Introduction to NT Introduction to NT AdministrationAdministration

Objectives:Objectives:How to use DOMAINSHow to use DOMAINSCreate Users & Set Properties to user accountsCreate Users & Set Properties to user accountsManage User Accounts & Assign Security PoliciesManage User Accounts & Assign Security PoliciesUse Shared Folder PermissionsUse Shared Folder PermissionsUser Server Manager & Win NT DiagnosticsUser Server Manager & Win NT DiagnosticsAdminister Local & Remote Printing DevicesAdminister Local & Remote Printing DevicesUse Event Viewer & Archive LogsUse Event Viewer & Archive Logs

Compare Win NT Server 4.0 with Compare Win NT Server 4.0 with Win NT Workstation 4.0Win NT Workstation 4.0

ServerServerAllows a nearly unlimited number Allows a nearly unlimited number

of users to connect to a shared of users to connect to a shared resource at one timeresource at one time

Tuned for file- and print-sharing Tuned for file- and print-sharing performanceperformance

Symmetric multiprocessing Symmetric multiprocessing suport on up to four processorssuport on up to four processors

Can be a Domain ControllerCan be a Domain Controller

WorkstationWorkstationAllows up to 10 users to connect Allows up to 10 users to connect

to a shared resource at one timeto a shared resource at one time

Tuned for application Tuned for application responsivenessresponsiveness

Symmetric multiprocessing Symmetric multiprocessing support on up to two processorssupport on up to two processors

Cannot be a Domain ControllerCannot be a Domain Controller

Why Do We NETWORK?Why Do We NETWORK?

Share ResourcesShare Resources

More Computing PowerMore Computing Power

Collaborate & CommunicateCollaborate & Communicate

More File SpaceMore File Space

Faster Access than a “Sneaker Net”Faster Access than a “Sneaker Net”

DOMAINSDOMAINS

The concept behind NT NetworksThe concept behind NT Networks

WorkgroupsWorkgroups

A workgroup is a collection of computers A workgroup is a collection of computers that form a peer-to-peer network. In a that form a peer-to-peer network. In a workgroup, each computer can act as both workgroup, each computer can act as both a server & a client for sharing resources.a server & a client for sharing resources.

Each station in a Workgroup is Managed Each station in a Workgroup is Managed Separately.Separately.

Advantages? Disadvantages?Advantages? Disadvantages?

A workgroupA workgroup

List of users

Name Password

Mary Fido

Bill Pentium

Sue Logical

List

of

users

List

of

users

List

of

users

PERMISSIONSPERMISSIONS

The Rules that limit which users can use The Rules that limit which users can use specified network resourcesspecified network resources

Permissions and permission setsPermissions and permission sets

Task name Task

Read (R) Display the folder’s data, attributes, owner, and permissions

Write (W) Create new files or change the folder’s attributes

Execute (X) Run files in the folder or open the folder

Delete (D) Delete files in the folder

Change Permissions (P) Change the folder’s permissions

Take Ownership (O) Become the owner of the folder

Permission Allows

No Access Denies all access to the folder

List RX

Read RX

Add XW

Add & Read RXW

Change RXWD

Full Control RXWDPO

Special Directory Access Any custom combination of tasks

Special File Access Set independently

Layers of securityLayers of security

NTFS security

Share security

User workstationNetwork

request

Shared folder

Unified logon for Microsoft networksUnified logon for Microsoft networks

OK

Cancel

Enter Network Password

User name:

Password:

Enter your network password for Microsoft Networking

OK

Cancel

Enter Network Password

User name:

Password:

Enter your network password for Microsoft Networking

Domain:

Peer-to-peer network

Windows NT domain

DOMAINSDOMAINS

A DOMAIN is a collection of computers that A DOMAIN is a collection of computers that can be used and managed as a single can be used and managed as a single entity. Users can log on once to a domain entity. Users can log on once to a domain & then have access to any computer or & then have access to any computer or resource for which they have permissions.resource for which they have permissions.

Usually, Domains are organized by a Usually, Domains are organized by a common use or purpose common use or purpose

A DOMAINA DOMAIN

Requires the presence of at least one computer Requires the presence of at least one computer running Windows NT Server.running Windows NT Server.

This computer, called the Primary Domain This computer, called the Primary Domain Controler (PDC), maintiains a central accounts Controler (PDC), maintiains a central accounts database called the directory database of its database called the directory database of its members.members.

A Domain may have multiple servers, clients or A Domain may have multiple servers, clients or domain controllers (maintains directory database domain controllers (maintains directory database & participates in validating logon requests)& participates in validating logon requests)

A domain has a centralized directory databaseA domain has a centralized directory database

Rashad’s computerFred’s computer Sue’s computer

List of users

Name Password

Sue Logical

Rashad Pentium

Fred Password

Domain controller

List of users

The role of Windows NT Server domain controllersThe role of Windows NT Server domain controllers

client

Windows NT

Server PDC

Windows NT

Server BDC

Processes user logons

The role of Windows NT Server domain controllers The role of Windows NT Server domain controllers (cont.)(cont.)

client

Windows NT

Server PDC

Windows NT

Server PDC

Update accounts

database and

perform

directory replication

DOMAINSDOMAINS

WHAT IF:WHAT IF:– The PDC goes down? Can users logon to the The PDC goes down? Can users logon to the

network?network?

Yes, BUT only if there is a Backup Domain Controller (server) with the current directory database.

DOMAINSDOMAINS

Give two advantages of using a domain Give two advantages of using a domain model for your network.model for your network.

Computers can be centrally administered

The common directory database simplifies security administration

Give one Disadvantage of using DOMAINS

A DOMAIN requires a dedicated Network Administrator!

DOMAIN CONTROLLERSDOMAIN CONTROLLERS

Primary Domain Controller (PDC)Primary Domain Controller (PDC)– The PDC database is the only copy that can The PDC database is the only copy that can

be edited (User Manager). If the PDC is be edited (User Manager). If the PDC is offline, you cannot change the directory offline, you cannot change the directory database.database.

– The first WinNT Server created in a Domain The first WinNT Server created in a Domain will automatically become the PDC. You can will automatically become the PDC. You can override this at a later time –AFTER adding a override this at a later time –AFTER adding a BDC (Backup Domain Controller).BDC (Backup Domain Controller).

– You can ONLY have ONE PDC in a Domain.You can ONLY have ONE PDC in a Domain.

Backup Domain Controller (BDC)Backup Domain Controller (BDC)

A BDC assist the PDC by authenticating domain A BDC assist the PDC by authenticating domain users. The BDC maintains a read-only version of users. The BDC maintains a read-only version of the directory database (it cannot be edited) the directory database (it cannot be edited) which it periodically updates with the PDC.which it periodically updates with the PDC.

You MUST specify during installation that a You MUST specify during installation that a computer will act as a BDC. computer will act as a BDC.

If you promote a BDC to a PDC, then the existing If you promote a BDC to a PDC, then the existing PDC will automatically be demoted to a BDC.PDC will automatically be demoted to a BDC.

