Windows
NT 4.0 Server in the Enterprise
-
Windows NT Setup
-
WINNT32.EXE is used to upgrade only from
a previous version of Windows NT.
WINNT.EXE is used for the regular Windows NT setup,
or an installation through DOS or Windows 95.
Upgrading from Windows 3.1x or a previous version
of NT will keep all user, network and program settings.
There are no conversion options from Windows 95 to
Windows NT that will allow you to maintain user settings. To dual
boot between the two, install NT in a separate directory and reinstall
all your applications.
Command modifiers for installation:
/B |
Put boot files on hard drive instead of using boot floppies
(takes an extra 4-5MB of hard disk space). |
/S |
Specify source file location(s) - multiple locations will
speed up installation. |
/U |
Specify answer file location for use with unattended installation
- MUST be used with /s to specify source file location(s). |
/T |
Specifies location of temp directory created for install
(/t:<path>). |
/OX |
Create the setup disks from CD-ROM or shared network folder.
Used to replace damaged boot disks. |
/F |
Don't verify files. Can speed up installation. |
/C |
Don't check for free space when creating boot disks. |
/I |
Specify setup information (.inf) file. This file tells setup
how to run. The default name is DOSNET.INF. |
Setup disks can be created by running WINNT.EXE /OX
or running WINNT.EXE from the cdrom.
-
Answer file - Used when performing unattended
installs. Provides information that would normally be answered
by the user during setup. Default name is UNATTEND.TXT.
-
UDF (Uniqueness Database File) - Used in conjunction
with the answer file when performing unattended installs. Provides
information for settings that are user or group specific.
Default name is $UNIQUE$.UDF.
To uninstall NT on a FAT partition, you will need
to boot to DOS, run SYS.COM, and remove the WINNT directory and
files.
In the server properties menu, there are options to
optimize server memory for certain situations.
Minimize Memory Used |
Allows memory to be allocated for up to 10 network connections. |
Balance |
Provides memory for up to approximately 64 connections. |
Maximize Throughput for File Sharing |
Optimizes server memory for file sharing operations (default). |
Maximize Throughput for Network Applications |
Optimizes server memory for server-based network applications.
Key word is SQL. |
-
Virtual memory
-
Virtual memory can be controlled in the Control
Panel -> System properties under the Performance tab.
The paging file size can be in/decreased here, and
even distributed across multiple drives to speed up access.
The most efficient paging file is distributed on several
drives but not on the boot or system drive.
The recommended initial paging file size equals the
amount of RAM in the system plus 12MB.
Paging file size can increase during operation, but
will not shrink. Page file size will be reset when the computer
is restarted.
-
Multiple Disk Sets
Disk Striping
(without parity) |
Divides data into 64k blocks and spreads it equally among
all disks in the array. Needs a minimum of two hard disks. Does
not provide fault tolerance. |
Disk Mirroring |
Duplicates a partition on another physical disk. Provides
fault tolerance by keeping data stored on two different disks,
in case of drive failure. |
Disk Duplexing |
Duplicates a partition on another physical disk which is connected
to another Hard Drive Controller. Provides fault tolerance by
keeping data stored on two different disks, in case of drive
failure, and by having two hard drive controllers, in case of
drive controller failure. |
Disk Striping with parity |
Distributes data and parity information across all disks in
the array. The data and parity information are arranged so they
are always on separate disks. A parity stripe block exists for
each row across the disk. The parity stripe is used for disk
reconstruction in case of a failed disk. Supports a minimum
of three disks and a maximum of thirty-two disks. |
Volume Set |
Merges numerous partitions into one drive mapping. Drives
are read one at a time. Does not provide fault tolerance. |
-
-
System and boot partitions cannot be part of a stripe
or volume set, but can be a part of disk mirroring and duplexing
partitions.
-
Speed factors
- Disk striping will provide the fastest read/write performance
as it can read multiple disks at a time.
