Sysdiff

In addition to all of the automated tools to set up Windows operating systems, most applications are acquiring the ability to install themselves with no user interaction. However, not all applications can perform this feat. In response to this Microsoft has provided the tool Sysdiff (sysdiff.exe) to allow administrators to create difference packages. Table 11.8. describes Sysdiffs four-step process. Inventory Computer's Files and Registry Run the application to create package Apply the...

Backup and Recovery

Microsoft's included backup utility is a great improvement upon the one provided with earlier versions of its operating system. Before you rush out and purchase third-party programs to handle your backups, take a look at Microsoft's included utility,which is capable of performing backups even for large organizations. In addition to tape drives and hard drives, data can be backed up to a variety of magnetic as well as optical storage devices. Of course, it supports all the standard backup...

The Recovery Agent

Private keys are kept in a protective key store. If users lose their file encryption certificates and private keys, they can be recovered by using the recovery agent. The recovery agent, which can decrypt their files, is part of the recovery policy that is implemented when a user receives the first file encryption certificate. When the recovery agent receives the data recovery certificate, it should export it, store it in a safe place, and then delete the data recovery certificate from the...

Authoritative Restore

Once we restored our Windows 2000 computer in the previous exercise and then restarted the computer, the Active Directory will begin replicating directory objects across all domain controllers in this domain. If you remember, we can only restore the Active Directory on domain controllers. The Active Directory replicates similarly to the File Replication service. We performed nonauthoritative data recovery, which is the default method. Once restarted, this server will be brought up to date with...

Data Recovery

If the Encrypting File System is used, there will always be scenarios in which data recovery will be required for example, if a user loses a file and needs to restore it, or if users leave an organization and later have a need some for files they had worked on. EFS has built-in mechanisms to allow for many different situations that require data recovery. EFS accomplishes this by requiring that a recovery policy be set up before encryption is made available. This allows a person to be designated...

Copying and Moving Compressed Files and Folders

In Windows 2000, as in Windows NT 4.0, there are rules that determine the compression state when you move and copy files and folders within and between volumes. There are also rules that determine the compression state when you move and copy files and folders between FAT and NTFS partitions. Compression is a feature of NTFS volumes only and cannot be performed on a FAT volume. Copying compressed files and folders can cause performance degradation, because Windows 2000 uncompresses the file,...

Command Line Administration

As with most tasks in Windows NT Windows 2000, DFS administration can be done in several ways. The earlier examples used the DFS MMC snap-in to perform GUI administration. A command-line DFS administration tool ships with Windows 2000. This command-line tool can be used to script or automate the setup and maintenance of the DFS namespace, or can be used by an administrator who prefers to use the command line. The DFS command-line tool is called dfscmd.exe, and is located in systemroot system32....

Using Administrative Templates

Administrative templates, files with the extension .adm, are used in Windows 2000 to identify the registry settings that you can modify using the Group Policy snap-in. Windows NT 4.0 also used .adm files that were modified using the System Policy Editor. The .adm files used in Windows 2000 are similar to those used in Windows NT 4.0 in that they are ASCII files that are format compatible between the two operating systems. All .adm files consist of a hierarchy of categories and subcategories...

Setting the Special Access Permissions

The special access permissions are accessed much as are regular permissions. They can be thought of as advanced security settings. To set the special access permissions 1. Right-click the folder or file for which you want to change the permissions and select Properties. 3. Click the Advanced button to open the Access Settings dialog box see Figure 5.5 . 4. Ensure that the Permissions tab is selected. 5. Select the user for whom you want to change the permissions and click View Edit see Figure...