NT Server 4.0 Enterprise

 

Chapter 2 Domain Models

A single domain can support between 10,000 and 25,000 users; Microsoft is on the High end, experts on low)

Four Types of Domains

  1. Single Domain Model – small organization;
    1. single regional networks
    2. no trust relationships
    3. can be scaled into another model, but forethought should be used when choosing it
    4. Advantages
      1. Works best for limited number of users and resources
      2. Centralized management of users and resources
      3. No trusts involved
    5. Disadvantages
      1. Performance degradation as domain grows
      2. Users and resources are not grouped by department
      3. Resource browsing is slowed as the number of servers increases
  2. Master Domain Model – larger user base but less than 50,000
    1. Arrange network into multiple resource domains and yet still gave the benefits of centralized administration
    2. Also called the accounts domain
      1. It contains the user accounts for the multiple domain structure reside within it
    3. The resource domain trusts the master domain
    4. All users are hosted in master domain; all resources are hosted in the lower domains
    5. Resources can be grouped by department, geographic location, or any other organizational scheme
    6. Offers centralized management, split into two categories
      1. User and group administration is performed in the top or master domain
      2. Resource management is performed within the domain that hosts the particular resource
      3. Gives each department control over its resources without compromising the overall security structure
    7. Advantages
      1. A solid solution for moderately sized networks
      2. Departmental control of resources based on subordinate domains
      3. Central user account management
      4. Global groups are defined only once
    8. Disadvantages
      1. Local groups must be defined within each resource domain
      2. Resource domains must rely on the master domain for current and secure group management
      3. Trust management is involved
  3. Multiple Master Domain Model more than 50,000
    1. Larger user base, extended over large geographical regions
    2. Extension of the master domain model
    3. Has two master domains and they trust each other
    4. Provides centralized administration of user accounts
    5. Usually set up to hold accounts via geographical region
    6. T=M(M-1)+RM
      1. T – the number of trust relationship required
      2. M – the number of master domains in the organization
      3. R – the number of resource domains in the organization
    7. Advantages
      1. Good solution for very large and growing organization
      2. Scaleable to accommodate any number of users
      3. Resources are locally and logically grouped
      4. Departmental-focused management of resources
      5. Any one of the master domains can administer all of the user accounts
    8. Disadvantages
      1. Local and global groups must be defined multiple times
      2. Large number of trust relationships to manage
      3. User accounts are spread across multiple domains
  4. Complete Trusts domain Model
    1. Organizations of any size
    2. Spread over multiple geographic regions do not require centralized administration
    3. Universal access to resources, while decentralizing administration of user accounts
    4. Users and resources are grouped by department
    5. With a two way trust, all users and all resources can be managed from any point in the network
      1. A two way trust is actually two one way trusts between the same two nodes
    6. Also called a mesh
    7. T=N(N-1)
      1. N – number of domains in organization
      2. T – number of trust relationships required
    8. Advantages
      1. Useful for organizations with no MIS
      2. Scaleable for any number of users
      3. Each department has full control over its users and resources
      4. Users and resources are located within the same domain
    9. Disadvantages
      1. No centralized administration
      2. Many trust relationships to manage
      3. All administrators must trust each other to properly manage users, groups, and resources
  5. Global groups
    1. can contain only users
    2. Groups that apply to all computers within a network
    3. Can span across domain lines into trusting domains
  6. Local groups
    1. can contain global groups and users
    2. within the domain in which it was created

 

