Windows 9x:

If your browser doesn't support inline frames click HERE to view the full-sized graphic.

Icons in the Control Panel represent utilities including:

• Add/Remove Programs - a wizard walk-through for installing or modifying applications
• Add/Remove Hardware - a wizard walk-through for installing or modifying hardware and plug n play devices
• Network settings--local IP address, computer name, Domain/Workgroup name, names and IP addresses of DNS, WINS, DHCP servers, and hardware settings for NIC
• Peripheral devices - configure the Keyboard, Mouse, Modems, Game Controllers
• Internet Options – configure home page, history, internet security
• Multimedia - manage settings for audio, video
• ODBC – manage database connectivity
• Display settings - controls resolution, refresh rate, colours used, wallpaper, screensavers
• Printers and Ports--comm settings for serial ports; install, remove and set printer options (notice this is a shortcut)
• Power Management – standby and power scheme settings
• Fonts--add and remove font selections, toggle TrueType
• Date and time - duh
• SCSI - handles Small Computer System Interface settings for SCSI controllers, tape drives (if you have a SCSI host adapter)
• Services - starts, stops and pauses various services
• System - system startup settings, system environment variables, virtual memory settings, recovery options, and multitasking settings

In NT:

• User Manager – (NT) creates, edits, and views user profile information. Sets user permissions, local group permissions, and local system policies. Two permanent user accounts are set by default--Administrator and Guest. These can be changed but never deleted.
• Disk Administrator – (NT) formats the HDD(s), sets partitions, chooses file systems.
• UPS - configures uninterrupted power supply.

In 2000:

• Folder Options – settings for all folders
• Users and Passwords – where you set “Users must enter a username and password to use this computer” and “Require users to press Crtl-Alt-Del before logging on”
• Administrative Tools Folder shortcut (also Start -> Programs -> Admin Tools)

Windows 2000 Control Panel:

Windows 2000 Admin Tools:

Read more about using the Windows 2000 Control Panel

Read more about Desktop User Profiles

User and Group Accounts in NT

User Accounts are managed in User Manager for Domains (NT Server) or User Manager (NT Workstation). Only local groups and users may be viewed, created and edited in User Manager. A local group and the permissions set for it will only apply to the local machine and its resources, whether accessed at the machine or over the network. The permissions of a global group can apply to any number of machines in the Domain.
 

The clearest method of access control is to put users into global groups at the server--add global groups to local groups as needed--and manage the permissions of the local group. Giving permissions directly to users can lead to conflicts and should be avoided.
There are two user accounts created by default

• Administrator
• Guest

Both these accounts may be modified but never deleted. Both these accounts represent a possible security hole if not modified. Both should at least be renamed, and the Guest account should remain disabled if not needed.
NOTE: Every account created is associated with a SID (Security Identifier) which is (supposedly) "unique in all space and all time". When the account is modified, even renamed and reconfigured, the SID remains identical. If the account is deleted and then reconstructed exactly--username, password, permissions, everything--the SID is not. As NT sees the new account, it is completely different. (Headaches have sprung from this one...)
 

• A user name must be unique, and should be descriptive. A good idea is to set a naming convention for usernames, such as first initial, last name, and location/job code. (e.g. ckent8cb might mean Clark Kent, 8th floor, City beat)
• Usernames must be 20 characters or less, without these: \"/][|;:><,.?*+=
• Full Name is optional, but handy in large enterprises
• Description is optional; again handy for managing large numbers of users
• Password is case-sensitive (brainbug is different from BrainBug) and can be up to 14 characters in length. A good password is at least 8 characters and includes lower case, capitals, numerals, and symbols. (e.g. WTH_y0u??, 12gaSH07gun!, CAP741n-who?!, H07Yc0wb4+m4N!....)
• Passwords should be easy to remember, but hard to crack. It can be done.
  Account options can adjust security levels as needed.
• User Must Change Password--if the Admin has assigned or reassigned the user's password, this enables the user to access his account but must change the password at the next logon.
• User Cannot Change Password--good for an account that numbers of people must access; also for assigning lazy users tough passwords (instead of their birth date or licence plate).
• Password Never Expires--good for accounts used by NT services such as Backup, or the Anonymous account used by IIS for FTP access.
• Account Disabled--useful for guarding the account of a user on vacation, or when an account is set up perfectly and the user must be replaced. Deleting and recreating accounts is not as good when users are replaced; a better move is to disable and then rename the account when needed.

It is useful to make a template of accounts that will be allowed similar access permissions. Set up an account with the desired configurations and Copy it when needed. All settings except username, full name, "account disabled", and password transfer over.

• Profile button is used to specify a Home Directory to contain the user's personal settings, applications, and working folders/data files. It can also set up a logon script to connect the user automatically to the parts of the network the user normally accesses.
   
• Dial-in is for configuring the user's Remote Access settings. By default, there are five group accounts installed in User Manager.

Seldom is it necessary to create groups--the defaults cover a good range of requirements.

• Administrators - not the Administrator account, but a local group that users may be added to which gives full power to make changes in the Domain or Workgroup as well as locally.
• Power Users - membership in this group allows several administrative powers beyond normal user but short of Administrator. Most useful are the right to access the PC from the network, create and manage user accounts, and manage shares on printers, files and folders. (Unique to NT Workstation--not available on NT Server.)
• Backup Operators - gives the rights necessary to access directories and files to back them up into storage.
• Users - allows rights necessary to operate the machine, such as log on locally, shut down the PC, and create/manage local group and user accounts.
• Guest - again, not the Guest account, but a local group which users may be added to for access to the machine or domain. This group has no default rights; they must be added as required.

On an NT Server, several other local groups are added as default, such as Server Operator, Account Operator, Print Operator (no Power User), and three global groups--Domain Administrators, Domain Users, and Domain Guests.

All these groups have built-in, predefined, unchangeable abilities, and default, modifiable user rights. These are controlled from the User Rights Policy box accessed from the Policy drop-down.

Account Policies regarding password age and length, lockout settings, and enforcing logon hours are accessed from Account in the Policy drop-down.

Adding user accounts to group accounts (or removing them) is managed by selecting the group account and clicking the User, Properties drop-down.

Troubleshooting Windows NT4

Several built-in utilities exist in NT4 for detecting and diagnosing problems before and after they occur. These are also useful for optimizing performance. Just because these are so fun to play with is no reason to forget the basics--always check the connections and cables first, in case of a catastrophic failure. In case of a more minor problem, check Event Viewer.

Event Viewer- has three separate logs to inspect:

• Application - logs all information pertinent to the running of applications, including failures.
• Security - records policy changes, logon and access attempts; may be used to audit file and directory access if enabled in the Properties for these. Auditing causes a small overall performance drop, so use only when necessary.
• System - shows all significant system activity. After checking connections, the System log should be your first step in diagnosis

Log items are marked with a blue I for routine informational items, a ! in yellow for events worth watching, and a red stop sign for items which may be critical to operation, such as the failure of a service to start.

Filtering is available to narrow the events listed, and is in the View drop-down.
Events may be filtered by date/time, event ID, event type, user, and the event source. As hundreds of system events are logged per hour, narrowing the items viewed is a good idea.

All logs may be recorded as a file, Three options:

• In binary form that only Event Viewer can read
• Plain readable text, or
• Comma-delimited text that can port to an Excel spreadsheet.

Windows NT Diagnostics - in Administrative Tools, or WINMSD.EXE from the command line, provides a snapshot of all important system configurations. No editing is possible, but everything about the system is viewable from here.

Performance Monitor - provides a finely controllable EEG-like view (by default) of all aspects of system operation. Other views available are histogram (bar graph), report (numeric average), and alert, which can broadcast an admin alert over the network or be set to run a program when specified thresholds are crossed (such as less than 10% HDD capacity remaining).
 

Perfmon allows selection of:

• Objects--HDD, memory, processor; also processes, threads, pagefile, cache, system, browser, and more. When a utility is added (such as SNMP) it will add objects to the Perfmon list.
• Counters--specific aspects of the object chosen, such as Memory: page hits, page faults, page-ins, page-outs, allocated memory, unused memory, etc.
• Instances--specific occurrences of counters--page faults per sec, total page faults, "hard" and "soft" page faults...

Perfmon may be logged over time and used to establish a baseline of normal performance to compare against any abnormal activity.

Task Manager - provides a quick and handy method of checking the system status and managing applications. Right-click on the taskbar or press Ctrl-Alt-Esc to invoke it. TaskMan has three tabbed pages to view:

• Application - shows all running programs, and may be used to shut down any that are unresponsive by usual means.
• Processes--shows all running processes and resources used by each. The priority of these may be changed here.
• Performance--a rough look at CPU and memory usage in real-time. Good for a quick overview and to identify if Perfmon is needed.

Check out:

http://www.i386.com/default.asp?page=pages&category=ADMIN&keyword=booting

http://www-csag.ucsd.edu/projects/comm/ntrsc.html

No exp with NT? Check out these demos

http://www.exitnow.com/skillbuilder/viewlets/windowsnt4.htm

NT Boot Problems

If experiencing boot problems, do not log on. Same thing applies to Windows 2000. Upon logon, the boot process is completed, and parts of the registry are backed up as being good. It's even called "LastKnownGood" (not a reference to a bachelor party BTW). So instead of logging on and saving a corrupt controlset key to the Registry, reboot and hammer the spacebar, which will restore the LastKnownGood settings to the current Registry. Choose a hardware configuration and press L. This may also work if editing the Registry directly causes those instant problems previously warned about, or if a corrupt driver is loaded and crashes the system.

If the bootup fails completely, pull out the three boot disks and the Emergency Repair Disk created on installation (and hopefully kept current). The ERD is not a boot disk. It contains compressed Registry files and a program which extracts and overwrites them into the damaged Registry.

Read More on Using RDISK /S to create ERDs in NT 4.):

http://www.cert.org/security-improvement/implementations/i028.01.html

Note: The ERD is made or updated by running RDISK.EXE (the /S switch is recommended--it updates security and account information). Click either Create or Update Repair Disk ("Create" requires a preformatted floppy). It is possible to run over the capacity of a single 1.44MB disk; RDISK prompts for another if so.

The boot disks may be produced after installation by running WINNT32.EXE with the /OX switch. This does not reinstall the OS, it just makes the floppies.

The BOOT.INI file--about the only .INI file NT uses--will need editing if the system partition (the one with the boot files--not the boot partition, with the system files. True.) changes. The RASH (Read, Archive, System, Hidden) attributes will have to be removed to edit it, and restored after. Remember that the controller and disk values begin at 0, and the partition numbering begins at 1. Error messages involving NTLDR or NTOSKRNL are your clue that BOOT.INI needs attention.
 

Read more on Troubleshooting Startup and disk problems:

http://www.microsoft.com/TechNet/winnt/reskit/troubles.asp

Troubleshooting Printers

Printers (or Print Devices in NT lingo) are another story in themselves. The first things to check are always the physical side:

• Is the printer on?
• Is it out of paper?
• Is there a paper jam inside?
• Is the cable connection secure?

When NT workstation sends a print request to an NT server, the server automatically checks the client for the correct printer driver. If not present, or if out of date, the server downloads the printing software to the client. The driver is rarely the problem between NT systems.

As with everything else NT, different groups and users can have different levels of rights assigned. Different printer shares may vary as to rights granted. Each user or group can have different priorities, or scheduled hours of use. Any or all of these may cause a problem.

If the printing process is running slowly, check to see that the drive the spool directory is on has enough space. By default this is in the same partition as the system files; this can only be changed in the Registry by directly editing. Keep the printer spool drive defragmented.

Note: As NT has no native defrag utility, this is done by hand or with a third-party application.

In the case of complete printing failure, try:

• Stopping and restarting the spooling service may clear the jam.
• Deleting and reinstalling the printer is a last resort--all the shares, rights, and other settings will have to be redone.

Logging and auditing may be enabled for printers. These entries are sent to Event Viewer, and can be filtered for easier inspection.

Note: Much of the Troubleshooting in NT is the same for Windows 2000.

Windows 2000

Windows 2000 (Win2K for short) is another leap from the previous versions of Windows in that it basically combines the best parts of all its predecessors.

Versions

There are four versions of Windows 2000 (though you really need only deal with what is common to all of them, and the first one in particular):

• Windows 2000 Professional – desktop/client OS ***
• Windows 2000 Server – server platform
• Windows 2000 Advanced Server – enterprise edition
• Windows 2000 Datacenter Server – most powerful server

Read more about Server vs. Professional:

http://www.microsoft.com/technet/chats/trans/sw20620.asp

Features

• Windows 2000 provides built-in networking support
• Full Internet integration
• Customizable Admin Tools and Start Menu (a learning menu)
• Better Hardware support – good PnP support, compatibility between 98 and 2000 drivers
• USB support
• File System support for FAT32, FAT16, NTFS4, and NTFS5 (default)
• Backup Options – including a utility for scheduled backups (Task Scheduler)
• Kerberos authentication protocol and Smart Cards for security (file level encryption and user identification for Internet access)
• VPN and remote/mobile user access
• IPP (Internet Printing Protocol)

Installing Windows 2000

There are three ways to install Windows 2000:

1. From the Win2K setup floppies, then loading files from the CDROM
2. Booting from the CD
3. Connecting to the network server and installing from shared location

Windows 2000 Hardware Requirements/Recommendations

All devices should be on the Win2K Hardware Compatibility List (HCL) – HCL.TXT file is in the SUPPORT folder on the Windows 2000 CD.

