Presentation on theme: "Introduction to NT Administration"— Presentation transcript:
1 Introduction to NT Administration Objectives:How to use DOMAINSCreate Users & Set Properties to user accountsManage User Accounts & Assign Security PoliciesUse Shared Folder PermissionsUser Server Manager & Win NT DiagnosticsAdminister Local & Remote Printing DevicesUse Event Viewer & Archive Logs
2 Compare Win NT Server 4.0 with Win NT Workstation 4.0 Allows a nearly unlimited number of users to connect to a shared resource at one timeTuned for file- and print-sharing performanceSymmetric multiprocessing suport on up to four processorsCan be a Domain ControllerWorkstationAllows up to 10 users to connect to a shared resource at one timeTuned for application responsivenessSymmetric multiprocessing support on up to two processorsCannot be a Domain Controller
3 Why Do We NETWORK? Share Resources More Computing Power Collaborate & CommunicateMore File SpaceFaster Access than a “Sneaker Net”
4 The concept behind NT Networks DOMAINSThe concept behind NT Networks
5 WorkgroupsA workgroup is a collection of computers that form a peer-to-peer network. In a workgroup, each computer can act as both a server & a client for sharing resources.Each station in a Workgroup is Managed Separately.Advantages? Disadvantages?
6 A workgroup List of users List of users List of users List of users Name PasswordMary FidoBill PentiumSue Logical
7 PERMISSIONSThe Rules that limit which users can use specified network resources
8 Permissions and permission sets Task name TaskRead (R) Display the folder’s data, attributes, owner, and permissionsWrite (W) Create new files or change the folder’s attributesExecute (X) Run files in the folder or open the folderDelete (D) Delete files in the folderChange Permissions (P) Change the folder’s permissionsTake Ownership (O) Become the owner of the folderPermission AllowsNo Access Denies all access to the folderList RXRead RXAdd XWAdd & Read RXWChange RXWDFull Control RXWDPOSpecial Directory Access Any custom combination of tasksSpecial File Access Set independently
10 Unified logon for Microsoft networks Enter Network PasswordEnter your network password for Microsoft NetworkingPeer-to-peer networkOKCancelUser name:Password:Enter Network PasswordEnter your network password for Microsoft NetworkingOKCancelWindows NT domainUser name:Password:Domain:
11 DOMAINSA DOMAIN is a collection of computers that can be used and managed as a single entity. Users can log on once to a domain & then have access to any computer or resource for which they have permissions.Usually, Domains are organized by a common use or purpose
12 A DOMAINRequires the presence of at least one computer running Windows NT Server.This computer, called the Primary Domain Controler (PDC), maintiains a central accounts database called the directory database of its members.A Domain may have multiple servers, clients or domain controllers (maintains directory database & participates in validating logon requests)
13 A domain has a centralized directory database List of usersName PasswordSue LogicalRashad PentiumFred PasswordDomain controllerList of usersRashad’s computerFred’s computerSue’s computer
14 The role of Windows NT Server domain controllers Server PDCProcesses user logonsclientWindows NTServer BDC
15 The role of Windows NT Server domain controllers (cont.) Server PDCUpdate accountsdatabase andperformdirectory replicationclientWindows NTServer PDC
16 DOMAINS WHAT IF: The PDC goes down? Can users logon to the network? Yes, BUT only if there is a Backup Domain Controller (server) with the currentdirectory database.
17 DOMAINS Give two advantages of using a domain model for your network. Computers can be centrally administeredThe common directory database simplifies security administrationGive one Disadvantage of using DOMAINSA DOMAIN requires a dedicated Network Administrator!
18 DOMAIN CONTROLLERS Primary Domain Controller (PDC) The PDC database is the only copy that can be edited (User Manager). If the PDC is offline, you cannot change the directory database.The first WinNT Server created in a Domain will automatically become the PDC. You can override this at a later time –AFTER adding a BDC (Backup Domain Controller).You can ONLY have ONE PDC in a Domain.
19 Backup Domain Controller (BDC) A BDC assist the PDC by authenticating domain users. The BDC maintains a read-only version of the directory database (it cannot be edited) which it periodically updates with the PDC.You MUST specify during installation that a computer will act as a BDC.If you promote a BDC to a PDC, then the existing PDC will automatically be demoted to a BDC.
