Fonts

Managed object format (MOF) file that can be compiled to provide extended attributes to the common information model repository (CIM) of Windows Management Instrumentation (WMI). Domain rename tool. Used to rename domains that are running in the Windows Server 2003 domain functional level. Windows NT 4 Internet Authentication Service (IAS) Table 2-3. Files on the Windows Server 2003 Media (continued) TTCP.EXE Previously part of Windows Resource Kits, this tool is used to generate raw TCP or UDP...

ARC Path Statements

On x86 computers, there are two structures available for the ARC path a line that begins with multi() or a line that begins with scsi() A is the ordinal number for the adapter (the first adapter is 0, which should be the boot adapter). B is disk parameter information, and is used only with the scsi() syntax. C is the ordinal for the disk attached to the adapter. D is the partition number, and the first number is 1 (as opposed to adapters and drives, which begin numbering with 0). The way the A,...

Query for Task Information

You can view a list of tasks by entering schtasks query at the command line. The resulting display includes all tasks, including those created in the Task Scheduler GUI and by using schtasks.exe at the command line. This is an important difference between the capabilities of schtasks.exe and AT.exe. Increase the power of the query parameter by using the following syntax schtasks query s ServerName fo format nh v s ServerName specifies a remote computer as the target for the command. fo format...

Windows Server The Complete Reference

With Rich Benack, Christian Branson, Kenton Gardinier, John Green, David Heinz, Tim Kelly, John Linkous, Christopher McKettrick, Patrick J. Santry, Mitch Tulloch New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright 2003 by The McGraw-Hill Companies, Inc. All rights reserved. Manufactured in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may...

Ntlm

NTLM is the authentication protocol for transactions when at least one computer involved in the transaction is running Windows NT 4. Windows Server 2003, like Windows 2000, supports NTLM authentication. It's important to remember that this doesn't just mean it's possible for Windows NT 4 computers to authenticate when accessing a Windows Server 2003 computer it also works the other way around. Windows Server 2003 supports NTLM in both directions, and therefore will use NTLM when accessing a...

An Overview of Color Management

While it's beyond the scope of this book to enter into a deep and detailed discussion of the color management utilities included in ICM, it seems worthwhile to present an overview so you can decide for yourself whether you need to investigate this feature more fully. ICM uses APIs to configure colors for input and output devices (monitor, scanner, and printer). You can assign color profiles to printers so that users can access those profiles. The color profile has the data needed to send codes...

L

Ramove jsii fofctars Irani the Start. Meru Net ccc Qjred ifi Remove nr.5 and & i s le Windows Update Net crr gjr d Remove conmcn program gntps from Star Menu Net -err gj red Remave My L'a arresta toon f*wn Stal Maro Net acivgjred l Remove Doetiren s -maro fron Start Maro Net aenr jred Remove orograms on Settings menj Not ccrfgjred Remove Meiwoik Comedien* from Slat Menu Net ccr gj red s M Remave Favo its g mero ruar. Start Hero Net aenrgjred Ramove Saacct menu from Slat Manu Net cctf -ired...

Note

Windows Server 2003 offers the same LPR functionality as Windows 2000. That doesn't mean you won't need LPR it just means you won't need it for printing over TCP IP within the Windows Server 2003 environment. However, you will need LRP to provide printing services in an environment that includes UNIX. LPR protocols permit client applications to send print jobs directly to a print spooler on a print server. The client side of this is called LPR, and the host side is...

NTLM Authentication

Microsoft Windows 9x and Windows NT operating systems cannot use Kerberos, so they use NTLM for authentication in a Windows Server 2003 domain. There are security weaknesses in NTLM that can allow password crackers to decrypt NTLM-protected authentication. To prevent this, NTLM version 2 was developed by Microsoft. Windows 2000 clients and servers, as well as XP, will continue to authenticate with Windows Server 2003 domain controllers using Kerberos regardless of whether NTLM or NTLMv2 is...

Arp

The ARP utility displays the current contents of the system's Address Resolution Protocol cache. This cache contains the MAC addresses and IP addresses of the machines on your local network that have recently been involved in TCP IP communications. The syntax is arp -a InetAddr -N IfaceAddr -g InetAddr -N IfaceAddr -d InetAddr IfaceAddr -s InetAddr EtherAddr IfaceAddr -a InetAddr -N IfaceAddr lists current ARP cache tables for all interfaces. To display the ARP cache entry for a specific IP...

