Our Free Study Guides and Practice Exams Will Make You Certifiable!
  Home

HOME | EXAM DETAILS | FREE TESTS | STUDY GUIDES | GLOSSARY | ARTICLES | BOOKS & TRAINING | FORUMS | CAREER & JOBS
 MICROSOFT
 COMPTIA
 CISCO
 CIW
 LPI
 RED HAT
 IBM
 FREE MAGAZINES
 WHITE PAPERS
 TOPSITES
 CONTRIBUTORS
 SITE MAP
 SITE FAQ
 

Users online
total users: 134
Last Post
POTS questions on N10-004
by HACKIT08
Jul. 04, 2009 09:39
Board statistics
We have a total of 85230 posts!
 TechTutorials
 CertifyPro
 Certnotes
 Web Host Reviews
 CBT Training
 MCSE Boot Camp
 MCSE Training
 Computer Training
 Computer Classes


NT 4.0 Enterprise Study Guide
Note: This exam is retired.

Tutorial Quick Links:
Introduction
Installation
NTFS vs FAT
Multiple Domains
Managing Groups
Security
Synchronization
Netware
Networking
Optimization
RAS
ARC Naming
RAID
Guides and Tests

INTRODUCTION
If you have read our NT 4.0 Study Guide, you have read and learned about NT Server in a single domain model. When studying for the this exam, you will need to have a very good understanding of the topics covered for the NT Server exam and you may notice that much of the material presented here is the same as the NT Server study guide. When discussing enterprise networking, we are getting into mixed environments with multiple domains. One of the major problems with enterprise networking using NT 4.0 Server is its scalability limitations. Many of these limitations will be addressed in Windows 2000 which will use a tree-like structure that is similar to the trees that are a part of Novell's Directory Services(NDS). In Windows 2000 this is called "Active Directory". Windows 2000 will have other features that will make it a better enterprise solution including Kerberos Security Protocol, transitive trusts, Dynamic DNS and more.

INSTALLATION
--GENERAL INFO--
In order to install NT server, your machine must meet the following requirements:
  • 16mb Ram
  • VGA video card
  • 486-DX33 or better
  • 125mb free disk space
  • CD-ROM unless this will be a network installation
There are a couple of different options for setup. If you are upgrading from an earlier version of NT, then you will use WINNT32.EXE. If you are upgrading from DOS or Win95 then you will use WINNT.EXE.

--UNATTENDED INSTALLATIONS--
With a little configuring beforehand, NT will do the whole installation for you. In order for this to work, you need a "script" known as an answer file that provides instructions to the setup program. This script can be handwritten in a text editor such as notepad or use the utility supplied with NT called Setup Manager.
Listed below are the various command switches that can be used during installation.
SWITCH PURPOSE
/B Bypasses the creation of startup disks
/S Sourcepath. Choose location of a source file - multiple locations will speed up installation.
/F Speed up install by not verifying files
/U Denotes unattended setup mode and points to an answer file location. Must use with /s to specify source file location.
/T Destination. Specifies installation location of temp files used during installation.
/C Bypasses checking for free space when creating boot disks. Can speed up install.
/OX Creates the setup disks from CD-ROM or network location. Replaces damaged boot disks.
/I Specify an inf file. Default file is DOSNET.INF.

--NETWORK INSTALLATIONS--
Another installation option is to install over the network which requires that you find a way to point the computer to an I386 directory somewhere on your network. Here is how it is done. First, you will need to have a shared I386 directory. Then go to an NT Server and go to Network Client Administrator, which is located in the Administrative Tools section of your start menu. From here you can create a network startup disk. Then from a DOS prompt you can target the an I386 directory that lives on the network and begin the installation.

NTFS VS FAT
--GENERAL INFORMATION--
When using NT it is a good idea to use NTFS partitions, at least on the partitions that contain your data. One of the advantages of the FAT file system is the system that DOS uses. On an NTFS partition, you can't boot from a DOS boot disk - this is one of the security features of NTFS. Additionally, a floppy disk cannot be formatted as NTFS. For this reason it might not be a bad idea to have a small partition formatted FAT so that you can boot into DOS for recovery purposes. FAT partitions can be defragmented while NTFS cannot without 3rd party software. An NTFS partition cannot be converted to FAT without erasing the disk and reformating. Files moved from a FAT partition to an NTFS partition will retain their filenames and attributes.

--FEATURES OF NTFS--
NTFS partitions provide the following features:
  • Supports upper and lower case letters in names.
  • Allows permissions to be set on files and directories
  • Supports Unicode in file names.
  • "Forks" in files.
  • File and directory names up to 254 characters in length.
  • Ability to access sequential access files over .5mb faster.
  • Faster access to all random access files.
  • Long file name conversion to the 8+3 convention.
  • Support for Appletalk and the ability to share Mac Volumes.
  • Disk space is used more effeciently.