Chapter 3 Trust Relationships

  1. When Domain A trusts Domain B, A is the trusting domain and B is the trusted domain
  2. When A trusts B that means that users on B can access resources on A, not vice versa
  3. Only two domains may participate in a single trust
  4. All trust relationships are one-way; for a two way trust each domain must set up a one way trust to each other
  5. Trusts do not carry through a domain; if A trusts B and B trusts C, A does not automatically trust C; a trust must be set up between A and C
  6. Permissions are not automatic; global groups or specific users must be given rights to the trusted domain to access resources
  7. Establishing and Configuring Trust Relationships
    1. The trusted domain should add the domain in the trusting domain sections
    2. Supply a password for this trust
    3. In the trusting Domain add a trusted domain using the previously created password.
    4. Both the trusted and trusting domain must acknowledge trust relationships
    5. Using Trust Relationships
      1. Once the trust is established the administrators can give access to the domains involved to either users or global groups from either domain
      2. Global groups can contain users only
      3. Local groups can contain users and global groups
  8. Permissions across Trust relationships
    1. Assume that when a user accesses resources across two domains that his access is not local
    2. NTFS Permissions
      1. Compare all rights associated with the share and pick the most inclusive or permissive rights
      2. Compare all NTFS permissions associated with the object and pick the most inclusive or permissive rights
      3. Compare the two and pick the less permissive of the two
    3. If object is on a FAT partition only share rights apply; pick the most permissive
    4. NO ACCESS rules all
    5. Users do not have to log into the trusted domain, if they have rights through the share the trusted domain; if they log onto a domain that is not their home domain then they are a guest
  9. Managing Multiple Trusts
    1. Can only manage the trust between the 2 domains involved nothing more
    2. Rules to live by
      1. When users in Domain A need access to resources in Domain B, domain B must trust domain A. Requires that B be a trusting domain and A to be a trusted domain in a trust relationship.
      2. When users in both domains require access to resources in each other’s domains, a two-way trust is required. This means two separate trusts; one where A trust B and B trusts A.
      3. When users in a master domain need access to resources in a resource domain, all resource domains must trust the master
      4. When multiple master domains exit, each master domain must maintain a two-way trust with each and every other master domain, permit the entire collection of master domains to function as a logical unit
      5. When multiple mater domains exist, each resource domain must establish a one-way trust with each master domain, to permit all users to access resources in all resource domains

 

Chapter 4 Rights, Permissions and User Access to Resources

  1. Access Control list
    1. Comprises a list of services (read, write, delete) and the associated users and groups who can perform each action
    2. When the user attempts to access the object the ACL is read to see what that user is allowed to do
    3. ACLs can be changed through the NT GUI or through DOS by using the CACLS command
  2. Default Groups and membership Assignment
  3. Group Name

    Default Members

    Local/Global

    Description

    Account Operators None Local Members can administer domain user and group accounts
    Administrators Domain Admins, Administrator Local Members can administer fully the computer/domain
    Backup Operators None Local Members can bypass file security to backup files
    Domain Admins Administrator Global Designated administrators of the domain
    Domain Guests Guest Global All domain guests
    Domain Users Administrator Global All domain users
    Guests Guest Local Users granted access to the computer/domain
    Print Operators None Local Members can administrator domain printers
    Replicator None Local Special group for replication
    Server Operators None, Administrator Local Members can administer domain servers
    Users Domain users Local Ordinary users
  4. NTFS Permissions
    1. Specific Operations
      1. Read (R) – object’s data contents can be accessed
      2. Write (W) – objects data contents can be changed
      3. Execute (X) – the object can be executed
      4. Delete (D) – object can be deleted
      5. Change Permissions (P) – objects access permissions can be changed
      6. Take Ownership (O) – ownership can be changed
    2. Standard Permissions Set for Files and Directories
      1. Read (RX) – files can be read or executed
      2. Change (RWXD) – read plus modify and delete
      3. Full Control (RWXDPO) – all access
      4. No access () – no access at all
    3. Standard list for Directories (First set of () is for directory itself second () is for the contents
      1. List (RX)() – can view the contents
      2. Read (RX)(RX) – users can read and traverse the directory, as well as read and execute contents
      3. Add (WX)() – users can add files to the directory, but they cannot read or change the contents
      4. Add and Read (RWX)(RX) – users can add files to and read files from the directory but they cannot change them
      5. Change (RWXD)(RWXD) – users can add, read, execute, modify, and delete the directory and its contents
      6. Full Control (RWXDPO)(RWXDPO) – users have full control over the directory and its contents
      7. No Access ()()
      8. SPECIAL ACCESS – can be defined if necessary; very intricate
  5. Shares and Permissions
    1. Combining Share and NTFS Permissions you take the least restrictive in each category and then the most restrictive of the two that are left
    2. Share permission levels
      1. No Access
      2. Read (RX) – read and execute
      3. Change (RWXD) -read, execute, modify, and delete
      4. Full Control (RWXDPO) – full control
      5. The Default is Full Control for the Everyone Group
  6. User Rights
    1. Access computer from network – logon or connect to this computer from a client on the network (Administrators)
    2. Add workstations to domain – none
    3. Back up files and directories – administrators, backup operators
    4. Change system time – Administrators, backup operators
    5. Force remote shutdown – Administrators, server operators
    6. Load/unload device drivers – administrators
    7. Log on locally – administrators, server operators, backup operators, account operators, print operators
    8. Manage audit and logs – administrators
    9. Restore files/directories – administrators, server operators, backup operators
    10. Shutdown the system – administrators, server operators, backup operators, account operators, print operators
    11. Take ownership of files or objects – administrators
    12. Additional rights available but not assigned to anyone in particular
      1. Act as part of an operating system
      2. Bypass traverse checking
      3. Create a pagefile
      4. Create a token object
      5. Create permanent shared objects
      6. Debug programs
      7. Generate security audits
      8. Increase quotas
      9. Increase scheduling priority
      10. Lock pages in memory
      11. Log on as a service
      12. Modify firmware environment values
      13. Profile single process
      14. Profile system performance
      15. Replace process-level tokens