Mppe

MPPE can encrypt data in PPTP VPN connections. It supports the following encryption schemes Strong 128-bit encryption for use only within the United States and Canada To use MPPE, you must use either MS-CHAP or MS-CHAPv2 authentication protocols. Despite popular belief, IPSec is actually a collection of cryptography-based services and protocols. It provides authentication as well as encryption to a VPN connection that uses L2TP. However, L2TP still uses the authentication methods, such as EAP...

Show File Extensions to Avoid Danger

There is one change in the View options you should make for all users and all computers on your network. Deselect the option Hide extensions for known file types. This is a dangerous setting and I've never understood why Microsoft makes it the default setting. This setting probably launches more viruses than we'll ever know about. Even with diligent attention to keeping your antivirus software up to date, you can get a new virus before a detection method is available from your antivirus...

Working with Removable Storage Manager

You'll find some complications inherent in the Windows Server 2003 backup utility if you back up to tape devices. The need to manage tape media with the Removable Storage Manager (RSM) and the media pool has made backing up to tape more complex. If you're migrating from Windows NT 4, especially if you used batch files to back up, you're probably going to have mixed emotions about the new features in the backup utility. For many organizations, tapes used to be merely another media form, and...

NTFS Permissions vs Share Permissions

When you share a resource (for example, a folder), you can set permissions for the share, even if the volume on which the share resides is formatted with FAT or FAT32. Share permissions apply to any user accessing the share from a remote computer they're ignored for local users. NTFS permissions, on the other hand, affect every user, whether local or remote. To set share permissions, click the Permissions button on the Sharing tab of the share's Properties dialog. By default, the Permissions...

Lmhosts

When a NetBIOS broadcast fails, the next alternative is to consult the LMHOSTS file on the local computer. You can see an example in the systemroot system32 drivers etc folder. Unlike HOSTS files, LMHOSTS files have additional options for name resolution, including but not limited to the following PRE An entry preceded with this keyword will be preloaded into cache on system startup. DOM domain name This keyword is needed for domain validation across a router, and for domain browsing, and...

Info

The Add Edit Port Rule window allows you to assign a port rule to a single virtual cluster, or to all the NIC's clusters. Protocols Select the specific TCP IP protocol that the port rule covers (TCP, UDP, or both). The network traffic for the protocol that is named here will be the only traffic that is affected by this rule. All other traffic will be handled using the default filtering mode. Filtering Mode To specify that multiple hosts in the cluster will handle network traffic...

Port Rules

Port rules help determine the way the cluster traffic is handled for each port, which makes it easier to configure and control clusters. The method by which a port handles network traffic is referred to as its filtering mode. The Port Rules tab, shown in Figure 24-4, displays current port rules. Clicking the Add or Edit button brings up the dialog shown in Figure 24-5, where you can create or modify port rules. You create a port rule by specifying a set of configuration parameters that define...

Joining the Console Session

A server that's enabled for remote desktop can support two remote sessions in addition to the regular (interactive) console session. You can also take over the console session remotely if you have some reason to work exactly as if you were sitting in front of the computer. If you do so, you bump the current interactive user, if one is logged on. If you're running remote desktop 5.2 (or higher), you can perform this action in the GUI, but if you're working with version 5.1, you must use the...

Reg Copy

Use the reg copy command to copy a registry entry to a new location in the local or remote registry. The syntax is reg copy Machine SourceKey Machine DestinationKey s f Machine SourceKey is the computer name and registry path for the source computer. Omit the machine parameter if the source is the local computer. Machine DestinationKey is the computer name and registry path for the target computer. Omit the machine parameter if the target is the local computer. s copies all subkeys beneath the...

Update Security Level

This policy setting specifies whether the computers to which this setting is applied use secure dynamic update or standard dynamic update for registration of DNS records. To enable this setting, select Enable and choose one of the following values Unsecure Followed By Secure If this option is chosen, then computers send secure dynamic updates only when nonsecure dynamic updates are refused. Only Unsecure If this option is chosen, then computers send only nonsecure dynamic updates. Only Secure...

