server Tools for Windows 95

The server tools for Windows 95 are : Event Viewer , Server Manager , User Manager for Domains , and Explorer Extensions. With these tools you can create Trust relationships but you can't verify them , may have to provide username and password when connecting to new domains or servers , must have admin privileges on any computer you wish to administer , and you cannot administer shared printers.


Profiles are the user settings which are loaded when a user logs in. They can contain desktop and start menu preferences. These files can be located either locally or on a server which has been mapped in the User Manager.

NTUser.dat and *.dat files are the typical, user­configurable profiles used. and *.man files are read­only, so the user can configure their desktop, etc. however, the *.man file will not be updated. When the user logs in again, it will restore the original profile.

You may copy profiles using the menu located under System Properties.

Roaming profiles will only work if the computers where they are used are exactly the same , else shortcuts won't work because the program is stored in different locations on each computer. Also roaming profiles only work in NT and most organisations don't only have NT and also use Windows 95. A folder must be created on the PDC called profiles which will be used to store the roaming profiles. Then in User Manager for Domains type \\servername\Profiles\%username% in the profiles section for the individual user. Logon as administrator to the computer where the profile is stored and go to System - User profiles and change the account type to a roaming profile and then copy it to the profile share on the PDC by typing \\servername\Profiles\username.

Mandatory User Profile uses the locally cached profile if the PDC (where profile stored) is down and only if user has logged onto the PDC before , else user can't logon.

Emergency Repair

To create an Emergency Repair diskette, you can choose to do so either during the

installation of NT Server, or you can run RDISK.EXE

To use the Emergency Repair diskette, you will need to boot the server with the NT installation boot diskettes, and choose to repair your NT Server with the Emergency Repair disk that was created.

RAS (Remote Access Services)

Supported Dial-in Operating Systems :

Supported Network Interfaces :

Supported Protocols :

IPX-Supported WAN Connections :

RAS is capable of using the following connection protocols: SLIP, PPP, and RAS. SLIP requires a static IP address and can't use DHCP/WINS (NT server can't be a SLIP server - accept a connection using SLIP and can't use SLIP to connect two computers using RAS nor can you connect to Win95 using SLIP ). PPP used in multi-vendor environment and supports AppleTalk ,DECnet , OSI , TCP/IP ,IPX and NetBEUI. PPP multilink protocol (MP) combines multiple physical links into a logical bundle that increases bandwidth. If you have two 28.8 modems and two PSTN lines MP can be used to establish a single 57.6 connection to an MP server (both the dial-up -networking client and RAS server must MP enabled).

RAS uses NetBEUI as the default network protocol, but can also use TCP/IP and IPX/SPX. TCP/IP will need to be used if you are using programs that utilise the Windows Sockets (WinSock) interface over the RAS services. PPTP is used to allow secure tunnelling of encrypted data over a TCP/IP network and allows accessing of RAS servers via the internet. PPTP can route TCP/IP ,IPX or NetBEUI over a TCP/IP network. PPTP filtering will disable all protocols on the selected network adapter thus increasing security.

NetBIOS gateway translates encrypted NetBEUI packets into IPX or TCP/IP formats that can be understood by remote servers and thus a NetBIOS gateway allows computers running NetBEUI to access RAS servers regardless of which protocol is installed on the server.

If NT has IP and IPX routers capabilities it can act as a router to link different LANs and WANs ,and connect LAN's that have different network topologies (ethernet to token ring).

RAS will write to a log file which can be used for troubleshooting RAS services. In order to enable RAS to write to the log, you have to enable it in the Registry.

RAS Security

Permissions : Dial-up permissions can be set in User Manager for Domains and in Remote Access Service and the permissions can be no call back , set by caller or preset to a number: Permissions can only be set for users.

Callback : callback will call only a predefined number and thus adds additional security.

Encrypted Passwords and data encryption : the way in which the RAS server and RAS client exchange the username and password is called the authentication protocol. NT supports three such protocols : Password Authentication Protocol (PAP) , Challenge Handshake Authentication Protocol (CHAP) , and Microsoft extensions to CHAP (MS-CHAP).