MULTIPLE DOMAINS
--WHY?--
There are variety of reasons that multiple domains might be created when designing a network infrastructure. Let's take a look at some of the most common reasons that multiple domains are used and/or are necessary.
  • The SAM - One possible reason multiple domains may be necessary, comes down to the sheer size of a network. User, machine and group accounts are stored in a database called the SAM. The SAM is stored in RAM and is resident in the memory of all PDCs and BDCs at all times. Thus if there are too many accounts in one domain, the SAM gets too large and can cripple the servers if they do not have the hardware resources to accomodate it. Everytime a domain controller is booted, the SAM is parsed. The larger the SAM the longer it takes. This can become important in the event that a critical server goes down or is rebooted. Microsoft recommends that the SAM remain under 40mb and contain less than 40,000 objects. Objects can be machine accounts, user accounts and groups. Below is how the size of the SAM can be calculated:
    Object Size
    User Account 1 Kb
    Computer Account .5 Kb
    Global group account 512 bytes + 12 bytes per member
    Local group account 512 bytes + 36 bytes per member
  • Orginizational Units - A corporation may choose to implement multiple domains in order to divide resources along orginizational lines. For example, a company may have a "sales" orginization and "administration" orginization that do not share a whole lot in the way of network resources. Furthermore, they may not want the other orginization to have access to each others resources.
  • Geography -On a large enough network, broadcast and keep-alive messages can bring communications to a standstill. If a corporation is distibuted over a large geographic area, it may make sense to create multiple domains based on geographic boundaries.


--DOMAIN MODELS--
Workgroups This is essentially a peer-to peer model and is recommended for networks with less than 10 computers.
Single Domain This model contains 1 PDC that is responsible for resource and user management and is scalable up to 40,000 user accounts.
Single Master Domain In this model, the Master Domain typically contains all of the user accounts and is trusted by at least one other domain, while most resources live in the trusted domains. Resources can be managed locally in the domain in which they live, while user accounts are centrally administered. Recommended for 40,000 user accounts or less.
Muliple Master Domain As the name suggests, this model contains more than one Master Domain, each configured to completely trust the others. Additionally, there will be domains that contain resources only that trust the master domains. According to Microsoft, this model is scalable to any size although many experts would disagree.
Complete Trust Domain In this model, every domain trusts every other domain.


Let's take a look at this in a graphic format. Please note that the arrows point to the trusted domain.

You can see the single domain model represents what you should already be familiar with from your studies of NT Server and Workstation. In the next box, we have the master domain model. In this model, all of the user accounts live on the master domain and the resource domains all trust the master domain allowing the users to access their resources. Next we have the multiple master domain model. This model is an expanded version of the master domain model and contains multiple master domains as the name implies. Finally, there is the complete trust model which can contain any number of domains and a series of 2 way trusts between every domain. This means that every domain trusts every other domain. Each domain also contains its own user database.

--CAUTION--
Be careful when planning your enterprise network, specifically when creating multiple domains. Should you decide at some point that you need to merge one of your domains with another, you will find that there is no easy way to do it. Let's pretend that you have 2 domains called A and B. It is decided to move back to a single domain network and Domain A will absorb Domain B. There are a couple of ways that this can be done. You can manually add all of the user and machine accounts from domain B to domain A by entering them all in using User Manager For Domains. But what if domain B has 10,000 user accounts on it? This would be a logistical nightmare. Another option is a program called ADDUSER.EXE that is included in the NT Resource Kit. This program can write Domain B's SAM contents to an ASCII(text) file. After this step, running the program on Domain A, will add the users to the domain. However, for security reasons ADDUSER.EXE will not write passwords to the text file. This means that they will have to be manually added to Domain A, which can still be a rather daunting task. Another problem is that Domain A and Domain B may have some identical user accounts which would cause a conflict.

--TRUSTS--
By default, in a multiple domain environment, a user on domain A cannot access resources on domain B even if they are logged in as administrator of domain A. In fact, the administrator of domain A can't even share items so that domain B users can access them. So how do we get started in allowing our multiple domains share resources. The answer is trusts. Creating a trust relationship accomplishes exactly what it sounds like - it allows one domain to trust another. The domain that the trust is configured in is called the "trusting domain" while the domain being trusted is called the "trusted domain". Trust relationships are one way(non-transitive) in nature. In order for 2 domains to trust each other, each domain must be configured to trust the other using User Manager. Once in User Manager For Domains, click the policies menu and select "Trust Relationships".

Establishing trust relationships is a 2 step process that requires action to be taken in both the trusting and trusted domains as follows. Let's use an example of configuring domain A to trust domain B.
  1. The trusted domain(domain B) needs to add a domain to its list of trusting domains.
  2. Next, the trusting domain(domain A) adds domain B to the list of trusted domains.
Now if you want to configure domain B to trust domain A, you must repeat these steps on the appropriate server. Once the trust has been configured resources will need to be shared and permissions configured in order for users from trusted domains to have access to them. Let's take a look at the complete process of how to allow a user in one domain to access resources in another.

