Microsoft Windows NT Server 4.0

Exam 70-067 Study Outline

Content created and copyright Ó 1998-1999, by David L. Woodall, all Rights Reserved

 

Disk Drive Configurations:

RAID Level 0 - Striping

2-32 Drives

Striping over multiple disks improves performance (Disk I/O) on reads and writes

No parity, CANNOT include Boot Partition

If any drive fails, all access to Stripe Set is lost

To Recover from Failure: Replace Drive, Restore from Tape Backup

RAID Level 1 - Mirroring and Duplexing

2 Disks, 1 or 2 Controllers

Reads are faster, Writes are typically slower

ONLY Fault Tolerant configuration that CAN include Boot Partition

If one Drive fails, other continues to function without interruption

To Recover from Failure on Primary (Boot) Drive:

  1. Boot from NT Boot disk
  2. In Disk Administrator, Break the Mirror and Delete the failed partition
  3. Copy Boot.ini from floppy disk to system partition
  4. Replace Failed Drive
  5. In Disk Administrator, Using the free space on the new drive, establish a new mirror set

To Recover from Failure on Secondary Drive:

  1. In Disk Administrator, Break the Mirror and Delete the failed partition
  2. Replace Failed Drive
  3. In Disk Administrator, Using the free space on the new drive, establish a new mirror set

 

RAID Level 5 - Striping with Parity

3-32 Drives, MORE data capacity than Raid 1

Reads are MUCH faster, Writes are typically slower

CANNOT include Boot Partition

To Recover from Failure of any Single Disk :

  1. Replace failed drive
  2. Use Disk Administrator to Regenerate the Stripe set using the free space on the new drive

Protocols

NT uses 3 Primary Protocols:

  1. TCP/IP

    2. Routable, Relatively High Overhead

    Slower than NWLink and NetBeui

    Requires the most configuration

    Configuration Parameters for TCP/IP

    1. IP Address

  2. Subnet Mask - indicates which portion of IP address is used for Network address, and which is used to identify the unique host
  3. Default Gateway - for routing outside the current Subnet
  4. NWLink

Routable, Slightly lower overhead than TCP/IP but does not offer all the features of TCP/IP (DHCP, WINS)

Faster than TCP/IP, but slower than NetBeui

Requires Frame Type configuration (802.2 in NW3.12 and higher, 802.3 in 3.11 and lower, SNAP in Mac)

Configuration Parameters for NWLink:

  1. Internal Network Number - Identifies a unique address that is used by NetWare. Use if ;
  1. You are running FPNW
  2. You are using an NT Server as an IPX Router

2. Frame Type

 

  1. NetBeui

Not Routable, Lowest Overhead

Fastest and Efficient, Implements the NetBios Frame Transport Protocol

Requires NO CONFIGURATION

NT Server Roles

PDC - Primary Domain Controller

ONE per Domain, contains the only READ/WRITE copy of the SAM database

Can become a BDC on promotion of a BDC, but requires re-installation to become a Member Server

CANNOT switch Domains without re-installation

BDC - Backup Domain Controller

None required, but recommend one and one additional for each additional 2000 users. Placement of the BCD's is a strategic decision that directly affects WAN traffic through Authentication and SAM Replication.

Can become a PDC, but requires re-installation to become a Member Server

CANNOT switch Domains without re-installation, because it shares the SID of the PDC

Member Server

None required, does not contain the SAM database

CANNOT become a PDC or BDC without re-installation

CAN switch Domains

Configuring NT Core Services

Directory Replicator

Used to maintain EXACT directory structures on multiple computers

  1. WILL ONLY REPLICATE DIRECTORIES AND FILES IN %SystemRoot%\Winnt\system32\REPL\EXPORT…WILL NOT REPLICATE OPEN FILES
  2. The Export Computer MUST BE an NT Server
  3. The Import Computer can be an NT Server or Workstation
  4. Both Computers must be running the Directory Replicator Service
  5. A USER ACCOUNT MUST BE CREATED IN THE NT DOMAIN TO ALLOW THE DIRECTORY REPLICATOR SERVICE TO RUN. THE USER ACCOUNT MUST BE A MEMBER OF THE REPLICATOR AND BACKUP OPERATORS GROUP
  6. Directory Replication is configured through Server Manager on BOTH machines

NT Backup

Can be used to backup shared drives that the computer is connected to

Can be automated with the use of AT Commands from DOS Command Prompt

NT Server Service

Accessed through Control Panel>Network>Services>Server Service>Properties

Can Be Optimized For:

