Upload
gabrielle-murray
View
221
Download
0
Embed Size (px)
Citation preview
Introduction to NT Introduction to NT AdministrationAdministration
Objectives:Objectives:How to use DOMAINSHow to use DOMAINSCreate Users & Set Properties to user accountsCreate Users & Set Properties to user accountsManage User Accounts & Assign Security PoliciesManage User Accounts & Assign Security PoliciesUse Shared Folder PermissionsUse Shared Folder PermissionsUser Server Manager & Win NT DiagnosticsUser Server Manager & Win NT DiagnosticsAdminister Local & Remote Printing DevicesAdminister Local & Remote Printing DevicesUse Event Viewer & Archive LogsUse Event Viewer & Archive Logs
Compare Win NT Server 4.0 with Compare Win NT Server 4.0 with Win NT Workstation 4.0Win NT Workstation 4.0
ServerServerAllows a nearly unlimited number Allows a nearly unlimited number
of users to connect to a shared of users to connect to a shared resource at one timeresource at one time
Tuned for file- and print-sharing Tuned for file- and print-sharing performanceperformance
Symmetric multiprocessing Symmetric multiprocessing suport on up to four processorssuport on up to four processors
Can be a Domain ControllerCan be a Domain Controller
WorkstationWorkstationAllows up to 10 users to connect Allows up to 10 users to connect
to a shared resource at one timeto a shared resource at one time
Tuned for application Tuned for application responsivenessresponsiveness
Symmetric multiprocessing Symmetric multiprocessing support on up to two processorssupport on up to two processors
Cannot be a Domain ControllerCannot be a Domain Controller
Why Do We NETWORK?Why Do We NETWORK?
Share ResourcesShare Resources
More Computing PowerMore Computing Power
Collaborate & CommunicateCollaborate & Communicate
More File SpaceMore File Space
Faster Access than a “Sneaker Net”Faster Access than a “Sneaker Net”
DOMAINSDOMAINS
The concept behind NT NetworksThe concept behind NT Networks
WorkgroupsWorkgroups
A workgroup is a collection of computers A workgroup is a collection of computers that form a peer-to-peer network. In a that form a peer-to-peer network. In a workgroup, each computer can act as both workgroup, each computer can act as both a server & a client for sharing resources.a server & a client for sharing resources.
Each station in a Workgroup is Managed Each station in a Workgroup is Managed Separately.Separately.
Advantages? Disadvantages?Advantages? Disadvantages?
A workgroupA workgroup
List of users
Name Password
Mary Fido
Bill Pentium
Sue Logical
List
of
users
List
of
users
List
of
users
PERMISSIONSPERMISSIONS
The Rules that limit which users can use The Rules that limit which users can use specified network resourcesspecified network resources
Permissions and permission setsPermissions and permission sets
Task name Task
Read (R) Display the folder’s data, attributes, owner, and permissions
Write (W) Create new files or change the folder’s attributes
Execute (X) Run files in the folder or open the folder
Delete (D) Delete files in the folder
Change Permissions (P) Change the folder’s permissions
Take Ownership (O) Become the owner of the folder
Permission Allows
No Access Denies all access to the folder
List RX
Read RX
Add XW
Add & Read RXW
Change RXWD
Full Control RXWDPO
Special Directory Access Any custom combination of tasks
Special File Access Set independently
Layers of securityLayers of security
NTFS security
Share security
User workstationNetwork
request
Shared folder
Unified logon for Microsoft networksUnified logon for Microsoft networks
OK
Cancel
Enter Network Password
User name:
Password:
Enter your network password for Microsoft Networking
OK
Cancel
Enter Network Password
User name:
Password:
Enter your network password for Microsoft Networking
Domain:
Peer-to-peer network
Windows NT domain
DOMAINSDOMAINS
A DOMAIN is a collection of computers that A DOMAIN is a collection of computers that can be used and managed as a single can be used and managed as a single entity. Users can log on once to a domain entity. Users can log on once to a domain & then have access to any computer or & then have access to any computer or resource for which they have permissions.resource for which they have permissions.
Usually, Domains are organized by a Usually, Domains are organized by a common use or purpose common use or purpose
A DOMAINA DOMAIN
Requires the presence of at least one computer Requires the presence of at least one computer running Windows NT Server.running Windows NT Server.
This computer, called the Primary Domain This computer, called the Primary Domain Controler (PDC), maintiains a central accounts Controler (PDC), maintiains a central accounts database called the directory database of its database called the directory database of its members.members.
A Domain may have multiple servers, clients or A Domain may have multiple servers, clients or domain controllers (maintains directory database domain controllers (maintains directory database & participates in validating logon requests)& participates in validating logon requests)
A domain has a centralized directory databaseA domain has a centralized directory database
Rashad’s computerFred’s computer Sue’s computer
List of users
Name Password
Sue Logical
Rashad Pentium
Fred Password
Domain controller
List of users
The role of Windows NT Server domain controllersThe role of Windows NT Server domain controllers
client
Windows NT
Server PDC
Windows NT
Server BDC
Processes user logons
The role of Windows NT Server domain controllers The role of Windows NT Server domain controllers (cont.)(cont.)
client
Windows NT
Server PDC
Windows NT
Server PDC
Update accounts
database and
perform
directory replication
DOMAINSDOMAINS
WHAT IF:WHAT IF:– The PDC goes down? Can users logon to the The PDC goes down? Can users logon to the
network?network?
Yes, BUT only if there is a Backup Domain Controller (server) with the current directory database.
DOMAINSDOMAINS
Give two advantages of using a domain Give two advantages of using a domain model for your network.model for your network.
Computers can be centrally administered
The common directory database simplifies security administration
Give one Disadvantage of using DOMAINS
A DOMAIN requires a dedicated Network Administrator!
DOMAIN CONTROLLERSDOMAIN CONTROLLERS
Primary Domain Controller (PDC)Primary Domain Controller (PDC)– The PDC database is the only copy that can The PDC database is the only copy that can
be edited (User Manager). If the PDC is be edited (User Manager). If the PDC is offline, you cannot change the directory offline, you cannot change the directory database.database.
– The first WinNT Server created in a Domain The first WinNT Server created in a Domain will automatically become the PDC. You can will automatically become the PDC. You can override this at a later time –AFTER adding a override this at a later time –AFTER adding a BDC (Backup Domain Controller).BDC (Backup Domain Controller).
– You can ONLY have ONE PDC in a Domain.You can ONLY have ONE PDC in a Domain.
Backup Domain Controller (BDC)Backup Domain Controller (BDC)
A BDC assist the PDC by authenticating domain A BDC assist the PDC by authenticating domain users. The BDC maintains a read-only version of users. The BDC maintains a read-only version of the directory database (it cannot be edited) the directory database (it cannot be edited) which it periodically updates with the PDC.which it periodically updates with the PDC.
You MUST specify during installation that a You MUST specify during installation that a computer will act as a BDC. computer will act as a BDC.