There are a few different options you can set in RAS for encryption settings.

Allow any authentication including clear text ­ This will allow RAS to use a number of password authentication protocols including the Password Authentication Protocol (PAP) which uses a plain­text password authentication. This option is useful if you have a number of different types of RAS clients, or to support third­party RAS clients.

Require encrypted authentication ­ This option will support any authentication used by RAS except PAP.

Require Microsoft encrypted authentication ­ This option will only make use of Microsoft's CHAP (Challenge Handshake Authentication Protocol). All Microsoft operating systems use MS­CHAP by default.

Require data encryption ­ This option will enable the encryption of all data sent to and from the RAS server.


NT Server 4.0 has the option to maintain drivers for different operating systems on the server. Each operating system uses different drivers. For example, NT 3.51 systems cannot use NT 4.0 printer drivers. If the system which is trying to connect to the printer off of the server does not have drivers for the printer, or if they are out of date, then the server will automatically install the updated drivers.

Print Pooling ­ A number of identical print devices controlled by the same printer. The printer directs the print jobs to an available print device in the pool.

Availability ­ This option allows you to specify which hours the printer can be printed to.

Priority ­ This option specifies which printer should print first if other printers are trying to print to the same physical print device at the same time. Priorities range from 1 ­ 99 with 1 being the lowest and 99 the highest.

You can select more than one local port for a printer only if the printers on each port are exactly the same.

You can change the directory containing the print spooler in the advanced server properties for the printer.

To remedy a stalled spooler, you will need to stop and restart the spooler services in the Server Manager.

The NT print process :

The DOS print process :

Remote printing with MS-DOS requires one to use net use LPTx :\\server\print_share

Print jobs can be redirected to another identical printer in the printers properties window by adding a local port and entering the server and printer's name \\Boomerang\HP.

Printers connected directly to the network : HP printers require DLC and network address ,Digital Network require TCP/IP or DECnet , and Lexmark printers require DLC ,TCP/IP or IPX.

When connecting to a print device using the LPR protocol you must first install Microsoft TCP/IP printing and then when you create the printer , the add port button will display another type of port called an LPR. Select this port , give the TCP/IP address of the LPR printer and then create it normally. In order to print to NetWare printer you must have GSNW installed. AppleTalk allows Macintosh clients to print to NT printers and NT clients to print to Macintosh clients.

From the printers menu in the printers window you can do the following :


MS-DOS print job never printed - appropriate printer driver must be installed locally

Access denied when configuring printer - appropriate privileges

Not print completely or garbled - Incorrect print driver

Win-16 applications give out of memory error - No default printer selected

Hard disk starts thrashing - out of space for spooling

No one can print to a server and jobs can't be deleted - stalled print spooler(start & stop)

Basic Print Problem Resolution

Is it plugged in?

Is it on-line?

Is the cable attached?

Is the print driver installed properly and is it the correct version?

Are you printing to correct print device?

Is there sufficient hard disk space for spooling?

Can you print from other Win32 applications to that print device?

Network Clients

MS Client 3.0 supports MS-DOS computers that don't have network connectivity and need to access NT server and supports NetBEUI , IPX , TCP/IP and DLC.

LAN Manager 2.2c Clients for MS-DOS and OS/2 are supported by NT server.

Network Client Administrator is used to install and configure the network client software and tools contained in the NT server CD-ROM for Win95 , MS-DOS 3.0 , and LAN Manager 2.2c. Network Client Administrator is in the Admin tools folder and the options are Make Network Installation Startup Disk , Make Installation Disk set , Copy Client-based Network Administration Tools , and View Remoteboot client Information. Make Network Installation Startup Disk creates a single unique floppy disk for each client you want to install automatically by booting from the disk. Make Installation Disk Set creates a set of floppy disks you can use to install any number of clients for the specific operating system you select.