 

Chapter 5 Optimizing Domain Use

  1. You can not change a PDC or BDC from domain to domain due to SIDs of each machine
  2. Synchronization of Domain Controllers
    1. Sends updates to the SAM regularly to the BDCs
    2. Registry controls of Synchronization
      1. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
        1. Pulse – (60 – 3,600) defines the typical pulse frequency. Default=300
          1. Number of seconds between synchronization’s
        2. PulseConcurrency – (1 –500) maximum number of BDCs that the PDC pulses simultaneously; Default = 20
          1. Number of BDCs synchronizing simultaneously
        3. PulseMaximum – (60 – 86,400) sends every BDC a pulse at this interval; default = 7,200
        4. PulseTimeout1 – (1 – 120) defines the amount of time a PDC will wait for BDC to respond to a pulse; default =5
        5. PulseTimeout2 – (60 – 3,600) defines how long the PDC waits for a BDC to complete partial synchronization; default = 300
        6. Randomize – (0 – 120) defines a backoff period for the BDC; should always be less than the PulseTimeout1; defualt = 1
        7. ReplicationGovenor – (0 –100) ; defines the packet size used in the synch process; default = 100
  3. Domain Database Info
    1. Not exceed 40MB
      1. User accounts = 1K
      2. Computer accounts = .5k
      3. Groups = 4k
  4. User Profiles
    1. *.man is mandatory
    2. *.dat is a standard profile data file
    3. \\PDC1\NetLogon\%username% in the user profile button

 

Chapter 6 NT Redundancy and Fault Tolerance

  1. Directory Replication
    1. Disseminate often-used data and regularly updated data to multiple computer to speed file access and improve reliability
    2. Any NT server can export data
    3. Any NT server, workstation or LAN Manager server can import
    4. By default the export directory is \%wintnroot%\system32\repl\export\
    5. By default the import directory is \%winntroot%\system32\repl\import\
    6. All files and directories beneath these directories are kept identical
    7. Installing Replication
      1. Create a user account that is a member of the replicator group
      2. Configure the Directory Replicator Service to start automatically with this users logon
      3. Configure Directory Replication through Server manager; import or export depending on the system
      4. Restart the machines involved
      5. Check to see if it worked
    8. Doesn’t work if the files are being accessed
    9. Status of replication can be found in Server Manager\Manage (the computer name)
      1. OK – replication successful
      2. No Master – the import server is not receiving updates from the export server, or the replication service may not be running
      3. NO Sync – no replication has been attempted
      4. [blank] – no replication has been attempted
      5. Event Viewer – type net helpmsg (error number) from command prompt to decipher code
    10. Export must be from an NTFS partition
    11. Replication can only occur between system that have system clocks that are no more than 59 minutes apart, time zones do not work
    12. all applications should point to the import directory only
    13. Only replicate small amounts of data
    14. Always export to the import directory on the export server to establish functionality
  2. Additional Configuration through the Registry
    1. KKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Replicator\Parameters
      1. Interval – (1-60) how often broadcast are sent from the export server;
      2. GuardTime – (0- half Interval) – number of minutes the export server will wait after a directory becomes stable before attempting to replicate; default = 2
  3. Fault Tolerance
    1. Disk Mirroring
      1. Slow Performance
      2. Increased cost
      3. No protection from Controoller Failure
      4. 2 Disks 1 controller
    2. Disk Duplexing
      1. Disk mirroring with two controllers
      2. No degradation of system performance
      3. More expensive because it requires the additional controller
    3. Disk Stripping
      1. No parity
      2. No fault tolerance
      3. Can be done with 2 Disks
      4. NTFS or FAT
      5. Boot and System partitions can not be part of the stripe set
    4. Disk Stripping with Parity
      1. 3 Disks required
      2. Fault tolerant
      3. NTFS only
      4. T = P*(n-1)
        1. T= total capacity
        2. P= the size of the partition
        3. N = number of partitions
      5. All partitions must be of equal size
      6. Neither Boot nor System partitions can be part of the stripe set
    5. RAID
      1. Can implement RAID 0, 1, 5
      2. Software RAID is performed by NT and requires more system overhead
      3. Hardware RAID is faster and can include the system and boot partitions
    6. Recovery
      1. Fixing Broken Mirror or Duplexes
        1. Use Disk administrator
          • Break the mirror
          • Delete the bad partition
          • Assign the drive letter to the good partition
          • Create a mirror set using a new partition and the old one
          • If the original disk has failed you must use a boot disk to get in
        2. The boot disk must contain: Boot.ini; NTLDR; ntdetect.com; ntboottdd.sys; bootsect.dos
        3. Restoring With Parity information
          1. It is done automatically but is CPU intensive and will cause the system to slow drastically.
            • Replace the drive and create a new partition of the same size and select rebuild
          2. ARC Naming
            1. "mult(#)disk(#)rdisk(#)partition(#)\Text
            2. "scsi(#)disk(#)rdisk(#)partition(#)\Text
              1. SCSI or Multi = type of controller;
              2. SCSI = means that the controller doesn’t support BIOS translation; the NTBOOTTDD.SYS file must be in the boot partition;
              3. MULTI = any controller that supports BIOS translation; can be IDE or SCSI
              4. The number after the controller is the number for the physical controllers (0 for the first, 1 for the second and so on)
              5. DISK = appears in all but is only used if SCSI appears in the ARC name; the physical number of the drive (0 for the first, 1 for the second and so on); if multi than it is set to 0
              6. RDISK = appears in all but only used if multi is the controller; if SCSI is used it is set to 0 and ignored; the physical number of the drive; 0 is the first, 1 is the second and so on
              7. PARTITION = identifies the partition; this one 1 is the first, 2 is the second and so on
              8. \PATH = the directory where the system resides
            3. The boot files are stored on the system partition; where the default WinNT directory is; and the system files are stored on the boot partition

