Please include: Test Name: Test #70-067
Implementing and Supporting NT Server 4.0
Hi everyone !
I passed NT server 4.0 today !!
I got 927/1000 - with the pass mark being 764
All that studying & missing Xmas parties paid off.
I got 100% for sections ;Planning, Monitoring & optimization &
Troubleshooting
I raced through the 55 questions in 40 min (90 min exam, not adaptive)
http:\\www.learnquick.com
braindump site helped me heapsLoads of RAS & NetWare questions
40% book, 40% braindump 20 % practical
Merry Xmas's all round
Stevo
NT 4 SERVER NOTES
Installation & Configuration
Licensing per server - number of user licenses on the server (single server)
Per seat - client access licenses required on clients
(recommended for >1 server)
Workgroups provide a lower admin burden for small networks (<10 users)
centralized storage & control, no security.
Winnt.exe /u (16-bit unattended install)
Installs Windows NT.
WINNT [/S[:]sourcepath] [/T[:]tempdrive] [/I[:]inffile] [/O[X]] [/X | [/F]
[/C]] [/B] [/U[:scriptfile]]
[/R[X]:directory] [/E:command] [/UDF:ID[,database filename]
/OX Create boot floppies for CD-ROM installation.
/X Do not create the Setup boot floppies.
/B Floppyless operation (requires /s).
/U Unattended operation and optional script file (requires /s).
/UDF Uniqueness database file
winnt32.exe /udf (32-bit unattended install with unique settings)
Performs an installation or upgrade of WindowsNT 4.00.
winnt32 [/s:sourcepath] [/i:inf_file] [/t:drive_letter] [/x] [/b] [/ox]
[/u[:script] [/r:directory] [/e:command][/udf:id,database_filename]
/x Prevents Setup from creating Setup boot floppies. Use this when you
already have Setup boot floppies (from your administrator, for example).
/b Causes the boot files to be loaded on the system's hard drive rather
than on floppy disks, so that floppy disks do not need to be loaded or
removed by the user.
/ox Specifies that Setup create boot floppies for CD-ROM
installation.
The Winnt32.exe command is only used for upgrading previous versions of
Windows NT Server. All the other operating systems must perform a new
installation of Windows NT 4.0 by using the Winnt.exe command.
You want to create installation floppies from the NT Server CD, run
WINNT.EXE with the /w switch in addition to either the /o or /ox switches.
NT setup manager generates unattended installation files
After installing new hardware devices and their corresponding drivers,
restarting the computer is necessary to enable the newly installed devices.
The BOOT.INI, NTLDR and NTDETECT.COM are all required on the recovery boot
disk on a SCSI disk with its BIOS enabled or IDE.
The NTBOOTDD.SYS file would be required, if the SCSI disk has the BIOS
disabled.
OSLOADER.EXE is for RISC based systems
Error message "NTOSKRNL.EXE is missing" most likely BOOT.INI file is missing
If the mirrored disk was not the original location that the boot.ini file
pointed to for the operating system, you can edit the boot.ini file to point
to the operating system on the mirrored disk.
SYSDIFF.EXE captures differences on the workstation for scripted
installation installs
Use Last Known Good hardware configuration to revert to previous device
drivers
Emergency rescue disk (rdisk.exe) must have /s switch to backup SAM &
security files
In BOOT.INI, ARC naming conventions;
SCSI (n) = SCSI without SCSI bios, all others are Multi (n)
[Boot Loader]
Timeout=5
Default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[Operating Systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00"
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00
[VGA mode]" /basevideo /sos
C:\="MS-DOS"
BOOT.INI has /SOS to view device drivers on startup
Scsi (0) disk (1) rdisk (0) partition (2) = scsi controller (not scsi
bios) ID =1
Scsi HDD controller number start = 0 ordinal
number or arc name
Disk Multi or Scsi bus number start = 0 (multi = 0)
Rdisk HDD number start = 0 ordinal disk
no. or Scsi LUN
Partition Partition number start = 1
Partition numbering scheme numbers primary partitions first from 1.
New partitions will be sequential.