If you promote a BDC to a PDC, then the existing If you promote a BDC to a PDC, then the existing PDC will automatically be demoted to a BDC.PDC will automatically be demoted to a BDC.
Backup Domain Controller Backup Domain Controller (BDC)(BDC)
Domain: CLASS
Primary Domain
Controller
(PDC)
Backup Domain
Controller
(BDC)
Directory
database
Directory
database
(read-only
copy)
copy
MEMBER SERVERMEMBER SERVER
A member server is not a domain controller. It A member server is not a domain controller. It merely makes resources available within the merely makes resources available within the Domain. Domain.
Because a member server does not maintain a Because a member server does not maintain a copy of the directory database & does not copy of the directory database & does not participate in the logon validation process…it participate in the logon validation process…it can better serve its resources to the domain.can better serve its resources to the domain.
Member servers are created when you install the Member servers are created when you install the server software. Member servers cannot be server software. Member servers cannot be promoted to a PDC or BDC unless you reinstall promoted to a PDC or BDC unless you reinstall WinNT ServerWinNT Server
You can have multiple member servers in a You can have multiple member servers in a Domain.Domain.
The role of application serversThe role of application servers
client
application
server
Runs application in RAM
The role of application servers (cont.)The role of application servers (cont.)
client
application
server
Responds to client requests
Runs application in RAM
PLANNING A DOMAINPLANNING A DOMAINYou cannot change the domain to which a domain controller belongs You cannot change the domain to which a domain controller belongs
without reinstalling WinNT Server.without reinstalling WinNT Server.Each Domain in a Network must have a unique name.Each Domain in a Network must have a unique name.
SIDs (Security Identification Numbers) validate a resource to the SIDs (Security Identification Numbers) validate a resource to the Domain– NOT the computer or resource name. Domain– NOT the computer or resource name.
A Single Domain can span a routed connection (All campuses of a A Single Domain can span a routed connection (All campuses of a school district) or a Wide Area Network (WAN).school district) or a Wide Area Network (WAN).
Network Traffic Patterns NOT physical Design should determine how Network Traffic Patterns NOT physical Design should determine how your Domains are setup.your Domains are setup.
(I.E. BUSINESS APs versus PEIMS)(I.E. BUSINESS APs versus PEIMS)
WHAT ABOUT STUDENT FOLDERS?WHAT ABOUT STUDENT FOLDERS?WHAT ABOUT AR DATABASE?WHAT ABOUT AR DATABASE?WHAT ABOUT WEB Productivity Access?WHAT ABOUT WEB Productivity Access?
LOGGING INLOGGING IN
Ctrl & Alt & DelCtrl & Alt & Del– Takes you to the Login ScreenTakes you to the Login Screen– Identify Identify
User Name, Password, & DOMAINUser Name, Password, & DOMAIN
Ctrl & Alt & DelCtrl & Alt & Del– Change PasswordChange Password– Lock WorkstationLock Workstation– Task ManagerTask Manager
Types of trafficTypes of trafficDHCP – Dynamic Addressing
WINS registration – Resources on the Network
Browser announcements – Master Browser
HTTP – Web Access
FTP – Files Transferred over Internet (Downloads)
Media Streaming – Video broadcasts
Logon – Logging Files
Client
Client Server
Server
Browse lists, DNS, File transfer, HTTP
Trust, WINS replication, Domain synchronization,
Directory replicationServer
MANAGING USERSMANAGING USERSA USER ACCOUNT contains the information that allows a user access to the WINNT operating system and its resources.
USER NAME – must be uniqueLOGON PASSWORD & Group Membership List are contained in the account
BUILT-IN ACCOUNTS –• Administrator Account• Guest Account – May wish to disable or change the name & password to “Training” etc.
TOOLS for MANAGING USER TOOLS for MANAGING USER ACCCOUNTSACCCOUNTS
USER MANAGER•Allows Administrator to Create a User Account •Options:
•User Must Change Password At Next Logon•User Cannot Change Password•Password Never Expires•Account Disabled – AUP Violations, Moves from District, Retires
Let’s PracticeLet’s PracticeOpen USER MANAGER For the Domain (usrmgr)•What are invalid characters in User Names in NT?
•Cannot Include Special Characters: ‘ “ / \ ? < > | , ; : [ ] + * •User Name should be descriptive
•05roussj (preferably no more than 8 characters)
•Password is case-sensitive – it may be up to 14 characters•Initial Password like: 123456•Assign User to Groups
Let’s PracticeLet’s PracticeUser Properties:Characteristics of a User Account
•User Name•Full Name (may include spaces)•Description •Password•Password Control Options•Groups User Belongs to•Profile Settings•Hours During Which the User can log on to Computer•Computers from which a user may log on•Special Account Properties•Dial-in Permissions -- RAS
Let’s PracticeLet’s PracticeCreate a Home Folder
•Home Folders – network folder location that is used to store all the personal programs & data files for the user
\\senior01\users\%username%
When a Home folder is set in the user’s account, it becomes the user’s default folder for the Open & Save As dialog boxes in most applications.
NTFS will create these folders & share them with the userFAT you must create & share home folders
Let’s PracticeLet’s PracticeCreate a Home Folder
•Select User, Properties, Profile•Enter the Universal Naming Convention (UNC) path next to Local Path textbox for the Home Directory\\senior01\users\%username%
Two back slashes server name slash shared folder slash %username%
The server & shared folder must first exist on the network. NT will create a subfolder using the User ID name for the folder name. Click OK.
Let’s PracticeLet’s PracticeLook through the HOURS options
•Observe the Grid•Drag from Monday at 8:00 am to Friday at 5:00 pm•Click Disallow•Click OK
What does this action accomplish?When would you use it?
Let’s PracticeLet’s PracticeExplore –
Answer the following:
How can you Restrict a user’s logon access to a single computer?
How can you set an expiration date to an account?
Let’s Check for UnderstandingLet’s Check for UnderstandingTroubleshooting User Account Properties
Create a User Account for your machine with the following properties
Username: StudentPassword: LogicalNo account options enabledHome folder: D:\Users\Student\%username%Logon Hours: Monday to Friday, 9 to 5 DisabledDomain Users have the right to logon locally.
Let’s Check for UnderstandingLet’s Check for UnderstandingTroubleshooting User Account Properties
Create a User Account for your machine with the following properties
Username: StudentPassword: LogicalNo account options enabledHome folder: C:\Users\StudentDomain Users have the right to logon locally.
Logoff as administrator & log on as studentCreate a Notepad document & attempt to save it using Save As. Where does Notepad attempt to save the file by default?
User ProfilesUser ProfilesUser PROFILES are files that store user configuration information, such as the desktop appearance. Profiles are created and maintained by the system.
Each user is assigned a profile with information stored in a set of files and folders within the Windows (Winnt) Profiles folder.
Profiles can reside on the client computer (or each client computer a user logs onto OR ROAMING Profiles may reside on the logon server. ROAMING Profiles follow a user from client to client. Roaming Profiles can be Personal OR Mandatory – on WINNT machines.
