NT Server 4.0 Enterprise
Chapter 2 Domain Models
A single domain can support between 10,000 and 25,000
users; Microsoft is on the High end, experts on low)
Four Types of Domains
- Single Domain Model small organization;
- single regional networks
- no trust relationships
- can be scaled into another model, but forethought should be used when choosing it
- Advantages
- Works best for limited number of users and resources
- Centralized management of users and resources
- No trusts involved
- Disadvantages
- Performance degradation as domain grows
- Users and resources are not grouped by department
- Resource browsing is slowed as the number of servers increases
- Master Domain Model larger user base but less than 50,000
- Arrange network into multiple resource domains and yet still gave the benefits of
centralized administration
- Also called the accounts domain
- It contains the user accounts for the multiple domain structure reside within it
- The resource domain trusts the master domain
- All users are hosted in master domain; all resources are hosted in the lower domains
- Resources can be grouped by department, geographic location, or any other organizational
scheme
- Offers centralized management, split into two categories
- User and group administration is performed in the top or master domain
- Resource management is performed within the domain that hosts the particular resource
- Gives each department control over its resources without compromising the overall
security structure
- Advantages
- A solid solution for moderately sized networks
- Departmental control of resources based on subordinate domains
- Central user account management
- Global groups are defined only once
- Disadvantages
- Local groups must be defined within each resource domain
- Resource domains must rely on the master domain for current and secure group management
- Trust management is involved
- Multiple Master Domain Model more than 50,000
- Larger user base, extended over large geographical regions
- Extension of the master domain model
- Has two master domains and they trust each other
- Provides centralized administration of user accounts
- Usually set up to hold accounts via geographical region
- T=M(M-1)+RM
- T the number of trust relationship required
- M the number of master domains in the organization
- R the number of resource domains in the organization
- Advantages
- Good solution for very large and growing organization
- Scaleable to accommodate any number of users
- Resources are locally and logically grouped
- Departmental-focused management of resources
- Any one of the master domains can administer all of the user accounts
- Disadvantages
- Local and global groups must be defined multiple times
- Large number of trust relationships to manage
- User accounts are spread across multiple domains
- Complete Trusts domain Model
- Organizations of any size
- Spread over multiple geographic regions do not require centralized administration
- Universal access to resources, while decentralizing administration of user accounts
- Users and resources are grouped by department
- With a two way trust, all users and all resources can be managed from any point in the
network
- A two way trust is actually two one way trusts between the same two nodes
- Also called a mesh
- T=N(N-1)
- N number of domains in organization
- T number of trust relationships required
- Advantages
- Useful for organizations with no MIS
- Scaleable for any number of users
- Each department has full control over its users and resources
- Users and resources are located within the same domain
- Disadvantages
- No centralized administration
- Many trust relationships to manage
- All administrators must trust each other to properly manage users, groups, and resources
- Global groups
- can contain only users
- Groups that apply to all computers within a network
- Can span across domain lines into trusting domains
- Local groups
- can contain global groups and users
- within the domain in which it was created
Chapter 3 Trust Relationships
- When Domain A trusts Domain B, A is the trusting domain and B is the trusted domain
- When A trusts B that means that users on B can access resources on A, not vice versa
- Only two domains may participate in a single trust
- All trust relationships are one-way; for a two way trust each domain must set up a one
way trust to each other
- Trusts do not carry through a domain; if A trusts B and B trusts C, A does not
automatically trust C; a trust must be set up between A and C
- Permissions are not automatic; global groups or specific users must be given rights to
the trusted domain to access resources
- Establishing and Configuring Trust Relationships
- The trusted domain should add the domain in the trusting domain sections
- Supply a password for this trust
- In the trusting Domain add a trusted domain using the previously created
password.