20 Backup Domain Controller (BDC) Primary DomainController(PDC)Backup Domain(BDC)Directorydatabase(read-onlycopy)copyDomain: CLASS
21 MEMBER SERVERA member server is not a domain controller. It merely makes resources available within the Domain.Because a member server does not maintain a copy of the directory database & does not participate in the logon validation process…it can better serve its resources to the domain.Member servers are created when you install the server software. Member servers cannot be promoted to a PDC or BDC unless you reinstall WinNT ServerYou can have multiple member servers in a Domain.
22 The role of application servers Runs application in RAMclient
23 The role of application servers (cont.) Runs application in RAMResponds to client requestsclient
24 PLANNING A DOMAINYou cannot change the domain to which a domain controller belongs without reinstalling WinNT Server.Each Domain in a Network must have a unique name.SIDs (Security Identification Numbers) validate a resource to the Domain– NOT the computer or resource name.A Single Domain can span a routed connection (All campuses of a school district) or a Wide Area Network (WAN).Network Traffic Patterns NOT physical Design should determine how your Domains are setup.(I.E. BUSINESS APs versus PEIMS)WHAT ABOUT STUDENT FOLDERS?WHAT ABOUT AR DATABASE?WHAT ABOUT WEB Productivity Access?
25 LOGGING IN Ctrl & Alt & Del Takes you to the Login Screen Identify User Name, Password, & DOMAINChange PasswordLock WorkstationTask Manager
26 Types of traffic Client Client Server Server Server DHCP – Dynamic AddressingWINS registration – Resources on the NetworkBrowser announcements – Master BrowserHTTP – Web AccessFTP – Files Transferred over Internet (Downloads)Media Streaming – Video broadcastsLogon – Logging FilesClientClientServerBrowse lists, DNS, File transfer, HTTPServerServerTrust, WINS replication, Domain synchronization,Directory replication
27 MANAGING USERSA USER ACCOUNT contains the information that allows a user access to the WINNT operating system and its resources.USER NAME – must be uniqueLOGON PASSWORD& Group Membership List are contained in the accountBUILT-IN ACCOUNTS –Administrator AccountGuest Account – May wish to disable or change the name & password to “Training” etc.
28 TOOLS for MANAGING USER ACCCOUNTS USER MANAGERAllows Administrator to Create a User AccountOptions:User Must Change Password At Next LogonUser Cannot Change PasswordPassword Never ExpiresAccount Disabled – AUP Violations, Moves from District, Retires
29 Let’s Practice Open USER MANAGER For the Domain (usrmgr) What are invalid characters in User Names in NT?Cannot Include Special Characters: ‘ “ / \ ? < > | , ; : [ ] + *User Name should be descriptive05roussj (preferably no more than 8 characters)Password is case-sensitive – it may be up to 14 charactersInitial Password like:Assign User to Groups
30 Let’s Practice User Properties: Characteristics of a User Account User NameFull Name (may include spaces)DescriptionPasswordPassword Control OptionsGroups User Belongs toProfile SettingsHours During Which the User can log on to ComputerComputers from which a user may log onSpecial Account PropertiesDial-in Permissions -- RAS
31 Let’s Practice Create a Home Folder Home Folders – network folder location that is used to store all the personal programs & data files for the user\\senior01\users\%username%When a Home folder is set in the user’s account, it becomes the user’s default folder for the Open & Save As dialog boxes in most applications.NTFS will create these folders & share them with the userFAT you must create & share home folders
32 Let’s Practice Create a Home Folder Select User, Properties, Profile Enter the Universal Naming Convention (UNC) path next to Local Path textbox for the Home Directory\\senior01\users\%username%Two back slashesserver nameslashshared folder%username%The server & shared folder must first exist on the network. NT will create a subfolder using the User ID name for the folder name. Click OK.
33 Let’s Practice Look through the HOURS options Observe the Grid Drag from Monday at 8:00 am to Friday at 5:00 pmClick DisallowClick OKWhat does this action accomplish?When would you use it?
34 Let’s Practice Explore – Answer the following: How can you Restrict a user’s logon access to a single computer?How can you set an expiration date to an account?