Roaming Personal Profiles – User can changeRoaming Mandatory Profiles – User cannot change
User ProfilesUser ProfilesWhen you assign a server location for user profiles, a copy of the user’s local profile is saved both locally & remotely on the server. Comparison of both profiles is made at the next logon the user is asked which profile to load.
Create a roaming Profile
•Create a normal user profile by logging on as a user & changing your desktop•Log off & logon as the Administrator. In Control Panel, open the System application & activate the USER PROFILE TAB.•Select the user’s profile & click on Copy TO•Enter the name of the destination network folder (\\senior01\users\%username% will work)•In the Permitted To Use box click on Change. Add appropriate User. Click OK
User ProfilesUser ProfilesIn the USER MANAGER For DOMAINS, view properties for the user to whom you will be assigning this roaming profile.
Click on Profiles to display the User Environment Profile dialog box
Enter the Path to user’s roaming user profile using the UNC name
Click OK.
User ProfilesUser ProfilesRoaming Mandatory User Profiles
May NOT be modified. I.E. User CANNOT change the desktop color.
To create a mandatory user profile, create a roaming personal user profile and rename the Ntuser.dat file to Ntuser.man
This file is found WHERE?
User ProfilesUser ProfilesIn a DOMAIN, where should you create your User Accounts?
What tool do you use to create the accounts?
Where does one get this tool?
Where can this tool be placed?
What are the three types of User Profiles? Where are they stored?
User Profiles \windows\profiles, Roaming Personal Profiles & Roaming Mandatory Profiles – stored on the server.
Local & Global GroupsLocal & Global Groups
Local Groups belong to the Domain & can be Local Groups belong to the Domain & can be assigned permissions & rightsassigned permissions & rightsLocal Groups can contain Global GroupsLocal Groups can contain Global GroupsGlobal Groups do not have permissions or rights Global Groups do not have permissions or rights assigned to them, but they can become assigned to them, but they can become members of local groups that do have members of local groups that do have permissions & rightspermissions & rightsGlobal Groups can only contain Users from the Global Groups can only contain Users from the DomainDomainThe Primary Reason for creating Global Groups The Primary Reason for creating Global Groups is that they are to be assigned to a Local Groupis that they are to be assigned to a Local Group
Remember Local vs. global groupsRemember Local vs. global groups
Users from a local databaseUsers from a local database
Users from other computers’ Users from other computers’ databasesdatabases
Users from outside of the Users from outside of the domaindomain
Global groupsGlobal groups
• Users from the domain
database
Local group Global group
Can contain: Can contain:
A strategy for implementing network security (cont.)A strategy for implementing network security (cont.)
1. Create user accounts. 2. Organize user accounts into
global groups. (Domain Group)
Domain
Teachers
Domain
Students
Domain
Secretaries
3. Put global groups into
local groups.
DomainTeachers
DomainStudents
WebMasters
Local Groups Give Access To Resources
A strategy for implementing network security (cont.)A strategy for implementing network security (cont.)
1. Create user accounts. 2. Organize user accounts into
global groups. (Domain Group)
Domain
Teachers
Domain
Students
Domain
Secretaries
3. Put global groups into
local groups.
DomainTeachers
DomainStudents
WebMasters
4. Grant permissions to thelocal group.
OK to
access
Groups in a trust relationshipGroups in a trust relationship
Users
Global groups
Local groups
Let’s PracticeLet’s PracticeDecide what Global Groups & Local Groups are needed for your campus.
Decide this by looking at all the resources.•File Servers
•Folders•Plan a Folder Scheme
•Name of Folder •Needed Subfolders•Level of Sharing
•Application Servers•CD ROM Towers•Internet Access•RAS Access•Printers•Client Hardware (Drives & Printers—
& Folders (Shared CD ROM Drives & Folders)
Let’s PracticeLet’s Practice
Decide what Global Groups & Local Groups are needed for your campus.
Create Global & Local Groups to Manage Identified Resources
Diagram Resource & those Local Groups & Global Groups
Let’s PracticeLet’s Practice
Assign Permissions to resources using your Local Groups
Describe what Permissions you will need to assignfor each resource per Local Group
Managing GROUPSManaging GROUPS
Managing GROUPSManaging GROUPS
In your own words, describe the difference between local & global groups
A Local Group can contain Global Groups
Global Groups cannot contain Local GroupsGlobal Groups can contain ONLY users from within your Domain
Local Groups can be used ONLY on the computer on which they were created (unless the computer is a Domain Controller)
Managing GROUPSManaging GROUPS
Would you assign permissions to a specific user accounts orTo a Group?
You always assign permissions to groups rather than directly to user accounts. When new users need access to those resources, you simply add them to the appropriate group.
Managing GROUPSManaging GROUPS
The Built-in Groups….page 3-4
AdministratorsReplicatorsPower UsersUsersGuestsBackup OperatorsAccount OperatorsServer OperatorsPrint Operators
Managing GROUPSManaging GROUPSThe Built-in Groups….page 3-4
Each Group has certain capabilities that are allowed by their default user rights.
Access this computer Access this computer from the networkfrom the network
XX X X
Back up & Restore files Back up & Restore files & folders& folders
XX XX XX
Change the system Change the system timetime
XX XX
Force Shutdown from a Force Shutdown from a remote systemremote system
XX XX
Load & Unload device Load & Unload device driversdrivers
XX
Log on LocallyLog on Locally XX XX XX XX XX
Manage auditing & Manage auditing & security logsecurity log
XX
Shut down the systemShut down the system XX XX XX XX XX
Take ownership of files Take ownership of files & other objects& other objects
XX
XX
Managing GROUPSManaging GROUPSTEST YOUR UNDERSTANDING
1. Can Account Operators modify a User Account that is a member of the Administrative Group?
2. Can Users create Local Groups on a server if they have access to the User Manager for Domains Application?
3. Which Built-in Groups can be modified by an Account Operator?
The Users, Guests, and Replicator
Managing GROUPSManaging GROUPSTEST YOUR UNDERSTANDING
1. Which Built-in group is not available on WINNT Server Computers, but is available on Workstations?
Power Users Group
2. Which built-in Groups are available only on Domain Controllers?
Account Operators, Server Operators, & Print Operators
3. Which built-in Groups Can Backup & Restore Files?Administrators, Server Operators, & Backup Operators
BUILT-IN GLOBAL GROUPSBUILT-IN GLOBAL GROUPSGlobal Global GroupGroup
PurposePurpose ContainContains by s by defaultdefault
Who can Who can ModifyModify
Member of Member of Which Which Local Local GroupGroup
Domain Domain AdminsAdmins
To enable members To enable members to perform to perform administrative task administrative task on the local on the local computer computer
Administrator Administrator (user (user account)account)
AdministratorsAdministrators Administrators Administrators (local group)(local group)
Domain Domain UsersUsers
To enable members To enable members to perform tasks to perform tasks granted to the Users granted to the Users group on every local group on every local computer in the computer in the DomainDomain
Administrator Administrator (user (user account)account)
Administrators, Administrators, Account Account OperatorsOperators
UsersUsers
Domain Domain GuestsGuests
To enable members To enable members to perform tasks to perform tasks granted to the granted to the Guests group on Guests group on every local every local computer in the computer in the DomainDomain
Guest (user Guest (user account)account)
Administrators, Administrators, Account Account OperatorsOperators
GuestsGuests
Global GroupsGlobal Groups
Global groups do not have inherent Global groups do not have inherent capabilities to perform system capabilities to perform system administration or other network functions administration or other network functions as local groups do. Instead, global groups as local groups do. Instead, global groups acquire their capabilities by being acquire their capabilities by being members of the appropriate local group.members of the appropriate local group.
