Our Free Study Guides and Practice Exams Will Make You Certifiable!
  Home

HOME | EXAM DETAILS | FREE TESTS | STUDY GUIDES | GLOSSARY | ARTICLES | BOOKS & TRAINING | FORUMS | CAREER & JOBS
 MICROSOFT
 COMPTIA
 CISCO
 CIW
 LPI
 RED HAT
 IBM
 FREE MAGAZINES
 WHITE PAPERS
 TOPSITES
 CONTRIBUTORS
 SITE MAP
 SITE FAQ
 

Users online
total users: 977
Last Post
Next Career Step
by red 5
May. 17, 2008 09:19
Board statistics
We have a total of 79576 posts!
 TechTutorials
 CertifyPro
 Certnotes
 Web Host Reviews
 CBT Training
 MCSE Boot Camp
 MCSE Training

NT 4.0 Workstation Study Guide
Note: This exam is retired.

Tutorial Quick Links
Installation
NTFS vs FAT
Disk Configuration
User Accounts
System Security
Registry
Netware
RAS
Printing
NT Architecture
Optimization
Disaster Recovery
UPS


INSTALLATION
--REQUIREMENTS--
  • 12mb Ram(Intel)
  • 16mb Ram(RISC)
  • VGA video card
  • 486-DX33 or better
  • 120mb free disk space
  • CD-ROM unless this will be a network installation
  • Compatible Mouse
There are a couple of different options for setup. If you are upgrading from an earlier version of NT, then you will use WINNT32.EXE. If you are upgrading from DOS, Win3.x or Win9x then you will use WINNT.EXE. If you wish to dual boot with another OS, make sure that you install them on separate partitions as the different operation systems may share files. Just like NT server, there are a number of command switches that can be used during installation:
SWITCH PURPOSE
/B Bypasses the creation of startup disks
/S Sourcepath. Choose location of a source file - multiple locations will speed up installation.
/F Speed up install by not verifying files
/U Denotes unattended setup mode and points to an answer file location. Must use with /s to specify source file location.
/T Destination. Specifies installation location of temp files used during installation.
/C Bypasses checking for free space when creating boot disks. Can speed up install.
/OX Creates the setup disks from CD-ROM or network location. Replaces damaged boot disks.
/I Specify an inf file. Default file is DOSNET.INF.
/R Specifies an optional directory to be installed.

NOTE: NT doesn't come with an uninstall program. You must boot into DOS and SYS the partition and then manually remove NT.

--NETWORK INSTALLATIONS--
Another installation option is to install over the network which requires that you find a way to point the computer to an I386 directory somewhere on your network. Here is how it is done. First, you will need to have a shared I386 directory. Next, you need to make a boot disk from DOS or Win 95/98. Then go to an NT Server and go to Network Client Administrator, which is located in the Administrative Tools section of your start menu. From here you can create a network startup disk. Once installed on the workstation, you will have limited network support and will be able to copy the installation files from the other machine. RISC computers cannot perform network installations.

--UNATTENDED INSTALLATIONS--
Now who has time to sit with the NT machine for 45 minutes to an hour. That cuts into cocktail time, which is why Micro$oft provided options for unattended installations. With a little configuring beforehand, NT will do the whole installation for you and you can take off for drinks with your friends. In order for this to work, you need a "script" known as an answer file that provides instructions to the setup program. This script can be handwritten in a text editor such as notepad or use the utility supplied with NT called SETUPMGR.EXE. The installation CD includes a default file for unattended installations that can be edited called UNATTEND.TXT.

--SYSDIFF--
Sysdiff is a utility that will record the differences between a default installation and custom installation with additional applications. This can then be applied to future installations on machines that have similar requirements. Below are the 5 functions that it can perform:
  • SNAP -- Snap stands for "snapshot". This means that an installation, including registry and file system information, will be written to a file.
  • DIFF -- Difference File. A snapshot of NT that only includes changes made since the original snapshot was taken.
  • APPLY -- Applies the aformentioned difference file to another installation.
  • DUMP -- Creates a file that lists the changes that can be found in the difference file.
  • INF -- This will create an INF file from a difference file that can be called using the /I switch during installation. This file can be stored on a network and used to help automate installation.