- Both the trusted and trusting domain must acknowledge trust relationships
- Using Trust Relationships
- Once the trust is established the administrators can give access to the domains involved
to either users or global groups from either domain
- Global groups can contain users only
- Local groups can contain users and global groups
- Permissions across Trust relationships
- Assume that when a user accesses resources across two domains that his access is not
local
- NTFS Permissions
- Compare all rights associated with the share and pick the most inclusive or permissive
rights
- Compare all NTFS permissions associated with the object and pick the most inclusive or
permissive rights
- Compare the two and pick the less permissive of the two
- If object is on a FAT partition only share rights apply; pick the most permissive
- NO ACCESS rules all
- Users do not have to log into the trusted domain, if they have rights through the share
the trusted domain; if they log onto a domain that is not their home domain then they are
a guest
- Managing Multiple Trusts
- Can only manage the trust between the 2 domains involved nothing more
- Rules to live by
- When users in Domain A need access to resources in Domain B, domain B must trust domain
A. Requires that B be a trusting domain and A to be a trusted domain in a trust
relationship.
- When users in both domains require access to resources in each others domains, a
two-way trust is required. This means two separate trusts; one where A trust B and B
trusts A.
- When users in a master domain need access to resources in a resource domain, all
resource domains must trust the master
- When multiple master domains exit, each master domain must maintain a two-way trust with
each and every other master domain, permit the entire collection of master domains to
function as a logical unit
- When multiple mater domains exist, each resource domain must establish a one-way trust
with each master domain, to permit all users to access resources in all resource domains
Chapter 4 Rights, Permissions and User Access to Resources
- Access Control list
- Comprises a list of services (read, write, delete) and the associated users and groups
who can perform each action
- When the user attempts to access the object the ACL is read to see what that user is
allowed to do
- ACLs can be changed through the NT GUI or through DOS by using the CACLS command
- Default Groups and membership Assignment
Group Name |
Default Members |
Local/Global |
Description |
Account Operators |
None |
Local |
Members can administer domain user and group
accounts |
Administrators |
Domain Admins, Administrator |
Local |
Members can administer fully the
computer/domain |
Backup Operators |
None |
Local |
Members can bypass file security to backup
files |
Domain Admins |
Administrator |
Global |
Designated administrators of the domain |
Domain Guests |
Guest |
Global |
All domain guests |
Domain Users |
Administrator |
Global |
All domain users |
Guests |
Guest |
Local |
Users granted access to the computer/domain |
Print Operators |
None |
Local |
Members can administrator domain printers |
Replicator |
None |
Local |
Special group for replication |
Server Operators |
None, Administrator |
Local |
Members can administer domain servers |
Users |
Domain users |
Local |
Ordinary users |
- NTFS Permissions
- Specific Operations
- Read (R) objects data contents can be accessed
- Write (W) objects data contents can be changed
- Execute (X) the object can be executed
- Delete (D) object can be deleted
- Change Permissions (P) objects access permissions can be changed
- Take Ownership (O) ownership can be changed
- Standard Permissions Set for Files and Directories
- Read (RX) files can be read or executed
- Change (RWXD) read plus modify and delete
- Full Control (RWXDPO) all access
- No access () no access at all
- Standard list for Directories (First set of () is for directory itself second () is for
the contents
- List (RX)() can view the contents
- Read (RX)(RX) users can read and traverse the directory, as well as read and
execute contents
- Add (WX)() users can add files to the directory, but they cannot read or change
the contents
- Add and Read (RWX)(RX) users can add files to and read files from the directory
but they cannot change them
- Change (RWXD)(RWXD) users can add, read, execute, modify, and delete the
directory and its contents
- Full Control (RWXDPO)(RWXDPO) users have full control over the directory and its
contents
- No Access ()()
- SPECIAL ACCESS can be defined if necessary; very intricate
- Shares and Permissions
- Combining Share and NTFS Permissions you take the least restrictive in each category and
then the most restrictive of the two that are left
- Share permission levels
- No Access
- Read (RX) read and execute
- Change (RWXD) -read, execute, modify, and delete
- Full Control (RWXDPO) full control
- The Default is Full Control for the Everyone Group
- User Rights
- Access computer from network logon or connect to this computer from a client on
the network (Administrators)
- Add workstations to domain none
- Back up files and directories administrators, backup operators
- Change system time Administrators, backup operators
- Force remote shutdown Administrators, server operators
- Load/unload device drivers administrators
- Log on locally administrators, server operators, backup operators, account
operators, print operators
- Manage audit and logs administrators