The Network Client administrator can make installation disks for the following :

1> Client for Microsoft Networks (DOS & Windows 3 or 3.1)

  1. Windows for Workgroups 3.11 (add TCP/IP support)
  2. LAN Manager v2.2 for MS-DOS and OS/2
  3. Windows 95
  4. RAS Client for MS-DOS

The Network Client Administrator can make Network Installation Startup Disks for the following clients : 1> MS-DOS and Windows

  1. Windows 95

Window 95 , Windows NT OS/2 v2.0 And up , and macintosh clients don't need installation startup disks as networking support is built into them. The Network Client administrator works only with network adapters that are on the NT CD-ROM.

Services for Macintosh is used to manage mixed Windows-based or DOS-based and Macintosh environments from NT Server. AppleTalk , File Services for Macintosh and Print Services for Macintosh are installed automatically when Services for Macintosh is installed.

Browser Services

NT uses the browser service to identify and list the available network resources. The election criteria ranking is based on operating system (server-work-95-3.11), OS version and current role (MB, BB, PB).

All NT Servers have browser services available. The Master browser will maintain a master browse list which contains a list of all workstations, servers and domains on the

network. Every domain or workgroup can have only one master browser. There can be only one master browser per subnet. In a TCP/IP network TCP/IP does not route broadcasts so there must be a master browser in each TCP/IP network , with the PDC acting as a co-ordinating or domain master browser .A preferred master browser will always win an election.

The PDC will always be the domain master browser. All BDC'S will be backup browsers and are capable of becoming domain master browsers in the event of a PDC failure and receive a copy of the browse list from the master browser every 15 minutes. The max number of backup browsers is 3 and potential is infinite. In a workgroup there is one backup browser for every 32 workstations. All member servers are capable of becoming master browsers or backup browsers. A potential browser does not receive a copy of the browse list unless it is promoted to a master or backup browser

You can set the browser type for a computer by changing in the registry key : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList

No - not a network browser

Yes - either a master or backup browser (default for PDC and BDC)

Auto - potential browser (default for Workstation or MS)

You can configure your NT Server to be a master browser in the absence of a PDC by making IsDomainMaster = Yes/True (default is no or false)

Domain Synchronization

The registry contains settings which set the time between synchronization's of domain controllers. Sometimes this can cause much traffic. In order to reduce traffic, increase the value of the Pulse setting in the registry of the PDC, and decrease the value of the PulseConcurrency setting in the registry of the PDC.

Directory replication is used to replicate logon scripts(batch files , command files or executable files that can be assigned to user accounts that run each time a user logs on), system policy files and common info to computers in a domain. NT requires an export server that replicates updated info and an import server that receives the info. The default export directory is \Winnt\System32\Repl\Export and is shared as Repl$ (hidden). The default import directory is \Winnt\...\Import. Create subdirectories in these directories of files that need to be ex/imported and the default directories are managed in Server Manager.

To set replication on an export server : 1> Create a user account in UMD with all logon hours , member of domains Backup Operators or Replicators , Password Never Expires , and User Must Change Password At Next Logon cleared. 2> Start the Directory replicator service in Server Manager or services to start auto and log on with the account. 3> place directories to be replicated in \winnt\System32\Repl\Export

  1. From Server Manager configure export server to export files.

Removing NT

If NT is on an NTFS partition other than the system partition:

Backup files on NTFS partitions or copy to FAT partition

Delete NTFS partition and the NT system files will go with it.( Some versions of MS­DOS FDISK cannot do this. No version of MS­DOS FDISK can delete an NTFS logical partition in an extended MS­DOS partition. Use Windows NT setup to remove NTFS partitions.)

Run sys.exe from DOS and reboot with a DOS floppy (changes bootstrap routing)

Run fdisk to create a primary partition and format with /s to install system files.

To remove NT from a FAT partition (simple!)

Delete the following folders: %system_root% (usually Winnt) and Windows NT in the Program files directory

Delete the following files: Ntldr,, boot.ini, pagefile.sys and bootsect.dos

Client Access License

Each client which access a resource on an NT server needs a Client Access License (CAL) even if the client doesn't run a Microsoft OS.

Per sear / per server

PER SEAT Each client on the network requires a CAL and can access resources across the entire network.