Let's say that we have a user named Sally that is a member of domain A and she needs to access a share in domain B. We will call this shared directory "files" that is located on "Server". The very first step is to create a trust relationship in which domain B trusts domain A. Next we need to create a local group on "Server" and assign access rights to the "Files" directory. Next, we add a global group in domain A and add Sally to this group. We then take the global group and add it to a local group on "Server" in domain B. Sally will now be able to access the directory in domain B. We realize that we have not yet explained what global and local groups are - this is coming up in the next section.

MANAGING GROUPS
--GROUPS--
In an enterprise environment, you will still call upon your previous knowledge of user groups as listed below. Once you have reviewed these, we will introduce new group concepts that are specific to the enterprise.
GROUP RIGHTS
Administrators
  • log on locally
  • Take ownership of files
  • Access computers from network
  • Create and manage user accts
  • Create and manage global groups
  • Manage auditing and the security log
  • Shutdown or remotely shutdown the system
  • Assign user rights
  • lock system
  • Bypass server lock
  • Format server hard disk
  • Change the time
  • Backup files and directories
  • Keep a local profile
  • Create and remove shares
  • Create common groups
Server Operators
  • Log on locally
  • Lock server and bypass lock
  • Change time
  • Format hard drive
  • Shutdown or remotely shutdown the system
  • Backup files and directories
  • Keep a local profile
  • Restore files and directories
  • Create and remove shares
  • Create common groups
Account Operators
  • Log on locally
  • Create and manage user accounts, local and global groups
  • Shutdown the system
  • Keep a local profile
Print Operators
  • Log on locally
  • Keep a local profile
  • Shutdown the system
  • Create and remove printer shares
    Backup Operators
    • Log on locally
    • Keep a local profile
    • Shutdown the system
    • Backup files and directories
    • Restore files and directories
    Users
    • Create and manage local groups(only if user has permissions to log on locally at server or has access to user manager for domains.
    Guests
    • None

    And now for the global groups. There are 3 global groups which can only be created on a domain controller.
    GROUP DESCRIPTION
    Domain Admins By default this group can administer the servers(also from trusted domains) and any NT Workstation logged into the domain.
    Domain Users By default, this group is a member of the Users local groups for for the domain and NT Workstations in the domain.
    Domain Guests If given permissions by the domain admin, this group permits guest accounts to access resources across domains.


    --LOCAL AND GLOBAL GROUPS--
    A Local group determines permissions for resources located within the domain in which the local group lives. Local groups may contain users and global groups from the local domain(but not other local groups), as well as users and global groups from trusted domains. However, a local group can only be assigned permissions and rights in its own domain.

    Global groups are groups that can be added to other domains and are used to simplify cross domain management. If you have 5000 users that need access to a resource on another domain, it would be tedious to have to assign permissions to each of them individually. If these 5000 users are members of local groups for their domain, their group/s can be added to a local group on the domain that contains the resources that they are trying to access. Since a global group doesn’t have any user rights associated with it, it is useless until it is assigned to a local group. A global group only contains user accounts that are locally defined in the domain in which the global group exists. Let's take a look at an example:

    Sally, Bill and Tom are members of the global group called "sales" that has been configured on domain A and need to access a directory called "files" on "Server" which is located in domain B. A trust relationship has been configured so that domain B trusts domain A. On domain B, we can either configure permissions for each user individually to have access to this directory or we can place the global group "sales" in a local group such as Server Operators(just as an example). Our 3 members would then inherit the permissions of the local group Server Operators for this share and would have the same permissions to this share as the local members of this group.

    SECURITY
    --SYSTEM SECURITY POLICIES--
    In order to understand system policies, you need to understand the difference between rights and permissions. Rights give a user or group the ability to perform a certain task, such as the ability to create user accounts. Permissions give access to specific objects like files and directories. Rights are determined by the administrator, whereas permissions are determined by the owner of the object being accessed. Generally rights carry more weight than permissions. NT allows new groups and users to be created with a customized set of rights. --SHARING--
    There are 3 ways to create a share:
    1) Explorer
    2) My Computer
    3) NET SHARE command at a DOS prompt

    Lets talk about sharing a directory. First of all, NT comes with default shares if the server service is running. All root directories of partitions, Netlogon and CDROM drives have default shares. These shares can only be accesed by admins. For others to access these resources, a new share must be made by a member of the Administrators or Server Operators groups. A single file cannot be shared under NT, it must be a directory. Share names can be up to 12 characters long, but it is recommended to keep them under 8 as DOS redirectors can't handle anything longer. Spaces are allowed, but if the share name has a space in it you will have to enclose the name in quotations in order to access it. If you wish to hide a share so that it does not show up on the browse list, all you have to do is add a $ sign at the end of it(eg. resource$). If a share is hidden then you can only access it from a DOS prompt or via the map network drive option in explorer. When a share is created, you have the option of specifying permissions(see below) for the share and the maximum number of users that can access it at one time. The NT Resource kit contains a program called "Server Manager" that can be installed on an NT Workstation or Win9x computer and will allow you to create shares remotely so you don't have to get up again, which means that it might be a good time to join a gym.