Read more on HCL:

http://www.microsoft.com/hcl/default.asp

Windows 2000 Partitions

Windows 2000 can be installed on an existing Partition or a new one. The Setup program allows you to choose (select, create, delete) partitions for the OS only. Partitions must be at least 650 MB, but 1 GB is recommended.
 

Leaving FDISK behind now, you can create partitions using the Disk Management Utility after Install.

If your browser doesn't support inline frames click HERE to view the full-sized graphic.

Domain or Workgroup Selection

Windows 2000 ships with built-in networking. Win2K allows workstations to operate as members of workgroups and domains.

• A Workgroup is a group of computers operating as a P2P network sharing resources and connections and user-level security at the workstation.
• A Domain is a collection of computers sharing the same security database (Active Directory service) with user accounts and domain security information.

Before the Installation, you will need:

• Domain name in your DNS (Domain Name System) on your server
• Computer account within the domain
• Domain Controller and DNS Server (Win2K Server must have a Domain Controller, which holds the user account and validates logins on the DNS Server.)

Installation Process

Depending on the type of installation (network, local) you may also need to

Create a Distribution Server and configure the client workstation for Network Installations first.

1. Create boot floppy disks (you’ll need 4) from the Win2K CD. Open Windows Explorer -> My Computer and go to the CD subdirectory \BOOTDISK. Double click MAKEBOOT.EXE and select the floppy drive (A:). You will be prompted for the next disk. When done, click Close.

    

2. If you are creating a distribution server to install the OS across a network, you will need to create a folder (W2000P) for you source files, and copy all the files from the I386 folder on the Windows 2000 CD into it. Then, share the folder to be able to access it from the client machine. This is your distribution share.

    

3. At the client machine, make sure you have the minimum hardware requirements (650MB!!)

    

    

4. If this is an upgrade, use the existing Network client OS to connect to your shared network folder W2000P. If this is a client machine

Windows 9x:

If your browser doesn't support inline frames click HERE to view the full-sized graphic.

Icons in the Control Panel represent utilities including:

• Add/Remove Programs - a wizard walk-through for installing or modifying applications
• Add/Remove Hardware - a wizard walk-through for installing or modifying hardware and plug n play devices
• Network settings--local IP address, computer name, Domain/Workgroup name, names and IP addresses of DNS, WINS, DHCP servers, and hardware settings for NIC
• Peripheral devices - configure the Keyboard, Mouse, Modems, Game Controllers
• Internet Options – configure home page, history, internet security
• Multimedia - manage settings for audio, video
• ODBC – manage database connectivity
• Display settings - controls resolution, refresh rate, colours used, wallpaper, screensavers
• Printers and Ports--comm settings for serial ports; install, remove and set printer options (notice this is a shortcut)
• Power Management – standby and power scheme settings
• Fonts--add and remove font selections, toggle TrueType
• Date and time - duh
• SCSI - handles Small Computer System Interface settings for SCSI controllers, tape drives (if you have a SCSI host adapter)
• Services - starts, stops and pauses various services
• System - system startup settings, system environment variables, virtual memory settings, recovery options, and multitasking settings

In NT:

• User Manager – (NT) creates, edits, and views user profile information. Sets user permissions, local group permissions, and local system policies. Two permanent user accounts are set by default--Administrator and Guest. These can be changed but never deleted.
• Disk Administrator – (NT) formats the HDD(s), sets partitions, chooses file systems.
• UPS - configures uninterrupted power supply.

In 2000:

• Folder Options – settings for all folders
• Users and Passwords – where you set “Users must enter a username and password to use this computer” and “Require users to press Crtl-Alt-Del before logging on”
• Administrative Tools Folder shortcut (also Start -> Programs -> Admin Tools)

Windows 2000 Control Panel:

Windows 2000 Admin Tools:

Read more about using the Windows 2000 Control Panel

Read more about Desktop User Profiles

User and Group Accounts in NT

User Accounts are managed in User Manager for Domains (NT Server) or User Manager (NT Workstation). Only local groups and users may be viewed, created and edited in User Manager. A local group and the permissions set for it will only apply to the local machine and its resources, whether accessed at the machine or over the network. The permissions of a global group can apply to any number of machines in the Domain.
 

The clearest method of access control is to put users into global groups at the server--add global groups to local groups as needed--and manage the permissions of the local group. Giving permissions directly to users can lead to conflicts and should be avoided.
There are two user accounts created by default

• Administrator
• Guest

Both these accounts may be modified but never deleted. Both these accounts represent a possible security hole if not modified. Both should at least be renamed, and the Guest account should remain disabled if not needed.
NOTE: Every account created is associated with a SID (Security Identifier) which is (supposedly) "unique in all space and all time". When the account is modified, even renamed and reconfigured, the SID remains identical. If the account is deleted and then reconstructed exactly--username, password, permissions, everything--the SID is not. As NT sees the new account, it is completely different. (Headaches have sprung from this one...)
 

• A user name must be unique, and should be descriptive. A good idea is to set a naming convention for usernames, such as first initial, last name, and location/job code. (e.g. ckent8cb might mean Clark Kent, 8th floor, City beat)
• Usernames must be 20 characters or less, without these: \"/][|;:><,.?*+=
• Full Name is optional, but handy in large enterprises
• Description is optional; again handy for managing large numbers of users
• Password is case-sensitive (brainbug is different from BrainBug) and can be up to 14 characters in length. A good password is at least 8 characters and includes lower case, capitals, numerals, and symbols. (e.g. WTH_y0u??, 12gaSH07gun!, CAP741n-who?!, H07Yc0wb4+m4N!....)
• Passwords should be easy to remember, but hard to crack. It can be done.
  Account options can adjust security levels as needed.
• User Must Change Password--if the Admin has assigned or reassigned the user's password, this enables the user to access his account but must change the password at the next logon.
• User Cannot Change Password--good for an account that numbers of people must access; also for assigning lazy users tough passwords (instead of their birth date or licence plate).
• Password Never Expires--good for accounts used by NT services such as Backup, or the Anonymous account used by IIS for FTP access.
• Account Disabled--useful for guarding the account of a user on vacation, or when an account is set up perfectly and the user must be replaced. Deleting and recreating accounts is not as good when users are replaced; a better move is to disable and then rename the account when needed.

It is useful to make a template of accounts that will be allowed similar access permissions. Set up an account with the desired configurations and Copy it when needed. All settings except username, full name, "account disabled", and password transfer over.

• Profile button is used to specify a Home Directory to contain the user's personal settings, applications, and working folders/data files. It can also set up a logon script to connect the user automatically to the parts of the network the user normally accesses.
   
• Dial-in is for configuring the user's Remote Access settings. By default, there are five group accounts installed in User Manager.

Seldom is it necessary to create groups--the defaults cover a good range of requirements.

• Administrators - not the Administrator account, but a local group that users may be added to which gives full power to make changes in the Domain or Workgroup as well as locally.
• Power Users - membership in this group allows several administrative powers beyond normal user but short of Administrator. Most useful are the right to access the PC from the network, create and manage user accounts, and manage shares on printers, files and folders. (Unique to NT Workstation--not available on NT Server.)
• Backup Operators - gives the rights necessary to access directories and files to back them up into storage.
• Users - allows rights necessary to operate the machine, such as log on locally, shut down the PC, and create/manage local group and user accounts.
• Guest - again, not the Guest account, but a local group which users may be added to for access to the machine or domain. This group has no default rights; they must be added as required.

On an NT Server, several other local groups are added as default, such as Server Operator, Account Operator, Print Operator (no Power User), and three global groups--Domain Administrators, Domain Users, and Domain Guests.

All these groups have built-in, predefined, unchangeable abilities, and default, modifiable user rights. These are controlled from the User Rights Policy box accessed from the Policy drop-down.

Account Policies regarding password age and length, lockout settings, and enforcing logon hours are accessed from Account in the Policy drop-down.

Adding user accounts to group accounts (or removing them) is managed by selecting the group account and clicking the User, Properties drop-down.

Troubleshooting Windows NT4

Several built-in utilities exist in NT4 for detecting and diagnosing problems before and after they occur. These are also useful for optimizing performance. Just because these are so fun to play with is no reason to forget the basics--always check the connections and cables first, in case of a catastrophic failure. In case of a more minor problem, check Event Viewer.

Event Viewer- has three separate logs to inspect:

• Application - logs all information pertinent to the running of applications, including failures.
• Security - records policy changes, logon and access attempts; may be used to audit file and directory access if enabled in the Properties for these. Auditing causes a small overall performance drop, so use only when necessary.
• System - shows all significant system activity. After checking connections, the System log should be your first step in diagnosis

Log items are marked with a blue I for routine informational items, a ! in yellow for events worth watching, and a red stop sign for items which may be critical to operation, such as the failure of a service to start.

Filtering is available to narrow the events listed, and is in the View drop-down.
Events may be filtered by date/time, event ID, event type, user, and the event source. As hundreds of system events are logged per hour, narrowing the items viewed is a good idea.

All logs may be recorded as a file, Three options:

• In binary form that only Event Viewer can read
• Plain readable text, or
• Comma-delimited text that can port to an Excel spreadsheet.

Windows NT Diagnostics - in Administrative Tools, or WINMSD.EXE from the command line, provides a snapshot of all important system configurations. No editing is possible, but everything about the system is viewable from here.

Performance Monitor - provides a finely controllable EEG-like view (by default) of all aspects of system operation. Other views available are histogram (bar graph), report (numeric average), and alert, which can broadcast an admin alert over the network or be set to run a program when specified thresholds are crossed (such as less than 10% HDD capacity remaining).
 

Perfmon allows selection of:

• Objects--HDD, memory, processor; also processes, threads, pagefile, cache, system, browser, and more. When a utility is added (such as SNMP) it will add objects to the Perfmon list.
• Counters--specific aspects of the object chosen, such as Memory: page hits, page faults, page-ins, page-outs, allocated memory, unused memory, etc.
• Instances--specific occurrences of counters--page faults per sec, total page faults, "hard" and "soft" page faults...

Perfmon may be logged over time and used to establish a baseline of normal performance to compare against any abnormal activity.

Task Manager - provides a quick and handy method of checking the system status and managing applications. Right-click on the taskbar or press Ctrl-Alt-Esc to invoke it. TaskMan has three tabbed pages to view:

• Application - shows all running programs, and may be used to shut down any that are unresponsive by usual means.
• Processes--shows all running processes and resources used by each. The priority of these may be changed here.
• Performance--a rough look at CPU and memory usage in real-time. Good for a quick overview and to identify if Perfmon is needed.

Check out:

http://www.i386.com/default.asp?page=pages&category=ADMIN&keyword=booting

http://www-csag.ucsd.edu/projects/comm/ntrsc.html

No exp with NT? Check out these demos

http://www.exitnow.com/skillbuilder/viewlets/windowsnt4.htm

NT Boot Problems

If experiencing boot problems, do not log on. Same thing applies to Windows 2000. Upon logon, the boot process is completed, and parts of the registry are backed up as being good. It's even called "LastKnownGood" (not a reference to a bachelor party BTW). So instead of logging on and saving a corrupt controlset key to the Registry, reboot and hammer the spacebar, which will restore the LastKnownGood settings to the current Registry. Choose a hardware configuration and press L. This may also work if editing the Registry directly causes those instant problems previously warned about, or if a corrupt driver is loaded and crashes the system.

If the bootup fails completely, pull out the three boot disks and the Emergency Repair Disk created on installation (and hopefully kept current). The ERD is not a boot disk. It contains compressed Registry files and a program which extracts and overwrites them into the damaged Registry.

Read More on Using RDISK /S to create ERDs in NT 4.):

http://www.cert.org/security-improvement/implementations/i028.01.html

Note: The ERD is made or updated by running RDISK.EXE (the /S switch is recommended--it updates security and account information). Click either Create or Update Repair Disk ("Create" requires a preformatted floppy). It is possible to run over the capacity of a single 1.44MB disk; RDISK prompts for another if so.

The boot disks may be produced after installation by running WINNT32.EXE with the /OX switch. This does not reinstall the OS, it just makes the floppies.

The BOOT.INI file--about the only .INI file NT uses--will need editing if the system partition (the one with the boot files--not the boot partition, with the system files. True.) changes. The RASH (Read, Archive, System, Hidden) attributes will have to be removed to edit it, and restored after. Remember that the controller and disk values begin at 0, and the partition numbering begins at 1. Error messages involving NTLDR or NTOSKRNL are your clue that BOOT.INI needs attention.
 

Read more on Troubleshooting Startup and disk problems:

http://www.microsoft.com/TechNet/winnt/reskit/troubles.asp

Troubleshooting Printers

Printers (or Print Devices in NT lingo) are another story in themselves. The first things to check are always the physical side:

• Is the printer on?
• Is it out of paper?
• Is there a paper jam inside?
• Is the cable connection secure?