PER SERVER Each client requires a CAL and the CAL is applied to only one server. Number of clients connecting to the server cannot exceed the number of per server licenses.



MS allows a one time one way switch from Per Server to Per Seat

Networking Environment

Programming Interfaces provide an established method for applications to interact with any of a number of file system drivers and network services and NT supports NetBIOS ,WinSocket , RPC and Network Dynamic Data Exchange (NetDDE).

File System Drivers are networking components that are treated as NT local storage file systems so that you can use applications written for a local computer across the network. These components are : workstation service , server service , named pipes and mailslots (also called redirectors as they redirect I/O that would go to a local drive across the network).

Network Driver Interface (NDIS) compatible network adapter card drivers co-ordinate communications between adapter cards and computers hardware, firmware and software.(NDIS.SYS)

The NDIS 4.0 layer controls the interface between NDIS compliant drivers and transport protocols and to enable services to pass from one layer to another. NDIS allows a unlimited no of network adapter and an unlimited no of protocols can be bound to a single adapter.

Protocols govern the communication between hosts and NT supports TCP/IP , NWLink IPX/SPX , NetBEUI , DLC and Appletalk.

The transport driver interface (TDI) makes all the transport protocols look the same to higher level services such as redirectors and file systems. (TDI.SYS)

The following components are installed by default :

The redirectors and server allow user mode applications to access system resources and are treated the same as NT logical file systems. Redirector (workstation service) identifies the appropriate service that can provide the resources requested by an application and the server service creates and secures shared resources.

The Servers overall performance can be optimised through the server service in the network control panel program. Minimise Memory Used - if computer rarely used as a server , Balance - is server typically used as a workstation and as a server , Maximise Throughput for File sharing - if computer is a dedicated file server , Maximise Throughput For Network Applications - if computer is a application server.

Distributed processing components are named pipes , mailslots , windows sockets , remote procedure calls (RPC) , network dynamic data exchange (NetDDE) and distributed component object model (DCOM).

Named pipes build a bi-directional connection-orientated communication channel between server and client.

Mailslots build a unidirectional communication channel between server and client.

WinSock enables a distributed application to access protocols (TCP/IP & IPX)

NetDDE allows the sharing of info between applications.

Remote procedure call (RPC) calls a procedure that resides in a server process running on a remote machine (starts a program on a remote computer)

Microsoft TCP/IP

TCP/IP provides broad connectivity among all types of computers and servers ,has strong support for routing (connects diff networks) ,and supports SNMP ,DHCP and WINS (ip - netbios). It is the slowest protocols and is difficult to set up.

IP address is used to identify a TCP/IP host and if first number is the network ID and last three are the host ID (computer ID) = class A network .Class B if 2-2 and class A if 3-1 .

The subnet mask marks which part is the network ID and which part is the station ID and means that this is a class A network . If it was then its class A with less than 127 available addresses .

The default gateway is used to forward communications to other networks ,as when a computer recognises that the address isn't on your network it sends the message to the default gateway instead.

IPCONFIG is used to verify the TCP/IP configuration parameters on a host (ipconfig /all) and PING is used to test connectivity (ping IP-address) [ping the loopback address to test if TCP/IP installed correctly - ping]


Microsoft's 32-bit NDIS 4.0 compliant version of Novell's IPX/SPX protocol and NT uses WinSock (tool used for supporting connections between computers) and NetBIOS over IPX to communicate with computers running IPX/SPX. It is easy to set up , routable , doesn't support SMNP and is slower than NetBEUI. A frame type is the way in which the network adapter card formats data to be sent over a network. The frame type must be set to the same type as the Netware server and NWLink can be used with ethernet II and 802.3 and 802.2 , token ring 802.5 and snap and FDDI 802.2 and snap (fiber optic).

The default frame format for NetWare 2.2 and 3.11 is 802.3 and for NetWare 3.12 and up it's 802.2. NT automatically detects the frame type when NWLink is installed but defaults to 802.2 if more than one detected.