NTFS VS FAT
--GENERAL INFORMATION--
When using NT it is a good idea to use NTFS partitions, at least on the partitions that contain your data. One of the advantages of the FAT file system is the system that DOS uses. On an NTFS partition, you can't boot from a DOS boot disk - this is one of the security features of NTFS. Additionally, a floppy disk cannot be formatted as NTFS. For this reason it might not be a bad idea to have a small partition formatted FAT so that you can boot into DOS for recovery purposes. FAT partitions can be defragmented while NTFS cannot. An NTFS partition cannot be converted to FAT without erasing the disk and reformating. In order to convert a FAT partition to NTFS, NT includes a utility called convert.exe. Files moved from a FAT partition to an NTFS partition will retain their filenames and attributes.

--FEATURES OF NTFS--
NTFS partitions provide the following features:
  • Supports upper and lower case letters in names.
  • Allows permissions to be set on files and directories
  • Supports Unicode in file names.
  • "Forks" in files.
  • File and directory names up to 254 characters in length.
  • Ability to access sequential access files over .5mb faster.
  • Faster access to all random access files.
  • Long file name conversion to the 8+3 convention.
  • Support for Appletalk and the ability to share Mac Volumes.
  • Disk space is used more effeciently.

DISK CONFIGURATION
--GENERAL INFO--
NT Workstation does not support fault tolerant systems like NT Server does. However, NT Workstation does support volume sets and disk striping without parity. First, let's take a look at the different disk configuration options that can be used.
  • PARTITIONS -- A partition is a portion of a physical hard disk. A partition can be primary or extended
  • PRIMARY PARTITION -- This is a bootable partition. One primary partition can be made active.
  • EXTENDED PARTITION -- An extended partition is made from the free space on a hard disk and can be broken down into smaller logical drives. There can only be one of these per hard disk.
  • LOGICAL DRIVE -- These are a primary partition or portions of an extended partition that are assigned a drive letter.
  • VOLUME SET -- This is a disk or part of a disk that is combined with space from the same or another disk to create one larger volume. This volume can be formatted and assigned a drive letter like a logical drive, but can span more than one hard disk. A volume set can be extended without starting over, however to make it smaller, the set must be deleted and re-created.
  • DISK ADMINISTRATOR -- This utility is found in the administrative tools section of NT 4. This is the tool that controls the configuration of the hard disks on an NT 4 system. You can create partitions, volume sets, logical drives, format disks, etc.
--DISK STRIPING WITHOUT PARITY--
Disk striping will distribute data across 2-32 hard disks. This provides the fastest read/write performance as the system can access the data from more than one place. This level of RAID does not provide any redundancy. This means that if one of the disks fails you lose all of the data and have to delete the stripe set and start over once the bad disk is replaced. System and boot partitions cannot be included in a stripe set.

USER ACCOUNTS AND RIGHTS
--GENERAL INFO--
The User Manager utility is the tool used to create and maintain local user accounts on NT workstation. It is very similar to User Manager for Domains, but does not have all of the features or priveledges. NT Workstation comes with 2 default user accounts - Adminstrator and Guest. When a new acct is created it is assigned a unique Security Identifier(SID). If an employee were to leave, it is better to create a copy of the account for the replacement so that they will get a unique SID rather than edit the previous emloyee's account. All priveledges will be copied, however, rights assigned to the previous user will be lost. If you delete a user account, the SID is destroyed - it is usually best to disable an account rather than delete it. Changes to a users account will not take effect until they log off and back in again.

--GROUPS--
Using user groups is a way to greatly simplify account administration. If you place a group of users into a group, you only have to change permissions for the group and it applies to all of the users in the group. NT Workstation comes with a set of pre-installed local groups listed in the table below:
GROUP DESCRIPTION
Administrators Most powerful group that is able to manage the configuration of the system.
Power Users Have rights to manage directories and printers
Backup Operators Have rights to control backup and restoration functions
Users Everyday users
Guests Very limited abilities
Replicator Supports directory replication functions


GROUP RIGHTS
Administrators
  • Log on locally
  • Take ownership of files
  • Access computers from network
  • Manage auditing and the security log
  • Shutdown or remotely shutdown the system
  • Change the time
  • Backup files and directories
  • Manage device drivers
Power Users
  • Log on locally
  • Take ownership of files
  • Access computers from network
  • Manage auditing and the security log
  • Shutdown or remotely shutdown the system
  • Change the time
Backup Operators
  • Log on locally
  • Shutdown the system
  • Backup files and directories
  • Restore files and directories
  • Take ownership of files
Users
  • Log on locally
  • Take ownership of files
  • Shutdown the system
Guests
  • Log on locally

SYSTEM SECURITY
--GENERAL--
When you logon to an NT workstation an access token is created that determines which resources can and cannot be accessed based on your login information. These are permissions. Make sure you know the difference between rights and permissions. Rights give a user or group the ability to perform a certain task, such as the ability to create user accounts. Permissions give access to specific objects like files and directories. Rights are determined by the administrator, whereas permissions are determined by the owner of the object being accessed. Generally rights carry more weight than permissions. NT allows new groups and users to be created with a customized set of rights.