Backup Domain Controller Backup Domain Controller (BDC)(BDC)

Domain: CLASS

Primary Domain

Controller

(PDC)

Backup Domain

Controller

(BDC)

Directory

database

Directory

database

(read-only

copy)

copy

MEMBER SERVERMEMBER SERVER

A member server is not a domain controller. It A member server is not a domain controller. It merely makes resources available within the merely makes resources available within the Domain. Domain.

Because a member server does not maintain a Because a member server does not maintain a copy of the directory database & does not copy of the directory database & does not participate in the logon validation process…it participate in the logon validation process…it can better serve its resources to the domain.can better serve its resources to the domain.

Member servers are created when you install the Member servers are created when you install the server software. Member servers cannot be server software. Member servers cannot be promoted to a PDC or BDC unless you reinstall promoted to a PDC or BDC unless you reinstall WinNT ServerWinNT Server

You can have multiple member servers in a You can have multiple member servers in a Domain.Domain.

The role of application serversThe role of application servers

client

application

server

Runs application in RAM

The role of application servers (cont.)The role of application servers (cont.)

client

application

server

Responds to client requests

Runs application in RAM

PLANNING A DOMAINPLANNING A DOMAINYou cannot change the domain to which a domain controller belongs You cannot change the domain to which a domain controller belongs

without reinstalling WinNT Server.without reinstalling WinNT Server.Each Domain in a Network must have a unique name.Each Domain in a Network must have a unique name.

SIDs (Security Identification Numbers) validate a resource to the SIDs (Security Identification Numbers) validate a resource to the Domain– NOT the computer or resource name. Domain– NOT the computer or resource name.

A Single Domain can span a routed connection (All campuses of a A Single Domain can span a routed connection (All campuses of a school district) or a Wide Area Network (WAN).school district) or a Wide Area Network (WAN).

Network Traffic Patterns NOT physical Design should determine how Network Traffic Patterns NOT physical Design should determine how your Domains are setup.your Domains are setup.

(I.E. BUSINESS APs versus PEIMS)(I.E. BUSINESS APs versus PEIMS)

WHAT ABOUT STUDENT FOLDERS?WHAT ABOUT STUDENT FOLDERS?WHAT ABOUT AR DATABASE?WHAT ABOUT AR DATABASE?WHAT ABOUT WEB Productivity Access?WHAT ABOUT WEB Productivity Access?

LOGGING INLOGGING IN

Ctrl & Alt & DelCtrl & Alt & Del– Takes you to the Login ScreenTakes you to the Login Screen– Identify Identify

User Name, Password, & DOMAINUser Name, Password, & DOMAIN

Ctrl & Alt & DelCtrl & Alt & Del– Change PasswordChange Password– Lock WorkstationLock Workstation– Task ManagerTask Manager

Types of trafficTypes of trafficDHCP – Dynamic Addressing

WINS registration – Resources on the Network

Browser announcements – Master Browser

HTTP – Web Access

FTP – Files Transferred over Internet (Downloads)

Media Streaming – Video broadcasts

Logon – Logging Files

Client

Client Server

Server

Browse lists, DNS, File transfer, HTTP

Trust, WINS replication, Domain synchronization,

Directory replicationServer

MANAGING USERSMANAGING USERSA USER ACCOUNT contains the information that allows a user access to the WINNT operating system and its resources.

USER NAME – must be uniqueLOGON PASSWORD & Group Membership List are contained in the account

BUILT-IN ACCOUNTS –• Administrator Account• Guest Account – May wish to disable or change the name & password to “Training” etc.

TOOLS for MANAGING USER TOOLS for MANAGING USER ACCCOUNTSACCCOUNTS

USER MANAGER•Allows Administrator to Create a User Account •Options:

•User Must Change Password At Next Logon•User Cannot Change Password•Password Never Expires•Account Disabled – AUP Violations, Moves from District, Retires

Let’s PracticeLet’s PracticeOpen USER MANAGER For the Domain (usrmgr)•What are invalid characters in User Names in NT?

•Cannot Include Special Characters: ‘ “ / \ ? < > | , ; : [ ] + * •User Name should be descriptive

•05roussj (preferably no more than 8 characters)

•Password is case-sensitive – it may be up to 14 characters•Initial Password like: 123456•Assign User to Groups

Let’s PracticeLet’s PracticeUser Properties:Characteristics of a User Account

•User Name•Full Name (may include spaces)•Description •Password•Password Control Options•Groups User Belongs to•Profile Settings•Hours During Which the User can log on to Computer•Computers from which a user may log on•Special Account Properties•Dial-in Permissions -- RAS

Let’s PracticeLet’s PracticeCreate a Home Folder

•Home Folders – network folder location that is used to store all the personal programs & data files for the user

\\senior01\users\%username%

When a Home folder is set in the user’s account, it becomes the user’s default folder for the Open & Save As dialog boxes in most applications.

NTFS will create these folders & share them with the userFAT you must create & share home folders

Let’s PracticeLet’s PracticeCreate a Home Folder

•Select User, Properties, Profile•Enter the Universal Naming Convention (UNC) path next to Local Path textbox for the Home Directory\\senior01\users\%username%

Two back slashes server name slash shared folder slash %username%

The server & shared folder must first exist on the network. NT will create a subfolder using the User ID name for the folder name. Click OK.

Let’s PracticeLet’s PracticeLook through the HOURS options

•Observe the Grid•Drag from Monday at 8:00 am to Friday at 5:00 pm•Click Disallow•Click OK

What does this action accomplish?When would you use it?

Let’s PracticeLet’s PracticeExplore –

Answer the following:

How can you Restrict a user’s logon access to a single computer?

How can you set an expiration date to an account?

Let’s Check for UnderstandingLet’s Check for UnderstandingTroubleshooting User Account Properties

Create a User Account for your machine with the following properties

Username: StudentPassword: LogicalNo account options enabledHome folder: D:\Users\Student\%username%Logon Hours: Monday to Friday, 9 to 5 DisabledDomain Users have the right to logon locally.

Let’s Check for UnderstandingLet’s Check for UnderstandingTroubleshooting User Account Properties

Create a User Account for your machine with the following properties

Username: StudentPassword: LogicalNo account options enabledHome folder: C:\Users\StudentDomain Users have the right to logon locally.

Logoff as administrator & log on as studentCreate a Notepad document & attempt to save it using Save As. Where does Notepad attempt to save the file by default?

User ProfilesUser ProfilesUser PROFILES are files that store user configuration information, such as the desktop appearance. Profiles are created and maintained by the system.

Each user is assigned a profile with information stored in a set of files and folders within the Windows (Winnt) Profiles folder.

Profiles can reside on the client computer (or each client computer a user logs onto OR ROAMING Profiles may reside on the logon server. ROAMING Profiles follow a user from client to client. Roaming Profiles can be Personal OR Mandatory – on WINNT machines.