         

        Chapter 7 Auditing Resources and Access

        1. Auditing
          1. Informs the administrator if someone attempts to access secured resources or how often a particular resources is accessed
          2. By default set to not audit, the master switch
          3. Seven event types and descriptions that can be audited from the second level once the master switch is turned on
            1. Logon and Logoff
            2. File and Object Access
            3. Use of user rights
            4. User and group management
            5. Security policy changes
            6. Restart, shutdown, and system
            7. Process tracking
          4. The third level of audit switches is on the object level
            1. Read, write and execute for files and directories
              1. Directories can also replace auditing on existing files or subdirectories or both
            2. Print instead for printers
            3. Otherwise
              1. Delete, change permissions, take ownership
          5. Does effect the system performance
        2. Account Policy
          1. Maximum and minimum password age
          2. Password length
          3. Password uniqueness
          4. Account lockout after specified failed attempts
          5. Failed counter reset
          6. Lockout duration
          7. Force users off when hours expire
          8. Require logon before password change

         

        Chapter 8 Network Protocols, Routing and Relaying

        1. TCP/IP utilities
          1. Arp – address resolution protocol; displays IP address mapped to a MAC node address
          2. Hostname – displays the name of the current computer host
          3. IPconfig – display IP configuration details
          4. LPQ – displays the status of a print queue only on a computer running DLC
          5. NBTSTAT – displays NetBIOS of TCP/IP status
          6. NETSTAT – displays TCP/IP status and statistics
          7. PING
          8. ROUTE – interacts with routing tables
          9. TRACERT – details the route used by TCP/IP
        2. Routing with Windows NT
          1. Multiprotocol Router (MPR) – requires two NICs; multiple segments
            1. RIP – routing information protocol for TCP/IP
              1. Share routing information dynamically
              2. Or can be a static router with manually configured routing tables
                • To enable you must remove ROP for IP from the computer
                  1. Manually configure the routing tables
                    1. Route and then switches
                      1. –f – removes all gateway entries from the routing table; clears the tables
                      2. –p – implements persistent routes by automatically sustaining routing changes through computer reboots
                      3. command
                        1. print – prints a route
                        2. add – adds a route
                        3. delete – deletes a route
                        4. change – modifies an existing route
                      4. destination – indicates the host or network to which you want to route
                      5. MASK – specifies that the next parameter is to be interpreted as the netmask parameter
                      6. Netmask – specifies the subnet mask value to be associated with this route entry
                      7. Gateway – specifies the default gateway
                      8. Metric – specifies that the next parameter be interpreted as the metric parameter
                      9. Metric – defines the hop count for the specified destination
          2. RIP for IPX
            1. Automatically installs the SAP agent for IPX
          3. DHCP Relay Agent
            1. Allows a small set of IP addresses to support a larger number of computers
            2. A single DHCP server can support multiple subnets connected by the NT Server
            3. Installed through the services section of the Network Applet
          4. AppleTalk Routing
            1. A function of the Services for Macintosh