    When you create a share, you have the ability to assign permissions to it so that unwanted users don't get in and start erasing files. There are 3 of sets share-level permissions:
    1) Share-level
    2) File-level
    3) Directory-level
    Now more in depth on each of these-

    --SHARE-LEVEL PERMISSIONS--
    When assigning permissions to a share, the users and or group/s that are given access to a share is defined by the "access control list" or ACL. For example, lets say that you have a company called Spatula City...You can assign a certain level of permission to the Processing group such as read only and full control to the refining group. Or you can specify by user or both groups and users. It is very flexible and can also be very complicated.
    Here are the different types of share-level permission.
    No accessCan't get in or access at all
    ReadView files and subdirectories. Execute applications. No changes can be made.
    ChangeIncludes read permissions and the ability to add, delete or change files or subdirectories
    Full ControlIncludes change permissions and the ability to change permissions(NTFS only) and take ownership(NTFS only)
    If you are a member of multiple groups and different permissions are assigned to each group, your permissions will be for whichever group gives you the greater permissions unless one of your groups is given no access. No access would override any other permissions for any other group of which you are a member.

    --FILE AND DIRECTORY PERMISSIONS--
    Lets say you have an NT workstation with 3 users that share it. NT will allow you to create shares that permissions can be assigned to the other users of the same workstation to prevent or limit their ability to access the other users' files or directories. This type of security occurs at the local file system. File and directory permissions apply to NTFS permissions only.
    The following permissions can be applied to directories:
    • No access
    • List
    • Read
    • Add and Read
    • Change
    • Full control
    • Special directory access
    • Special file access
    The following permissions can be applied to files:
    • No access
    • Read
    • Change
    • Full control
    • Special access
    PermissionDescription
    No accessDirectory: Can't view or change directory or directory permissions.
    File: Can't view or change file or file permissions.
    ReadDirectory: Users can view files and their attributes inside directories. User can browse through directory.
    File: Users can open or execute the file and view the file's attributes and and permissions.
    AddDirectory: Can add files to a directory but can't access files put into that directory.
    File: N/A
    Add and readDirectory: Users can open/execute and add files in the directory. Can't change or delete files
    File: When a directory is Add and read, the files in that directory are read only. Add and read cannot be applied directly to files.
    ListDirectory: User can view files and view file and directory permissions. Can open/execute files.
    File: N/A
    ChangeDirectory: Able to make new files and directories, change or delete files, open/execute files. Can't change permissions.
    File: View, change and delete files. Can't change permissions.
    Full ControlDirectory: All of the permissions included with change and the ability to change permissions and take ownership of files.
    File: Same as change permissions, but can also change permissions and take ownership of files.
    Special accessDirectory and file: Create custom permissions using NT's 6 basic permissions which are read, write, execute, take ownership, change permissions and delete.
    In order to access data over the network, you must have share-level and file and directory-level permissions. Share-level and file and directory-level permissions can be used in conjunction with each other. NOTE: New files will take on the permissions of the directory that they are created in by default.

    --REMEMBER THE FOLLOWING ABOUT SHARING AND PERMISSIONS--
    If you are a member of multiple groups and different permissions are assigned to each group, the least restrictive share will apply as they are cumulative, unless one of your groups is given no access. No access would override any other permissions for any other group of which you are a member.

    When accessing a shared resource, then both the share permissions and the NTFS permissions will be looked at. The most restrictive of the two will be applied. Remember that shares mean "over the network". Your share level permissions do not affect your ability to access local files and directories.

    File permissions take precedence over directory permissions.

    --MOVING OR CREATING FILES--
    Permissions for an object that is moved or created follow a special set of rules as follows:
    • If you move a folder or file on an NTFS partition and place it into a different folder on THE SAME NTFS partition, the file or folder will retain its security information. For example, you have a file called booger.xls that has full control permissions for the "Everyone" group and move it to a new NTFS directory on the same partition that has read only access for the "Everyone" group, the file will retain its full control status.
    • If you copy a file within the same NTFS partition it will inherit the permissions of the target directory.
    • If you move or copy a file from one NTFS partition to another, the file will inherit the permissions of the target directory.
    • If you create a new file or folder in an NTFS directory, it will inherit the permissions of the parent directory.
    • If you move a file from an NTFS partition to a FAT partition, all permissions are lost.
    --PROFILES--
    A user profile is a bunch of configuration settings that comprise a users desktop. There are several different ways that these can be configured and each is listed below.