Use SYS.COM to transfer DOS system files to NT boot partition
Network Client Administrator creates network installation startup disks for
DOS, NT & 95
Network Client Administrator creates installation disk sets for;
* DOS
* Windows
* LAN Manager 2.2c for DOS
* LAN Manager 2.2c for OS/2
* Win95
* RAS client for DOS
* WFW 3.11 (TCPIP)
* Client for MS Networks 3.0 for DOS, Win 3.0 & Win 3.1
In order to install Windows 95 over the network, you must
* Share 95 install disks, using network client admin tool
* Create a Network Installation Start-up disk, also using network
client admin tool
* Begin Installation, from the startup disk.
The Network Start-up installation disk is created by using the Network
Client Administrator. During the creation of this disk, you must specify the
shared network directory that contains the installation files.
Information about the loader file is written to the boot track when loading
NT from floppy
Therefore the it must be formatted in NT
Use Last-Known-Good menu to recover from new driver problems and modified
registry values.
VGA drivers can be selected from Boot.ini menu (/basevideo)
If the initial installation fails use the Initial Parameter file to
determine the configuration used by setup SETUPLOG.TXT
Minimum spec. = 486/33, 16Mb RAM & 125Mb HDD space
System files in root;
NTLDR, BOOT.INI, BOOTSECT.DOS, NTBOOTDD.SYS (scsi), NTDETECT.COM
Startup value of a boot device in the registry = 0 which forces the device
to startup as soon as the kernel is initialized.
WINNT.SIF is a text file found on the second setup disk created with the /o
switch. This file instructs Setup to look for files in a temporary file on
the hard drive rather than on CD or floppy disk.
DOSNET.INF file used when installing NT Server across a network, using
WINNT.EXE or WINNT32.EXE.
TXTSETUP.SIF, DOSNET.INF, PARTIAL.INF, INITIAL.INF information files are
used during NT Setup.
You have two opportunities to use the Last Known Good menu when you have
more than one hardware profile.
Processors
Symmetrical processing is where applications share processors
Asymmetrical processing is where an app can hog a processor
NT can use Intel, RISC, MIPS, Digital Alpha, Power PC, processors not Sun
Sparc
Esoteric RISC processors may not run some apps e.g. PA-RISC or Power PC
Intel & Digital Alpha are OK
Assign HIGH thread priority to programs for most processor time without
impinging on OS services.
To change apps priority use "START /LOW <program>" or modify the priority of
the thread in task manager.
The percentage of time that a processor spends executing a non-idle thread
is measured by the % Processor Time counter and the number of processes
contributing to the processors usage can be determined by monitoring the
counter for the System Object Processor Queue Length.
System events are recorded by the Windows NT Kernel and drivers in the Event
Viewer.
Environment subsystems are run in the user mode
HAL stands for Hardware Abstraction Layer.
* User mode ;
* Applications
* OS/2
* Win32
* POSIX
* NTVDM
* Executive services (Kernel mode) ;
* Object manager
* Security reference monitor
* Local procedure call facility
* Process manager
* Virtual memory manager
* I/O manager
* Kernel
* Hardware Abstraction Layer
* Hardware
* Executive services
The virtual memory manager swaps 4Kb page files in & out of memory.
16-bit apps run in the same memory space by default and are preemptively
multitasked
with apps outside the VDM but cooperatively multitasked with other 16-bit
apps inside
the same VDM.
With linear addressing, the address starts at zero, then increments in
1-byte blocks
32-bit addressing supports 4Gb virtual memory, 16-bit = 256 Mb (2 to the
power of (x))
Two processors can improve performance by 150%.
PCI utilizes 32-bit bus
Permissions
NT supports file systems FAT, NTFS, not HFS or HPFS
FAT ; Shared folder permissions - full control, change, read, no access
(overrides others)
NTFS ; read, write, execute, delete, change permissions, take ownership
(RWXDPO)
Standards ; (also special access)
No Access RX
Change RWXD
Add WX
Add+Read RWX
List RX
Full Control RWXDPO
Combining permissions = most restrictive
Share & file permissions use most restrictive
Multiple groups permissions are combined
Copy = inherit perms; Move = retain perms, in the same partition
Copy = inherit perms; Move = inherit perms, in different partitions
A file can be copied whether it's compressed or uncompressed.
