Professional Documents
Culture Documents
com
Windows Quickstart XP-Server 2003 Overview Managing Disks Installations Local Users and Groups Shared Folders NTFS Printing Windows Hardware Monitoring and Optomisation Local Security TCP-IP Interoperability Remote Desktop and Terminal Services
-1-
Introduction To Hardware
The interior of a computer looks very complicated at first glance. When the case is removed there is a mass of bits, cables and components that can intimidate the uninitiated. This lesson will seek to dispense some of the mist that may surround the hardware of a computer.
Motherboards
The most important part of any computer is the motherboard. As the name implies a motherboard is the mother of all other components in a computer. The motherboard brings all the core components together such as the Central Processing Unit (CPU), Memory and Hard Disks. In short, the motherboard connects and allows all of the components in the computer to work together. There are two different types of Motherboard: AT style and ATX style.
AT Motherboards
The AT-style motherboards represent the classic approach to component placement. ATmotherboards are available in two variations, the baby AT and the full AT. Both variations simply refer to the overall dimensions of the board. AT Boards are generally found in older systems, typically those that use the now aged Pentium Processor. The Majority of AT motherboards had a single keyboard port soldered to the motherboard The I/O ports (e.g. USB, COM and PS/2 ports) are separate from the motherboard and are placed on a riser card or separate headers. To identify an AT motherboard first check the power connectors. AT Motherboards use two sets of 6-pin inline power connectors Caution it is possible to plug these connectors in the wrong order and fuse the motherboard.
-2-
ATX Motherboards
The ATX-style motherboards are a result of the industrys push for standardization and are found in most systems today. Most modern computers contain an ATX motherboard. ATX boards can use Advanced Power Management. Distinguished by having more than just one external connector ATX boards have Keyboard, Mouse, Serial, Parallel and USB connectors. ATX boards can also be distinguished by the monoblock power connectors. Also available in micro ATX enabling the use of smaller cases.
Motherboard Components
There are two types of receivers for CPUs Zero insertion force or ZIF sockets. With a ZIF socket, before the CPU is inserted, a lever or slider on the side of the socket is moved, pushing all the sprung contacts apart so that the CPU can be inserted with very little force (generally the weight of the CPU itself is sufficient with no external downward force required). The lever is then moved back, allowing the contacts to close and grip the pins of the CPU, often with a fan attached for cooling. Single Edged Contact (SEC) cartridge slot or Slot 1 seen on PII and PIIIs. Developed by Intel to add Cache memory for the processor cheaply The processor is mounted on a Single Edge Connector Cartridge (SECC), much like a PCI slot, but with a 242-lead edge-connector.
Bridges
There are two main bridges on a motherboard the Northbridge and the Southbridge. Bridges control access to the processor from the peripherals. The Northbridge, also known as the Memory Controller Hub (MCH), is traditionally one of the two chips in the core logic chipset on a PC motherboard. The Northbridge typically controls communications between the CPU, RAM, AGP or PCI Express, and the Southbridge.. A Northbridge will typically work with only one or two classes of CPUs and generally only one type of RAM. There are a few chipsets that support two types of RAM (generally these are available when there is a shift to a new standard). -3-
The Southbridge, also known as the I/O Controller Hub (ICH), is a chip that implements the slower capabilities of the motherboard in a Northbridge Southbridge chipset computer architecture. The Southbridge can usually be distinguished from the Northbridge by not being directly connected to the CPU. Rather, the Northbridge ties the Southbridge to the CPU. The functionality found on a contemporary Southbridge includes:PCI bus, ISA bus, SMBus, DMA controller, Interrupt controller, IDE, (SATA or PATA) controller ,LPC Bridge, Real Time Clock, Power management (APM and ACPI) and Nonvolatile BIOS memory
BIOS Chips
The [[BIOS( Basic Input Output System)]] refers to the software code run by a computer when first powered on. The primary function of BIOS is to prepare the machine so other software programs stored on various media (such as hard drives, floppies, and CDs) can load, execute, and assume control of the computer. This process is known as booting up. The BIOS is stored as a ROM (Read-Only Memory) program and is retained when the machine is turned off. Settings within the BIOS may be changed by the user and these changes are stored in the BIOS memory this is maintained by a trickle of charge from the BIOS battery.
Memory
SIMMS- Single Inline Memory Modules. An older type of memory only seen on very old motherboards came in 30 pin modules and 72 pin modules. SDRAM chips are rated according to their maximum clock rate and their read cycle time. Common clock ratings include 66MHz, 100MHz, and 133MHz. Common read cycle times include 50ns and 60ns. DDR SDRAM or double-data-rate synchronous dynamic random access memory is a type of memory integrated circuit used in computers. It achieves greater bandwidth than ordinary SDRAM by transferring data on both the rising and falling edges of the clock signal (double pumped). This effectively nearly doubles the transfer rate without increasing the frequency of the front side bus. Stick/module specification PC-1600: DDR-SDRAM memory module specified to operate at 100 MHz using DDR-200 chips, 1.600 GByte/s bandwidth PC-2100: DDR-SDRAM memory module specified to operate at 133 MHz using DDR-266 chips, 2.133 GByte/s bandwidth PC-2700: DDR-SDRAM memory module specified to operate at 166 MHz using DDR-333 -4-
chips, 2.667 GByte/s bandwidth PC-3200: DDR-SDRAM memory module specified to operate at 200 MHz using DDR-400 chips, 3.200 GByte/s bandwidth
Drive Connectors
Integrated Device Electronic (IDE) [Integrated Device Electronic (IDE)]] connectors connect the motherboard, via a ribbon cable to various peripherals, the most common being hard drives and CD ROMs. On most boards there are 2 channels/connectors, each can have 2 devices attached giving a total of four IDE devices. If one device is attached to a cable, it should be configured as the master. If two devices are attached to the same cable then one must be the master device and one the slave. Master and slave are configured by the use of jumpers. Jumpers are small, insulated sleeves with a contact inside used to complete a circuit
Hard Disks
Hard disks are used to store data in a non-volatile form within the machine. I.e. the data remains intact even if the power to the device is cut off. Data is stored as magnetic ones and zeros on a steel platen and is read by pickup arms that scan the drive as the platens spin Most major hard drive and motherboard vendors now support self-monitoring, analysis, and reporting technology (S.M.A.R.T.), by which impending failures can be predicted, allowing the user to be alerted to prevent data loss.The mostly sealed enclosure protects the drive internals from dust, condensation, and other sources of contamination. The hard disks readwrite heads fly on an air bearing which is a cushion of air only nanometers above the disk surface. The disk surface and the drives internal environment must therefore be kept immaculate to prevent damage from fingerprints, hair, dust, smoke particles, etc., given the submicroscopic gap between the heads and disk.
Floppy Disks
The floppy disc controller is generally situated near the IDE controllers and in fact looks like a small IDE slot
-5-
The ribbon has a twist and the first floppy drive (A: drive) should be placed after the twist if the cable has more than three connectors. If the cable is really old it may have a connector for a 5 1/4 Floppy drive.
SCSI
SCSI stands for Small Computer System Interface, and is a standard interface and command set for transferring data between devices on both internal and external computer buses. SCSI is most commonly used for hard disks and tape storage devices, but also connects a wide range of other devices, including scanners, printers, CD-ROM drives, CD recorders, and DVD drives. In fact, the entire SCSI standard promotes device independence, which means that theoretically SCSI can be used with any type of computer hardware. On a parallel SCSI bus, a device (e.g. host adapter, disk drive) is identified by a SCSI ID, which is a number in the range 0-7 on a narrow bus and in the range 0-15 on a wide bus.
SATA
Serial ATA (SATA) is a computer bus technology primarily designed for transfer of data to and from a hard disk. It is the successor to the legacy AT Attachment standard (ATA). This older technology was retroactively renamed Parallel ATA (PATA) to distinguish it from Serial ATA. Both SATA and PATA drives are IDE (Integrated Drive Electronics) drives, although IDE is often misused to indicate PATA drives. The two SATA interfaces, SATA/150, runs at 1.5 GHz resulting in an actual data transfer rate of 1.2 Gigabits per second (Gb/s), or 150 megabytes per second (MB/s). SATA II 3Gb/s resulting in an actual data transfer rate of 2.4 Gb/s, or 300 MB/s.
Motherboard Slots
To add more functionality to a computer, cards such as network or video cards can be added. Sometimes these functions are built into the motherboard. There are several types of expansion slots: The PCI (Peripheral Component
Interconnect) The PCI bus is common in modern PCs, where it has displaced ISA as the standard expansion bus, but it also appears in many other computer types.
-6-
PCI 2 33.33 MHz clock with synchronous transfers peak transfer rate of 133 MB per second for 32-bit bus. PCI 2.2 allows for 66 MHz signalling (requires 3.3 volt signalling) (peak transfer rate of 503 MB/s) PCI 2.3 permitted use of 3.3 volt and universal keying, but did not support 5 volt keyed add in cards. PCI 3.0 is the final official standard of the bus, completely removing 5 volt support. ISA/EISA; Industry Standard Architecture and Extended Industry Standard Architecture An older type of bus connector. Considered obsolete PCI Express, PCIe, or PCI-E is an implementation of the PCI computer bus that uses existing PCI programming concepts, but bases it on a completely different and much faster serial physical-layer communications protocol. PCIe transfers data at 250 MB/s (238 MiB/s), per channel to a maximum of 16 channels, a total combined transfer rate of 4GB/s (3.7 GiB/s). Almost all of the high end graphics cards being released today use PCI Express. NVIDIA uses the high-speed data transfer of PCIe for its newly developed Scalable Link Interface (SLI) technology, which allows two graphics cards of the same chipset and model number to be run at the same time, allowing increased performance. The Accelerated Graphics Port (also called Advanced Graphics Port) is a high-speed point-topoint channel for attaching a graphics card to a computers motherboard, primarily to assist in the acceleration of 3D computer graphics. Some motherboards have been built with multiple independent AGP slots. AGP is slowly being phased out in favour of PCI Express. AGP 1x, using a 32-bit channel operating at 66 MHz resulting in a maximum data rate of 266 megabytes per second (MB/s), doubled from the 133 MB/s transfer rate of PCI bus 33 MHz / 32-bit; 3.3 V signaling. AGP 2x, using a 32-bit channel operating at 66 MHz double pumped to an effective 133 MHz resulting in a maximum data rate of 533 MB/s; signaling voltages the same as AGP 1x; AGP 4x, using a 32-bit channel operating at 66 MHz quad pumped to an effective 266 MHz resulting in a maximum data rate of 1066 MB/s (1 GB/s); 1.5 V signaling; AGP 8x, using a 32-bit channel operating at 66 MHz, strobing eight times per clock, delivering an effective 533 MHz resulting in a maximum data rate of 2133 MB/s (2 GB/s); 0.8 V signaling.
Peripheral Connections
There are a number of ports on the motherboard for the connection of additional devices: -7-
Serial ports connected the computer to devices such as terminals or modems. Mice, keyboards, and other peripheral devices also connected in this way. Parallel ports are most often used to communicate with peripheral devices. The most common kind of parallel port is a printer port, such as a Centronics connector based port which transfers eight bits at a time. Disk drives are also connected via special parallel ports, such as those used by the SCSI and ATA technlogies. However, when people refer to a parallel port, they are usually referring to a printer port, either on a printer or a PC. A USB system has an asymmetric design, consisting of a host controller and multiple daisychained devices. Additional USB hubs may be included in the chain, allowing branching into a tree structure, subject to a limit of 5 levels of branching per controller. No more than 127 devices, including the bus devices, may be connected to a single host controller. Modern computers often have several host controllers, allowing a very large number of USB devices to be connected. USB cables do not need to be terminated. USB supports three data rates. A Low Speed rate of 1.5 Mbit/s (183 KiB/s) that is mostly used for Human Interface Devices (HID) such as keyboards, mice, and joysticks. A Full Speed rate of 12 Mbit/s (1.5 MiB/s). Full Speed was the fastest rate before the USB 2.0 specification and many devices fall back to Full Speed. Full Speed devices divide the USB bandwidth between them in a first-come first-served basis and it is not uncommon to run out of bandwidth with several isochronous devices. All USB Hubs support Full Speed. A Hi-Speed rate of 480 Mbit/s (57 MiB/s).
-8-
Networking
-9-
Network Hardware
Hubs
An Ethernet hub or concentrator is a device for connecting multiple twisted pair or fibre optic Ethernet devices together, making them act as a single segment. It works at the physical layer of the OSI model, repeating the signal received at one port out each of the other ports (but not the original one). The device is thus a form of multiport repeater. Ethernet hubs are also responsible for forwarding a jam signal to all ports if it detects a collision. Hubs also often come with a BNC and/or AUI connector to allow connection to legacy 10BASE2 or 10BASE5 network segments. The availability of low-priced Ethernet switches has largely rendered hubs obsolete but they are still seen in older installations and more specialist applications.
Switches
- 10 -
A network switch or switch for short is a networking device that performs transparent bridging (connection of multiple network segments with forwarding based on MAC addresses) at full wire speed in hardware. As a frame comes into a switch, the switch saves the originating MAC address and the originating (hardware) port in the switchs MAC address table. This table often uses content-addressable memory, so it is sometimes called the CAM table. The switch then selectively transmits the frame from specific ports based on the frames destination MAC address and previous entries in the MAC address table. If the destination MAC address is unknown, for instance, a broadcast address or (for simpler switches) a multicast address, the switch simply transmits the frame out of all of the connected interfaces except the incoming port. If the destination MAC address is known, the frame is forwarded only to the corresponding port in the MAC address table.
Hubs VS Switches
A hub, or repeater, is a fairly unsophisticated broadcast device. Any packet entering any port is broadcast out on every port and thus hubs do not manage any of the traffic that comes through their ports. Since every packet is constantly being sent out through every port, this results in packet collisions, which greatly impedes the smooth flow of traffic. A switch isolates ports, meaning that every received packet is sent out only to the port on which the target may be found (assuming the proper port can be found; if it is not, then the switch will broadcast the packet to all ports except the port the request originated from). Since the switch intelligently sends packets only where they need to go the performance of the network can be greatly increased.
Routers
A router is a computer networking device that forwards data packets across a network toward their destinations, through a process known as routing. A router acts as a junction between two or more networks to transfer data packets among them. A router is different from a switch. A switch connects devices to form a Local area network (LAN). One easy illustration for the different functions of routers and switches is to think of switches as local streets, and the router as the junctions with the street signs. Each house on the local street has an address within a range on the street. In the same way, a switch connects various devices each with their own IP address(es) on a LAN. Routers connect networks together the way that on-ramps or major junctions connect streets to both main roads and motorways. The street signs at the junctions the (routing table) show which way the packets need to flow.
- 11 -
Wireless
Wireless Access Point (WAP) A wireless access point (AP) connects a group of wireless stations to an adjacent wired local area network (LAN). An access point is similar to an Ethernet hub, but instead of relaying LAN data only to other LAN stations, an access point can relay wireless data to all other compatible wireless devices as well as to a single (usually) connected LAN device, in most cases an Ethernet hub or switch, allowing wireless devices to communicate with any other device on the LAN. Wireless Routers A wireless router integrates a wireless access point with an Ethernet switch and an Ethernet router. The integrated switch connects the integrated access point and the integrated Ethernet router internally, and allows for external wired Ethernet LAN devices to be connected as well as a (usually) single WAN device such as a cable modem or DSL modem. A wireless router advantageously allows all three devices (mainly the access point and router) to be configured through one central configuration utility, usually through an integrated web server. However one disadvantage is that one may not decouple the access point so that it may be used elsewhere.