Roaming Personal Profiles – User can changeRoaming Mandatory Profiles – User cannot change

User ProfilesUser ProfilesWhen you assign a server location for user profiles, a copy of the user’s local profile is saved both locally & remotely on the server. Comparison of both profiles is made at the next logon the user is asked which profile to load.

Create a roaming Profile

•Create a normal user profile by logging on as a user & changing your desktop•Log off & logon as the Administrator. In Control Panel, open the System application & activate the USER PROFILE TAB.•Select the user’s profile & click on Copy TO•Enter the name of the destination network folder (\\senior01\users\%username% will work)•In the Permitted To Use box click on Change. Add appropriate User. Click OK

User ProfilesUser ProfilesIn the USER MANAGER For DOMAINS, view properties for the user to whom you will be assigning this roaming profile.

Click on Profiles to display the User Environment Profile dialog box

Enter the Path to user’s roaming user profile using the UNC name

Click OK.

User ProfilesUser ProfilesRoaming Mandatory User Profiles

May NOT be modified. I.E. User CANNOT change the desktop color.

To create a mandatory user profile, create a roaming personal user profile and rename the Ntuser.dat file to Ntuser.man

This file is found WHERE?

User ProfilesUser ProfilesIn a DOMAIN, where should you create your User Accounts?

What tool do you use to create the accounts?

Where does one get this tool?

Where can this tool be placed?

What are the three types of User Profiles? Where are they stored?

User Profiles \windows\profiles, Roaming Personal Profiles & Roaming Mandatory Profiles – stored on the server.

Local & Global GroupsLocal & Global Groups

Local Groups belong to the Domain & can be Local Groups belong to the Domain & can be assigned permissions & rightsassigned permissions & rightsLocal Groups can contain Global GroupsLocal Groups can contain Global GroupsGlobal Groups do not have permissions or rights Global Groups do not have permissions or rights assigned to them, but they can become assigned to them, but they can become members of local groups that do have members of local groups that do have permissions & rightspermissions & rightsGlobal Groups can only contain Users from the Global Groups can only contain Users from the DomainDomainThe Primary Reason for creating Global Groups The Primary Reason for creating Global Groups is that they are to be assigned to a Local Groupis that they are to be assigned to a Local Group

Remember Local vs. global groupsRemember Local vs. global groups

Users from a local databaseUsers from a local database

Users from other computers’ Users from other computers’ databasesdatabases

Users from outside of the Users from outside of the domaindomain

Global groupsGlobal groups

• Users from the domain

database

Local group Global group

Can contain: Can contain:

A strategy for implementing network security (cont.)A strategy for implementing network security (cont.)

1. Create user accounts. 2. Organize user accounts into

global groups. (Domain Group)

Domain

Teachers

Domain

Students

Domain

Secretaries

3. Put global groups into

local groups.

DomainTeachers

DomainStudents

WebMasters

Local Groups Give Access To Resources

A strategy for implementing network security (cont.)A strategy for implementing network security (cont.)

1. Create user accounts. 2. Organize user accounts into

global groups. (Domain Group)

Domain

Teachers

Domain

Students

Domain

Secretaries

3. Put global groups into

local groups.

DomainTeachers

DomainStudents

WebMasters

4. Grant permissions to thelocal group.

OK to

access

Groups in a trust relationshipGroups in a trust relationship

Users

Global groups

Local groups

Let’s PracticeLet’s PracticeDecide what Global Groups & Local Groups are needed for your campus.

Decide this by looking at all the resources.•File Servers

•Folders•Plan a Folder Scheme

•Name of Folder •Needed Subfolders•Level of Sharing

•Application Servers•CD ROM Towers•Internet Access•RAS Access•Printers•Client Hardware (Drives & Printers—

& Folders (Shared CD ROM Drives & Folders)

Let’s PracticeLet’s Practice

Decide what Global Groups & Local Groups are needed for your campus.

Create Global & Local Groups to Manage Identified Resources

Diagram Resource & those Local Groups & Global Groups

Let’s PracticeLet’s Practice

Assign Permissions to resources using your Local Groups

Describe what Permissions you will need to assignfor each resource per Local Group

Managing GROUPSManaging GROUPS

Managing GROUPSManaging GROUPS

In your own words, describe the difference between local & global groups

A Local Group can contain Global Groups

Global Groups cannot contain Local GroupsGlobal Groups can contain ONLY users from within your Domain

Local Groups can be used ONLY on the computer on which they were created (unless the computer is a Domain Controller)

Managing GROUPSManaging GROUPS

Would you assign permissions to a specific user accounts orTo a Group?

You always assign permissions to groups rather than directly to user accounts. When new users need access to those resources, you simply add them to the appropriate group.

Managing GROUPSManaging GROUPS

The Built-in Groups….page 3-4

AdministratorsReplicatorsPower UsersUsersGuestsBackup OperatorsAccount OperatorsServer OperatorsPrint Operators

Managing GROUPSManaging GROUPSThe Built-in Groups….page 3-4

Each Group has certain capabilities that are allowed by their default user rights.

Access this computer Access this computer from the networkfrom the network

XX X X

Back up & Restore files Back up & Restore files & folders& folders

XX XX XX

Change the system Change the system timetime

XX XX

Force Shutdown from a Force Shutdown from a remote systemremote system

XX XX

Load & Unload device Load & Unload device driversdrivers

XX

Log on LocallyLog on Locally XX XX XX XX XX

Manage auditing & Manage auditing & security logsecurity log

XX

Shut down the systemShut down the system XX XX XX XX XX

Take ownership of files Take ownership of files & other objects& other objects

XX

XX

Managing GROUPSManaging GROUPSTEST YOUR UNDERSTANDING

1. Can Account Operators modify a User Account that is a member of the Administrative Group?

2. Can Users create Local Groups on a server if they have access to the User Manager for Domains Application?

3. Which Built-in Groups can be modified by an Account Operator?

The Users, Guests, and Replicator

Managing GROUPSManaging GROUPSTEST YOUR UNDERSTANDING

1. Which Built-in group is not available on WINNT Server Computers, but is available on Workstations?

Power Users Group

2. Which built-in Groups are available only on Domain Controllers?

Account Operators, Server Operators, & Print Operators

3. Which built-in Groups Can Backup & Restore Files?Administrators, Server Operators, & Backup Operators

BUILT-IN GLOBAL GROUPSBUILT-IN GLOBAL GROUPSGlobal Global GroupGroup

PurposePurpose ContainContains by s by defaultdefault

Who can Who can ModifyModify

Member of Member of Which Which Local Local GroupGroup

Domain Domain AdminsAdmins

To enable members To enable members to perform to perform administrative task administrative task on the local on the local computer computer

Administrator Administrator (user (user account)account)

AdministratorsAdministrators Administrators Administrators (local group)(local group)

Domain Domain UsersUsers

To enable members To enable members to perform tasks to perform tasks granted to the Users granted to the Users group on every local group on every local computer in the computer in the DomainDomain

Administrator Administrator (user (user account)account)

Administrators, Administrators, Account Account OperatorsOperators

UsersUsers

Domain Domain GuestsGuests

To enable members To enable members to perform tasks to perform tasks granted to the granted to the Guests group on Guests group on every local every local computer in the computer in the DomainDomain

Guest (user Guest (user account)account)

Administrators, Administrators, Account Account OperatorsOperators

GuestsGuests

Global GroupsGlobal Groups

Global groups do not have inherent Global groups do not have inherent capabilities to perform system capabilities to perform system administration or other network functions administration or other network functions as local groups do. Instead, global groups as local groups do. Instead, global groups acquire their capabilities by being acquire their capabilities by being members of the appropriate local group.members of the appropriate local group.

