Windows NT 4.0 Server Enterprise Notes

Chapters 1, 7, 10, & 13 Only

Chapter 1 – Planning a Domain Model in the Enterprise Environment. *

• The Workgroup Model *

  The Client Server Model *

  The Domain Model *

Trust Relationships *

• Q. How do you implement Trusts? *

  Q. What are the 4 NT Domain Models? *

Chapter 7 – NT Domain Management *

• Q. What is the Server manager used for? *

  Q. What rights do you need to manage computer? *

  Q. What Properties can be viewed with Server Manager? *

  Q. How does the PDC and the BDC SAM Synchronise? *

  Q. If you wanted to control SAM database synchronisation to BDC’s over slow WAN link, what would you configure? *

Chapter 10 – Macintosh Connectivity *

• Q. What are the Benefits of "Services for Macintosh"? *

  Q. What are the System requirements for Services for Macintosh? *

  Q. Explain Forks? *

  Q. What Utilities are modified by "Services for Macintosh" SFM? *

  Q. What are the NTFS Prerequisites for File Sharing with SFM? *

  Q. Explain File Name Translation *

  Q. Explain Macintosh-Accessible Volumes *

  Q. How do you create a MAV? *

  Q. What are the rules for creating MAV’s *

  Q. What are the properties of MAV’s *

  Q. What are the MacFile properties? *

  What does "Allow Workstations to Save Password" mean? *

  Q. What does "Require Microsoft Authentication" mean? *

Chapter 13 – Internetwork Routing *

• Q. What is a MultiProtocol Router (MPR)? *

  Q. Explain IP Routing and Default Gateway *

  Q. Explain RIP (Routing information Protocol) Protocol for Dynamic IP/IPX Routing? *

  Q. How can you Tell RIP is working? *

  Q. Explain the DHCP Relay Agent? *

  Q. How do you install the DHCP relay agent.? *

  Q. If you have a combination of dynamic NT routers using RIP and a Static NT routers, what will you have to do so all routers can see all network routes? *

Identifying Bottlenecks with Performance Monitor. *

• Memory *

  CPU *

  Disk Access *

  If Over 90% then disk is the bottleneck *

  If Over 2 then disk is the bottleneck *

  Network Access *

  Should below 40% in Ethernet *

   

Chapter 1 – Planning a Domain Model in the Enterprise Environment.

The Workgroup Model

Also know as Peer-to-Peer in a decentralised networking model meaning all account information is held locally on each machine.

Ok may do for small Networks.

The Client Server Model

The client-server is a centralised model. The user accounts are held on the server and via the logon can access resources on that server.

The problem arises when there are more that one server, accounts will need to be created on each server to access resources.

The Domain Model

In a Domain model all the accounts information is stored on one NT server called the PDC. When you logon you actually logon to a DOMAIN rather than a server. Depending on your rights you can access any resources in that domain regardless on what server they reside on.

Trust Relationships

A trust allows users in one Domain to access a Resource in another Domain without having a user account in each domain.

The Users Domain is TRUSTED

The Resource Domain is TRUSTING

User (SALES DOMAIN) Resource (ACCOUNTS DOMAIN)

TRUSTED TRUSTEE

• • • • ACCOUNTS TRUSTS SALES

         

17. How do you implement Trusts?

2. Use USER MANAGER FOR DOMAINS.

• • POLICIES, TRUST RELATIONSHPS.

     

    Add the DOMAIN in the Trusting Domains first as this will ask for a password which will be used at the other Domain for Verification.

     

17. What are the 4 NT Domain Models?

A.

2. The Single Domain Model

• • Small Network
  • Easiest to Manage
  • Most Centralised Administration
  • Poor performance if supporting a large SAM database > 40,000 accounts

2. The Single Master Domain Model

• • All accounts are centralised in a master accounts domain
  • All Resources are located at resource Domains, this allows the resource domains to have full control over their resources(i.e. SALES, MARKETING & SUPPORT)
  • Trusts are one way

2. The Multiple Master Domain Model

• • Single Master Domain Not appropriate for large companies as can only support 40,000 accounts
  • To overcome this , NT allows multiple master domains
  • Useful if spread over a large geographical area

2. The Complete Trust Model

• • Assumes accounts and Resources are located in each domain.
  • Allows decentralised account management
  • Allows departments to implement account polices specific to their Domains.
  • N(N-1)=n, n=number of trusts needed.

Chapter 7 – NT Domain Management

17. What is the Server manager used for?

A.

• • View and configure properties
  • Manage shared directories
  • Manage services
  • Managing domain controllers
  • Adding/deleting computers from a domain
  • Selecting a Domain to Manage

17. What rights do you need to manage computer?

2. You need to be a member of the following

• • ADMINISTRATORS
  • SERVER OPERATORS

17. What Properties can be viewed with Server Manager?

A.

