How do you move a PDC or a BDC to a new domain? Change the Domain Name System Policy Editor will allow you to restrict logon times – true or false? False What is the correct syntax to start a program such as Network Monitor with a low priority start /low netmon A local group is located in each computers account database Why would you run Win16 apps in a separate NTVDMS? To allow a Win16 app to interoperate with other apps in a separate memory space Will you be able to run Win16 apps which rely on shared memory to exchange data No If you have multiple Mac subnets attached to multiple Nics and only one subnet can see the server, what is wrong? You need to enable routing in the AppleTalk Protocol config dialog box What files are required for a boot disk on a machine with SCSI drives with their bios enabled NTLDR NTDETECT.COMBOOT.INI When do you need the NTBOOTDD.SYS file? If your SCSI controller does not have it?s BIOS enabled? When will the BOOTSECT.DOS file be required? When you need to boot into another OS on your system, such as MS-DOS or Win95 What is the proper syntax for sending a print job to a TCP/IP printer on a Unix host? Lpr -S [IP address of Unix Host] -P [Printer Name] [filename] Both S and P are capitalized What is the Directory Replication Service Interval? Interval at which the export computer checks for changes to the replicated directories Do Shares use forward slash or backslash in the pathname? Backslash, same as DOS commands Do Internet names use forward slash or backslash in the path? Forward slash – (as per Unix) What is the first step you should take when one disk in a mirror set fails Break the mirror What is the name of the application which examines memory dump files, extracts info and writes the info to a text log? Dumpexam What can you do if you suspect a bottleneck because too many Win95 clients are trying to access the same policy file? Use Policy Editor to enable load balancing on the Win95 clients What two files are required in the Winnt.exe command line in order to setup multiple machines, including applications without physically being at the client computer? UNATTEND.txt and the file name of the .UDF If you have Administrator Services loaded on a Win95 client can you manage the DHCP Server on your PDC? No – the DHCP service can only be managed locally Which method of licensing is the default when you install a new copy of NT Server 4? What is the other method? Per Server – other is Per Seat What types of networks is the default licensing option good for Small networks or internet attached machines Why would you switch from the default licensing option? As you add servers, each client would need a separate license for each server they attach to. Per Seat licensing allows the client to connect to as many Servers as necessary? Are Sparc Ultra RISC machines supported by NT Server 4.0 No Are PA RISC machines supported by NT Server 4.0 No What does the OSLOADER.EXE program do? On a RISC machine it replaces the functions of NTLDR, NTDETECT.COM and BOOTSECT.DOS on a PC What do you use to configure IIS? Internet Service Manager Program What TCP/IP protocols are supported by IIS FTP, HTTP and Gopher Is there any user data on the ERD No Which versions or types of Netware servers require that you specify a Default Tree and Context? Those not using Bindery Emulation – Netware 4.x Which versions or types of Netware servers require that you specify a Preferred Server? Netware 3.x or those using Bindery Emulation What is an NDS tree? Netware equivalent of a Domain What is the default frame type used by NT Server 4.0 802.2 Which versions of Netware use 802.3 frames pre 3.12 (1+2=3 “802.”3″) 3.12 actually uses 802.2 frame types – industry standard What is the role of a Member Server (stand alone server) database server, communications, resource server etc – do not authenticate users Where do you add display adapter drivers In the Display applet in Control Panel Where do you change the Mouse Pointer Icons? In the Mouse applet in Contol Panel What partition are the WinNT files on? Boot Partition What partition are the boot files on? System Partition How do you convert a FAT partition to an NTFS partition? If it is empty – reformat using Disk Administrator If it has files on it use the CONVERT.exe program from a DOS prompt. Is Migration Tool for Netware part of GSNW Yes How do you add an NT machine to the domain Add it in Server Manager, then boot it into network What does cacls.exe do? Command line application to set permissions on a remote share. How do you configure an alert in Performance Monitor to send a message? Check “Send Network Message” and add the correct name to the “Net Name” field. What all can you automatically configure for clients when you are running the DHCP service NetBios Name resolution DNS ServerWins ServerIP address What steps are necessary to renew an account which has expired Set a new expiry date in the future (you can also select “newer expires” Where is the best place for a paging file On a partition other than the boot partition – unless you have no choice (eg. Never put it on a stripe set with parity) What protocols can RAS be configured to use for dial out or dial in TCP/IP, NetBeui, NWLink What protocols can be used with RAS autodial TCP/IP and NetBeui HOME | WIN 2000 | NT 4.0 | INFO | LINKS | BOARDS | CAREERS | BOOKS | COMPTIA | CONTACT You can’t very well use NT until you get it installed, right? In order to install NT, your machine must meet the following requirements: ? CD-ROM unless this will be a network installation There are a couple of different options for setup. If you are upgrading from an earlier version of NT, then you will use WINNT32.EXE. If you are upgrading from DOS or Win95 then you will use WINNT.EXE. At this point installation will begin and should be pretty self explanatory until you get to the upgrade or fresh install option. If you are upgrading your server from a previous version, then you will probably want to select upgrade as it will preserve your user accts and all directory and share info. This will save you the huge pain in the ass of setting all of this up all over again. Fresh install should be self-explanatory. The next step of note is selecting the partition that NT will install onto. This option will allow you to delete partitions as well, but don’t be a dumbass and delete any vital ones. Next you will be asked how you would like this partition to be formatted. Your options wil be something like: ? Convert an HPFS/HPFS386 partition to NTFS(This is for a LAN Manager upgrade only) The differences between the file systems will be discussed later, so read on! Next, setup will run a version of CHKDSK and then you will be prompted to select a directory to install the NT files into. The recommended directory is WINNT. After all of this you will reboot and the more “windows style” set up will begin. The next step of note is to designate whether the machine will be a PDC, BDC or Server. It is important to select this correctly the first time as you can’t go back and change it later. The first NT Server that you install will be a PDC. Microsoft recommends 1 BDC for every 2000 users. More than this can cause unneccesary network traffic. Now who has time to sit with the NT machine for 45 minutes to an hour. That kind of time cuts into cocktail time, which is why Micro$oft provided options for unattended installations. With a little configuring beforehand, NT will do the whole installation for you and you can take off for drinks with your friends. In order for this to work, you need a “script” known as an answer file that provides instructions to the setup program. This script can be handwritten in a text editor such as notepad or use the utility supplied with NT