Windows NT 4.0 Workstation

Installation
Minimum requirements for NT Workstation 4.0:
  • 110M Free disk space
  • 12M RAM (w/ Intel processor)
  • 16M RAM (w/ RISC processor)
  • 486-DX33
  • CD-ROM (if not installing over network)
  • VGA compatible display

Windows NT Setup
WINNT32.EXE is used to upgrade only from a previous version of Windows NT.

WINNT.EXE is used for the regular Windows NT setup, or an installation through DOS or Windows 95.

Upgrading from Windows 3.1x or a previous version of NT will keep all user, network and program settings.

There are no conversion options from Windows 95 to Windows NT that will allow you to maintain user settings. To dual boot between the two, install NT in a separate directory and reinstall all your applications.

Command modifiers for installation:

/B Put boot files on hard drive instead of using boot floppies (takes an extra 4-5MB of hard disk space).
/S Specify source file location(s) - multiple locations will speed up installation.
/U Specify answer file location for use with unattended installation - MUST be used with /s to specify source file location(s).
/T Specifies location of temp directory created for install (/t:<path>).
/OX Create the setup disks from CD-ROM or shared network folder. Used to replace damaged boot disks.
/F Don't verify files. Can speed up installation.
/C Don't check for free space when creating boot disks.
/I Specify setup information (.inf) file. This file tells setup how to run. The default name is DOSNET.INF.

  • Answer file - Used when performing unattended installs.  Provides information that would normally be answered by the user during setup.  Default name is UNATTEND.TXT.

  • UDF (Uniqueness Database File) - Used in conjunction with the answer file when performing unattended installs. Provides information for settings that are user or group specific.  Default name is $UNIQUE$.UDF.

    • To uninstall NT on a FAT partition, you will need to boot to DOS, run SYS.COM, and remove the WINNT directory and files.

    Application Support
  • SYSDIFF - Used to install applications. Takes a snapshot of your system before and after the installation, and makes note of all files that were added or modified during the installation. It then uses this snapshot for automated program installation to other systems.

  • NTVDM (NT Virtual DOS Machine) - Provides a virtual environment for DOS applications. Allows each application to run in its own memory space. Each DOS application will run in its own VDM.

  • WOW (Win16 on Win32) NTVDM - Provides a virtual environment for 16-bit Windows applications. By default, 16-bit Windows applications all run in the same address space in the same NTVDM.

    16-bit Windows programs can be run in their own VDM. Click Start, Run. Choose the application you would like to run, then check the Run in Separate Memory Space box, and click OK. However, doing this requires more overhead - approximately 2MB per VDM.

    A 16-bit Windows program that uses DDE (Dynamic Data Exchange) does not have to run in the default Win16VDM.

    NT schedules threads to run by using application priorities. Application threads are assigned priorities, and run in order according to their priority level, from highest (31) to lowest (0).

    Average base priority classes:
    24 Realtime
    13 High
    8 Normal
    4 Low

    Starting applications in realtime mode can adversely effect other system processes and may even slow down total system performance. Because of this, running in realtime requires administrator or power user rights and is not generally recommended.

    You can change the priority of a running application by running Task Manager -> Processes, right clicking the process and selecting "Set Priority."

    Foreground application boost over background applications can be changed with the Control Panel -> System -> Performance utility.

    • Registry

    Subtrees:

    HKEY_LOCAL_MACHINE Stores machine-specific information (hardware).
    HKEY_USERS Stores information for all users who have ever logged on.
    HKEY_CURRENT_USER Stores current user settings.
    HKEY_CLASSES_ROOT Stores OLE and file association, also tracks information regarding applications that have been installed.
    HKEY_CURRENT_CONFIG Stores information about the hardware profile used at startup.

    REGEDT32.EXE allows permissions to be set, but cannot search for values, just keys.

    REGEDIT.EXE can search for keys and values but does not support all data types, security menu, or a read-only mode.