       

      Chapter 9 Windows NT Names and Name Service, Plus IIS

      1. NetBIOS names
        1. 15 characters or less
        2. mandatory piece of networking
        3. NetBEAUI uses it to resolve names
        4. IPX can use it to resolve names
      2. IP Name Resolution
        1. DHCP
          1. Until a client receives its leased IP address it uses its MAC address to connect to the server
        2. DNS
          1. Domain Name Service
          2. Resolve FQDN(fully qualified domain names) through IP addresses
          3. Used to use HOST files
          4. Allows machines to find the proper location of a system without knowing the IP address
        3. WINS
          1. Maps NetBIOS names to IP addresses
          2. Recognizing NetBIOS names on all subnets
          3. Enabling internetwork browsing
          4. Used to use an LMHOST file

        WINS

        DNS

        Maps IP addresses to NetBIOS names Maps IP address to FQDNs
        Automatic client data registration Manual configuration
        Flat database name space Uses FQDNs hierarchical structure
        Used on MS clients and networks Used on TCP/IP based host and networks
        Only on entry per client Each host can have multiple aliases
        Enables domain functions such as logon and browsing N/A
      3. Internet Information Server
        1. Web – allows for HTTP access
          1. Anonymous access
          2. NT user account restricted access
          3. Activity login
          4. IP or domain name restricted/granted access
          5. Virtual server configuration
          6. Virtual directories
          7. If IIS is used with Internet Connectivity InterNIC will handle the DNS
          8. If IIS is used within a private network DNS and WINS are necessary
        2. FTP
        3. Gopher

       

      Chapter 10 Windows NT Network Monitor

      1. Must be installed; added through Services tab of Network applet
      2. Not as fully featured as SMS
      3. Doesn’t require as much system overhead
      4. NIC doesn’t need to be in promiscuous mode
        1. All the supported frame types are captured by the card due to the support for NDIS 4
        2. Save up to 30% in CPU performance
        3. Monitors on 4 type of data
          1. Frames sent from the server
          2. Frames sent to the server
          3. Broadcast frames
          4. Multicast frames
      5. To capture data simply use the Start command in the Capture pull down menu
        1. At any time it can be stopped or paused
          1. Then the contents of the frame can be viewed
        2. During and after the capture session you can view
          1. Bar graphs
            1. Real time display
            2. Percent network utilization
              • How traffic to and from the server is affecting overall network performance
            3. Frames per second
            4. Bytes per second
            5. Broadcasts per second
            6. Multicasts per second
          2. Session statistics
            1. Detail the conversations going on over the network
            2. Realtime, cumulative during each capture session
          3. Station statistics
            1. Cumulative data on the dynamics of each network conversation
            2. MAC or network address
            3. Sent frames
            4. Received frames
            5. Bytes sent
            6. Bytes received
            7. Directed frames sent
            8. Multicasts sent
            9. Broadcasts sent
          4. Summary statistics
            1. Cumulative data sets
            2. Network
            3. Captured
            4. Per second
            5. MAC
            6. MAC errors
        3. During the capture session all frames are stored in system memory; they can be saved for later investigation
      6. Capture Filters
        1. Set by Capture-> filter command
        2. Captures information can only be as large as the system memory will allow
        3. Gather data based on protocol, address pairs, and data patterns
        4. Capturing by Protocol
          1. Sap/type = {protocol} is the filter line
          2. See page 211 for list of supported protocols
        5. Capturing by Address
          1. Communication between the server and specific computer can be tracked using an address pair capture filter
          2. Up to four pairs can monitors simultaneously
          3. Consists of
            1. The MAC address of the two computers
            2. An arrow to specify which way to monitor traffic
              • - - >, < - - , <-->
            3. include or exclude keyword to instruct the Network Monitor to track the frame or to ignore it
            4. order doesn’t matter
            5. exclude commands are accessed first
            6. if a pair is represented by an exclude and include then it is ignored
            7. if no address pair is specified then the default pair is used: <your computer> ß > ANY
          4. Capturing by Data Pattern
            1. Limits a capture to frames that contain a specific ASCII or hexadecimal pattern that occurs within the entire frame or specified depth into the frame (offset) in bytes
            2. Two logical operations can be used with this OR or NOT
            3. Enable you to identify multiple patterns to capture and ignore
        6. Capture Triggers
          1. Set of conditions that initiates an action when the conditions are met
          2. Allow automation of some tasks associated with gathering network communication data
          3. Can stop or start the application
          4. Custom Triggers
            1. Nothing – default setting of no trigger
            2. Pattern match – a matched pattern within a frame; same settings as those present in the pattern match filter
            3. Buffer Space – percentage level of used buffer space
            4. Pattern match then buffer space
            5. Buffer space then pattern match
          5. Trigger Actions
            1. No action
            2. Stop capture
            3. Execute command line
        7. Dedicated Mode Captures
          1. Reduces load on CPU
          2. Prevents the Network Monitor from updating and displaying capture window statistics
          3. Only shows the total number of captured frames
          4. 4 buttons
            1. stop
            2. stop and view
            3. pause
            4. Normal mode
      7. Addressing Security Issues
        1. If no password is set, any user using SMS can access the data
        2. Identify Network Monitor Users command shows computer name, user name, state of the Network monitor, version number, and network adapter address
      8. Miscellaneous
        1. All addresses intercepted can be viewed
          1. Edit entries to alter type, address, name, or comment
          2. Manually add or delete entries
          3. This is used to associate MAC addresses with user friendly names
        2. Buffer Settings
          1. Size of the buffer used to store captured frames
          2. Default is 1 MB
          3. Maximum is 8 MB less than total ram installed
          4. Once the buffer is full it throws away old frames
          5. Size of each individual frames form 64-65,000 bytes
        3. Track multiple segments attached to different NICs in the server
        4. Find all Names
          1. Search each captured frame for a NetBIOS name
          2. All names found are added to the database
        5. Find Routers and Resolve Addresses from Names are only available with SMS