NetBEUI stands for NetBIOS extended user interface and it is a very fast protocol that is used in LAN's as it can't be routed . NetBEUI is self tuning and self configuring and has good error protection and has small memory overhead.


Appletalk is used by Apple Mac's and it is not TDI compliant and thus can't use the full range of networking features of NT. The main feature of AppleTalk is so that Mac's can access NT Server file and print services by using AppleTalk and Services for Macintosh. AppleTalk is automatically installed when Services for Macintosh's is installed.


DHCP centralises and manages the allocation of TCP/IP configuration info by automatically assigning IP addresses to computers configured to use DHCP. The DHCP server leases an IP address to a client for a specified period of time and to implement DHCP the server requires a static IP address, subnet mask and default gateway , and the DHCP server service must be configured on at least one NT server within the internetwork , and the DHCP scope of addresses must be created on the DHCP server. The client must be running server, workstation, 95, 3.11, network client 3.0, or LAN manager 2.2c. DHCP Scope is a range of IP addresses in a TCP/IP subnet.

WINS Windows networking names IP

WINS is used to register Windows networking UNC names (NetBIOS) and resolve them to IP addresses. The requirements for a WINS server are that the WINS server service must be configured on NT server and it must have a static IP address. The client requirements are it must be running server, workstation, 95, 3.11, MS network client or LAN manager and know the IP address of a WINS server.


Domain Name Service transforms internet textual addresses into internet numerical addresses and this process is called name resolution (domain names => IP addresses). A DNS server maintains a list of Internet names of computers on the TCP/IP network and their associated address. The difference between DNS and WINS is that WINS is fully dynamic whereas DNS requires static configuration for computer name-to-IP address mapping and thus DNS database must be changed manually.

Simple Network Management Protocol

SNMP is a Internet protocol that allows network managers to control network hardware and computers from a central site. Hubs , routers , bridges , switches , gateways , and computers support SNMP and with SNMP you can view the operational status of a device , various statistics such as throughput and collisions , and send commands to reconfigure the device. Most network hardware is sold as managed hardware ( has a microprocessor and software to support SNMP )or unmanaged hardware.

Services For Macintosh

NT Server looks exactly like an AppleShare server to macintosh clients and they don't need any additional software. NTFS supports the multiple-fork like structure of the Macintosh Hierarchical File Structure (HPS) and the AppleTalk protocol is installed by default when Services for Macintosh is installed (It is not TDI compliant so it doesn't show up in the Transport Tab of the network control panel). You can use Server Manager or File Manager to manage your Macintosh-accessible volumes , not Windows Explorer. Printing support is also installed by default.


Boot Booting , Boot.ini , NTFS boot problems , bootsect.dos , or problems after boot starts Try booting from NT boot disks or use ERD
Devices Interrupt conflicts and SCSI problems Use Last Known Good Configuration before user logs on , or use WinMSD to check IRQ's
Logon Inability to log on to the system Log on using a different account or restore accounts database using ERD
Resource Access incorrect permissions ,inability to access resources Try different user account or server , or check spelling of server or share name
File System FAT or NTFS problems Run CHKDSK or reformat
Printing Inability to print , problems with network printers Try different remote printer or user account. Remove and recreate printer
Network Cable , adapter , IRQ conflict , protocol or external network problems Use a network cable analyser , network protocol analyser ,run diagnostics on adapter card.
Services services that don't start Check the Event Viewer System Log

System Log contains events generated by all NT internal services and drivers

Security Log contains security events when auditing is enabled (only admin can view)

Application Log contains events generated by applications

The list of axioms for troubleshooting NT are 1> Be patient

  1. Know the system
  2. Isolate the fault (eliminate what works first)
  3. Check the most recent changes
  4. Check the most common failure point (monitors, floppy's , hard disks)
  5. Check things that have a history of failure
  6. Perform easy tests first (BIOS)
  7. Make assumptions to guide your troubleshooting
  8. Use what you know
  9. Change only one setting at a time
  10. Track the changes you make
  11. Try to make transient failures repeatable (loose cable or add services back individually)
    1. Try to isolate individual faults in multiple-fault malfunctions
    2. Resort to permanent changes last (replace HDD or reinstall OS)