    Virtual Memory
    Virtual memory can be controlled in the Control Panel -> System properties under the Performance tab.

    The paging file size can be in/decreased here, and even distributed across multiple drives to speed up access.

    From here, the paging file size can be changed and distributed across multiple drives.

    The most efficient paging file is distributed on several drives but not on the boot or system drive.

    The recommended initial paging file size equals the amount of RAM in the system plus 12MB.

    Paging file size can increase during operation, but will not shrink. Page file size will be reset when the computer is restarted.

    Multiple Disk Sets

    Disk Striping Divides data into 64k blocks and spreads it equally among all disks in the array. Needs a minimum of two hard disks. Does not provide fault tolerance.
    Volume Set Merges numerous partitions into one drive mapping. Drives are read one at a time. Does not provide fault tolerance.

  • Speed factors
    • Disk striping will provide the fastest read/write performance as it can read multiple disks at a time.
    • Volume sets are slow, as only one drive is read at a time.

    File Systems
    NTFS has file level security, and is faster over 400M, but has a larger overhead (cannot format a floppy disk with NTFS) and cannot be read by DOS, WIN 3.1, WIN 3.1.1 or WIN95.

    FAT16 is compatible with MS-DOS & WIN95. (Note: Win95 FAT32 is not NT compatible), but has no file-level security.

    For upgrading NT3.51 HPFS you must convert that partition(s) to NTFS before upgrading the OS.

    NTFS vs. FAT

    FAT

  • Files and directories on a FAT partition only contain the standard attributes of Archive, Read-Only, System and Hidden.
  • Cannot set local security access on a FAT volume.
  • Can convert the partition to NTFS by running CONVERT.EXE
  • A FAT partition can be defragmented by booting with a DOS diskette and running DEFRAG.EXE
  • File moved from a FAT partition to an NTFS partition retain their attributes and long-filename.

    NTFS


  • NTFS partitions contain the standard attributes, as well as security descriptors basing file access from file-level security.
  • Can set local security access on an NTFS volume.
  • Partition cannot be converted to FAT. The partition must be deleted and recreated as a FAT partition.
  • NTFS partitions cannot be defragmented. To defragment an NTFS partition, it must be formatted and restored from backup.
  • Files moved from an NTFS partition to a FAT partition do not retain their attributes or security descriptors, but will retain their long filenames.

    • Security

    Share-Level Security - Governs user accesses a resource through the network. Can be implemented on NTFS or FAT partitions. Applied through the Sharing tab of the resource's properties.

    File-Level Security - Governs local user file and folder security on NTFS partitions only. Applied through the Security tab of the resource's properties.

    Share Security Levels

    Full Control
  • Is assigned to the Everyone group by default.
  • Allows user to take ownership of files and folders.
  • Users can change file access rights.
  • Grants user all permissions assigned by the Change and Read levels.
    • Change
  • User can add and create files.
  • Grants ability to modify files.
  • User can change the attributes of the file.
  • User can delete files.
  • Grants user all permissions assigned by the Read level.
    • Read
  • User can display and open files.
  • User can display the attributes of the file.
  • User can execute program files.
    • No Access
  • User cannot display, access, or modify files.

    • Permissions are cumulative, except for No Access, which overrides anything.

    When a resource has both File-Level and Share-Level Securities enabled, the most restrictive security is given to the user.

    File permissions override the permissions of its parent folder.

    Anytime a new file is created, the file will inherit permissions from the target folder.

    Copying within a partition Creates a new file resembling the old file. Inherits the target folders permissions.
    Moving within a partition Does not create a new file. Simply updates directory pointers. File keeps its original permissions.
    Moving across partitions Creates a new file resembling the old file, and deletes the old file. Inherits the target folders permissions.

    To lock the workstation after a period of idle time, use a screensaver password.

    To disable access to the workstation, but allow programs to continue running, use the Lock Workstation option (from the CTRL-ALT-DEL dialog box).