called Setup Manager. Listed below are the various command switches that can be used during installation. /B Bypasses the creation of startup disks /S Sourcepath. Choose location of a source file – multiple locations will speed up installation. /F Speed up install by not verifying files /U Denotes unattended setup mode and points to an answer file location. Must use with /s to specify source file location. /T Destination. Specifies installation location of temp files used during installation. /C Bypasses checking for free space when creating boot disks. Can speed up install. /OX Creates the setup disks from CD-ROM or network location. Replaces damaged boot disks. /I Specify an inf file. Default file is DOSNET.INF. Another installation option is to install over the network which requires that you find a way to point the computer to an I386 directory somewhere on your network. Here is how it is done. First, you will need to have a shared I386 directory. Next, you need to make a boot disk from DOS or Win 95/98. Then go to an NT Server and go to Network Client Administrator, which is located in the Administrative Tools section of your start menu. From here you can create a network startup disk. A UPS is designed to protect your servers from power surges and spikes, voltage variations and power outages. Any one of these things can damage data, cause network problems or even destroy your server. NT Server is designed to receive information from the UPS via its serial port and act on it. Here are the messages that it can receive: ? POWER FAILED: This signal goes from the UPS to the server. This alerts the server that power has failed and it is now running on battery power. ? BATTERY LOW: Some UPS will inform the server that it the UPS is running low on battery power. ? REMOTE UPS SHUTDOWN: If NT detects that it is getting a crappy electrical signal from the UPS it will send a message to it to shutdown and charge itself. While in this state the UPS will continue to forward power to NT, but will not provide any of it’s other services. Once the UPS is installed, it can be configured in the UPS control panel. Workstations that have the messenger service installed will receive broadcast messages when the power fails or when it comes back up. This gives workers a chance to save what they are working and gracefully shutdown. When using NT it is a good idea to use NTFS partitions, at least on the partitions that contain your data. One of the advantages of the FAT file system is the system that DOS uses. On an NTFS partition, you can’t boot from a DOS boot disk – this is one of the security features of NTFS. Additionally, a floppy disk cannot be formatted as NTFS. For this reason it might not be a bad idea to have a small partition formatted FAT so that you can boot into DOS for recovery purposes. FAT partitions can be defragmented while NTFS cannot. An NTFS partition cannot be converted to FAT without erasing the disk and reformating. Files moved from a FAT partition to an NTFS partition will retain their filenames and attributes. NTFS partitions provide the following features: ? Supports upper and lower case letters in names. ? Allows permissions to be set on files and directories ? File and directory names up to 254 characters in length. ? Ability to access sequential access files over .5mb faster. ? Faster access to all random access files. ? Long file name conversion to the 8+3 convention. ? Support for Appletalk and the ability to share Mac Volumes. ? Disk space is used more effeciently. In order to understand how RAID works it is first best to understand the following concepts regarding hard disk configurations. ? PARTITIONS — A partition is a portion of a physical hard disk. A partition can be primary or extended ? PRIMARY PARTITION — This is a bootable partition. One primary partition can be made active. ? EXTENDED PARTITION — An extended partition is made from the free space on a hard disk and can be broken down into smaller logical drives. There can only be one of these per hard disk. ? LOGICAL DRIVE — These are a primary partition or portions of an extended partition that are assigned a drive letter. ? VOLUME SET — This is a disk or part of a disk that is combined with space from the same or another disk to create one larger volume. This volume can be formatted and assigned a drive letter like a logical drive, but can span more than one hard disk. A volume set can be extended without starting over, however to make it smaller, the set must be deleted and re-created. ? DISK ADMINISTRATOR — This utility is found in the administrative tools section of NT 4. This is the tool that controls the configuration of the hard disks on an NT 4 system. You can create partitions, volume sets, logical drives, format disks, etc. –RAID LEVEL 0 – DISK STRIPING WITHOUT PARITY– Disk striping will distribute data across 2-32 hard disks. This provides the fastest read/write performance as the system can access the data from more than one place. This level of RAID does not provide any redundancy. This means that if one of the disks fails you lose all of the data and have to delete the stripe set and start over once the bad disk is replaced. System and boot partitions cannot be included in a stripe set. Disk mirroring writes exact copies of data to more than one disk. Each disk or partition of a disk will contain the exact same data. If one hard disk fails, the data still exists on the other disk. This level of RAID also increases disk read performance as it can pull the data off of both disks. Disk mirroring on NT Server also uses disk duplexing whereby each disk has it’s own disk controller. This provides redundancy in the case of a controller failure. To recover from a failure, the new drive must be installed and then in Disk Administrator break the mirror and re-establish it. –RAID LEVEL 5 – DISK STRIPING WITH PARITY– Very similar to RAID level 0, however, parity information is written to each of the 3-32 disks in the array. If one of the disks fails, the data can be reconstructed by installing a working hard disk and using Disk Adminstrator. The parity information will be used to reconstruct the data that was lost when that drunk employee peed in your computer case. If more than one disk fails then you are screwed and will spend your weekend fixing this *censored*. RAID 5 offers increased disk read speeds, but slower write speeds because it has to write the parity info. System and boot PARTITIONS cannot be included in a stripe set. To recover from a failure, you must select the regenerate option in Disk Administrator. Ok…Now we’re getting into the meat! Maybe you have been sitting around with a bunch of computer geek wannabes who are throwing the word registry around in every sentence so that they sound smart and wondered what the hell they are talking about. After this you will be able to do that too. The registry is a big-ass hierarchical database that stores all of NT’s settings. It can be accessed by running regedt32.exe or regedit which has a few new features. Below are the 5 subtrees and the information that each controls. hkey_local_machine This subtree contains most of the information that you will use. It holds information about hardware, systems and programs running on the machine. hkey_classes_root Stores file associations such as which application should be used to open files based on the extension. It also contains the OLE registration database and also provides redundancy as all of its info is found in the hkey_local_machine subtree. hkey_users Holds 2 user profiles. One is a default used for settings when nobody is logged in and the other is for a user that is already known to the system. hkey_current_user This subtree contains the user