Determining MembershipsDetermining MembershipsPractice: Log on as AdministratorPractice: Log on as Administrator
Open user Manager For DomainsOpen user Manager For Domains
Notice that Global Groups begin with the globe Notice that Global Groups begin with the globe icon and the word “Domain” (ie Domain Admins)icon and the word “Domain” (ie Domain Admins)
Double-click on Administrators (Administrators is a Double-click on Administrators (Administrators is a user account & Domain Admins is a global group user account & Domain Admins is a global group account)account)
Who are the members of the Domain Users Global Who are the members of the Domain Users Global Account?Account?Administrators, & any users
Built-in system groupsBuilt-in system groupsGroupGroup Members & Members &
PurposePurposeExample of a Example of a UseUse
InteractiveInteractive Users who log on to the Users who log on to the system locally.system locally.
To restrict local access to a To restrict local access to a resource, you could assign resource, you could assign the NO ACCESS permission the NO ACCESS permission to the Interactive groupto the Interactive group
NetworkNetwork Users that connect to a Users that connect to a network available resource (a network available resource (a share) – permissions share) – permissions available to all available to all
To restrict network access to To restrict network access to a resource while allowing a resource while allowing local access, you could local access, you could assign the NO ACCESS assign the NO ACCESS permission to the Network permission to the Network groupgroup
EveryoneEveryone All users that connect to the All users that connect to the system, locally or across the system, locally or across the networknetwork
You can make a resource, You can make a resource, such as a printer available to such as a printer available to everybody by giving the everybody by giving the EVERYONE group Full EVERYONE group Full Control Rights.Control Rights.
CreatorOwnerCreatorOwner A user that creates a resource A user that creates a resource (such as a file) is a member of (such as a file) is a member of this group. If the this group. If the Administrator creates the Administrator creates the resource, the Administrators resource, the Administrators group is made a member of group is made a member of this group.this group.
You can use this group to You can use this group to grant special privileges to the grant special privileges to the creators of objects, such as creators of objects, such as files or print jobs.files or print jobs.
When might you Use each of these When might you Use each of these Groups?Groups?
Anytime you wish to use default levels of Anytime you wish to use default levels of user rightsuser rights
Creating & Managing Groups – Creating & Managing Groups – Must be created on PDC databaseMust be created on PDC databaseUse Manager For Domains to create groups Use Manager For Domains to create groups (must be Administrator or Account Operator)(must be Administrator or Account Operator)To create a global group To create a global group – Choose User, New Global GroupChoose User, New Global Group– Enter name of group (20 character limit)Enter name of group (20 character limit)– Use Add buttonUse Add button– Click OKClick OK
If you need to add several users to a group, hold If you need to add several users to a group, hold down the Ctrl key, select each user to add down the Ctrl key, select each user to add then choose User, New Global Group.then choose User, New Global Group.
Creating Local GroupsCreating Local Groups
Use User Manager for DomainsUse User Manager for Domains
Choose User, New Local GroupChoose User, New Local Group
Enter name of your group (256 characters– Enter name of your group (256 characters– however only the first 22 will be displayed)however only the first 22 will be displayed)
Use Add buttonUse Add button
Click OKClick OK
Let’s PracticeLet’s PracticeCreate a Local Group & Add the Create a Local Group & Add the
Global Group to it.Global Group to it.Perform this task at the PDC or BDCPerform this task at the PDC or BDCIn the Groups list box select NetUsers (to ensure In the Groups list box select NetUsers (to ensure that no user accounts are automatically placed that no user accounts are automatically placed in the new local group)in the new local group)Choose User, New Local GroupChoose User, New Local GroupIn the Group Name text box, enter LocalUsersIn the Group Name text box, enter LocalUsersClick AddClick AddIn the Names list box, select NetUsersIn the Names list box, select NetUsersClick Add, Click OK After name is displayed in Click Add, Click OK After name is displayed in the Add Names List Box. (P 3-13)the Add Names List Box. (P 3-13)
4-1 Account Administration4-1 Account Administration
Copying User AccountsCopying User AccountsYou can create a New User account by copying an You can create a New User account by copying an
existing user account (using existing user existing user account (using existing user account as a template)account as a template)
Creating Templates for Users is helpful when you Creating Templates for Users is helpful when you must add large numbers of new usersmust add large numbers of new users
Template that expires on graduation date for Template that expires on graduation date for students. Templates usually begin with an students. Templates usually begin with an underscore character “ _ “ to display it at the top underscore character “ _ “ to display it at the top of the User Name Listof the User Name List
Let’s PracticeLet’s PracticeLog on as AdministratorLog on as AdministratorOpen User Manager for DomainsOpen User Manager for DomainsIn the list of User Names double-click on GuestIn the list of User Names double-click on GuestObserve the propertiesObserve the propertiesClick on CancelClick on CancelChoose User, CopyChoose User, CopyObserve the information that is automatically entered in the Copy of Observe the information that is automatically entered in the Copy of Guest dialog boxGuest dialog boxIn the Username text box, type _copyIn the Username text box, type _copyIn the Description text box type “copy of Guest account”In the Description text box type “copy of Guest account”Enter a passwordEnter a passwordClick AddClick AddClick CloseClick CloseIn the Username list box, double-click on your new use account to In the Username list box, double-click on your new use account to view propertiesview propertiesClick CancelClick Cancel
Modifying Multiple User AccountsModifying Multiple User Accounts
If you need to modify two or more User Accounts If you need to modify two or more User Accounts in the same way, you can make the changes in the same way, you can make the changes simultaneously.simultaneously.Use the Ctrl key to highlight those accounts – Use the Ctrl key to highlight those accounts – the accounts selected, choose User, Properties the accounts selected, choose User, Properties The User Properties dialog box for multiple user The User Properties dialog box for multiple user accounts is slightly different – you can modify accounts is slightly different – you can modify descriptions, enable & disable the 4 user descriptions, enable & disable the 4 user account options, and modify group memberships account options, and modify group memberships and profile information.and profile information.