- Restore files/directories administrators, server operators, backup operators
- Shutdown the system administrators, server operators, backup operators, account
operators, print operators
- Take ownership of files or objects administrators
- Additional rights available but not assigned to anyone in particular
- Act as part of an operating system
- Bypass traverse checking
- Create a pagefile
- Create a token object
- Create permanent shared objects
- Debug programs
- Generate security audits
- Increase quotas
- Increase scheduling priority
- Lock pages in memory
- Log on as a service
- Modify firmware environment values
- Profile single process
- Profile system performance
- Replace process-level tokens
Chapter 5 Optimizing Domain Use
- You can not change a PDC or BDC from domain to domain due to SIDs of each machine
- Synchronization of Domain Controllers
- Sends updates to the SAM regularly to the BDCs
- Registry controls of Synchronization
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
- Pulse (60 3,600) defines the typical pulse frequency. Default=300
- Number of seconds between synchronizations
- PulseConcurrency (1 500) maximum number of BDCs that the PDC pulses
simultaneously; Default = 20
- Number of BDCs synchronizing simultaneously
- PulseMaximum (60 86,400) sends every BDC a pulse at this interval; default
= 7,200
- PulseTimeout1 (1 120) defines the amount of time a PDC will wait for BDC
to respond to a pulse; default =5
- PulseTimeout2 (60 3,600) defines how long the PDC waits for a BDC to
complete partial synchronization; default = 300
- Randomize (0 120) defines a backoff period for the BDC; should always be
less than the PulseTimeout1; defualt = 1
- ReplicationGovenor (0 100) ; defines the packet size used in the synch
process; default = 100
- Domain Database Info
- Not exceed 40MB
- User accounts = 1K
- Computer accounts = .5k
- Groups = 4k
- User Profiles
- *.man is mandatory
- *.dat is a standard profile data file
- \\PDC1\NetLogon\%username% in the user profile button
Chapter 6 NT Redundancy and Fault Tolerance
- Directory Replication
- Disseminate often-used data and regularly updated data to multiple computer to speed
file access and improve reliability
- Any NT server can export data
- Any NT server, workstation or LAN Manager server can import
- By default the export directory is \%wintnroot%\system32\repl\export\
- By default the import directory is \%winntroot%\system32\repl\import\
- All files and directories beneath these directories are kept identical
- Installing Replication
- Create a user account that is a member of the replicator group
- Configure the Directory Replicator Service to start automatically with this users logon
- Configure Directory Replication through Server manager; import or export depending on
the system
- Restart the machines involved
- Check to see if it worked
- Doesnt work if the files are being accessed
- Status of replication can be found in Server Manager\Manage (the computer name)
- OK replication successful
- No Master the import server is not receiving updates from the export server, or
the replication service may not be running
- NO Sync no replication has been attempted
- [blank] no replication has been attempted
- Event Viewer type net helpmsg (error number) from command prompt to decipher code
- Export must be from an NTFS partition
- Replication can only occur between system that have system clocks that are no more than
59 minutes apart, time zones do not work
- all applications should point to the import directory only
- Only replicate small amounts of data
- Always export to the import directory on the export server to establish functionality
- Additional Configuration through the Registry
- KKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Replicator\Parameters
- Interval (1-60) how often broadcast are sent from the export server;
- GuardTime (0- half Interval) number of minutes the export server will wait
after a directory becomes stable before attempting to replicate; default = 2
- Fault Tolerance
- Disk Mirroring
- Slow Performance
- Increased cost
- No protection from Controoller Failure
- 2 Disks 1 controller
- Disk Duplexing
- Disk mirroring with two controllers
- No degradation of system performance
- More expensive because it requires the additional controller
- Disk Stripping
- No parity
- No fault tolerance
- Can be done with 2 Disks
- NTFS or FAT
- Boot and System partitions can not be part of the stripe set
- Disk Stripping with Parity
- 3 Disks required
- Fault tolerant
- NTFS only
- T = P*(n-1)
- T= total capacity
- P= the size of the partition
- N = number of partitions
- All partitions must be of equal size
- Neither Boot nor System partitions can be part of the stripe set
- RAID
- Can implement RAID 0, 1, 5
- Software RAID is performed by NT and requires more system overhead
- Hardware RAID is faster and can include the system and boot partitions
- Recovery
- Fixing Broken Mirror or Duplexes
- Use Disk administrator
- Break the mirror
- Delete the bad partition
- Assign the drive letter to the good partition
- Create a mirror set using a new partition and the old one
- If the original disk has failed you must use a boot disk to get in
- The boot disk must contain: Boot.ini; NTLDR; ntdetect.com; ntboottdd.sys; bootsect.dos
- Restoring With Parity information
- It is done automatically but is CPU intensive and will cause the system to slow
drastically.