--FILE AND DIRECTORY PERMISSIONS--
Lets say you have an NT workstation with 3 users that share it. NT will allow you to create shares that permissions can be assigned to the other users of the same workstation to prevent or limit their ability to access the other users' files or directories. This type of security occurs at the local file system. File and directory permissions apply to NTFS partitions only.
The following permissions can be applied to directories:
  • No access
  • List
  • Read
  • Add and Read
  • Change
  • Full control
  • Special directory access
  • Special file access
The following permissions can be applied to files:
  • No access
  • Read
  • Change
  • Full control
  • Special access
PermissionDescription
No accessDirectory: Can't view or change directory or directory permissions.
File: Can't view or change file or file permissions.
ReadDirectory: Users can view files and their attributes inside directories. User can browse through directory.
File: Users can open or execute the file and view the file's attributes and and permissions.
AddDirectory: Can add files to a directory but can't access files put into that directory.
File: N/A
Add and readDirectory: Users can open/execute and add files in the directory. Can't change or delete files
File: When a directory is Add and read, the files in that directory are read only. Add and read cannot be applied directly to files.
ListDirectory: User can view files and view file and directory permissions. Can open/execute files.
File: N/A
ChangeDirectory: Able to make new files and directories, change or delete files, open/execute files. Can't change permissions.
File: View, change and delete files. Can't change permissions.
Full ControlDirectory: All of the permissions included with change and the ability to change permissions and take ownership of files.
File: Same as change permissions, but can also change permissions and take ownership of files.
Special accessDirectory and file: Create custom permissions using NT's 6 basic permissions which are read, write, execute, take ownership, change permissions and delete.


--MISC--
There are 3 different ways to disable access to the workstation.
  • Press CTRL-ALT-DEL and select "Lock Workstation" from the menu. This option will allow programs to continue to run.
  • Press CTRL-ALT-DEL and select "Logoff". This option will prevent programs from running.
  • To lock the workstation after a specified period of time, use a password protected screen saver.

--SHARING--
The previous permissions that were discussed apply to the local system. So what about accessing resources on the network? In order for that to happen, the object that you wish to access must be shared. When an object is shared, permissions can be set for that share.

There are 3 ways to create a share:
1) Explorer
2) My Computer
3) NET SHARE command at a DOS prompt

Lets talk about sharing a directory. A single file cannot be shared under NT, it must be a directory. Share names can be up to 12 characters long, but it is recommended to keep them under 8 as DOS redirectors can't handle anything longer. Spaces are allowed, but if the share name has a space in it you will have to enclose the name in quotations in order to access it. If you wish to hide a share so that it does not show up on the browse list, all you have to do is add a $ sign at the end of it(eg. isuck$). If a share is hidden then you can only access it from a DOS prompt or via the map network drive option in explorer. When a share is created, you have the option of specifying permissions(see below) for the share and the maximum number of users that can access it at one time. The NT Resource kit contains a program called "Server Manager" that can be installed on an NT Workstation or Win9x computer and will allow you to create shares remotely.

--SHARE-LEVEL PERMISSIONS--
When assigning permissions to a share, the users and or group/s that are given access to a share is defined by the "access control list" or ACL. For example, lets say that you have a company called Spatula City...You can assign a certain level of permission to the Processing group such as read only and full control to the refining group. Or you can specify by user or both groups and users. It is very flexible and can also be very complicated.
Here are the different types of share-level permission.
No accessCan't get in or access at all
ReadView files and subdirectories. Execute applications. No changes can be made.
ChangeIncludes read permissions and the ability to add, delete or change files or subdirectories
Full ControlIncludes change permissions and the ability to change permissions(NTFS only) and take ownership(NTFS only)


--REMEMBER THE FOLLOWING ABOUT SHARING AND PERMISSIONS--
If you are a member of multiple groups and different permissions are assigned to each group, the least restrictive share will apply as they are cumulative, unless one of your groups is given no access. No access would override any other permissions for any other group of which you are a member.