When NT workstation sends a print request to an NT server, the server automatically checks the client for the correct printer driver. If not present, or if out of date, the server downloads the printing software to the client. The driver is rarely the problem between NT systems.

As with everything else NT, different groups and users can have different levels of rights assigned. Different printer shares may vary as to rights granted. Each user or group can have different priorities, or scheduled hours of use. Any or all of these may cause a problem.

If the printing process is running slowly, check to see that the drive the spool directory is on has enough space. By default this is in the same partition as the system files; this can only be changed in the Registry by directly editing. Keep the printer spool drive defragmented.

Note: As NT has no native defrag utility, this is done by hand or with a third-party application.

In the case of complete printing failure, try:

• Stopping and restarting the spooling service may clear the jam.
• Deleting and reinstalling the printer is a last resort--all the shares, rights, and other settings will have to be redone.

Logging and auditing may be enabled for printers. These entries are sent to Event Viewer, and can be filtered for easier inspection.

Note: Much of the Troubleshooting in NT is the same for Windows 2000.

Windows 2000

Windows 2000 (Win2K for short) is another leap from the previous versions of Windows in that it basically combines the best parts of all its predecessors.

Versions

There are four versions of Windows 2000 (though you really need only deal with what is common to all of them, and the first one in particular):

• Windows 2000 Professional – desktop/client OS ***
• Windows 2000 Server – server platform
• Windows 2000 Advanced Server – enterprise edition
• Windows 2000 Datacenter Server – most powerful server

Read more about Server vs. Professional:

http://www.microsoft.com/technet/chats/trans/sw20620.asp

Features

• Windows 2000 provides built-in networking support
• Full Internet integration
• Customizable Admin Tools and Start Menu (a learning menu)
• Better Hardware support – good PnP support, compatibility between 98 and 2000 drivers
• USB support
• File System support for FAT32, FAT16, NTFS4, and NTFS5 (default)
• Backup Options – including a utility for scheduled backups (Task Scheduler)
• Kerberos authentication protocol and Smart Cards for security (file level encryption and user identification for Internet access)
• VPN and remote/mobile user access
• IPP (Internet Printing Protocol)

Installing Windows 2000

There are three ways to install Windows 2000:

1. From the Win2K setup floppies, then loading files from the CDROM
2. Booting from the CD
3. Connecting to the network server and installing from shared location

Windows 2000 Hardware Requirements/Recommendations

All devices should be on the Win2K Hardware Compatibility List (HCL) – HCL.TXT file is in the SUPPORT folder on the Windows 2000 CD.

Read more on HCL:

http://www.microsoft.com/hcl/default.asp

Windows 2000 Partitions

Windows 2000 can be installed on an existing Partition or a new one. The Setup program allows you to choose (select, create, delete) partitions for the OS only. Partitions must be at least 650 MB, but 1 GB is recommended.
 

Leaving FDISK behind now, you can create partitions using the Disk Management Utility after Install.

If your browser doesn't support inline frames click HERE to view the full-sized graphic.

Domain or Workgroup Selection

Windows 2000 ships with built-in networking. Win2K allows workstations to operate as members of workgroups and domains.

• A Workgroup is a group of computers operating as a P2P network sharing resources and connections and user-level security at the workstation.
• A Domain is a collection of computers sharing the same security database (Active Directory service) with user accounts and domain security information.

Before the Installation, you will need:

• Domain name in your DNS (Domain Name System) on your server
• Computer account within the domain
• Domain Controller and DNS Server (Win2K Server must have a Domain Controller, which holds the user account and validates logins on the DNS Server.)

Installation Process

Depending on the type of installation (network, local) you may also need to

Create a Distribution Server and configure the client workstation for Network Installations first.

1. Create boot floppy disks (you’ll need 4) from the Win2K CD. Open Windows Explorer -> My Computer and go to the CD subdirectory \BOOTDISK. Double click MAKEBOOT.EXE and select the floppy drive (A:). You will be prompted for the next disk. When done, click Close.

    

2. If you are creating a distribution server to install the OS across a network, you will need to create a folder (W2000P) for you source files, and copy all the files from the I386 folder on the Windows 2000 CD into it. Then, share the folder to be able to access it from the client machine. This is your distribution share.

    

3. At the client machine, make sure you have the minimum hardware requirements (650MB!!)

    

    

4. If this is an upgrade, use the existing Network client OS to connect to your shared network folder W2000P. If this is a client machine
   1. without a NOS, us a boot disk which includes MSClient (for network connections)

       

       

   2. TYPE in NET USE W: \\Servername\W2000P to connect to the distribution share.

       

       

   3. Run the Setup program: WINNT32.EXE on 9x/NT machines; WINNT.EXE on Win3.x machines.

       

       

   4. The WINNT/WINNT32 program will create a Temporary folder and copy the installation files into it.

       

       

   5. Restart you computer to begin the installation process.

       

    

    

   After restarting the machine:

    

   1. Start the setup program

       

       

   2. Text Mode setup

       

       

      • Create partition for Win2K

         

         

      • Select the File System

         

         

      • Format the partition, if needed

         

         

      • Copy installation files to the hard drive

         

       

   3. Restart the computer

       

       

   4. Setup Wizard (graphic mode)

       

       

      • Choose Regional Settings

         

         

      • Enter name and organization

         

         

      • Enter the Product Key (write it on the CD!)

         

         

      • Enter a 15 character computer name, unique to the network (ask your Net Admin for this)

         

         

      • Choose a password for the local Administrator account

         

         

      • Fill in the Date and Time

         

       

   5. Network Configuration

       

       

      • Auto-detects NICs and installs Windows Networking (Client for Microsoft Networks, File and Print Sharing, TCP/IP)

         

         

      • Choose to join a workgroup or a domain

         

       

   6. Final Bits to Tidy up

       

       

      • Create Start menu shortcuts

         

         

      • Setup choices applied

         

         

      • Configuration saved to hard drive

         

         

      • Temp files deleted

         

   7. Last Restart

       

   Upgrading to Windows 2000

   On Windows 9x or NT machines, use WINNT32.EXE to start Setup. On Windows 3.x, you use WINNT.EXE. This will create a temporary folder and copy installation files into it. The computer will need to restart before the rest of the Installation process.

    

   http://www.microsoft.com/windows2000/professional/howtobuy/upgrading/path/win9x.asp

    

   Boot Sequence of Windows 2000

   1. POST
   2. PnP Devices
   3. Locates MBR
   4. NTLDR (Real mode to 32 bit memory model and then loads the drivers to read the file system))
   5. BOOT.INI (location of other OS files)
   6. BOOTSECT.DOS (for multi-boot systems when another OS is detected)
   7. NTDETECT.COM (hardware detection)
   8. WINNT\SYSTEM32\NTOSKRNL.EXE (initialized ***Win2k kernel file***)
   9. HAL.DLL (Hardware Abstraction Layer for hardware independence)
   10. WINNT\SYSTEM32\CONFIG\HKEY_LOCAL_MACHINE\SYSTEM key (the key from the Registry for the device drivers to be initialized)
   11. WINNT\SYSTEM32\drivers\*.SYS (low-level device drivers loaded)

       Graphic Display...

   12. HKEY_LOCAL_MACHINE\HARDWARE key (the key from the Registry for detecting hardware and settings)
   13. Clone copy of control set is created (prior setup)
   14. Device Drivers loaded
   15. Windows 2000 services started
   16. Logon prompt (after login, the clone control set is copied to the LastKnownGood control set in case of a system boot failure)

    

   Note: Just like NT, the LastKnownGood Control set remembers the last time Win2K booted successfully. If Win2K fails on startup, DO NOT logon before shutting down the system, as it will overwrite the last good config. Pressing F8 on Startup will get you to the Last Known Good selection on the Advanced Option menu.

    

   After a failed boot in NT or 2000, do not logon.

    

   Advanced Options Menu

   In Windows 9x, this menu was called the Startup menu, but in Win2k, it’s called the Advanced Options menu. Press F8 to access it as the system is booting:

    

   • Safe Mode
   • Safe Mode with Networking
   • Safe Mode with Command Prompt
   • Enable Boot Logging (WINNT\NTBTLOG.TXT)
   • Enable VGA mode
   • Last Known good Configuration
   • Directory Services Restore Mode (Domain Controllers only)
   • Boot Normally

    

   Windows 2000 Required Boot Files

   • NTLDR (loader file)
   • NTDETECT.COM (recognizes hardware)
   • BOOT.INI (OS menu)
   • BOOTSECT.DOS (alt boot sector)
   • NTOSKRNL.EXE (kernel)
   • HAL.DLL
   • SYSTEM32\CONFIG (registry)
   • SYSTEM\32\DRIVERS\*.SYS (drivers)

    

   Administering Windows 2000

   Win2K has a centralized location for Management Utilities called the Microsoft Management Console (MMC). It is the location for applications called Snap-ins. Consoles can be saved in either author or user mode, with full access, limited access (multiple window), or limited access (single window).

    

   The MMC (Microsoft Management Console) is the central location for Windows 2000 management utilities (called Snap-ins). Start -> Run -> MMC

    

    

   More on MMC Snap-ins:

   http://support.microsoft.com/support/kb/articles/Q230/2/63.ASP

   http://support.microsoft.com/support/kb/articles/Q271/1/35.ASP

    

   Disk Management and Resources

   Volume Sets

   A volume is a unit of storage, logical or physical (whole or part of a drive) used by Windows 2000 dynamic storage for fault tolerance and backup:

   • Simple Volume – No fault tolerance. disk space from one disk only.
   • Spanned Volume – No fault tolerance. Disk space from more than one disk, information is written on one disk until full, then the next, then the next
   • Striped volume (aka RAID 0) – to improve disk access. Data is written simultaneously to all disks (stripe set). Stripe Sets may be created by selecting 2 to 32 areas of free space on 2 to 32 physical HDDs. This enables writing and reading across two or more HDDs simultaneously and can speed up read/write access. There is no fault tolerance on a simple stripe set.
   • Mirror Sets (RAID 1) and Stripe Sets with Parity (Duplexed) (RAID 5) are available only on NT/2000 Server. These use multiple HDDs for faster access and/or recoverability of data in case one drive fails.
      

   User and Group Management

    

   Just like Windows NT, Win2K has two types of accounts:

   • Local (this computer login)
   • Domain (accounts reside on the domain controllers)

    

   Like Windows NT, There are two built-in User Accounts that can be changed, but not deleted:

   • Administrator (god rights)
   • Guest (default disabled)

    

   User Accounts

   You create User Accounts using the Local Users and Groups snap-in:

    

   Go to Admin Tools -> Computer Management -> Users folder ->

    

   

    

    

   Right click and select New User:

    

   

    

   Fill in the fields:

   • Username (required)
   • Full name (helpful in larger environments)
   • Description
   • Password (recommended)
   • User must change password at next login
   • User cannot change password
   • Password never expires
   • Account is disabled

    

   Groups

   A group is simply a collection of user accounts the make it easier to assign permissions and rights to a number of users.

    

   Win2K Professional (like NT Workstation) can only create Local groups. You need a unique name (less than 256 character with no back slashes: \), and can add and remove members as needed.

    

   Note: Shift + Click to add multiple user accounts at once, or use Ctrl + Click to add a consecutive list of users.

    

   Built-in Groups:

   • Administrators (god power)
   • Power Users (some admin privileges)
   • Backup Operators (can backup and restore folders/files)
   • Replicator (with directory replication is used)
   • Users (all new users are automatically added to this group)
   • Guests (limited rights)

    

   If your browser doesn't support inline frames click HERE to view the full-sized graphic.

    

   Win2K also have Built-in System Groups:

   • Everyone (all users who access the system)
   • Authenticated Users (all users with a valid account)
   • Creator Owner (Group owners)
   • Interactive (user currently working locally)
   • Network (groups of user accounts/users currently connected to the network)

    

   Managing Security

   Auditing

   Auditing enables the Administrator to track user accounts and system events, using the security log in Event Viewer. This log includes the action taken, the user who did it, whether successful or unsuccessful. Also includes:

   • Account management
   • Logon events
   • Object access
   • Policy changes
   • Privilege use
   • System Events

    

   Go to Start -> Programs - > Admin Tools -> Local Security to set up Auditing:

    

   If your browser doesn't support inline frames click HERE to view the full-sized graphic.

    

   And Password Policy to:

   • Enforce password history (can keep up to 24 passwords, to prevent reusing)
   • Max password age (42 days, below)
   • Min password age (when a password can be changed again)
   • Min password length (...to a max of 14 characters)
   • Meet complexity requirements
   • Account Lockout duration (time of lockout after exceeding logon attempt threshold)
   • Account Lockout threshold (number of login attempts allowed)
   • Reset account lockout (after a number of login attempts)

    

   If your browser doesn't support inline frames click HERE to view the full-sized graphic.

    

   Logon Security Options include:

   • Allow system to be shut down without having to logon
   • Disable CTRL + ALT +DEL requirement for logon
   • Do not display last user name on logon screen
   • Automatically logoff user when login time expires
   • Rename Admin account
   • Rename guest account
   • NOTE: There are MANY options here...

    

   Troubleshooting Windows 2000

   For system recovery, try the Recovery Console, a command line interface, or Emergency Repair, which copies system files and replaces ones damaged/missing, on the Windows 2000 CD. Select the Repair option for either Recovery Console or Emergency Repair.