- Replace the drive and create a new partition of the same size and select rebuild
- ARC Naming
- "mult(#)disk(#)rdisk(#)partition(#)\Text
- "scsi(#)disk(#)rdisk(#)partition(#)\Text
- SCSI or Multi = type of controller;
- SCSI = means that the controller doesnt support BIOS translation; the
NTBOOTTDD.SYS file must be in the boot partition;
- MULTI = any controller that supports BIOS translation; can be IDE or SCSI
- The number after the controller is the number for the physical controllers (0 for the
first, 1 for the second and so on)
- DISK = appears in all but is only used if SCSI appears in the ARC name; the physical
number of the drive (0 for the first, 1 for the second and so on); if multi than it is set
to 0
- RDISK = appears in all but only used if multi is the controller; if SCSI is used it is
set to 0 and ignored; the physical number of the drive; 0 is the first, 1 is the second
and so on
- PARTITION = identifies the partition; this one 1 is the first, 2 is the second and so on
- \PATH = the directory where the system resides
- The boot files are stored on the system partition; where the default WinNT directory is;
and the system files are stored on the boot partition
Chapter 7 Auditing Resources and Access
- Auditing
- Informs the administrator if someone attempts to access secured resources or how often a
particular resources is accessed
- By default set to not audit, the master switch
- Seven event types and descriptions that can be audited from the second level once the
master switch is turned on
- Logon and Logoff
- File and Object Access
- Use of user rights
- User and group management
- Security policy changes
- Restart, shutdown, and system
- Process tracking
- The third level of audit switches is on the object level
- Read, write and execute for files and directories
- Directories can also replace auditing on existing files or subdirectories or both
- Print instead for printers
- Otherwise
- Delete, change permissions, take ownership
- Does effect the system performance
- Account Policy
- Maximum and minimum password age
- Password length
- Password uniqueness
- Account lockout after specified failed attempts
- Failed counter reset
- Lockout duration
- Force users off when hours expire
- Require logon before password change
Chapter 8 Network Protocols, Routing and Relaying
TCP/IP utilities
- Arp address resolution protocol; displays IP address mapped to a MAC node address
- Hostname displays the name of the current computer host
- IPconfig display IP configuration details
- LPQ displays the status of a print queue only on a computer running DLC
- NBTSTAT displays NetBIOS of TCP/IP status
- NETSTAT displays TCP/IP status and statistics
- PING
- ROUTE interacts with routing tables
- TRACERT details the route used by TCP/IP
Routing with Windows NT
- Multiprotocol Router (MPR) requires two NICs; multiple segments
- RIP routing information protocol for TCP/IP
- Share routing information dynamically
- Or can be a static router with manually configured routing tables
- To enable you must remove ROP for IP from the computer
- Manually configure the routing tables
- Route and then switches
- f removes all gateway entries from the routing table; clears the tables
- p implements persistent routes by automatically sustaining routing changes
through computer reboots
- command
- print prints a route
- add adds a route
- delete deletes a route
- change modifies an existing route
- destination indicates the host or network to which you want to route
- MASK specifies that the next parameter is to be interpreted as the netmask
parameter
- Netmask specifies the subnet mask value to be associated with this route entry
- Gateway specifies the default gateway
- Metric specifies that the next parameter be interpreted as the metric parameter
- Metric defines the hop count for the specified destination
- RIP for IPX
- Automatically installs the SAP agent for IPX
- DHCP Relay Agent
- Allows a small set of IP addresses to support a larger number of computers
- A single DHCP server can support multiple subnets connected by the NT Server
- Installed through the services section of the Network Applet
- AppleTalk Routing
- A function of the Services for Macintosh
Chapter 9 Windows NT Names and Name Service, Plus IIS