Let’s Practice Let’s Practice Page 4-4Page 4-4
Select your _copy Select your _copy Press Ctrl and select several usersPress Ctrl and select several usersChoose User, PropertiesChoose User, PropertiesIn the Description Box enter User AccountIn the Description Box enter User AccountUncheck Users Cannot Change Password & Uncheck Users Cannot Change Password & password Never Expirespassword Never ExpiresClick OKClick OKDouble-click on a User Account to check Double-click on a User Account to check properitesproperitesClick CancelClick Cancel
RENAMING USER ACCOUNTSRENAMING USER ACCOUNTS
All user Accounts can be renamed.All user Accounts can be renamed.
When might you want to RENAME a User When might you want to RENAME a User Account?Account?
Select a UserSelect a User
Choose User, RenameChoose User, Rename
Type in New nameType in New name
Click OKClick OK
Deleting User AccountsDeleting User Accounts
All Users except the Administrator & Guest All Users except the Administrator & Guest accounts can be deleted by using the User, accounts can be deleted by using the User, Delete command. Delete command. Once User Accounts have been deleted, they Once User Accounts have been deleted, they cannot be re-created. cannot be re-created. At creation each user account is given an SID At creation each user account is given an SID which is unique. Creating the exact user which is unique. Creating the exact user account again DOES NOT assign the same SID account again DOES NOT assign the same SID to that account …therefore the system sees the to that account …therefore the system sees the exact user name & password as a NEW accountexact user name & password as a NEW accountWhen should you Delete a User Account?When should you Delete a User Account?
Adding a User to the Account Adding a User to the Account GroupGroup
In the Username list box, double-click on a UserIn the Username list box, double-click on a UserClick on the Groups buttonClick on the Groups buttonClick on Account OperatorsClick on Account OperatorsClick AddClick AddClick OKClick OKChoose Policies, User RightsChoose Policies, User RightsWhich Rights are automatically assigned to the Which Rights are automatically assigned to the Account Operator?Account Operator?Click Cancel Click Cancel
Account PoliciesAccount Policies
The Account Policy is used to control how The Account Policy is used to control how passwords are used & maintained by passwords are used & maintained by users.users.Account Policy dialog box is divided into Account Policy dialog box is divided into two sectionstwo sections– Password RestrictionsPassword Restrictions– Account LockoutAccount Lockout
Explore these optionsExplore these optionsWhen would you use each option?When would you use each option?
5-1 Securing Network Resources5-1 Securing Network Resources
Use Shared Folder Permissions to Secure Use Shared Folder Permissions to Secure Network ResourcesNetwork Resources
Use NTFS permissions to secure network Use NTFS permissions to secure network resourcesresources
Determine effective permissions on a file Determine effective permissions on a file or folder, given set of group, user, and or folder, given set of group, user, and share permissions.share permissions.
OBJECTIVES:
Using Shared Folder PermissionsUsing Shared Folder Permissions
Requirements for Sharing a FolderRequirements for Sharing a Folder– Organize files & folders so that folders with the same Organize files & folders so that folders with the same
security requirements are located within the same security requirements are located within the same branch in the folder hierarchy. For example, if users branch in the folder hierarchy. For example, if users require Read permissions to several folders, store require Read permissions to several folders, store those folders within the same folderthose folders within the same folder
– Member of Administrator GroupMember of Administrator Group– Server Services Must be StartedServer Services Must be Started– NTFS (New Technology File System) partition…NTFS (New Technology File System) partition…
Additional ConsiderationsAdditional Considerations
Sharing a Folder By Using Sharing a Folder By Using Windows NT ExplorerWindows NT Explorer
Run ExplorerRun Explorer
Select and observe the Temp folderSelect and observe the Temp folder
Choose File, Properties, Sharing, Share Choose File, Properties, Sharing, Share ASAS
Accept the DefaultsAccept the Defaults
Observe the User Limit BoxObserve the User Limit Box
Click OKClick OK
Permissions versus RightsPermissions versus Rights
A Permission is a specific level of access a user A Permission is a specific level of access a user or group is granted to a particular resource. or group is granted to a particular resource. Unlike rights, which apply to the system as a Unlike rights, which apply to the system as a whole, permissions are associated with specific whole, permissions are associated with specific objects. Therefore a user right can override any objects. Therefore a user right can override any object permissions that are also assigned to a object permissions that are also assigned to a user. user. For example, if you grant the user the right to For example, if you grant the user the right to back up files and folders, it automatically back up files and folders, it automatically includes the ability to read all files, even if the includes the ability to read all files, even if the file permissions have been set specifically file permissions have been set specifically denying the user access rights to the files.denying the user access rights to the files.
Shared Folder PermissionsShared Folder Permissions
Once you create a share for a folder, you must Once you create a share for a folder, you must set remote access permissions to allow other set remote access permissions to allow other users to access the folder.users to access the folder.– Default is EVERYONE – FULL CONTROLDefault is EVERYONE – FULL CONTROL– Use Permissions Button to set the Folder Properties Use Permissions Button to set the Folder Properties
to NO ACCESS, READ, CHANGE, FULL CONTROLto NO ACCESS, READ, CHANGE, FULL CONTROL
NOW, Create a NOTEPAD.txt document in your NOW, Create a NOTEPAD.txt document in your own TEMP Folder and save it. own TEMP Folder and save it.
SHARE your Temp Folder with only MickeySHARE your Temp Folder with only MickeyType of ACCESS = READType of ACCESS = READClick OKClick OK
Accessing Shared Folders with Accessing Shared Folders with Network NeighborhoodNetwork Neighborhood
Logoff as Administrator & Logon As MickeyLogoff as Administrator & Logon As MickeyDouble-click on Network NeighborhoodDouble-click on Network NeighborhoodDouble-click on Partners computer nameDouble-click on Partners computer nameDouble-click on your Partners TEMP folderDouble-click on your Partners TEMP folderAccess the NOTEPAD.txt documentAccess the NOTEPAD.txt document– Are you able to edit the text?Are you able to edit the text?– Can you save a copy of the edited text file to a Can you save a copy of the edited text file to a
different remote location where you have rights? different remote location where you have rights? To a local location?To a local location?
– Can you Delete the file?Can you Delete the file?– Can you Move the file?Can you Move the file?
Accessing Local ResourcesAccessing Local Resources
Swap Computers with your PartnerSwap Computers with your Partner
Logon As MickeyLogon As Mickey
Access Document in TEMP FolderAccess Document in TEMP Folder– Can you Edit?Can you Edit?– Create A New Text File?Create A New Text File?– Delete a text file?Delete a text file?
Shared Folder Permissions apply ONLY to REMOTE connections AND DO NOT have any effect on what you can do if you are seated at the computer containing the shares.