Determining MembershipsDetermining MembershipsPractice: Log on as AdministratorPractice: Log on as Administrator

Open user Manager For DomainsOpen user Manager For Domains

Notice that Global Groups begin with the globe Notice that Global Groups begin with the globe icon and the word “Domain” (ie Domain Admins)icon and the word “Domain” (ie Domain Admins)

Double-click on Administrators (Administrators is a Double-click on Administrators (Administrators is a user account & Domain Admins is a global group user account & Domain Admins is a global group account)account)

Who are the members of the Domain Users Global Who are the members of the Domain Users Global Account?Account?Administrators, & any users

Built-in system groupsBuilt-in system groupsGroupGroup Members & Members &

PurposePurposeExample of a Example of a UseUse

InteractiveInteractive Users who log on to the Users who log on to the system locally.system locally.

To restrict local access to a To restrict local access to a resource, you could assign resource, you could assign the NO ACCESS permission the NO ACCESS permission to the Interactive groupto the Interactive group

NetworkNetwork Users that connect to a Users that connect to a network available resource (a network available resource (a share) – permissions share) – permissions available to all available to all

To restrict network access to To restrict network access to a resource while allowing a resource while allowing local access, you could local access, you could assign the NO ACCESS assign the NO ACCESS permission to the Network permission to the Network groupgroup

EveryoneEveryone All users that connect to the All users that connect to the system, locally or across the system, locally or across the networknetwork

You can make a resource, You can make a resource, such as a printer available to such as a printer available to everybody by giving the everybody by giving the EVERYONE group Full EVERYONE group Full Control Rights.Control Rights.

CreatorOwnerCreatorOwner A user that creates a resource A user that creates a resource (such as a file) is a member of (such as a file) is a member of this group. If the this group. If the Administrator creates the Administrator creates the resource, the Administrators resource, the Administrators group is made a member of group is made a member of this group.this group.

You can use this group to You can use this group to grant special privileges to the grant special privileges to the creators of objects, such as creators of objects, such as files or print jobs.files or print jobs.

When might you Use each of these When might you Use each of these Groups?Groups?

Anytime you wish to use default levels of Anytime you wish to use default levels of user rightsuser rights

Creating & Managing Groups – Creating & Managing Groups – Must be created on PDC databaseMust be created on PDC databaseUse Manager For Domains to create groups Use Manager For Domains to create groups (must be Administrator or Account Operator)(must be Administrator or Account Operator)To create a global group To create a global group – Choose User, New Global GroupChoose User, New Global Group– Enter name of group (20 character limit)Enter name of group (20 character limit)– Use Add buttonUse Add button– Click OKClick OK

If you need to add several users to a group, hold If you need to add several users to a group, hold down the Ctrl key, select each user to add down the Ctrl key, select each user to add then choose User, New Global Group.then choose User, New Global Group.

Creating Local GroupsCreating Local Groups

Use User Manager for DomainsUse User Manager for Domains

Choose User, New Local GroupChoose User, New Local Group

Enter name of your group (256 characters– Enter name of your group (256 characters– however only the first 22 will be displayed)however only the first 22 will be displayed)

Use Add buttonUse Add button

Click OKClick OK

Let’s PracticeLet’s PracticeCreate a Local Group & Add the Create a Local Group & Add the

Global Group to it.Global Group to it.Perform this task at the PDC or BDCPerform this task at the PDC or BDCIn the Groups list box select NetUsers (to ensure In the Groups list box select NetUsers (to ensure that no user accounts are automatically placed that no user accounts are automatically placed in the new local group)in the new local group)Choose User, New Local GroupChoose User, New Local GroupIn the Group Name text box, enter LocalUsersIn the Group Name text box, enter LocalUsersClick AddClick AddIn the Names list box, select NetUsersIn the Names list box, select NetUsersClick Add, Click OK After name is displayed in Click Add, Click OK After name is displayed in the Add Names List Box. (P 3-13)the Add Names List Box. (P 3-13)

4-1 Account Administration4-1 Account Administration

Copying User AccountsCopying User AccountsYou can create a New User account by copying an You can create a New User account by copying an

existing user account (using existing user existing user account (using existing user account as a template)account as a template)

Creating Templates for Users is helpful when you Creating Templates for Users is helpful when you must add large numbers of new usersmust add large numbers of new users

Template that expires on graduation date for Template that expires on graduation date for students. Templates usually begin with an students. Templates usually begin with an underscore character “ _ “ to display it at the top underscore character “ _ “ to display it at the top of the User Name Listof the User Name List

Let’s PracticeLet’s PracticeLog on as AdministratorLog on as AdministratorOpen User Manager for DomainsOpen User Manager for DomainsIn the list of User Names double-click on GuestIn the list of User Names double-click on GuestObserve the propertiesObserve the propertiesClick on CancelClick on CancelChoose User, CopyChoose User, CopyObserve the information that is automatically entered in the Copy of Observe the information that is automatically entered in the Copy of Guest dialog boxGuest dialog boxIn the Username text box, type _copyIn the Username text box, type _copyIn the Description text box type “copy of Guest account”In the Description text box type “copy of Guest account”Enter a passwordEnter a passwordClick AddClick AddClick CloseClick CloseIn the Username list box, double-click on your new use account to In the Username list box, double-click on your new use account to view propertiesview propertiesClick CancelClick Cancel

Modifying Multiple User AccountsModifying Multiple User Accounts

If you need to modify two or more User Accounts If you need to modify two or more User Accounts in the same way, you can make the changes in the same way, you can make the changes simultaneously.simultaneously.Use the Ctrl key to highlight those accounts – Use the Ctrl key to highlight those accounts – the accounts selected, choose User, Properties the accounts selected, choose User, Properties The User Properties dialog box for multiple user The User Properties dialog box for multiple user accounts is slightly different – you can modify accounts is slightly different – you can modify descriptions, enable & disable the 4 user descriptions, enable & disable the 4 user account options, and modify group memberships account options, and modify group memberships and profile information.and profile information.