NetBIOS names
- 15 characters or less
- mandatory piece of networking
- NetBEAUI uses it to resolve names
- IPX can use it to resolve names
IP Name Resolution
- DHCP
- Until a client receives its leased IP address it uses its MAC address to connect to the
server
- DNS
- Domain Name Service
- Resolve FQDN(fully qualified domain names) through IP addresses
- Used to use HOST files
- Allows machines to find the proper location of a system without knowing the IP address
- WINS
- Maps NetBIOS names to IP addresses
- Recognizing NetBIOS names on all subnets
- Enabling internetwork browsing
- Used to use an LMHOST file
WINS |
DNS |
Maps IP addresses to NetBIOS names |
Maps IP address to FQDNs |
Automatic client data registration |
Manual configuration |
Flat database name space |
Uses FQDNs hierarchical structure |
Used on MS clients and networks |
Used on TCP/IP based host and networks |
Only on entry per client |
Each host can have multiple aliases |
Enables domain functions such as logon and
browsing |
N/A |
Internet Information Server
- Web allows for HTTP access
- Anonymous access
- NT user account restricted access
- Activity login
- IP or domain name restricted/granted access
- Virtual server configuration
- Virtual directories
- If IIS is used with Internet Connectivity InterNIC will handle the DNS
- If IIS is used within a private network DNS and WINS are necessary
- FTP
- Gopher
Chapter 10 Windows NT Network Monitor
Must be installed; added through Services tab of Network applet
Not as fully featured as SMS
Doesnt require as much system overhead
NIC doesnt need to be in promiscuous mode
- All the supported frame types are captured by the card due to the support for NDIS 4
- Save up to 30% in CPU performance
- Monitors on 4 type of data
- Frames sent from the server
- Frames sent to the server
- Broadcast frames
- Multicast frames
To capture data simply use the Start command in the Capture pull down menu
- At any time it can be stopped or paused
- Then the contents of the frame can be viewed
- During and after the capture session you can view
- Bar graphs
- Real time display
- Percent network utilization
- How traffic to and from the server is affecting overall network performance
- Frames per second
- Bytes per second
- Broadcasts per second
- Multicasts per second
- Session statistics
- Detail the conversations going on over the network
- Realtime, cumulative during each capture session
- Station statistics
- Cumulative data on the dynamics of each network conversation
- MAC or network address
- Sent frames
- Received frames
- Bytes sent
- Bytes received
- Directed frames sent
- Multicasts sent
- Broadcasts sent
- Summary statistics
- Cumulative data sets
- Network
- Captured
- Per second
- MAC
- MAC errors
- During the capture session all frames are stored in system memory; they can be saved for
later investigation
Capture Filters
- Set by Capture-> filter command
- Captures information can only be as large as the system memory will allow
- Gather data based on protocol, address pairs, and data patterns
- Capturing by Protocol
- Sap/type = {protocol} is the filter line
- See page 211 for list of supported protocols
- Capturing by Address
- Communication between the server and specific computer can be tracked using an address
pair capture filter
- Up to four pairs can monitors simultaneously
- Consists of
- The MAC address of the two computers
- An arrow to specify which way to monitor traffic
- include or exclude keyword to instruct the Network Monitor to track the frame or to
ignore it
- order doesnt matter
- exclude commands are accessed first
- if a pair is represented by an exclude and include then it is ignored
- if no address pair is specified then the default pair is used: <your computer> ß > ANY
- Capturing by Data Pattern
- Limits a capture to frames that contain a specific ASCII or hexadecimal pattern that
occurs within the entire frame or specified depth into the frame (offset) in bytes
- Two logical operations can be used with this OR or NOT
- Enable you to identify multiple patterns to capture and ignore
- Capture Triggers
- Set of conditions that initiates an action when the conditions are met
- Allow automation of some tasks associated with gathering network communication data