- Disk striping with parity is slower, as it has to write the
parity information, but is still faster than disk mirroring
and volume set.
- Disk mirroring is slow due to the redundancy factor of writing
the same information to two drives at once.
- Volume set can only read/write one drive at a time.
To recover from drive failure with disk mirroring,
you must install the new drive, boot the system into NT, run Disk
Administrator, break the mirror from the Fault Tolerance menu, and
then reestablish the mirror. This will not be done automatically.
To recover from drive failure with disk striping with
parity, you must install the new drive, boot the system into NT,
run Disk Administrator, and choose the Regenerate option.
To recover from multiple drive failure with disk striping
with parity, you must install the new drives, boot the system into
NT, and restore the system backup from tape.
-
File systems
-
NTFS has file level security, and is faster over
400M, but has a larger overhead (cannot format a floppy disk with
NTFS) and cannot be read by DOS, WIN 3.1, WIN 3.1.1 or WIN95.
FAT16 is compatible with MS-DOS & WIN95. (Note:
Win95 FAT32 is not NT compatible), but has no file-level
security.
For upgrading NT3.51 HPFS you must convert that
partition(s) to NTFS before upgrading the OS.
NTFS vs. FAT
-
FAT
-
Files and directories on a FAT partition only
contain the standard attributes of Volume, Read-Only, System and
Hidden.
-
Cannot set local security access on a FAT volume.
-
Can convert the partition to NTFS by running
CONVERT.EXE
-
A FAT partition can be defragmented by booting
with a DOS diskette and running DEFRAG.EXE
-
File moved from a FAT partition to an NTFS partition
retain their attributes and long-filename.
NTFS
-
NTFS partitions contain the standard attributes,
as well as security descriptors basing file access from file-level
security.
-
Can set local security access on an NTFS volume.
-
Partition cannot be converted to FAT. The partition
must be deleted and recreated as a FAT partition.
-
NTFS partitions cannot be defragmented. To defragment
an NTFS partition, it must be formatted and restored from backup.
-
Files moved from an NTFS partition to a FAT partition
do not retain their attributes or security descriptors, but will
retain their long filenames.
-
Domains
-
Workgroup |
Recommended for networks containing under 20 users. Users
in this type of network administer all shares and methods of
access on their personal computers. |
Single Domain |
No trust relationships are involved in this domain model.
User and resource management is all controlled from a central
location. Can contain up to 40,000 user accounts, but is usually
recommended for 20-500 users. |
Single Master Domain |
A master domain is trusted by one or several domains. The
master domain should contain all user accounts while all the
trusting domains should contain resources. The master domain
provides central administration of user accounts while resources
can all be managed locally in each domain. Can contain up to
40,000 user accounts, and is usually recommended for 500-10,000
users. |
Muliple Master Domain |
Several master domains are setup with complete trusts between
each other, and all resource domains are setup to trust the
master domains. Is usually recommended for more than 10,000
users and can potentially scale to any size. |
Complete Trust Domain |
All domains in this model have complete trusts setup with
each other. |
Domain A trusts Domain B. Domain A is trusting Domain
B to access Domain A's resources. Domain A is the trusting domain
and Domain B is the trusted domain.
The arrow points from the trusting domain to the trusted domain.
A two way trust is simply two one way trusts between
two domains. In this arrangement, each domains trusts the other domain's
users to access its resources.
-
Security
-
Share-Level Security - Governs user accesses a resource
through the network. Can be implemented on NTFS or FAT partitions.
Applied through the Sharing tab of the resource's properties.
File-Level Security - Governs local user file and folder
security on NTFS partitions only. Applied through the Security tab
of the resource's properties.
Share Security Levels
Full Control |
- Is assigned to the Everyone group by default.
- Allows user to take ownership of files and folders.
- Users can change file access rights.
- Grants user all permissions assigned by the Change and Read
levels.
|
Change |
- User can add and create files.
- Grants ability to modify files.
- User can change the attributes of the file.