Let’s Practice Let’s Practice Page 4-4Page 4-4

Select your _copy Select your _copy Press Ctrl and select several usersPress Ctrl and select several usersChoose User, PropertiesChoose User, PropertiesIn the Description Box enter User AccountIn the Description Box enter User AccountUncheck Users Cannot Change Password & Uncheck Users Cannot Change Password & password Never Expirespassword Never ExpiresClick OKClick OKDouble-click on a User Account to check Double-click on a User Account to check properitesproperitesClick CancelClick Cancel

RENAMING USER ACCOUNTSRENAMING USER ACCOUNTS

All user Accounts can be renamed.All user Accounts can be renamed.

When might you want to RENAME a User When might you want to RENAME a User Account?Account?

Select a UserSelect a User

Choose User, RenameChoose User, Rename

Type in New nameType in New name

Click OKClick OK

Deleting User AccountsDeleting User Accounts

All Users except the Administrator & Guest All Users except the Administrator & Guest accounts can be deleted by using the User, accounts can be deleted by using the User, Delete command. Delete command. Once User Accounts have been deleted, they Once User Accounts have been deleted, they cannot be re-created. cannot be re-created. At creation each user account is given an SID At creation each user account is given an SID which is unique. Creating the exact user which is unique. Creating the exact user account again DOES NOT assign the same SID account again DOES NOT assign the same SID to that account …therefore the system sees the to that account …therefore the system sees the exact user name & password as a NEW accountexact user name & password as a NEW accountWhen should you Delete a User Account?When should you Delete a User Account?

Adding a User to the Account Adding a User to the Account GroupGroup

In the Username list box, double-click on a UserIn the Username list box, double-click on a UserClick on the Groups buttonClick on the Groups buttonClick on Account OperatorsClick on Account OperatorsClick AddClick AddClick OKClick OKChoose Policies, User RightsChoose Policies, User RightsWhich Rights are automatically assigned to the Which Rights are automatically assigned to the Account Operator?Account Operator?Click Cancel Click Cancel

Account PoliciesAccount Policies

The Account Policy is used to control how The Account Policy is used to control how passwords are used & maintained by passwords are used & maintained by users.users.Account Policy dialog box is divided into Account Policy dialog box is divided into two sectionstwo sections– Password RestrictionsPassword Restrictions– Account LockoutAccount Lockout

Explore these optionsExplore these optionsWhen would you use each option?When would you use each option?

5-1 Securing Network Resources5-1 Securing Network Resources

Use Shared Folder Permissions to Secure Use Shared Folder Permissions to Secure Network ResourcesNetwork Resources

Use NTFS permissions to secure network Use NTFS permissions to secure network resourcesresources

Determine effective permissions on a file Determine effective permissions on a file or folder, given set of group, user, and or folder, given set of group, user, and share permissions.share permissions.

OBJECTIVES:

Using Shared Folder PermissionsUsing Shared Folder Permissions

Requirements for Sharing a FolderRequirements for Sharing a Folder– Organize files & folders so that folders with the same Organize files & folders so that folders with the same

security requirements are located within the same security requirements are located within the same branch in the folder hierarchy. For example, if users branch in the folder hierarchy. For example, if users require Read permissions to several folders, store require Read permissions to several folders, store those folders within the same folderthose folders within the same folder

– Member of Administrator GroupMember of Administrator Group– Server Services Must be StartedServer Services Must be Started– NTFS (New Technology File System) partition…NTFS (New Technology File System) partition…

Additional ConsiderationsAdditional Considerations

Sharing a Folder By Using Sharing a Folder By Using Windows NT ExplorerWindows NT Explorer

Run ExplorerRun Explorer

Select and observe the Temp folderSelect and observe the Temp folder

Choose File, Properties, Sharing, Share Choose File, Properties, Sharing, Share ASAS

Accept the DefaultsAccept the Defaults

Observe the User Limit BoxObserve the User Limit Box

Click OKClick OK

Permissions versus RightsPermissions versus Rights

A Permission is a specific level of access a user A Permission is a specific level of access a user or group is granted to a particular resource. or group is granted to a particular resource. Unlike rights, which apply to the system as a Unlike rights, which apply to the system as a whole, permissions are associated with specific whole, permissions are associated with specific objects. Therefore a user right can override any objects. Therefore a user right can override any object permissions that are also assigned to a object permissions that are also assigned to a user. user. For example, if you grant the user the right to For example, if you grant the user the right to back up files and folders, it automatically back up files and folders, it automatically includes the ability to read all files, even if the includes the ability to read all files, even if the file permissions have been set specifically file permissions have been set specifically denying the user access rights to the files.denying the user access rights to the files.

Shared Folder PermissionsShared Folder Permissions

Once you create a share for a folder, you must Once you create a share for a folder, you must set remote access permissions to allow other set remote access permissions to allow other users to access the folder.users to access the folder.– Default is EVERYONE – FULL CONTROLDefault is EVERYONE – FULL CONTROL– Use Permissions Button to set the Folder Properties Use Permissions Button to set the Folder Properties

to NO ACCESS, READ, CHANGE, FULL CONTROLto NO ACCESS, READ, CHANGE, FULL CONTROL

NOW, Create a NOTEPAD.txt document in your NOW, Create a NOTEPAD.txt document in your own TEMP Folder and save it. own TEMP Folder and save it.

SHARE your Temp Folder with only MickeySHARE your Temp Folder with only MickeyType of ACCESS = READType of ACCESS = READClick OKClick OK

Accessing Shared Folders with Accessing Shared Folders with Network NeighborhoodNetwork Neighborhood

Logoff as Administrator & Logon As MickeyLogoff as Administrator & Logon As MickeyDouble-click on Network NeighborhoodDouble-click on Network NeighborhoodDouble-click on Partners computer nameDouble-click on Partners computer nameDouble-click on your Partners TEMP folderDouble-click on your Partners TEMP folderAccess the NOTEPAD.txt documentAccess the NOTEPAD.txt document– Are you able to edit the text?Are you able to edit the text?– Can you save a copy of the edited text file to a Can you save a copy of the edited text file to a

different remote location where you have rights? different remote location where you have rights? To a local location?To a local location?

– Can you Delete the file?Can you Delete the file?– Can you Move the file?Can you Move the file?

Accessing Local ResourcesAccessing Local Resources

Swap Computers with your PartnerSwap Computers with your Partner

Logon As MickeyLogon As Mickey

Access Document in TEMP FolderAccess Document in TEMP Folder– Can you Edit?Can you Edit?– Create A New Text File?Create A New Text File?– Delete a text file?Delete a text file?

Shared Folder Permissions apply ONLY to REMOTE connections AND DO NOT have any effect on what you can do if you are seated at the computer containing the shares.