Cables
Cable Terminology
10BASE2 (also known as cheapernet or thinnet) is a variant of Ethernet that uses thin coaxial cable. The 10 comes from the maximum transmission speed of 10 Mbit/s (millions of bits per second). The BASE stands for baseband signaling, and the 2 represents a rounded up shorthand for the maximum segment length of 185 metres (607 feet). 10BASE5 (also known as thicknet) is the original full spec variant of Ethernet cable. The 10 refers to its transmission speed of 10 Mbit/s. The BASE is short for baseband signalling as opposed to broadband, and the 5 stands for the maximum segment length of 500 metres. 10BASE-T is an implementation of Ethernet which allows stations to be attached via twisted pair cable. The name 10BASE-T is derived from several aspects of the physical medium. The 10 refers to the transmission speed of 10 Mbit/s. The BASE is short for baseband.The T comes from twisted pair, which is the type of cable that is used 100BASE-T is any of several Fast Ethernet 100 Mbit/s CSMA/CD standards for twisted pair cables, including: 100BASE-TX (100 Mbit/s over two-pair Cat5 or better cable). The segment length for a 100BASE-T cable is limited to 100 metres
- 12 -
Coaxial
Coaxial cable is an electrical cable consisting of a round conducting wire, surrounded by an insulating spacer, surrounded by a cylindrical conducting sheath, usually surrounded by a final insulating layer. It is used as a high-frequency transmission line to carry a highfrequency or broadband signal. BNC connectors were commonly used on 10base2 thin Ethernet networks, both on cable interconnections and network cards, though these have largely been replaced by newer Ethernet devices whose wiring does not use coaxial cable.
CAT 5
Category 5 cable, commonly known as Cat 5, is an unshielded twisted pair cable type designed for high signal integrity. Category 5 has been superseded by the Category 5e specification. This type of cable is often used in structured cabling for computer networks such as Gigabit Ethernet, although they are also used to carry many other signals such as basic voice services, token ring. Category 5 cable included four twisted pairs in a single cable jacket. It was most commonly used for 100 Mbit/s networks, such as 100BASE-TX Ethernet Cat5 cable uses an RJ-45 (Registered Jack-45) connector at each end of the cable with a fixed wiring scheme. The ends are then crimped on to the cable
- 13 -
Wiring Scheme
Patch or straight through cables have Wiring scheme 1 at both ends of the cable and are used to connect computers to network wall sockets or hubs. Crossover cables have Wiring scheme 1 at one end of the cable and Wiring scheme 2 at the other. These cables are used to connect network hardware together e.g. PC to PC, hub to hub.
Protocols
A protocol (TCP/IP IPX/SPX, APPLE TALK) is a convention or standard that controls or enables the connection, communication, and data transfer between two computing endpoints. Sending and receiving systems need to use the same protocol unless a gateway service sits between networks and translates from one to the other. Most protocols specify one or more of the following properties:
Detection of the underlying physical connection (wired or wireless), or the existence of the other endpoint or node Handshaking Negotiation of various connection characteristics How to start and end a message How to format a message What to do with corrupted or improperly formatted messages (error correction) How to detect unexpected loss of the connection, and what to do next Termination of the session or connectio
NetBIOS
NetBIOS is an acronym for Network Basic Input/Output System. The NetBIOS API allows applications on separate computers to communicate over a local area network. NetBIOS must be enabled for Windows File and Print Sharing to work. NetBIOS provides three distinct services:
- 14 -
Name service for name registration and resolution Session service for connection-oriented communication Datagram distribution service for connectionless communication.
Name service In order to start Sessions or distribute Datagrams, an application must register its NetBIOS name using the Name service. NetBIOS names are 16 bytes in length Session service Session mode lets two computers establish a connection for a conversation, allows larger messages to be handled, and provides error detection and recovery. In NBT, the session service runs on TCP port 139. Datagram distribution service Datagram mode is connectionless. Since each message is sent independently, they must be smaller; the application becomes responsible for error detection and recovery. In NBT, the datagram service runs on UDP port 138.
IPX/SPX (NWLINK)
Internetwork Packet Exchange (IPX) is the OSI-model Network layer protocol in the IPX/SPX protocol stack. The IPX/SPX protocol stack is supported by Novells NetWare network operating system. Because of Netwares popularity through the late 1980s into the mid 1990s, IPX became a popular internetworking protocol. Novell derived IPX from Xerox Network Services IDP protocol. IPX usage is in general decline as the boom of the Internet has made TCP/IP nearly universal. Computers and networks can run multiple network protocols, so almost all IPX sites will be running TCP/IP as well to allow for Internet connectivity. It is also now possible to run Novell products without IPX, as they have supported both IPX and TCP/IP since NetWare reached version 5. Sequenced Packet Exchange (SPX) is a transport layer protocol (layer 4 of the OSI Model) used in Novell Netware networks. The SPX layer sits on top of the IPX layer (layer 3 the network layer) and provides connection-oriented services between two nodes on the network. SPX is used primarily by client/server applications. NWLink is a IPX/SPX-compatible protocol developed by Microsoft and used in its Windows NT product line.NWLink is Microsofts version of Novells IPX/SPX Protocol. The Microsoft version of NWLink includes the same level of functionality as the Novell Protocol. NWLink includes a tool for resolving NetBIOS names.NWLink packages data to be compatible with client/server services on NetWare Networks. However, NWLink does not provide access to NetWare File and Print Services. To access the File and Print Services the Client Service for NetWare needs to be installed.
AppleTalk
- 15 -
AppleTalk is a suite of protocols developed by Apple Computer for computer networking. It was included in the original Macintosh (1984) and is now used less by Apple in favour of TCP/IP networking. AppleTalk contains two protocols aimed at making the system completely self-configuring. The AppleTalk address resolution protocol (AARP) allowed AppleTalk hosts to automatically generate their own network addresses, and the Name Binding Protocol (NBP) was essentially a dynamic DNS system which mapped network addresses to user-readable names. For interoperability Microsoft maintains the file services for Macintosh and the print services for Macintosh
TCP/IP
The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. It is sometimes called the TCP/IP protocol suite, after the two most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first two defined.The Internet protocol suite like many protocol suites can be viewed as a set of layers, each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted.The OSI model describes a fixed, seven layer stack for networking protocols. Comparisons between the OSI model and TCP/IP can give further insight into the significance of the components of the IP suite, but can also cause confusion, as TCP/IP consists of only 4 layers. The four layers in the DoD model, from bottom to top, are:
The Network Access Layer is responsible for delivering data over the particular hardware media in use. Different protocols are selected from this layer, depending on the type of physical network.
The Internet Layer is responsible for delivering data across a series of different physical networks that interconnect a source and destination machine. Routing protocols are most closely associated with this layer, as is the IP Protocol, the Internets fundamental protocol.
The Host-to-Host Layer handles connection rendezvous, flow control, retransmission of lost data, and other generic data flow management. The mutually exclusive TCP and UDP protocols are this layers most important members. - 16 -
The Process Layer contains protocols that implement user-level functions, such as mail delivery, file transfer and remote login.
Network Services
DNS (Domain Naming System)
The Domain Name System (DNS) stores and associates many types of information with domain names, but most importantly, it translates domain names (computer hostnames) to IP addresses. It also lists mail exchange servers accepting e-mail for each domain. In providing a worldwide keyword-based redirection service, DNS is an essential component of contemporary Internet use. The DNS pre-eminently makes it possible to attach easy-to-remember domain names (such as es-net.co.uk) to hard-to-remember IP addresses (such as 270.146.131.206). People take advantage of this when they recite URLs and e-mail addresses.
subnet mask, DNS server and default gateway information.The assignment of the IP address usually expires after a predetermined period of time, at which point the DHCP client and server renegotiate a new IP address from the servers predefined pool of addresses. Configuring firewall rules to accommodate access from machines who receive their IP addresses via DHCP is therefore more difficult because the remote IP address will vary from time to time. Administrators must usually allow access to the entire remote DHCP subnet for a particular TCP/UDP port. Most home routers and firewalls are configured in the factory to be DHCP servers for a home network. ISPs (Internet Service Providers) generally use DHCP to assign clients individual IP addresses.DHCP is a broadcast-based protocol. As with other types of broadcast traffic, it does not cross a router.
Networks
A Local Area Network (LAN) is a computer network covering a small local area, like a home, office, or small group of buildings such as a home, office, or college. Current LANs are most likely to be based on switched Ethernet or Wi-Fi technology running at 10, 100 or 1,000 Mbit/s.The defining characteristics of LANs in contrast to WANs (wide area networks) are: their much higher data rates; smaller geographic range; and that they do not require leased telecommunication lines. A Personal Area Network (PAN) is a computer network used for communication among computer devices (including telephones and personal digital assistants) close to one person. The reach of a PAN is typically a few metres and may use Bluetooth, wireless or USB for connection. A Wide Area Network (WAN) is a computer network covering a wide geographical area, involving a vast array of computers. This is different from personal area networks (PANs), metropolitan area networks (MANs) or local area networks (LANs) that are usually limited to a room, building or campus. The most well-known example of a WAN is the Internet. WANs - 18 -
are used to connect local area networks (LANs) together, so that users and computers in one location can communicate with users and computers in other locations.
- 19 -
Introduction To Windows
Operating Systems
The most important piece of software on any computer is the operating system. The operating system gives the framework upon which all other services and applications run. The majority of home users use a Windows based machine. Most of todays applications and games are designed to run solely on Microsoft systems. Microsoft Windows is extremely popular in schools and colleges, many businesses also use Windows.
In 1993 Microsoft divided the operating system into two categories; Business and home user. Windows NT (New Technology) was a lot more reliable than Windows 3.x. Windows NT provided advanced network features. On the business front, Windows NT continued to develop with the release of version 3.51. Different versions were provided which offered different functionality. Server provided the higher network functions and Workstation was mainly for the client machines. In 1995 Windows went through a major revamp and Microsoft Windows 95 was released. This provided greatly improved multimedia and a much more polished user interface. The now familiar desktop and Start Menu appeared. Internet and networking support was built in Although Windows 95 was a home user operating system, it proved to be very popular in schools and businesses. After the success of Windows 95, Microsoft improved the GUI interface of Windows NT and released Windows NT 4.0. NT4 could be tailored to the size of the business, NT4 Server for small to medium sized businesses and Enterprise Server for larger networks. Microsoft continued to improve the Windows format. Although Microsoft Windows 98 was very similar to Windows 95, it offered a much tidier display and enhanced multimedia support. Breaking with its own naming conventions, Microsoft released Windows 2000 (initially called NT 5.0) for the business market. It appeared in 4 models: Professional -which replaced Workstation, Server, Advanced Server and Datacenter Server catered for differing business requirements. Although Windows 2000 had a greatly
improved user interface, the best of the enhancements appeared on the server side. Active Directory was introduced which allowed much greater control of security and organisation. Improvements to the overall operating system allowed for easier configuration and installation. One big advantage of Windows 2000 was that operating system settings could be modified easily without the need to restart the machine. Windows 2000 proved to be a very stable operating system that offered enhanced security and ease of administration. The last incarnation of the Windows 9x family was Windows Millennium Edition (ME). There were many different versions of Windows floating around at this stage that Microsoft decided the next release of Windows would consolidate both the business and home versions. Although Windows ME was visually similar to Windows 2000. Windows ME was - 21 -
based on the Windows 9x line. Windows 9x/ME systems are not as secure and stable as Windows NT and 2000 systems. Because of the stability of Windows NT/2000, Microsoft decided to end the development of the Windows 9x line, and merge both the consumer and business products. Microsoft Windows XP comes as the Home Edition and Professional, each is based on Windows 2000. Windows 2000 Server has been upgraded to Windows 2003. This appears in four variants: Web Server, Standard Server, Enterprise Server and Datacenter Server, each fulfilling a different business role. Windows XP has a very polished look, but the overall functionality is very similar to Windows 2000.
UNIX
A big advantage of UNIX is that it can be run on nearly every computer hardware platform including Apple Macintosh machines. The UNIX operating system is one of the oldest and most powerful operating systems. It was developed by Bell Laboratories. There are many variants of UNIX available.
Novell NetWare
Novell NetWare is an advanced network operating system. It has an advanced directory service structure similar to Microsofts Active Directory. Fortunately both directory services are interoperable as both directories use the x500 directory service standard.
Linux/FreeBSD
Two of the most popular variations of UNIX come in the form of Linux and FreeBSD. A big advantage of both Linux and FreeBSD is that they are both open-source, that is, any user can contribute to the development of the OS. Versions of both operating systems are completely free. Linux and FreeBSD can easily take the role of a server or client machine. However, they are considered to be more difficult to master as both utilize the command line rather than a user - 22 -
friendly GUI. There are several different distributions of Linux, but for each the underlying operating system remains the same. Apple Macintosh machines offer high performance sound and graphics editing and are therefore extremely popular in the design industry. Apple have developed their own operating system, the newest version of which is the Mac OS X, which is based on UNIX. Mac OS X is a very user friendly operating system and is increasingly popular for home PCs.
- 23 -
These are some typical file icons. They help the user to identify the file type. There are innumerable file types, some of the common ones are represented here: 1. .bmp a bitmap image 2. .doc a Word document 3. .wav a sound file 4. .ppt animated slides 5. .txt plain text 6. .xls a spreadsheet 7. .dbf a database file 8. A shortcut (note the arrow) 9. .exe an application (a program) Windows allows you to view information about files in different ways. the icon view the default used by Windows XP.
- 24 -
To change the icon view, click on View on the menu bar. Select the required view from the available list. By default if a file type is a known one, such as a Microsoft Word Document, Windows wont display its file extension. To view all file extensions click on Tools on the menu bar. Various options can be configured. e.g. Display compressed files and folders with alternate colours. To display all file extensions, untick the Hide file extensions for known file types box. File extensions are best left alone. Opening a file with the wrong application can sometimes damage the file. However you may at some stage need to change a files extension.
Folders
Each of these is a folder. They may contain files or other folders (called subfolders) or both. There may be many nestings of folders within folders.
Files and folders are located on the computer by using a file path. The James folder is located inside a folder called Home, which is located inside a folder called es-net, which is located on the C: drive. The file path will be C:\es-net\Home\James.
- 25 -
At this point the item has been placed onto a clipboard an area of memory accessible from nearly any application in Windows. Right click (or open Edit in the toolbar) in an open destination folder and choose Paste (or use drag and drop) . When an attempt is made to move an item between volumes, it is effectively copied, and the original remains.
- 26 -
Start Menu
The Start Menu was introduced in Windows 95 and allows for applications to be easily located and launched. As the name implies, The Start menu is the starting point for most tasks in Windows. Clicking on START is a recommended way to access frequently used applications: Clicking on START reveals the Run option which provides a quick way of launching command-line utilities. The first few characters of a pathname have been typed and the auto-complete feature uses this to make suggestions based upon recent usage. Clicking on one of these completes the entry. This can be useful to avoid mistyping. The Start Menu can also be easily configured by simply right-clicking on it and selecting Properties. Icon sizes can be changed as well as the number of program shortcuts displayed. Select Advanced to view a few in depth options. Various items can be enabled and disabled by choosing the options shown, e.g. The Control Panel can be disabled from the Start Menu. To change the Start Menu to the style used in Windows 2000 select Classic Start Menu. Clicking on Start reveals the older style Start Menu used in pre-Windows XP computers.
- 27 -
The My Documents Folder is the default destination for a users work. It can be placed, separately from the desktop, on any server in the network. In this guise it can still appear to the user as what is known as a local resource!