Grouping Taskbar Buttons

The taskbar gets crowded with buttons when you're working with multiple applications, or with multiple documents in an application. Windows Server 2003 offers a new feature, button grouping, that makes it easier to see and use taskbar buttons. As the taskbar becomes more crowded, the button grouping feature changes to accommodate the increased number of buttons. To start, Windows Server 2003 displays adjacent buttons for documents opened by the same application, so you can find (and switch...

Configuring a Custom RRAS Configuration

The last path through the RRAS Setup Wizard allows you to create a custom configuration using any of the available RRAS features. When you use the Custom configuration path through the RRAS Setup Wizard, the wizard installs the RRAS components necessary to support the connection types you request, but does not prompt for any information to set up specific connections this task is left to your discretion following completion of the wizard. To enable RRAS with a custom configuration 1. Open...

Set Default Document Priorities

The Advanced tab also has a Priority text box, which represents the default priority level for each document sent to the printer. By default, the priority is 1, which is the lowest priority. You can change the default priority to any number between 1 and 99. Setting a priority level for the documents that arrive at a printer is meaningless. The only way to make priority levels work is to establish multiple virtual printers and set a different priority for each. Print jobs that are sent to the...

Configuring NWLink

After installation is complete, configure the parameters for the NWLink IPX SPX NetBIOS Compatible Transport protocol (see Figure 14-2). NWLink Frame Type The Frame Type parameter defines the way data is formatted as it travels across the network. Servers and workstations cannot communicate with one another over NWLink when they use different frame types. By default, Windows Server 2003 detects the frame type for you. Automatic frame detection configures NWLink to receive only one frame type...

Cnf

Type MD L File Date Modified 3 19 2003 1 07 PM Size 36.7 KB 36.7 KB Figure A-15. Initial metabase backup files you can use this backup later to restore IIS to its immediate post-installation state. Note that two files are backed up The metabase configuration file (Metabase.xml) is backed up as an *.MD1 file. The metabase schema file (Mbschema.xml) is backed up as an *.SC1 file. To manually back up the metabase at any time using IIS Manager, follow these steps 1. Right-click on the node in IIS...

Free Media Pools

Free media pools hold media that are not currently being used by applications. The media is available for use by any application that needs it. It's assumed that any data on the media is not needed, usually because the data is an old backup and would not be useful for a restore procedure. You can configure RSM to have applications draw media from the Free media pool automatically, whenever an application runs out of media in its own pool. If you don't configure automatic draws from the Free...

Lms

U se one of the following basic share permissions or create custom share and folder permissions. 11 users have read-only acc s f Administrators have full access other users have read-only access f- Administrators have full access other users have read and write access f Use custom share and folder permissions j Permissions you set on this page only control access to the share you might also want to sel permissions on individual fil s and folders, For more information about permissions, see...

Custom Templates

By default, you have access to more than 700 Group Policy settings. Even so, you might need to create additional policy settings to support a new piece of software your organization has purchased, or if you want to manage registry settings not configurable through existing Group Policy settings. You can perform these tasks three ways Add administrative templates already in Windows Some .adm files are available only by adding them using GPOE. Create new Group Policy extensions Before you do...

Copying a User Account

After you've filled in configuration options for a user, you can copy the user's settings to another, new, username to avoid having to configure the new user from scratch. In the details pane of the Users container, right-click the username you want to use as the source, and choose Copy. The Copy Object-User dialog opens, which is a blank new user dialog. Enter the new user's information and password options as described in the preceding paragraphs. The best way to use the copying feature is to...

Active Directory Users and Computers

Active Directory Users and Computers is your interface for managing Active Directory objects such as users, computers, and groups. To view your install of Active Directory, select Start Programs Administrative Tools Active Directory Users and Computers (see Figure 19-1). Active Directory Users and Computers looks similar to Windows Explorer. It has folder icons and objects contained in the folders. These folders are known as organizational units (OUs) and containers. OUs are the folders with...

Iis

1 Console Root EJ-JJ1 Local Computer Policy B ij Computer Configuration El LJ Software Settings El LJ Windows Settings iSj Scripts (Startup Shutdown) Rp Security Settings i+i j Account Policies H-CI Local Policies 0- J User Rights Assignment B-Ci S ecurity Options Ei-Q Public Key Policies l+1-P l Software Restriction Policies EIP Security Policies on Local Computer El LU Administrative Templates 0 User Configuration 0 Audit bp Audit i Audit t Audit Audit Audit Audit Audit Audit account logon...