- Can stop or start the application
- Custom Triggers
- Nothing default setting of no trigger
- Pattern match a matched pattern within a frame; same settings as those present in
the pattern match filter
- Buffer Space percentage level of used buffer space
- Pattern match then buffer space
- Buffer space then pattern match
- Trigger Actions
- No action
- Stop capture
- Execute command line
- Dedicated Mode Captures
- Reduces load on CPU
- Prevents the Network Monitor from updating and displaying capture window statistics
- Only shows the total number of captured frames
- 4 buttons
- stop
- stop and view
- pause
- Normal mode
Addressing Security Issues
- If no password is set, any user using SMS can access the data
- Identify Network Monitor Users command shows computer name, user name, state of the
Network monitor, version number, and network adapter address
Miscellaneous
- All addresses intercepted can be viewed
- Edit entries to alter type, address, name, or comment
- Manually add or delete entries
- This is used to associate MAC addresses with user friendly names
- Buffer Settings
- Size of the buffer used to store captured frames
- Default is 1 MB
- Maximum is 8 MB less than total ram installed
- Once the buffer is full it throws away old frames
- Size of each individual frames form 64-65,000 bytes
- Track multiple segments attached to different NICs in the server
- Find all Names
- Search each captured frame for a NetBIOS name
- All names found are added to the database
- Find Routers and Resolve Addresses from Names are only available with SMS
Chapter 11 Managing Windows NT Performance
Task Manager
- Identifying non-responsive applications, terminating them
- Identifying runaway processes, and terminating them
- Ascertaining the memory use levels
Performance Monitor
- Chart View
- Alert View
- Log View
- Report View
- Add to Command
- Computer which machine
- Objects processor, memory, physical disk etc.
- Instances identifies which instance of an object should be monitored
- Counters available counters for a specific instance of an object on a chosen
computer
- Common Objects and Counters
- Processor: %processor time if 80 or more should increase processor power
- System: Processor Queue length greater than 2 could need more processor power
- Processor: Interrupts/Sec malfunctioning hardware, if # increases and processor
time doesnt locate faulty hardware
- Memory: Cache faults, page fault, page/sec may need more ram, if # is high
- PhysicalDisk/LogicalDisk: %Disk time if disk is using a large amount of processor
time HD maybe a bottleneck
- PhysicalDisk/LogicalDisk: %Disk Bytes/transfer how fast HD are transferring data
- PhysicalDisk/LogicalDisk: Current disk queue length may need upgraded HD, is
queue is long
Monitoring Disk Performance
- To turn on disk monitors execute diskperf y; then reboot
- Using Charts alter maximum value of vertical axis, histogram or graph view, add
grid lines, change update intervals
- Configuring Alerts
- Logs
- Reports
- Miscellaneous Commands
- File|Save [View] settings as save views settings to used another time
- File|Save Workspace saves a view settings in a single file
- File|Export saves the current views captured data in a tab or comma
delaminated file
- Add|Edit edits the counter parameters or settings
- Add|Delete removes the counter
- Options|Data From displays data from the active network or from a log file
- Baselining establish a baseline with no users attached, and then throughout a
normal workday to understand when something is going wrong
- NT Paging File
- Disk striping automatically spreads it across multiple disks
- On a separate disk from the system files
- Mirroring will hurt the config
- Smallest is 12 MB more than the RAM
Optimizing Server Settings
- Minimize memory used better performance for less than 10 users
- Balance best performance for 10 to 64 users
- Maximize throughput for file sharing best performance for more than 64 users;
default
- Maximize throughput for network applications supports distributed applications
(SQL Server)
Chapter 12 Advanced NetWare Topics
Protocols and Compatibility Issues
- By default sees 802.2 for 3.12, 4.x or later
- Before that 802.3
- 802.2, 802.3, 802.3 SNAP, 802.5, 802.5 SNAP
- correct frame type is essential for connectivity