    LOCAL
    • LOCAL PROFILE - Each user creates and maintains there own profile.
    • PRECONFIGURED LOCAL PROFILES - Users have local profiles that are partially or entirely preconfigured by the admin.
    • PRECONFIGURED DEFAULT USER PROFILE - Users have local profiles, but admin uses a "template" for new users. This can be modified by user.
    NETWORK
    • ROAMING PROFILES - A path is created to the users profile and is maintained on the server. Users can alter this profile.
    • PRECONFIGURED ROAMING PROFILE - A path is added to users account info and a preconfigured version is stored on the server.
    • NETWORK DEFAULT USER PROFILE - A default user profile that is stored in the netlogon shared directory. Users will be able to change this profile.
    • MANDATORY PROFILE - A path is made to the users profile and a preconfigured profile is copied to that path. The user may not modify this profile.
    The %systemroot%/profiles directory contains profiles for every user that has ever logged in to the NT box. Each user's profile contains the following folders: Application data, desktop, favorites, personal, sendto and start menu. Any setting that is not a part of the desktop settings is stored in the NTUSER.DAT file. This file can be altered by editing the registry in the HKEY_CURRENT_USER subtree. Most changes that you would want to make can also be done in the control panels.

    DOMAIN SYNCHRONIZATION
    --GENERAL--
    The PDC maintains a database that consists of passwords, user and group accounts and rights assignments that is synchronized by the NetLogon Service. Any change to the domain directory database is first made on the PDC, after which they are distributed to the BDCs in a process called synchronization. When a BDC requests a database update, the changes that took place since the last update are copied to the BDC's database. An update that consists only of recent changes is a partial synchronization. In a full synchronization, the BDC will receive an entire copy of the database from the PDC.

    The PDC change database has a limited storage capacity(about 2000 changes) which means that older changes will be discarded in order to create room for new changes. So if you have a BDC that is down for a long period of time, a partial synchronization will not do. In a situation such as this, you must perform a full synchronization.

    Synchronization occurs every 5 minutes by default. This value is named PulseConcurrency in the registry and can be changed if these broadcasts are causing network performance issues.

    WORKING WITH NETWARE
    --BACKGROUND--
    Unfortunately, most networks will be a mix of network operating systems which makes the process of everything working together a little more complicated. The big one that you have to wory about in real life and in the exam is Netware, so really know this section. The 2 basic Netware situations that you will need to worry about for this exam are: NT Server on a Netware network and Netware on an NT Server network.

    --CONNECTION OPTIONS--
    • NWLink is a routable transport protocol that imitates Netware's IPX/SPX protocol and is all that is necessary to allow NT to run applications from a Netware server, but does not allow file and print sharing. After this is installed you will now have multiple protocols bound to your ethernet card(if you didn't already). To improve your network performance change the binding order so that the most frequently used protocol is first.
    • File and Print Services for Netware(FPNW) is add on software that allows Netware clients to access an NT Server. The NWLink protocol must be installed for this method to work.
    • Client Services for Netware(CSNW) allows NT workstations file and print sharing access to a Netware server. The NWLink protocol will automatically be installed with CSNW.
    • Gateway Services for Netware(GSNW) creates a gateway that allows NT clients to access a Netware network via an NT Server without having to install any clent software. GSNW will also allow you to run many Novell commands from a command prompt. NWLink is required and will be installed automatically when GSNW is installed. You must create a group called NTGATEWAY on the Netware server and then map a drive on the NT Server for the clients to access. The account used for the gateway must be a member of the NTGATEWAY group and have appropriate permissions for the resources on the Netware server. Only the NTGATEWAY account is necessary to allow all users to access Netware resources. Accessing a Netware server via a gateway will be slower than connecting directly. Go here for our new whitepaper dedicated to Gateway Services For Netware with installation instructions.
    • Netware Client Software is Novell's solution to the whole mess and substitutes ODI(what Netware uses) based network drivers for the NDIS ones that come with NT. This would be used if you were connecting a few NT workstations or Win 95/98 machines to a Netware network and did not want to use CSNW. This situation doesn't really apply to this exam, but I included it just in case.
    --FRAME TYPES--
    Once you have all of this figured out, you then need to worry about the frame type. If mismatched frame types are used then communication will not happen. By default, NWLink and GSNW will only allow you to connect to Netware 3.12, 4.1, 4.11, which use Ethernet 802.2 frame type. Auto-detection should work fine in this situation as NWLink also uses 802.2. Auto-detect is only capable of selecting one frame type so to connect to NetWare 3.11 or lower, you need to use manual configuration and select both frame types as these lower versions of Netware use the Ethernet 802.3 frame type.

    --MIGRATION TOOL--
    NT has a file called NWCONV.EXE that is designed to aid in the event that you are moving away from a Novell based network to an NT network. You must first set up GSNW as described above. After running the conversion, you need to make sure that all of the Netware workstations have the SMB redirectors installed so that they will be able to access the NT server.

    NETWORK CONNECTIONS
    --CONNECTING A DOS WORKSTATION TO NT--
    DOS is the most complicated one to connect to NT because it has no built-in networking support. There are several different ways to do this and we will look at each.
    The first way is to use NT's NCA(Network Client Administrator). The NCA setup will ask for your Network card type, protocol info, etc and will then create a file on a floppy that you would use as a boot disk on the DOS client after modifying the protocol.ini file. This will provide enough network support to connect to the NT server. Then a batch file will be run that will install the Microsoft Network Client 3 for DOS.