When accessing a shared resource, then both the share permissions and the NTFS permissions will be looked at. The most restrictive of the two will be applied. Remember that shares mean "over the network". Your share level permissions do not affect your ability to access local files and directories.

File permissions take precedence over directory permissions.

--MOVING OR CREATING FILES--
Permissions for an object that is moved or created follow a special set of rules as follows:
  • If you move a folder or file on an NTFS partition and place it into a different folder on THE SAME NTFS partition, the file or folder will retain its security information. For example, you have a file called booger.xls that has full control permissions for the "Everyone" group and move it to a new NTFS directory on the same partition that has read only access for the "Everyone" group, the file will retain its full control status.
  • If you copy a file within the same NTFS partition it will inherit the permissions of the target directory.
  • If you move or copy a file from one NTFS partition to another, the file will inherit the permissions of the target directory.
  • If you create a new file or folder in an NTFS directory, it will inherit the permissions of the parent directory.
  • If you move a file from an NTFS partition to a FAT partition, all permissions are lost.


--EVENT AUDITING--
NT allows auditing to be enabled which allows security information to be stored in a security log. The table below should sum it up.
EVENT DESCRIPTION
File and object access Tracks jobs sent to printers and access to files or directories.
Logon and logoff Keeps track of logging on and off activity as well as connections to servers.
Process tracking Tracks the running and quitting of programs.
Restart, shutdown and system Self-explanatory
Security policy changes Audits any changes made to user rights, trust relationships and the auditing process itself.
Use of user rights Displays when a particular right is used.
User and group management Notes any alterations of user accounts or groups.
The log can be seen by launching the Event Viewer. By default, only the administrator has the right to view the security log.

--PROFILES--
A user profile is a bunch of configuration settings that comprise a users desktop. There are several different ways that these can be configured and each is listed below.

LOCAL
  • LOCAL PROFILE - Each user creates and maintains there own profile.
  • PRECONFIGURED LOCAL PROFILES - Users have local profiles that are partially or entirely preconfigured by the admin.
  • PRECONFIGURED DEFAULT USER PROFILE - Users have local profiles, but admin uses a "template" for new users. This can be modified by user.
NETWORK
  • ROAMING PROFILES - A path is created to the users profile and is maintained on the server. Ends with the suffix ".DAT". Users can alter this profile.
  • PRECONFIGURED ROAMING PROFILE - A path is added to users account info and a preconfigured version is stored on the server.
  • NETWORK DEFAULT USER PROFILE - A default user profile that is stored in the netlogon shared directory. Users will be able to change this profile.
  • MANDATORY PROFILE - A path is made to the users profile and a preconfigured profile is copied to that path. Ends with the suffix ".MAN". The user may not modify this profile. If the PDC goes down, NT will access a cached copy of the profile provided that the user has logged into the domain at some point in the past.
The %systemroot%/profiles directory contains profiles for every user that has ever logged in to the NT box. Each user's profile contains the following folders: Application data, desktop, favorites, personal, sendto and start menu. Any setting that is not a part of the desktop settings is stored in the NTUSER.DAT file. This file can be altered by editing the registry in the HKEY_CURRENT_USER subtree. Most changes that you would want to make can also be done in the control panels.

REGISTRY
--GENERAL INFORMATION--
The registry is a big-ass hierarchical database that stores all of NT's settings. It can be accessed by running regedt32.exe or regedit which has a few new features. Below are the 5 subtrees and the information that each controls.
SUBTREE DESCRIPTION
hkey_local_machine This subtree contains most of the information that you will use. It holds information about hardware, systems and programs running on the machine.
hkey_classes_root Stores file associations such as which application should be used to open files based on the extension. It also contains the OLE registration database and also provides redundancy as all of its info is found in the hkey_local_machine subtree.
hkey_users Holds 2 user profiles. One is a default used for settings when nobody is logged in and the other is for a user that is already known to the system.
hkey_current_user This subtree contains the user profile for whoever is currently logged in to the server.
hkey_current_config Contains information about the hardware configuration that was used during boot.
Each subtree contains "keys" and within most of the keys are "subkeys". Once you browse deep enough you will get to the final subkey. When this is opened, the first line you see will be the "value entry". The value entry will contain 3 parts called name, data type(5 types) and value.
Most of the registry(the static items) are contained in hive files which are located in 2 places. Machine hive files are located in \WINNT\SYSTEM32\CONFIG and user files are located in \WINNT\PROFILES.
The registry editors will allow you to remotely edit the registry of another computer. The registry can be backed up and restored in the event that mistakes are made.