Running Programs after Sysprep Is Finished

In addition to providing customized system information, SYSPREP can install software and run programs on target computers after the installation of Windows Server 2003. There are frequently times when you'll want to do this. For example, applications cannot be installed on the master image computer if these programs rely on Certificate Services or Clustering Services or integrate with Active Directory, yet you may want these programs installed automatically immediately after SYSPREP is...

Using Pushd and Popd to Access Remote Computers

The cd command doesn't work with a UNC address, so you can't move to a remote share as easily as you can on your local computer. However, you can use pushd to automatically assign a temporary drive letter to a remote share, and move to that share automatically. Then, you can use popd to remove the temporary drive letter. The following sections on pushd and popd assume that command extensions are enabled for the command processor (the default state of Windows Server 2003). If you disable command...

Changing the Rules for Recovery Console

Feeling hemmed in by the rules and restrictions that are imposed by the Recovery Console Well, break out and change them. Microsoft has built in an escape hatch if you're ready to step out of the confines proscribed by the default Recovery Console environment. Before you leap, however, take a moment to remember that you're playing around with some very powerful commands, and your playing field is the section of the computer that contains the heart of the operating system. If you widen your...

Installing RIS Images on Client Computers

Once images have been created, the process of actually installing a RIS image to a client computer is fairly simple. If the client computer has a PXE-enabled network adapter, and the client is located on the same network segment as the RIS server, you can simply turn on the computer. Otherwise, if your client computer's NIC doesn't support PXE, you can create a RIS Boot Disk. Remember that the RIS Boot Disk only supports a limited selection of network adapters if your NIC doesn't support PXE,...

M

The program msinfo32.exe is located in the Program Files Common Files Microsoft Shared MSInfo folder, which, by default, is not in your path. However, you don't have to wend your way through that path to open the program you can overcome the problem in either of two ways Enter winmsd at the command prompt. (Winmsd.exe, which appeared in Windows NT, launched the Windows NT diagnostics application. In Windows Server 2003 Windows 2000, winmsd.exe is an application stub that launches msinfo32.exe.)...

Understanding a Subnet

Subnet masking is occasionally more complicated than the examples given thus far. Sometimes the dividing line between the network and the host portions of an IP address does not fall neatly between the octets. A subnet is simply a logical subdivision imposed on a network address for organizational purposes. For example, a large corporation that has a registered class B network address is not likely to assign addresses to its nodes by numbering them consecutively from 0.0 to 255.555. The more...

Activating after the Grace Period

If you don't activate Windows within the grace period, the operating system won't let you log on to the computer. However, Windows won't shut down a running computer, so you'll encounter the problem when you restart the computer. If you restart the computer after the grace period and can't log on, you'll have to restart your computer and boot into Safe Mode Minimum (not Safe Mode with Networking). Then, choose Start I Programs I Activate Windows. If your Internet connection is over your LAN,...

Creating Custom MMC Consoles

Once you complete the Delegation of Control Wizard, the selected groups should then be able to perform administrative tasks. You can create custom Microsoft Management Consoles (MMCs) and then distribute them to the individuals you delegated authority to. By creating custom MMCs, you can customize the administrative interface to the objects so that the delegated administrators only see what they have permission to administer. In the following procedure we will create a custom MMC for displaying...

I

GuiRunOnce works by modifying the HKEY_CURRENT_USER Software registry key, and adding each command to this value. Each command runs synchronously, which means the commands are processed in order, and the next command doesn't execute until its previous command finishes. An important limitation of the GuiRunOnce section is that programs run in the context of the logged-on user. If the user logging on to the server doesn't have the necessary privilege to run a command in the GuiRunOnce section,...

Urr

HAL (Hardware Abstraction Layer), loading during operating system boot, 150 HAL, role in automated installations, 34-35 handling priority, setting for NLB port rules, 800 hardware bootup, overview of, 144-145 hardware component inventory sheet, example of, 20 hardware, documenting prior to installation, 19-20 Hardware key, listing in registry, 103 hardware requirements for installation, overview of, 16-18 HCL (Hardware Compatibility List), contents of, 16 headless computers, installing and...