  1. Minimize Memory Used - If Server is used mainly as a workstation, and fewer than 10 connections
  2. Balance - If Server is used as a workstation AND a Server, supports 10-64 connections
  3. Maximize Throughput for File Sharing - If Server is a Domain Controller or File and Print Server
  4. Maximize for Network Applications - If Server is used as an APP Server

Other NT Services

Accessed through Control Panel>Services, or through Server Manager

ARC (Advanced RISC Computing) Naming Convention

multi or scsi(0)disk(0)rdisk(0)partition(0) where:

  1. Multi(x) - used always EXCEPT when SCSI has BIOS DISABLED. (beginning at 0)
  2. Disk(x) - with Multi, will always be 0. With SCSI will be SCSI bus number (beginning at 0)
  3. Rdisk(x) - with SCSI will always be 0. With Multi, will be the ordinal number of the disk Partition(x)
  4. Partition(x) - Ordinal number of the partition (beginning at 1)

Configuring Various Clients

NT Workstation

To add an NT Workstation to the Domain:

  1. Create a Computer Account through Server Manager
  2. At the Workstation, Control Panel>Network>Identification Tab, Specify the Domain the Workstation should belong to

Win95

  1. Control Panel>Network>Configuration Tab, Add the CLIENT for Microsoft Networks
  2. Highlite the Client , Select Properties, Check LOGON to Windows NT Domain, and specify the Domain to logon to

MS-DOS

By Default, do not have networking software. TO support them you can use the NETWORK CLIENT ADMINISTRATOR to create an installation disk set for the NETWORK CLIENT v3.0 for MS-DOS and WINDOWS CLIENTS

NT User Rights

Regular User Rights

User Right

Default Membership

 

 

Access This Computer from the Network

Everyone, Admins

Add Workstations to the Domain

Account Ops, Admins

Backup Files and Directories

Server Ops, Backup Ops, Admins

Change the System Time

Server Ops, Admins

Force Shutdown from a Remote System

Server Ops, Admins

Load and Unload Device Drivers

Admins

Log On Locally

Server, Backup, Account, Print Ops, Admins

Manage Auditing and Security Log

Admins

Restore Files and Directories

Server Ops, Backup Ops, Admins

Shut Down the System

Server, Backup, Account, Print Ops, Admins

Take Ownership of Files or Other Objects

Admins

Profiles and System Policies

Local User Profiles

When User Logs On for first time, a profile is created on the LOCAL computer in \WINNT\PROFILES\%Username%

Roaming User Profiles

  1. Create a network share in a folder on the Domain Controller that contains the User Profile
  2. In the User Environment Profile dialog box (in User Manager), specify the UNC path to the directory that contains the roaming profile

Mandatory User Profiles

Rename NTUSER.DAT, TO NTUSER.MAN. If the PDC is down, the User will not be able to Log On.

System Policies

Named Config.pol

Used to configure the User's environment. Configured through SYSTEM POLICY EDITOR, which actually edits The Registry.

Can be applied to Users, Groups, or Computers.

Should reside in \WINNT\SYSTEM32\REPL\IMPORT, which is the NETLOGON share.

Remote Administration

Win95

A Win95 computer with NT Administrative Tools installed can access:

  1. User Manager for Domains
  2. Server Manager
  3. Event Viewer

NT Workstation

An NT Workstation with Administrative Tools installed can access:

  1. User Manager for Domains
  2. Server Manager
  3. Event Viewer
  4. DHCP Manager
  5. WINS Manager
  6. System Policy Editor
  7. Services for Macintosh Editor
  8. Remote Access Administrator
  9. Remoteboot Manager

Server Manager

Allows:

  1. Manage a Computer's Properties Remotely
  2. Mange Shares on a Remote Computer
  3. Manage Services on a Remote Computer

Allows you to see:

  1. Services Running
  2. Users Attached to the Computer
  3. Resources Being Accessed
  4. Configuration of Directory Replication

Connectivity

Gateway Services for NetWare

  1. Only Installed on NT Servers
  2. Allows clients attached to the NT Server to access NetWare file and print resources
  3. Only uses one NetWare user connection
  4. Slower than CSNW, All users have same permissions
  5. Requires Creation of the NetWare Group NTGATEWAY, and addition of Gateway User account to that Group

Client Services for NetWare

  1. Installed only on NT Workstations
  2. Requires a User Account and license on the NW Server

File and Print Services for NetWare

  1. Installed on NT Servers
  2. Allows NT Server to emulate an NW Server so that NW users can access NT file and print resources