--REGEDT32 VS. REGEDIT--
The main difference between these 2 registry utilities is that Regedit will allow you to search for keys, data and values throughout the entire registry while Regedt32 will only search for keys. On the other hand, Regedt32 will allow you to change any security setting.

NETWARE
--BACKGROUND--
Unfortunately, most networks will be a mix of network operating systems which makes the process of everything working together a little more complicated. The big one that you have to wory about in real life and in the exam is Netware, so really know this section.

--CONNECTION OPTIONS--
  • NWLink is a routable transport protocol that imitates Netware's IPX/SPX protocol and is all that is necessary to allow NT to run applications from a Netware server, but does not allow file and print sharing. After this is installed you will now have multiple protocols bound to your ethernet card(if you didn't already). To improve your network performance change the binding order so that the most frequently used protocol is first.
  • Client Services for Netware(CSNW) allows NT workstations file and print sharing access to a Netware server. The NWLink protocol will automatically be installed with CSNW.
  • Gateway Services for Netware(GSNW) creates a gateway that allows NT clients to access a Netware network via an NT Server without having to install any client software. GSNW will also allow you to run many Novell commands from a command prompt. NWLink is required and will be installed automatically when GSNW is installed.
  • Netware Client Software is Novell's solution to the whole mess and substitutes ODI(what Netware uses) based network drivers for the NDIS ones that come with NT. This would be used if you were connecting a few NT workstations or Win 95/98 machines to a Netware network and did not want to use CSNW. This situation doesn't really apply to this exam, but I included it is good to know.
--FRAME TYPES--
Once you have all of this figured out, you then need to worry about the frame type. If mismatched frame types are used then communication will not happen. By default, NWLink and GSNW will only allow you to connect to Netware 3.12, 4.1, 4.11, which use Ethernet 802.2 frame type. Auto-detection should work fine in this situation as NWLink also uses 802.2. Auto-detect is only capable of selecting one frame type so to connect to NetWare 3.11 or lower, you need to use manual configuration and select both frame types as these lower versions of Netware use the Ethernet 802.3 frame type.

--PASSWORDS--
In order to change a password on a Netware server, use the setpass.exe utility. In Netware 4.x(NDS only) environments, it can be changed using the change password option. This can be accessed via CTRL-ALT-DEL.

REMOTE ACCESS SERVICE(RAS)
--GENERAL--
RAS is basically NT's dial up networking service that allows NT to dial out to other computers and to receive calls as well. On the client side it is called Dial Up Networking(DUN) which is not as robust as RAS. Essentially, RAS turns your dial-up-communications into a network card. In NT 4.0 a new software layer called TAPI has been added which allows software vendors to not have to provide support and worry about the type of modem being used. TAPI handles this for them. RAS supports the SLIP and PPP dialup protocols, but only supports PPP clients. PPP is most commonly used as it allows for dynamic addressing. For secure connections, RAS supports the PPTP protocol which creates a virtual private network(VPN). RAS supports modem, frame relay, direct serial, x.25 and ISDN connections. Additionally, RAS has an option for multilink PPP that allows for connections to automatically be pooled. By default RAS uses the NetBeui protocol but can also use TCP/IP and IPX/SPX. TCP/IP must be used with programs that use Winsock. An LMHOSTS file on a RAS client can speed up NetBios name resolution.