- User can delete files.
- Grants user all permissions assigned by the Read level.
|
Read |
- User can display and open files.
- User can display the attributes of the file.
- User can execute program files.
|
No Access |
- User cannot display, access, or modify files.
|
-
Permissions are cumulative, except for No Access, which
overrides anything.
When a resource has both File-Level and Share-Level
Securities enabled, the most restrictive security is given
to the user.
File permissions override the permissions of its parent
folder.
Anytime a new file is created, the file will inherit
permissions from the target folder.
The priority of attributes to a file is:
1) File
2) Directory
3) Share
File attributes override directory attributes, which override share
attributes.
Copying within a partition |
Creates a new file resembling the old file. Inherits the target
folders permissions. |
Moving within a partition |
Does not create a new file. Simply updates directory pointers.
File keeps its original permissions. |
Moving across partitions |
Creates a new file resembling the old file, and deletes the
old file. Inherits the target folders permissions. |
-
-
Auditing can be enabled in the User Manager. The Event
Viewer is used to view audited events.
When using Event Viewer, only local administrators can
see the security log, but anyone (by default) can view other logs.
Only Administrators and Server Operators have the rights
to share folders on an NT Server.
-
Groups and Account Managment
-
Creating new accounts requires only two pieces of
information: username and password.
Duplicating an account requires three pieces of information:
username, password and full name.
Disabling an account is typically used when someone
else will take the users place or when the user might return.
Delete an account only when absolutely necessary for
space or organization purposes.
When copying a user account, the new user will stay
in the same groups that the old user was a member of. The user will
keep all group rights that were granted through groups, but lose all
individual rights that were granted specifically for that user.
NT Default Accounts
Backup Operators |
Group designated for members to backup and restore computers
from tape. Backup Operators can only backup and restore from
tape when logged in locally to the computer. This group
is found on all NT Servers. |
Account Operators |
Group designated for members to manage user and group accounts.
This group is found only on Domain Controllers. |
Server Operators |
Group designated for members to manage resources, but cannot
manage user accounts. Can backup and restore from tape. This
group is found only on Domain Controllers. |
Replicator |
Group designated for NT computers to perform directory replication.
This group is found on all NT Servers. |
-
Global groups - Groups which contain users with
similar rights and requirements. Can only be created on Domain Controllers,
and can only contain users in that specific domain.
-
Local groups - Groups used to allow members to access
resources in the local computer/domain. Can be created on any NT
system. Can contain users from the local computer's database, users
from the computer's domain, or global groups from the computer's
domain or a trusted domain.
To allow a user from one domain to access to a resource
in another domain:
Joe, a member of domain A, needs to access the \\NTSERVER\VIP
share in domain B.
1) Create a trust relationship where domain B trusts domain
A.
2) Create a local group on the computer NTSERVER in domain
B. Grant proper access rights to the VIP directory.
3) Create a global group in domain A, and add Joe as a member.
4) Add the global group from domain A as a member to the
local group on NTSERVER in domain B.
|
-
Computer accounts take .5 k of hard disk space.
-
User accounts take 1k of hard disk space.
-
Global group accounts take .5 k + 12 bytes/user
of hard disk space.
-
-
- Local group accounts take .5 k + 36 bytes/account of hard disk space.
The database size for a single domain should not exceed 40MB. If you
have a combination of computer, user and group accounts that exceed
40MB, you must use either the multiple master or complete trust model.
-
RAS (Remote Access Services)
-
RAS is capable of using the following connection
protocols:
- SLIP - Has less overhead than PPP, but cannot automatically
assign an IP address, and only uses TCP/IP.
- PPP - Can automatically assign IP addresses, supports encryption
and other protocols besides TCP/IP.
- RAS - Used by Windows 3.x and Windows NT 3.x clients.
RAS supports call back security to either the calling
number or to a specified, non-changing number.