In another course would-be administrators will move home folders to remote servers. They will also have a good reason for doing so.
- 28 -
Server Roles
The term server refers to a machine that is providing a service for other machines, e.g. A computer which shares files on the network would be classed as a file server. For example, A Domain Controller is classed as a server because it is providing a service for the rest of the clients on the network. Windows 2003 can take several different server roles. These are as follows:
File Server
A File Server stores files and folders that are used by other machines on the network. It can hold applications, text documents, or a users My Documents Folder. For security, many shared folders are housed on file servers. A distributed file system is housed on more than one file server for the sake of fault-tolerance and ease of access. A Windows XP Professional machine may act as a limited File Server. A Windows Server 2003 Computer can also act as a file server for different operating systems, e.g. Apple Macintosh.
Print Server
A Print Server is a computer that has a printer attached to it and shares the printer for use on the network. A Windows XP Professional Machine can be a reasonably capable Print Server.
Application Server
Besides being a Domain Controller, Windows Server 2003 can also be a host to many different services e.g. as a Database Server and a Terminal Server.
- 29 -
Web Servers
A Web Server hosts and manages websites for the Internet or an intranet. Because of the need to manage heavy and burst-mode traffic while maintaining security, a dedicated server is recommended. Windows 2003 can function as a web server using the Internet Information Services (IIS) service. Windows XP Professional ships with a limited version of IIS which allows a workstation to host a single website.
- 30 -
Active Directory
Active Directory is a fundamental features of Windows 2003 domains. Active Directory is essentially a detailed database containing information about every object on the network. These objects include computers, users, groups, printers and even shared folders. This feature might seem of little importance until you look at how this information is organised. Active Directory can group objects and place restrictions upon them, for example a group of users might be restricted from using the control panel. Essentially every object can be controlled and similar objects may be grouped into manageable units. As you will later learn Active Directory greatly simplifies network administration.
IntelliMirror
Windows 2003/XP networks use a feature called IntelliMirror. IntelliMirror allows users to move freely around the network whilst maintaining their own settings, preferences, applications and documents. For example a users desktop wallpaper will follow him from machine to machine. The benefits of IntelliMirror and Active Directory can only be fully utilised on Windows 2000/2003/XP networks. - 31 -
Windows XP/2003 contains a feature known as Remote Desktop which enables a computer running Windows XP/2003 to be remotely controlled or viewed over a network. Remote Desktop Connection is useful since it allows an administrator to troubleshoot a users problems remotely, thus helping to improve response time and increasing productivity.
- 32 -
Storage Options
Windows Server 2003 provides a feature called Shadow Copy. This feature stores point-intime versions of files in network shares. This allows an administrator to view or recover folder contents as they existed at certain points in time. Windows XP/2003 allows a user to directly copy files to a CD-R without the use of any third-party CD-Burning application.
ClearType Support
Windows 2003/XP supports anti-aliased fonts using the Microsoft Cleartype technology. With Cleartype technology text becomes sharper and brighter, especially on Laptop displays.
Cannot function as a Domain Controller. Can act as a File/Print or Web server Windows Server 2003 Standard Edition; Supports Active Directory. Used in small to medium environments. Ideal for File and Print services Windows Server 2003 Enterprise Edition; Supports Active Directory. Used in large organizations. Ideal for Application/Web servers Windows Server 2003 Datacenter Edition; Supports Active Directory. Used in very large organizations. Ideal for Database Servers (SQL)
Network Load Balancing Clustering Symmetric Multiprocessing (SMP) Pre-emptive Multitasking Remote Access - 33 -
Network Load Balancing is a feature of Windows Server 2003 Enterprise/Datacenter. This allows network traffic to be distributed between servers each running the same website. Up to 32 machines can be linked together using the same IP address. If a machine fails, no clients will be connected to it until it is restored. The service to the client remains unimpaired throughout. As the client may connect to one of the other machines
Clustering
Clustering means having more than one server dedicated to running a particular application. This is only supported in Windows Server 2003 Enterprise Edition and Windows Server 2003 Datacenter Edition. There are two types of clustering: 1. Active/Active 2. Active/Passive
Active/Passive Clustering
In Active/Passive Clustering, One machine is running an application, while the other sits quietly watching it. In this format, all machines in a cluster are connected to an external hard-drive. The fact that the passive server merely waits in case of a failure, this can be a very expensive implementation. If the active machine fails, the passive machine takes over the running of the application from the failed machine. This is known as Redundancy.
Active/Active Clustering
- 34 -
Here, both machines are running different applications. However each machine constantly monitors the other. If one of the servers fail, the other machine will take over whatever application the failed machine was running providing fault tolerance.
Multi-Processing
Some computers (especially Servers) need a lot of Processing Power. Installation of additional processors allows machines to perform more tasks and calculations in a given period of time. There are two different types of Multi Processing, SMP and ASMP.
Multi-Tasking
Windows XP/2003 allows Multi-Tasking. Multi-Tasking allows the user to run multiple applications at the same time. There are two types of multi-tasking: Co-operative and Preemptive.
Cooperative Multi-tasking
This is the form of Multi-tasking found in Windows 95, 98 and NT. Subsequent processes rely upon either the first process finishing, or it choosing to share resources. Not only is this inefficient, it can be dangerous. If the first process hangs without completion it still retains those resources, then NOBODY gets to use the processor and a restart is usually required. When a process starts, it keeps hold of the processors resources until it chooses to release them.
Pre-emptive Multi-tasking
- 35 -
This is the form of Multi-tasking found in Windows 2000/XP/2003. In this system the operating system is responsible for the allocation of processor resources. Should a second process (also called a thread) start before a first has finished, it is the OS which determines how much of the processor time is given to each thread. The Operating Systems choices are influenced by the priority settings of each process.
Remote Access
Many people work away from their offices, so Windows provides the Routing and Remote Access Service, (installed by default with Windows 2000/2003 Server) which lets users connect to their office machines. The Routing and Remote Access Service (RRAS) allows a client machine to connect to the network from a remote location either using a standard dial-up connection or via the internet. Once the client has connected to the network from the remote location, he/she will be able to access the network resources as though they were on the same physical network.
Supports 2-way SMP (Symmetric Multi-Processing) Supports 4GB of memory (RAM) Supports up to 10 client connections Supports one RAS (Remote Access Server) Connection
Supports 2-way SMP (Symmetric Multi-Processing) Supports 2GB of memory (RAM) 10 Remote Access connections File and Print Services No 64Bit processor Support Unable to function as a Domain Controller Unlimited web connections
Supports 4GB of Memory (RAM) Unlimited Client Connections 256 RAS (Remote Access) Connections No 64Bit Itanium Support. 5 connections to the built in SQL engine Network load balancing POP3 and SMTP mail server
8 CPUs (Intel 32-Bit), 8 CPUs (Itanium 64-Bit) Supports 32GB of Memory (RAM), 64 GB of Memory on Itanium 64-Bit systems. Unlimited Client Connections 256 RAS (Remote Access) Connections Network Load Balancing 8-Node Clustering
32 CPUs (Intel 32-Bit), 64 CPUs (Itanium 64-Bit)- can be grouped to provide 128 way SMP Supports 64GB of Memory (RAM), 512 GB of Memory on Itanium 64-Bit systems. Unlimited Client Connections 256 RAS (Remote Access) Connections Network Load Balancing 8-Node Clustering
Windows Accessibility
Microsoft Windows supports users with limited sight, hearing or mobility through accessibility options. These facilities include:
The Accessibility Wizard The Magnifier Utility The Narrator Utility The On-Screen Keyboard The Utility Manager
To view the various Accessibility utilities available, click on Start. Select All Programs.
- 37 -
Narrator
Narrator provides voice feedback to visually impaired users. Narrator can be configured to read out screen events and keystrokes, it can also be configured to move the mouse pointer to the active screen item. Narrator may not work correctly if it is used with 3rd party applications i.e. non Microsoft applications and only works well when used with Windows programs such as Notepad. The on-screen keyboard utility displays a keyboard image which lets the user type by using the mouse. keyboard Notepad, keyboard. The Utility Manager can be used to specify which utilities will be started when Windows starts. To configure the various Accessibility options the Accessibility applet is used. Click on Start. - 38 is When in using the on-screen the focus application, rather than e.g. the ensure
- 39 -
- 40 -
The Schedule tab can be used to change or fine-tune the time that you specified previously. The options in the Scheduled Task Completed section allows you to delete the task if it will not be run again and specify how long the task should be allowed to run before it is stopped. The options in the Idle Time section are a way to make use of otherwise non-productive PC time. You can specify how long the computer must be idle before the task begins, and whether to stop the task if the computer ceases to be idle. Windows also provides a command line utility called AT for scheduling tasks. For more information on the AT utility type AT with the /? switch from the command prompt. You can also schedule tasks over the network on remote machines as long as you have permission to do so on that machine. To open the schedule tasks folder on a remote machine type in its UNC path \\computername and open the scheduled tasks folder.
- 41 -
Code Pages
Traditionally computers have used tables called code pages. A code page is a table of characters. Each character has a number. Due to the way a computer works a code page can have a total of 256 numbers. A single code page doesnt contain enough characters to support all the possible characters in all possible languages. Because of this computer systems use different code pages for different languages. In order to be able to read and write with other characters the correct code page/pages will need to be installed on the system. In a system which uses code pages, a program will need to know two pieces of information to correctly display a character: the number of the character and the code page to use. Since different languages have different code pages, problems may arise when a user is viewing a document intended for a different code page. The document may then be unreadable.
Unicode
Because of these limitations a standard was introduced known as Unicode. Unicode is an international-standard character table that has extra characters that dont appear in
- 42 -
the standard ASCII (American Standard Code for Information Interchange) character set. This works because unlike ASCII codes, Unicode uses a double-byte character code. This means that Unicode can support more than 256 characters in a set. Windows XP/2003 and 2000/NT 4.0 all support Unicode version 2.0, which has around 40,000 possible characters. Windows 95 and 98 however do not. To configure language options the Windows regional options utility is used. Click on Start. Select Control Panel. Select Switch to Classic View to enable all Control Panel options. Select The Regional and Language Options icon. The Regional Options Tab displays which Standards and Formats are currently used. Click on Customize to fine-tune these settings. The Numbers tab allows you to configure how numbers are displayed on the system. The Currency Tab allows you to configure how currency is displayed by the system. e.g. A French user would change these settings to use Euros. The Time Tab allows you to configure how the time is displayed. The Date Tab allows you to configure how the Date is displayed. Click on OK to close the Customize Regional Options dialog box. Select the Languages Tab to configure the Keyboard Layout and Languages used by the system. Select the Details button to view or change the languages and input methods used. Currently the UK and US input languages are installed. Click on Add to add an additional input language. Select your choice from the drop-down list. For Example French(France) for a French user. - 43 -
Click on OK to add the new French input language. French support has now been added to the computer. N.B. This will not change the user interface to French but will allow the use of French characters and French keyboards. The Input language can be changed at any time by clicking on the language bar on the taskbar.
- 44 -
- 45 -
It is possible to make a single console which can manage many computers. This can save an administrator a lot of effort over time. Most MMCs can be used with computers other than the local machine. Make a choice and click Finish. Further Snap-ins can be added to a console.. When all the required snap-ins have been added click OK. Finally, save the newly created Console with a meaningful name. Note the file extension for MMC files. Before the new Console is employed, some options should be examined. Anybody can use the new Console, but it may need protecting from misuse or alteration. There are four modes of operation for a Console to aid this control: 1. Author Mode: Grants users every permission including adding or deleting snap-ins. 2. User Mode Full Access: Grants users every permission except adding or deleting snapins. 3. User Mode Limited Access single window: User must use the console as it is. 4. User Mode Limited Access full window: User cannot close any windows previously saved, but can create new windows for own use.
Remote Administration
The MMC
utility
can
also be used to
administer other machines over a network. You can remotely administer both Windows 2000 and Windows XP Professional computers as long as you have a suitable user account on the machine you are administering. You can also administer a Windows 2000 Server/Server 2003 computer from Windows XP Professional by installing the i386/adminpak.msi file on the Windows Server CD-ROM.
- 46 -
In this example, a new console will be created to administer three separate machines on a network In order to administer server side components, you will need to install the I386/ADMINPAK.MSI file on the Windows Server 2003 CD-ROM. The Windows Server 2003 Administration Tools Pack Setup Wizard is launched. Click on Next to continue. The Server Administration Tools are then installed. Once the Administration tools are installed you will need to create a new MMC. Click on Start. Select Run Type in MMC into the Run command-line box. Click on OK to continue. A new blank console is launched. Select File to begin adding new snap-ins. Select Add/Remove Snap-in Click on Add Select Active Directory Users and Computers. Click on Add. The snap-in will automatically connect to a domain controller. N.B. You will need to be connected to a domain and have sufficient privileges in order to perform administration of Active Directory. The Active Directory Users and Computers console has been added. Scroll down to find the Computer Management snap-in. Select Computer Management. Click on Add.
- 47 -
The Computer Management utility will prompt you for which machine you wish to administer. Select Another computer. Specify or Browse for the machine you wish to administer and click Finish. The computer management utility for 10.0.0.1 has been added. N.B. You cannot use Disk Defragmenter or Add and Remove hardware remotely using an MMC. Select the Event Viewer console and click Add to continue. As before, select the Another computer option and choose or specify the machine you wish to administer. With the machine specified, click on Finish. Once you have added all of the relevant snap-ins, click on Close. Hit OK to close the Add/Remove Snap-in dialog box. The new console is then shown. You can now administer three separate machines from one location. e.g. You can administer users and groups on the Domain Controller. ..stop and start services on 10.0.0.1 And view the Event Logs on 10.0.0.8
Remote Shutdown
Using the Computer Management MMC you can shutdown, logoff or reboot a remote machine. This is a highly useful feature, but can also cause security issues. You should always ensure that the Administrator password is hidden. A user with administrative rights can potentially destroy a computer remotely. Launch Computer Management and right-click on Computer Management (Local). Select Connect to another computer. N.B. This function will work with most MMC snap-ins. Browse for or specify the remote machine.
- 48 -
Click OK to continue. The console is now connected to 10.0.0.1. Right-click on Computer Management (10.0.0.1). Select Properties. Information about the remote computer is shown. Click on Advanced. Select Settings from Startup and Recovery. This powerful page allows you to configure the machines boot order and memory dump file location. Click on Shut Down. Select the action you would like to perform and click OK.
- 49 -
Microsoft Licensing
Every Installation of Windows requires a license. You also need a Client Access License (CAL) for all clients that attach to a server over the network. Licenses arent required for Internet Information Services (IIS), Telnet and File Transfer Protocol (FTP) connections.
Licensing Modes
Per Server Licensing Mode
The Per Server licensing mode requires a license for each concurrent connection to a server. 4 Client Access Licenses (CALs) required. The key here is that the server holds the licenses. If it only held 3 licenses only 3 of the 4 clients could connect at any one time.
- 50 -
Workgroups
In a Workgroup configuration, computers are connected but there is no central control. Although files and folders may still be shared, security policies have to be set at each individual computer.
In a workgroup, every computer stores its own security database. For example, a new userFred -would have to be created on every single computer. This can become troublesome in larger environments. Although the User Account Fred has been created four times, Freds profile might be different on each machine, e.g. Fred might see a different desktop screen on each computer.
Domains
In a domain environment all security policies are managed centrally, i.e. The Domain Controller decides what all the client machines can and cannot do, allowing for a more secure and easily managed network environment.