- If multiple frame types are necessary, manual detection must be chosen and the frame
types used must be entered
Gateway Services for NetWare
- Install the service and restart the server
- Create a group on the NetWare server called NTGATEWAY
- User account on the NetWare server with file system rights
- A share that will be used
- Add printers through the printers applet
- NetWare compatible print server
- Called Client Services for NetWare on NT Workstation
File and Print Services for NetWare makes NT resources available to NetWare
clients
NetWare Migration
- Duplicate Accounts default is to skip and not migrate any additional data to the
NT Server
- Can permit duplicates to be created with a Prefix
- When migrating multiple NetWare servers, with multiple identical accounts, create a
mapping file, can maintain passwords,
Chapter 13 Advanced NT Printing
Windows NT printer applet
- Client Application a network program that originates print jobs, client or server
based
- Connecting to a printer process of attaching to a network share that resides on
the computer on which the logical printer was created
- Creating a Printer process of naming, defining settings for, installing drivers
for, and linking a printing device to the network; performed by the "Add Printer
Wizard"
- Network interface Printers built-in network interface cards for print devices
that are directly attached to the network; (unless specified as TCP/IP it is defaulting to
DLC)
- Print Client a computer on a network that transmits the print jobs to be produced
by the physical device
- Print Device the print device itself
- Print Job the code that defines the print processing commands as well as the
actual file to be printed;
- Print Resolution the measurement of pixel density that is responsible for the
smoothness of any image or text being printed; measured in DPI( Dots per inch)
- Print Server the computer that links physical print device to the network;
manages sharing
- Print Server Services software components located on the print server that
accepts print jobs and sends them to the print spooler for execution
- Print Spooler the collection of DLLs that acquires, processes, catalogues, and
disburses print jobs
- Print Driver programs that enable communication between applications and devices
- Printer/Logical printer the logical printer is the software interface that
communicates between the operating system and the physical device
- Queue/Print Queue list of files waiting to be printed
- Rendering
Printing With NT Server
- GDI graphics device interface;
- Print Device the physical device
- Print Driver software driver
- Print Monitor
- Print processor
- Print Router
- Print Spooler
- You can change the location of the Spool file to reserve space on a drive
Printing Clients
- Printing from Windows NT Clients when adding the printer it automatically take
the driver from server
- Printing from Windows 95 as long as print driver is installed on the server it is
automatically added
- Printing from MS-DOS or Windows 3.11 must install the driver separately and then
attach to the printer
Spooling
- Print Priorities 1 99; 1 being the lowest
- Can create two shared printers to the same physical printer with different priorities
- Separate Spool Files it may be necessary to create separate spool files for
different printers
- Done through the registry
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Printers
- Changing the location of the spool file
- Default - \%winntroot%\system32\spool
- Properties sheet of the printer
- Advanced tab
- Enter the path for the directory
Logical Printers and printer pools
- Logical printer software interface to the printer
- Physical Printer
- Printer Pool multiple devices attached to one logical printer
- Printers must all be the same type
- Prints to which ever device is free
Advanced Printing
- Print Commands
- New driver installs or replaces existing printer driver
- Print processor change the data type used by the print system
- Separator page defines a document to be inserted between print jobs
- Enable printer pooling assists in configuring identical printers to share a
single queue
- Available defines the time frame when a printer is active; if a job is sent when