RAS for NT 4.0 supports multilink (the use of more than
one modem to achieve higher transmission speeds). Multilink cannot
be used with callback security unless there are two (or more)
ISDN modems configured on the same phone number.
RAS uses NetBEUI as the default network protocol, but
can also use TCP/IP and IPX/SPX. TCP/IP will need to be used if you
are using programs that utilize the Windows Sockets (Winsock) interface
over the RAS services.
RAS will default to the first network protocol on each
side of the connection. Thus, if NetBEUI is the first protocol that
is in common, Winsock applications (such as a web browser) will not
be available to the client.
To speed up NetBIOS resolution on RAS clients, put an
LMHOSTS file on each client locally.
RAS encryption settings
Allow any authentication including clear text |
This will allow RAS to use a number of password authentication
protocols including the Password Authentication Protocol (PAP)
which uses a plain-text password authentication. This option
is useful if you have a number of different types of RAS clients,
or to support third-party RAS clients. |
Require encrypted authentication |
This option will support any authentication used by RAS except
PAP. |
Require Microsoft encrypted authentication |
This option will only make use of Microsoft's CHAP (Challenge
Handshake Authentication Protocol). All Microsoft operating
systems use MS-CHAP by default. |
Require data encryption |
This option will enable the encryption of all data sent to
and from the RAS server. |
-
RAS will write to a log file which can be used for troubleshooting
RAS services. In order to enable RAS to write to the log, you have
to enable it in the Registry.
-
Netware
-
NWLink (MS's version of the IPX/SPX protocol) is
the protocol used by NT to allow Netware systems to access its resources.
NWLink is all that you need to run in order to allow
and NT system to run applications off of a NetWare server.
To allow file and print sharing between NT and a NetWare
server, CSNW (Client Services for NetWare) must be installed on the
NT system. Both NWLink and CSNW are automatically installed when Gateway
Services for Netware is installed.
Gateway Services for Netware can be implemented on your
NT Server to provide a MS client system to access your Netware server
by using the NT Server as a gateway. You must have a group account
setup on the Netware server called NTGATEWAY. In this Netware group
you must add a user account with the same name and password as the
user account set up on the NT server. This account on the NetWare
server must have the necessary permissions for the resources to be
accessed.
NWLink is automatically installed when Gateway Services
for Netware is installed.
Frame types for the NWLink protocol must match the computer
that the NT system is trying to connect with. Unmatching frame types
will cause connectivity problems between the two systems. If multiple
frame types are in use, you should manually specify each frame type.
If NT is set to auto sense the frame type it will only detect one
frame type and in the following order: 802.2, 802.3, Ethernet_II and
802.5 (token ring).
Netware 3 servers uses Bindery (Preferred Server in
CSNW).
Netware 4 servers use NDS (Default Tree and Context.)
There are two ways to change a password on a netware
server - SETPASS.EXE and the Change Password option (from the CTRL-ALT-DEL
dialog box). The Change Password option is only available to Netware
4.x servers using NDS.
-
Netware Migration
-
To convert a Netware server to an NT Server, you
will first need to implement the NWLink and Gateway Services for Netware
on the NT Server. Once the conversion has completed, you will need
to make sure all Netware workstations have had the Microsoft (SMB)
redirector installed on their systems to access the NT Server. Alternatively,
you can install File and Print Services for Netware on the NT Server.
By default, if a user account on the Netware server
you are converting has the same name as an existing user account on
the NT server, the account will not not be transferred. Use a mapping
file to specify a new user name or indicate that you want the NT user
account to be overwritten.
Use a mapping file when you are converting several Netware
servers and they contain multiple user accounts with the same name.
Also use a mapping file to preserve passwords for the Netware user
accounts. Otherwise, the passwords will be blank upon conversion to
NT.
-
Networking
-
Computer Name Resolution:
- DNS (Domain Name Services) - Used to resolve DNS host name to
an IP address.
- WINS (Windows Internet Naming Service) - Used to resolve NetBIOS
computer name to an IP address.