Windows NT Diagnostics Services (state of services and devices listed in

CurrentControlSet) Resources (system resources in use) Environment (user , process and system environments) Network (network related configuration info) Version (OS version ,serial number, owner) System (BIOS,HAL and CPU info) Drives (drives and their types) Display (video adapter, settings and drivers) Memory (physical and virtual memory info ,pagefile location and available memory)

The Event Viewer records problems experienced by NT and records a log. It records system events (recorded by kernel and drivers) , security events (audit policy) , and application events. Events are recorded according to priorities and a blue icon represents an informative message , a yellow icon an alert (a noncritical service isn't operating correctly) , and a red icon represents a critical warning.

Troubleshooting Networks

Network failures can be divided into four categories which are client problems , server problems , data link problems and cable problems.

Client Problems affect only a single computer

Server Problems affect only the server

Data Link Problems occurs when a device that connects the network physically or logically fails and this usually affects entire subnetworks

if two subnetworks can't connect replace the bridge between them

Cable Faults are very common

Troubleshooting Computer Hardware

Troubleshooting CMOS

Problem Probable Cause Diagnosis Solution
No Power to system Cable or power supply Inspect cable and wall socket and plug Replace power supply or cable
System inoperable, lights on & HD spins Expansion card dislodged or defective Check cards and disconnect floppy Put cards in properly
System doesn't boot from HDD only floppy Damaged HD or controller, or connection out or FAT scrambled INVALID DRIVE SPECIFICATION message appears or run FDISK Check cable from HD or format HD and if unable its damaged
System only boots from floppy and HD can be read and applications used HD boot program destroyed Lighting strike or power surge Back-up data and reformat HDD
SECTOR NOT FOUND appears or data cant be retrieved A number of causes Backup HDD Low level format, partition HD, then high level format
Disk formatted on IBM PS/2 not operate IBM PS/2 uses different format IBM PS/2 not work with AT type computer Format HD in AT computer
After installing expansion card system not working No power to the monitor All or part of the system may not work Change the interrupt or RAM address of the card
IVALID CONFIGURATION or CMOS FAILURE appears incorrect info entered into setup program Check the configuration program and replace incorrect info Review systems equipment and make sure info correct in setup program
Screen is Blank No power to monitor ,cable out or NIC I/O address conflict   Check power connection and change I/O address of NIC
Greek looking letters Memory problems, display jumpers set incorrectly or computer virus   Reboot computer. Reinstall memory and check jumpers on display adapter or reformat HDD
Screen goes blank periodically Screen saver is enabled   disable screen saver
Keyboard failure Keyboard is disconnected   Reconnect or replace
Floppy drive light stays on Floppy cable not connected   Reconnect
Error reading drive A: Bad floppy disk or not formatted   Format or try new disk
C: drive failure SETUP info incorrect or HD cable not connected   Boot from A: and put correct into Setup or reconnect
Cannot boot system after installing second HDD Master/Slave jumpers not set correctly or HDD not compatible   Set jumpers correctly and run SETUP and select correct HDD
Missing operating system on HDD CMOS settings changed   Run SETUP and select correct drive type
Certain keys not working Keys jammed or defective   Replace keyboard
Keyboard is locked ,no keys function Keyboard is locked   Unlock keyboard
No colour on screen Faulty monitor or CMOS incorrectly set   Connect monitor to another computer

Performance Monitor

Windows NT Object Counters :>

Processor performance monitors =>

Troubleshooting Processor performance involves checking if you have sufficient processor cache , and if your external and internal caches enabled.

To enable the disk performance Counters type diskperf - y at the command prompt and to disable type diskperf - n. These counters cause about a 2% degradation in overall performance on Intel machines , but you won't see any disk data unless they are enabled.

Disk performance monitors =>

Troubleshooting Disk performance is best done by adding more RAM , thus increasing the size of the disk cache. If you can't add more RAM then add a newer disk drive , disk controller , create stripe sets or use RAID.