Configuring Internet Connection Sharing

Looking for a simpler way to configure an Internet-connected computer as a router with NAT, in order to share that Internet connection Internet Connection Sharing (ICS) Figure 13-25. Selection custom configuration options may be just the ticket. ICS is a simple alternative to RRAS, intended for SOHO. In a simple one-step process, ICS does the following 1. Reconfigures the IP address of the LAN adapter that connects to the local network to 192.168.0.1, with a subnet mask of 255.255.255.0 (or...

C

Of dir command, 214 of more command, 216 C parameter in multi() syntax, 159 in scsi() syntax, 160 in x86 ARC path statements, 158 cabs subfolder, contents of, 918-919 cached data, using with RSS, 572 cache.dns file, description of, 402 caching-only server DNS queries, dynamics of, 396 callback, role in RRAS, 448-449 Called-Station-ID remote access policy, description of, 475 caller ID, using with RRAS, 449 carrier-based VPN, explanation of, 449 CD booting to, 29-30 installing from, 29-32...

NTFS Master File Table

Instead of a File Allocation Table, NTFS uses a special file called the Master File Table (MFT) to track all the files and directories on a volume. The size of the MFT is dynamic, and is automatically extended when necessary. The MFT is really an array of records, which you can think of as a database of all the files on the system. Each record in the MFT is usually fixed at 1K, and the first 16 records contain information about the volume. These volume-specific records are called the metadata...

Prepopulating a Roaming Profile

Earlier in this chapter, I discussed the fact that you can copy a local profile to the local default user profile, to make the default user profile match the configuration options you'd prefer. You can also copy a local profile to the Profiles folder on the server that's holding user profiles If the roaming user has a local profile on a workstation, copy that profile to the server. Then, when you enable roaming profiles for the user, and he logs on to the domain from any other computer, his own...

Merging a Registration File

Registration files work by merging the contents of the .reg file with the registry, via Regedit.exe. There are three ways to send the contents of the file to the registry Double-click the file (the default associated action for a .reg file is merge). Enter Regedit filename.reg at the command line. Choose File Import from the Regedit menu bar. If you want to run .reg files from the command line in quiet mode, or write batch files that merge.reg files without user intervention, use the Regedit...

Using Cleanmgrexe

The command-line version of the disk cleanup tool, cleanmgr.exe, offers a number of switches you can use to automate the cleanup process and make it more efficient. (Incidentally, cleanmgr.exe doesn't appear in the command-line reference section of the Windows Server 2003 help files, so you might want to put a bookmark in this page.) Cleanmgr.exe supports the following command-line switches d driveletter Selects the drive you want to clean. sageset n Displays the Disk Cleanup Settings dialog so...

Creating a Demand Dial Interface

You can also use NAT when connecting to the Internet using the features of dial-up networking. Windows Server 2003 supports demand-dial connections using dial-up modems, ISDN or other supported physical devices, VPN connections, and Point-to-Point Protocol over Ethernet (PPPoE). To configure a demand-dial interface with NAT, begin the process as described in the previous numbered list. In Step 4, select Create a new demand-dial interface to the Routing and Remote Access Server Setup Wizard You...

Windows Settings

Windows Settings are available in the Computer Configuration and User Configuration nodes in GPOE. User Configuration Windows Settings apply to all users regardless of which computer they use. This node also contains five extensions Remote Installation Services, Scripts (startup, shutdown, logon, and logoff), Security Settings, Folder Redirection, and Internet Explorer Maintenance. Remote Installation Services You can use Group Policy to control whether the user of a Remote Installation...

Telnet Security

By default, only members of the local Administrators group can connect to the Windows Server 2003 telnet server. When a client connects, the remote user must enter a username and password that is valid on the server, and has administrative permissions. A command window opens and the client user can perform tasks, but cannot use any applications that interact with the desktop. If you create a local group named TelnetClients, any member of that group is also allowed to connect to the telnet...

Preparing the Master Image

Before you can deploy a customized image using SYSPREP, you must prepare a master image that contains the fully configured copy of Windows Server 2003 that will be copied to the target computers. Building a master image is a very detailed process. Because every file and device configuration on the image you are creating will be used on one or more target computers, it's critical that the master image contain the right components no more, no less. Start by identifying all the Windows Server 2003...