    To disable access to the workstation, and not allow programs to continue running, use the Logoff option (from the CTRL-ALT-DEL dialog box).

    Auditing can be enabled in the User Manager. The Event Viewer is used to view audited events.

    When using Event Viewer, only local administrators can see the security log, but anyone (by default) can view other logs.

    Groups and Account Managment

    Creating new accounts requires only two pieces of information: username and password.

    Disabling an account is typically used when someone else will take the users place or when the user might return.

    Delete an account only when absolutely necessary for space or organization purposes.

    When copying a user account, the new user will stay in the same groups that the old user was a member of. The user will keep all group rights that were granted through groups, but lose all individual rights that were granted specifically for that user.

    NT Default Accounts

    Backup Operators Group designated for members to backup and restore computers from tape. Backup Operators can only backup and restore from tape when logged in locally to the computer. This group is found on all NT Servers.
    Account Operators Group designated for members to manage user and group accounts. This group is found only on Domain Controllers.
    Server Operators Group designated for members to manage resources, but cannot manage user accounts. Can backup and restore from tape. This group is found only on Domain Controllers.
    Replicator Group designated for NT computers to perform directory replication. This group is found on all NT Servers.

    RAS (Remote Access Services)

    RAS is capable of using the following connection protocols:
    • SLIP - Has less overhead than PPP, but cannot automatically assign an IP address, and only uses TCP/IP.
    • PPP - Can automatically assign IP addresses, supports encryption and other protocols besides TCP/IP.
    • RAS - Used by Windows 3.x and Windows NT 3.x clients.

    RAS supports call back security to either the calling number or to a specified, non-changing number.

    RAS for NT 4.0 supports multilink (the use of more than one modem to achieve higher transmission speeds). Multilink cannot be used with callback security unless there are two (or more) ISDN modems configured on the same phone number.

    RAS uses NetBEUI as the default network protocol, but can also use TCP/IP and IPX/SPX. TCP/IP will need to be used if you are using programs that utilize the Windows Sockets (Winsock) interface over the RAS services.

    To speed up NetBIOS resolution on RAS clients, put an LMHOSTS file on each client locally.

    RAS encryption settings

    Allow any authentication including clear text This will allow RAS to use a number of password authentication protocols including the Password Authentication Protocol (PAP) which uses a plain-text password authentication. This option is useful if you have a number of different types of RAS clients, or to support third-party RAS clients.
    Require encrypted authentication This option will support any authentication used by RAS except PAP.
    Require Microsoft encrypted authentication This option will only make use of Microsoft's CHAP (Challenge Handshake Authentication Protocol). All Microsoft operating systems use MS-CHAP by default.
    Require data encryption This option will enable the encryption of all data sent to and from the RAS server.

    RAS will write to a log file which can be used for troubleshooting RAS services. In order to enable RAS to write to the log, you have to enable it in the Registry.

    Netware

    NWLink (MS's version of the IPX/SPX protocol) is the protocol used by NT to allow Netware systems to access its resources.

    NWLink is all that you need to run in order to allow and NT system to run applications off of a NetWare server.

    To allow file and print sharing between NT and a NetWare server, CSNW (Client Services for NetWare) must be installed on the NT system.

    CSNW print options

    Print Banner A banner, which states your login ID, the date and time, will be printed out prior to the job that has been sent to the printer.
    Print Form Feed Feeds a blank piece of paper through the printer after the print job has printed, in order to separate one user's printed paper from another user's printed paper.
    Notify When Printed After a job has been sent to the printer and has finished printing, a message will come up on the screen notifying the user that the print job has completed successfully.

    Gateway Services for Netware can be implemented on your NT Server to provide a MS client system to access your Netware server by using the NT Server as a gateway.

    Frame types for the NWLink protocol must match the computer that the NT system is trying to connect with. Unmatching frame types will cause connectivity problems between the two systems.