35 Let’s Check for Understanding Troubleshooting User Account PropertiesCreate a User Account for your machine with the following propertiesUsername: StudentPassword: LogicalNo account options enabledHome folder: D:\Users\Student\%username%Logon Hours: Monday to Friday, 9 to 5 DisabledDomain Users have the right to logon locally.
36 Let’s Check for Understanding Troubleshooting User Account PropertiesCreate a User Account for your machine with the following propertiesUsername: StudentPassword: LogicalNo account options enabledHome folder: C:\Users\StudentDomain Users have the right to logon locally.Logoff as administrator & log on as studentCreate a Notepad document & attempt to save it using Save As. Where does Notepad attempt to save the file by default?
37 User ProfilesUser PROFILES are files that store user configuration information, such as the desktop appearance. Profiles are created and maintained by the system.Each user is assigned a profile with information stored in a set of files and folders within the Windows (Winnt) Profiles folder.Profiles can reside on the client computer (or each client computer a user logs onto OR ROAMING Profiles may reside on the logon server. ROAMING Profiles follow a user from client to client. Roaming Profiles can be Personal OR Mandatory – on WINNT machines.Roaming Personal Profiles – User can changeRoaming Mandatory Profiles – User cannot change
38 User ProfilesWhen you assign a server location for user profiles, a copy of the user’s local profile is saved both locally & remotely on the server. Comparison of both profiles is made at the next logon the user is asked which profile to load.Create a roaming ProfileCreate a normal user profile by logging on as a user & changing your desktopLog off & logon as the Administrator. In Control Panel, open the System application & activate the USER PROFILE TAB.Select the user’s profile & click on Copy TOEnter the name of the destination network folder (\\senior01\users\%username% will work)In the Permitted To Use box click on Change. Add appropriate User. Click OK
39 User ProfilesIn the USER MANAGER For DOMAINS, view properties for the user to whom you will be assigning this roaming profile.Click on Profiles to display the User Environment Profile dialog boxEnter the Path to user’s roaming user profile using the UNC nameClick OK.
40 User Profiles Roaming Mandatory User Profiles May NOT be modified. I.E. User CANNOT change the desktop color.To create a mandatory user profile, create a roaming personal user profile and rename the Ntuser.dat file to Ntuser.manThis file is found WHERE?
41 User Profiles In a DOMAIN, where should you create your User Accounts? What tool do you use to create the accounts?Where does one get this tool?Where can this tool be placed?What are the three types of User Profiles? Where are they stored?User Profiles \windows\profiles, Roaming Personal Profiles & Roaming MandatoryProfiles – stored on the server.
42 Local & Global GroupsLocal Groups belong to the Domain & can be assigned permissions & rightsLocal Groups can contain Global GroupsGlobal Groups do not have permissions or rights assigned to them, but they can become members of local groups that do have permissions & rightsGlobal Groups can only contain Users from the DomainThe Primary Reason for creating Global Groups is that they are to be assigned to a Local Group
43 Remember Local vs. global groups Local groupGlobal groupCan contain:Can contain:Users from a local databaseUsers from other computers’ databasesUsers from outside of the domainGlobal groupsUsers from the domain database
44 A strategy for implementing network security (cont.) 2. Organize user accounts intoglobal groups. (Domain Group)1. Create user accounts.DomainTeachersStudentsSecretaries3. Put global groups intolocal groups.WebMastersDomainTeachersStudentsLocal Groups Give Access To Resources
45 A strategy for implementing network security (cont.) 2. Organize user accounts intoglobal groups. (Domain Group)1. Create user accounts.DomainTeachersStudentsSecretaries3. Put global groups intolocal groups.WebMastersOK toaccessDomainTeachersStudents4. Grant permissions to thelocal group.