--LOGIN AUTHENTICATION--
RAS provides several different authentication possibilities as follows:
  • Allow any authentication including clear text -- Allows for a variety of password authentication protocols including PAP. This is a good option if you have a variety of RAS client types.
  • Require encrypted authentication -- Will allow any password authentication except for PAP.
  • Require Microsoft encrypted authentication -- This will use CHAP(Challenge Handshake Authentication Protocol) or MSCHAP and means that only Microsoft clients will be able to attach.
  • Require data encryption -- Will require all data to be encrypted
By default nobody is able to dial in to the RAS server. These permissions have to be set in the Remote Access Service Administrator. Once this is done, there is a callback security option that must be set. Callback security can be set so that the RAS server will call back a user trying to login to verify that their phone number matches their login ID and password. Not only does it provide security, but it can also save customers money if they are dialing in long distance. There are 3 possible options:
  • No call back -- Default option that provides no added security.
  • Set by caller -- Once the user is validated, RAS will then call the user back. Provides no additional security.
  • Preset to -- This option provides a lot of security but only works if the users always call from the same phone number. If they try to call from a different one, they will not be able to connect.
--TROUBLESHOOTING RAS--
The first place to check when errors occur is in the DUN Monitor. This utility will give information regarding connection speed, link duration, users connected and protocols used. If this doesn't solve the problem, then there are 2 other options. First, in the Advanced Connection settings in the modems applet a log can be enabled called MODEMLOG.TXT. The 2nd option is to enable DEVICE.LOG by editing the registry.

PRINTING
--THE BASICS--
First let's look at a couple of definitions that you will need to know:
  • PRINTER -- The icon that you see listed on your computer.
  • PRINT DEVICE -- This is the physical printer itself.
  • PRINT SERVER -- This is the computer that manages the printer and its permissions.
  • PRINT QUEUE -- A series of files in line waiting to be printed by the printer.
  • PRINT DRIVER -- A piece of software that provides communications between the OS and the print device.
--PRINTER PERMISSIONS--
Printer permissions are only slightly different than NT's regular permissions. The table below should explain it.
PermissionDescription
No accessCan't print or do anything else.
PrintCan print, pause, resume, delete and restart their own documents only.
Manage DocumentsHave "print" permissions for all documents(not just their own). Can also control document settings.
Full ControlHave "manage document" permissions and can also change printing order and change the printer's permissions and properties.

In addition to permissions, priorities for print jobs can be set. For example, If you are the president of a company and you feel that your documents are more important than the secretaries', then on the server you can creat 2 printer objects and assign a different print priority to each so that your documents come out first. 1 is the lowest priority and 99 is the highest.

--TROUBLESHOOTING PRINTERS--
Like other things in NT, a printer can be audited by enabling "file and object access auditing in the user manager. Then in the printer properties, you can select the users and/or groups that you would like audited.

If the printer jams during a print job, clear the jam and select "restart" from the menu.

A corrupt print job or other anomalies can cause the print spooler to stall. To remedy this, restart the spooler service.

If you are unable to specify the correct port for a network printer, make sure that you have the correct protocol installed on the computer. For example, an HP printer would require the DLC protocol.

You can modify a printers availability in order to restrict which hours the printer can be printed to.

NT ARCHITECTURE
--GENERAL--
As I am sure you know, Windows NT is a 32 bit operating system. It provides support for Win32, Win16, DOS, OS/2 and POSIX applications. NT uses 3 environmental subsytems to provide this support: Win32 subsystem, POSIX subsystem and the OS/2 subsystem. Let's take a look at each in greater detail.

  • WIN32 -- This subsystem handles support for 32-bit windows applications and is also known as the Client/Server subsystem. This subsystem has the following features:
      • 32-bit architecture
      • Multiple execution threads are supported for each process
      • Memory Protection - each Win32 application is separated and protected from other applications
      • OpenGL - Support for 2D and 3D graphics cards
      • 2GB nonsegmented address spaces are assigned to each application
    • NT supports DOS applications via VDMs(Virtual DOS Machines). A VDM is a Win32 application that creates an environment where DOS applications can run. It does this by making the NT Workstation resemble a DOS environment and tricks the DOS applications into thinking that they have unrestricted access to the computer's hardware. NT can only support DOS applications that use VDDs(Virtual Device Drivers) to intercept the applications calls to the computer's hardware.
    • NT also supports Win16 applications with the use of a DOS application called WOW(Windows on Windows). WOW runs within a VDM that runs as a 32-bit process. If a Win16 application crashes it will only corrupt the WOW, but will not affect the rest of the NT operating system.
  • OS/2 -- NT will support OS/2 1.x applications, but not the more popular 2.x GUI applications.
  • POSIX -- NT will support POSIX.1 character based applications. The support is very limited.