Using the Run Command to Using the Run Command to Connect to Shared FoldersConnect to Shared Folders

In the Run Command box type the UNC In the Run Command box type the UNC path to the shared folderpath to the shared folder

\\computer_name\shared_folder\\computer_name\shared_folder

Hit EnterHit Enter

Default Administrative SharesDefault Administrative Shares

In a Network Environment (WINNT, 2000, In a Network Environment (WINNT, 2000, XP) there are two automatic shares for XP) there are two automatic shares for remote access Admin$ & Drive_letter$ for remote access Admin$ & Drive_letter$ for each hard drive partition.each hard drive partition.Admin$ takes you to the \winnt_root folderAdmin$ takes you to the \winnt_root folderdrive_letter$ remotely takes you to each drive_letter$ remotely takes you to each hard drive partitionhard drive partitionPRACTICE: Use the RUN Command Line PRACTICE: Use the RUN Command Line & Type & Type \\partners_computer\C$\\partners_computer\C$ Can you Access your partners D: Drive?Can you Access your partners D: Drive?

Hidden SharesHidden Shares

$ at the end of the administrator sharenames $ at the end of the administrator sharenames indicates that these are HIDDEN SHARES. The indicates that these are HIDDEN SHARES. The $ hides the shared folders from users who $ hides the shared folders from users who browse the computerbrowse the computerHidden Shares must be accessed remotely by Hidden Shares must be accessed remotely by their UNC paththeir UNC pathPracticePracticeHide your TEMP Share & see if your partner can Hide your TEMP Share & see if your partner can ACCESS ITACCESS ITRename the folder without the $Rename the folder without the $

Hidden SharesHidden Shares

Open the Control PanelOpen the Control Panel

Open ServerOpen Server

Click on SharesClick on Shares

Observe the Hidden SharesObserve the Hidden Shares

Click Close. CancelClick Close. Cancel

Stopping the Sharing of a FolderStopping the Sharing of a Folder

You can stop the sharing of all folders by You can stop the sharing of all folders by Right Clicking, Choose Sharing, Select Right Clicking, Choose Sharing, Select NOT SHARED, Click OKNOT SHARED, Click OK

YOU CANNOT stop the sharing of the YOU CANNOT stop the sharing of the Admin$ or Drive$Admin$ or Drive$

Using NTFS Permissions to Secure Using NTFS Permissions to Secure Network ResourcesNetwork Resources

Unlike FAT file system, which provides only Unlike FAT file system, which provides only shared folder permissions, NTFS file system shared folder permissions, NTFS file system provides security for files & foldersprovides security for files & foldersNTFS also provides ownership priviledges that NTFS also provides ownership priviledges that are importantare importantOn NTFS volume, you can implement security On NTFS volume, you can implement security on a per-file, per-folder, or per-drive basis by on a per-file, per-folder, or per-drive basis by assigning various levels of permissions. THIS assigning various levels of permissions. THIS DOES EFFECT the ability of users to access the DOES EFFECT the ability of users to access the shared file LOCALLY AS WELL AS REMOTELYshared file LOCALLY AS WELL AS REMOTELY

Set FILE PermissionsSet FILE Permissions

In WINNT EXPLORER use the Security In WINNT EXPLORER use the Security tab in the Properties dialog box to set or tab in the Properties dialog box to set or view the permissionsview the permissions

Permissions can be set on a per-group, or Permissions can be set on a per-group, or per-user basisper-user basis

Select the Temp folder Notepad.txt fileSelect the Temp folder Notepad.txt file

Choose File, Properties, Security tab, Choose File, Properties, Security tab,

Click Permissions – what are the defaults?Click Permissions – what are the defaults?

FILE PERMISSIONSFILE PERMISSIONS

READ (R)READ (R)

WRITE (W)WRITE (W)

EXECUTE (X)EXECUTE (X)

DELETE (D)DELETE (D)

CHANGE Permission (P)CHANGE Permission (P)

TAKE OWNERSHIP (O) (Special Access)TAKE OWNERSHIP (O) (Special Access)

To be able to change permissions on a file, you To be able to change permissions on a file, you must take ownership of it (creator already has must take ownership of it (creator already has ownership) – then YOU can set the permissionsownership) – then YOU can set the permissions

Inheriting PermissionsInheriting Permissions

File & Folder Permissions are separate. However, File & Folder Permissions are separate. However, unless the permissions are explicitly set otherwise, files unless the permissions are explicitly set otherwise, files & folders will inherit the permissions of their parent & folders will inherit the permissions of their parent folder.folder.When you view permissions on a folder, you will see two When you view permissions on a folder, you will see two sets of permissions in parenthese, for example (RXW) sets of permissions in parenthese, for example (RXW) (RX). The first refers to the permissions on the folder (RX). The first refers to the permissions on the folder itself & its subfolders; the second set applies to itself & its subfolders; the second set applies to permissions on files in that folder. THERE ARE SOME permissions on files in that folder. THERE ARE SOME folder permissions that files do not inherit.folder permissions that files do not inherit.The FULL CONTROL folder permission overrides the file The FULL CONTROL folder permission overrides the file permission of not deleting.permission of not deleting.

PermissionPermission AllowsAllows Files InheritFiles Inherit

No AccessNo Access Denies all Denies all accessaccess

Denies all Denies all accessaccess

ListList RXRX Not SpecifiedNot Specified

ReadRead RXRX RXRX

AddAdd XWXW Not SpecifiedNot Specified

Add & ReadAdd & Read RXWRXW RXRX

ChangeChange RXWDRXWD RXWDRXWD

Full ControlFull Control RXWDPORXWDPO RXWDPORXWDPO

Special Directory Special Directory AccessAccess

Any comboAny combo Set Set independentlyindependently

Special File AccessSpecial File Access Set Set independentlyindependently

Any comboAny combo

Changing Folder PermissionsChanging Folder Permissions

By default when you change permissions By default when you change permissions on a folder, you DO change permissions of on a folder, you DO change permissions of any existing files in the folder, but NOT on any existing files in the folder, but NOT on the subfolders.the subfolders.

New subfolders & files will inherit the new New subfolders & files will inherit the new permission set. Take CARE in permission set. Take CARE in CHANGING Folder PermissionsCHANGING Folder Permissions

Setting Folder Permissions PracticeSetting Folder Permissions Practice

Open Windows NT ExplorerOpen Windows NT ExplorerOpen the Temp folder & select the Notepad.txt fileOpen the Temp folder & select the Notepad.txt fileChoose File, PropertiesChoose File, PropertiesClick Security tab, Permissions (observe current Click Security tab, Permissions (observe current permissions) Click Cancelpermissions) Click CancelNow Select the TEMP folderNow Select the TEMP folderFrom the Type of Access drop-down list box, select LISTFrom the Type of Access drop-down list box, select LISTClick Add, Select Administrator, Click Add, From the Click Add, Select Administrator, Click Add, From the Type of Access drop-down box Select Full Control, Click Type of Access drop-down box Select Full Control, Click OK twiceOK twiceNow Select Notepad.txt, click File, Properties, Security Now Select Notepad.txt, click File, Properties, Security Tab, Click Permissions – The original file permissions Tab, Click Permissions – The original file permissions have been replaced by inherited permissions from the have been replaced by inherited permissions from the folderfolder