the printer is not available then the job is stored and spooled when if become available
- Priority
- Spool print documents so program finishes printing
Printer Shares
- No access
- Print
- Manage documents
- Full Control
- Default Settings
- Full control administrators; server operators; print operators
- Manage documents creator owner
- Print everyone
Multiple Printers
- A single physical printer can be served by multiple logical printers
- A single logical printer can server multiple physical printers
- Multiple logical printers can server multiple physical printers
Print Auditing
- Print
- Full Control
- Delete
- Change permissions
- Take ownership
TCP/IP Printing
- LPR ports are used for the TCP printing
- UNIX clients use LPR and LPD servers
Chapter 14 Advanced RAS Topics
Supports IPX, NetBEAUI, TCP/IP
SLIP only supports TCP/IP with static addresses
- Does not support encrypted passwords
PPP supports ApplTalk, TCP/IP, IPX, NetBEAUI
- Supports DHCP, and encrypted passwords
RAS Server
- Only supports PPP
- A NetBIOS gateway is established
- Supports both IP and IPX routing
- Supports NetBIOS and windows sockets applications
- PPTP
- Multilink PPP
RAS setup
- Modems involved
- Dial out
- Receive
- Both
- DCHP, for the computer or network
- What protocols
- Encryption settings
- IPX numbering automatic or configurable
RAS Routing, Gateway, Firewall
- Routing full access to network
- Gateway NetBEAUI, access to a network
- Firewall limitations placed on RAS clients
RAS Security
- RASS Encryption
- Security tab of phonebook entries
- Or, Network configuration dialog box
- Allow any authentication including clear text most permissive, uses PAP,
connecting to a none Microsoft Server
- Require encrypted authentication uses CHAP or SPA, connecting to a non Microsoft
Server
- Require Microsoft encrypted authentication MS-CHAP, a Microsoft server, data
encryption
- RAS Callback
- No Call Back when user establishes a RAS connection, they will not be called back
- Set By Caller user inputs the call back number, saves on long distance,
- Preset To configure the number on the server, user must always call form that
number
- Autodial occurs when resources are accessed that come from the RAS connection
- Logging can be activated and stored in the device.log file
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters = 1
- Null Modem cables can be used to test RAS
- Name resolution can be aided with the use of DNS or WINS
Chapter 15 Advanced Troubleshooting
Installation Failures
- Media Failures
- Domain controller communication difficulties
- Stop message errors or halt on blue screen
- Hardware problems
- Dependency failures
Boot Failures
- NTLDR Error Message use ERD to repair or replace the files
- NTOSKRNL Missing error Message user ERD
- Boot.INI missing error message restore file from Backup or ERD
- BOOTSECT.DOS missing error message ERD
- NTDETECT.COM missing error message ERD
Repair Tools
- Event Viewer
- Last Known good Configuration
- The Registry
- Emergency Repair Disk (ERD)
- Updated versions by running RDISK.EXE
- System._ HKEY_LOCAL_MACHINE\SYSTEM compressed
- Software._ HKEY_LOCAL_MACHINE\SOFTWARE compressed
- Security._ HKEY_LOCAL_MACHINE\SECURITY compressed
- SAM._ HKEY_LOCAL_MACHINE\SAM compressed
- NTUSER.DA_ default profile compressed
- AUTOEXEC.NT
- CONFIG.NT
- SETUP.LOG list of installed files and their checksums
- DEFAULT._ HKEY_USER\DEFAULT compressed
- Reboot the computer with the first 2 disks for NT setup
- Choose R for repair
- Select the appropriate options
- Inert disk 3 and the ERD disk when prompted
Printing Solutions
- Disk space on dirve hosting the spool files
- Stop and restart the spooler service
BOOT.INI Switches
- /BASEVIDEO boots to standard VGA video
- /BAUDRATE=n sets the debugging communication baud rate when using the Kernel
Debugger
- /CRASHBUG loads the debugger into memory; remains inactive unless a kernel error
occurs
- /DEBUG loads the debugger into memory to be activated by a host debugger
- /DEBUGPORT=COMx sets the debugging com port
- /MAXMEM:n sets the maximum amount of RAM that NT can us
- /NODEBUG no debugging information is being used
- /NOSERIALMICE=COMx disables serial mouse detection on the specified port
- /SOS each driver name is displayed when it is loaded