Using the Run Command to Using the Run Command to Connect to Shared FoldersConnect to Shared Folders
In the Run Command box type the UNC In the Run Command box type the UNC path to the shared folderpath to the shared folder
\\computer_name\shared_folder\\computer_name\shared_folder
Hit EnterHit Enter
Default Administrative SharesDefault Administrative Shares
In a Network Environment (WINNT, 2000, In a Network Environment (WINNT, 2000, XP) there are two automatic shares for XP) there are two automatic shares for remote access Admin$ & Drive_letter$ for remote access Admin$ & Drive_letter$ for each hard drive partition.each hard drive partition.Admin$ takes you to the \winnt_root folderAdmin$ takes you to the \winnt_root folderdrive_letter$ remotely takes you to each drive_letter$ remotely takes you to each hard drive partitionhard drive partitionPRACTICE: Use the RUN Command Line PRACTICE: Use the RUN Command Line & Type & Type \\partners_computer\C$\\partners_computer\C$ Can you Access your partners D: Drive?Can you Access your partners D: Drive?
Hidden SharesHidden Shares
$ at the end of the administrator sharenames $ at the end of the administrator sharenames indicates that these are HIDDEN SHARES. The indicates that these are HIDDEN SHARES. The $ hides the shared folders from users who $ hides the shared folders from users who browse the computerbrowse the computerHidden Shares must be accessed remotely by Hidden Shares must be accessed remotely by their UNC paththeir UNC pathPracticePracticeHide your TEMP Share & see if your partner can Hide your TEMP Share & see if your partner can ACCESS ITACCESS ITRename the folder without the $Rename the folder without the $
Hidden SharesHidden Shares
Open the Control PanelOpen the Control Panel
Open ServerOpen Server
Click on SharesClick on Shares
Observe the Hidden SharesObserve the Hidden Shares
Click Close. CancelClick Close. Cancel
Stopping the Sharing of a FolderStopping the Sharing of a Folder
You can stop the sharing of all folders by You can stop the sharing of all folders by Right Clicking, Choose Sharing, Select Right Clicking, Choose Sharing, Select NOT SHARED, Click OKNOT SHARED, Click OK
YOU CANNOT stop the sharing of the YOU CANNOT stop the sharing of the Admin$ or Drive$Admin$ or Drive$
Using NTFS Permissions to Secure Using NTFS Permissions to Secure Network ResourcesNetwork Resources
Unlike FAT file system, which provides only Unlike FAT file system, which provides only shared folder permissions, NTFS file system shared folder permissions, NTFS file system provides security for files & foldersprovides security for files & foldersNTFS also provides ownership priviledges that NTFS also provides ownership priviledges that are importantare importantOn NTFS volume, you can implement security On NTFS volume, you can implement security on a per-file, per-folder, or per-drive basis by on a per-file, per-folder, or per-drive basis by assigning various levels of permissions. THIS assigning various levels of permissions. THIS DOES EFFECT the ability of users to access the DOES EFFECT the ability of users to access the shared file LOCALLY AS WELL AS REMOTELYshared file LOCALLY AS WELL AS REMOTELY
Set FILE PermissionsSet FILE Permissions
In WINNT EXPLORER use the Security In WINNT EXPLORER use the Security tab in the Properties dialog box to set or tab in the Properties dialog box to set or view the permissionsview the permissions
Permissions can be set on a per-group, or Permissions can be set on a per-group, or per-user basisper-user basis
Select the Temp folder Notepad.txt fileSelect the Temp folder Notepad.txt file
Choose File, Properties, Security tab, Choose File, Properties, Security tab,
Click Permissions – what are the defaults?Click Permissions – what are the defaults?
FILE PERMISSIONSFILE PERMISSIONS
READ (R)READ (R)
WRITE (W)WRITE (W)
EXECUTE (X)EXECUTE (X)
DELETE (D)DELETE (D)
CHANGE Permission (P)CHANGE Permission (P)
TAKE OWNERSHIP (O) (Special Access)TAKE OWNERSHIP (O) (Special Access)
To be able to change permissions on a file, you To be able to change permissions on a file, you must take ownership of it (creator already has must take ownership of it (creator already has ownership) – then YOU can set the permissionsownership) – then YOU can set the permissions
Inheriting PermissionsInheriting Permissions
File & Folder Permissions are separate. However, File & Folder Permissions are separate. However, unless the permissions are explicitly set otherwise, files unless the permissions are explicitly set otherwise, files & folders will inherit the permissions of their parent & folders will inherit the permissions of their parent folder.folder.When you view permissions on a folder, you will see two When you view permissions on a folder, you will see two sets of permissions in parenthese, for example (RXW) sets of permissions in parenthese, for example (RXW) (RX). The first refers to the permissions on the folder (RX). The first refers to the permissions on the folder itself & its subfolders; the second set applies to itself & its subfolders; the second set applies to permissions on files in that folder. THERE ARE SOME permissions on files in that folder. THERE ARE SOME folder permissions that files do not inherit.folder permissions that files do not inherit.The FULL CONTROL folder permission overrides the file The FULL CONTROL folder permission overrides the file permission of not deleting.permission of not deleting.
PermissionPermission AllowsAllows Files InheritFiles Inherit
No AccessNo Access Denies all Denies all accessaccess
Denies all Denies all accessaccess
ListList RXRX Not SpecifiedNot Specified
ReadRead RXRX RXRX
AddAdd XWXW Not SpecifiedNot Specified
Add & ReadAdd & Read RXWRXW RXRX
ChangeChange RXWDRXWD RXWDRXWD
Full ControlFull Control RXWDPORXWDPO RXWDPORXWDPO
Special Directory Special Directory AccessAccess
Any comboAny combo Set Set independentlyindependently
Special File AccessSpecial File Access Set Set independentlyindependently
Any comboAny combo
Changing Folder PermissionsChanging Folder Permissions
By default when you change permissions By default when you change permissions on a folder, you DO change permissions of on a folder, you DO change permissions of any existing files in the folder, but NOT on any existing files in the folder, but NOT on the subfolders.the subfolders.