Migration Tool for NetWare

Items that can be Migrated:

  1. User Accounts
  2. Group Accounts
  3. Specified Files and Directories
  4. NetWare permissions on files and directories (MUST be migrating to an NTFS partition)

Items that CANNOT be Migrated:

  1. User Passwords
  2. Login Scripts
  3. Print Queues and Print Servers
  4. User Account Manager and Workgroup Manager specification

Prerequisites to Using the Migration Tool for NetWare

  1. You must be logged in with Administrative rights on BOTH machines
  2. You must be migrating to an NT Domain Controller if you are migrating User and Group Information
  3. NWLink must be installed
  4. The NT Server must have GSNW installed

The Mapping File

Used to specify how Users, Groups, and Passwords will be used on the NT Server. It is the most intensive migration option, but provides the best continuity of password security during the migration.

Duplicate Group and Password Options

  1. Log Error
  2. Ignore
  3. Overwrite with New Info
  4. Add Prefix

 

 

 

RAS

Supports:

  1. PSTN - through analog modems
  2. ISDN - through ISDN adapters
  3. X.25 - Packet Switching Network Protocol
  4. PPTP - via the Internet
  5. RS232 Serial Null Modem Cables

RAS Protocols

WAN Protocols

1. SLIP

  1. No Error Checking
  2. No Security
  3. No Flow Control or Data Compression
  4. YOU CANNOT "SLIP" INTO NT

2. PPP

  1. Supports Encrypted LogOn
  2. Supports NetBeui, IPX, and TCP/IP
  3. Optimized for Low-Bandwidth Connections

LAN Protocols

  1. NetBeui
  2. IPX
  3. TCP/IP

RAS Encryption

Accessed Through Control Panel>Network>Services>Remote Access Service>Properties

  1. Allow any Authentication including Clear Text (MS-CHAP, SPAP, PAP)
  2. Require Encrypted Authentication (MS-CHAP, SPAP)
  3. Require Microsoft Encrypted Authentication (MS-CHAP)

 

 

Monitoring and Optimization

Processor

Counters to Monitor

Counter

Description

Acceptable Value

Likely Cause/Solution

 

 

 

 

%Processor Time

Percentage of time that the processor is busy performing useful tasks

Under 80%

Add Additional Processor or Upgrade Existing Processor

Interrupts Per Second

The number of device interrupts the processor is handling each second

Under 3500 on a Pentium or RISC computer

Poorly Written Program or Device Driver, or Failing Hardware

System Processor Queue Length

The number of outstanding requests the processor has in the queue

Under 4

Add Additional Processor or Upgrade Existing Processor, or move Applications to another Server

 

Memory

The MOST LIKELY CAUSE OF POOR PERFORMANCE!

Counters to Monitor

Object

Counter

Acceptable Value

Description

 

 

 

 

Cache

Data Map Hits%

N/A?

Specifies the percentage of requests that can be processed through Physical RAM as opposed to having to access the data from disk

Memory

Pages/Sec

0-20

Specifies the number of Pages that were written or read from Disk because the pages were not available through RAM or Cache memory

Memory

Available Bytes

4MB OR 20% of Physical Memory, whichever is Greater

Shows how much RAM is available for caching.

 

 

Disk

Counters to Monitor

Object

Counter

Acceptable Value

Description

 

 

 

 

Logical Disk or Physical Disk

Average Disk Queue Length

0-2

The average number of outstanding requests that the disk is waiting to process

Logical Disk or Physical Disk

%Disk Time

Under 50%

The percentage of time that the disk is busy processing read or write requests

Troubleshooting RAS

  1. Ensure that the RAS SERVICE is Running
  2. Make sure the User has RAS permissions
  3. Verify that the Client is Using PPP
  4. Make sure the Client and Server are using a common Protocol
  5. Ensure that the Client and Server have a common Encryption Environment

Troubleshooting TCP/IP

Utilities

  1. PING
  2. IPCONFIG - and the /all switch for verbosity, /renew and /release for dropping and renewing DHCP configuration
  3. ARP - Used to view the local ARP table of mappings between IP addresses and local MAC addresses
  4. NETSTAT - Used to show TCP/IP statistics and any current connections
  5. ROUTE, IPXROUTE - Used to verify that all of the local routing tables are properly defined
  6. TRACERT - Used to trace the route of a packet across the network

To determine if the problem is protocol or hardware related, try installing NetBeui. If you are able to browse local resources, then you know that the hardware is ok.

Content created and copyright Ó 1998-1999, by David L. Woodall, all Rights Reserved