CACLS.EXE changes file permissions, command line utility for the access
control list
Running Win16 apps in separate NTVDM's can interoperate but doesn't optimize
memory used or can rely on shared memory to exchange data.
NTConfig.pol in the NETLOGON directory creates the system policy
Regedt32.exe can set permissions on specific keys, Regedit.exe cannot.
System policy templates files, COMMON.ADM for NT & 95, WINNT.ADM for NT &
WINDOWS.ADM for 95
Rename NTUSER.DAT to NTUSER.MAN to create a mandatory profile
Assign a UNC path to the users profile to create a roaming profile
WINLOGON process
* User enters Name & password
* SAM database is queried
* Access token is generated
* New process is started with token attached
Local Security Authority (LSA)
* creates security access tokens,
* provides interactive user authentication services
* manages local security policy
Security Account Manager (SAM) maintains the database of all user, group &
workstation accounts
NT supports local, pass-through, remote, domain logons
Access Control List (ACL)
Access Control Entries (ACE) processes AccessDenied first
Security ID (SID) is used to uniquely identify each user account
Control-Alt-Delete prevents Trojan viruses that capture passwords and
activates the Winlogon process
Files, Windows, processes are all objects
Changing a users rights on a Domain Controller changes rights for all BDC's.
Share-level security is supported by all file systems o NT ;
FAT, NTFS, CDFS
Special access is not a type of share permission
Most restrictive permission always takes precedence when combining share and
folder permissions
Because NT keeps a record of the rights and privileges assigned to that SID,
even after the account is deleted, and if another account had the same SID
it would have the same privileges and be (to the system) indistinguishable
from the original account.
User Manager for DOMAINS
Local groups cannot contain other local groups
Built in groups cannot be re-named
AGLP ; User Accounts in Global groups in Local Groups with Permissions
User Manager for Domains can establish trust relationships between domains
A trusting DOMAIN recognizes users and groups in a trusted DOMAIN.
Trusting DOMAINS are not transitive (inherit trusts)
System policy editor can determine login hours allowed
Global groups reside on the PDC & BDC's
Usernames cannot contain " / \ [ ] ; : | = , + * ? < > "
Everything in the User Environment Profile dialog box is optional
You cannot create global groups on an NT workstation
Select new local group from User pull-down menu
Domain Admin global group is a member of the administrators local group on
every NT PC in the domain by default.
Account information is in SECURITY in HKEY_LOCAL_MACHINE registry key.
In Microsoft's Master Domain model, one domain, the master, holds the
account information but no data. Other domains, the resource domains, hold
data and all information that the users will need to access.
Replication Governor limits the bandwidth of domain synchronization and
reduces buffers.
Pulse is the Registry key to change domain synchronization time
TRUSTING DOMAIN (A) -------------------> TRUSTED DOMAIN (B)
A trusts B = users from B can access A
NT 4.0 can have unlimited trusts
BDC's Workstations
1 < 5,000
2 5,000
5 10,000
10 20,000
15 30,000
Domain models; single, master domain, Multiple master, and complete
trust.Disk Administrator
When a member of a mirror set fails;
1.You must replace the failed disk (orphan)
2.Reboot the computer
3.Go to the Disk Administrator and click OK to acknowledge the new drive.
4.After selecting the remaining half of the mirror set, select Break Mirror
set from the Fault
Tolerance menu to expose the working member as a separate volume
5.Assign to the working member of the mirror set the drive letter that was
previously assigned to
the mirror set.
6.Choose the establish mirror command from the fault tolerance menu
To regenerate a stripe set with parity when a member of the set fails ;
1.Replace the drive or select a new area of free space on a different hard
disk that is the same
size or larger than other members of the set
2.Restart the computer
3.Choose regenerate from the fault tolerance menu
4.Restart the computer
Do not rename the failed member of the set to any available drive letter
RAID 1 & 5 are NT4.0 software based disk fault tolerance, Disk striping
without parity is not.
NT 4.0 can use RAID 0 (striping), RAID 1 (mirror) & RAID 5 (stripe with
parity)
Boot partition can use mirroring or duplexing
Disk striping with parity requires a minimum of 3 hard disks, but only
requires one controller. You can only use the Regenerate command if a single
disk fails; otherwise you must restore from backup. Disk striping without
parity offers no fault tolerance.