46 Groups in a trust relationship UsersGlobal groupsLocal groups
47 Let’s PracticeDecide what Global Groups & Local Groups are needed for your campus.Decide this by looking at all the resources.File ServersFoldersPlan a Folder SchemeName of FolderNeeded SubfoldersLevel of SharingApplication ServersCD ROM TowersInternet AccessRAS AccessPrintersClient Hardware (Drives & Printers—& Folders (Shared CD ROM Drives & Folders)
48 Let’s PracticeDecide what Global Groups & Local Groups are needed for your campus.Create Global & Local Groups to Manage Identified ResourcesDiagram Resource & those Local Groups & Global Groups
49 Let’s Practice Assign Permissions to resources using your Local Groups Describe what Permissions you will need to assignfor each resource per Local Group
51 Managing GROUPS In your own words, describe the difference between local & global groupsA Local Group can contain Global GroupsGlobal Groups cannot contain Local GroupsGlobal Groups can contain ONLY users from within your DomainLocal Groups can be used ONLY on the computer on which they were created (unless the computer is a Domain Controller)
52 Managing GROUPSWould you assign permissions to a specific user accounts orTo a Group?You always assign permissions to groups rather than directly to user accounts. When new users need access to those resources, you simply add them to the appropriate group.
53 Managing GROUPS The Built-in Groups….page 3-4 Administrators ReplicatorsPower UsersUsersGuestsBackup OperatorsAccount OperatorsServer OperatorsPrint Operators
54 Managing GROUPS The Built-in Groups….page 3-4 Each Group has certain capabilities that are allowed by their default user rights.
55 X X Access this computer from the network Back up & Restore files & foldersChange the system timeForce Shutdown from a remote systemLoad & Unload device driversLog on LocallyManage auditing & security logShut down the systemTake ownership of files & other objectsAdminServer OpAccount OpPrint OpBackup OpUsersGuestsReplicatorEveryoneX
56 Managing GROUPS TEST YOUR UNDERSTANDING Can Account Operators modify a User Account that is a member of the Administrative Group?Can Users create Local Groups on a server if they have access to the User Manager for Domains Application?Which Built-in Groups can be modified by an Account Operator?The Users, Guests, and Replicator
57 Managing GROUPS TEST YOUR UNDERSTANDING Which Built-in group is not available on WINNT Server Computers, but is available on Workstations?Power Users Group2. Which built-in Groups are available only onDomain Controllers?Account Operators, Server Operators, & Print Operators3. Which built-in Groups Can Backup & Restore Files?Administrators, Server Operators, & Backup Operators
58 BUILT-IN GLOBAL GROUPS PurposeContains by defaultWho can ModifyMember of Which Local GroupDomain AdminsTo enable members to perform administrative task on the local computerAdministrator (user account)AdministratorsAdministrators (local group)Domain UsersTo enable members to perform tasks granted to the Users group on every local computer in the DomainAdministrators, Account OperatorsUsersDomain GuestsTo enable members to perform tasks granted to the Guests group on every local computer in the DomainGuest (user account)Guests
59 Global GroupsGlobal groups do not have inherent capabilities to perform system administration or other network functions as local groups do. Instead, global groups acquire their capabilities by being members of the appropriate local group.
60 Determining Memberships Practice: Log on as AdministratorOpen user Manager For DomainsNotice that Global Groups begin with the globe icon and the word “Domain” (ie Domain Admins)Double-click on Administrators (Administrators is a user account & Domain Admins is a global group account)Who are the members of the Domain Users Global Account?Administrators, & any users
61 Built-in system groups Members & PurposeExample of a UseInteractiveUsers who log on to the system locally.To restrict local access to a resource, you could assign the NO ACCESS permission to the Interactive groupNetworkUsers that connect to a network available resource (a share) – permissions available to allTo restrict network access to a resource while allowing local access, you could assign the NO ACCESS permission to the Network groupEveryoneAll users that connect to the system, locally or across the networkYou can make a resource, such as a printer available to everybody by giving the EVERYONE group Full Control Rights.CreatorOwnerA user that creates a resource (such as a file) is a member of this group. If the Administrator creates the resource, the Administrators group is made a member of this group.You can use this group to grant special privileges to the creators of objects, such as files or print jobs.
62 When might you Use each of these Groups? Anytime you wish to use default levels of user rights
63 Creating & Managing Groups – Must be created on PDC database Use Manager For Domains to create groups (must be Administrator or Account Operator)To create a global groupChoose User, New Global GroupEnter name of group (20 character limit)Use Add buttonClick OKIf you need to add several users to a group, hold down the Ctrl key, select each user to add then choose User, New Global Group.