    There is an easier way to set up the Microsoft Network client 3 for DOS that bypasses using NCA. Browse to the "clients" directory and look in the "msclients" subdirectory. In here, you will find a "disk1" and a "disk2" directory. Copy each of these to a separate floppy disk. Now all you have to do is install disk one into the DOS client, switch to the A drive and type setup. This will run the installation program and ans should be pretty straight forward from there.
    When you first try to logon, you will get a message that your password has expired so you will have to change it using the following command: net password /domain:(your domain)(username)(old password)(new password). You will probably get an error message, but the password has been changed and should work when you try to logon again.

    --GETTING AROUND THE NETWORK WITH DOS--
    To browse the network, use the "net view" command without the quotes. To view shared resources on a particular server, use "net view \\(server name)". To connect to a shared resource, use "net use (drive letter): \\(server name)\(resource)". If you need to map to drive letters higher that E, then you will have to edit your config.sys file and add LASTDRIVE=(whatever you want the last drive letter to be). To use a printer type "net use (port such as lpt1:)\\(server)\(printer share name)". To disconnect a network connection type "net use /delete".

    --CONNECTING WINDOWS FOR WORKGROUPS TO NT NETWORKS--
    During installation of Windows for Workgroup you will install the network card. If it was not done at this time or you installed a new network card, then go to the Network Group and run the network setup program. Once the network card is setup and you have logged into the domain, you can browse shared network resources and servers. To do this, open file manager and click "disk" and then "connect network drive" and you will see the browse list. Working with printers is similar except you open Printer Manager and click "Printer" and then "Connect Network Printer".

    --CONNECTING WINDOWS 95/98 TO NT NETWORKS--
    Like Windows for Workgroups you will have the option of setting up network support during Windows installation. But again let's pretend that it didn't happen that way or that you are adding a new network card. To set this up, all you have to do is go to the networking control panel, click the configuration tab, select "add" and you will see choices of client, adapter, protocol and service. Select "adapter". Select your adapter type or go to have disk if you wish to install 3rd party drivers. IPX and NetBeui protocols will automatically be installed. Clicking on the "add" or "remove" buttons from the configuration tab to add or remove protocols.

    In order to enable the workstation to log into the domain, you will need to go to the "properties" of Client for Microsoft Networks. In this dialog box, you will need to select "log on to Windows NT domain" and enter the domain name. Once finished with all of this you will have to reboot and will then be able to log in. Like NT. Windows 95/98 uses the Network Neighborhood interface to browse the network.

    --WINDOWS TERMINAL SERVER--
    It is similar to a centralized network - remember that from networking essentials? Essentially, the network would have 1 or more terminal servers and the rest of the computers would be almost like dumb terminals which are also known as "thin" clients. Thin clients can be any old computer that you have laying around which is one of the attractions to this type of set up - hardware savings, although you have to have enough beefed up servers to support them. This is not the only advantage however, you also save on support as Winterm can be configured to run all of the applications on the servers. This means that if there is a problem, odds are good that it is occurring at the server which makes for easy and centralized support. Installation of the Terminal Server is very similar to an NT installation. Once installed, you will notice some differences in the administrative tools from NT 4.0 as it will now include the following:
    • Terminal Server Client Creator -- Will create floppies for Client installation on the workstations.
    • Terminal Server Administration -- The Big Brother application that allows you to view what the clients are running, disconnect them and view protocol information.
    • Terminal Server License Manager -- Allows you to add or subtract client licenses that you must pay for.
    • Terminal Server Connection Configuration -- Used to configure the RDP protocol, set security and a bunch of other stuff.
    In order to set this up for a workstation, the Windows Terminal Client must be installed. On the server side, you will need to select either Remote Desktop Protocol(RDP) or MetaFrame. MetaFrame is faster as it only sends the changed information from the client as opposed to RDP which will resend the whole desktop if a user deletes a file from it, for example.

    --MACINTOSH CONNECTION TO NT NETWORKS--
    NT offers Services for Macintosh to allow MACs to access shared resources as well as provide other services including:
    • Support for appletalk protocols without the need for a gateway.
    • MAC filename attribute support.
    • Support for Appleshare protocol
    • Allows MAC users to access non-PostScript printers without the need to convert documents.
    • Ability to map extensions for PC files which allows MAC apps to recognize PC file extensions.
    • Allows PC users to access Laserwriter printers without the need to convert documents.
    • Allows for 255 simultaneous appletalk sessions per NT server.
    So how do you set this all up? On the server side, you need to install services for Macintosh which requires an NTFS partition. If there are routers on the network, they will need to be configured to route the Appletalk protocol or NT server can be set up to perform this function. If you will be using NT as the router, you will need to specify the zones and the network range. Each number in the network range will support up to 256 devices per network segment. After rebooting, the NT server should show up in the chooser on the MACs and a Microsoft UAM Volume will appear on the NTFS partition. Now MAC volumes can be created using server manager. Finally, you will need to set your permissions for the MAC volumes. Following are the MAC permissions:
    PermissionDescription
    See FilesLike NT's read permission. Permits the everyone, a primary group or everyone to view files in the MAC volume.
    See FoldersSame as see file permissions except it applies to folders within the MAC volume.
    Make ChangesSimilar to NT's change permissions. Permission to view, add and delete files or folders. Can also save changes.
    Replace permission on subdirectoriesWhatever permissions are set and copies them to all of the folders within the MAC volume or a folder within the volume.
    Cannot remove, rename or delete.Users can't rename, remove or delete a MAC volume or a folder within it.