Windows NT Server allows striping without parity on either a FAT or NTFS
partition and only requires 2 hard disks. You only consider striping without
parity when fault tolerance is not a concern.
Raid 5 loses 1/n (n = no. of disks in set) space to parity e.g. 4x100Mb
disks ;
Create stripe set with parity = 400Mb , 300Mb of data.
Boot disk must be used if the system partition fails
The Diskperf.exe utility must be run in order for the disk counters to be
activated. After they're activated, Performance Monitor can utilize these
counters to monitor system performance.
Disk sector size does not improve disk performance
Monitoring & Optimization
To improve performance from excessive paging, add more memory, distribute
paging file(s) across disks or move paging file off system disk,
When the paging file grows beyond its original size, the disk becomes
fragmented. As a result, performance deteriorates because applications take
longer to start.
Page files should be created across each physical disk.
Pagefile has to at least the same size as physical memory so that it can
dump everything from memory to the pagefile for debugging
A STOP message is blue screen of death
To determine excessive paging in performance monitor use;
Logical disk : Average disk sec/transfer
Memory : pages/sec
Multiplied together is disk access time used by paging (<10%)
Disk striping with parity does not increase write performance
The log view is used to record system activities to a disk for later
analysis. This is the best option for monitoring performance over a period
of time.
Messenger service needs to be started in order for an alert to be sent from
performance monitor
Event viewer log size can be changed in 64-Kb increments
Services tab shows what dependencies exist for a device on the system
Priorities Level
LOW 4
NORMAL 8
HIGH 13
REALTIME 24
Memory is divided in 4Kb increments
NT server supports 4 processors
It is possible to make the foreground application the same priority as
background applications by moving the slider to none in the performance tab
in system properties
NT can automatically change priorities by 2, up or down
Task manger can change an application priority while it is running
You must enable disk drive performance counters prior to using logical disk
or Physical disk objects
NT automatically adjusts thread and process priorities, swapping among
multiple pagefiles and caching disk requests as part of self-tuning
optimizations
NT uses dynamic cache
Adding physical memory can alleviate disk drive bottlenecks by minimizing
paging to the disk drive
If the pagefile is too small it can appear to be a memory bottleneck
Unloading unused drivers will free memory for the system
Hard page faults indicate that additional I/O has occurred and soft page
faults indicate the data was located elsewhere in memory
Four reporting modes supported by the Performance Monitor are Report Mode,
Alert Mode, Log Mode, and Chart Mode (the default).
Server Manager
Change DOMAIN name changes the SID (security information database)
Promoting a BDC to a PDC forces temporary PDC to demote to a BDC after a SAM
sync.
BDC's must be re-installed when moving to another DOMAIN
No PDC = no account administration (no new users, changing passwords)
2 PDC's = demote then promote
Shut down PDC, then promote a BDC to PDC.
Promoting a BDC before taking PDC offline is easier.
Have to demote old PDC before bringing back online
NT BDC's are configured as Backup Browsers
Domain master browser fails then promote the BDC to PDC
Only computers running NT Server can be configured to export files for
replication.
Only computers running NT Server or NT Workstation can be configured to
import files during replication.
Directory Replicator Service Interval parameter is when the EXPORT PC checks
for changes to the replicated directories
The Alerter service in the Performance Monitor can be configured to send a
message to a single user on the domain where the server exists or on any
other connected domain.
These messages can also be sent to multiple users in the same group. The
Alerter service cannot be configured to send multiple users in different
groups a message at the same time.
You can promote a BDC to a PDC by using Server Manager. But the only way to
demote a BDC or PDC to a member server is to re-install Windows NT Server.
Replication files must be in a sub-directory of
c:\winnt\system32\repl\export
Server manager is the only way to share folders remotely on a server.
Use explorer to assign file permissions remotely
Use server manager to disconnect users
Logon scripts go in WINNT\SYSTEM32\REPL\IMPORT\SCRIPTS
Export Server and import computers must be running Directory Replicator
service.