Host Parameters

The Host Parameters tab of the Network Load Balancing Properties dialog offers options that apply to the host in question. This section presents guidelines for configuring this (and every other) host computer in the cluster. Figure 24-3 shows the available Host Parameters configuration options. Figure 24-3. Each node of an NLB cluster must have a unique Priority, but need not have a dedicated IP address. Priority (Unique Host ID) The priority ID is this host's priority for handling default...

RIPrep Setup

The RIPrep method allows creation of actual images of servers, desktops, and notebooks. This image is stored by the RIS server in the same directory structure as the Flat Image files. A description is also added to the RIPrep image so that selection is available on the client-based RIS menu. The RIPrep host may contain multiple software or server applications already preloaded and configured and is a much more through deployment than just the Flat Image technique. The RIPrep data collection...

TCP Header

The header of a TCP packet is complex, even though it is the same size as the IP header, because it has a great deal to do. The TCP header is carried within the IP header and is read only by the end system receiving the packet. Because the destination system must acknowledge receipt of the transmitted data, TCP is a bidirectional protocol. The same header is used to send data packets in one direction and acknowledgments in the other direction. The TCP header is formatted as follows Source Port...

Save System Data to a File

You may be asked to save the system information in a file, and then e-mail the file to a support technician (or upload the file to a web site). To accomplish this, choose File Save and enter a location and filename in the Save As dialog. System information files are saved with the extension .nfo. By default, Windows Server 2003 .nfo files are saved for version 7.0 of System Information. The Save As dialog offers a second file type for version 5.0 6.0 .nfo files. Use this file type if you're...

Overview of the Registry

The registry grew out of a number of control files and databases that existed in previous versions of Windows, traveling a logical road to today's incarnation of the way Windows Server 2003 stores settings. Microsoft Windows 3.1, which was the first widely used version of Windows (especially in business), used three file types to define a computer's hardware and application software for the operating system. Two of the file types were initialization files, which have the extension .ini, and the...

Public Key Infrastructure and Windows Server Authentication

Windows Server 2003 uses certificates for a variety of functions, such as smart card authentication, web server authentication, secure e-mail, Internet Protocol security, and code signing. A certificate is a digital document issued by an authority to vouch for the identity of a certificate holder. It associates a public key with a person, computer, or service that holds its corresponding private key. A certificate generally includes information about the person or system the certificate is...

Broadcast Name Resolution

When NetBIOS names are resolved using broadcasts, it is the responsibility of all registered systems to respond to requests specifying their names. A computer using broadcast name resolution generates the same NAME QUERY REQUEST packet as a WINS client, except the query is broadcast to all the systems on the local subnet. Each system receiving the packet must examine the name for which the IP address is requested. If the packet contains an unrecognized name, it is silently discarded. A computer...

NTFS Compression

NTFS file compression is a built-in function of the file system. You can compress the data on an entire volume, in a specific directory, or in a specific file. To enable compression, open the Properties dialog of a volume, directory, or file, and use the General tab as follows For a volume, select the option Compress Drive To Save Disk Space. You are asked if you want to apply compression only to the root, or include all the folders. For a folder, click Advanced, and then select the option...

Requirements for Using Group Policy

Back in the days of Windows NT, Windows computers were managed by using system policy or by permanently tattooing the registry of your clients. System policy is based on registry settings set when you use the System Policy Editor, Poledit.exe. From Windows 2000 on, Group Policy added much greater flexibility for management, plus secsetconcepts.chm, spolsconcepts.chm, secsettings.chm Wireless Network (IEEE 802.11) Policies Table 22-2. Windows Server 2003 Group Policy-Related Help Files you can...

Understanding the Synchronization Process

As computers running Windows 2000 and later log on to the domain, the Windows time service checks the time on an appropriate computer to determine the target time, which is the time the computer wants to match on its own clock. For DCs, the target time is the time on the authoritative time server. For all other computers, the target time is the time on the authenticating DC. If the target time doesn't match the time on the local clock, the logging-on computer takes the following steps to adjust...

Last Known Good Configuration

Use this option to start Windows Server 2003 with the registry settings that were saved at the last normal shutdown. This option doesn't solve problems caused by missing or corrupt drivers, but it's useful in overcoming problems caused by configuration changes you made in your last session. Those changes are lost, which is usually a good thing. Windows uses the registry to determine, and load, the last known good configuration, which is the configuration that was written to the registry after a...