- 51 -
Basic Partitions
Primary Partitions
There may be up to 4 Primary Partitions per physical disk. The Boot partition may only be located on a primary partition.
Extended Partitions
Extended Partitions can use up any free space not used by the Primary Partitions. You may have up to 3 Primary partitions and one extended partition on any physical disk. Extended Partitions need to be further divided into Logical DOS drives.
Logical-DOS Partitions
Logical Partitions are placed inside the extended partition. The number of Logical partitions you may have is only limited by the number of free drive letters. The boot partition cannot be placed on a logical partition.
Basic Partitions
The oldest Windows operating system is always installed first as the newer operating system normally writes a new boot record.
- 52 -
A Logical Drive can contain an operating system but never the System partition. Different Partitions may contain a File Systems not used by Windows, so if an additional operating system is required it can also be installed on the non Windows partition.
- 53 -
The new Primary partition is now displayed on Disk 1 and has been assigned the drive letter D:. The new partition also appears in My Computer.
- 54 -
To specify the Logical Drive size click in the Partition size in MB box and change the value. 1024MB will create a 1GB Logical Drive . Click Next to continue. A drive may be made to appear as a folder on an existing drive (This is called Mounting). The Default Drive is the next available drive letter, in this case E. Select Next to continue. NTFS has been selected for the file system. Select Volume label in order to give the new partition a recognizable name. The new Logical Drive has been named WebSite, this describes the data the Logical Drive may contain. Click Next to continue The summary page will appear. To close the wizard and create the Logical Drive , click Finish. The new Logical Drive is now displayed inside the Extended Partition on Disk 1 and has been labeled WebSite (E:). Similarly, the new Logical Drive appears in My Computer and is ready for use.
Dynamic Volumes
Because of the limitations of basic partitions, dynamic volumes where introduced in Windows 2000 and continue to be supported in Windows XP and Windows Server 2003. Dynamic volumes offer more flexibility than standard partitions. One of the main reasons for using dynamic volumes is to make use of volume sets (which are covered later).
- 55 -
Unfortunately pre-Windows 2000 computers cannot read or utilise dynamic volumes, furthermore you should not use dynamic volumes in a dual-boot environment even if all the operating systems are capable of supporting dynamic disks. Dynamic Volumes are only supported on Windows 2000/XP/2003. There is no limit to the number of volumes you may have on a disk. Dynamic Volumes may be fault tolerant. There are no Primary, Logical or Extended volumes.
- 56 -
- 57 -
File Systems
Once a partition/volume has been created, it then needs to be formatted with a File System. A File System organises and allows for the retrieval of the data stored on the disk. This mechanism is similar to how office file systems operate. Files are stored in folders and then indexed so that they can be found easily. Without a file system, the finding and organising of files would be very time-consuming. For example, when you open a Word Document, the parts of the word file are retrieved by the file system from the hard disk assembled together and then opened. Without a filesystem this task would be extremely difficult. When the file is saved it may end up in a completely different physical location on the hard disk, the file system keeps track of the locations on the hard disk where the files are stored. To fully-understand how data is stored on a disk, we need to look at disk-clusters. These are the actual data storage containers within a partition. Partitions are divided into clusters. Clusters are storage units into which files are placed. When files are written to the disks, they are split and placed inside the clusters. Sadly, if a cluster is left part-filled, the computer considers it to be filled and therefore writes no more data to it! Thus, the remaining 32k in this Cluster is wasted, a new file is written to a new cluster. As you can see a large file may end up scattered all over the hard disk in many different clusters. The file would then need to be reassembled in order for it to be opened. This scattering of a file across a disk is known as disk fragmentation. A heavily fragmented file can take considerably longer to access than a file which is stored in consecutive clusters. Windows XP/2003 ships with a Disk Defragmenter utility which can be used to reduce fragmentation. The Disk Defragmenter should be run regularly to help speed up access to data stored on the disk. (Disk Defragmenter is accessed via Computer Management just above the Disk Management Console).
- 58 -
There are many different file systems in use. Older file systems gradually fall into disuse whilst new ones are created. The file systems most commonly encountered in a Windows environment are:
Can support long filenames under Windows 2000/XP/2003 Partition sizes up to 2GB (4GB in Windows 2000/XP/2003) Supported under all Microsoft Windows Systems (Ideal for dual-booting) Low-system overhead Inefficient cluster-usage (64K clusters) No local security Does not support native compression, shadow copying, encryption or disk quotas
Supports long filenames More efficient use of clusters (16K clusters) File and folder local security Supports native compression, encryption, disk quotas, mount points and shadow copies Higher-system overhead than FAT Only supported in Windows 2000, XP, 2003 and NT 4.0 (with Service Pack 4 for v.5) Hence not good for dual booting
- 59 -
and this can be searched in the same manner as a phone directory. Each search is fast as a character-alphabetical search.
File Systems
Considerable care should be taken when using a dual-boot system, i.e. A computer that has more than one operating system installed For example, if you are dual-booting a computer between Windows 98 and Windows XP and you convert the partition Windows 98 uses to NTFS, Windows 98 will no longer be able read the partition and be unable to boot.
Dual Booting
Dual booting allows you to install two or more operating system on the same machine. It is ideal for testing other operating systems, without deleting the original. As a rule, the older operating system should be installed first, e.g. Install Windows 98 before you install Windows 2000.
- 60 -
If dual-booting with non-Windows operating systems, e.g. Linux, install the Microsoft system first. You must Ensure that the file-systems are compatible. If using Windows NT 4.0 with NTFS 5.0, upgrade NT 4.0 to Service Pack 4. If you are dual-booting between Windows 9x and 2000, ensure that the boot partition remains FAT or FAT32, otherwise you will be unable to boot into Windows 9x. When dual-booting between different operating systems a boot-menu is created. From the boot-menu you may select which operating system to boot.
Converting to NTFS
In order to use native compression, encryption, disk quotas, shadow copies and security. FAT/FAT32 partitions will need to be converted to NTFS. Converting to NTFS is a one-way conversion. You cannot convert NTFS back to FAT/FAT32 without reformatting the drive. If dual-booting with Windows NT 4.0, ensure that it has been upgraded to Service Pack 4. Remember!! Window 9x/3.x and MS-DOS cannot read NTFS partitions. This is the command you need to remember: convert <drive_letter> /fs:ntfs
- 61 -
Volume Sets
Fault-Tolerance/Redundancy of data and high speed data access are essential requirements in many of todays businesses. Using dynamic disks in Windows 2003 enables the use of Volume Sets. A volume consists of a part or parts of one or more physical disks grouped in either a simple, spanned, mirrored, striped, or RAID-5 configuration. Simple, Spanned, RAID-0 (Disk Striping) Not-Fault Tolerant -Supported in Windows XP Professional and Windows Server 2003. RAID-1 (Disk Mirroring), RAID-5 (Disk Striping with Parity) These are Fault Tolerant only supported in the Windows Server 2003 Family. Striping is designed solely to improve the speed of read & write access to data. Stripping improves response time as each drive in the set is performing fewer operations and thus the time required to deliver the data is reduced. Spanned Volumes are designed solely to use up available space in nooks and crannies of a disk array. Raid-5 provides fault tolerance and an improved speed of access at the cost of drive space. (An entire RAID-5 array can be mirrored, too).
- 62 -
Spanned Volumes
Spanned Volumes can make use of any unused drive space on separate drives. Spanned Volumes are not fault tolerant. If one of the disks were to fail the entire volume would be lost with the data along with it. There can be up to 32 disks in a spanned volume. Spanned Volumes are supported in both Windows XP Professional and Server 2003. It appears to the user as a single disk. To create a Spanned Volume the Disk Management utility is used. Notice that both Disks 1 and 2 are dynamic. To create a new volume, right-click on the Unallocated space on Disk 1. Select New Volume. The New Volume Wizard will appear, click on Next to continue. Select the Spanned Volume type from the choices shown. Click Next to continue. Disk 1 has already been added to the set. Select the amount of space in MB option to change the space to be used on this disk for the new volume We have selected to use 1024MB of space from Disk 1. Highlight Disk 2 in the available disks selection menu. Click on Add to add Disk 2 to the spanned set. We will use all the available space on Disk 2 for the volume. Note, the total volume size is the sum of both Disks and the size on each disk may be different. Click on Next to continue. The new volume will be assigned a drive letter, in this case D: Click Next to continue. Specify a name for the volume by selecting the Volume label box.
- 63 -
The volume will be called UserData. N.B. Under Windows Server 2003, volumes can only be formatted as NTFS. Click on Next to continue. The Summary page will appear. Click on Finish to create the new volume. The new volume has been created and spanned across two physical disks. The new volume appears to the user as a single drive.
- 64 -
Striped Volumes
Striped Volumes are similar to spanned in that they use the space available on both disks and appear to the user as one single volume. There can be 2-32 disks in a striped set. Striped Volumes are supported in both Windows XP Professional and Windows Server 2003. When files are written to the disk they are striped across both disksso read & write performance is improved. Striped volumes are not fault tolerant. If one of the disks were to fail, all data contained within the volume would be lost. To create a striped volume using Disks 1 and 2, right-click on the Unallocated space on Disk 1. Select New Volume. The New Volume Wizard will appear. Click Next to continue. Choose the type of volume that you want to create, in this case Striped. Click Next to continue. Disk 1 has already been added to the striped set, to add disk 2, select Disk 2 from the available dynamic disks box. Disk 2 has been selected, click on Add to add the disk. Since all partitions in a striped set have to be the same size the total sum of this volume is 24095 or 8190MB. Click on Next to continue. The new partition will be assigned the next available drive letter, in this case D:. Click Next to continue. The volume will be called New Volume. Click on Next to continue. The summary page will appear, click on Finish to create the new striped volume.
- 65 -
The volume is displayed below and is striped across two physical disks. The new striped volume appears as a single 7.99GB drive.
- 66 -
Mirrored Volumes
Mirrored Volumes store exactly the same information on each drive, making the information on the second drive available for fault tolerance. Mirrored Volumes are supported by Windows Server 2003 but not Windows XP. When files are written to the disk they are written to both disks at the same time. It is beneficial to place each drive in a mirror on a separate IDE channel. If one of the drives were to fail then the information would still be available on the other drive. Mirroring adds expense to the system as an additional drive is required. To create a mirrored volume using Disks 1 and 2, right-click on the Unallocated space on Disk 1. Select New Volume. The New Volume Wizard will appear. Click Next to continue. Choose the type of volume that you want to create, in this case Mirrored. N.B. This option will be greyed out on Windows XP computers. Mirrored volume has been selected. Click on Next to continue. Disk 1 is already selected. To add Disk 2 to the mirrored set, click on Disk 2 in the available dynamic disks box. Disk 2 has been selected, click on Add to add the disk to the mirrored set. Both the partitions in a mirrored volume have to be the same size. Since each partition is a copy of the other, the total size of the volume is the size of a single partition. Click Next to continue. The next screen allows the drive to be assigned a letter or to be mounted to an empty folder. To mount the volume to a folder select and specify the location of the folder into the dialog box.
- 67 -
The mirrored volume will be mounted to a folder called important data on the C: drive. N.B. This folder must be located on an NTFS partition/volume. Click on Next to continue. The volume will be formatted using the NTFS file system. Click on Next to continue. The summary page will appear. Click on Finish to create the volume. The new mirrored volume has been created and is displayed across two physical disks. Note the Fault Tolerance and Overhead settings. The new volume appears as a new folder on the C: drive. If one of the disks fail, the drive will still remain intact as shown below. And will still be accessible.
- 68 -
RAID-5 Volumes
RAID 5 Volumes are similar to striped volumes. However, as well as striping the information across 3 disks it also creates parity information, which can be used to recover lost data in the event of a disk failure. Therefore this system is fault-tolerant. You can use anywhere between 3-32 disks in a RAID-5 set. RAID-5 Volumes are only supported by Windows Server 2003 not XP. If one disk fails, its data can be regenerated from the compressed parity information and the remaining data from the other drives in the set. In a RAID-5 set, read speed is increased but write speed is decreased due to the generation of the parity information. Space is used less efficiently than a single drive as the equivalent of one disk in the array is needed for parity information. To create a RAID-5 volume using Disks 0,1 and 2, Right-click on the Unallocated space on Disk 0.
Select New Volume. The New Volume Wizard will appear. Click on Next to continue. Select the type of volume to be created, in this case RAID-5. Click on Next to continue. Disk 0 has already been added. To change the size of the volume, specify the size in MB into the amount of disk space box.
- 69 -
The size of the volume has been changed to 2048MB. To add Disk 1 to the RAID-5 set highlight Disk 1. Click on Add. Disk 1 has been added to the RAID-5 set, notice that 2048MB of space has also been taken from Disk 1. Click on Add to add Disk 2. All partitions in a RAID-5 set have to be the same size. Space equivalent to one of the partitions will be used for the parity information, making the total size 4096MB. Click on Next to continue. This RAID-5 volume will be assigned the drive letter E:. Click on Next to continue. The drive will be formatted with NTFS. Click on Next to continue. The summary page will appear, click on Finish to create the new volume. The new volume is displayed and is spread across three physical disks, notice the fault tolerance and overhead settings The volume appears as a single drive in My Computer. If one the drives fails as shown below, the RAID-5 volume will remain intact. ..and will still be accessible as before, if slightly slower due to the rebuilding of the original data from the parity and remaining data.
- 70 -
Administrator: The Administrator user account has full access to the system and this account should be secure. An administrator can read and access any other users files and change any of the settings on the computer. A good security practice is to rename the Administrator account to something less obvious.
Guest: The Guest user account has very limited access to the computer and is disabled by default. HelpAssistant: The HelpAssistant account can be used to allow a user to remotely access the computer via remote assistance for the sole purpose of troubleshooting user problems. This account is disabled by default.
- 71 -
Support: The support user account is used by the Microsoft help and support service and is disabled by default.
Administrators: Members of the administrator group have full access to the system. By default the administrator user account is a member. Backup Operators: Members of the Backup Operators group are allowed to backup and restore the system even if they do not have permission to access the files and folders.
Guests: Members of the guests group have very limited access to the operating system. The guest user account is a member by default Network Configuration Operators: Members of the network configuration operators group are allowed to configure network related settings on the local machine. Power Users: Members of the Power Users group have slightly less privileges that members of the administrators group. Power Users cannot install device drivers. Members of the power users group can run legacy software not compatible with Windows XP/2003 security.
Remote Desktop Users: Members of the Remote Desktop Users group are allowed to access the local machine remotely by using a Remote Desktop Connection. Replicator: A group account used by the computer to control replication on a domain. Users: Members of the Users group have just enough access to the computer to work, users are not allowed to install and remove software or configure disks and hardware or create new user accounts..
HelpServicesGroup: The HelpServicesGroup is used by the Windows Help and Support Centre.
Roaming Profiles
Roaming profiles are a way of allowing a user to log onto any computer in a workgroup or domain and have the same user profile as if he was logging onto his own local machine. The users documents, settings and home folders will be available to him no matter which machine he/she is using. A user profile is stored on a network share. This profile is then downloaded to the relevant machine when the user logs onto that machine. User profiles are covered in greater detail later on in this course.
- 72 -
appear. Expand Local Users and Groups to configure user and group accounts. Open the Users folder to configure user accounts. A list of all current user accounts is shown. To create a new account right-click on the Users folder. Select New User. Fill out all of the details for the new user account. The User name is the name the person will use to logon to the machine. Choose a password for the user. The User must change password at next logon is a handy option which allows the user to choose his or her own password. The User cannot change password and Password never expires option are only enabled when the User must change password at next logon box is unchecked. Its a good idea to disable a user account when the user goes away on holiday. Certain security settings can also disable accounts. Click on Create to create the new account. Click on Close once you are finished creating user accounts.