    

    

   Top 15 Admin Tasks for Win2K:

   http://www.microsoft.com/TechNet/win2000/win2kts/prodfact/w2ktop15.asp

    

   MS How it Works:

   http://www.microsoft.com/windows2000/techinfo/howitworks/default.asp

    

   MS Step-by-step:

   http://www.microsoft.com/windows2000/techinfo/planning/walkthroughs/default.asp

    

   Troubleshooting What to know:

   http://www.microsoft.com/technet/win2000/whattodo.asp

    

   Windows Professional HELP:

   http://www.microsoft.com/windows2000/en/professional/help/

    

   Don’t have access to Windows 2000? Check out MS’s online demos:

   http://www.microsoft.com/windows2000/demos/default.asp

    

    

   Windows 2000 Utilities

   There are at least 3 ways to open every utility: from the Start Menu, from the Control Panel, from MMC.

   
   Start -> Control Panel

    

   

    

   See the two little down arrows? That is the (annoying) learning menu in Windows 2000. The menu only shows you what you have accessed recently. If you don’t use it, Windows doesn’t show it. If you mouse over the two little down arrows, the menu opens up.

    

   You can turn off the learning menu:

    

   Start -> Settings -> Control Panel

   

    

    

   Start -> Run

   

    

    

    

   

    

   Other Win2K Utilities

   • Convert.exe – to convert from FAT/FAT32 to NTFS
   • File Compression and Encryption – access from Folder/File Properties (right click) -> General tab -> Advanced button

    

   

    

   • Disk Quotas are accessed from right clicking on a drive and selecting Properties -> Quota tab. Disk quotas are used on a per-user, per-volume basis and define the amount of space used for each users files and folders.
   • Encrypting File System (EFS) – allows NTFS volumes to be secured.
   • Dr. Watson - detects information about system and program failures, then records the info into a log file. In the event of a program error, Dr. Watson starts automatically.

    

   

   Note: Encrypted files can’t be compressed, and compressed files can’t be encrypted.

    

   Read more on EFS:

   http://www.microsoft.com/technet/win2000/win2ksrv/technote/nt5efs.asp

    

   NT/2000 Registry

   The Registry in Windows NT is the central source of configuration information for the system. Those .INI files (which in other OSes performed this function also) that remain are strictly for backward compatibility with 16-bit applications.
    

   It is possible to edit the Registry directly with two separate utilities: REGEDIT.EXE and REGEDT32.EXE. The major difference is; REGEDIT is easier to find keys with, and REGEDT32 is easier to edit keys with. This is only recommended for experts—one, repeat ONE false entry can crash the system instantly, and force a fresh reinstall of the OS. An Administrator can view and edit the Registry of a remote machine.
   The GUI tools are far safer and easier to use, and can handle 95% of configuration tasks.
    

   Click Start -> Run and type either REGEDIT or REGEDIT32

   Windows 98 REGEDIT:

   If your browser doesn't support inline frames click HERE to view the full-sized graphic.

    

   Windows 2000 REGEDIT32

   If your browser doesn't support inline frames click HERE to view the full-sized graphic.

    

   Major Differences Between Windows Versions

   Windows 95, 98, NT, and 2000 all share basically the same desktop, but there are some significant differences.

    

   To compare, see also:

   http://www.microsoft.com/technet/win2000/win2kpro/default.asp

   http://www.microsoft.com/technet/win2000/win2ksrv/default.asp

   http://www.microsoft.com/technet/winnt/default.asp

   http://www.microsoft.com/technet/win98/default.asp

    

   See also:

   All MS OSes in 1500 Words or Less
    

   Windows 9x

   The main differences between Windows 95 and 98 are desktop changes. Specifically, Windows 98 has:

    

   • Fully integrated IE
   • Full 32-bit operation (including 32-bit WDM device drivers)
   • Standardised 32-bit drivers
   • FAT32 file system
   • Long filenames
   • Pre-emptive multitasking (applications given a timeslice to complete a task)
   • Support for more hardware (including multiple displays) and remote access
   • Plug N Play support (Windows 95 was leaps ahead of Windows 3.x)
   • More System Management Utilities, like MSI (Microsoft System Information), Dr. Watson and Maintenance Wizard

    

   Also read: Pre-emptive Multitasking Explained

    

   Windows NT

   Windows NT is significantly different from previous Windows OSes. NT is/has:

   • Real 32-bit environment
   • More expensive
   • More robust (reliable)
   • Much better security (mandatory login, auditing, access, control)
   • User, group, and permission management
   • Requires a better system (more hardware) to run (RISC-based machines, multiple processors)
   • Support for Multiple platforms and other OSes (POSIX and OS/2)
   • Better multitasking and multithreading
   • More networking capabilities built-in
   • Multiple protocol support
   • NTFS (supports FAT or NTFS file systems)
   • More of a business OS, than home use
   • ***POOR PnP support***
   • ***No Device Manager***

    

   Server vs. Workstation

   • Server allows unlimited network connections, where as Workstation allows only 10
   • Server allows up to 256 Remote sessions; Workstation only 1.
   • Server login to local machine and domain; Workstation login to local machine
   • Server has fault tolerance (RAID 0,1,5)
   • Server can handle SMP and 4 processors; Workstation SMP and 2 processors
   • Server has a domain-based management architecture

    

   Same differences are seen comparing Windows 2000 Professional and Server.

    

   Windows 2000

   Windows 2000 combines the best of all versions of Windows -- supposedly ;)

   • File Level Encryption (EFS)
   • Most expensive
   • You can choose your file system with 2000, either FAT32 or NTFS
   • Full Internet integration (including IPP – Internet Printing Protocol – and ICM – Image Colour Management)
   • Even better hardware support (larger disks, great PnP support, multiple processors like NT)
   • Most hardware intensive OS yet
   • Scheduled Backup options, including CD-R and ZIP devices, and Tasks
   • Increased networking requirements
   • Improved Security (Kerberos Authentication Protocol, aka encryption) – file level encryption
   • Customisable admin tools (MMC, Snap-ins), start menu (a “learning menu”)
   • Cannot delete system-required files (as 2000 keeps a second copy that will automatically replace any deleted system file)
   • Active Directory support
   • Auditing
   • Better user, group, and permission management
   • Mobile users support

    

   Windows 3.x, XP, Me and Linux

   None of these OS are covered on the A+ exam – so I’m not covering them here. ;)

    

   Windows File Systems

   There are three Windows file systems:

   • CDFS--Compact Disc File System; a read-only file system, not configurable
   • FAT--File Allocation Table; primarily for compatibility with other OSes (dual-booting)
   • NTFS--New Technology File System; fast, reliable, secure, and robust
   • (Also HPFS – High Performance File System – to convert from OS/2)

    

   File Allocation Table (FAT)

   Windows 9x uses FAT32, with FAT16 drivers for backward capabilities.

    

   Each partition on a hard drive needs to be formatted to hold files (high level formatting) and folders that the OS can access. The FORMAT command creates and configures File Allocation Tables (FAT) and creates the root directory to build the OS upon.

    

   Hard drives store data in areas called sectors, up to 512 Bytes. If you have a file smaller than 512B, the rest of the sector goes to waste. If you have a file over 512B, the OS fills unused, non-sequential sectors until the file is stored completely (this is why you will eventually need to “defrag” every hard drive, too). Once files are written to the disk, the OS needs to remember which sectors have parts of which file: in other words, a File Allocation Table.

    

   FAT16 means the file system uses 16 bits to write addresses (4 hexadecimal numbers: 0000-FFFF). By doing the math, you will see why we outgrew this years ago. Our hard drives got too big: 16 bits equals 65,536 (64K of) sectors.

    

   65,536 (64K) x 512K = 33,554,432 Bytes (or 32,768 KB or 32 MBs)

    

   To get partitions larger than 32MB with FAT16, we used clusters or file allocation units: contiguous sectors acting like one sector in the FAT table. With between 4 to 64 sectors/cluster, FAT16 was able to see partitions up 2 GBs (32K clusters).

    

   With Windows 95, FAT32 was introduced. FAT32 means the FAT table has 32-bit addresses (8 hexadecimal numbers). This also enabled long file names (beyond the 8.3 dos standard). Depending on the cluster size (4-32 sectors/cluster), FAT32 can read partitions up to 2 Terabytes (4K clusters).

    

   Under NT, FAT is actually VFAT, Virtual FAT. The major difference is that hardware is not accessed directly (A virtual device driver "fools" the system into thinking that it is), which contributes to robustness. The file system will not crash with the hardware. It relies upon a linked-list directory structure, which reduces performance on large partitions (each directory entry is linked to the next--the longer the chain, the slower the access) and limits its practical size. A FAT partition is required on RISC machines (for the boot files) and on dual-boot (NT and DOS/Windows systems) machines.
   The VFAT used by NT is more flexible than the old DOS FAT--filenames up to 255 characters including the entire path are allowed, periods and spaces in filenames are fine, and case is preserved (without being case-sensitive--FILE.TXT equals File.TXT equals file.txt) Restricted characters are the same-- []',"/;:\=+^*?<>|

   FAT limitations

   • No local security (share permissions only)
   • Performance begins dropping on partitions over 200MB, especially with large numbers of files
   • Performance degrades quickly by file fragmentation
   • Theoretical upper limit of 4GB (improved from DOS FAT's 2GB)
   • Low fault-tolerance; subject to physical and logical disk errors
   • Supports only low-level file attributes (read-only, archive, system, hidden)
   • The root directory is limited to 512 entries. Since long filenames are stored in secondary directory entries (one per 13 extra characters beyond 8), too many of those can actually lead to Windows being unable to create files in root, and quite quickly.

   
   Note: There is a command-line-only utility to change a partition from FAT to NTFS – convert.exe. (To convert back to FAT from NTFS requires third-party software not supported by NT) The syntax is:

    

   C:\ convert [drive letter/partition]: /FS:NTFS /v

   
   You cannot convert a drive while the drive is being accessed. It may be scheduled for conversion at next bootup, before shares are accessible.
    

    

   Note: To convert from FAT16 to FAT32, the conversion utility is CVT1.EXE

    

   NTFS

   There are two versions of NTFS, NT File System: 4 (NT) and 5 (2000). The following pertain to both.

    

   • NTFS uses a MFT: Master File Table. NTFS allows you to adjust the sizes of clusters, and can support 2 Terabytes (default) up to 16 Exabytes.
   • NTFS, as the name implies, is NT's proprietary file system. It supports far more useful characteristics
     • Fault tolerance
     • Extended attributes (such as date of creation),
     • Object-oriented file and directory security (including auditing file use)
     • File-level compression
     • Faster locating method (branching tree), and
     • A truly awesome maximum capacity.
   • NTFS keeps a log of all read/write transactions. For example, if on a SCSI disk, it will automatically scan for bad clusters, mark them as bad and avoid them, and move data to good clusters. If the error is discovered during a write, the data will be rewritten to a sound sector. If a read operation discovers a bad cluster, however, it cannot be read, and the data is lost.
   • Extended attributes were added for POSIX compliance. This includes time stamping for file creation, accessing, and modification. Filenames are case sensitive (e.g. file.txt and File.txt are treated as different and can be stored in the same folder). "Hard links", where the same file is accessed by two different filenames, is also supported.
   • Permissions can be set and auditing enabled for individual folders and files. The permissions differ slightly for files and folders, and can be combined with normal share permissions to allow very fine-tuning.
   • NTFS supports compression at the drive/partition-, folder/directory-, or file-level.
   • Search functions look for files alphabetically in a branching search. This is much faster than following entries linked in a consecutive chain. Space for new files is allocated dynamically, which means defragmentation is required much less frequently.
   • The theoretical maximum size of an NTFS file or partition is 16 Exabytes. No existing hardware can take advantage of this. An Exabytes is 2⁶⁰ bytes...or a gigabyte OF gigabytes, for a total of 16 billion gigabytes in a single partition...not a limitation.

    

   NTFS4 Limitations
    

   • Filenames may not contain the characters ><|*"?/:\
   • Does not support file encryption
   • Works best on partitions over 50MB
   • Cannot format 1.44MB floppies because of high overhead (about 5MB per partition) required
   • If dual-booting to an OS other than NT, you must have at least one small FAT partition also.
   • Must reboot after reformatting a ZIP drive or other removable media (looked all over, and can't find out why)

    

   NTFS4 vs. NTFS5

   Windows 2000 uses an updated version of NTFS (sometimes called NTFS5). The major improvements are:

   • File and/or directory encryption
   • Per-user, per-volume disk quotas
   • Hierarchical Storage Management (reparse points)
   • Mount points
   • Distributed link tracking support
   • Sparse-file support
   • Volume change tracking
   • Encryption. Encryption. Encryption.

   
   Windows 2000 Server will require the use of NTFS5 format on all domain controllers. Similarly, it is likely that most other servers will be using the NTFS5 format to take advantage of the new Windows 2000 Server features.
    

    

   Note: Installing Windows 2000 will automatically convert NTFS4 to NTFS5. Also, NTFS4 cannot repair NTFS5 volumes, but NTFS5 can repair NTFS4 volumes.