- HOSTS - File which contains mappings between DNS host names
and their IP addresses. Must be maintained manually.
- LMHOSTS - File which contains mappings between NetBIOS computer
names and their IP addresses. Must be maintained manually.
TCP/IP is an internet protocol currently used for most
networking situations. Each computer using TCP/IP will contain a unique
address in a x.x.x.x format (where each x equals a number
between 0 and 255) and a subnet mask.
Subnet mask - A value that is used to distinguish the
network ID portion of the IP address from the host ID.
Default gateway - A TCP/IP address for the host which
you would send packets to, to be sent elsewhere on the network (typically
a bridge or a router).
Common TCP/IP problems are caused by incorrect subnet
masks and default gateways.
Install a WINS server in addition to a DNS server to
alleviate traffic due to b node broacasts.
If bandwidth is hogged by a particular group of users
on a TCP/IP network, create a separate physical subnet by installing
a 2nd NIC on the server, installing a new hub, and putting the problem
users on this hub.
UNIX computers use the TCP/IP protocol.
NetBEUI is a non-routable protocol that is used solely
by Microsoft O/S's.
Universal Naming Convention (UNC) - Universal network
pathname which is integrated into Microsoft systems. Named as \\computername\sharename,
where computername = the NetBIOS name of the computer, and sharename
= the share name of the folder.
Trap messages are sent using SNMP (Simple Network Management
Protocol).
-
Profiles
-
Profiles are the user settings which are loaded when
a user logs in. They can contain desktop and start menu preferences.
These files can be located either locally or on a server which has
been mapped in the User Manager.
NTUser.dat and *.dat files are the typical, user-configurable
profiles used.
NTUser.man and *.man files are read-only. If the user
attempts to configure their desktop, the *.man file will not be updated.
When the user logs in again, it will restore the original profile.
You may copy profiles using the User Profiles menu located
under CONTROL PANEL | SYSTEM PROPERTIES.
-
Policies
-
Policies take precedence over profiles.
Individual policies take precendence over group policies.
Machine policies take precedence over all policies.
If there are multiple group policies, the will be applied
in the order as specfied Policy Editor (POLEDIT.EXE).
To create a domain wide policy, use POLEDIT.EXE and
save the policy as NTconfig.pol in the NetLogon shared folder on the
PDC. When a user logs on, The NetLogon checks here to see if a policy
exists.
If you've made some polices and want to apply them to
an existing domain wide policy, select them in Policy Editor and select
Copy. Next, open NTconfig.pol in NetLogon and select Paste.
-
Printing
-
Microsoft uses the terminology "Print Device"
to refer to the physical piece of hardware, whereas a "Printer"
is a conceptual idea describing the icon in the Control Panel.
NT 4.0 has the option to maintain drivers for different
operating systems on the server. Each operating system uses different
drivers. For example, NT 4.0, NT 3.51 and Win95 systems cannot use
the same print drivers. By installing the drivers for each of these
types of system on the print server, each of these tpyes of clients
can automatically download the driver they need without manual installation.
NT clients (3.51 and 4.0) automatically download updated
drivers from the server. Win95 machines will initially download print
drivers but will not automatically update to a newer version of the
driver. Win 3.1x and DOS clients must have the drivers installed on
each client manually.
-
Print Pooling - Consists of two or more identical
print devices associated with one printer.
-
Availability - This option allows you to specify
which hours the printer can be printed to.
-
Priority - This option specifies which virtual printer
should print first if other virtual printers are trying to print
to the same physical printer at the same time. Priorities range
from 1 - 99 with 1 being the lowest and 99 the highest.
You can select Restart in the Document Menu of the
printer to reprint a document from the beginning. This is useful
when a document is printing and the printer jams. Resume can be
selected to start printing where you left off.
You can change the directory containing the print
spooler in the advanced server properties for the printer.
To remedy a stalled spooler, you will need to stop
and restart the spooler services in the Server Manager.