- 73 -
The new user has now been created. Right-click on the user to view additional properties. Select Properties. N.B. To reset a users password select Set Password. The General page displays the settings you selected when you created the user. Select Member Of to view group memberships. Currently this user is a member of the Users group. The user can be added to additional groups from here. Click on Profile to view the users profile settings. By default a users profile is stored on the local computer. A network path can be entered here so that the profile becomes roaming. A home folder is a folder where the user can store his/her files. A home folder can be stored on a remote machine and automatically mapped to a drive letter when the user logs on. Roaming Profiles and Home folders are dealt with in greater detail later on in this course. Ross Jacksons details now appear alongside other users folders in the Documents and Settings folder. Ross Jacksons details now appear alongside other users folders in the Documents and Settings folder. The Default User Profile folder contains the settings that are copied to every new user created. By changing the contents of this folder, you can set a standard desktop environment for any new users on a system.
- 74 -
- 75 -
Share Permissions
Shared folder access can be restricted by using Share Permissions. For example, John might be able to read the accounts folder whilst David might be denied access. Share permissions can also be applied to groups. If a user is a member of more than one group then he/she will get the cumulative permissions of all groups. However, the DENY permission will always take precedence. A user or group can be either allowed or denied the following permissions to a folder. READ: Allows a user to view the contents of a folder, and execute files within the folder CHANGE: Allows a user the Read permission, as well as allowing him/her to modify the contents of the folder.
- 76 -
FULL CONTROL: Allows a user the Read and Change Permission as well as changing file permissions and ownership. CAUTION: Shared Folder Permissions only apply to folders being accessed over the network and not for local logons. To restrict access for local logons use NTFS permissions.
Administrative Shares
Windows 2000/XP and 2003 have a number of hidden shares which are created by default when the operating system is installed. These shares are known as administrative shares. Administrative shares are only accessible by the administrator and are hidden when browsing the network. The following are the default administrative shares on a Windows 2000/XP and 2003 computer. <driveletter>$ Each drive on the computer is shared as <driveletter>$ example to access drive C: on server01 you would use \\server01\C$ admin$ The windows folder is shared as admin$ - 77 -
ipc$ The IPC share is used by the Windows File Replication Service.
Sharing a Folder
Before sharing specific folders on a Windows XP Professional machine, simple file sharing needs to be disabled. Click on Tools. Select Folder Options. Select the View tab. Scroll down to the bottom of the Advanced Settings list. Uncheck the Use simple file sharing option. Click on OK to close the Folder Options dialog box. Right-click on the folder you wish to share. Select Sharing and Security Click on Share this folder. A share name is automatically given, however this can be changed here. A comment can also be added if needed. A user limit for the share can also be specified. Remember that Windows XP can only support 10 simultaneous connections. To configure share permissions click on Permissions. Every folder has an Access Control List (ACL) which specifies which users and groups have access to it. Currently the Everyone group has Read permission to the share. Click on Remove to remove the Everyone Group. N.B. You should never deny the Everyone group access since every user on the system would be denied access no matter what other groups they were a member of. It is safer to simply remove the everyone group from the list. - 78 -
Click on Add to add a new user. Enter the name or names of the users and groups that you wish to add to the Access Control List. jacksonr;pauline potter will add the two users jacksonr and Pauline Potter. Click on OK to accept. The users have now been added to the Access Control List. Currently Pauline has Read access to the share. Click on Ross Jackson to configure permissions. Select Allow Full Control to give Ross Jackson full control over the shared folder. Full Control will automatically enable Change and Read. Click on OK to accept. Click on OK to close the folder properties window. The shared folder is displayed with a hand underneath it ..and can be accessed over the network by using the UNC path \\tonypc\UserData. Shared Folders can also be created and managed through the Shared Folders management console in System Tools. Click on Start. Right-click on My Computer. Select Manage. The Computer Management Console will appear. Expand Shared Folders. From here you can create shares, view and disconnect any current sessions and view or disconnect any open files. Click on Shares to create a new share. All the current shares are displayed. To create a new share right-click on the empty space in the share list. Select New File Share. Type or browse for the folder you wish to share into the Folder to share box.
- 79 -
Choose a Share name and an optional description for the new share. D:\Home will be shared as homefolder. Click on Next to continue. Choose the level of permissions that you want and click on Finish. Click on No to close the Create Shared Folder dialog box. The new share has now been created.
- 80 -
You can also map a drive by using a command line. The command is the form of net use <driveletter> \\server\share. e.g. net use z: \\10.0.0.1\public would automatically map drive Z to the share public share located on 10.0.0.1
- 81 -
And close the folder properties page. N.B. The dialog boxes differ slightly in Windows Server 2003. The Optimized for Performance checkbox specifies that users will work on their local copies of files even when online. This option would help to improve performance for the server. Select Folder Options Select the Offline Files tab. Check the box for Enable Offline Files. There are various options which allow you to configure when synchronization should take place. The default Synchronize all offline files before logging off is the most sensible option.. All of your offline files can be accessed from the Offline Files folder. Selecting this box will add a convenient shortcut to the desktop. The Encrypt offline files to secure data option is generally a good option on laptop machines containing sensitive data. Unfortunately the data is still unencrypted when it is transferred over the network. Click on OK to enable Offline Files. Right-click on the share or network drive that you wish to make available offline. Select Make Available Offline. Click on OK to make the entire contents of the folder available offline. The folder is then synchronized. The icon indicates that this folder is now available offline. The folder can be synchronized at any time by right-clicking on it and selecting synchronize. Offline files and folder settings can be changed by selecting the Setup button during synchronization or by selecting the reminder icon on the taskbar. - 83 -
You can choose when you want synchronization to take place and change settings depending on what type of network connection you are using. Theres a wide variety of settings for when synchronisation should occur. There are advantages and disadvantages to each. Examine the contents of each tab carefully. Questions about this are examination favourites.
- 84 -
- 85 -
The current schedule is every day at 7am. Click on Advanced to view additional schedule options. From the Advanced Schedule Options page you can specify a repeat task schedule. e.g. Once every four hours, twice a day. Before using shadow copies from client machines the Previous Versions client software needs to be installed. This can be found on the Server hosting the shadow copy inside the windows\system32\clients\twclient folder. The easiest way to deploy the Shadow Client software is through Group Policy. This will install the software automatically on all Windows XP and 2000 machines on the domain. Group Policy is covered later in this course. Run the twcli32 installer package to install the Previous Versions client on the computer. Once installed connect to the server which has Shadow Copies enabled, and right-click on the share. Select Properties. Select the Previous Version Tab. From here you can view, copy or restore any of the copies of the share displayed.
- 86 -
NTFS Security
NTFS permissions can be used to secure files and folders on an NTFS Partition. Unlike share permissions, NTFS permissions can be assigned to individual files as well as folders. Permissions can be assigned to individual users or groups of users. NTFS permissions apply to the local machine as well as the network. NTFS permissions differ slightly for files and folders. Here is a list of the permissions available:
- 87 -
Modify Allows a user to modify and delete a file and also allows Read/Execute and Write Permissions. Full Control Gives the user full-control over a file, allowing the user to modify permissions and take ownership.
Permission Inheritance
By default all files and folders inherit permissions from their parent. If Read Permission is allowed to the parent folder, all child files and folders below it will also be given Read Permission. This is known as Permission Inheritance. Windows also allows you to block Permission Inheritance, and assign permissions to files and folders individually.
Taking Ownership
Every file and folder created has an owner. This owner is called the creator owner. The owner of an object can deny access to other users including the Administrator. Fortunately the administrator can take ownership of any file or folder on the computer and regain access. To configure folder permissions right-click on the relevant folder. Select Properties. Select Security. The Access Control List (ACL) for the folder is displayed. Click on Add to add a new user to the list. Type in the name of the user, e.g. Pauline Potter. Click on OK to continue. The user Pauline Potter has been added to the ACL and has been given the Read & Execute and List Folder Contents permissions. As well as securing folders, NTFS can also secure individual files. Right-click on the file to configure file permissions. - 88 -
Select Properties. Select the Security Tab. Notice that this file has inherited all the permissions of its parent. Highlight the user Pauline Potter. and select the Deny Full Control Permission. N.B. Similar to share permissions, the Deny permission will always take precedence. Pauline Potter has now been denied access to the file. Click on Advanced to view the advanced options for this file. The Permissions tab allows you to fine-tune permissions. To view the special permissions available for this file click on Add. and specify a user. Click on OK. A list of permissions are shown which allows an administrator to fine-tune access to the file or folder. The owner tab displays the owner of the file. Users with the right to take ownership can take control of the file from here. The Effective Permissions page can be used to determine what level of access a user or group will have to this file. For example, the user Pauline Potter has no access to the file. Even though she has read and execute permission to the parent folder. The user will receive an error message when attempting to open the file.
- 89 -
copying a file on the same NTFS partition, a new version of the file is made, so it will inherit the permissions of its parent.
- 90 -
Disk Quotas
Disk Quotas enable an administrator to limit the amount of disk space available to users on a partition. 3 users, each with different Quotas Fred 500MB George- 8MB Susan 500MB Disk Quotas are only available on NTFS partitions. To create a quota, right-click on the relevant drive. Select Properties. Select the Quota Tab. Select the Enable Quota management checkbox to enable quotas for this drive. Select the Deny Disk space to users exceeding quota limit checkbox to prevent users from exceeding their quota limits. Select the Limit Disk space to option to set the disk quota limits. Select the Limit Disk space to option to set the disk quota limits. Select the Limit and Warning levels. It is a good idea to log when a user exceeds his quota limit or reaches his warning level. This quota will apply to all users of the system except the Administrator. Select Quota Entries to configure individual quota limits. Select Quota. Select New Quota Entry. Specify the user you want to set the quota limit for.
- 91 -
Click OK Select the quota limits you want to apply to the user. Click OK. The quota limits are displayed in the quota entries box. N.B. The administrator has no quota limit. Click on Apply to start the quota. Click on OK to accept the warning. The disk quota is now active. The user jacksonr is now only allowed 20MB on Disk D:.
- 92 -
This is the window seen when encrypting or compressing a file. The corresponding window for a folder is very similar. You cannot Encrypt and Compress a file or folder Files can also be compressed or encrypted from a command line These commands can also be used to discover the attributes of objects, or to change the attribute of a particular file type.
/f forces action /s:x affects directory x /s: affects current directory /q gives no reports /i ignores error and continues /file1 file2 file3 (note spaces between multiple files) /*.txt *.doc *.htm (note use of wildcard)
- 94 -
Printing Overview
One of the most important devices in any of todays offices is a printer. A printer, just like files and folders, can be shared amongst other users on the network. A Windows Server or XP Professional machine can act as a print server to share the printer and make it available to other machines on the network. A printer is a software representation of a physical print device. It must not be confused with the printing device itself. A print driver is a piece of software that converts print jobs into a format that the print device understands. A print server is a computer that receives print jobs before processing them and passing them onto the print device. A print device is the physical device that produces the final hard copy.
The print process starts with a user making a request to print from their computer. This print job is passed onto a printer (remember, a printer is a software device) configured on the local machine. If the client operating system is Microsoft 32-bit then the local printer formats the print job. If it is Windows 2000/2003/XP or Windows NT 4 then the client also contacts the print server to ensure it has the most recent version of the printer drivers. If it does not, the newer version is downloaded. If the client operating system is not Microsoft 32-bit then a remote procedure call is made to pass the job to the print server. If the print server is not available, the print job is held in a local spooler until the print server can be contacted. When the print server receives the job (in RAW format) the job is written directly to disk. It is also assigned a position in the print queue. The default behavior is to place the job at the end of the queue so that the first job sent to the print server is the first printed. However, this can be changed with priority levels. Once the job reaches the front of the queue, it is converted into a bitmap format and passed on to the physical print device. When IIS (Internet Information Services) is installed, a client can manage and connect to printers using a web-browser. When connecting to a network printer a URL can be specified - 95 -
as the printer, this will allow a user to submit print jobs over the Internet. IPP (Internet Printing Protocol) is only available on machines with IIS installed. IIS is covered in greater detail later on in this course. Windows can connect to printers on other platforms such as the Line Printer Remote Protocol (LPR) used by UNIX. A Windows Server 2003 or XP machine can also share drivers for other platforms such as Windows XP 64Bit or Windows NT 4.0. A printer can be set up to work with the Fax Service which will allow a Windows machine to send and receive faxes.
- 96 -
Select A network printer. Click on Next to continue. The wizard will ask you where the printer is, you can either browse for or specify a printer using a URL or an UNC path. For example \\10.0.0.243\hplaserj.2 will connect to a printer shared on the machine 10.0.0.243. Click on Next to continue. The computer will automatically download drivers from the Print Server. Click on Yes to accept the warning. Choose whether you want the printer to be your default and click Next. A summary page will appear, verify all options are correct and click Finish. The new printer is displayed in the Printers and Faxes window and is marked as default.
- 98 -
The Print permission allows a user or group to print to a printer. The Manage Documents permission allows a user to pause, restart and delete queued documents. This permission does not allow a user to change any of the printer settings. For example the Everyone group has been given the Print permission by default so all users can print to the printer but not manage the printer or other peoples print jobs. Click on OK to continue. The printer has now been shared.
Print Scheduling
Printer Scheduling is a method of preventing print jobs from being processed until a set time. It can be used in situations such as a department printing large, non-urgent reports and another that prints single page urgent documents. You can configure two printers for one physical print device. One of the printers can be set to only print outside office hours. Another can be set to print immediately. Only those people who need to print the urgent documents have the Print permission for that printer. This means that the single page documents will print out immediately, and the large reports will be waiting for their owners when they come into work the next day. Printer Scheduling is set up from the Advanced tab of the printers properties page. Click Available from. This might be set to be from 10:00 to 18:00. Another printer can be shared using the same print device with a different schedule. The two printers can then be used by different users. A printer can be given a priority, so that jobs sent to this print device using this printer can be given higher precedence over jobs from other printers. 1 is the lowest priority and 99 is the highest. For example two printers can be created, one for the Managers having a priority of 99 and one for standard users having a priority of 1. The Managers Documents will always print before the users documents.
- 99 -
Printer Pooling
Printer pooling involves assigning multiple print devices to a single printer. A printer pool would be used in a setting where there is a large amount of printing done, such as in a secretarial environment. Printer pools reduce the amount of time employees spend waiting for their printouts, and thus increase productivity. When print devices are pooled the printer sends the print job to the first available print device. To create a printer pool, all the printers MUST be identical, i.e., they must all function using the same driver. Printer pooling is configured from the Ports tab. First, you click the Enable printer pooling checkbox at the bottom. If you dont click the Enable printer pooling checkbox first, then you can only select one port from the list. When you click OK, the print devices will be pooled, and the printer will send each print job to the first available print device.
- 100 -
Using DMA, a device can directly transfer data to the RAM without using the processor, thus freeing up the processor for other tasks. . If two devices tried to use the same DMA channel, this would cause a hardware conflict.
Multiple Displays
Multiple Display Support. Windows XP/2003 adds support for up to nine display adapters. Any video adapters used for multiple displays must either be PCI or AGP cards. All video adapters must support multiple displays including any on-board cards. On-board Video Adapters. If the the on-board video card is to be used as well as a separate video adapter, then install Windows XP/2003 before installing the new device. Windows setup will disable any on-board video card if a separate video-adapter is located. In some systems the BIOS will disable the on-board card if another adapter is found, there may be no way to overcome this. Configuration. One video adapter must be set as the primary. This adapter cannot be switched off as the other adapters will use it as a marking point when extending the desktop.