    

   Read more on NTFS5:

   msdn.microsoft.com/library/periodic/period00/NTFSPart1.htm

   www.microsoft.com/TechNet/win2000/win2ksrv/da1100.asp

   http://www.microsoft.com/NTServer/nts/deployment/migration/PrepWinNT/4_ThingsToDo.asp

    

   Read more on Dual Booting issues with NTFS:

   http://www.microsoft.com/technet/winnt/winntas/Tips/techrep/dualboot.asp

   http://www.sysinternals.com/ntw2k/freeware/NTFSCHK.shtml

    

    

   Differences between FAT and NTFS and HPFS (OS/2 file system)

   http://support.microsoft.com/support/kb/articles/Q100/1/08.ASP

    

   NTFS Folder and File Permissions

   NTFS permissions secure resources and determine user/group access.

    

   Folder Permissions include:

   • Read – ability to read
   • Write – ability to view attributes, permissions
   • List – ability to view names of files and subfolders
   • Read/Execute – read, plus run applications
   • Modify – Read/Execute and Write permissions, plus modify and delete
   • Full Control – All of the above, plus changing permissions
   • Deny – overrides any other permission

    

   File Permissions include:

   • Read – ability to read
   • Write – ability to view attributes, permissions
   • Read/Execute – read, plus run applications
   • Modify – Read/Execute and Write permissions, plus modify and delete
   • Full Control – All of the above, plus changing permissions
   • Deny – overrides any other permission

    

   Permissions are assigned with the Access Control List (ACL). User permission entries in that list are called Access Control Entry (ACE) to allow or deny access to files and folders.

    

   Viruses

   Types of Viruses

    

   • Boot Sector – attacks boot sector, FAT table, partition table
   • Program or Executable – attacks program files (like .COM, .EXE, .SYS for example)
   • Excel/Word Macro – infects a document, infects templates and all documents created afterward
   • Trojan – programs that do something other than what the user thinks they do
   • Bimodal or Bipartite – boot sector and executable functions
   • Polymorphic virus – changes its signature to prevent detection by anti-virus software

    

   Virus Sources

   • Email attachments (word document, exe file...)
   • Internet downloads
   • Infected floppy disk

    

   Common Symptoms:

   • Boot failure
   • Reformatted drives (hard drive, floppy)
   • FAT or MBR corrupt
   • Files corrupt
   • Strange messages/graphics on the screen

    

   Note: Any error can be caused by a virus. Always better to do a virus check FIRST, especially when you encounter strange errors/problems.

    

   Virus Prevention

   • Never turn the computer on (Hey! It works, okay!?)
   • Anti-virus software (McAffee, Norton/Symantec, Dr. Solomon...)
   • Regular updates to your virus software (and regularly scheduled virus checks)
   • Educate users (virus check email, attachments, Internet downloads)
   • Know where the software came from
   • Do regular backup

    

   Note: Mke sure you have clean boot disks just in case.

    

   Protecting Users from themselves:

   http://www.microsoft.com/technet/maintain/protuser.asp

    

   Recovering from a Virus

   • Sometimes you can’t. Accept that now.
   • Boot from a clean floppy and detect, then remove the virus.
   • Restore data from Backups (do another virus scan – make sure the backup isn’t infected.)

    

   See also:

   Practicing Safe Hex Pt. 1 (About viruses)
   Practicing Safe Hex Pt. 2
   Practicing Safe Hex Pt. 3
    

   Networks

   A network is simply two or more computers able to communicate and share data.

   To network any computer, it must have a unique name (up to 15 characters) on the Network, in addition to a unique MAC Address and IP Address.

    

   You set up the Computer Name, Workgroup and Description from Control Panel -> Network -> Identification tab:

    

   

    

    

   Types of Networks:

   • Peer-to-peer (Windows 9x)
   • Server-based (Windows NT and 2000)

    

   See also:

   Networking the Basics - Part 1
   Networking the Basics - Part 2
   Networking the Basics - Part 3
    

   Network Protocols

   A protocol is the means by which one computer packages data and sends it out over the wire, and the receiving computer unpackages it for use. Protocols define a common standard for communication between machines, and specify the sequence of actions taken during transmission.

    

   Network protocols break data into packets for transmission. This is more efficient and fail-safe than a continuous stream over the wire. If an error occurred, it would affect the entire transmission and the whole thing would have to be resent. If a packet is lost or corrupted, the packet is simply resent with less time and effort. Breaking data into packets also means several machines can send data at about the same time.

    

   A packet consists of three parts (exact contents differ between protocols):

   • Header--begins with a signal that a packet is being sent, names/addresses of source and destination machines, and synchronization info for reassembly
   • Data--the actual information "inside the envelope"
   • Trailer--usually contains error-catching information, such as Cyclic Redundancy Check

    

   The protocol at the source machine is responsible for breaking the data into the right size chunks, attaching header and trailer information, and transmitting the packet. At the receiving end, the protocol reads all headers going by for its own name or address, intercepts the right packets, strips off the "envelope", and places the data in a cache or buffer. The "envelopes" are then used to reassemble the data chunks into the proper order and check for errors.
   
   When we refer to a “Protocol”, we most often mean a group, or suite, of separate protocols that work together or separately. When designed to work in a specific sequence, the suite is referred to as a stack. Common protocol stacks/suites are:

    

   • Open Systems Interconnection - the OSI protocol suite was designed to link many dissimilar hardware platforms running many disparate OSes.
   • AppleTalk - modelled in layers after OSI; provides connectivity among Apple machines and PC-based networks.
   • NetBEUI - NetBIOS Extended User Interface is proprietary to Microsoft networks. It is not routable and is only used within Local Area Networks. It is fast, simple, and self-configuring. It operates by means of broadcasts and user-friendly names, used in small networks
   • IPX/SPX - Novell's routable protocol suite for a client-server environment. Partially based on Xerox Network Systems protocols. It used to require a separate NIC to run; with Open Data-link Interface, can now be bound to the same NIC with other suites. Netware utilizes a "default tree and context" or a binary mode. Netware 3.x is bound to a single server, and needs to be configured for several different "frame types". Netware 4.x eliminates these details, and operates by means of an IPX address composed of the hardware address, the network address, and a socket number. With Netware 5.x and up, Novell is phasing out IPX/SPX, and switching over to TCP/IP. To avoid paying licensing fees, Microsoft has developed its own implementation of IPX/SPX (called NetWare Link) for connecting to systems running older NetWare versions.
   • Internet Protocol suite - composed of hundreds of separate protocols, and commonly referred to as TCP/IP. Used on the Internet, but also common in LANs.

    

    

   Installing and Configuring NIC

   To install a Network Interface Card:

   1. Power off the PC and remove the mains power cord
   2. Take ESD precautions
   3. Remove system case cover
   4. Find available expansion slot
   5. Remove blanking plate (covering slot at the back of the system case)
   6. Insert NIC, pressing firmly into place, and securing with a screw
   7. Replace case
   8. Connect external cables (including the mains power cord)
   9. Power on
   10. Check BIOS, Plug n Play
   11. Install drivers (Add/Remove Hardware or Network)
   12. Check for conflicts in Device Manager

    

   When you turn the computer on, if the NIC is PnP, the system should automatically detect the new hardware. You may be prompted for the driver to run it and allocate resources accordingly.

    

   If the system did not automatically find the NIC, you can go to Control Panel -> Add/Remove Hardware to install it manually.

    

   You can also add the driver (or update it) manually by going to:

   1. Control Panel -> Network
   2. Click Add
   3. Select Adapter
   4. Find the right make, model and click OK
   5. Click Have Disk if you have the driver disk

    

   Note: If you are troubleshooting a problem device, and you suspect the driver – choose the driver Windows has for your piece of hardware, and see if that fixes the problem.

    

   Installing and Configuring Network Connection

   Configuring networking can be done during Setup (installation), by going to Control Panel -> Network, or by right clicking on Network Neighborhood and selecting Properties:

    

   From Network Properties you can configure:

    

   • Client software to access resources across the network

      

      

   • Adapter settings and drivers

      

      

   • Protocols to be used (including TCP/IP, NetBEUI, etc)

      

      

   • Services like File and Print Sharing

      

    

    

   Windows 98 view:

   

    

    

   You need to enable File and Print Sharing, before you select certain files, folders, drives, or printers to be shared:

    

   

    

    

   Shared resources look like this:

    

   Shared Folder	Shared Drive	Mapped Drive

    

   More resources:

   How to share a local printer

    

   Network Drives

   To access a drive across the network, you must map the drive and assign it a drive letter:

   1. Find the drive you want to map to in Network Neighborhood / My Network Places
   2. Right click the share name and select Map Drive
   3. Choose the drive letter
   4. Select Reconnect at login
   5. Click OK

    

   Mapped drives follow UNC (Universal Naming Convention) syntax:

   Path: \\servername\share

    

   Network Printers

   You connect to Network printers from the Network Neighborhood / My Network Places window:

   1. Click Install New Printer
   2. Select Network Printer
   3. Select the Printer
   4. Enter the printer name
   5. Choose whether this is your default printer
   6. Click Finish

    

   Internet

   The Internet is the biggest WAN there is. In many ways, it is the conglomeration of all networks together. It is made up of dissimilar networks, OSes, hardware. What enables them all to talk on the Internet is common protocols, and universal standards for software and hardware.

    

   • URLs – Uniform Resource Locator
   • HTML web pages
   • Web browsers
   • Electronic mail
   • Newsgroups
   • FTP and Gopher
   • IRC – Internet Relay Chat
   • Internet phone and videoconferencing

    

   Internet Access

   Internet Access requires:

   • Dialup services (telephone, DSL, ISDN) or leased lines (cable modem, T1...)
   • Internet Service Provider (ISP)
   • Browser
   • TCP/IP

    

   To access the Internet, you must first configure TCP/IP. In Windows 9x:

   1. Go to Control Panel -> Network -> Add (we’ve been here already, remember?)
   2. Select Protocol and click Add
   3. Select Microsoft and TCP/IP

       

      If your browser doesn't support inline frames click HERE to view the full-sized graphic.

       

       

   4. Click Properties to Configure the IP Address, WINS and DNS Configurations. When you select Obtain IP address automatically, Windows is using DHCP (Dynamic Host Configuration Protocol). WINS config is the Microsoft Mechanism that resolves computer names to IP addresses. DNS config resolves UNC names (MS servers) of TCP/IP Hosts to IP addresses.

    

   

    

   Installing and Configuring Internet Connection

   Under My Computer, or in Start -> Programs -> Accessories, choose Dial-up Networking, and select Make New Connection:

   1. Name the connection
   2. Select the device (modem) to connect with
   3. Enter the phone number and country
   4. Click Finish

    

   The new connection will be listed beside the Make New Connection icon in Dial-up Networking:

    

    

   

    

   Note: Know the Properties display when you right click on the connection.

    

   Windows 2000 Connection Properties window:

    

   

   Configuring Internet Explorer

   You configure your Internet browser to connect using:

   • Dial-up connection (modem)
   • Proxy Server (ISP gateway)
   • LAN

    

   You can also configure all your Internet Options (from the Control Panel):

    

   

    

   TCP/IP

   TCP/IP is the Internet Protocol that provides a communication method for all systems connecting to the ‘Net. It is composed of hundreds of separate protocols, and commonly referred to as TCP/IP.

    

   Some of the important ones are:

    

   • TCP - Transmission Control Protocol takes the datastream and divides it into packets, then delivers them and waits for an acknowledgement. At the other end it receives the packets, sends an ACK, and reassembles the packets in sequence. It establishes a session with the receiving machine, defining session parameters with a "three-way handshake".
   • IP - Internet Protocol places source and destination IP addresses in the header, and assigns the routing information.
   • ICMP - Internet Control Message Protocol handles transmission errors. The PING utility uses ICMP. Some routers can also send ICMP "source quench" messages to a host to slow the rate of transmission if the router is being overworked.
   • UDP - User Datagram Protocol functions similarly to TCP, but does not establish a session or verify transmission. This is called "connectionless". Less reliable than TCP but faster.
   • HTTP - HyperText Transfer Protocol transmits data via HyperText Markup Language. It is the basis for the World Wide Web. An HTML page may contain links to any other HTML document. It operates over TCP (connection-oriented) but may or may not establish a session for longer than the transmission, depending on the version. Most of the Web now supports HTTP 1.1, which allows persistent connections. It is called a "stateless" protocol because commands are executed without regard for the previous command. To make Web pages interactive, other technologies such as ActiveX, Java, and JavaScript were developed, as well as "cookies"--small files that are stored on the client and returned to the server to identify the user and customize the page the server sends.
   • ARP - Address Resolution Protocol enables the discovery of physical hardware addresses. A host broadcasts a request by IP address, and the remote host with that IP address returns a message containing its MAC address. Both types of address must be in the header of a packet. The physical address never changes, but the destination IP address changes every "hop" (any passage through a router or host).
   • RARP - Reverse ARP is used by the host to discover its own IP address. The host broadcasts its physical address, and the RARP server (a piece of software, not a separate machine) returns the information. Mostly important to diskless workstations.
   • SNMP - Simple Network Management Protocol enables monitoring of network activity when installed. By itself, it does nothing; it enables separate monitoring utilities to report.
   • Gopher - A pre-WWW cataloguing utility now replaced by HTTP. Almost extinct.