profile for whoever is currently logged in to the server. hkey_current_config Contains information about the hardware configuration that was used during boot. Each subtree contains “keys” and within most of the keys are “subkeys”. Once you browse deep enough you will get to the final subkey. When this is opened, the first line you see will be the “value entry”. The value entry will contain 3 parts called name, data type(5 types) and value. Most of the registry(the static items) are contained in hive files which are located in 2 places. Machine hive files are located in WINNTSYSTEM32CONFIG and user files are located in WINNTPROFILES. The registry editors will allow you to remotely edit the registry of another computer. The registry can be backed up and restored in the event that mistakes are made. One of the most important tools in NT is the “User Manager for Domains” on the PDC. On non-PDC servers and workstations, it is called “User Manager”. The difference is that User Manager creates and maintains accounts that are only applicable for that machine, while User Manager for Domains creates domain accounts that can be used on any machine that participates in the domain. When user accounts are added or edited, changes are made to a SAM file. User Manager for Domains changes the SAM file on the PDC while User Manager changes the SAM file that is local to the machine that it exists on. When a new acct is created it is assigned a unique Security Identifier(SID).
The Essay on Active Directory User Groups Implementation
... user needs, and cross-group permissions. For example, the patent group would need access to files and folders in the development group. ... 13, 2005 Active Directory User Groups Implementation Synopsis of Proposal Subsequent to the Active Directory (AD) implementation ... shared resources. After identifying resource needs such as files, folders, printers, and other peripherals, each resource or group ...
The Essay on Implement Therapeutic Group Activities
WDP (Westminster drugs project) SU’s (service users) Participating in therapeutic group activities can benefit an individual’s identity, self-esteem and well-being in many different ways. For example during an open support group the chairs are set out in a circle and the service user will take a seat with his/her fellow SU’s and the group is facilitated by a trained practitioner. At WDP this is ...
The Essay on Misconception of Identifying Ethnic Groups by Cultural Elements
Misconception of Identifying Ethnic Groups by Cultural Elements The common misconception in relating ethnicity and culture is to define ethnic groups by cultural elements. Firstly, ethnic group is a category of people which is bound together by common characteristics that differentiate them from other groups. On the other hand, culture is a system of knowledge shared by a relatively large group of ...
The Essay on Aimster Debate Users File Napster
The idea of sharing media files over the Internet has become a controversial subject as of late. While file sharing applications such as Napster are currently under fire from the US government and from Music Recording companies, one would think that no one would try to mimic Napster's technology. Johnny Deep, a computer consultant in Troy, New York, has been hailed as the creator of "The Next ...
The Essay on Unix File Permissions
So, in my system, I have user 'nick' that corresponds to me, but I also have user 'www' which corresponds to the privileges necessary to operate the local webserver ("Understanding Unix Permissions And Chmod", 2008). Groups Users can be organized in groups. A user may belong to one or more groups of users. The concept of groups serves the purpose of assigning sets of privileges for a given ...
The Term Paper on Distributed File System Server Coda Client
Intro CODA is an experimental distributed file system being developed at Carnegie Mellon University. Dr. M. Satya narayanan heads this group whose purpose is to design and implement a distributed file system that allows for transparent mobile computing in a client server environment. The goals set forth for CODA include disconnected operation for mobile clients, failure resistance, performance, ...
Using user groups is a way to greatly simplify account administration, especially on larger networks. If you place a group of users into a group, you only have to change permissions for the group and it applies to all of the users in the group. There are 2 kinds of groups, global and local. Local groups are “local” to the NT machine. For fun let’s say that your company just hired some rod named “Rod”. He will be the adminstrator for the network so he will need administrative rights on all 1000 NT workstation and server computers. He would have to be given administrative rights on all 1000 computers if we were using local groups, which is a whole lot of work and overtime for Rod. That is why NT also has global groups which can only be created on a domain controller. Once this is done, Rod will be seen as the administrator for the whole domain. NT comes with a set of pre-installed local groups listed in the tables below: Administrators Most powerful group so that they can manage the configuration of the domain. Server Operators Have necessary rights to manage domain servers. Account Operators This group has rights to manage user accounts. Print Operators Responsible for managing printers. Backup Operators Have rights to control backup and restoration functions Users Have minimal rights on the NT servers, but do have some rights on their local workstations. Guests Very limited abilities. No rights on NT server. Replicator Supports directory replication functions. Administrators ? log on locally ? Take ownership of files ? Access computers from network ? Create and manage user accts ? Create and manage global groups ? Manage auditing and the security log ? Shutdown or remotely shutdown the system ? Assign user rights ? lock system ? Bypass server lock ? Format server hard disk ? Change the time ? Backup files and directories ? Keep a local profile ? Create and remove shares ? Create common groups Server Operators ? Log on locally ? Lock server and bypass lock ? Change time ? Format hard drive ? Shutdown or remotely shutdown the system ? Backup files and directories ? Keep a local profile ? Restore files and directories ? Create and remove shares ? Create common groups Account Operators ? Log on locally ? Create and manage user accounts, local and global groups ? Shutdown the system ? Keep a local profile Print Operators ? Log on locally ? Keep a local profile ? Shutdown the system ? Create and remove printer shares Backup Operators ? Log on locally ? Keep a local profile ? Shutdown the system ? Backup files and directories ? Restore files and directories Users ? Create and manage local groups(only if user has permissions to log on locally at server or has access to user manager for domains. And now for the global groups. There are 3 global groups which can only be created on a domain controller. Domain Admins By default this group can administer the servers(also from trusted domains) and any NT Workstation logged into the domain. Domain Users By default, this group is a member of the Users local groups for for the domain and NT Workstations in the domain. Domain Guests If given permissions by the domain admin, this group permits guest accounts to access resources across domains. In order to understand system policies, you need to understand the difference between rights and permissions. Rights give a user or group the ability to perform a certain task, such as the ability to create user accounts. Permissions give access to specific objects like files and directories. Rights are determined by