    When NWLink is set to autodetect the frame type, it will only detect one type and will go in this order: 802.2, 802.3, ETHERNET_II and 802.5 (Token Ring).

    Netware 3 servers uses Bindery emulation (Preferred Server in CSNW). Netware 4 servers use NDS (Default Tree and Context.)

    There are two ways to change a password on a netware server - SETPASS.EXE and the Change Password option (from the CTRL-ALT-DEL dialog box). The Change Password option is only available to Netware 4.x servers using NDS.

    Networking

    Computer Name Resolution:
    • DNS (Domain Name Services) - Used to resolve DNS host name to an IP address.
    • WINS (Windows Internet Naming Service) - Used to resolve NetBIOS computer name to an IP address.
    • HOSTS - File which contains mappings between DNS host names and their IP addresses. Must be maintained manually.
    • LMHOSTS - File which contains mappings between NetBIOS computer names and their IP addresses. Must be maintained manually.

    TCP/IP is an internet protocol currently used for most networking situations. Each computer using TCP/IP will contain a unique address in a x.x.x.x format (where each x equals a number between 0 and 255) and a subnet mask.

    Subnet mask - A value that is used to distinguish the network ID portion of the IP address from the host ID.

    Default gateway - A TCP/IP address for the host (typically a router) which you would send packets to, to be sent elsewhere on the network.

    Common TCP/IP problems are caused by incorrect subnet masks and default gateways.

    UNIX computers use the TCP/IP protocol.

    NetBEUI is a non-routable protocol that is used solely by Microsoft O/S's.

    Universal Naming Convention (UNC) - Universal network pathname which is integrated into Microsoft systems. Named as \\computername\sharename, where computername = the NetBIOS name of the computer, and sharename = the share name of the folder.

    Trap messages are sent using SNMP (Simple Network Management Protocol).

    Profiles

    Profiles are the user settings which are loaded when a user logs in. They can contain desktop and start menu preferences. These files can be located either locally or on a server which has been mapped in the User Manager.

    NTUser.dat and *.dat files are the typical, user-configurable profiles used.

    NTUser.man and *.man files are read-only. If the user attempts to configure their desktop, the *.man file will not be updated. When the user logs in again, it will restore the original profile.

    You may copy profiles using the User Profiles menu located under Control Panel -> System Properties.

    Policies

    Policies take precedence over profiles.

    Individual policies take precendence over group policies.

    Machine policies take precedence over all policies.

    Printing

    Microsoft uses the terminology "Print Device" to refer to the physical piece of hardware, whereas a "Printer" is a conceptual idea describing the icon in the Control Panel.

    NT 4.0 has the option to maintain drivers for different operating systems on the server. Each operating system uses different drivers. For example, NT 4.0, NT 3.51 and Win95 systems cannot use the same print drivers. By installing the drivers for each of these types of system on the print server, each of these tpyes of clients can automatically download the driver they need without manual installation.

    NT clients (3.51 and 4.0) automatically download updated drivers from the server. Win95 machines will initially download print drivers but will not automatically update to a newer version of the driver. Win 3.1x and DOS clients must have the drivers installed on each client manually.

  • Print Pooling - Consists of two or more identical print devices associated with one printer.

  • Availability - This option allows you to specify which hours the printer can be printed to.

  • Priority - This option specifies which virtual printer should print first if other virtual printers are trying to print to the same physical printer at the same time. Priorities range from 1 - 99 with 1 being the lowest and 99 the highest.

    You can select Restart in the printer's menu to reprint a document. This is useful when a document is printing and the printer jams. Resume can be selected to start printing where you left off.

    You can change the directory containing the print spooler in the advanced server properties for the printer.

    To remedy a stalled spooler, you will need to stop and restart the spooler services in the Services applet in Control Panel.

    Printing to a TCP/IP printer requires you to know the IP address and printer name.

    The DLC protocol needs to be installed in order to connect to a HP print server.