Briefcase tracks relationships between file versions on different computer
systems
PulseConcurrency can increase or decrease the load on PDC
BDC's use Replication governor parameter
A partial replication occurs every 5 minutes by default
Stabilize will wait 2 minutes after changes for replication
Lock the script directory so it does not get replicated until it is unlocked
Directory Replicator service must belong to backup operators & replicator
Default size of the change log is 64Kb
NT Backup
Only backs up registry on local PC
To save the local registry, select drive, check backup local registry box &
run NT Backup
Cannot backup to floppies
Normal is another name for full backup
Incremental will only backup changed files & mark files
Differential will only backup changed files & not mark files
Copy will backup files without marking them
Daily will backup files modified that day & not mark them.
NT Backup can span backup media
You can control restoration destinations, verify & log, append or replace
19 tapes can be used for a full year's backup
Regedit can backup the entire registry
Files not backed up;
No read permission
Paging file
Registries on remote PC's
Files exclusively locked by application software
Supports hardware compression can restore file permissions
Use AT scheduler to automate backups
DLT can support up to 70Gb
QIC can support up to 5Gb
DAT can support up to 24Gb
8mm can support up to 5Gb
Restoring files & directories is separate from backup files & dirs.
Recommended having 3 complete backup sets on hand.Networking
On a network using the TCP/IP protocol, a WINS server resolves computer
names to IP addresses. This process reduces the number of broadcast messages
(b-node broadcasts) required to locate another computer on the network.
Subnet masks can be split up into smaller subnets e.g. 255.255.255.128
Disable WINS on adapter to stop Internet access, enable routing
Internet Service Manager configures web services for IIS
To transfer Internet email open SNMP port
Enable routing in AppleTalk protocol configuration dialog box for an NT
server with multiple adapters
To send print jobs to a UNIX-based host ;LPR Sends a print job to a network
printer
Usage: lpr -S server -P printer [-C class] [-J job] [-o option] [-x] [-d]
filename
The netstat utility is the diagnostic utility included with Microsoft TCP/IP
that can be used to display protocol statistics and the state of current
TCP/IP connections.
Place the most frequently used protocol at the top of the binding order on
the client workstations. Because the client computer determines the protocol
that it wishes to use, the binding order on the server has no effect on
network performance.
If TCP/IP is going to be installed manually in a non-routed environment,
both the IP address and the subnet mask must be specified.
DLC is used for printing to HP printers, Data Link Control is also used for
TN3270 mainframe.
Browsing
Edit the registry to select browser type;
Preferred Browser PDC
Master Browser BDC
Backup Browser Member Server
Potential Browser NT WS
Non-browser Win95
WFW
Server tools for 95 - Event Viewer, Server Manager, User Manager, and
Explorer extensions.
Not WINS, DHCP manager etc.
On a multihomed system you need to manually assign IP addresses
DHCP can only configure one card
Move a protocol higher in the binding order so it will connect faster
Network monitor only captures data to & from the server.
Changing the binding order of protocols does not decrease performance
because the server listens on all protocols and responds when it makes a
connection regardless of binding order.
2 networking API's are NetBIOS & windows sockets
NetBEUI binds to all available NICs, but no two NICs in the same machine can
use the same protocol. The network sees more than one machine with the same
name on the network. To resolve this, disable the NetBEUI bindings for one
of the adapters.
RAS
There is no way of restricting access to a user at a certain phone number
PPTP (point to point tunnel protocol) minimizes remote communication charges
and filters out internet related threats
RAS can be manually started and stopped by using net start & net stop,
Remote access admin program and service utility in control panel
RAS accepts dial-in from PPP clients (not SLIP)
RAS can dial out SLIP or PPP
RAS can dial out only, receive calls only, or dial out & receive calls.
If you use the MS-CHAP protocol (Microsoft encrypted authentication), you
can also set the RAS device to require data encryption. Windows NT handles
the details of establishing the encrypted connection, such as selecting and
exchanging encryption keys.
Multilink can use any RAS modems, even dissimilar
Callback security can only callback 1 phone number tho
Set dial-in permissions from remote access admin program or user manager for
domains
Auto-dial maps network addresses to RAS phonebook entries, it is
auto-enabled on startup,
Requires at least 1 TAPI dialing location and can only use TCPIP & NetBEUI
To ensure RAS security, configure callback security
DES encryption & MD5 on the clients can also be used
Check event log to check for RAS connection problems
Enable device logging in remote access admin utility or HKEY_LOCAL_MACHINE
registry entry
Analyze WINNT\SYSTEM32\RAS\DEVICE.LOG log file
Even though MS-CHAP provides the most secure RAS connection due to its
ability to encrypt data and passwords, PAP is the only authentication method
that allows for clear-text. Utilize PAP when your users are connecting
non-standardized systems to the network.