the administrator, whereas permissions are determined by the owner of the object being accessed. Generally rights carry more weight than permissions. NT allows new groups and users to be created with a customized set of rights. NT allows auditing to be enabled which allows security information to be stored in a security log. The table below should sum it up. File and object access Tracks jobs sent to printers and access to files or directories. Logon and logoff Keeps track of logging on and off activity as well as connections to servers. Process tracking Tracks the running and quitting of programs. Restart, shutdown and system Self-explanatory Security policy changes Audits any changes made to user rights, trust relationships and the auditing process itself. Use of user rights Displays when a particular right is used. User and group management Notes any alterations of user accounts or groups. A user profile is a bunch of configuration settings that comprise a users desktop. There are several different ways that these can be configured and each is listed below. ? LOCAL PROFILE – Each user creates and maintains there own profile. ? PRECONFIGURED LOCAL PROFILES – Users have local profiles that are partially or entirely preconfigured by the admin. ? PRECONFIGURED DEFAULT USER PROFILE – Users have local profiles, but admin uses a “template” for new users. This can be modified by user. ? ROAMING PROFILES – A path is created to the users profile and is maintained on the server. Users can alter this profile. ? PRECONFIGURED ROAMING PROFILE – A path is added to users account info and a preconfigured version is stored on the server. ? NETWORK DEFAULT USER PROFILE – A default user profile that is stored in the netlogon shared directory. Users will be able to change this profile. ? MANDATORY PROFILE – A path is made to the users profile and a preconfigured profile is copied to that path. The user may not modify this profile. The %systemroot%/profiles directory contains profiles for every user that has ever logged in to the NT box. Each user’s profile contains the following folders: Application data, desktop, favorites, personal, sendto and start menu. Any setting that is not a part of the desktop settings is stored in the NTUSER.DAT file. This file can be altered by editing the registry in the HKEY_CURRENT_USER subtree. Most changes that you would want to make can also be done in the control panels. Sharing is a bitch in NT so strap yourself down and I will try to explain as best I can. There are 3 ways to create a share: 3) NET SHARE command at a DOS prompt Lets talk about sharing a directory. First of all, NT comes with default shares if the server service is running. All root directories of partitions, Netlogon and CDROM drives have default shares. These shares can only be accesed by admins. For others to access these resources, a new share must be made by a member of the Administrators or Server Operators groups. A single file cannot be shared under NT, it must be a directory. Share names can be up to 12 characters long, but it is recommended to keep them under 8 as DOS redirectors can’t handle anything longer. Spaces are allowed, but if the share name has a space in it you will have to enclose the name in quotations in order to access it. If you wish to hide a share so that it does not show up on the browse list, all you have to do is add a $ sign at the end of it(eg. isuck$).
If a share is hidden then you can only access it from a DOS prompt or via the map network drive option in explorer. When a share is created, you have the option of specifying permissions(see below) for the share and the maximum number of users that can access it at one time. The NT Resource kit contains a program called “Server Manager” that can be installed on an NT Workstation or Win9x computer and will allow you to create shares remotely so you don’t have to get off of your lazy ass and walk over to the server. When you create a share, you have the ability to assign permissions to it so that crazy Joe with the wandering eye doesn’t get in and start erasing files. There are 3 of sets share-level permissions: When assigning permissions to a share, the users and or group/s that are given access to a share is defined by the “access control list” or ACL. For example, lets say that you have a company called Smack City…You can assign a certain level of permission to the Processing group such as read only and full control to the refining group. Or you can specify by user or both groups and users. It is very flexible and can also be very complicated. Here are the different types of share-level permission. No access Can’t get in or access at all Read View files and subdirectories. Execute applications. No changes can be made. Change Includes read permissions and the ability to add, delete or change files or subdirectories Full Control Includes change permissions and the ability to change permissions(NTFS only) and take ownership(NTFS only) If you are a member of multiple groups and different permissions are assigned to each group, your permissions will be for whichever group gives you the greater permissions unless one of your groups is given no access. No access would override any other permissions for any other group of which you are a member. Lets say you have an NT workstation with 3 users that share it. NT will allow you to create shares that permissions can be assigned to the other users of the same workstation to prevent or limit their ability to access the other users’ files or directories. This type of security occurs at the local file system. File and directory permissions apply to NTFS permissions only. The following permissions can be applied to directories: The following permissions can be applied to files: No access Directory: Can’t view or change directory or directory permissions.File: Can’t view or change file or file permissions. Read Directory: Users can view files and their attributes inside directories. User can browse through directory.File: Users can open or execute the file and view the file’s attributes and and permissions. Add Directory: Can add files to a directory but can’t access files put into that directory.File: N/A Add and read Directory: Users can open/execute and add files in the directory. Can’t change or delete filesFile: When a directory is Add and read, the files in that directory are read only. Add and read cannot be applied directly to files. List Directory: User can view files and view file and directory permissions. Can open/execute files.File: N/A Change Directory: Able to make new files and directories, change or delete files, open/execute files. Can’t change permissions.File: View, change and delete files. Can’t change permissions. Full Control Directory: All of the permissions included with change and the ability to change permissions and take ownership of files.File: Same as change permissions, but can also change permissions and take ownership of files. Special access Directory and file: Create custom permissions using NT’s 6 basic permissions which are read, write, execute, take ownership, change permissions and delete. In order to access data over the network, you must have share-level and file and directory-level permissions. Share-level and file and directory-level permissions can be used in conjunction with each other. NOTE: New files will take on the permissions of the directory that they are created in by default. Files have owners who have administrative rights to a particular object. This permission is not stored in an ACL file and is typically given to the creator of that object. NT includes this feature so that users can administer their own machines and supply resources for their own stuff. An admin would be dirty