       

      Chapter 11 Managing Windows NT Performance

      1. Task Manager
        1. Identifying non-responsive applications, terminating them
        2. Identifying runaway processes, and terminating them
        3. Ascertaining the memory use levels
      2. Performance Monitor
        1. Chart View
        2. Alert View
        3. Log View
        4. Report View
        5. Add to Command
          1. Computer – which machine
          2. Objects – processor, memory, physical disk etc.
          3. Instances – identifies which instance of an object should be monitored
          4. Counters – available counters for a specific instance of an object on a chosen computer
        6. Common Objects and Counters
          1. Processor: %processor time – if 80 or more should increase processor power
          2. System: Processor Queue length – greater than 2 could need more processor power
          3. Processor: Interrupts/Sec – malfunctioning hardware, if # increases and processor time doesn’t locate faulty hardware
          4. Memory: Cache faults, page fault, page/sec – may need more ram, if # is high
          5. PhysicalDisk/LogicalDisk: %Disk time – if disk is using a large amount of processor time HD maybe a bottleneck
          6. PhysicalDisk/LogicalDisk: %Disk Bytes/transfer – how fast HD are transferring data
          7. PhysicalDisk/LogicalDisk: Current disk queue length – may need upgraded HD, is queue is long
      3. Monitoring Disk Performance
        1. To turn on disk monitors execute diskperf –y; then reboot
        2. Using Charts – alter maximum value of vertical axis, histogram or graph view, add grid lines, change update intervals
        3. Configuring Alerts
        4. Logs –
        5. Reports
        6. Miscellaneous Commands
          1. File|Save [View] settings as – save views settings to used another time
          2. File|Save Workspace – saves a view settings in a single file
          3. File|Export – saves the current views captured data in a tab – or comma delaminated file
          4. Add|Edit – edits the counter parameters or settings
          5. Add|Delete – removes the counter
          6. Options|Data From – displays data from the active network or from a log file
        7. Baselining – establish a baseline with no users attached, and then throughout a normal workday to understand when something is going wrong
        8. NT Paging File
          1. Disk striping automatically spreads it across multiple disks
          2. On a separate disk from the system files
          3. Mirroring will hurt the config
          4. Smallest is 12 MB more than the RAM
      4. Optimizing Server Settings
        1. Minimize memory used – better performance for less than 10 users
        2. Balance – best performance for 10 to 64 users
        3. Maximize throughput for file sharing – best performance for more than 64 users; default
        4. Maximize throughput for network applications – supports distributed applications (SQL Server)

       