OPTIMIZATION AND TUNING
--PERFORMANCE MONITOR--
Performance Monitor uses "counters" not only allows you to view statistics on a local NT Server, but on others located on the network as well. Perfmon allows you to locate trouble areas and bottlenecks on your NT workstation. The main sources of these bottlenecks are the network card and drivers, CPU, memory and the disk subsystem. Perfmon gives you several ways to handle your statistics as follows:
  • Report - view statistics.
  • Chart - good for finding problems over a period of time. View real-time data in histogram or graph format.
  • Log - used to view data over a period of time.
  • Alerts - Alerts can be configured so that you are notified when a particular counter has passed a benchmark that you have set. The results can only be sent to one user.
Following are how to tell where the problem is:
  • DISK - If the %disk time is over 90% or the Disk Queue Length is over 2, then there is a problem with either the disk or the controller. You must type DISKPERF -Y at a command prompt to enable disk performance counters.
  • NETWORK CARD - Use the network/%network utilization counter. You won't be able to use this unless you have the Network Monitor Agent installed and running. If this value is over 30% then the network card is the problem. As previously mentioned, make sure that you bind your most used protocols first. To get TCP/IP statistics you will need to have SNMP running.
  • CPU - Check the %processor time. If it is running above 80% then there is a problem. You may also want to check Processor Queue Length and Interrupt/Sec.
  • MEMORY - The pages/sec counter should be less than 20. The available bytes should be more than 4mb and committed bytes should not exceed the amount of physical memory installed in the computer. You will also want to use Performance Monitor to keep an eye on your paging file(virtual memory) by using the %usage and %usage peak counters. Microsoft recommends that the paging file is set to a value equal to the amount of RAM +12. So if you had 32mb of RAM, your initial paging file size would be 44, but using Perfmon and viewing the %usage and %usage peak counters is the best way to tell whether it is cutting the mustard. It is best to have your paging file on a separate partition from your system and boot files if possible. It is also good to spread your paging file over multiple physical disks if possible.
--MISC--
The Event Viewer is a configurable tool that keeps track of what happens on your server and tracks 3 categories of information: System, Security and Application. The system log will contain information about drivers and services that fail to start. The security log will keep track of events that you enable in auditing. The Application log keeps track of application errors and processes.

Task manager allows you to list and stop running programs, start programs, view CPU and memory usage, view running processes and change their priority.

DISASTER RECOVERY AND TROUBLESHOOTING
--THE BOOT PROCESS--
After turning on your computer, it will go through POST processing which inspects the computer's hardware. After this is through, the Master Boot Record(MBR) is read and then then NTLDR.EXE is run. The MBR contains data about your physical disks and partitions. Once this is completed, the computer will now attempt to load and operating system. Here is how it works with NT:
  • CHOOSE AN OS -- When NTLDR is executed it reads the BOOT.INI file, which provides choices for operating systems, where they are located on disks and other defaults.
  • DETECTING HARDWARE -- Next, NTDETECT.EXE is run which assembles a list of hardware that is currently installed in the system and then forwards the information to NTLDR.EXE.
  • SELECT A HARDWARE PROFILE -- If multiple hardware profiles have been defined for the system, one can be selected at this time. At this point, you will also have the option of pressing the spacebar to select "The Last Known Good Configuration Menu". This option is used when NT won't boot after making any hardware configuration changes. It will restore the registry settings that were in effect the last time that NT was booted properly.
  • LOAD THE KERNEL -- Now the NTOSKRNL.EXE will be executed as well as the Hardware Abstraction Layer. Both will be loaded into memory.
  • KERNEL INITIALIZATION -- The final step is the initialization of the kernel, which then leads to the login screen.
The NT boot process uses the following boot files:
  • BOOT.INI -- Specifies boot defaults, operating system locations, settings and menu selections.
  • BOOTSECT.DOS -- A file located in the system partition that allows the option to boot into another operating system such as Win98 or DOS.
  • NTDETECT.COM -- Hardware detection program that is located on the root of the system partition.
  • NTLDR -- File that loads the NT operating system and is located on the root of the system partition.
  • NTOSKRNL.EXE -- The executable file for NT.
  • OSLOADER.EXE -- This is the OS loader for RISC based systems.
  • NTBOOTDD.SYS -- File used when the system or boot partition is located on a SCSI drive and the BIOS is disabled.