pissed if he/she had to make every little change for a user because they didn’t have permission to. So, when a user creates an new file, for example, they are the owner of that file and can do whatever the hell they want with it. Now let’s say that you are the admin at a company and you want to find out why Billy the slacker is getting no work done. You access his hard drive and you find a folder called “nudie pics” and you try to open it and get denied. You can then take ownership of the file and then add yourself to the ACL as you have administrative permission to do so. You then kick Billy’s ass out and say to yourself, “Ahhh, its good to be the king!” This section will discuss network printing and the like. This section hits close to home as I used to do tech-support for a printer manufacturer. I would like to first make a plug to all of you future admins. Don’t be a *censored*head! Just because a printer won’t print doesn’t mean that the printer is the problem. Do your homework and trouble-shooting before calling the printer manufacturer and blaming them for having a crappy printer. I will give you an example of what I am talking about. I was dealing with a PC support person for the Cleveland Cavaliers. I got an email stating that the printer has never worked since the day that they got it and has cost them thousands of dollars in down-time and he wanted to know what we planned on doing about it. I asked him what the problem was and he said, “It doesn’t print jobs sometimes”. Well, that is certainly helpful – I know exactly what your problem is… “you are a retard”, I though to myself. This guy had done 0 troubleshooting and really had no problem desription. So, I gave him a list of things to check(not sure if he ever did) and told him to CALL me. So, a month later I get an email from him and he tells me that he has checked everything and still having the same problem and said that he was 100% sure that it was the network card. After arguing in vain with him I told him that I would send a new network card and when it didn’t fix the problem he could CALL me with a decent problem description. A month later he emails me again and tells me that it is still happening and they are losing thousands of dollars per day and blah blah blah. I basically emailed him back and told him that I wouldn’t work with him anymore because he was an idiot and sucked at his job and sucked as a human being. Then his boss emailed me and we got in touch with each other and had it fixed in 1 hour as it turned out to be a simple timeout setting. Moral of the story? Don’t be that guy(or girl).
Ok, got that off of my chest. Network printing has a couple advantages over a parallel or serial connection. The most obvious reason is that a network connection allows multiple users easily share the same printer and allows for permissions to be set for that device. It will typically be faster to connect to printer via ethernet than a parallel connection. How much faster depends on a variety of variables including, printer processor speed, computer processor speed, network traffic, data format, etc. In order to put a printer on a network, you will typically need a print server. During driver installation on an NT server, you will want to select local printer if this NT box will be the print server. The clients, on the other hand would select network printer and browse to the printer or enter the UNC path to it. When installing on the print server you have to select shared and give it a share name(under 12 characters) in order for clients to be able to use the print queue. When you select “shared” you have the option of specifying the operating systems that will be sharing the printer. If you select any of these you will need to supply drivers for those operating systems. If you are accessing a shared printer from an NT workstation, you do not have to load the drivers. The workstation will pull them off of the server during installation. NT allows you to pool your printers so that your job will print on the first available printer. This only works if you have more than one identical printer with an equal amount of memory in each. Once your drivers are all installed, you need to worry about spool settings. By default, an NT server will spool print jobs so that the client computer is “freed” up so that the user can continue with their work. This is called background printing. There may be occasions where you will not want to spool the jobs to the server – maybe you have a crappy server that can’t handle the workload or for trouble-shooting reasons. In these situations, you can change the scheduling to “print directly to the printer”. Printer permissions are only slightly different than NT’s regular permissions. The table below should explain it. No access Can’t print or do anything else. Print Can print, pause, resume, delete and restart their own documents only. Manage Documents Have “print” permissions for all documents(not just their own).
Can also control document settings. Full access Have “manage document” permissions and can also change printing order and change the printer’s permissions and properties. In addition to permissions, priorities for print jobs can be set. For example, If you are the president of a company and you feel that your documents are more important than the secretaries’, then on the server you can creat 2 printer objects and assign a different print priority to each so that your documents come out first. Like other things in NT, a printer can be audited by enabling “file and object access auditing in the user manager. Then in the printer properties, you can select the users and/or groups that you would like audited. I may include more info here than is needed for the test, but after working for a printer company I found that most people are pretty ignorant about printers. Even Administrators would call and would be completely clueless as to where to start. Having said that, I will start off with the famous “can’t print” problem. Please note that the following discussion focuses on TCP/IP printer connections, whereas on the exams Microsoft will be referring to HP printers using the DLC protocol. ? No matter what the problem is, whether it be print quality or connection related, print an internal page. Most printers have some sort of startup or configuration page that it will print and this page may also have the printers network settings on it. This will verify that the printer is working properly. ? Treat the printer just like you would a computer that is not participating on the network properly. I.E. if it is a TCP/IP printer, try to ping it. If the printer uses a jet direct box with IP, ping the box. If this doesn’t work make sure that you can ping another device on the network. ? Check your network settings. Make sure that someone hasn’t fiddled with the printers settings and that the printer’s and computers IP settings are correct. ? Make sure that everything is plugged in correctly even if you are sure that it is. Don’t be cocky, you don’t want to be that guy that calls techsupport and they help you determine that the printer isn’t connected. Believe me it happens. I have also seen a case where an ethernet cable was chewed up by rats, so take a good look at it. One of the best ways to test cabling, is to take the drop in question and connect it to another printer or computer. Can you ping the new device? If not then you probably have a cable problem. ? If you were able to ping it, then see if you can print from the server. If not, then do the following: Make sure that NT is pointing at the correct port. Verify that the correct driver is installed(you may need to consult your printer manufacturer to find out which is the correct one).