    Not much setup needs to be done on the MAC side unless you would like to maintain NT's C2 security and allow for encrypted passwords. The software for this is included with NT server and would need to be installed on every participating MAC client.

    You are now ready to move files back and forth, except you will undoubtedly run into problems. Obviously, Macs and PCs use different file systems and this also means that they won't recognize each others file types without some configuration. For DOS extensions, you will need to use file manager to change the extension mappings for ones that aren't correctly configured. If an application isn't listed then you will need to get to the type and creator codes for the files it supports. On the Mac you will probably need a 3rd party converter application like Maclink. Many applications have cross platform versions available.

    If you would like to find out more about how Appletalk works, click here to read our tutorial.

    OPTIMIZATION AND TUNING
    --PERFORMANCE MONITOR--
    Performance Monitor uses "counters" not only allows you to view statistics on a local NT Server, but on others located on the network as well. Perfmon allows you to locate trouble areas and bottlenecks on your NT Server. The main sources of these bottlenecks are the network card and drivers, CPU, memory and the disk subsystem. These problems will vary depending on whether your server is a file server or an application server. Perfmon gives you several ways to handle your statistics as follows:
    • Report - view statistics.
    • Chart - good for finding problems over a period of time.
    • Log - used to view data over a period of time.
    • Alerts - Alerts can be configured so that you are notified when a particular counter has passed a benchmark that you have set. The results can only be sent to one user.
    Following are how to tell where the problem is:
    • DISK - If the %disk time is over 90% or the disk queue length is over 2, then there is a problem with either the disk or the controller. You must type DISKPERF -Y at a command prompt to enable disk performance counters.
    • NETWORK CARD - Use the network/%network utilization counter. You won't be able to use this unless you have the Network Monitor Agent installed and running. If this value is over 30% then the network card is the problem. As previously mentioned, make sure that you bind your most used protocols first.
    • CPU - Check the %processor time. If it is running above 80% then there is a problem. To get TCP/IP statistics you will need to have SNMP running.
    • MEMORY - The pages/sec counter should be less than 20. The available bytes should be more than 4mb and committed bytes should not exceed the amount of physical memory installed in the computer. You will also want to use Performance Monitor to keep an eye on your paging file(virtual memory) by using the %usage and %usage peak counters. Microsoft recommends that the paging file is set to a value equal to the amount of RAM +12. So if you had 32mb of RAM, your initial paging file size would be 44, but using Perfmon and viewing the %usage and %usage peak counters is the best way to tell whether it is cutting the mustard.
    --MISC--
    The Event Viewer is a configurable tool that keeps track of what happens on your server and tracks 3 categories of information: System, Security and Application. The system log will contain information about drivers and services that fail to start. The security log will keep track of events that you enable in auditing. The Application log keeps track of application errors and processes.

    Task manager allows you to list and stop running programs, start programs, view CPU and memory usage, view running processes and change their priority.

    REMOTE ACCESS SERVICE(RAS)
    --GENERAL--
    RAS is basically NT's dial up networking service that allows NT to dial out to other computers and to receive calls as well. On the client side it is called Dial Up Networking(DUN) which is not as robust as RAS. Essentially, RAS turns your dial-up-communications into a network card. In NT 4.0 a new software layer called TAPI has been added which allows software vendors to not have to provide support and worry about the type of modem being used. TAPI handles this for them. RAS supports the SLIP and PPP dialup protocols. PPP is most commonly used as it allows for dynamic addressing. RAS supports modem, frame relay, direct serial, x.25 and ISDN connections. Additionally, RAS has an option for multilink PPP that allows for connections to automatically be pooled. By default RAS uses the NetBeui protocol but can also use TCP/IP and IPX/SPX. TCP/IP must be used with programs that use Winsock. An LMHOSTS file on a RAS client can speed up NetBios name resolution.

    --LOGIN AUTHENTICATION--
    RAS provides several different authentication possibilities as follows:
    • Allow any authentication including clear text -- Allows for a variety of password authentication protocols including PAP. This is a good option if you have a variety of RAS client types.
    • Require encrypted authentication -- Will allow any password authentication except for PAP.
    • Require Microsoft encrypted authentication -- This will use CHAP(Challenge Handshake Authentication Protocol) or MSCHAP and means that only Microsoft clients will be able to attach.
    • Require data encryption -- Will require all data to be encrypted
    By default nobody is able to dial in to the RAS server. These permissions have to be set in the Remote Access Service Administrator. Once this is done, there is a callback security option that must be set. Callback security can be set so that the RAS server will call back a user trying to login to verify that their phone number matches their login ID and password. Not only does it provide security, but it can also save customers money if they are dialing in long distance. There are 3 possible options:
    • No call back -- Default option that provides no added security.
    • Set by caller -- Once the user is validated, RAS will then call the user back. Provides no additional security.
    • Preset to -- This option provides a lot of security but only works if the users always call from the same phone number. If they try to call from a different one, they will not be able to connect.