64 Creating Local Groups Use User Manager for Domains Choose User, New Local GroupEnter name of your group (256 characters– however only the first 22 will be displayed)Use Add buttonClick OK
65 Let’s Practice Create a Local Group & Add the Global Group to it. Perform this task at the PDC or BDCIn the Groups list box select NetUsers (to ensure that no user accounts are automatically placed in the new local group)Choose User, New Local GroupIn the Group Name text box, enter LocalUsersClick AddIn the Names list box, select NetUsersClick Add, Click OK After name is displayed in the Add Names List Box. (P 3-13)
66 4-1 Account Administration Copying User AccountsYou can create a New User account by copying an existing user account (using existing user account as a template)Creating Templates for Users is helpful when you must add large numbers of new usersTemplate that expires on graduation date for students. Templates usually begin with an underscore character “ _ “ to display it at the top of the User Name List
67 Let’s Practice Log on as Administrator Open User Manager for Domains In the list of User Names double-click on GuestObserve the propertiesClick on CancelChoose User, CopyObserve the information that is automatically entered in the Copy of Guest dialog boxIn the Username text box, type _copyIn the Description text box type “copy of Guest account”Enter a passwordClick AddClick CloseIn the Username list box, double-click on your new use account to view propertiesClick Cancel
68 Modifying Multiple User Accounts If you need to modify two or more User Accounts in the same way, you can make the changes simultaneously.Use the Ctrl key to highlight those accounts – the accounts selected, choose User, PropertiesThe User Properties dialog box for multiple user accounts is slightly different – you can modify descriptions, enable & disable the 4 user account options, and modify group memberships and profile information.
69 Let’s Practice Page 4-4 Select your _copy Press Ctrl and select several usersChoose User, PropertiesIn the Description Box enter User AccountUncheck Users Cannot Change Password & password Never ExpiresClick OKDouble-click on a User Account to check properitesClick Cancel
70 RENAMING USER ACCOUNTS All user Accounts can be renamed.When might you want to RENAME a User Account?Select a UserChoose User, RenameType in New nameClick OK
71 Deleting User Accounts All Users except the Administrator & Guest accounts can be deleted by using the User, Delete command.Once User Accounts have been deleted, they cannot be re-created.At creation each user account is given an SID which is unique. Creating the exact user account again DOES NOT assign the same SID to that account …therefore the system sees the exact user name & password as a NEW accountWhen should you Delete a User Account?
72 Adding a User to the Account Group In the Username list box, double-click on a UserClick on the Groups buttonClick on Account OperatorsClick AddClick OKChoose Policies, User RightsWhich Rights are automatically assigned to the Account Operator?Click Cancel
73 Account PoliciesThe Account Policy is used to control how passwords are used & maintained by users.Account Policy dialog box is divided into two sectionsPassword RestrictionsAccount LockoutExplore these optionsWhen would you use each option?
74 5-1 Securing Network Resources OBJECTIVES:Use Shared Folder Permissions to Secure Network ResourcesUse NTFS permissions to secure network resourcesDetermine effective permissions on a file or folder, given set of group, user, and share permissions.
75 Using Shared Folder Permissions Requirements for Sharing a FolderOrganize files & folders so that folders with the same security requirements are located within the same branch in the folder hierarchy. For example, if users require Read permissions to several folders, store those folders within the same folderMember of Administrator GroupServer Services Must be StartedNTFS (New Technology File System) partition…Additional Considerations
76 Sharing a Folder By Using Windows NT Explorer Run ExplorerSelect and observe the Temp folderChoose File, Properties, Sharing, Share ASAccept the DefaultsObserve the User Limit BoxClick OK
77 Permissions versus Rights A Permission is a specific level of access a user or group is granted to a particular resource. Unlike rights, which apply to the system as a whole, permissions are associated with specific objects. Therefore a user right can override any object permissions that are also assigned to a user.For example, if you grant the user the right to back up files and folders, it automatically includes the ability to read all files, even if the file permissions have been set specifically denying the user access rights to the files.