Reinstall the driver. ? If you were able to print from the server just fine, then try to narrow down whether it is just one client or several or all that are unable to print. This is where it starts to get tricky and you have to do your homework. If only a certain group of users can’t print, it may be a routing problem. If it is all, then something probably isn’t set up correctly on the server. If it is just one user that can’t print, then it is probably a driver problem(assuming that they can access the rest of the net.).
? If for some reason a document gets stuck in the spooler, restart the spooler service. This is, of course, isn’t even the tip of the iceberg but these are the basics. The main point is that when troubleshooting anything, try to narrow it down first. You probably won’t figure it out on your first try – use the process of elimination. –CONNECTING A DOS WORKSTATION TO NT– DOS is the most complicated one to connect to NT because it has no built-in networking support. There are several different ways to do this and we will look at each. The first way is to use NT’s NCA(Network Client Administrator).
The NCA setup will ask for your Network card type, protocol info, etc and will then create a file on a floppy that you would use as a boot disk on the DOS client after modifying the protocol.ini file. This will provide enough network support to connect to the NT server. Then a batch file will be run that will install the Microsoft Network Client 3 for DOS. There is an easier way to set up the Microsoft Network client 3 for DOS that bypasses using NCA. Browse to the “clients” directory and look in the “msclients” subdirectory. In here, you will find a “disk1” and a “disk2” directory. Copy each of these to a separate floppy disk. Now all you have to do is install disk one into the DOS client, switch to the A drive and type setup. This will run the installation program and ans should be pretty straight forward from there. When you first try to logon, you will get a message that your password has expired so you will have to change it using the following command: net password /domain:(your domain)(username)(old password)(new password).
You will probably get an error message, but the password has been changed and should work when you try to logon again. –GETTING AROUND THE NETWORK WITH DOS– To browse the network, use the “net view” command without the quotes. To view shared resources on a particular server, use “net view \(server name)”. To connect to a shared resource, use “net use (drive letter): \(server name)(resource)”. If you need to map to drive letters higher that E, then you will have to edit your config.sys file and add LASTDRIVE=(whatever you want the last drive letter to be).
To use a printer type “net use (port such as lpt1:)\(server)(printer share name)”. To disconnect a network connection type “net use /delete”. –CONNECTING WINDOWS FOR WORKGROUPS TO NT NETWORKS– During installation of Windows for Workgroup you will install the network card. If it was not done at this time or you installed a new network card, then go to the Network Group and run the network setup program. Once the network card is setup and you have logged into the domain, you can browse shared network resources and servers. To do this, open file manager and click “disk” and then “connect network drive” and you will see the browse list. Working with printers is similar except you open Printer Manager and click “Printer” and then “Connect Network Printer”. –CONNECTING WINDOWS 95/98 TO NT NETWORKS– Like Windows for Workgroups you will have the option of setting up network support during Windows installation. But again let’s pretend that it didn’t happen that way or that you are adding a new network card. To set this up, all you have to do is go to the networking control panel, click the configuration tab, select “add” and you will see choices of client, adapter, protocol and service. Select “adapter”. Select your adapter type or go to have disk if you wish to install 3rd party drivers. IPX and NetBeui protocols will automatically be installed. Clicking on the “add” or “remove” buttons from the configuration tab to add or remove protocols. In order to enable the workstation to log into the domain, you will need to go to the “properties” of Client for Microsoft Networks. In this dialog box, you will need to select “log on to Windows NT domain” and enter the domain name. Once finished with all of this you will have to reboot and will then be able to log in. Like NT. Windows 95/98 uses the Network Neighborhood interface to browse the network. What the hell is it? It is similar to a centralized network – remember that from networking essentials? Essentially, the network would have 1 or more terminal servers and the rest of the computers would be almost like dumb terminals which are also known as “thin” clients. Thin clients can be any crappy old computer that you have laying around which is one of the attractions to this type of set up – hardware savings, although you have to have enough beefed up servers to support them. This is not the only advantage however, you also save on support as Winterm can be configured to run all of the applications on the servers. This means that if there is a problem, odds are good that it is occurring at the server which makes for easy and centralized support. Installation of the Terminal Server is very similar to an NT installation. Once installed, you will notice some differences in the administrative tools from NT 4.0 as it will now include the following: ? Terminal Server Client Creator — Will create floppies for Client installation on the workstations. ? Terminal Server Administration — The Big Brother application that allows you to view what the clients are running, disconnect them and view protocol information. ? Terminal Server License Manager — Allows you to add or subtract client licenses that you must pay for. ? Terminal Server Connection Configuration — Used to configure the RDP protocol, set security and a bunch of other stuff. In order to set this up for a workstation, the Windows Terminal Client must be installed. On the server side, you will need to select either Remote Desktop Protocol(RDP) or MetaFrame. MetaFrame is faster as it only sends the changed information from the client as opposed to RDP which will resend the whole desktop if a user deletes a file from it, for example. –MACINTOSH CONNECTION TO NT NETWORKS– NT offers Services for Macintosh to allow MACs to access shared resources as well as provide other services including: ? Support for appletalk protocols without the need for a gateway. ? Allows MAC users to access non-PostScript printers without the need to convert documents. ? Ability to map extensions for PC files which allows MAC apps to recognize PC file extensions. ? Allows PC users to access Laserwriter printers without the need to convert documents. ? Allows for 255 simultaneous appletalk sessions per NT server. So how do you set this all up? On the server side, you need to install services for Macintosh which requires an NTFS partition. If there are routers on the network, they will need to be configured to route the Appletalk protocol or NT server can be set up to perform this function. If you will be using NT as the router, you will need to specify