 

Users	Displays all users and the resources that each user is currently connected to on the specified computer.
Shares	List of all resources that are shared on the computer. HIDDEN SHARES END WITH A $
In Use	Lists all ACTIVE open resources of the specified computer
Replication	Specify Export and Import computers
Alerts	Specify which user/computer should be contacted in the event that an alert is generated. USUALLY IT ONLY GOES TO THE COMPUTER THAT GENERATED THE ALERT.

17. How does the PDC and the BDC SAM Synchronise?

2. PDC sends a message to the BDC’s that a change has taken place. The BDC’s send a request for SAM changes to be sent.

• • By default the synchronisation takes place every 5 minutes, but can be reconfigured in the registry below

     

    \HKEY_Local_Machine\System\CurrentControlSet\Services\Netlogon\Parameters

     

     

17. If you wanted to control SAM database synchronisation to BDC’s over slow WAN link, what would you configure?

A.

• • Use the ReplicatorGovernor value on the remote BDC’s. The ReplicatorGovernor is used to specify how often it responds to the PDC synchronisation announcement.

     

Chapter 10 – Macintosh Connectivity

17. What are the Benefits of "Services for Macintosh"?

18. Allows Macintoshes to participate in an NT environment when you install Appletalk Filing Protocol (AFP) onto the NT Server.

 

File Sharing	The ability to share file structures between PC users and Mac users. NT provides a means of storing data not translating data. I.e. A Mac user with "Microsoft WORD" saves a file on the server and a user with a PC using Microsoft WORD is able to read it. The MS WORD application is doing the translation.
Print Sharing	Mac users can send PostScript print jobs to Non-PostScript printer PC Users can send PostScript print jobs to PostScript printers attached to Mac clients. Allows Spooling
Appletalk routing	Create an Appletalk internet by connecting Appletalk physical network through NT Server, This way, NT Server would act as an Appletalk router

17. What are the System requirements for Services for Macintosh?

A.

 

NT Server RequirementsMacintosh Requirements	Support Appleshare (Similar to NetBEUI) Must be running System 6.0.7 or later
Networking Requirements	Macs support Localtalk – comes with all Macs at no extra coast, like NetBEUI Ethertalk (Ethernet) Tokentalk (Token Ring) FDDItalk (FDDI)   Localtalk is too slow (speeds of 230.4Kbps compared with Ethernet at 10Mbps)   High end Macs will have Ethertalk installed which is then OK. But if not there are some options Install Ethertalk on all Macs (very costly) Use a stand-alone router that has Localtalk port and an Ethernet port Add a Localtalk card to your NT server to make it a router

17. Explain Forks?

2. There are 2 types of forks associated with a Mac data file.

• • Data Fork – contains the data associated with the file.
  • Resource Fork – contains MAC Operating System info. Such as ICON definition, font, menu and code.

17. What Utilities are modified by "Services for Macintosh" SFM?

2. You will get the "MacFile" option in the Menu Bar for the following utilities.

• • Server Manager
  • File Manager (WINFILE)

17. What are the NTFS Prerequisites for File Sharing with SFM?

2. NTFS Partition.

17. Explain File Name Translation

2. Mac filenames can be 32 chars in length, which cannot be accessible from DOS and Win16 clients

• • If NT (max 256 character) creates a file > 32 chars then Mac clients cannot access them

     

    To overcome this NT auto-generates short file name for any file name over the 8.3 char limitation.

     

17. Explain Macintosh-Accessible Volumes

2. Allows NT file services for Mac clients. It is space on the NT server to store Mac files and folders.

Q. How do you create a MAV?

A. Use File Manager and Server Manager to create MAC volumes.

Q. What are the rules for creating MAV’s

A. No Nesting of volumes on the same partition.

Q. What are the properties of MAV’s

A.

This volume is Read only	Read and not edit even if you have more access rights.
Guests can use this volume	Guests are allowed to access volume, guest account has to be enabled.
Password	Accessing the volume the users must enter a password
User Limit	Can be used to control licenses to application.
Permissions	Mac users will be governed by the most limited security imposed through NTFS Security Macintosh permissions Mac security is assigned to the Owner (the creator), primary group (unique to Macs) or to the EVERYONE Group.   The permissions are : See files – (Read) See directories – (Read) Make Changes – (Write and Delete)
Associations	Mac file associations may not be the same as for PC Associations. You can associate MS-DOS extensions with Mac extensions. E.g. .DOC with Word 6.0

17. What are the MacFile properties?

A.