Printing to a TCP/IP printer requires you to know
the IP address and printer name.
The DLC protocol needs to be installed in order to
connect to a HP print server.
The AppleTalk protocol needs to be installed to communicate
with Apple printers.
Use the PCL.SEP separator to switch from PostScript
to PCL.
Use PSCRIPT.SEP separator to switch from PCL to PostScript.
-
Troubleshooting
-
To create a boot disk, format the diskette from the
NT system you want a boot disk for (Win 95 and DOS will not work),
and copy over the following files: NTLDR, NTDETECT.COM, BOOT.INI and
NTBOOTDD.SYS (SCSI only).
To create an Emergency Repair diskette, you can choose
to do so either during the installation of NT, or you can run RDISK.EXE.
When RDISK.EXE is run with the /S option, the utility backs up user
accounts and file security.
To use the Emergency Repair diskette, you will need
to boot the server with the NT installation boot diskettes, and choose
to repair NT with the Emergency Repair disk that was created.
The Emergency Repair Process can a) inspect the registry
files and return them to the state on the repair disk, b) inspect
the startup environment, c) verify the system files and d) inspect
the boot sector.
To troubleshoot bootup problems, you can edit the Boot.Ini
file and add the /SOS switch to the end of the Windows NT entries
in the [Operating Systems] section of the Boot.Ini file to display
driver names while they are being loaded. The VGA startup option has
/SOS added by default.
Use the Last Known Good option on bootup to restore
the system to a bootable state if problems arise from switching video
drivers or changing registry settings.
Common error codes:
- No system or boot disk message when trying to dual-boot = BOOTSECT.DOS
is corrupt
- Copy single file non-critical error - could not copy file =
Occurs when the file already exists on the hard drive and is in
use.
-
Server stop errors - In the System Properties ->
Startup/Shutdown tab, there are options to configure where you would
like the Server stop errors to be written. The errors are written
to a .DMP file which is readable by the program DUMPEXAM.EXE. You
must have free space in a swapfile on your boot drive equal to or
larger than the amount of physical RAM in your system in order to
generate a dumpfile.
-
PDCs and BDCs
-
To upgrade from a member server to a BDC or PDC,
NT Server must be reinstalled.
To downgrade from a PDC or BDC to a member server, NT
Server must be reinstalled.
To change a PDC to a BDC, or a BDC to a PDC, you must
promote a BDC to a PDC in the Server Manager. There is no "Demote"
option, only Promote a BDC. NT will disconnect the current PDC if
online and handle everything automatically.
A BDC cannot automatically promote itself when the PDC
becomes disconnected from the network. A BDC will continue to service
login requests during the time that the PDC is unavailable.
-
Joining Domains
-
To configure a member server or NT Workstation PC
to participate in a domain while not being physically connected to
the domain, install NT and configure the PC to be a member of a workgroup
with the same name. Once it is connected to the domain, configure
it to join the domain by making the appropriate changes in Control
Panel->Network.
You cannot configure a PC to be a BDC of a domain without
being connected to the domain. This is because it will not have the
same Domain SID as the domain you want to join.
-
Domain Optimization
-
Regardless of domain model, if your network is separated
physically across slow WAN links, putting at least one BDC in each
remote location will speed up the logon process for users at that
site.
Installing a DHCP relay agent at each remote site will
enable you to centrally manage IP address assignment from one server
but will increase WAN traffic.
Installing a WINS proxy server at each remote site will
reduce local subnet traffic by intercepting b-node broadcast frames
from non-WINS enabled clients. It will also reduce WAN traffic by
using a local cache for resolution when possible.
To provide WINS redundancy, install a WINS server at
each remote site and make them push-pull partners with the master
WINS server. While this will provide WINS fault tolerance, it will
increase WAN traffic.
If you have several NT Servers acting as routers between
the subnets in your TCP/IP based network, installing RIP for IP on
them will do away with manually maintaining static routing tables,
but will increase traffic between the subnets.