78 Shared Folder Permissions Once you create a share for a folder, you must set remote access permissions to allow other users to access the folder.Default is EVERYONE – FULL CONTROLUse Permissions Button to set the Folder Properties to NO ACCESS, READ, CHANGE, FULL CONTROLNOW, Create a NOTEPAD.txt document in your own TEMP Folder and save it.SHARE your Temp Folder with only MickeyType of ACCESS = READClick OK
79 Accessing Shared Folders with Network Neighborhood Logoff as Administrator & Logon As MickeyDouble-click on Network NeighborhoodDouble-click on Partners computer nameDouble-click on your Partners TEMP folderAccess the NOTEPAD.txt documentAre you able to edit the text?Can you save a copy of the edited text file to a different remote location where you have rights? To a local location?Can you Delete the file?Can you Move the file?
80 Accessing Local Resources Swap Computers with your PartnerLogon As MickeyAccess Document in TEMP FolderCan you Edit?Create A New Text File?Delete a text file?Shared Folder Permissions apply ONLY to REMOTE connections AND DO NOT have any effect on what you can do if you are seated at the computer containing the shares.
81 Using the Run Command to Connect to Shared Folders In the Run Command box type the UNC path to the shared folder\\computer_name\shared_folderHit Enter
82 Default Administrative Shares In a Network Environment (WINNT, 2000, XP) there are two automatic shares for remote access Admin$ & Drive_letter$ for each hard drive partition.Admin$ takes you to the \winnt_root folderdrive_letter$ remotely takes you to each hard drive partitionPRACTICE: Use the RUN Command Line & Type \\partners_computer\C$Can you Access your partners D: Drive?
83 Hidden Shares$ at the end of the administrator sharenames indicates that these are HIDDEN SHARES. The $ hides the shared folders from users who browse the computerHidden Shares must be accessed remotely by their UNC pathPracticeHide your TEMP Share & see if your partner can ACCESS ITRename the folder without the $
84 Hidden Shares Open the Control Panel Open Server Click on Shares Observe the Hidden SharesClick Close. Cancel
85 Stopping the Sharing of a Folder You can stop the sharing of all folders by Right Clicking, Choose Sharing, Select NOT SHARED, Click OKYOU CANNOT stop the sharing of the Admin$ or Drive$
86 Using NTFS Permissions to Secure Network Resources Unlike FAT file system, which provides only shared folder permissions, NTFS file system provides security for files & foldersNTFS also provides ownership priviledges that are importantOn NTFS volume, you can implement security on a per-file, per-folder, or per-drive basis by assigning various levels of permissions. THIS DOES EFFECT the ability of users to access the shared file LOCALLY AS WELL AS REMOTELY
87 Set FILE PermissionsIn WINNT EXPLORER use the Security tab in the Properties dialog box to set or view the permissionsPermissions can be set on a per-group, or per-user basisSelect the Temp folder Notepad.txt fileChoose File, Properties, Security tab,Click Permissions – what are the defaults?
88 FILE PERMISSIONS READ (R) WRITE (W) EXECUTE (X) DELETE (D) CHANGE Permission (P)TAKE OWNERSHIP (O) (Special Access)To be able to change permissions on a file, you must take ownership of it (creator already has ownership) – then YOU can set the permissions
89 Inheriting Permissions File & Folder Permissions are separate. However, unless the permissions are explicitly set otherwise, files & folders will inherit the permissions of their parent folder.When you view permissions on a folder, you will see two sets of permissions in parenthese, for example (RXW) (RX). The first refers to the permissions on the folder itself & its subfolders; the second set applies to permissions on files in that folder. THERE ARE SOME folder permissions that files do not inherit.The FULL CONTROL folder permission overrides the file permission of not deleting.