    The AppleTalk protocol needs to be installed to communicate with Apple printers.

    • Troubleshooting

    To create a boot disk, format from the NT workstation you want a boot disk for (Win 95 and DOS will not work), and copy over the following files: NTLDR, NTDETECT.COM, BOOT.INI and NTBOOTDD.SYS (SCSI only).

    To create an Emergency Repair diskette, you can choose to do so either during the installation of NT, or you can run RDISK.EXE. When RDISK.EXE is run with the /S option, the utility backs up user accounts and file security.

    To use the Emergency Repair diskette, you will need to boot the server with the NT installation boot diskettes, and choose to repair NT with the Emergency Repair disk that was created.

    The Emergency Repair Process can a) inspect the registry files and return them to the state on the repair disk, b) inspect the startup environment, c) verify the system files and d) inspect the boot sector.

    To troubleshoot bootup problems, you can edit the Boot.Ini file and add the /SOS switch to the end of the Windows NT entries in the [Operating Systems] section of the Boot.Ini file to display driver names while they are being loaded. The VGA startup option has /SOS added by default.

    Use the Last Known Good option on bootup to restore the system to a bootable state if problems arise from switching video drivers or changing registry settings.

    Common error codes:

    • No system or boot disk message when trying to dual-boot = BOOTSECT.DOS is corrupt
    • Copy single file non-critical error - could not copy file = Occurs when you install Windows NT from an unsupported CD-ROM or network drive

  • Server stop errors - In the System Properties -> Startup/Shutdown tab, there are options to configure where you would like the Server stop errors to be written. The errors are written to a .DMP file which is readable by the program DUMPEXAM.EXE. You must have free space in a swapfile on your boot drive equal to or larger than the amount of physical RAM in your system in order to generate a dumpfile.

    • ARC Naming Convention

    The Advanced Risc Computing (ARC) path is located in the BOOT.INI and is used by NTLDR to determine which disk contains the operating system.

    multi(x) Specifies SCSI controller with the BIOS enabled, or non-SCSI controller.
    x=ordinal number of controller.
    scsi(x) Defines SCSI controller with the BIOS disabled.
    x=ordinal number of controller.
    disk(x) Defines SCSI disk which the OS resides on.
    When multi is used, x=0. When scsi is used, x= the SCSI ID number of the disk with the OS.
    rdisk(x) Defines disk which the OS resides on. Used when OS does not reside on a SCSI disk.
    x=0-1 if on primary controller. x=2-3 if on multi-channel EIDE controller.
    partition(x) Specifies partition number which the OS resides on.
    x=cardinal number of partition, and the lowest possible value is 1.

    multi(0)disk(0)rdisk(0)partition(1). These are the lowest numbers that an ARC path can have.

    Performance Monitor

  • Memory - add more RAM if you detect problems with the following:
    • Pages/sec - excessive disk paging. Should not be above 20.
    • Available bytes - virtual memory available. Should not be below 4MB.
    • Commited bytes - memory being used by applications. Should be less than RAM in computer.

  • CPU - upgrade the processor if you detect problems with the following.
    • %Processor time - amount of time the processor is in use. Upgrade if constantly over 80%.
  • System Object: Processor Queue Length - should not be over 2.

  • Disks - upgrade hard disk or controller, add another hdd controller to balance the load, or implement disk striping for multiple I/O channels if receiving inadequate disk performance.
    • %Disk Time Counter - amount of time the disk is in use. Should not be over 90%.
    • Current Disk Queue Length - files in disk queue. Should not be over 2.

    Must run DISKPERF -Y to enable disk performance counters.

    Alert view allows alerts to be made when the counters surpass the threshold you set.

    Log view allows the tracked objects to be written to a log file. Used to create a baseline for future reference.

    Report view gives the ability to present a consice report of current statistics.

     

    Special thanks to Joshua Colglazier for writing the original Cram Session for this exam, and Joe Seeley for updates to the material.