the zones and the network range. Each number in the network range will support up to 256 devices per network segment. After rebooting, the NT server should show up in the chooser on the MACs and a Microsoft UAM Volume will appear on the NTFS partition. Now MAC volumes can be created using server manager. Finally, you will need to set your permissions for the MAC volumes. Following are the MAC permissions: See Files Like NT’s read permission. Permits the everyone, a primary group or everyone to view files in the MAC volume. See Folders Same as see file permissions except it applies to folders within the MAC volume. Make Changes Similar to NT’s change permissions. Permission to view, add and delete files or folders. Can also save changes. Replace permission on subdirectories Whatever permissions are set and copies them to all of the folders within the MAC volume or a folder within the volume. Cannot remove, rename or delete. Users can’t rename, remove or delete a MAC volume or a folder within it. Not much setup needs to be done on the MAC side unless you would like to maintain NT’s C2 security and allow for encrypted passwords. The software for this is included with NT server and would need to be installed on every participating MAC client. You are now ready to move files back and forth, except you will undoubtedly run into problems. Obviously, Macs and PCs use different file systems and this also means that they won’t recognize each others file types without some configuration. For DOS extensions, you will need to use file manager to change the extension mappings for ones that aren’t correctly configured. If an application isn’t listed then you will need to get to the type and creator codes for the files it supports. On the Mac you will probably need a 3rd party converter application like Maclink. Many applications have cross platform versions available. If you would like to find out more about how Appletalk works, click here to read our tutorial. The browsing service allows one to view what recources are available on your network. In order for this to work, at least one computer has to be the Master Browser that is responsible for maintaining a browse list. Keep in mind that every computer on the network is either a master browser, backup browser, potential browser or not participating. There are several rules that govern who becomes the master browser as follows: ? Each subnet on a tcp/ip network must have its own master browser. ? As long as a PDC is up and running, it will be the master browser and any BDCs will be backups. This can be changed by editing a couple of registry keys, however. ? There will be 1 backup browser for every 15 computers on the network. ? If the master browser cannot be reached, then an election is held to determine the most suitable candidate. Priority is based on the type of computer(NT Server then NT Workstation then Win95 then ETC) Whenever you log in to an NT Server, a session is created. Server Manager is a very important tool for managing your domain as it allows you to: ? Synchronize a PDC’s security database with the BDCs. ? Add and remove NT machines from your domain. ? Change an NT server from BDC to PDC or vice versa ? View users with open sessions on a particular machine ? View how long the user has been using a particular resource ? The resources being accessed during the session ? View all non-hidden computers on the network ? Send messages or alerts to clients(for Win 95/98 must have Winpopup running) Allows you to configure the services on your other NT servers. Remote administration will only work on other NT Servers, NT workstations or LAN Manager 2.x and will only include current data. If you want to view statistics over a period of time then you will need to set up Performance Monitor or use the set statistics server from a command prompt. Server Manager also gives you the ability to disconnect users from a server, however, certain things must be in place in order for it to work. When a user logs on to a server, the server verifies the users login information with a domain controller and a Security Access Token(SAT) is created that allows the user to reaccess a share. If you disconnect the user, the next time they attempt to access a particular share the server will look at the SAT and let them back in and the user will never even know that they had been given the boot. Instead, change the users permissions to no access and then boot them. Then the server will have to query a domain controller to create a new SAT and the domain controller will report to the server that the user doesn’t have access to that share. Next, I want to mention the system shares that Server Manager allows you to view. They are as follows: ADMIN$ This share is used for the remote administration of a server. NETLOGON You will only see this one on domain controllers. It is used by the net logon service, which keeps your PDCs and BDCs synchronized. It is responsible for handling login attempts. REPL$ Used when NT server is acting as an replication export server. IPC$ Shares the named pipes that are used for the creation of sessions between apps. Used during remote administration or viewing shared resources. driveletter$ This is the root directory for a storage device on an NT server. Server Manager is also used to set up replication. Directory replication is used to export directories to another NT server or Workstation such as the exportation of login scripts from a PDC to a BDC, for example. This is useful for server load balancing and redundancy. Only NT servers can export, NT servers, NT workstations and OS/2 LAN Managers can import. Replication occurs in the followin manner: Let’s say that you have a domain called “crap”. “Crap” has a server called “poop” that is configured as an exporter to the “crap” domain. You also have 3 NT workstations that have the directory replicator service running and are configured as importers. Once the service has been configure a directory at C:winntsystem32REPLEXPORT will be created. Directories that are to be exported will go in subdirectories that you create within the C:winntsystem32REPLEXPORT directory. Once everything is configured on the importer, a directory called C:winntSYSTEM32REPLIMPORT will be created. This is where the directories will be copied to. Then, run server manager and click the replication button to set up the rest. Note that the importers and exporters must support the same file system. You also must make sure that the Directory Replication service is started in the “services” control panel. Unfortunately, most networks will be a mix of network operating systems which makes the process of everything working together a little more complicated. The big one that you have to wory about in real life and in the exam is Netware, so really know this section. The 2 basic Netware situations that you will need to worry about for this exam are: NT Server on a Netware network and Netware on an NT Server network. ? NWLink is a routable transport protocol that imitates Netware’s IPX/SPX protocol and is all that is necessary to allow NT to run applications from a Netware server, but does not allow file and print sharing. After this is installed you will now have multiple protocols bound to your ethernet card(if you didn’t already).