Transfer the RID Master Role Using the Current Role Holder

To transfer the RID master role while working at the current role holder, follow these steps 1. Open Active Directory Users and Computers. 2. In the console pane, right-click Active Directory Users and Computers and choose Connect to Domain Controller. 3. Enter the name of the target DC or select it from the list of available domain controllers. 5. In the console pane, right-click Active Directory Users and Computers again, and choose All Tasks Operations Masters. 6. In the Operations Masters...

Charting Performance with System Monitor

Counter statistics can be monitored in real time with System Monitor. The results of the collected data appear in a histogram bar chart or graph. The graph format is the default format for System Monitor and it produces a chart that looks something like an electrocardiogram used for monitoring a heartbeat. The charting format you choose is determined mainly by personal preference. You may find one format more suitable than others for viewing your system. Figure 25-3. The Performance snap-in...

Compress Old Files

Scroll through the display to find the listing named Compress old files. Disk Cleanup is not offering to remove compressed files instead, this is an offer to keep older files in a compressed format. Compressing the files uses less disk space. Select the Compress old files listing and click the Options button to specify how many days must have elapsed since the last time you accessed a file in order to qualify the file for compression. File compression is only available for drives that are...

Remote Installation Services

RIS is designed to deploy operating systems and images of operating systems. RIS is enhanced in Windows 2003 by addressing the deployment of Windows 2003 Windows 2000 Server flavors and Windows XP. RIS as provided with Windows 2000 would not image or support the roll-out of Windows 2000 Server products without considerable tweaking. Support for the primary Microsoft Server network operating systems is a huge enhancement for RIS and one that will offer a rapid way to provide base images or flat...

Software Components

Several software components make up server clusters they fall into two categories Clustering software Describes the software components that are required for the server cluster to operate. This software enables communication between nodes, detection of application or node operational status, the transfer of resource operations, and much more. The two main components for clustering software are the Resource Monitor and the Cluster Service. Administrative software Gives you control and...

Recovery Console Commands

A limited number of commands are available to you when you're working in the Recovery Console. Many of the commands are also available in the standard Windows command console, but most of the time the commands have different parameters or the parameters have a different meaning in the Recovery Console than they do when you're working in Windows. For that reason, it's worth going over the commands and the way their parameters work in the Recovery Console. Attrib Use the attrib command to change...

Configuring a Router with Network Address Translation

A router with NAT enabled enhances the security of client-to-Internet communications. Normally, all IP packets include the IP address of the computer that created the packet the source IP address and port number. A router with NAT enabled will keep track of a packet's true IP address and port, and substitute a fixed public IP address and a port that isn't otherwise used at the router. When the router receives an inbound packet at the public IP address, it uses the port now in the destination...

Adding Items to the Registry

You can add keys or data items to the registry from within Regedit. Most of the time, user-added items are data items within a subkey, but occasionally you need to add a new subkey, and then populate it with data items. 1. Right-click the parent key, and choose New Key. 2. Name the new key using the instructions from documentation or support personnel . 1. Right-click its container key, and choose New lt ValueType gt you must know the correct value type of a data item you're adding to the...

Upgrading Windows NT Domains

Before you start upgrading your Windows NT 4 DCs to Windows Server 2003, you need to understand some basic rules DNS is required see the next section, DNS Decisions . The functional level of your AD both forest and domain can be manipulated until you've fully upgraded the enterprise. See the section Domain and Forest Functionality, later in the chapter. In addition, of course, you must understand and plan your AD hierarchy, which is a vastly different networking paradigm than you experienced in...

File Services for Macintosh

File Services for Macintosh also called MacFile lets you designate a directory that can be accessible to Macintosh as well as Windows users. For compatibility reasons, a Macintosh-accessible volume requires NTFS to ensure that filenames are set properly for both environments, and to make sure proper security permissions are invoked. IP I CDFS for CD-ROM drives is also a supported file system that can be used for sharing between platforms. Permissions are always read-only on CDFS drives. To...

Creating MMC Taskpads

Custom consoles are fine for administrative tasks, but they still require some understanding of using an application like Active Directory Users and Computers. There may be instances where you wish to delegate control of an AD object to a nontechnical person. Windows Server 2003 provides a way to create taskpad views for administrative tasks. Custom taskpads allow you to create and expose just the administrative function required for the delegated administrator. The interface is very intuitive...