Threads are software chains of execution that run concurrently to perform the functionality of a process within the address space of that process (a process is one or more threads [paint.exe is a process] ).

To improve network performance : 1> Reduce traffic by finding top talkers , eliminating diskless workstations , or store applications locally ; 2> Splitting networks into subnetworks joined by bridges , routers or servers only works if computers that communicate to each other are still on the same subnetwork , thus subnetworks must be based on departments. Splitting is done by putting each subnetwork on a different network interface card on a single server , or putting each subnetwork on a different server and connecting the server with a high-speed backbone ; 3> Increasing speed is the last option and this involves moving from Ethernet or Token Ring to Fast Ethernet or Fiber Distributed Data Interface (FDDI) , but you may only need to upgrade your backbone technology.

Fast Ethernet is 10 times the speed of Ethernet and runs at 100 megabits per second and there are two major varieties 100Base-X and 100Nase-VG (AnyLAN).

Fiber Distributed Data Interface (FDDI) is 100 megabit Token Ring over fiber optic cable with a second counter-rotating ring that provides a measure of fault tolerance in case of cable faults. It is very stable and very expensive.

NT Self-Tuning Mechanisms

Symmetrical Multiprocessing is a process where total processor load is split evenly among processors. However two processors are only 150% faster than one as it takes processor time to schedule the process's between the processors and a one thread process can run on only one processor.

Memory Optimisation involves the dividing up of memory into 4k chunks called pages and each page can only be used by a single thread (thread may be stored on several pages) , thus more memory is available to other processes as there isn't must memory wastage as with the 64K page size of other systems. The Pagefile is used to swap memory and NT supports simultaneous writing to more than one hard disk thus the pagefile should be split among separate physical disks.

Prioritising Threads and Processes is done according to their importance to system responsiveness or any requirements it may have to respond to external events in a timely fashion. Processes start with a base priority of 7 on a scale of 0 to 31 and NT can vary the priority by two levels up or down. Real-time processes start with priorities of 23 or higher and only administrators can start processes with priorities higher than 23. You can change priorities in the Task Manager.

Caching Disk Requests is used by NT to reduce the amount input/output traffic to the hard disk drive and it works by NT reserving a portion of memory as a staging area for hard disk reads and writes , so when data is read from the disk it is stored in the cache and if it needs to be read again it can be retrieved very quickly.

The Network Monitor

The network Monitor monitors data sent over the network and it uses a special mode supported by most modern network cards called promiscuous mode which allows it to capture all data packets on the network. However the network monitor shipped with NT Server 4 doesn't support promiscuous mode and can only capture frames sent to or from the server , broadcast frames or multicast frames (full version with SMS). Data that the network monitor captures is saved in the \Winnt\System32\Netmon\Captures directory as a .CAP file. This data can be filtered based on protocol , computer address , or protocol properties. Network Monitor is password protected so not just anyone can use it.


Permissions are cumulative. For example, if John is a member of the Sales and Marketing groups, and a file is granted permissions so that Sales have Change (RWXD) access and Marketing have Read (RX) access, John will have Change (RWXD) access to the file. However, the No Access permission is an exception to this rule; if John was also a member of the External group which had No access (None) permissions for the above file, John would be unable to access the file at all.

Files created in a directory initially retain the permissions from the directory level. If the file permissions are changed, these new permissions override any other permissions

Printer security is controlled by four security levels: No Access, Print, Manage Documents and Full Control. No Access is the same as for file security. Print allows you to print documents and manage your own documents (e.g. cancelling jobs). Manage Documents permissions allow you to change the order and status of other people's print jobs to that printer in addition to your own, and Full Control allows you to change permissions of print queues and take ownership of printers as appropriate.

There are four special non­machine identifiers which do not appear in User Manager but can be used for assigning permissions from the File Manager / Windows NT Explorer (4.0 and above). CREATOR OWNER is the user who owns the file; this is the user who created the file unless ownership has been changed. INTERACTIVE represents users accessing the object locally (as opposed to accessing it across the network). NETWORK is the converse of INTERACTIVE, and represents users accessing the object across the network. Lastly, SYSTEM is the operating system object itself



- On fat partitions, share permissions is the only way to secure files and folders.