    

   TCP/IP Utilities

   • FTP - File Transfer Protocol is an older but still preferred method of down- and up-loading files across the Net. Based on connection-oriented TCP.
   • TFTP - Trivial File Transfer Protocol is similar to FTP but uses UDP.
   • Telnet - Emulates a terminal and is used to execute commands on a server. Supports character-based functions only; GUI functions require the X-Window system on the client.
   • RCP, RSH, REXEC - also for getting or putting files on a server. Authentication is handled differently, either by password or a username match in the server's .RHOSTS file.
   • LPR - runs a print job on a host running Line Printer Dæmon
   • PING - "Packet INternet Groper" (Doubtful--probably just named after the SONAR term) enables verification that an IP address is active on the network. Without switches applied it returns the number of hops, the name of the router or host, and transit time in milliseconds. Go to a command line and enter "PING /?" for switch syntax.
   • IPCONFIG - a WinNT/2000 command that verifies the TCP/IP configurations of the host. The default is to display the IP address, subnet mask, and default gateway. Adding the switch /all returns more information...much more.
   • WINIPCFG - a Win9x command similar to above. Returns a GUI window.
   • NSLOOKUP - views entries on a DNS server; displays domain names paired with IP addresses.
   • NETSTAT - displays current TCP/IP connections and protocol stats. Enter NETSTAT /? at the command prompt for a list of options available with this.
   • NBTSTAT - returns status of NetBIOS names resolved to IP addresses, and checks the status of NetBIOS sessions. Again, NBTSTAT /? gets you help on the switches.
   • ROUTE - views and enables editing of the host's routing tables. Used especially if the default gateway develops problems.
   • TRACERT - displays all the routing hops a packet takes to its destination. Results may vary, as "intelligent" routers may send packets by different routes depending upon the traffic on a particular segment. TRACERT /? returns the switch options.
   • WHOIS and FINGER - returns user info on domains and email addresses, respectively.

    

   Domain Names

   IP Addresses

   Every computer on the Internet has a 32-bit unique IP address, which looks like this:

   206.112.74.27

    

   But all those numbers are hard to remember, much less type properly. So, an alternative addressing method called FQDN (Fully Qualified Domain Names) is used.

    

   Domain names are user-friendly versions of the IP address:

   www.brainbuzz.com = 206.112.74.27

    

   Domains

   Top-level domain - .com, .org, .net, edu, .ca, .au ...

   Sub-domains – identify the company (brainbuzz, ebay, amazon, etc)

   Local domains – specify a division within the company (eg, cramsession.brainbuzz.com)

   Host – www, www2...

    

   URLs

   URLs are made up of a:

   • Protocol – http:, ftp:, mailto:, irc: etc
   • Host name (domain + sub-domain + local domain [if any] + host) – cramsession.brainbuzz.com
   • File path – to the exact web page - /cramsession/comptia/default.asp

    

   e.g. http://cramsession.brainbuzz.com/cramsession/comptia/default.asp

    

   Email addresses are made up of a:

   • Protocol – mailto:
   • Identifier – e.g. whomever@wherever.com

    

    

   Special thanks to Cherina Sparks and sc0rp10n for contributing this Cramsession. For feedback from the authors, please post a message labelled "Attention Cramsession Author" here: A+ Operating Systems Forum

    

    

    

1. without a NOS, us a boot disk which includes MSClient (for network connections)

    

    

2. TYPE in NET USE W: \\Servername\W2000P to connect to the distribution share.

    

    

3. Run the Setup program: WINNT32.EXE on 9x/NT machines; WINNT.EXE on Win3.x machines.

    

    

4. The WINNT/WINNT32 program will create a Temporary folder and copy the installation files into it.

    

    

5. Restart you computer to begin the installation process.

    

After restarting the machine:

 

1. Start the setup program

    

    

2. Text Mode setup

    

    

   • Create partition for Win2K

      

      

   • Select the File System

      

      

   • Format the partition, if needed

      

      

   • Copy installation files to the hard drive

      

    

3. Restart the computer

    

    

4. Setup Wizard (graphic mode)

    

    

   • Choose Regional Settings

      

      

   • Enter name and organization

      

      

   • Enter the Product Key (write it on the CD!)

      

      

   • Enter a 15 character computer name, unique to the network (ask your Net Admin for this)

      

      

   • Choose a password for the local Administrator account

      

      

   • Fill in the Date and Time

      

    

5. Network Configuration

    

    

   • Auto-detects NICs and installs Windows Networking (Client for Microsoft Networks, File and Print Sharing, TCP/IP)

      

      

   • Choose to join a workgroup or a domain

      

    

6. Final Bits to Tidy up

    

    

   • Create Start menu shortcuts

      

      

   • Setup choices applied

      

      

   • Configuration saved to hard drive

      

      

   • Temp files deleted

      

7. Last Restart

    

Upgrading to Windows 2000

On Windows 9x or NT machines, use WINNT32.EXE to start Setup. On Windows 3.x, you use WINNT.EXE. This will create a temporary folder and copy installation files into it. The computer will need to restart before the rest of the Installation process.

http://www.microsoft.com/windows2000/professional/howtobuy/upgrading/path/win9x.asp

Boot Sequence of Windows 2000

1. POST
2. PnP Devices
3. Locates MBR
4. NTLDR (Real mode to 32 bit memory model and then loads the drivers to read the file system))
5. BOOT.INI (location of other OS files)
6. BOOTSECT.DOS (for multi-boot systems when another OS is detected)
7. NTDETECT.COM (hardware detection)
8. WINNT\SYSTEM32\NTOSKRNL.EXE (initialized ***Win2k kernel file***)
9. HAL.DLL (Hardware Abstraction Layer for hardware independence)
10. WINNT\SYSTEM32\CONFIG\HKEY_LOCAL_MACHINE\SYSTEM key (the key from the Registry for the device drivers to be initialized)
11. WINNT\SYSTEM32\drivers\*.SYS (low-level device drivers loaded)

    Graphic Display...

12. HKEY_LOCAL_MACHINE\HARDWARE key (the key from the Registry for detecting hardware and settings)
13. Clone copy of control set is created (prior setup)
14. Device Drivers loaded
15. Windows 2000 services started
16. Logon prompt (after login, the clone control set is copied to the LastKnownGood control set in case of a system boot failure)

Note: Just like NT, the LastKnownGood Control set remembers the last time Win2K booted successfully. If Win2K fails on startup, DO NOT logon before shutting down the system, as it will overwrite the last good config. Pressing F8 on Startup will get you to the Last Known Good selection on the Advanced Option menu.

After a failed boot in NT or 2000, do not logon.

Advanced Options Menu

In Windows 9x, this menu was called the Startup menu, but in Win2k, it’s called the Advanced Options menu. Press F8 to access it as the system is booting:

• Safe Mode
• Safe Mode with Networking
• Safe Mode with Command Prompt
• Enable Boot Logging (WINNT\NTBTLOG.TXT)
• Enable VGA mode
• Last Known good Configuration
• Directory Services Restore Mode (Domain Controllers only)
• Boot Normally

Windows 2000 Required Boot Files

• NTLDR (loader file)
• NTDETECT.COM (recognizes hardware)
• BOOT.INI (OS menu)
• BOOTSECT.DOS (alt boot sector)
• NTOSKRNL.EXE (kernel)
• HAL.DLL
• SYSTEM32\CONFIG (registry)
• SYSTEM\32\DRIVERS\*.SYS (drivers)

Administering Windows 2000

Win2K has a centralized location for Management Utilities called the Microsoft Management Console (MMC). It is the location for applications called Snap-ins. Consoles can be saved in either author or user mode, with full access, limited access (multiple window), or limited access (single window).

The MMC (Microsoft Management Console) is the central location for Windows 2000 management utilities (called Snap-ins). Start -> Run -> MMC

More on MMC Snap-ins:

http://support.microsoft.com/support/kb/articles/Q230/2/63.ASP

http://support.microsoft.com/support/kb/articles/Q271/1/35.ASP

Disk Management and Resources

Volume Sets

A volume is a unit of storage, logical or physical (whole or part of a drive) used by Windows 2000 dynamic storage for fault tolerance and backup:

• Simple Volume – No fault tolerance. disk space from one disk only.
• Spanned Volume – No fault tolerance. Disk space from more than one disk, information is written on one disk until full, then the next, then the next
• Striped volume (aka RAID 0) – to improve disk access. Data is written simultaneously to all disks (stripe set). Stripe Sets may be created by selecting 2 to 32 areas of free space on 2 to 32 physical HDDs. This enables writing and reading across two or more HDDs simultaneously and can speed up read/write access. There is no fault tolerance on a simple stripe set.
• Mirror Sets (RAID 1) and Stripe Sets with Parity (Duplexed) (RAID 5) are available only on NT/2000 Server. These use multiple HDDs for faster access and/or recoverability of data in case one drive fails.
   

User and Group Management

Just like Windows NT, Win2K has two types of accounts:

• Local (this computer login)
• Domain (accounts reside on the domain controllers)

Like Windows NT, There are two built-in User Accounts that can be changed, but not deleted:

• Administrator (god rights)
• Guest (default disabled)

User Accounts

You create User Accounts using the Local Users and Groups snap-in:

Go to Admin Tools -> Computer Management -> Users folder ->

Right click and select New User:

Fill in the fields:

• Username (required)
• Full name (helpful in larger environments)
• Description
• Password (recommended)
• User must change password at next login
• User cannot change password
• Password never expires
• Account is disabled

Groups

A group is simply a collection of user accounts the make it easier to assign permissions and rights to a number of users.

Win2K Professional (like NT Workstation) can only create Local groups. You need a unique name (less than 256 character with no back slashes: \), and can add and remove members as needed.

Note: Shift + Click to add multiple user accounts at once, or use Ctrl + Click to add a consecutive list of users.

Built-in Groups:

• Administrators (god power)
• Power Users (some admin privileges)
• Backup Operators (can backup and restore folders/files)
• Replicator (with directory replication is used)
• Users (all new users are automatically added to this group)
• Guests (limited rights)

If your browser doesn't support inline frames click HERE to view the full-sized graphic.

Win2K also have Built-in System Groups:

• Everyone (all users who access the system)
• Authenticated Users (all users with a valid account)
• Creator Owner (Group owners)
• Interactive (user currently working locally)
• Network (groups of user accounts/users currently connected to the network)

Managing Security

Auditing

Auditing enables the Administrator to track user accounts and system events, using the security log in Event Viewer. This log includes the action taken, the user who did it, whether successful or unsuccessful. Also includes:

• Account management
• Logon events
• Object access
• Policy changes
• Privilege use
• System Events

Go to Start -> Programs - > Admin Tools -> Local Security to set up Auditing:

If your browser doesn't support inline frames click HERE to view the full-sized graphic.

And Password Policy to:

• Enforce password history (can keep up to 24 passwords, to prevent reusing)
• Max password age (42 days, below)
• Min password age (when a password can be changed again)
• Min password length (...to a max of 14 characters)
• Meet complexity requirements
• Account Lockout duration (time of lockout after exceeding logon attempt threshold)
• Account Lockout threshold (number of login attempts allowed)
• Reset account lockout (after a number of login attempts)

If your browser doesn't support inline frames click HERE to view the full-sized graphic.

Logon Security Options include:

• Allow system to be shut down without having to logon
• Disable CTRL + ALT +DEL requirement for logon
• Do not display last user name on logon screen
• Automatically logoff user when login time expires
• Rename Admin account
• Rename guest account
• NOTE: There are MANY options here...

Troubleshooting Windows 2000

For system recovery, try the Recovery Console, a command line interface, or Emergency Repair, which copies system files and replaces ones damaged/missing, on the Windows 2000 CD. Select the Repair option for either Recovery Console or Emergency Repair.

Top 15 Admin Tasks for Win2K:

http://www.microsoft.com/TechNet/win2000/win2kts/prodfact/w2ktop15.asp

MS How it Works:

http://www.microsoft.com/windows2000/techinfo/howitworks/default.asp

MS Step-by-step:

http://www.microsoft.com/windows2000/techinfo/planning/walkthroughs/default.asp

Troubleshooting What to know:

http://www.microsoft.com/technet/win2000/whattodo.asp

Windows Professional HELP:

http://www.microsoft.com/windows2000/en/professional/help/

Don’t have access to Windows 2000? Check out MS’s online demos:

http://www.microsoft.com/windows2000/demos/default.asp

Windows 2000 Utilities

There are at least 3 ways to open every utility: from the Start Menu, from the Control Panel, from MMC.

Start -> Control Panel

See the two little down arrows? That is the (annoying) learning menu in Windows 2000. The menu only shows you what you have accessed recently. If you don’t use it, Windows doesn’t show it. If you mouse over the two little down arrows, the menu opens up.

You can turn off the learning menu:

Start -> Settings -> Control Panel

Start -> Run

Other Win2K Utilities

• Convert.exe – to convert from FAT/FAT32 to NTFS
• File Compression and Encryption – access from Folder/File Properties (right click) -> General tab -> Advanced button

• Disk Quotas are accessed from right clicking on a drive and selecting Properties -> Quota tab. Disk quotas are used on a per-user, per-volume basis and define the amount of space used for each users files and folders.
• Encrypting File System (EFS) – allows NTFS volumes to be secured.
• Dr. Watson - detects information about system and program failures, then records the info into a log file. In the event of a program error, Dr. Watson starts automatically.