91 Changing Folder Permissions By default when you change permissions on a folder, you DO change permissions of any existing files in the folder, but NOT on the subfolders.New subfolders & files will inherit the new permission set. Take CARE in CHANGING Folder Permissions
92 Setting Folder Permissions Practice Open Windows NT ExplorerOpen the Temp folder & select the Notepad.txt fileChoose File, PropertiesClick Security tab, Permissions (observe current permissions) Click CancelNow Select the TEMP folderFrom the Type of Access drop-down list box, select LISTClick Add, Select Administrator, Click Add, From the Type of Access drop-down box Select Full Control, Click OK twiceNow Select Notepad.txt, click File, Properties, Security Tab, Click Permissions – The original file permissions have been replaced by inherited permissions from the folder
93 Copying/Moving Shared Folders Observing permissions on copied and moved filesGive Everyone FULL Control of your Temp folder, remove any other permissionsSelect \TEMP\Notepad.txt on your partners computer. Observe the permissions on the fileMake sure your partners Share folder has given the Administrator Full Control, remove all other permissionsMove the Notepad.txt file to the Share folder, Observe the new File PermissionsNow Move the Notepad.txt file BACK to your partners TEMP folder, Observe the File Permissions
94 Mapping a Shared Folder Let’s Practice Use Explorer to Find your Partners Shared Folder –TEMPChoose Tools, Map Network DriveObserve the Drive Drop-down Box, choose a letter for your DriveIn the Path box, type your partners shared folder UNC\\computer\tempClick OKRight-click on the folder in the left paneChoose MAP NETWORK DRIVESelect the folder, create a NOTEPAD.text document & Save in the shared TEMP folder, Choose FILE SAVE AS & Browse for the Mapped folder
95 DISCONNECTING FROM A REMOTE RESOURCE In the WINNT Explorer choose Tools, Disconnect Network DriveSelect the Network Drive to Disconnect FromClick OKChoose the Folder, Right-ClickChoose Disconnect, YES
96 Taking Ownership of Files If you create it – you own it…also, if you copy a file, you own the copy. The owner cannot assign ownership to anyone else. However, they grant the “Take Ownership” permission to others.You can take ownership of a file if you have Full Control permission OR you have been given “Take Ownership” permission
97 Taking Ownership of Files To take ownership of a file, display the file’s Properties dialog box, click on the Security tab, click on the Ownership, and Click on Take Ownership.You can also take Ownership of a Folder & all Subfolders.
98 Security System Interactions User & Group Permissions are cumulative. Permissions you can ultimately exercise are a combination of the permissions granted to you as a user & the permissions granted to any group to which you are a memberEXAMPLE: The user is assigned READ permission to a particular folder. A group the user belongs to is assigned WRITE permissions to the same folder….the user has RW Permissions to that folder.There is ONE exception: The NO ACCESS permission overrides all others.HOWEVER, having NO ACCESS permission applied to a folder which contains a file for which the user has permissions does NOT prevent the user from opening the file from its respective application!The user can open the file, providing you use the local or UNC path to the file in the File Open dialog box of the application.
100 REMEMBERThe Individual Read, Execute, & Write permissions are slightly different from the Add & Read permissions because files do NOT inherit the List or Add permissionsNTFS permissions affect file & folder access for a local user & remote user...this adds a second layer of security to the network.
101 REMEMBERA good rule of thumb to remember between the interaction share permissions & NTSF is that the most restrictive permission applies. This is because share & NTFS permissions are NOT cumulative, but provide two layers of access.If the share permission for a particular user is READ, and the NTFS permission is FULL CONTROL, the user will have READ access. Or the user could exercise the FULL CONTROL permission by accessing the file locally instead across the network.
105 Features of the Client for Microsoft Networks Automatic setup of networking capabilities in Windows 98Windows 98 GUI integrates the networking capabilitiesClient-side cachingPlug and Play support (USB)Peer resource sharing services – Must be selectedAutomatic reconnection for lost server connectionsLong filenames for network resources --AVOID!
106 Monitoring and optimizing performance ProcessorRAMHard DriveNetworkFour areas tomonitor:
107 Troubleshooting tools Resource KitsBooks OnlineTechNetMicrosoft’s World Wide Web siteMicrosoft’s ftp siteMSNMicrosoft technical supportAdministrative tools (Event Viewer, Server Manager, etc.)