- Share permissions apply to network access only. A user logged on locally will be able to access all folders and files that use only share level security.

- Shared folders permissions apply to all subfolders and files within the shared folder.

- If a user or group is not assigned any permission, the user or group will have no access.

- If a user is a member of multiple groups and one group is not assigned any permission and the other is assigned permissions, the user will have permissions.

- DOS, Windows 3.x and WFWG will tolerate only 8 characters in a share name. Longer names will appear as xxxxxx~1.

- Windows NT will tolerate up to 12 character share names.

Levels of share security

  1. Full control -
  2. Change -
  3. Read -
  4. No Access -


Administrators can share folders on any network computer

Server Operators can share folders on PDC and BDC only.

Power Users can share folders on Member Servers and WS only.


_ Can be applied to folders and to individual files within a folder.

_ Are applied to local resources and those accessed over the network. A user with no access

cannot gain access by logging on locally.

NTFS permissions are either Individual Permissions or combinations of individual permissions that Microsoft thought would be useful called Standard Permissions.

Individual NTFS permissions

_ Can be applied one at a time or in any combination to both users and groups.

_ Are called special access permissions when they are used to customise permissions for users and groups.

NTFS Permission As applied to a Folder As applied to a File
Execute (X Display folder attributes, make changes to subfolders, display owner and permissions Display file attributes, owner, permissions, Run an executable
Write (W) Add files and folders, change a folder's attributes, display owner and permissions Display owner and permissions, Change file attributes, modify file data (write).
Read (R) Display folder names, attributes, owner and permissions Display file data (read)
Delete (D) Delete the folder Delete the file
Change Permission (P) Change the folders permissions Change the files permissions
Take Ownership (O) Take ownership Take ownership of the file

Standard NTFS permissions


Best Practices

This is an ancient art, closely related to a form of religion practised on the island of Haiti called Voodoo. It is the art of actually doing this as an administrator and can only be learned through many years of angry phone calls.

Move / Copy

A newly created file will inherit the permissions and compression of its parent folder.



File permissions always override folder permissions, except...

Assign NTFS Full Control access to a folder and NTFS No Access to a file within the folder, a user will still be able to delete it.

This is because NT supports POSIX applications for UNIX (in UNIX, write has the ability to delete).

This is the only time that file permissions do not override folder permissions.

Workaround: Assign the equivalent individual permissions (with the exception of delete) in "Special Directory Access".


Only administrators can set up auditing for files ,directories and printers on domain controllers.

The user right "Manage Auditing and security" is only assigned to administrators and both administrators and server operators can view and archive security logs. Before file auditing can be performed you must enabled Audit policy in User Manager for Domains.

Windows NT Backup

A user with the Read permission can back up that file and to back up all files and folders a user must have the user right "Back Files and Directories". To restore he must have the user right "Restore Files and Directories". Members of the Backup Operators and Serve Operators have these rights by default.

The types of back ups are :

Backup Set is a group of files on a single volume from a single backup operation.

Family Set is a single backup on multiple tapes.

A Catalog is a graphical representation of a backup and a Tape Catalog shows all backup sets on a tape and a Backup Set catalog shows all files in a backup set.

A Backup Log is a text file that records backup operations.

The backup options are :

  1. Append - adds new backup set after last one
  2. Replace - overwrites all data on tape
  3. Verify after backup - confirms files backed up accurately
  4. Backup Registry - adds copy of registry to backup set
  5. Restrict access to owner or administrator
  6. Hardware Compression

Windows NT Backup can only restore the Registry or event logs on computers where the tape drive is installed. If the last tape in a family set is missing or damaged then use the /missingtape option. The options for restoring are : Restore Local registry , Restore File Permissions and Verify After Restore.

The at command can be used to schedule a backup using the ntbackup backup [pathname[options]] command or it can be used to run any command automatically. The schedule service in server Manager must be set to automatic ,so as to ensure the command runs regardless of who is logged on.