Copying/Moving Shared Folders Copying/Moving Shared Folders

Observing permissions on copied and moved filesObserving permissions on copied and moved filesGive Everyone FULL Control of your Temp Give Everyone FULL Control of your Temp folderfolder, , remove any other permissionsremove any other permissionsSelect \TEMP\Notepad.txt on your partners computer. Select \TEMP\Notepad.txt on your partners computer. Observe the permissions on the Observe the permissions on the filefileMake sure your partners Share folder has given the Make sure your partners Share folder has given the Administrator Full Control, remove all other permissionsAdministrator Full Control, remove all other permissionsMove the Notepad.txt file to the Share folder, Observe Move the Notepad.txt file to the Share folder, Observe the new File Permissionsthe new File PermissionsNow Move the Notepad.txt file BACK to your partners Now Move the Notepad.txt file BACK to your partners TEMP folder, Observe the File PermissionsTEMP folder, Observe the File Permissions

Mapping a Shared FolderMapping a Shared FolderLet’s PracticeLet’s Practice

Use Explorer to Find your Partners Shared Folder –Use Explorer to Find your Partners Shared Folder –TEMPTEMPChoose Tools, Map Network DriveChoose Tools, Map Network DriveObserve the Drive Drop-down Box, choose a letter for Observe the Drive Drop-down Box, choose a letter for your Driveyour DriveIn the Path box, type your partners shared folder UNCIn the Path box, type your partners shared folder UNC\\computer\temp\\computer\tempClick OKClick OKRight-click on the folder in the left paneRight-click on the folder in the left paneChoose MAP NETWORK DRIVEChoose MAP NETWORK DRIVESelect the folder, create a NOTEPAD.text document & Select the folder, create a NOTEPAD.text document & Save in the shared TEMP folder, Choose FILE SAVE AS Save in the shared TEMP folder, Choose FILE SAVE AS & Browse for the Mapped folder& Browse for the Mapped folder

DISCONNECTING FROM A DISCONNECTING FROM A REMOTE RESOURCEREMOTE RESOURCE

In the WINNT Explorer choose Tools, In the WINNT Explorer choose Tools, Disconnect Network DriveDisconnect Network Drive

Select the Network Drive to Disconnect Select the Network Drive to Disconnect FromFrom

Click OKClick OK

Choose the Folder, Right-ClickChoose the Folder, Right-Click

Choose Disconnect, YESChoose Disconnect, YES

Taking Ownership of FilesTaking Ownership of Files

If you create it – you own it…also, if you If you create it – you own it…also, if you copy a file, you own the copy. The owner copy a file, you own the copy. The owner cannot assign ownership to anyone else. cannot assign ownership to anyone else. However, they grant the “Take Ownership” However, they grant the “Take Ownership” permission to others.permission to others.

You can take ownership of a file if you You can take ownership of a file if you have Full Control permission OR you have have Full Control permission OR you have been given “Take Ownership” permissionbeen given “Take Ownership” permission

Taking Ownership of FilesTaking Ownership of Files

To take ownership of a file, display the To take ownership of a file, display the file’s Properties dialog box, click on the file’s Properties dialog box, click on the Security tab, click on the Ownership, and Security tab, click on the Ownership, and Click on Take Ownership.Click on Take Ownership.

You can also take Ownership of a Folder You can also take Ownership of a Folder & all Subfolders.& all Subfolders.

Security System InteractionsSecurity System InteractionsUser & Group Permissions are cumulative. Permissions User & Group Permissions are cumulative. Permissions you can ultimately exercise are a combination of the you can ultimately exercise are a combination of the permissions granted to you as a user & the permissions permissions granted to you as a user & the permissions granted to any group to which you are a membergranted to any group to which you are a memberEXAMPLE: The user is assigned READ permission to a EXAMPLE: The user is assigned READ permission to a particular folder. A group the user belongs to is assigned particular folder. A group the user belongs to is assigned WRITE permissions to the same folder….the user has WRITE permissions to the same folder….the user has RW Permissions to that folder.RW Permissions to that folder.There is ONE exception: The NO ACCESS permission There is ONE exception: The NO ACCESS permission overrides all others. overrides all others. HOWEVER, having NO ACCESS permission applied to HOWEVER, having NO ACCESS permission applied to a folder which contains a file for which the user has a folder which contains a file for which the user has permissions does NOT prevent the user from opening permissions does NOT prevent the user from opening the file from its respective application! the file from its respective application! The user can open the file, providing you use the local or The user can open the file, providing you use the local or UNC path to the file in the File Open dialog box of the UNC path to the file in the File Open dialog box of the application.application.

Consider this ScenarioConsider this ScenarioChris’ Chris’ PermissionsPermissions

TeacherTeacher

Group Group PermissionsPermissions

Grade-level Grade-level Group Group PermissionsPermissions

Chris’ Effective Chris’ Effective PermissionsPermissions

READREAD ADDADD Not specifiedNot specified Add & ReadAdd & Read

Not SpecifiedNot Specified Full ControlFull Control No AccessNo Access

ReadRead ChangeChange Take Take OwnershipOwnership

ListList AddAdd Not SpecifiedNot Specified

Special Special Access: Access: Read & Read & DeleteDelete

Not SpecifiedNot Specified Add & ReadAdd & Read

REMEMBERREMEMBER

The Individual Read, Execute, & Write The Individual Read, Execute, & Write permissions are slightly different from the permissions are slightly different from the Add & Read permissions because files do Add & Read permissions because files do NOT inherit the List or Add permissionsNOT inherit the List or Add permissions

NTFS permissions affect file & folder NTFS permissions affect file & folder access for a local user & remote user...this access for a local user & remote user...this adds a second layer of security to the adds a second layer of security to the network.network.

REMEMBERREMEMBER

A good rule of thumb to remember between the A good rule of thumb to remember between the interaction share permissions & NTSF is that the interaction share permissions & NTSF is that the most restrictive permission applies. This is most restrictive permission applies. This is because share & NTFS permissions are NOT because share & NTFS permissions are NOT cumulative, but provide two layers of access.cumulative, but provide two layers of access.

If the share permission for a particular user is If the share permission for a particular user is READ, and the NTFS permission is FULL READ, and the NTFS permission is FULL CONTROL, the user will have READ access. Or CONTROL, the user will have READ access. Or the user could exercise the FULL CONTROL the user could exercise the FULL CONTROL permission by accessing the file locally instead permission by accessing the file locally instead across the network.across the network.

ScenarioScenario

Share Share PermissionsPermissions

NTFS NTFS PermissionsPermissions

Effective Effective PermissionsPermissions

ReadRead Add & ReadAdd & Read ReadRead

Full ControlFull Control ChangeChange

No AccessNo Access Add & ReadAdd & Read

ChangeChange ReadRead

Full ControlFull Control Full ControlFull Control

LAB Time

6-1Managing Network Resources6-1Managing Network Resources

Features of the Client for Features of the Client for Microsoft NetworksMicrosoft Networks

Automatic setup of networking capabilities in Windows 98Automatic setup of networking capabilities in Windows 98

Windows 98 GUI integrates the networking capabilitiesWindows 98 GUI integrates the networking capabilities

Client-side cachingClient-side caching

Plug and Play support (USB)Plug and Play support (USB)

Peer resource sharing services – Must be selectedPeer resource sharing services – Must be selected

Automatic reconnection for lost server connectionsAutomatic reconnection for lost server connections

Long filenames for network resources --AVOID!Long filenames for network resources --AVOID!