      Chapter 12 Advanced NetWare Topics

      1. Protocols and Compatibility Issues
        1. By default sees 802.2 for 3.12, 4.x or later
        2. Before that 802.3
        3. 802.2, 802.3, 802.3 SNAP, 802.5, 802.5 SNAP
        4. correct frame type is essential for connectivity
        5. If multiple frame types are necessary, manual detection must be chosen and the frame types used must be entered
      2. Gateway Services for NetWare
        1. Install the service and restart the server
        2. Create a group on the NetWare server called NTGATEWAY
        3. User account on the NetWare server with file system rights
        4. A share that will be used
        5. Add printers through the printers applet
          1. NetWare compatible print server
        6. Called Client Services for NetWare on NT Workstation
      3. File and Print Services for NetWare – makes NT resources available to NetWare clients
      4. NetWare Migration
        1. Duplicate Accounts – default is to skip and not migrate any additional data to the NT Server
          1. Can permit duplicates to be created with a Prefix
          2. When migrating multiple NetWare servers, with multiple identical accounts, create a mapping file, can maintain passwords,

       

      Chapter 13 Advanced NT Printing

      1. Windows NT printer applet
        1. Client Application – a network program that originates print jobs, client or server based
        2. Connecting to a printer – process of attaching to a network share that resides on the computer on which the logical printer was created
        3. Creating a Printer – process of naming, defining settings for, installing drivers for, and linking a printing device to the network; performed by the "Add Printer Wizard"
        4. Network interface Printers – built-in network interface cards for print devices that are directly attached to the network; (unless specified as TCP/IP it is defaulting to DLC)
        5. Print Client – a computer on a network that transmits the print jobs to be produced by the physical device
        6. Print Device – the print device itself
        7. Print Job – the code that defines the print processing commands as well as the actual file to be printed;
        8. Print Resolution – the measurement of pixel density that is responsible for the smoothness of any image or text being printed; measured in DPI( Dots per inch)
        9. Print Server – the computer that links physical print device to the network; manages sharing
        10. Print Server Services – software components located on the print server that accepts print jobs and sends them to the print spooler for execution
        11. Print Spooler – the collection of DLLs that acquires, processes, catalogues, and disburses print jobs
        12. Print Driver – programs that enable communication between applications and devices
        13. Printer/Logical printer – the logical printer is the software interface that communicates between the operating system and the physical device
        14. Queue/Print Queue – list of files waiting to be printed
        15. Rendering –
      2. Printing With NT Server
        1. GDI – graphics device interface;
        2. Print Device – the physical device
        3. Print Driver – software driver
        4. Print Monitor
        5. Print processor
        6. Print Router
        7. Print Spooler
          1. You can change the location of the Spool file to reserve space on a drive
      3. Printing Clients
        1. Printing from Windows NT Clients – when adding the printer it automatically take the driver from server
        2. Printing from Windows 95 – as long as print driver is installed on the server it is automatically added
        3. Printing from MS-DOS or Windows 3.11 – must install the driver separately and then attach to the printer
      4. Spooling
        1. Print Priorities – 1 – 99; 1 being the lowest
          1. Can create two shared printers to the same physical printer with different priorities
        2. Separate Spool Files – it may be necessary to create separate spool files for different printers
          1. Done through the registry
          2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Printers
        3. Changing the location of the spool file
          1. Default - \%winntroot%\system32\spool
          2. Properties sheet of the printer
            1. Advanced tab
            2. Enter the path for the directory
      5. Logical Printers and printer pools
        1. Logical printer – software interface to the printer
        2. Physical Printer
        3. Printer Pool – multiple devices attached to one logical printer
          1. Printers must all be the same type
          2. Prints to which ever device is free
      6. Advanced Printing
        1. Print Commands
          1. New driver – installs or replaces existing printer driver
          2. Print processor – change the data type used by the print system
          3. Separator page – defines a document to be inserted between print jobs
          4. Enable printer pooling – assists in configuring identical printers to share a single queue
          5. Available – defines the time frame when a printer is active; if a job is sent when the printer is not available then the job is stored and spooled when if become available
          6. Priority –
          7. Spool print documents so program finishes printing
      7. Printer Shares
        1. No access
        2. Print
        3. Manage documents
        4. Full Control
        5. Default Settings
          1. Full control – administrators; server operators; print operators
          2. Manage documents – creator owner
          3. Print – everyone
      8. Multiple Printers
        1. A single physical printer can be served by multiple logical printers
        2. A single logical printer can server multiple physical printers
        3. Multiple logical printers can server multiple physical printers
      9. Print Auditing
        1. Print
        2. Full Control
        3. Delete
        4. Change permissions
        5. Take ownership
      10. TCP/IP Printing
        1. LPR ports are used for the TCP printing
        2. UNIX clients use LPR and LPD servers