Device Manager
Hardware is administered through the Device Manager utility, which is the users main administrative interface with a machines hardware. It can be used to:
Check the configuration of hardware devices Install or update drivers Remove or disable hardware
This utility can be accessed from Start > Settings > Control Panel > System > Hardware tab > Device Manager. Alternatively, right-click on My Computer > Properties > Hardware tab > Device Manager. A device can be uninstalled from this window. When the device is selected, the window changes subtly. Note this icon. Hardware changes can be detected in the device by clicking this. - 102 -
This feature is available from the Action menu or from right-clicking on an item. If the item is expanded, more operations are available: Note these icons. Hardware devices can be disabled or deleted from here. Alternatively, right-click on the highlighted device, or click on the Action button. You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. Domain wide policies must also permit this! An Exclamation Mark indicates a device has a problem. Generally this will be a driver issue. A red cross indicates that the device has been disabled. To check the properties of a hardware item, double click on the icon, or right click and select Properties. The message that a device is working properly does not always means its doing what is required of it. Devices can be enabled or disabled as required dependent upon the hardware profile required. The number and type of tabs varies according to the particular Hardware Device selected. The Driver tab allows you to configure drivers for the device. A driver is a software interface that allows the operating system to use the hardware. Common to all devices is the Resources Tab. This lists the computer resources used by the particular device to interact with the processor and the computer memory. Any conflict reported here implies that changes have to be made to the IRQ or I/O resources allocated to this device.
- 103 -
- 104 -
Driver Signing
Driver signing is a digital imprint that is Microsofts way of guaranteeing that a driver has been tested and will work with the operating system. Digitally signing a file is the process by which you can guarantee that a particular file comes from the source that it claims to come from. The application of driver signing is governed by a policy set using the System program in the Control Panel. Driver Signing is configured through the system applet in Control Panel or from the Properties of My Computer. Select the Hardware Tab. Click the Driver Signing button. Ignore will allow all device drivers to be installed whether they are digitally signed or not. Warn will display a warning message where an Installation is attempted on a device driver without a digital signature. Block will prevent an installation of an unsigned device driver. Notice the default Setting is Warn. Choose an option and click OK.
- 105 -
Hardware Profiles
Hardware Profiles tell your Windows computer which devices to start and what setting to use for each device. You can have more than one hardware profile on a Windows XP/2003 computer. Hardware profiles are useful if you have a portable computer and use it in a variety of locations. When you first install Windows Server 2003 or XP, a hardware profile called Profile 1 is created. By default, this profile contains every device that is installed on your computer at the time you install the operating system.
- 106 -
The computer is now running in the second hardware profile. Device manager can disable any devices that wont be used in this profile. Right-Click on the Device to be disabled and select Properties. Select Device usage. Select Do not use this device in the current hardware profile (disable). Select OK to continue. The Modem has now been disabled. When the user logs on with this profile, there will be no Modem operational.
- 107 -
Hibernation will allow you to save your computers current state before powering down. This will allow you to reboot the computer quickly, returning you to your previous session.
UPS Devices
These come in all shapes and sizes but essentially do the same job. In the event of a mains failure they provide emergency battery power to keep a system alive until it can be safely shut down, or until the power is restored. A UPS device should do its basic job merely by being plugged in. However, it can only be configured by starting the UPS service. First, the device has to be identified to the system. Once a device has been selected options for configuration become availableChoose one, and click finish. While the basic UPS function works as soon as the unit is plugged in, the configurable settings only work when the UPS Service is started. Unfortunately, no clue appears on screen as to whether the service is running or not. Delve into Administrative tools for this This list of services is accessed through Computer Management > Services. The service needs to be started manually. (Right-clicking brings up the required menu.)
- 109 -
To access the Windows Event Viewer, click on Start. Right-click on My Computer and select Manage. In the left pane are the different Logs available. The information in the right pane shows the events that have been logged. The Application log records the applications which are running on the computer and also their status. The Security Log records events which relate to the security of the network e.g. failed login attempts.
- 110 -
The System Log records Events which relate to the operating system. E.g. the failure of a device. Double-Click on an event to view its Properties. An error with the time service has been identified. This may lead to strange problems on the network. Over time log files will grow and need to be managed. A log can be cleared or saved for future analysis. Right-Click on the Log to be cleared. Over time log files will grow and need to be managed. A log can be cleared or saved for future analysis. Select Clear all Events. You are now given the option to save the Event Log before you erase it. Click on No if you do not wish to save the log. The System Log has now been cleared. Sometimes you can have too much information. The log may be filtered to display only the information required. Right-click on the Event log to be filtered. Select Properties. Select the Filter tab. The Event Types box determines what is to be displayed. Untick any event that shouldnt be displayed. Click On OK to apply the filter. A filter has been created to display only Error messages. This can make errors easier to locate and troubleshoot.
Task Manager
The Windows Task Manager is a useful utility which is most frequently used to close hung applications. - 111 -
The Task Manager can also be used to view basic performance information about the machine such as Processor and Network Usage. For more in-depth performance monitoring the Windows performance monitor should be used. To Access the Task Manager right-click on the Taskbar. Task Manager can also be accessed from the Windows Security Dialog Box by holding down Ctrl, Alt and Delete and selecting Task Manager. Select Task Manager. The Task Manager shows the current Applications that are running on the machine. Applications can be stopped and started using the Task Manager. Click on the End Task button to close down the highlighted application. Notepad has been closed down. To start a new task, select New Task. The Create New Task box appears. Type in the name of the Task e.g. Notepad. Then click OK. To view the Processes currently running on the system select the Processes Tab. From here you can stop a running process. If, for example, Windows explorer crashes you can stop explorer.exe and restart it using the New Task command from the Applications tab. To close down Windows explorer highlight explorer.exe. and select End Process. Windows explorer will then be closed down. Select New Task from the Applications tab and restart explorer.exe. To view the computers current Performance statistics, select the Performance Tab. From the here you can view current Processor and Page file usage. For a more in-depth reading you should use the Windows Performance Monitor. From the Networking tab you can view information about how much traffic a network adapter is sending and receiving.
- 112 -
The Users tab displays which users are currently logged on to the system. You can also Disconnect, Logoff and Send Messages to other local users from here.
- 113 -
Performance Monitor
Performance Monitor allows you to view your computers performance for such things as the Processor and Hard Disk usage. Using Performance Monitor can help identify potential bottlenecks which may be slowing a system down. It can also be used to monitor the performance of other machines on the network. To access the Windows Server 2003 Performance Monitor click on Start. Highlight All Programs. Highlight Administrative Tools. Click Performance. Another and quicker way of accessing the Performance monitor is by using the Run command. Click on Start. Click Run. Type in Perfmon in the Run dialog box. Then click OK. The Windows 2003 Performance Monitor will appear. The current window shows a chart. This chart can show multiple Counters i.e. the objects to be monitored. Click on the Add icon to add a Counter.
Default Counters
Pages/sec: This counter measures the amount of times the page file on a hard drive is accessed. A high value of pages/sec indicates low available RAM (a value over 20 is considered high with a value of 4/5 being ideal). The solution would be to add more memory Average disk queue length: This measures the number of operations waiting to be written to the hard drive. A high value indicates a slow disk drive (a consistent value of 2 or above is considered high). The solution would be to add a faster hard drive or split operations between multiple hard drives. %processor time is a measure of how much work the processor is doing. A consistently high value (80% and above) indicates an overworked processor. The solution would be to either add additional processors and/or upgrade to a faster processor.
- 114 -
This is the Add Counters Window. The Performance object is the actual device you want to monitor, e.g. The Processor. The counters list allows you to monitor various settings for the Performance object you have selected. e.g. % Processor Time. Click on the Add button to add a counter to monitor the Processor Time. Click on the down arrow in the Performance Object to select additional Performance Objectsand a list of additional Performance objects is displayed. Click on the Memory Object. Select the Available MBytes counter to monitor how much Memory is available. If this value drops below 4MB there may be a memory bottleneck. Click Add and then select Close to begin Monitoring. Now the chart shows the current Processor time and Available Mbytes. (There are also two other views, the Histogram View and the Report View.) Click here to select the Histogram view. Click here to select the Report View. The Report view gives the most accurate reading. The information gleaned from the performance monitor suggests that both the Processor and Memory are in working order. It is best to monitor a machine during peak usage time.
Additional Monitors
NTDS Is used for monitoring the Active Directory. By using System Monitor you can track the performance of the active directory database. Domain Name System (DNS) Monitoring is used to check and troubleshoot DNS servers, also to troubleshoot the DNS configuration for Active Directory.
- 116 -
Dynamic Host Configuration Protocol (DHCP) Monitoring is used for troubleshooting and monitoring the performance of DHCP Servers.
Paging File
The Paging File also known as the Swap File/Virtual Memory is a file on the hard drive that acts as temporary memory space when the physical memory is full. A good way to troubleshoot paging file problems is to move the paging file to a separate physical disk and IDE channel (Or a separate hard drive for SCSI systems). This is good practice in any event.
- 117 -
Windows uses dynamic page file sizing. The continual re-sizing of the page file, as demand increases and decreases, puts additional load on system resources. By setting the minimum size to the maximum size, the page file stays at a constant size regardless of the system usage. This lowers the overhead on the processor and the hard drive. If performance with the Swap File becomes an ongoing problem, a better long-term solution may be to increase a computers memory. To amend the size of the paging file, right click My Computer and select Properties. Select the Advanced tab. Click on Performance Settings. The visual effects tab allows you to tune the machine to enhance performance by reducing visual effects. Both processor and memory can be tuned to enhance server function or application function. Click on Change to open the Virtual Memory window. To change the location of the page file select a different drive and set the size required. Then on the original drive select no paging file. After every single change click the Set button otherwise your settings will be forgotten by the machine.
- 118 -
- 119 -
Explore the Schedule Tab next. The maximum log file size can also be set. The Schedule tab specifies when the log should start. Click on Manually (using the shortcut menu) to start the log manually and select OK. To start the log, right-click on the Processor Performance log. Click on Start. Green indicates that the log has started. The file is located inside the PerfLogs folder. The log file can be opened with an application such as Excel and displayed as a graph or chart or in system monitor. Remember to add the correct counters to system monitor before you import the log.
Creating an Alert
To create a new alert, right-click on Alerts. Select New Alert Settings. Type in a name for the new alert. Click on Add to add a counter. Select the relevant counter and click Add. Once all necessary counters have been added, click on Close. Change the Alert value to over 60%. Click on the Action tab. The form of the alert can be set here. (Having a network message sent is perhaps the most fun) Type in the IP address or name of the machine to which the message should be sent.
- 120 -
Click on the Schedule Tab. The schedule tab specifies when the alert should start. Click on Manually to start the alert manually. Click on OK to create the alert. To start the alert, right-click on the Processor alert. Click on Start. Green indicates that the alert has started, and is ready for the triggering event. Every time the processor time goes above 60% a network message is sent to 10.0.0.219. The alert is also logged to the event viewer.
- 121 -
Network Monitor
Network Monitor is a utility that allows the monitoring of network traffic between machines. The Network Monitor is an essential troubleshooting tool for diagnosing network performance and protocol problems. The Network Monitor provided with Windows 2003 only allows viewing traffic to and from the local machine. The Network Monitor on the Windows 2003 Resource Kit allows monitoring of all parts of the network. To install Network Monitor, Open the Add/Remove programs wizard and Click on Add/Remove Windows Components. Highlight Management and Monitoring Tools. Then click Details. Tick the Network Monitor Tools check box. Then click OK. Installation of the components will then begin. Click Finish to complete the installation of Network Monitor. Once installed, the facility can be called. Click on Start button. Highlight Administrative Tools. Click on Network Monitor. Click on OK to select the network. Select Local Area Connection. Click on OK to start monitoring. Network Monitor now opens. Click on Capture. Click on Start to monitor network traffic. From a different computer on the same network a message is sent using the net send command. Click on OK to acknowledge the message has been received. Click on Stop to end Network Monitoring. To view the report of network activity click on Display Captured Data. Once the data is displayed three different panes can be viewed together (as shown) or separately by activating the different buttons on the toolbar.
- 122 -
The Summary Pane gives an account of each packet collected. The Detail Pane gives a review of the highlighted frame from the Summary Pane. The Hex Pane shows the data inside the packets e.g.the mac address and the message itself. Amongst other things, this highlights the need for encryption of sensitive data over a network. Plaintext passwords, for example, can be easily read.
- 123 -
Security Overview
The object of security is to protect data and its availability being compromised by malice or by accident. In Windows there are two main strands to security specific access permissions and authentication. Specific permissions can be applied to users, groups, or resources. Authentication confirms to the machine or network that a user has an account with permissions to log on. Individual servers and workstations need protection. As do the connections between them especially if the connection is over the internet. In addition to making organisational precautions through software settings, attention should be given to the physical security of the system. The items illustrated can all be physically removed from a machine or indeed a building and therefore may require physical security. A last theme of security is that of Auditing. This allows the administrator to view the history of who has attempted to access a resource and whether they succeeded. Security can be set at the level of the individual machine or across a wider unit such as a domain. In each case the principles of securing the hardware, software and user access apply.
Security Considerations
Passwords are a principal device for restricting access to a machine or network. However, passwords can be guessed or stolen. To guard against theft or discovery, passwords should be changed frequently. Windows can enforce a password changing policy upon its users. To counter guessing, quite simply, the passwords need to be made as long and as complex as is practicable. A single letter password chosen from az might be guessed after 26 attempts. A two letter password has 26 times more possibilities (676). The following table shows this sequence of increasing complexity: 1 26 possibilities 2 676 possibilities 4 456976 possibilities 8 208827064576 possibilities For passwords using az Windows permits passwords of up to 127 characters, but recommends at least 7 for a password.
- 124 -
A single letter password chosen from a to z gives a base of 26 elements, but if the choice of elements includes upper-case letters and other symbols, thus the complexity level is increased significantly, and the password integrity is strengthened. The length and the composition of a users password can be specified in a security policy, either for an individual machine or for a domain. The lifetime of a password can also be set by this policy and the reuse of old passwords may also be prevented. In summary, for a password to be strong and difficult to crack, it should:
Be at least seven characters long. Be significantly different from your previous passwords. Not contain your own name or user name. (Nor the name of spouse, children, pets etc.) Not be a common word or name. Have at least one symbol character in the second through sixth positions. Contain Letters a-z, A-Z, Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 and Symbols` ~ ! @ # $ % ^&*()_+={}|[]\:;<>?,./
There are many facets of computer operation which need protection from unwarranted interference. Files Files need to be read by some users, modified by other users, backed up by yet other users, encrypted by owners and hidden from most! This is apart from needing to create files, delete files and share them across a network. Each of these is possible simultaneously in Windows because of the facility to set individual detailed permissions. Granting Permissions There is a permission for viewing and changing permissions on files and folders. When new resources are created, this permission needs to be configured carefully. Domains And Sites Permissions for access to larger units such as a domain are separate from those granted for local resources. Changes to one arent reflected in the other. For example if a users account is disabled for a local resource, the domain account may still be active.
- 125 -
Configuration Settings for users or sites can be made so that such things as Control Panel and Administrative Tools are not available to a user or range of users. This is used to enhance security, but it can also be used to enforce corporate themes and identities across users desktops. Installing Applications The facility to install applications should not be distributed lightly. Non-standard, unsupported or defective applications can be a drain upon available technical support time, and interfere with multi-layer processes. This facility can be controlled quite closely with Windows. Network Access Rogue servers and users can attach themselves to a network, pretending to be something theyre not and gain access to private data. Long cable runs and internet links are weak points for the monitoring of traffic hence a need for encryption.