Monitoring and optimizing Monitoring and optimizing performanceperformance

Four areas to

monitor:

ProcessorProcessor

RAMRAM

Hard DriveHard Drive

NetworkNetwork

Troubleshooting toolsTroubleshooting tools

Resource KitsResource Kits

Books OnlineBooks Online

TechNetTechNet

Microsoft’s World Wide Web siteMicrosoft’s World Wide Web site

Microsoft’s ftp siteMicrosoft’s ftp site

MSNMSN

Microsoft technical supportMicrosoft technical support

Administrative tools (Event Viewer, Server Manager, etc.)Administrative tools (Event Viewer, Server Manager, etc.)

Creating partitions by using the Creating partitions by using the FDISK & Disk Administrator utilityFDISK & Disk Administrator utility

unpartitioned disk

(all free space)

D:

FDISK

Extendedpartition

Primarypartition

F:

E:Logicaldrives

C:

Let’s PracticeLet’s Practice

Installation sourcesInstallation sources

Local drive sources:

CD-ROM or floppy disk

Network drive sources:

Shared CD-ROM or hard disk

Virtual directoriesVirtual directoriesActual structure Client sees

C:\ InetPub\wwwroot

Alias: <Home>

D:\Data\Documents

Alias:/Publishing

\\Corpserver\Sales_Mkt\Files

Alias: /Marketing

D:\Data\Corp\Promos

Alias: /Marketing/Promos

www.corp.com

<Home>

/Publishing

/Marketing

/Promos

The role of file and print serversThe role of file and print servers

client

file and

print serverprinter

Requests files and sends print jobs

The role of file and print servers The role of file and print servers (cont.)(cont.)

client

file and

print serverprinter

Sends files

Sends and monitors

print jobs

Overview of the Windows NT printing processOverview of the Windows NT printing process

print request

other clientsprinter driver spooler printing device

Occurs on client Occurs on server

print request

Windows 95 or

Windows NT client

printer driver printing device

Occurs on client Occurs on

print server

spooler spooler

Setting priorities between Setting priorities between printersprinters

printer1: priority 99

printer2: priority 1

user36’s

computer

President’s

computer

user36 President printing

device

print server

Point and Print supportPoint and Print supportPrint Server Driver Names Location of Drivers Printer Info/Config

Windows 98 X X X

Windows NT X

NetWare X X

The Windows NT print processThe Windows NT print process

2. Print driver loaded

(locally or from

server).

3. Job partially

rendered.

4. Client spooler

receives job.

5. Client spooler

calls server

spooler.

1. Application

generates

print request.

Print client Print server

6. Server spooler

receives job.

7. Router determines

destination print

device.

8. Print processor

formats for printer

device.

9. Separator page

processed.

10. Print monitor

sends to device.

11. Print device

produces

output.

can be same computer

Print troubleshooting guidelinesPrint troubleshooting guidelinesPower on?

On-line?

Paper jam?

Paper/toner?

Correct printer driver?

Default printer?

Printer port?

Print from other application?

Print to port or to file?

Disk space for spooler?

Spooler service running?

Printer

Print server/ print client computer

Network

Physical network problems?

Printer shared?

Correct user logged on?

Correct permissions assigned?

The Intel boot sequenceThe Intel boot sequencePreboot sequence

Boot sequence

NTLDR

If Windows NT

is not chosen

1. Conduct Power On Self Test (POST)

2. Load Master Boot Record (MBR)

3. Load active partition’s boot sector

4. Load NTLDR

1. Change processor to flat memory model

2. Start minifile system (FAT or NTFS)

3. Read BOOT.INI to build Boot Loader Menu

4. Load operating system

5. Load BOOTSECT.DOS

5. Call NTDETECT.COM to examine hardware

6. Begin Windows NT load phases

If Windows NT

is chosen

The RISC boot sequenceThe RISC boot sequence

Preboot sequence

1. Select boot device

2. Determine presence of bootable partition

3. Verify supported file system

4. Load OSLOADER.EXE

Boot

sequence1. Initial boot sequence

2. Begin Windows NT load phases

The Windows NT load phasesThe Windows NT load phases

Kernel loadKernel load (screen shows progress dots)(screen shows progress dots)

Kernel initializationKernel initialization (screen turns blue)(screen turns blue)

Service loadService load (blue screen shows progress dots)(blue screen shows progress dots)

Subsystem startSubsystem start (Begin Logon dialog box appears)(Begin Logon dialog box appears)

ARC namingARC namingMultiMultiIDEIDEESDIESDISCSISCSIwithwithBIOSBIOS

enableenabledd

SCSISCSISCSISCSI

withoutwithoutBIOSBIOS

disk(0)

SCSI bus

number for

SCSI

adapters or

0 for all

non-SCSI

adapters

SCSIrdisk(0)

First disk

numbered 0

Second disk

numbered 1

Used only

in systems

with non-

SCSI disks

(set to 0

with SCSI

disks)

partition(1)

Partition on

disk that

stores NT

files

0 = special

partition and

generally not

used

1 = First

partition

2 = Second

partition . . .

\WINNT =

Folder that

stores the

Windows NT

boot files

“NT Server”

Name of the

operating

system

Appears in

the boot

menu

(0)

First adapter

in system

numbered 0

Second

adapter

in system

numbered 1 . . .

multi(0)disk(0)rdisk(0)partition(1)\\WINNT= “NT Server”

Comparing file system characteristicsComparing file system characteristics

Filename length

File size

Restricted filename characters

Case in filenames

File attributes

Directory structure

Supported operating systems

Security

Compression

Formatting

Maximum partition size

Optimal partition size

File system overhead

NTFS FAT under NT

Filename length

File size

Restricted filename characters

Case in filenames

File attributes

Directory structure

Supported operating systems

Security

Compression

Formatting

Maximum partition size

Optimal partition size

File system overhead

NTFS FAT under NT

Comparing file system characteristics (completed)Comparing file system characteristics (completed)

255 characters 255 characters

16 EB 4 GB

? “ / \ < > * | :

Case preserving; supportscase sensitivity for POSIX Case preserving

Elemental and extended Elemental (R,A,S,H)

B-tree Linked list

Windows NT Windows NT; Windows 95;OS/2; DOS

Per-file and per-directory None

Can format hard disksCan format floppy andhard disks

16 EB 4 GB

>400 MB <400 MB1-5 MB; recommendedminimum 50 MB partition <1 MB

? “ / \ < > * | :

Per-file, per-folder, per-drive 3rd party utilities