-
Domain Synchronization
-
The registry contains settings which set the time
between synchronizations of domain controllers. Synchronization can
cause too much traffic and slow the network down to unacceptable levels.
In order to reduce traffic, increase the value of the Domain Synchronization
Pulse (default 5 minutes) setting in the registry of the PDC,
and decrease the value of the PulseConcurrency (how many BDCs
get synched at once, default 20) setting in the registry of the PDC.
The ReplicationGovernor key (default value 100)
determines what percentage of bandwidth can be used for synchronization.
-
Browser Services
-
All NT systems have browser services available. The
master browser will maintain a browse list which contains a list of
all workstations, servers and domains on the network. There can be
only one master browser per subnet.
PDC is always the DOMAIN master browser and in case
of PDC failure, the Administrator MUST PROMOTE a BDC to a PDC for
it to become the DOMAIN master browser. The BDC does not become DOMAIN
master browser automatically..
You can disable the ability of a system to become a
master browser by changing the value of MaintainServerList
from AUTO to NO in the registry.
-
ARC Naming Convention
-
The Advanced Risc Computing (ARC) path is located
in the BOOT.INI and is used by NTLDR to determine which disk contains
the operating system.
multi(x) |
Specifies SCSI controller with the BIOS enabled, or non-SCSI
controller.
x=ordinal number of controller. |
scsi(x) |
Defines SCSI controller with the BIOS disabled.
x=ordinal number of controller. |
disk(x) |
Defines SCSI disk which the OS resides on.
When multi is used, x=0. When scsi is used, x=
the SCSI ID number of the disk with the OS. |
rdisk(x) |
Defines disk which the OS resides on. Used when OS does not
reside on a SCSI disk.
x=0-1 if on primary controller. x=2-3 if on multi-channel EIDE
controller. |
partition(x) |
Specifies partition number which the OS resides on.
x=cardinal number of partition, and the lowest possible value
is 1. |
multi(0)disk(0)rdisk(0)partition(1). These are the lowest
numbers that an ARC path can have.
-
Performance Monitor
-
-
Memory - add more RAM if you detect problems with
the following:
- Pages/sec - excessive disk paging. Should not be above 20.
- Available bytes - virtual memory available. Should not be below
4MB.
- Commited bytes - memory being used by applications. Should be
less than RAM in computer.
-
CPU - upgrade the processor if you detect problems
with the following.
- %Processor time - amount of time the processor is in use. Upgrade
if constantly over 80%.
-
System Object: Processor Queue Length - should not
be over 2.
-
Disks - upgrade hard disk or controller, add another
hdd controller to balance the load, or implement disk striping for
multiple I/O channels if receiving inadequate disk performance.
- %Disk Time Counter - amount of time the disk is in use. Should
not be over 90%.
- Current Disk Queue Length - files in disk queue. Should not
be over 2.
Must run DISKPERF -Y to enable disk performance counters.
Alert view allows alerts to be made when the counters
surpass the threshold you set.
Log view allows the tracked objects to be written to
a log file. Used to create a baseline for future reference.
Report view gives the ability to present a consice report
of current statistics.
-
Network Monitor
-
Use Network Monitor to capture packets going to and
from an NT Server.
Use a capture filter to specify what kind of packets
to catch.
Use a display filter to filter packets that have already
been caught.
Use the <--> symbol to capture by address.
To capture packets that are coming to the NT Server
from a particular workstation, use the following syntax in your capture
filter. Assuming the workstation is named NTSYSTEM1:
- INCLUDE ANY <-- NTSYSTEM1
To filter by a particular frame of a property of a protocol
(e.g. certain command), type in the name of the protocol followed
by a colon, then the property of the protocol followed by two equal
signs and finally, the hex number of the frame type. Example:
- SMB:Command==0x0(Make Directory)
Special thanks to Joe
Seeley for providing updates to this material. |
|