New subfolders & files will inherit the new New subfolders & files will inherit the new permission set. Take CARE in permission set. Take CARE in CHANGING Folder PermissionsCHANGING Folder Permissions
Setting Folder Permissions PracticeSetting Folder Permissions Practice
Open Windows NT ExplorerOpen Windows NT ExplorerOpen the Temp folder & select the Notepad.txt fileOpen the Temp folder & select the Notepad.txt fileChoose File, PropertiesChoose File, PropertiesClick Security tab, Permissions (observe current Click Security tab, Permissions (observe current permissions) Click Cancelpermissions) Click CancelNow Select the TEMP folderNow Select the TEMP folderFrom the Type of Access drop-down list box, select LISTFrom the Type of Access drop-down list box, select LISTClick Add, Select Administrator, Click Add, From the Click Add, Select Administrator, Click Add, From the Type of Access drop-down box Select Full Control, Click Type of Access drop-down box Select Full Control, Click OK twiceOK twiceNow Select Notepad.txt, click File, Properties, Security Now Select Notepad.txt, click File, Properties, Security Tab, Click Permissions – The original file permissions Tab, Click Permissions – The original file permissions have been replaced by inherited permissions from the have been replaced by inherited permissions from the folderfolder
Copying/Moving Shared Folders Copying/Moving Shared Folders
Observing permissions on copied and moved filesObserving permissions on copied and moved filesGive Everyone FULL Control of your Temp Give Everyone FULL Control of your Temp folderfolder, , remove any other permissionsremove any other permissionsSelect \TEMP\Notepad.txt on your partners computer. Select \TEMP\Notepad.txt on your partners computer. Observe the permissions on the Observe the permissions on the filefileMake sure your partners Share folder has given the Make sure your partners Share folder has given the Administrator Full Control, remove all other permissionsAdministrator Full Control, remove all other permissionsMove the Notepad.txt file to the Share folder, Observe Move the Notepad.txt file to the Share folder, Observe the new File Permissionsthe new File PermissionsNow Move the Notepad.txt file BACK to your partners Now Move the Notepad.txt file BACK to your partners TEMP folder, Observe the File PermissionsTEMP folder, Observe the File Permissions
Mapping a Shared FolderMapping a Shared FolderLet’s PracticeLet’s Practice
Use Explorer to Find your Partners Shared Folder –Use Explorer to Find your Partners Shared Folder –TEMPTEMPChoose Tools, Map Network DriveChoose Tools, Map Network DriveObserve the Drive Drop-down Box, choose a letter for Observe the Drive Drop-down Box, choose a letter for your Driveyour DriveIn the Path box, type your partners shared folder UNCIn the Path box, type your partners shared folder UNC\\computer\temp\\computer\tempClick OKClick OKRight-click on the folder in the left paneRight-click on the folder in the left paneChoose MAP NETWORK DRIVEChoose MAP NETWORK DRIVESelect the folder, create a NOTEPAD.text document & Select the folder, create a NOTEPAD.text document & Save in the shared TEMP folder, Choose FILE SAVE AS Save in the shared TEMP folder, Choose FILE SAVE AS & Browse for the Mapped folder& Browse for the Mapped folder
DISCONNECTING FROM A DISCONNECTING FROM A REMOTE RESOURCEREMOTE RESOURCE
In the WINNT Explorer choose Tools, In the WINNT Explorer choose Tools, Disconnect Network DriveDisconnect Network Drive
Select the Network Drive to Disconnect Select the Network Drive to Disconnect FromFrom
Click OKClick OK
Choose the Folder, Right-ClickChoose the Folder, Right-Click
Choose Disconnect, YESChoose Disconnect, YES
Taking Ownership of FilesTaking Ownership of Files
If you create it – you own it…also, if you If you create it – you own it…also, if you copy a file, you own the copy. The owner copy a file, you own the copy. The owner cannot assign ownership to anyone else. cannot assign ownership to anyone else. However, they grant the “Take Ownership” However, they grant the “Take Ownership” permission to others.permission to others.
You can take ownership of a file if you You can take ownership of a file if you have Full Control permission OR you have have Full Control permission OR you have been given “Take Ownership” permissionbeen given “Take Ownership” permission
Taking Ownership of FilesTaking Ownership of Files
To take ownership of a file, display the To take ownership of a file, display the file’s Properties dialog box, click on the file’s Properties dialog box, click on the Security tab, click on the Ownership, and Security tab, click on the Ownership, and Click on Take Ownership.Click on Take Ownership.
You can also take Ownership of a Folder You can also take Ownership of a Folder & all Subfolders.& all Subfolders.
Security System InteractionsSecurity System InteractionsUser & Group Permissions are cumulative. Permissions User & Group Permissions are cumulative. Permissions you can ultimately exercise are a combination of the you can ultimately exercise are a combination of the permissions granted to you as a user & the permissions permissions granted to you as a user & the permissions granted to any group to which you are a membergranted to any group to which you are a memberEXAMPLE: The user is assigned READ permission to a EXAMPLE: The user is assigned READ permission to a particular folder. A group the user belongs to is assigned particular folder. A group the user belongs to is assigned WRITE permissions to the same folder….the user has WRITE permissions to the same folder….the user has RW Permissions to that folder.RW Permissions to that folder.There is ONE exception: The NO ACCESS permission There is ONE exception: The NO ACCESS permission overrides all others. overrides all others. HOWEVER, having NO ACCESS permission applied to HOWEVER, having NO ACCESS permission applied to a folder which contains a file for which the user has a folder which contains a file for which the user has permissions does NOT prevent the user from opening permissions does NOT prevent the user from opening the file from its respective application! the file from its respective application! The user can open the file, providing you use the local or The user can open the file, providing you use the local or UNC path to the file in the File Open dialog box of the UNC path to the file in the File Open dialog box of the application.application.
Consider this ScenarioConsider this ScenarioChris’ Chris’ PermissionsPermissions
TeacherTeacher
Group Group PermissionsPermissions
Grade-level Grade-level Group Group PermissionsPermissions
Chris’ Effective Chris’ Effective PermissionsPermissions
READREAD ADDADD Not specifiedNot specified Add & ReadAdd & Read
Not SpecifiedNot Specified Full ControlFull Control No AccessNo Access
ReadRead ChangeChange Take Take OwnershipOwnership
ListList AddAdd Not SpecifiedNot Specified
Special Special Access: Access: Read & Read & DeleteDelete
Not SpecifiedNot Specified Add & ReadAdd & Read
REMEMBERREMEMBER
The Individual Read, Execute, & Write The Individual Read, Execute, & Write permissions are slightly different from the permissions are slightly different from the Add & Read permissions because files do Add & Read permissions because files do NOT inherit the List or Add permissionsNOT inherit the List or Add permissions
NTFS permissions affect file & folder NTFS permissions affect file & folder access for a local user & remote user...this access for a local user & remote user...this adds a second layer of security to the adds a second layer of security to the network.network.
REMEMBERREMEMBER
A good rule of thumb to remember between the A good rule of thumb to remember between the interaction share permissions & NTSF is that the interaction share permissions & NTSF is that the most restrictive permission applies. This is most restrictive permission applies. This is because share & NTFS permissions are NOT because share & NTFS permissions are NOT cumulative, but provide two layers of access.cumulative, but provide two layers of access.
If the share permission for a particular user is If the share permission for a particular user is READ, and the NTFS permission is FULL READ, and the NTFS permission is FULL CONTROL, the user will have READ access. Or CONTROL, the user will have READ access. Or the user could exercise the FULL CONTROL the user could exercise the FULL CONTROL permission by accessing the file locally instead permission by accessing the file locally instead across the network.across the network.
ScenarioScenario
Share Share PermissionsPermissions
NTFS NTFS PermissionsPermissions
Effective Effective PermissionsPermissions
ReadRead Add & ReadAdd & Read ReadRead
Full ControlFull Control ChangeChange
No AccessNo Access Add & ReadAdd & Read
ChangeChange ReadRead
Full ControlFull Control Full ControlFull Control
LAB Time
6-1Managing Network Resources6-1Managing Network Resources
Features of the Client for Features of the Client for Microsoft NetworksMicrosoft Networks
Automatic setup of networking capabilities in Windows 98Automatic setup of networking capabilities in Windows 98
Windows 98 GUI integrates the networking capabilitiesWindows 98 GUI integrates the networking capabilities
Client-side cachingClient-side caching
Plug and Play support (USB)Plug and Play support (USB)
Peer resource sharing services – Must be selectedPeer resource sharing services – Must be selected
Automatic reconnection for lost server connectionsAutomatic reconnection for lost server connections
Long filenames for network resources --AVOID!Long filenames for network resources --AVOID!