--BOOT PROBLEMS--
If your server craps out on you and won't boot, a good thing to try is to select the "last known good configuration" when prompted at boot. This often will be a valid solution when you add a new piece of hardware like a video card for example. The new drivers that you loaded for it may be causing a problem, so this selection will tell NT to forget any changes that you have made since the previous boot, by looking for the last configuration that did not cause system critical errors at boot. Another good thing to try is to boot into VGA mode. This mode has a /sos appended to it in the boot.ini file.
Let's say that you have really assed out your server and the last known good menu did not work. Now you take it to the next level and use an Emergency Repair Disk(ERD). Make sure that you create one of these every time you make any major changes to your server - It will be worth it in the long run. To create an ERD, run RDISK.EXE. To utilize the ERD, you boot from the 3 setup disks and you select R for repair when prompted. After this, you will be able to select from the following options:
  • Inspect registry files - This allows you to restore registry hive files from backup.
  • Inspect startup environment - If this is selected, NT will try to repair or replace the boot.ini file if it has problems.
  • Verify windows NT system files - Will check and make sure that all of the system files that NT installed are still there.
  • Inspect boot sector - Will repair the boot sector if there is a problem and make sure that the NTLDR file is still intact and operating properly.
--ARC NAMING CONVENTION--
ARC is an architecture-independant way of naming drives for x86, risc, alpha, etc. NT uses this convention in its boot.ini file to determine which disk holds the OS and is important to know when troubleshooting boot problems and recovering from disk failures. The table below will explain the different options.
Multi(x)Specifies an EIDE disk or a SCSI disk if the bios is enabled to detect it. Can only be used on x86 systems. "x" is the number of the controller.
SCSI(x)Defines a SCSI controller if the BIOS is not enabled to do so. Again, "x" is the number of the controller.
Disk(x)Defines which SCSI disk the OS is on. If SCSI(x) was used then x=the SCSI ID of the drive. If Multi(x) was used then x=0.
Rdisk(x)Defines disk which the OS is on when it is on an EIDE disk. x=0-1 if on primary controller. x=2-3 if on multi-channel EIDE controller.
Partition(x)Specifies the partition that the operating system is located on. (x)=the partition's number.

--STOP ERRORS--
Stop errors can be written to a .dmp file in the following manner: In the system control panel, you can specify the directory that you would like the files to be written in the startup/shutdown tab. In order to view the contents of the file, a program called dumpexam.exe must be used. There must be free disk space available in a swapfile on the boot drive that is equal to the amount of RAM installed on the server.


UNINTERRUPTIBLE POWER SUPPLY(UPS)
A UPS can protect NT Workstation from power surges and spikes, voltage variations and power outages. Any one of these things can damage data, cause network problems or even destroy your computer. NT Workstation is designed to receive information from the UPS via its serial port using an RS-232 cable. Here are the messages that it can receive:
  • POWER FAILED: This signal goes from the UPS to the server. This alerts the server that power has failed and it is now running on battery power.
  • BATTERY LOW: Some UPS will inform the server that it the UPS is running low on battery power.
  • REMOTE UPS SHUTDOWN: If NT detects that it is getting a crappy electrical signal from the UPS it will send a message to it to shutdown and charge itself. While in this state the UPS will continue to forward power to NT, but will not provide any of it's other services.
Once the UPS is installed, it can be configured in the UPS control panel. Workstations that have the messenger service installed will receive broadcast messages when the power fails or when it comes back up. This gives workers a chance to save what they are working and gracefully shutdown. Make sure that you specify the correct voltage definition(positive or negative). If you choose incorrectly it can cause your system to behave improperly in the event of a power problem.


 CareerAcademy
Certification training videos with private instructors. Topics cover Microsoft MCSE, CompTIA, CISSP & Cisco exams. Courses also come with official practice exams with 7x24 mentors.
more products...
 Netwind Learning
Free Demo. Certification Training for A+, MCSE, MCTS Microsoft.NET, Cisco CCNA, CCNP, CCVP, CCSP, Java, Oracle, Linux, PMP and 100's of other courses.
more products...
 EDULEARN
Certification Training on CD-ROMs & Videos: Microsoft MCSE Training, A+ Certification, Windows 2003, & Free demos. MCSE certification training includes videos and labs.
more products...
 CBT Nuggets
Our products offer classroom training at home. We offer CBTs for Microsoft, Cisco, CompTIA, INFOSEC, LPI, Java, CIW, Citrix, CWNA, CISSP, CEH, Oracle, and other certifications.
Free Videos
more products...


ADVERTISE | PARTNERSHIPS | PRIVACY POLICY | DISCLAIMER | | CONTACT


IT Showcase