Kerberos v5
Kerberos V5 is the primary security protocol for authentication within a domain. (Windows can use others such as SSL, TLS & NTLM.) The Kerberos V5 protocol verifies both the identity of the user to the network services and the service to the user. This form of verification is known as mutual authentication. Kerberos is named after the legendary 3headed hound which guarded the gateway to Hades, the ancient Greek version of Hell. The Kerberos V5 authentication mechanism issues tickets for accessing network services. These tickets contain encrypted data, including a users encrypted password and unique SID that confirms the users identity to the requested service. Except for possibly entering an additional password or smart card credentials, the entire authentication process is invisible to the user. Kerberos v5 authentication is automatically enabled when you install Windows 2000/XP and Server 2003. For Kerberos to work, both the client and the machine the resource resides upon must be running Windows 2000 or later. Tickets that are successfully Authenticated against the records in Active Directory grants the user access to the various resources in the domain for which he has permission without him having to identify himself with a user name and password each time. All this is invisible to the user and also largely, to the administrator. However, it is useful to be able to understand the authentication procedure Kerberos uses. - 126 -
NTLM Authentication
Pre-Windows 2000 clients use a protocol called NTLM (NT LAN Manager) to authenticate on the network. For backward compatibility Windows Server 2003 continues to support NTLM authentication. NTLM uses less secure authentication and is not as preferable as Kerberos however for NT 4.0 and Windows 9x/Me it is the only available authentication protocol.
- 127 -
- 128 -
Password complexity rules prevent a user using, for example, a long string of zeroes or their name as a password. Once enabled, an administrator might be warned that a new password doesnt meet complexity rules, but it wouldnt tell him what these are. Strangely, a user required to change a password at next login IS informed what the complexity rules are. ( See Security Considerations.) The complexity rules are fixed in unless the Microsoft Software Development kit is installed. The Default rules are as follows.
Account Policies
Malicious (or capricious) persons may occasionally attempt to guess at passwords, especially those for the administrator account. It is possible to deter this practice by locking out further attempts for a period of time.
- 129 -
If the Account Lockout Policy object is expanded, the pane of options is revealed. Lockout Duration determines how long attempts at login are ignored after a specific number of failed logons. This can be anywhere between 1 and 99999 minutes (over two months) The 0 minute option locks the machine until an administrator unlocks it. Lockout threshold determines how many wrong attempts at login are allowed before lockout. Up to 999 attempts can be allowed. A figure of zero permits unlimited guesses at the login name and password. The Reset Counter has its function in the following sort of scenario: A user mistypes her password a couple of times and, to avoid the inconvenience of being locked out for the next half hour, chooses to wait a shorter period of time before making another hopefully correct attempt. There is a logical connection between these three lockout policy settings, and a change in one has an implication for the others. By way of illustration, right-click on the Lockout Threshold item and select Properties. Select a sensible figure for the number of invalid logon attempts, and see what happens when OK is clicked. Whichever option is set, this dialogue box appears to suggest reasonable settings for the other two. Click OK to review all the settings which result. The suggested selection of settings is usually entirely reasonable.
Local Policies
Expand Local Policies. Expand Security Options. These are some of the options that can be configured as part of a security policy. Some, all or none of these options can be configured depending on your requirements. For example If the security requirements of the local machine dictate that the last users name not be displayed in the logon screen then, Right click on this setting and select properties. Enabling this setting is simply a matter of checking the radio button: and clicking OK. - 130 -
- 131 -
Directory Service is used to audit access to Active Directory Objects. Again, this is more useful on a Domain. Auditing Logon events is a useful option because it allows you to log who is logging on to the local machine. Object access can be used to audit access to resources on the local machine. As well as enabling it here the object will also need to be configured. Policy Change audits will log anything relating to security policies being modified on the machine. Users who are using their privileges to perform tasks on the machines can be logged by enabling Audit privilege use. Process tracking can be used to log which processes are running on the machine. This should be not be enabled unless absolutely necessary because of the large amount of entries it can create. The Audit system events setting determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. Right-click on the item to be audited and select Properties. (Alternatively, click on the Action button in the toolbar.) Checking either or both of these boxes is all thats required to enable auditing of logon events. Click OK to close this window. confirm that auditing for this action has been enabled. The event viewer contains a security log which shows audit events. Double-click on an entry to view its contents. This entry shows that someone attempted to login as an Administrator and failed to type the correct password. From here the date, time and the machine which was used to make the logon attempt can be seen. Sometimes details need to be printed to a file. Clicking here copies the details to the clipboard. - 132 -
Refreshing Policies
Security Policies arent immediately applied to the machine and often a restart is required. However a command line utility gpupdate can be used to refresh the computers security policy without a restart. The command gpupdate /target:computer can be used to refresh the computer policy. The gpupdate /target:user policy is used when refreshing user group policy settings, which are covered later.
- 133 -
- 134 -
select the appropriate radio button. The Explain tab gives a detailed explanation of the objects function The previous and next policy buttons allow the administrator to scroll through all the available policies until he finds one that fulfils his requirements The quick scan facility is very useful in view of the enormous number of options available: The best way to get familiar will all of these settings is to play around with them. Be careful not to lock yourself out of the machine. There are as many options again for configuring users rights As can be seen from the panel on the left. The foregoing configuration opportunities give an administrator a wide range of options for setting security. However, a basic list of essential security features might include disabling the following :
Command Prompt, Control Panel, MMC, Installing programs from floppy, CD or DVD, Shutdown, Previous Login name, Registry editing tools
(You might also consider configuring a Web Home Page.) Group Policy is applied to the machine and all users of it including the Administrator. He can permanently remove his own control.
- 135 -
Security Templates
Security settings can be set through predefined Security Templates. There are various grades of these of increasingly restrictive security. Each of them can be customised, and saved to be used in various group policies for local machines and domains. This is such a handy and much-used facility that there is an MMC Snap in just for it: The Security Templates snap-in is used to manage security templates. This tool permits an existing template to be customised if required and saved in the default folder systemroot\security\templates as an .inf file, for deployment later. These templates have descriptive names. For example workstations (wk ws, or w), servers (sv or s) and domain controllers (dc) are clearly indicated. This is a useful aide-memoire for the exam. Compatible Templates This is needed for compatibility with older applications. These applications should be run under Power Users accounts. Secure Templates Amongst other things, these have restricted settings for Security options in Account Policies. Windows NT 4.0 machines must have Service Pack 4 installed to use this Highly Secure Templates Communicates only with Windows 2000+ machines, empties the Power Users group, protects network traffic with IPSec. Setup security This is the default policy applied to servers and clients and can be used to restore a machine to its original settings. rootsec Rootsec applies permissions to the root of the system drive and all its subfolders
- 136 -
iesacls Iesacls sets permissions on registry keys for internet explorer. While its perfectly possible to edit the .inf files in the Templates folder using Notepad, a safer alternative is suggested here. Highlight an existing template and save it under a different name. (Right-click and select Save As) Settings can then be viewed and altered just as if you are editing the local security policy. Security templates can be easily transferred to other machines and applied. Templates are also a great way of backing up your security settings.
Clicking here reveals the analysing display. This checks items as they are compared with the model in the database. Nothing appears to have happened after all this, but the items which might need to be altered appear in the tree. To find out if anything needs to be altered, the log file needs to be viewed. Right click here and select view log file. There are two displays of the analysis results here, shown in the left and right panes. Scroll the right pane, looking for the flagged mismatches. The analysis can be displayed graphically by browsing through the various policy folders. Items with a red-cross do not match the settings in the template. You can then apply the template to the machine by right-clicking on Security Configuration and Analysis. And selecting Configure Computer Now. All settings in the template are now applied to the computer. N.B. You will need to reanalyze the computer to obtain this page.
- 138 -
Configuring services
There are a great many services within the Windows operating system. Services are normally accessed from other applications e.g. When the computer needs an IP address from a DHCP server a call is made to the DHCP client service to contact a DHCP server and request an IP address. Services can be started in 2 ways: Automatically. The service is started as by the operating system when needed and runs continually until the operating system shuts down. e.g. the event log, thus logging all events occurring on the machine. Manually. The administrator accesses the service and manually starts the service. e.g. the routing service. Routing service is only required if the machine is performing routing functions. Services can be configured from the Services Management Console from Computer Management. Expand Services and Applications. Open the Services Console. This console can also be added as a snap-in to an MMC console (See Earlier). The Services Console shows a list of all the services currently installed on the computer as well as there status. Rightclick on a Service to view its configuration options. The Service can be Started, Stopped, Paused and Restarted from the rightclick menu. Select Properties to configure the service. An explanation of the service is shown. The Service status shows that the service is currently not running. Click on Startup type to configure how the service will be started. Automatic specifies that the service is started when needed by the computer. Manual specifies that it can only be started Manually and Disabled completely disables the service. The Service has now been disabled and cannot be started by the Operating System unless enabled again.
- 139 -
The Log On tab specifies which user the service will run as well as which hardware profile it will use. The Recovery Tab specifies which failovers to use if the service doesnt start. Some services are absolutely vital to the proper functioning of the computer. Some services depend on other services. The Dependencies Tab shows this. If other services depend on this service then they would also stop when this service is stopped. You should take the time to become familiar with the various services as you will need this knowledge later when designing and implementing security.
- 140 -
Backup Types
When using the backup utility you must decide which backup type to perform. The different backup types relate in one way or another to an attribute maintained by every file, this attribute is known as the The Archive Attribute. The archive (A) attribute is a flag that is set whenever a file is created or changed. Once a file has been backed up, the archive bit is cleared until the file is modified. You can also modify this attribute manually. To do this, right-click on any file, select Properties and then Advanced. The archive flag can then be set by using the File is ready for archiving control.
Normal Backups
With a normal backup, all selected files and folders are backed up. As each file is backed up, the archive attribute is cleared. A normal backup does not use the archive attribute to determine which files to backup. Every backup strategy should begin with a normal backup. A normal backup is often the most time and space consuming method. However, restores from a normal backup are the most efficient.
Incremental Backups
With incremental backups, selected files with the archive attribute set are backed up. The archive bit for the file is then cleared. If you perform an incremental backup one day after a normal backup, the job will contain only files that were created or changed during the day. Incremental backups are the fastest and smallest type of backup. However, they are less efficient to restore. You must first restore a normal backup and then restore, in order of creation, each incremental backup.
- 141 -
Differential Backups
With differential backups, selected files with the archive attribute are backed up, but the archive attribute is not cleared. A differential backup will contain files that have changed since the last normal or incremental backup but not the last differential backup. Differential backups are more efficient than incremental backups, however they may take up a lot of space. To restore a system, you would perform a normal backup followed by the most recent differential backup.
- 142 -
With a Differential backup strategy, all files are backed up on a Monday. All files that have changed since the normal backup are backed up with each Differential Backup. If the hard disk fails on the server on a Friday, then you would restore Mondays Normal Backup, followed by Thursdays Differential Backup.
Backup Types
With copy backups, all selected files and folders are backed up. A copy backup neither clears or uses the archive bit. A copy backup can be used to copy or backup the computer without affecting a normal backup schedule. With daily backups, all selected files and folders that have changed during the day are backed up based on the modify date of the files. The archive attribute is neither used or cleared. Daily backups can be used to perform a backup without affecting a normal backup schedule.
- 143 -
Performing a Backup
This lesson will show you, step by step, how to perform the various types of backup as described in the previous lesson. In the following example, the C:\Data folder will be backed up using the Backup Utility. Notice that the A (Archive Attribute) is currently set for all of the files. The backup utility can be quickly accessed by typing the command ntbackup. By default, the Backup Utility will use Wizard Mode. Uncheck the Always start in wizard mode checkbox. Select Advanced Mode, which enables you to configure the backup exactly as you want it. Select the Backup tab. From the tree view, select the location of the backup. Check the box next to the folder you wish to backup, e.g. Data. You can also backup an entire drive by selecting the checkbox next to the relevant drive letter. Once you have selected all the files you wish to backup, you can save the selection by clicking Job. And selecting Save Selections. Choose a name for the backup selection and click Save. You can now open the backup selection each time you perform a backup, rather than reselecting all of the files. Next, specify a location for the backup, e.g. A network share or removable hard disk. Once a location has been specified, select the Start Backup button.
- 144 -
Because this is a new backup, you should select the Replace the data on the media with this backup radio button. Select the Advanced Option. The Disable volume shadow copy option allows the backup of locked and open files. If this option is selected, some files that are open or in use might be skipped. You can choose the Backup type from the Backup Type drop-down list. In this case, a Normal backup is required. Click on OK once all options have been configured. To begin the backup select Start Backup. The backup will then begin. Once completed, you can either view a Report or Close the Backup dialog box. Notice that the Archive attribute on the files in the data folder have now been cleared. The backup has been saved to the network share as databackup.bkf.
Select the Backup type drop-down list. Select the Differential Option. Click on OK once all options have been configured. Click on Start Backup to begin the backup process. Once the backup is complete, click on Close. Notice that the archive bit on the modified file stays selected. The differential backup will only contain this file.
The backup utility allows you to schedule backup jobs to run at pre-set times. In this example, every Monday a normal backup of the entire computer is performed. Every Tuesday, Wednesday, Thursday and Friday nights, an incremental backup of the data folder is performed. Launch the ntbackup utility and select the Schedule Jobs tab. Select the Add Job button. Click on Next to continue. Select which files you would like to backup, in this case Back up everything on this computer. Once selected, click Next. Choose a name and location for the backup and click Next. Ensure Normal backup is selected and click Next. Click on Next to continue. Because this is a normal backup, data should not be appended to the end of an existing backup. Select the Replace the existing backup radio button. Click on Next to continue. Choose a name for the Schedule and then select the Set Schedule button. Using the Schedule options, a backup schedule for the job can be set. In this example, a normal backup will be performed every Monday night. Click on OK to continue. The scheduled task will need to run with the permissions of a user with the relevant rights, e.g. A member of the Administrators or Backup Operators group. Click on OK to continue. Click on Next to continue. Click on Finish to close the wizard.
- 147 -
The normal backup job has now been created. Click on Add Job to create the incremental backup schedule. Click on Next to continue. Select which files you would like to backup, in this case Back up selected files, drives, or network data. Once selected, click Next. Select the files to be backed up. Click on Next to continue. Click on Next to continue. Select the Backup type drop-down list and select Incremental. Click on Next to continue. Click on Next to continue. Because this is an incremental backup, it is often easier to append data to the end of an existing backup. Click on Next to continue. N.B. You should set the Tuesday backup to replace the existing backup . Choose a name for the backup job and click Set Schedule. Choose a schedule from the available options. The backup will be performed at midnight every Tuesday, Wednesday, Thursday, and Friday. Click on Next to continue. Click on Next to continue. Click on Finish to close the wizard. The backup schedule has now been set.
- 148 -
Restoring Data
Restoring a normal backup is a straightforward procedure, however when restoring data from incremental or differential backups, you will often need to restore both the normal backup and the relevant incremental backups, or differential backup. The ntbackup utility is used to restore data from a backup. Select the Restore and Manage Media tab. When performing a complete restore, you should always start with the normal backup. Select the box next to the backup media. The Data folder will be restored to its original location, although this can be changed by selecting the Restore files to drop-down list. Once configured, select the Start Restore button. Click on OK to begin the restore process. Click on Close once the restore has complete.