RAS supports NetBEUI, IPX, and TCP/IP as dial-out protocols. RIP is not a
dial-out protocol.
PPTP (Point-to-Point Protocol) provides users with a cost effective and
secure connection to your network via the Internet. Users connect to the
Internet by whatever means is available to them and then connect to your RAS
Server, which provides a secure or VPN (Virtual Private Network) connection
to your network.
Add an entry to the MODEM.INF file to provide support for an unsupported
modem.
Configure a local LMHOSTS file on each dial-up workstation to reduce NetBIOS
lookup time.
RAS MD5-CHAP or RAS MD4 are 32-bit algorithms used for dial-out only used to
connect with 3rd party PPP servers
NetWare
To share NetWare drives for clients, share in GSNW control panel
GSNW for NW 4.1 select default tree & context
GSNW for NW 3.12 select preferred server
By default, no NW supervisors are added to domain admin when migrating
"NTGateway" is the NW group used for GSNW
Clear transfer users & groups in NW migration tool option box
NWLink defaults to 802.2
Windows NT Server requires File and Print Services for NetWare and the
NWLink protocol to be installed to enable NetWare clients to have access to
files and printers on the Windows NT Server.
CSNW (Client Services for NetWare) is required for NT Server when Windows
clients need direct access to NetWare Servers.
GSNW (Gateway Services for NetWare) is used on a Windows NT Server to enable
Windows clients to connect to files on a NetWare Server using drive mappings
(26 max)
CSNW is the Client solution and GSNW is the Server solution for connecting
Windows based computers to NetWare computers.
When using 2 frame types for IPX, you must specify which frame types
NT does not migrate NetWare extended file attributes
Microsoft services for NetWare includes file and print services for NetWare
and directory services manager for NetWare.
GSNW & FPNW creates extra load on the NT server and more network traffic
Migration tool copies users, groups & account policies.
Passwords can be the username, blank, a password entered in the migration
tool or passwords associated with user accounts in a mapping file.
It not a good idea to create private home directories on a NetWare server
that NT people access via the gateway Service, because all users connecting
to the NetWare server via the gateway have the same permissions, so users
would be able to access each other's home directories.
If you made a separate gateway connection for each home directory, then you
could give users private access. The limitation is that you use up one drive
letter for each connection, so this could only work with a small number of
users.
Gateway Service for NetWare with NetWare 4.x servers must use bindery
emulation. The Gateway Service does not support NDS.
Printing
To keep an electronic copy of printed docs select KEEP DOC'S AFTER PRINTING
in properties, scheduling tab.
To move the location of the print spooler file, use the advanced tab in
Print Server Properties or edit registry.
In order to give a printer a higher priority, you must configure the setting
to a priority of 99 (which is the highest priority) and set the other
printer's priority to 1 (which is the lowest priority).
Drivers for all three types of Operating Systems, Windows 95, Windows NT 4.0
and Windows NT 3.51, need to be installed on the Print Server. When the
client attempts to use the print device, the appropriate device
automatically is sent to the client.
When a printer spool stalls, the problem can usually be corrected by
stopping and restarting the spooler service. Deleting and reinstalling the
printer doesn't repair the stalled spooler service.
EMF print processor returns control of the app to the user quicker because
it spools in the background.
EMF files can be printed on any printer.
Also RAW, RAW (FF Auto), RAW (FF appended), TEXT.
2 types of print processors are winprint.dll & Macintosh (SFMPSPRT)
Print monitors are Local port, Digital network port, Lexmark DLC port, LPR
port, HP network interface.
A printer pool must have the same printing devices using the same driver.
Administrators & power users can delete others print jobs.
NT can be used as a UNIX printserver,
To print to a UNIX printer; lpr -S <server name> -P <printer name>
<filename>
If the spooler runs out of disk space the HDD thrashes