Monitoring and optimizing Monitoring and optimizing performanceperformance
Four areas to
monitor:
ProcessorProcessor
RAMRAM
Hard DriveHard Drive
NetworkNetwork
Troubleshooting toolsTroubleshooting tools
Resource KitsResource Kits
Books OnlineBooks Online
TechNetTechNet
Microsoft’s World Wide Web siteMicrosoft’s World Wide Web site
Microsoft’s ftp siteMicrosoft’s ftp site
MSNMSN
Microsoft technical supportMicrosoft technical support
Administrative tools (Event Viewer, Server Manager, etc.)Administrative tools (Event Viewer, Server Manager, etc.)
Creating partitions by using the Creating partitions by using the FDISK & Disk Administrator utilityFDISK & Disk Administrator utility
unpartitioned disk
(all free space)
D:
FDISK
Extendedpartition
Primarypartition
F:
E:Logicaldrives
C:
Let’s PracticeLet’s Practice
Installation sourcesInstallation sources
Local drive sources:
CD-ROM or floppy disk
Network drive sources:
Shared CD-ROM or hard disk
Virtual directoriesVirtual directoriesActual structure Client sees
C:\ InetPub\wwwroot
Alias: <Home>
D:\Data\Documents
Alias:/Publishing
\\Corpserver\Sales_Mkt\Files
Alias: /Marketing
D:\Data\Corp\Promos
Alias: /Marketing/Promos
www.corp.com
<Home>
/Publishing
/Marketing
/Promos
The role of file and print serversThe role of file and print servers
client
file and
print serverprinter
Requests files and sends print jobs
The role of file and print servers The role of file and print servers (cont.)(cont.)
client
file and
print serverprinter
Sends files
Sends and monitors
print jobs
Overview of the Windows NT printing processOverview of the Windows NT printing process
print request
other clientsprinter driver spooler printing device
Occurs on client Occurs on server
print request
Windows 95 or
Windows NT client
printer driver printing device
Occurs on client Occurs on
print server
spooler spooler
Setting priorities between Setting priorities between printersprinters
printer1: priority 99
printer2: priority 1
user36’s
computer
President’s
computer
user36 President printing
device
print server
Point and Print supportPoint and Print supportPrint Server Driver Names Location of Drivers Printer Info/Config
Windows 98 X X X
Windows NT X
NetWare X X
The Windows NT print processThe Windows NT print process
2. Print driver loaded
(locally or from
server).
3. Job partially
rendered.
4. Client spooler
receives job.
5. Client spooler
calls server
spooler.
1. Application
generates
print request.
Print client Print server
6. Server spooler
receives job.
7. Router determines
destination print
device.
8. Print processor
formats for printer
device.
9. Separator page
processed.
10. Print monitor
sends to device.
11. Print device
produces
output.
can be same computer
Print troubleshooting guidelinesPrint troubleshooting guidelinesPower on?
On-line?
Paper jam?
Paper/toner?
Correct printer driver?
Default printer?
Printer port?
Print from other application?
Print to port or to file?
Disk space for spooler?
Spooler service running?
Printer
Print server/ print client computer
Network
Physical network problems?
Printer shared?
Correct user logged on?
Correct permissions assigned?
The Intel boot sequenceThe Intel boot sequencePreboot sequence
Boot sequence
NTLDR
If Windows NT
is not chosen
1. Conduct Power On Self Test (POST)
2. Load Master Boot Record (MBR)
3. Load active partition’s boot sector
4. Load NTLDR
1. Change processor to flat memory model
2. Start minifile system (FAT or NTFS)
3. Read BOOT.INI to build Boot Loader Menu
4. Load operating system
5. Load BOOTSECT.DOS
5. Call NTDETECT.COM to examine hardware
6. Begin Windows NT load phases
If Windows NT
is chosen
The RISC boot sequenceThe RISC boot sequence
Preboot sequence
1. Select boot device
2. Determine presence of bootable partition
3. Verify supported file system
4. Load OSLOADER.EXE
Boot
sequence1. Initial boot sequence
2. Begin Windows NT load phases
The Windows NT load phasesThe Windows NT load phases
Kernel loadKernel load (screen shows progress dots)(screen shows progress dots)
Kernel initializationKernel initialization (screen turns blue)(screen turns blue)
Service loadService load (blue screen shows progress dots)(blue screen shows progress dots)
Subsystem startSubsystem start (Begin Logon dialog box appears)(Begin Logon dialog box appears)
ARC namingARC namingMultiMultiIDEIDEESDIESDISCSISCSIwithwithBIOSBIOS
enableenabledd
SCSISCSISCSISCSI
withoutwithoutBIOSBIOS
disk(0)
SCSI bus
number for
SCSI
adapters or
0 for all
non-SCSI
adapters
SCSIrdisk(0)
First disk
numbered 0
Second disk
numbered 1
Used only
in systems
with non-
SCSI disks
(set to 0
with SCSI
disks)
partition(1)
Partition on
disk that
stores NT
files
0 = special
partition and
generally not
used
1 = First
partition
2 = Second
partition . . .
\WINNT =
Folder that
stores the
Windows NT
boot files
“NT Server”
Name of the
operating
system
Appears in
the boot
menu
(0)
First adapter
in system
numbered 0
Second
adapter
in system
numbered 1 . . .
multi(0)disk(0)rdisk(0)partition(1)\\WINNT= “NT Server”
Comparing file system characteristicsComparing file system characteristics
Filename length
File size
Restricted filename characters
Case in filenames
File attributes
Directory structure
Supported operating systems
Security
Compression
Formatting
Maximum partition size
Optimal partition size
File system overhead
NTFS FAT under NT
Filename length
File size
Restricted filename characters
Case in filenames
File attributes
Directory structure
Supported operating systems
Security
Compression
Formatting
Maximum partition size
Optimal partition size
File system overhead
NTFS FAT under NT
Comparing file system characteristics (completed)Comparing file system characteristics (completed)
255 characters 255 characters
16 EB 4 GB
? “ / \ < > * | :
Case preserving; supportscase sensitivity for POSIX Case preserving
Elemental and extended Elemental (R,A,S,H)
B-tree Linked list
Windows NT Windows NT; Windows 95;OS/2; DOS
Per-file and per-directory None
Can format hard disksCan format floppy andhard disks
16 EB 4 GB
>400 MB <400 MB1-5 MB; recommendedminimum 50 MB partition <1 MB
? “ / \ < > * | :
Per-file, per-folder, per-drive 3rd party utilities