- 149 -
Enable/Disable: Controls the start-up status of a service or driver. You can obtain the name of the service or driver by using the listsvc command. Diskpart: Provides the ability to create and delete partitions by using an interface similar to that of the text-based portion of setup. Bootcfg: Enables you to manage the start-up menu. For more options specify Help at the command line. Or for help on a specific command type help command. e.g. The listsvc command shows a list of all services and drivers on the machine as well as their status. The command disable messenger will prevent the messenger service from starting.
- 151 -
Protocols
Reference is often made to the TCP/IP stack. This consists of layers of mini applications which perform the discrete job of sorting and filtering the data packets picked up by the NIC and then passing the packet on to the next layer for further processing. Eventually a coherent message pops out of the top of the stack into the operating system for the user to read. The reverse is also true i.e. converting of the reply into data packets that can be sent over the network media. The layers in a TCP/IP stack write headers for network messages as well as decoding them. Each level in the stack adds a portion to the network packet which its counterpart in the receiving computer will understand. Strictly speaking, the NIC isnt part of TCP/IP, but protocols are bound to a particular adapter. At the receiving computer, the headers are stripped off as they pass up through the TCP/IP stack until only the bare payload is presented to the user.
- 152 -
TCP/IP is often referred to as the TCP/IP protocol suite. TCP/IP is in fact a group of protocols/applications working together to provide network communication. TCP/IP was invented by the US Department of Defence (DOD) to allow machines to communicate over a network. It is a simpler model than the 7 layer OSI model. The different components of TCP/IP all function at different layers. These layers group the different components into four different categories.
- 153 -
Every network card has a unique physical address hardwired into the card itself which is needed for communication on a network.
- 154 -
Binary Numbers
The thinking bits of a computer use flip-flops to show up or down or on or off. Its just as easy to think of these as on/off light bulbs. Arrays of these flip-flops are used for storing and manipulating numbers. The point is that they can only have two states like a light bulb. These two states can also be stores as N/S magnets on a hard disk, or pits in foil on CD, or high and low voltages in a cable etc. etc. Computers similarly use groups of switches to represent numbers and perform calculations. These groups of switches are known as registers and show numbers in Binary form. Denary numbers (which we also call Decimal) use 10 symbols to represent numbers 0123456789, whereas Binary needs just two symbols 01. The number of digits in a binary number can be represented by a corresponding number of switches. In computer parlance, these are bits. A bit is either a 1 or a 0. The different bits in a binary number represent different values which are used to create a number.
If the bit is switched on (1) then we use that bit. If the bit is switched off (0) then we ignore it. Add all the (1) switches together, 128+64+16+8+1, and you get the number 217. So the binary number for 217 is 11011001.
- 155 -
The IP Address
Every computer on a network and the internet needs an address. This address is known as an IP address. Two computers can never have the same address. An IP Address is a group of 4 eight bit binary numbers represented in decimal. Each number is separated by a period, e.g. 10.1.0.1. Any machines that are connected to a network will each need a unique address. Two machines cannot use the same address. The IP address is divided into the network ID and the host ID. The network ID represents what network the machine is on. For two machines to communicate they have to be using the same network ID. The host ID represents a unique number assigned to the machine attached to the end of the network ID. For two machines to communicate they need to Have the same network address. They must, however have different host numbers. A machine can identify which part of its IP address is the host ID and which part is the network ID by using a set of numbers called a subnet mask.
Subnet Masks
As well as an IP address every machine using TCP/IP needs a subnet mask. The subnet mask splits the IP address into two parts, allowing the computer to identify which part is the network ID and which part is the host ID. The subnet mask divides the IP address into two parts by using on (1) and off (0) switches. 1 represents a network ID and 0 represents a host ID. A computer with an IP address of 10.1.0.1 and a subnet mask of 255.255.0.0 would have a network ID of 10.1 and a host ID of 0.1. This is worked out by converting both numbers into binary.
10 .1 .0. 1 00001010.00000001.00000000.00000001 255 .255. 0. 0 11111111.11111111.00000000.00000000 Using the subnet mask, divide the IP address up by using the 1s to represent the network ID and the 0s to represent the host ID. 00001010.00000001.00000000.00000001 11111111.11111111.00000000.00000000.
- 156 -
Using this, we can assume that the network ID is 00001010.00000001 (10.1) and the host ID is 00000000.00000001 (0.1). A subnet mask doesnt have to be a full octet. It is possible to use a subnet mask that is only a partial octet. For example 255.255.240.0: This enables the administrator to create custom subnets to divide a private network into several discrete sub- networks
Bit Notation
An easier way of writing an IP address and its subnet mask is by using the form xxx.xxx.xxx.xxx/bits in the mask. The address 10.1.0.1 with a subnet mask of 255.255.0.0 can also be written as 10.1.0.1/16. This form of notation shows the number of Bits in the subnet mask, e.g. /8 represents 11111111.00000000.00000000.00000000 or 255.0.0.0. /20 would represent 11111111.11111111.11110000.00000000 or 255.255.240.0.
IP Address Classes
When TCP/IP first appeared, IP addresses were placed into different classes A,B,C and D. The subnet mask of the machine would be determined by its IP address class. To determine what class an IP address is , refer to the first octet of the address, e.g. 100 for 100.23.23.1 To determine what class an IP address is , refer to the first octet of the address, e.g. 100 for 100.23.23.1 Class Subnet Mask Host IDs A 255.0.0.0 16,777,214 B 255.255.0.0 65,534 C 255.255.255.0 254 D 255.255.255.255 (Multicast) N/A
- 157 -
Of the 32 bits available, the bits required for the network ID cant be used. In a class B network for example this takes away 16 bits, leaving 16 bits for the host addresses. This can be used to make numbers up to 65536 (2 to the power 16). Host addresses using all 1s or all 0s are reserved for special use, hence the figure in the above table of 65534. You have been assigned the address 134.34.0.0/20, how many hosts will you have? /20 represents the subnet mask of 11111111.11111111.11110000.00000000 (255.255.240.0) Therefore the Host ID is 0000.00000000, giving a total of 12 host IDs to play with. Therefore (212)-2=4094. So there are 4092 different host IDs Why take off 2? Two host ID addresses are reserved for every network. If the host ID contains all 0s it represents the Network it is on and cant be used, e.g. 10.1.0.0/24 (00000000) is invalid. This is known as the Network Address. If the host ID contains all 1s then this represents every computer in the network. This is known as the Broadcast Address, e.g. 194.34.23.255/24 (11111111) represents every computer in the 194.34.23 network. Reserved addresses: If the host part of the address is all zeroes, this looks similar to the subnet mask and is called the Network Address. By convention, this address is not used for any host. If the host part of the address is all ones, this represents not a single host but all hosts on that network. It is termed the broadcast address, and it shouldnt be used for any host. Although these days you can have any subnet mask, classes are still used when a subnet mask isnt given. There are a number of private address ranges available for use in internal networks. These addresses will never be seen on the internet. As internet routers will not pass packets that originate from these addresses. Class A : 10.0.0.0 10.255.255.255 Class B : 172.16.0.0 172.31.255.255 Class C : 192.168.0.0 192.168.255.255
193.28.34.0 is a class C address which means you have 254 hosts but only the one network (the 193.28.34) network. Considering that you only need 10 hosts and not 254 we can take some of the host IDs and turn them into Network IDs. You can do that by creating a custom subnet mask We have the 8 host digits to play with. This equates to (28)-2=254 addresses. However we only need 140. Some of the host IDs can be used as network IDs.
Routers
Routers are network devices that are used to connect separate networks and to enable network traffic to pass between the networks. We have seen that machines on separate networks cannot pass data between themselves without assistance. A router or default gateway passes data to addresses that are not on the senders network. With the help of a router computers on both networks would be able to communicate. The router is physically connected to both networks and has two IP addresses. When a client wants to send a packet out on the network it checks the network ID of the destination machine. If it is different from its own it would send the packet to its default gateway. Routers can communicate with other routers so that network packets can be passed to their correct destinations. A network packet travelling out on the internet may pass through several routers before reaching its target. Each router forwards the packet on to the next router until it either reaches or fails to reach its destination. Routing is covered in much greater detail later on in this course.
- 159 -
Configuring TCP/IP
This free lesson will teach you how to configure TCP/IP in windows and how to use the ipconfig command. To configure TCP/IP click on Start. Right-click on My Network Places. Select Properties. Right-click on the connection you want to configure select Properties. Highlight Internet Protocol (TCP/IP). Select Properties. machine is currently configured to obtain an IP address automatically. Select Use the following IP address and fill out the relevant details. Additional gateways and IP addresses can be added clicking the Advanced Button ..and configuring the appropriate options. by This and
- 160 -
Connections on port 270 are now allowed to connect to this machine. The Security Logging Tab specifies settings relating to the security log. For example you can log any unsuccessful connections. The ICMP tab can be used to configure ICMP packets on the computer. ICMP packets are used during ping requests. The options for the Internet Connection Firewall have been improved slightly for Windows XP Service Pack 2 however the principals remain exactly the same. Although the firewall is good enough to protect home users, for larger corporate networks and servers a third-party firewall should be used such as Microsoft ISA server.
- 162 -
Troubleshooting TCP/IP
These are the two main utilities for troubleshooting TCP/IP: ping used to test connectivity ipconfig used to view IP address information. Before launching into detailed settings investigation, always check that the hub/switch has power to it, or that the network cable hasnt been pulled out. The ping command does the following: Verifies connections to one or more remote computers by sending ICMP echo packets to the computer and listening for echo reply packets. Waits for up to one second for each packet sent. Prints the number of packets transmitted and received. Each received packet is validated against the transmitted message to check that no data loss occurs. The first item to ping is the local NIC. The loopback address is 127.0.0.1. (Pinging localhost does pretty much the same thing.). If this fails then either your TCP/IP stack isnt installed correctly, or the network card is not functioning. The first item to ping is the local NIC. The loopback address is 127.0.0.1. (Pinging localhost does pretty much the same thing.). If this fails then either your TCP/IP stack isnt installed correctly, or the network card is not functioning. Note that an address or computer name can be pinged. Here a computer jacklap (ip address 10.1.0.104) cant be pinged. This doesnt necessarily imply a connection problem. It may be a name resolution problem, and can be tested by pinging the ip address. If you can ping your own machine and others on the local network, then try pinging the default gateway. A message such as the one above implies that either the address is a
- 163 -
wrong one, or if the report reads destination host unavailable then there may a problem with the gateway machine (router).
Ipconfig
Default gateways or DNS servers can be discovered using the Ipconfig utility. Typing Ipconfig at a command prompt brings up useful information. No settings can be altered from this window, but it reports the current settings for TCP/IP. Typing Ipconfig with the /all switch presents additional items such as the adapters MAC address and name resolution information.
- 164 -
Interoperability
This free lessons gives an overview of the Interoperability modules NWLink and Appletalk.
NWLink Overview
Novell NetWare systems uses the IPX/SPX protocol to communicate. Microsoft has its own implementation of IPX/SPX known as NWLink. NWLink enables Microsoft machines to communicate with Novell machines. Windows XP and Windows Server 2003 32Bit editions both ship with NWLink. Although newer NetWare systems now use TCP/IP. IPX/SPX will need to be installed on the NetWare system and NWLink on the Microsoft system. As well as installing NWLink, a gateway service will also need to be installed this enables the two operating systems to share and access resources. IPX/SPX uses the network interface cards MAC address for communicating. Every network card has a unique address called the MAC address. No two network cards will ever have the same MAC address.
- 165 -
Installations
These free lessons form part of the Microsoft Certified Professional exam 70-270: Installing, Configuring and Administering Windows XP Professional. The lessons are; Windows XP2003 Attended Installations Deploying Windows XP/2003 Upgrading to Windows XP2003 Files and Settings Transfer Wizard
- 166 -
- 167 -
- 168 -
- 169 -
- 170 -
- 171 -
- 172 -
- 173 -
- 174 -
software to run terminal services. Terminal Services is also a good way to run applications such as Microsoft Office on incompatible clients. N.B. Once a server is installed with Terminal Services, applications MUST be installed by using Add/Remove Programs from the Control Panel.
Remote Administration
Unlike Remote Desktop, Terminal Services requires licenses. However Terminal Services allows a lot more clients to connect and enables the use of application sharing. Terminal Services can only be enabled on a machine running Windows Server 2003.
- 175 -
- 176 -
Remote Assistance
As well as a Remote Desktop connection users can also use a feature called Remote Assistance. Remote Assistance provides a way for users to get helpdesk assistance easier and at less cost. The user can request assistance by either saving a request to a file, using e-mail or Windows Messenger. Remote Assistance runs on top of Terminal Services which means it will use the same port as Terminal Services. In order to use Terminal Services you must open port 3389. Instant Messenger which can be used with Remote Assistance requires port 1863 to be open. Remote Assistance may also have some problems working with NAT (Network Address Translation) and Internet Connection Sharing. Remote Assistance uses Universal Plug and Play (UPnP) to traverse NAT devices. N.B. Windows 2000 ICS does not support UPnP.
Properties. Select the Remote Tab. Enable the box for Remote Assistance. Click OK to close the System Properties Dialog. Click on Start. Select Help and Support. Choose the option for Remote Assistance. Select Invite someone to help you. Choose a method to contact the assistant, e.g. Save invitation as a file. Choose a name and configure the Expiry options. Once finished click Continue. Specify a password and select Save Invitation. Save the file to an accessible location, e.g. A File share or floppy. When a user using Windows XP or Server 2003 opens the invitation, a Remote connection will be established to your desktop.
- 177 -
Remote Desktop
This free lesson will teach how to install and connect to a Remote Desktop. To enable Remote Desktop click on Start. Right-click on My Computer. Select Properties. Select the Remote Tab. Select the Allow users to connect remotely checkbox. Read the warning and click OK. Although the administrator is allowed to connect remotely, standard users must be added to the Remote Desktop Users group. If the server is a Domain Controller then you will also need to configure the Domain Controller Policy to allow the users to logon locally. Add the relevant users and click OK.
- 179 -
The AppleTalk Protocol Print server for Macintosh File server for Macintosh
The File Server for Macintosh allows your Windows 2003 computer running AppleTalk to act as a file server for Macintosh computers. In order to act as a Macintosh file server, your Windows 2003 server must have NTFS volumes available on which to create a Macintoshaccessible volume.
Installing AppleTalk
To install AppleTalk, right-click on My Network Places. Select Properties. Right-click on the connection on which AppleTalk is to be installed. Select Properties. Click on Install to install a new protocol. Select Protocol. Click on Add. A list of protocols is displayed. AppleTalk has been highlighted by default, click on OK to continue. AppleTalk has been installed for the Local Area Connection.
- 180 -
Select Control Panel. Select Add or Remove Programs. Double-click on Add/Remove Windows Components. Select the check box next to Other Network File and Print Services. Click on Details to view the available File and Print Services. Deselect Print Services for Unix as this is not required. Both File Services for Macintosh and Print Services for Macintosh have been selected. Click on OK to continue. Click on Next to install the selected components. Windows will install and configure the selected components. The Windows CD-ROM may be needed during this stage. Click on Finish to close the Components Wizard.
- 181 -
Check the Apple Macintosh check box to make the folder available for Macintosh machines. Click on Next to continue. Choose the level of access clients will have to the share. Select Administrators have full control; other users have read-only access. Click on Finish to create the volume. The newly created shares appear in the shares list.
Source: http://www.free-online-training-courses.com/microsoftaccreditation/?gclid=CLLX27n6oa8CFYUc6wodoUmlYg
- 182 -