108 Creating partitions by using the FDISK & Disk Administrator utility PrimarypartitionC:FDISKunpartitioned disk(all free space)D:LogicaldrivesE:ExtendedpartitionF:
110 Installation sources Network drive sources: Shared CD-ROM or hard disk Local drive sources:CD-ROM or floppy disk
111 Virtual directories Actual structure Client sees C:\ InetPub\wwwroot Alias: <Home>D:\Data\DocumentsAlias:/Publishing\\Corpserver\Sales_Mkt\FilesAlias: /MarketingD:\Data\Corp\PromosAlias: /Marketing/Promos<Home>/Publishing/Marketing/Promos
112 The role of file and print servers printerRequests files and sends print jobsclient
113 The role of file and print servers (cont.) printerSends filesSends and monitorsprint jobsclient
114 Overview of the Windows NT printing process print requestprinter driverspoolerspoolerprinting deviceWindows 95 orWindows NT clientOccurs on clientOccurs onprint serverprint requestprinter driverspoolerprinting deviceother clientsOccurs on clientOccurs on server
115 Setting priorities between printers printer1: priority 99printer2: priority 1user36’scomputerPresident’suser36Presidentprintingdeviceprint server
116 Point and Print support Print Server Driver Names Location of Drivers Printer Info/ConfigWindows X X XWindows NT XNetWare X X
117 The Windows NT print process Print clientPrint server1. Applicationgeneratesprint request.2. Print driver loaded(locally or fromserver).3. Job partiallyrendered.4. Client spoolerreceives job.5. Client spoolercalls serverspooler.6. Server spoolerreceives job.7. Router determinesdestination printdevice.8. Print processorformats for printer9. Separator pageprocessed.10. Print monitorsends to device.11. Print deviceproducesoutput.can be same computer
118 Print troubleshooting guidelines Power on?On-line?Paper jam?Paper/toner?PrinterPhysical network problems?Printer shared?Correct user logged on?Correct permissions assigned?NetworkCorrect printer driver?Default printer?Printer port?Print from other application?Print to port or to file?Disk space for spooler?Spooler service running?Print server/ print client computer
119 The Intel boot sequence 1. Conduct Power On Self Test (POST)2. Load Master Boot Record (MBR)3. Load active partition’s boot sector4. Load NTLDRPreboot sequence1. Change processor to flat memory model2. Start minifile system (FAT or NTFS)3. Read BOOT.INI to build Boot Loader Menu4. Load operating systemBoot sequenceNTLDRIf Windows NTis not chosenIf Windows NTis chosen5. Load BOOTSECT.DOS5. Call NTDETECT.COM to examine hardware6. Begin Windows NT load phases
120 The RISC boot sequence 1. Select boot device Preboot sequence1. Select boot device2. Determine presence of bootable partition3. Verify supported file system4. Load OSLOADER.EXEBootsequence1. Initial boot sequence2. Begin Windows NT load phases
121 The Windows NT load phases Kernel load (screen shows progress dots)Kernel initialization (screen turns blue)Service load (blue screen shows progress dots)Subsystem start (Begin Logon dialog box appears)
122 . . ARC naming Multi IDE ESDI SCSI with multi(0)disk(0)rdisk(0)partition(1)\\WINNT= “NT Server”MultiIDEESDISCSIwithBIOSenabledwithoutdisk(0)SCSI busnumber for SCSI adapters or0 for all non-SCSI adaptersSCSIrdisk(0)First disknumbered 0Second disknumbered 1Used only in systems with non- SCSI disks (set to 0 with SCSI disks)partition(1)Partition ondisk that stores NT files0 = special partition and generally not used1 = First partition2 = Second partition.\WINNT =Folder that stores the Windows NT boot files“NT Server”Name of theoperating systemAppears in the boot menu(0)First adapterin systemnumbered 0Second adapternumbered 1.
123 Comparing file system characteristics NTFSFAT under NTFilename lengthFile sizeRestricted filename charactersCase in filenamesFile attributesDirectory structureSupported operating systemsSecurityCompressionFormattingMaximum partition sizeOptimal partition sizeFile system overhead
124 Comparing file system characteristics (completed) NTFSFAT under NTFilename lengthFile sizeRestricted filename charactersCase in filenamesFile attributesDirectory structureSupported operating systemsSecurityCompressionFormattingMaximum partition sizeOptimal partition sizeFile system overhead255 characters255 characters16 EB4 GB? “ / \ < > * | :? “ / \ < > * | :Case preserving; supportscase sensitivity for POSIXCase preservingElemental and extendedElemental (R,A,S,H)B-treeLinked listWindows NT; Windows 95;OS/2; DOSWindows NTPer-file and per-directoryNonePer-file, per-folder, per-drive3rd party utilitiesCan format floppy andhard disksCan format hard disks16 EB4 GB>400 MB<400 MB1-5 MB; recommendedminimum 50 MB partition<1 MB