Users	Shows Which Mac users are connected and what resources they are using.
Volumes	Shows which users are currently accessing the volumes
Files	Provides specific information on the files that are being currently accessed. Which files users have open, what type of access to that file.
Attributes	Allows you to control the sessions of Macintosh

18. What does "Allow Workstations to Save Password" mean?

2. Allows Mac’s to save the NT password so it is not prompted for on logon. (NOT RECOMMENDED)

17. What does "Require Microsoft Authentication" mean?

2. Logon using Clear Text or MS Authentication (Encrypted)

Chapter 13 – Internetwork Routing

17. What is a MultiProtocol Router (MPR)?

2. In order to connect multiple networks, MPR can dynamically route traffic between Subnets over IPX and TCP/IP.

• • When information from a computer on one network segment needs to reach a computer on another segment, the data must cross routers which link the Subnets together.

     

    NT is capable of this, 2 network cards must be installed and connected to each Subnet, this is called MULTIHOMED. Then from Network properties, TCP/IP protocol, Routing Tab select "Enable IP Forwarding".

     

    Once enabled , the NT machine can only detect networks and routes which it is directly connected. In a large internetwork you may have several networks connected by several different routes, you must create static routes using the ROUTE ADD command, this can be long and tedious.

     

17. Explain IP Routing and Default Gateway

2. The Subnet mask determines if the machine that you are trying to connect to is on the same network segment.

• • If not then any traffic can goto the Default gateway. The default gateway basically points to a router which holds all the route tables and connects our network to other networks.

     

17. Explain RIP (Routing information Protocol) Protocol for Dynamic IP/IPX Routing?

2. Used to dynamically distribute routes among servers and routers to build up route tables.

Comes if 2 forms

• • RIP for IP
  • RIP for NWLink IPX/SPX transport

• • RIP Routers end broadcasts every 30 seconds by default so other RIP enabled routers can build route tables based on that information.

     

    NOTE RIP ROUTERS AND STATIC ROUTERS WILL NOT BE ABLE TO SHARE ANY INFORMATION WITH EACH OTHER. THE INFORMATION WILL HAVE TO BE ADDED MANUALLY.

     

17. How can you Tell RIP is working?

2. Use ROUTE PRINT command, and look for listings in the Metric column that are larger than 2. This indicates the local router has exchanged routing information with other RIP-enabled routers.

17. Explain the DHCP Relay Agent?

A. DHCP Clients can reach DHCP Servers on remote networks.

• • The broadcasts the DHCP clients use when trying to lease a IP address do not cross routers indiscriminately. Routers that are able to forward DHCP client broadcasts are said to be BOOTP relay agents.

     

     

    When the IP Address Request packets reach the routers, they will forward the packet on to the next network but mark the packet with the network of origin so the DHCP server can select an address from the proper scope. The MPR included with NT 4.0 will allow a mutihomed NT machine to forward BOOTP/DHCP broadcasts

     

17. How do you install the DHCP relay agent.?

2. Network properties, TCP/IP properties. DHCP Relay.

The IP address of at least one DHCP Server is needed.

17. If you have a combination of dynamic NT routers using RIP and a Static NT routers, what will you have to do so all routers can see all network routes?

2. manually Add the static routes to the dynamic routers and manually add the routes from the dynamic routers to the static routers.

Identifying Bottlenecks with Performance Monitor.

Four main Area that cause bottlenecks

• • Memory
  • CPU
  • Disk Access
  • Network Access

Memory

• • Physical memory (RAM
  • Logical Memory (the pagefile) – If you are using excessive paging, it’s a clear sign that you need more RAM.

 

OBJECT	COUNTER	DESCRIPTION
Memory	Available Bytes	Virtual memory available for system use < 4MB indicates a need for more RAM
Memory	Pages/sec	Number of pages being written between physical memory and paging file. This number should be below 20.
Memory	Committed Bytes	Memory that is allocated and currently being used by applications. Should be less that the physical memory installed on your computer.

CPU

OBJECT	COUNTER	DESCRIPTION
System	%Processor Time	If consistently at or above 80%, consider upgrading the processor.
System	Processor Queue Length	Consistent processor length > 2, the processor causing a problem.

Disk Access

 

OBJECT	COUNTER	DESCRIPTION
Physical Disk	%Disk Time	If Over 90% then disk is the bottleneck
Physical Disk	Current Disk Queue length	If Over 2 then disk is the bottleneck
Logical Disk	Avg. Disk sec/Transfer

Network Access

OBJECT	COUNTER	DESCRIPTION
Network Segment	%Network Utilisation	Should below 40% in Ethernet Should below 80% in Token Ring