       

      Chapter 14 Advanced RAS Topics

      1. Supports IPX, NetBEAUI, TCP/IP
      2. SLIP – only supports TCP/IP with static addresses
        1. Does not support encrypted passwords
      3. PPP – supports ApplTalk, TCP/IP, IPX, NetBEAUI
        1. Supports DHCP, and encrypted passwords
      4. RAS Server
        1. Only supports PPP
        2. A NetBIOS gateway is established
        3. Supports both IP and IPX routing
        4. Supports NetBIOS and windows sockets applications
        5. PPTP
        6. Multilink PPP
      5. RAS setup
        1. Modems involved
          1. Dial out
          2. Receive
          3. Both
        2. DCHP, for the computer or network
        3. What protocols
        4. Encryption settings
        5. IPX numbering automatic or configurable
      6. RAS Routing, Gateway, Firewall
        1. Routing – full access to network
        2. Gateway – NetBEAUI, access to a network
        3. Firewall – limitations placed on RAS clients
      7. RAS Security
        1. RASS Encryption
          1. Security tab of phonebook entries
          2. Or, Network configuration dialog box
          3. Allow any authentication including clear text – most permissive, uses PAP, connecting to a none Microsoft Server
          4. Require encrypted authentication – uses CHAP or SPA, connecting to a non Microsoft Server
          5. Require Microsoft encrypted authentication – MS-CHAP, a Microsoft server, data encryption
        2. RAS Callback
          1. No Call Back – when user establishes a RAS connection, they will not be called back
          2. Set By Caller – user inputs the call back number, saves on long distance,
          3. Preset To – configure the number on the server, user must always call form that number
        3. Autodial occurs when resources are accessed that come from the RAS connection
        4. Logging can be activated and stored in the device.log file
          1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters = 1
        5. Null Modem cables can be used to test RAS
        6. Name resolution can be aided with the use of DNS or WINS

       

      Chapter 15 Advanced Troubleshooting

      1. Installation Failures
        1. Media Failures
        2. Domain controller communication difficulties
        3. Stop message errors or halt on blue screen
        4. Hardware problems
        5. Dependency failures
      2. Boot Failures
        1. NTLDR Error Message – use ERD to repair or replace the files
        2. NTOSKRNL Missing error Message – user ERD
        3. Boot.INI missing error message – restore file from Backup or ERD
        4. BOOTSECT.DOS missing error message – ERD
        5. NTDETECT.COM missing error message – ERD
      3. Repair Tools
        1. Event Viewer
        2. Last Known good Configuration
        3. The Registry
        4. Emergency Repair Disk (ERD)
          1. Updated versions by running RDISK.EXE
            1. System._ HKEY_LOCAL_MACHINE\SYSTEM compressed
            2. Software._ HKEY_LOCAL_MACHINE\SOFTWARE compressed
            3. Security._ HKEY_LOCAL_MACHINE\SECURITY compressed
            4. SAM._ HKEY_LOCAL_MACHINE\SAM compressed
            5. NTUSER.DA_ default profile compressed
            6. AUTOEXEC.NT
            7. CONFIG.NT
            8. SETUP.LOG list of installed files and their checksums
            9. DEFAULT._ HKEY_USER\DEFAULT compressed
          2. Reboot the computer with the first 2 disks for NT setup
          3. Choose R for repair
          4. Select the appropriate options
          5. Inert disk 3 and the ERD disk when prompted
      4. Printing Solutions
        1. Disk space on dirve hosting the spool files
        2. Stop and restart the spooler service
      5. BOOT.INI Switches –
        1. /BASEVIDEO – boots to standard VGA video
        2. /BAUDRATE=n – sets the debugging communication baud rate when using the Kernel Debugger
        3. /CRASHBUG – loads the debugger into memory; remains inactive unless a kernel error occurs
        4. /DEBUG – loads the debugger into memory to be activated by a host debugger
        5. /DEBUGPORT=COMx – sets the debugging com port
        6. /MAXMEM:n – sets the maximum amount of RAM that NT can us
        7. /NODEBUG – no debugging information is being used
        8. /NOSERIALMICE=COMx – disables serial mouse detection on the specified port
        9. /SOS – each driver name is displayed when it is loaded