To improve your network performance change the binding order so that the most frequently used protocol is first. ? File and Print Services for Netware(FPNW) is add on software that allows Netware clients to access an NT Server. The NWLink protocol must be installed for this method to work. ? Client Services for Netware(CSNW) allows NT workstations file and print sharing access to a Netware server. The NWLink protocol will automatically be installed with CSNW. ? Gateway Services for Netware(GSNW) creates a gateway that allows NT clients to access a Netware network via an NT Server without having to install any clent software. GSNW will also allow you to run many Novell commands from a command prompt. NWLink is required and will be installed automatically when GSNW is installed. You must create a group called NTGATEWAY on the Netware server and then map a drive on the NT Server for the clients to access. The account used for the gateway must be a member of the NTGATEWAY group and have appropriate permissions for the resources on the Netware server. Only the NTGATEWAY account is necessary to allow all users to access Netware resources. Accessing a Netware server via a gateway will be slower than connecting directly. Go here for our new whitepaper dedicated to Gateway Services For Netware with installation instructions. ? Netware Client Software is Novell’s solution to the whole mess and substitutes ODI(what Netware uses) based network drivers for the NDIS ones that come with NT. This would be used if you were connecting a few NT workstations or Win 95/98 machines to a Netware network and did not want to use CSNW. This situation doesn’t really apply to this exam, but I included it just in case. Once you have all of this figured out, you then need to worry about the frame type. If mismatched frame types are used then communication will not happen. By default, NWLink and GSNW will only allow you to connect to Netware 3.12, 4.1, 4.11, which use Ethernet 802.2 frame type. Auto-detection should work fine in this situation as NWLink also uses 802.2. Auto-detect is only capable of selecting one frame type so to connect to NetWare 3.11 or lower, you need to use manual configuration and select both frame types as these lower versions of Netware use the Ethernet 802.3 frame type. NT has a file called NWCONV.EXE that is designed to aid in the event that you are moving away from a Novell based network to an NT network. You must first set up GSNW as described above. After running the conversion, you need to make sure that all of the Netware workstations have the SMB redirectors installed so that they will be able to access the NT server. Performance Monitor uses “counters” not only allows you to view statistics on a local NT Server, but on others located on the network as well. Perfmon allows you to locate trouble areas and bottlenecks on your NT Server. The main sources of these bottlenecks are the network card and drivers, CPU, memory and the disk subsystem. These problems will vary depending on whether your server is a file server or an application server. Perfmon gives you several ways to handle your statistics as follows: ? Chart – good for finding problems over a period of time. ? Log – used to view data over a period of time. ? Alerts – Alerts can be configured so that you are notified when a particular counter has passed a benchmark that you have set. The results can only be sent to one user. Following are how to tell where the problem is: ? DISK – If the %disk time is over 90% or the disk queue length is over 2, then there is a problem with either the disk or the controller. You must type DISKPERF -Y at a command prompt to enable disk performance counters. ? NETWORK CARD – Use the network/%network utilization counter. You won’t be able to use this unless you have the Network Monitor Agent installed and running. If this value is over 30% then the network card is the problem. As previously mentioned, make sure that you bind your most used protocols first. ? CPU – Check the %processor time. If it is running above 80% then there is a problem. To get TCP/IP statistics you will need to have SNMP running. ? MEMORY – The pages/sec counter should be less than 20. The available bytes should be more than 4mb and committed bytes should not exceed the amount of physical memory installed in the computer. You will also want to use Performance Monitor to keep an eye on your paging file(virtual memory) by using the %usage and %usage peak counters. Microsoft recommends that the paging file is set to a value equal to the amount of RAM +12. So if you had 32mb of RAM, your initial paging file size would be 44, but using Perfmon and viewing the %usage and %usage peak counters is the best way to tell whether it is cutting the mustard. The Event Viewer is a configurable tool that keeps track of what happens on your server and tracks 3 categories of information: System, Security and Application. The system log will contain information about drivers and services that fail to start. The security log will keep track of events that you enable in auditing. The Application log keeps track of application errors and processes. Task manager allows you to list and stop running programs, start programs, view CPU and memory usage, view running processes and change their priority. RAS is basically NT’s dial up networking service that allows NT to dial out to other computers and to receive calls as well. On the client side it is called Dial Up Networking(DUN) which is not as robust as RAS. Essentially, RAS turns your dial-up-communications into a network card. In NT 4.0 a new software layer called TAPI has been added which allows software vendors to not have to provide support and worry about the type of modem being used. TAPI handles this for them. RAS supports the SLIP and PPP dialup protocols. PPP is most commonly used as it allows for dynamic addressing. RAS supports modem, frame relay, direct serial, x.25 and ISDN connections. Additionally, RAS has an option for multilink PPP that allows for connections to automatically be pooled. By default RAS uses the NetBeui protocol but can also use TCP/IP and IPX/SPX. TCP/IP must be used with programs that use Winsock. An LMHOSTS file on a RAS client can speed up NetBios name resolution. RAS provides several different authentication possibilities as follows: ? Allow any authentication including clear text — Allows for a variety of password authentication protocols including PAP. This is a good option if you have a variety of RAS client types. ? Require encrypted authentication — Will allow any password authentication except for PAP. ? Require Microsoft encrypted authentication — This will use CHAP(Challenge Handshake Authentication Protocol) or MSCHAP and means that only Microsoft clients will be able to attach. ? Require data encryption — Will require all data to be encrypted By default nobody is able to dial in to the RAS server. These permissions have to be set in the Remote Access Service Administrator. Once this is done, there is a callback security option that must be set. Callback security can be set so that the RAS server will call back a user trying to login to verify that their phone number matches their login ID and password. Not only does it provide security, but it can also save customers money if they are dialing in long distance. There are 3 possible options: ? No call back — Default option that provides no added security. ? Set by caller — Once the user is validated, RAS will then call the user back. Provides no additional security.