Note: Encrypted files can’t be compressed, and compressed files can’t be encrypted.

Read more on EFS:

http://www.microsoft.com/technet/win2000/win2ksrv/technote/nt5efs.asp

NT/2000 Registry

The Registry in Windows NT is the central source of configuration information for the system. Those .INI files (which in other OSes performed this function also) that remain are strictly for backward compatibility with 16-bit applications.
 

It is possible to edit the Registry directly with two separate utilities: REGEDIT.EXE and REGEDT32.EXE. The major difference is; REGEDIT is easier to find keys with, and REGEDT32 is easier to edit keys with. This is only recommended for experts—one, repeat ONE false entry can crash the system instantly, and force a fresh reinstall of the OS. An Administrator can view and edit the Registry of a remote machine.
The GUI tools are far safer and easier to use, and can handle 95% of configuration tasks.
 

Click Start -> Run and type either REGEDIT or REGEDIT32

Windows 98 REGEDIT:

If your browser doesn't support inline frames click HERE to view the full-sized graphic.

Windows 2000 REGEDIT32

If your browser doesn't support inline frames click HERE to view the full-sized graphic.

Major Differences Between Windows Versions

Windows 95, 98, NT, and 2000 all share basically the same desktop, but there are some significant differences.

To compare, see also:

http://www.microsoft.com/technet/win2000/win2kpro/default.asp

http://www.microsoft.com/technet/win2000/win2ksrv/default.asp

http://www.microsoft.com/technet/winnt/default.asp

http://www.microsoft.com/technet/win98/default.asp

See also:

All MS OSes in 1500 Words or Less
 

Windows 9x

The main differences between Windows 95 and 98 are desktop changes. Specifically, Windows 98 has:

• Fully integrated IE
• Full 32-bit operation (including 32-bit WDM device drivers)
• Standardised 32-bit drivers
• FAT32 file system
• Long filenames
• Pre-emptive multitasking (applications given a timeslice to complete a task)
• Support for more hardware (including multiple displays) and remote access
• Plug N Play support (Windows 95 was leaps ahead of Windows 3.x)
• More System Management Utilities, like MSI (Microsoft System Information), Dr. Watson and Maintenance Wizard

Also read: Pre-emptive Multitasking Explained

Windows NT

Windows NT is significantly different from previous Windows OSes. NT is/has:

• Real 32-bit environment
• More expensive
• More robust (reliable)
• Much better security (mandatory login, auditing, access, control)
• User, group, and permission management
• Requires a better system (more hardware) to run (RISC-based machines, multiple processors)
• Support for Multiple platforms and other OSes (POSIX and OS/2)
• Better multitasking and multithreading
• More networking capabilities built-in
• Multiple protocol support
• NTFS (supports FAT or NTFS file systems)
• More of a business OS, than home use
• ***POOR PnP support***
• ***No Device Manager***

Server vs. Workstation

• Server allows unlimited network connections, where as Workstation allows only 10
• Server allows up to 256 Remote sessions; Workstation only 1.
• Server login to local machine and domain; Workstation login to local machine
• Server has fault tolerance (RAID 0,1,5)
• Server can handle SMP and 4 processors; Workstation SMP and 2 processors
• Server has a domain-based management architecture

Same differences are seen comparing Windows 2000 Professional and Server.

Windows 2000

Windows 2000 combines the best of all versions of Windows -- supposedly ;)

• File Level Encryption (EFS)
• Most expensive
• You can choose your file system with 2000, either FAT32 or NTFS
• Full Internet integration (including IPP – Internet Printing Protocol – and ICM – Image Colour Management)
• Even better hardware support (larger disks, great PnP support, multiple processors like NT)
• Most hardware intensive OS yet
• Scheduled Backup options, including CD-R and ZIP devices, and Tasks
• Increased networking requirements
• Improved Security (Kerberos Authentication Protocol, aka encryption) – file level encryption
• Customisable admin tools (MMC, Snap-ins), start menu (a “learning menu”)
• Cannot delete system-required files (as 2000 keeps a second copy that will automatically replace any deleted system file)
• Active Directory support
• Auditing
• Better user, group, and permission management
• Mobile users support

Windows 3.x, XP, Me and Linux

None of these OS are covered on the A+ exam – so I’m not covering them here. ;)

Windows File Systems

There are three Windows file systems:

• CDFS--Compact Disc File System; a read-only file system, not configurable
• FAT--File Allocation Table; primarily for compatibility with other OSes (dual-booting)
• NTFS--New Technology File System; fast, reliable, secure, and robust
• (Also HPFS – High Performance File System – to convert from OS/2)

File Allocation Table (FAT)

Windows 9x uses FAT32, with FAT16 drivers for backward capabilities.

Each partition on a hard drive needs to be formatted to hold files (high level formatting) and folders that the OS can access. The FORMAT command creates and configures File Allocation Tables (FAT) and creates the root directory to build the OS upon.

Hard drives store data in areas called sectors, up to 512 Bytes. If you have a file smaller than 512B, the rest of the sector goes to waste. If you have a file over 512B, the OS fills unused, non-sequential sectors until the file is stored completely (this is why you will eventually need to “defrag” every hard drive, too). Once files are written to the disk, the OS needs to remember which sectors have parts of which file: in other words, a File Allocation Table.

FAT16 means the file system uses 16 bits to write addresses (4 hexadecimal numbers: 0000-FFFF). By doing the math, you will see why we outgrew this years ago. Our hard drives got too big: 16 bits equals 65,536 (64K of) sectors.

65,536 (64K) x 512K = 33,554,432 Bytes (or 32,768 KB or 32 MBs)

To get partitions larger than 32MB with FAT16, we used clusters or file allocation units: contiguous sectors acting like one sector in the FAT table. With between 4 to 64 sectors/cluster, FAT16 was able to see partitions up 2 GBs (32K clusters).

With Windows 95, FAT32 was introduced. FAT32 means the FAT table has 32-bit addresses (8 hexadecimal numbers). This also enabled long file names (beyond the 8.3 dos standard). Depending on the cluster size (4-32 sectors/cluster), FAT32 can read partitions up to 2 Terabytes (4K clusters).

Under NT, FAT is actually VFAT, Virtual FAT. The major difference is that hardware is not accessed directly (A virtual device driver "fools" the system into thinking that it is), which contributes to robustness. The file system will not crash with the hardware. It relies upon a linked-list directory structure, which reduces performance on large partitions (each directory entry is linked to the next--the longer the chain, the slower the access) and limits its practical size. A FAT partition is required on RISC machines (for the boot files) and on dual-boot (NT and DOS/Windows systems) machines.
The VFAT used by NT is more flexible than the old DOS FAT--filenames up to 255 characters including the entire path are allowed, periods and spaces in filenames are fine, and case is preserved (without being case-sensitive--FILE.TXT equals File.TXT equals file.txt) Restricted characters are the same-- []',"/;:\=+^*?<>|

FAT limitations

• No local security (share permissions only)
• Performance begins dropping on partitions over 200MB, especially with large numbers of files
• Performance degrades quickly by file fragmentation
• Theoretical upper limit of 4GB (improved from DOS FAT's 2GB)
• Low fault-tolerance; subject to physical and logical disk errors
• Supports only low-level file attributes (read-only, archive, system, hidden)
• The root directory is limited to 512 entries. Since long filenames are stored in secondary directory entries (one per 13 extra characters beyond 8), too many of those can actually lead to Windows being unable to create files in root, and quite quickly.

Note: There is a command-line-only utility to change a partition from FAT to NTFS – convert.exe. (To convert back to FAT from NTFS requires third-party software not supported by NT) The syntax is:

C:\ convert [drive letter/partition]: /FS:NTFS /v

You cannot convert a drive while the drive is being accessed. It may be scheduled for conversion at next bootup, before shares are accessible.
 

Note: To convert from FAT16 to FAT32, the conversion utility is CVT1.EXE

NTFS

There are two versions of NTFS, NT File System: 4 (NT) and 5 (2000). The following pertain to both.

• NTFS uses a MFT: Master File Table. NTFS allows you to adjust the sizes of clusters, and can support 2 Terabytes (default) up to 16 Exabytes.
• NTFS, as the name implies, is NT's proprietary file system. It supports far more useful characteristics
  • Fault tolerance
  • Extended attributes (such as date of creation),
  • Object-oriented file and directory security (including auditing file use)
  • File-level compression
  • Faster locating method (branching tree), and
  • A truly awesome maximum capacity.
• NTFS keeps a log of all read/write transactions. For example, if on a SCSI disk, it will automatically scan for bad clusters, mark them as bad and avoid them, and move data to good clusters. If the error is discovered during a write, the data will be rewritten to a sound sector. If a read operation discovers a bad cluster, however, it cannot be read, and the data is lost.
• Extended attributes were added for POSIX compliance. This includes time stamping for file creation, accessing, and modification. Filenames are case sensitive (e.g. file.txt and File.txt are treated as different and can be stored in the same folder). "Hard links", where the same file is accessed by two different filenames, is also supported.
• Permissions can be set and auditing enabled for individual folders and files. The permissions differ slightly for files and folders, and can be combined with normal share permissions to allow very fine-tuning.
• NTFS supports compression at the drive/partition-, folder/directory-, or file-level.
• Search functions look for files alphabetically in a branching search. This is much faster than following entries linked in a consecutive chain. Space for new files is allocated dynamically, which means defragmentation is required much less frequently.
• The theoretical maximum size of an NTFS file or partition is 16 Exabytes. No existing hardware can take advantage of this. An Exabytes is 2⁶⁰ bytes...or a gigabyte OF gigabytes, for a total of 16 billion gigabytes in a single partition...not a limitation.

NTFS4 Limitations
 

• Filenames may not contain the characters ><|*"?/:\
• Does not support file encryption
• Works best on partitions over 50MB
• Cannot format 1.44MB floppies because of high overhead (about 5MB per partition) required
• If dual-booting to an OS other than NT, you must have at least one small FAT partition also.
• Must reboot after reformatting a ZIP drive or other removable media (looked all over, and can't find out why)

NTFS4 vs. NTFS5

Windows 2000 uses an updated version of NTFS (sometimes called NTFS5). The major improvements are:

• File and/or directory encryption
• Per-user, per-volume disk quotas
• Hierarchical Storage Management (reparse points)
• Mount points
• Distributed link tracking support
• Sparse-file support
• Volume change tracking
• Encryption. Encryption. Encryption.

Windows 2000 Server will require the use of NTFS5 format on all domain controllers. Similarly, it is likely that most other servers will be using the NTFS5 format to take advantage of the new Windows 2000 Server features.
 

Note: Installing Windows 2000 will automatically convert NTFS4 to NTFS5. Also, NTFS4 cannot repair NTFS5 volumes, but NTFS5 can repair NTFS4 volumes.

Read more on NTFS5:

msdn.microsoft.com/library/periodic/period00/NTFSPart1.htm

www.microsoft.com/TechNet/win2000/win2ksrv/da1100.asp

http://www.microsoft.com/NTServer/nts/deployment/migration/PrepWinNT/4_ThingsToDo.asp

Read more on Dual Booting issues with NTFS:

http://www.microsoft.com/technet/winnt/winntas/Tips/techrep/dualboot.asp

http://www.sysinternals.com/ntw2k/freeware/NTFSCHK.shtml

Differences between FAT and NTFS and HPFS (OS/2 file system)

http://support.microsoft.com/support/kb/articles/Q100/1/08.ASP

NTFS Folder and File Permissions

NTFS permissions secure resources and determine user/group access.

Folder Permissions include:

• Read – ability to read
• Write – ability to view attributes, permissions
• List – ability to view names of files and subfolders
• Read/Execute – read, plus run applications
• Modify – Read/Execute and Write permissions, plus modify and delete
• Full Control – All of the above, plus changing permissions
• Deny – overrides any other permission

File Permissions include:

• Read – ability to read
• Write – ability to view attributes, permissions
• Read/Execute – read, plus run applications
• Modify – Read/Execute and Write permissions, plus modify and delete
• Full Control – All of the above, plus changing permissions
• Deny – overrides any other permission

Permissions are assigned with the Access Control List (ACL). User permission entries in that list are called Access Control Entry (ACE) to allow or deny access to files and folders.

Viruses

Types of Viruses

• Boot Sector – attacks boot sector, FAT table, partition table
• Program or Executable – attacks program files (like .COM, .EXE, .SYS for example)
• Excel/Word Macro – infects a document, infects templates and all documents created afterward
• Trojan – programs that do something other than what the user thinks they do
• Bimodal or Bipartite – boot sector and executable functions
• Polymorphic virus – changes its signature to prevent detection by anti-virus software

Virus Sources

• Email attachments (word document, exe file...)
• Internet downloads
• Infected floppy disk

Common Symptoms:

• Boot failure
• Reformatted drives (hard drive, floppy)
• FAT or MBR corrupt
• Files corrupt
• Strange messages/graphics on the screen

Note: Any error can be caused by a virus. Always better to do a virus check FIRST, especially when you encounter strange errors/problems.