    ARC NAMING CONVENTION
    --GENERAL INFORMATION--
    ARC is an architecture-independant way of naming drives for x86, risc, alpha, etc. NT uses this convention in its boot.ini file to determine which disk holds the OS. The table below will explain the different options.
    Multi(x)Specifies an EIDE disk or a SCSI disk if the bios is enabled to detect it. Can only be used on x86 systems. "x" is the number of the controller.
    SCSI(x)Defines a SCSI controller if the BIOS is not enabled to do so. Again, "x" is the number of the controller.
    Disk(x)Defines which SCSI disk the OS is on. If SCSI(x) was used then x=the SCSI ID of the drive. If Multi(x) was used then x=0.
    Rdisk(x)Defines disk which the OS is on when it is on an EIDE disk. x=0-1 if on primary controller. x=2-3 if on multi-channel EIDE controller.
    Partition(x)Specifies the partition that the operating system is located on. (x)=the partition's number.


    RAID
    --GENERAL INFORMATION--
    In order to understand how RAID works it is first best to understand the following concepts regarding hard disk configurations.
    • PARTITIONS -- A partition is a portion of a physical hard disk. A partition can be primary or extended
    • PRIMARY PARTITION -- This is a bootable partition. One primary partition can be made active.
    • EXTENDED PARTITION -- An extended partition is made from the free space on a hard disk and can be broken down into smaller logical drives. There can only be one of these per hard disk.
    • LOGICAL DRIVE -- These are a primary partition or portions of an extended partition that are assigned a drive letter.
    • VOLUME SET -- This is a disk or part of a disk that is combined with space from the same or another disk to create one larger volume. This volume can be formatted and assigned a drive letter like a logical drive, but can span more than one hard disk. A volume set can be extended without starting over, however to make it smaller, the set must be deleted and re-created.
    • DISK ADMINISTRATOR -- This utility is found in the administrative tools section of NT 4. This is the tool that controls the configuration of the hard disks on an NT 4 system. You can create partitions, volume sets, logical drives, format disks, etc.
    --RAID LEVEL 0 - DISK STRIPING WITHOUT PARITY--
    Disk striping will distribute data across 2-32 hard disks. This provides the fastest read/write performance as the system can access the data from more than one place. This level of RAID does not provide any redundancy. This means that if one of the disks fails you lose all of the data and have to delete the stripe set and start over once the bad disk is replaced. System and boot partitions cannot be included in a stripe set.

    --RAID LEVEL 1 - DISK MIRRORING--
    Disk mirroring writes exact copies of data to more than one disk. Each disk or partition of a disk will contain the exact same data. If one hard disk fails, the data still exists on the other disk. This level of RAID also increases disk read performance as it can pull the data off of both disks. Disk mirroring on NT Server also uses disk duplexing whereby each disk has it's own disk controller. This provides redundancy in the case of a controller failure. To recover from a failure, the new drive must be installed and then in Disk Administrator break the mirror and re-establish it.

    --RAID LEVEL 5 - DISK STRIPING WITH PARITY--
    Very similar to RAID level 0, however, parity information is written to each of the 3-32 disks in the array. If one of the disks fails, the data can be reconstructed by installing a working hard disk and using Disk Adminstrator. The parity information will be used to reconstruct the data that was lost when that drunk employee urinated in your computer case. Think this has never happened? If more than one disk fails then you have a real problem will spend your weekend fixing this. RAID 5 offers increased disk read speeds, but slower write speeds because it has to write the parity info. System and boot PARTITIONS cannot be included in a stripe set. To recover from a failure, you must select the regenerate option in Disk Administrator.


     CareerAcademy
    Certification training videos with private instructors. Topics cover Microsoft MCSE, CompTIA, CISSP & Cisco exams. Courses also come with official practice exams with 7x24 mentors.
     Training Planet
    Nationwide Computer Training Boot Camp Classes and also CD based training courses A+ Certification, Cisco Training, MCSE, CISSP, Autocad, Office, PMP, SOX, PC Diagnostics
     EDULEARN
    Certification Training on CD-ROMs & Videos: Microsoft MCSE Training, A+ Certification, Windows 2003, & Free demos. MCSE certification training includes videos and labs.
     Online Computer Training by K Alliance. Certification training videos for MCTS, MCITP, Oracle OCA/OCP, A+, CCNA, RHCE and more. Our e-learning courses come with 24/7 online mentoring.
    More Training Options

    ADVERTISE | PARTNERSHIPS | PRIVACY POLICY | DISCLAIMER | | CONTACT


    IT Showcase