Virus Prevention

• Never turn the computer on (Hey! It works, okay!?)
• Anti-virus software (McAffee, Norton/Symantec, Dr. Solomon...)
• Regular updates to your virus software (and regularly scheduled virus checks)
• Educate users (virus check email, attachments, Internet downloads)
• Know where the software came from
• Do regular backup

Note: Mke sure you have clean boot disks just in case.

Protecting Users from themselves:

http://www.microsoft.com/technet/maintain/protuser.asp

Recovering from a Virus

• Sometimes you can’t. Accept that now.
• Boot from a clean floppy and detect, then remove the virus.
• Restore data from Backups (do another virus scan – make sure the backup isn’t infected.)

See also:

Practicing Safe Hex Pt. 1 (About viruses)
Practicing Safe Hex Pt. 2
Practicing Safe Hex Pt. 3
 

Networks

A network is simply two or more computers able to communicate and share data.

To network any computer, it must have a unique name (up to 15 characters) on the Network, in addition to a unique MAC Address and IP Address.

You set up the Computer Name, Workgroup and Description from Control Panel -> Network -> Identification tab:

Types of Networks:

• Peer-to-peer (Windows 9x)
• Server-based (Windows NT and 2000)

See also:

Networking the Basics - Part 1
Networking the Basics - Part 2
Networking the Basics - Part 3
 

Network Protocols

A protocol is the means by which one computer packages data and sends it out over the wire, and the receiving computer unpackages it for use. Protocols define a common standard for communication between machines, and specify the sequence of actions taken during transmission.

Network protocols break data into packets for transmission. This is more efficient and fail-safe than a continuous stream over the wire. If an error occurred, it would affect the entire transmission and the whole thing would have to be resent. If a packet is lost or corrupted, the packet is simply resent with less time and effort. Breaking data into packets also means several machines can send data at about the same time.

A packet consists of three parts (exact contents differ between protocols):

• Header--begins with a signal that a packet is being sent, names/addresses of source and destination machines, and synchronization info for reassembly
• Data--the actual information "inside the envelope"
• Trailer--usually contains error-catching information, such as Cyclic Redundancy Check

The protocol at the source machine is responsible for breaking the data into the right size chunks, attaching header and trailer information, and transmitting the packet. At the receiving end, the protocol reads all headers going by for its own name or address, intercepts the right packets, strips off the "envelope", and places the data in a cache or buffer. The "envelopes" are then used to reassemble the data chunks into the proper order and check for errors.

When we refer to a “Protocol”, we most often mean a group, or suite, of separate protocols that work together or separately. When designed to work in a specific sequence, the suite is referred to as a stack. Common protocol stacks/suites are:

• Open Systems Interconnection - the OSI protocol suite was designed to link many dissimilar hardware platforms running many disparate OSes.
• AppleTalk - modelled in layers after OSI; provides connectivity among Apple machines and PC-based networks.
• NetBEUI - NetBIOS Extended User Interface is proprietary to Microsoft networks. It is not routable and is only used within Local Area Networks. It is fast, simple, and self-configuring. It operates by means of broadcasts and user-friendly names, used in small networks
• IPX/SPX - Novell's routable protocol suite for a client-server environment. Partially based on Xerox Network Systems protocols. It used to require a separate NIC to run; with Open Data-link Interface, can now be bound to the same NIC with other suites. Netware utilizes a "default tree and context" or a binary mode. Netware 3.x is bound to a single server, and needs to be configured for several different "frame types". Netware 4.x eliminates these details, and operates by means of an IPX address composed of the hardware address, the network address, and a socket number. With Netware 5.x and up, Novell is phasing out IPX/SPX, and switching over to TCP/IP. To avoid paying licensing fees, Microsoft has developed its own implementation of IPX/SPX (called NetWare Link) for connecting to systems running older NetWare versions.
• Internet Protocol suite - composed of hundreds of separate protocols, and commonly referred to as TCP/IP. Used on the Internet, but also common in LANs.

Installing and Configuring NIC

To install a Network Interface Card:

1. Power off the PC and remove the mains power cord
2. Take ESD precautions
3. Remove system case cover
4. Find available expansion slot
5. Remove blanking plate (covering slot at the back of the system case)
6. Insert NIC, pressing firmly into place, and securing with a screw
7. Replace case
8. Connect external cables (including the mains power cord)
9. Power on
10. Check BIOS, Plug n Play
11. Install drivers (Add/Remove Hardware or Network)
12. Check for conflicts in Device Manager

When you turn the computer on, if the NIC is PnP, the system should automatically detect the new hardware. You may be prompted for the driver to run it and allocate resources accordingly.

If the system did not automatically find the NIC, you can go to Control Panel -> Add/Remove Hardware to install it manually.

You can also add the driver (or update it) manually by going to:

1. Control Panel -> Network
2. Click Add
3. Select Adapter
4. Find the right make, model and click OK
5. Click Have Disk if you have the driver disk

Note: If you are troubleshooting a problem device, and you suspect the driver – choose the driver Windows has for your piece of hardware, and see if that fixes the problem.

Installing and Configuring Network Connection

Configuring networking can be done during Setup (installation), by going to Control Panel -> Network, or by right clicking on Network Neighborhood and selecting Properties:

From Network Properties you can configure:

 

• Client software to access resources across the network

   

   

• Adapter settings and drivers

   

   

• Protocols to be used (including TCP/IP, NetBEUI, etc)

   

   

• Services like File and Print Sharing

   

Windows 98 view:

You need to enable File and Print Sharing, before you select certain files, folders, drives, or printers to be shared:

Shared resources look like this:

Shared Folder	Shared Drive	Mapped Drive

More resources:

How to share a local printer

Network Drives

To access a drive across the network, you must map the drive and assign it a drive letter:

1. Find the drive you want to map to in Network Neighborhood / My Network Places
2. Right click the share name and select Map Drive
3. Choose the drive letter
4. Select Reconnect at login
5. Click OK

Mapped drives follow UNC (Universal Naming Convention) syntax:

Path: \\servername\share

Network Printers

You connect to Network printers from the Network Neighborhood / My Network Places window:

1. Click Install New Printer
2. Select Network Printer
3. Select the Printer
4. Enter the printer name
5. Choose whether this is your default printer
6. Click Finish

Internet

The Internet is the biggest WAN there is. In many ways, it is the conglomeration of all networks together. It is made up of dissimilar networks, OSes, hardware. What enables them all to talk on the Internet is common protocols, and universal standards for software and hardware.

• URLs – Uniform Resource Locator
• HTML web pages
• Web browsers
• Electronic mail
• Newsgroups
• FTP and Gopher
• IRC – Internet Relay Chat
• Internet phone and videoconferencing

Internet Access

Internet Access requires:

• Dialup services (telephone, DSL, ISDN) or leased lines (cable modem, T1...)
• Internet Service Provider (ISP)
• Browser
• TCP/IP

To access the Internet, you must first configure TCP/IP. In Windows 9x:

1. Go to Control Panel -> Network -> Add (we’ve been here already, remember?)
2. Select Protocol and click Add
3. Select Microsoft and TCP/IP

    

   If your browser doesn't support inline frames click HERE to view the full-sized graphic.

    

    

4. Click Properties to Configure the IP Address, WINS and DNS Configurations. When you select Obtain IP address automatically, Windows is using DHCP (Dynamic Host Configuration Protocol). WINS config is the Microsoft Mechanism that resolves computer names to IP addresses. DNS config resolves UNC names (MS servers) of TCP/IP Hosts to IP addresses.

Installing and Configuring Internet Connection

Under My Computer, or in Start -> Programs -> Accessories, choose Dial-up Networking, and select Make New Connection:

1. Name the connection
2. Select the device (modem) to connect with
3. Enter the phone number and country
4. Click Finish

The new connection will be listed beside the Make New Connection icon in Dial-up Networking:

Note: Know the Properties display when you right click on the connection.

Windows 2000 Connection Properties window:

Configuring Internet Explorer

You configure your Internet browser to connect using:

• Dial-up connection (modem)
• Proxy Server (ISP gateway)
• LAN

You can also configure all your Internet Options (from the Control Panel):

TCP/IP

TCP/IP is the Internet Protocol that provides a communication method for all systems connecting to the ‘Net. It is composed of hundreds of separate protocols, and commonly referred to as TCP/IP.

Some of the important ones are:

• TCP - Transmission Control Protocol takes the datastream and divides it into packets, then delivers them and waits for an acknowledgement. At the other end it receives the packets, sends an ACK, and reassembles the packets in sequence. It establishes a session with the receiving machine, defining session parameters with a "three-way handshake".
• IP - Internet Protocol places source and destination IP addresses in the header, and assigns the routing information.
• ICMP - Internet Control Message Protocol handles transmission errors. The PING utility uses ICMP. Some routers can also send ICMP "source quench" messages to a host to slow the rate of transmission if the router is being overworked.
• UDP - User Datagram Protocol functions similarly to TCP, but does not establish a session or verify transmission. This is called "connectionless". Less reliable than TCP but faster.
• HTTP - HyperText Transfer Protocol transmits data via HyperText Markup Language. It is the basis for the World Wide Web. An HTML page may contain links to any other HTML document. It operates over TCP (connection-oriented) but may or may not establish a session for longer than the transmission, depending on the version. Most of the Web now supports HTTP 1.1, which allows persistent connections. It is called a "stateless" protocol because commands are executed without regard for the previous command. To make Web pages interactive, other technologies such as ActiveX, Java, and JavaScript were developed, as well as "cookies"--small files that are stored on the client and returned to the server to identify the user and customize the page the server sends.
• ARP - Address Resolution Protocol enables the discovery of physical hardware addresses. A host broadcasts a request by IP address, and the remote host with that IP address returns a message containing its MAC address. Both types of address must be in the header of a packet. The physical address never changes, but the destination IP address changes every "hop" (any passage through a router or host).
• RARP - Reverse ARP is used by the host to discover its own IP address. The host broadcasts its physical address, and the RARP server (a piece of software, not a separate machine) returns the information. Mostly important to diskless workstations.
• SNMP - Simple Network Management Protocol enables monitoring of network activity when installed. By itself, it does nothing; it enables separate monitoring utilities to report.
• Gopher - A pre-WWW cataloguing utility now replaced by HTTP. Almost extinct.

TCP/IP Utilities

• FTP - File Transfer Protocol is an older but still preferred method of down- and up-loading files across the Net. Based on connection-oriented TCP.
• TFTP - Trivial File Transfer Protocol is similar to FTP but uses UDP.
• Telnet - Emulates a terminal and is used to execute commands on a server. Supports character-based functions only; GUI functions require the X-Window system on the client.
• RCP, RSH, REXEC - also for getting or putting files on a server. Authentication is handled differently, either by password or a username match in the server's .RHOSTS file.
• LPR - runs a print job on a host running Line Printer Dæmon
• PING - "Packet INternet Groper" (Doubtful--probably just named after the SONAR term) enables verification that an IP address is active on the network. Without switches applied it returns the number of hops, the name of the router or host, and transit time in milliseconds. Go to a command line and enter "PING /?" for switch syntax.
• IPCONFIG - a WinNT/2000 command that verifies the TCP/IP configurations of the host. The default is to display the IP address, subnet mask, and default gateway. Adding the switch /all returns more information...much more.
• WINIPCFG - a Win9x command similar to above. Returns a GUI window.
• NSLOOKUP - views entries on a DNS server; displays domain names paired with IP addresses.
• NETSTAT - displays current TCP/IP connections and protocol stats. Enter NETSTAT /? at the command prompt for a list of options available with this.
• NBTSTAT - returns status of NetBIOS names resolved to IP addresses, and checks the status of NetBIOS sessions. Again, NBTSTAT /? gets you help on the switches.
• ROUTE - views and enables editing of the host's routing tables. Used especially if the default gateway develops problems.
• TRACERT - displays all the routing hops a packet takes to its destination. Results may vary, as "intelligent" routers may send packets by different routes depending upon the traffic on a particular segment. TRACERT /? returns the switch options.
• WHOIS and FINGER - returns user info on domains and email addresses, respectively.

Domain Names

IP Addresses

Every computer on the Internet has a 32-bit unique IP address, which looks like this:

206.112.74.27

 

But all those numbers are hard to remember, much less type properly. So, an alternative addressing method called FQDN (Fully Qualified Domain Names) is used.

Domain names are user-friendly versions of the IP address:

www.brainbuzz.com = 206.112.74.27

Domains

Top-level domain - .com, .org, .net, edu, .ca, .au ...

Sub-domains – identify the company (brainbuzz, ebay, amazon, etc)

Local domains – specify a division within the company (eg, cramsession.brainbuzz.com)

Host – www, www2...

URLs

URLs are made up of a:

• Protocol – http:, ftp:, mailto:, irc: etc
• Host name (domain + sub-domain + local domain [if any] + host) – cramsession.brainbuzz.com
• File path – to the exact web page - /cramsession/comptia/default.asp

e.g. http://cramsession.brainbuzz.com/cramsession/comptia/default.asp

Email addresses are made up of a:

• Protocol – mailto:
• Identifier – e.g. whomever@wherever.com