Installing the NLB Service in the NLB Properties Dialog

Right-click the Local Area Connection icon on which you want to run NLB, and choose Properties. If the computer has multiple NICs, each NIC has its own Local Area Connection icon. In the Properties dialog, Network Load Balancing is listed as a component. Click the check box to place a check mark in it to enable the service see Figure 24-1 . If Network Load Balancing isn't listed in the Properties dialog which usually means it was specifically uninstalled , click the Install button and choose...

Internet Information Services IIS

Copyright 2003 by The McGraw-Hill Companies, Inc. Click Here for Terms of Use. If you're planning to use Windows Server 2003 for hosting web sites and dynamic web applications, you'll find that there have been some significant changes to Internet Information Services IIS in the new platform. Version 6 of IIS includes enhancements in the areas of security, reliability, scalability, manageability, and performance. Understanding these changes is important if you want to get the most out of the new...

Windows Server Print Processor

The print processor does the rendering of the print job after it receives the file from the spooler. Rendering means translating all the data in the print job into data that is understood and accepted by the printer. Before passing the job, the spooler checks for the data type. If rendering is necessary, it passes along rendering information to the print processor in addition to the print job. The question of whether or not the job needs processing is dependent upon the data type sent by the...

Using Print Services for UNIX with Windows Printers

When you install Print Services for UNIX on Windows Server 2003 2000 computers, PS-UNIX exposes all local printers as LPR-compatible printers. You can use this feature to access shared Windows printers in some routed networks where NetBIOS name resolution fails to locate the server hosting the printer, or where NetBIOS traffic through the router is disallowed. After you install PS-UNIX on the computer that hosts the printer, you can use PS-UNIX on a remote network to create a UNIX-accessible...

Working with Counter Logs

Counter logs allow you to record system activity or usage statistics for local and remote machines. In addition to starting and stopping the Performance Logs and Alerts service manually, you can also configure the service to start and stop automatically or to log data continuously. You can log data from individual counters or entire objects. This provides the flexibility to keep the amount of data you're logging to a minimum. To begin logging activity using the counter logs, follow these steps...

Seed Routers

A seed router is responsible for broadcasting routing information such as network addresses on the segment this is called seeding the network . Enabling AppleTalk routing on a Windows Server 2003 computer turns that computer into a seed router for Macintosh clients. If you have more than one NIC in the computer, you can seed more than one AppleTalk network. The AppleTalk environment can include different kinds of routers, all of which forward data from one physical network to another which is...

Video Settings

After the first boot, your video settings seem primitive icons are larger and fuzzier than you'd expect. Even though Windows Server 2003 found your video controller and its driver, it's loading the same low video settings it used during installation. However, the system is smart enough to know this. Within seconds of your first boot, you see the following message Your computer screen resolution and color depth are currently set to a very low level. You can get a better picture by increasing...

MBSA Scanning Options

MBSA can be used as a free, very limited, vulnerability-assessment tool with the capability to do the following Scan one or more Windows Server 2003, Windows NT 4, Windows 2000, and Windows XP machines. Check for Windows operating system vulnerabilities. Check for IIS vulnerabilities. Check for SQL Server vulnerabilities. The tool checks for vulnerabilities on each instance of SQL Server that it finds on the computer. Check for weak passwords and common password vulnerabilities. MBSA password...

Configuring RRAS

The Routing and Remote Access Server Setup Wizard abolishes much of the pain that you may have experienced with earlier versions of RAS or RRAS. This wizard holds your hand each step of the way, whether you're configuring an Internet connection server, a remote access server, or a VPN solution. It is important to note here that the following sections on configuring the server assume that you already have installed a modem or other devices used for remote connections. The principles behind...

Windows Server DNS

It's time to talk about the new stuff There are quite a few differences you will notice in 2003 DNS. Here are the improvements Round robin update In DNS, normal behavior is to have a round robin effect when the server is queried for resource records of the same types for the same domain name. If this causes an issue in your environment, it can be adjusted such that round robin will not be used for certain record types. It's done using a registry tweak Valid Range any RR type SRV, A, NS...

Hkeylocalmachine

This subtree holds information about the computer, its hardware, installed device drivers, and configuration options for both security and software settings that affect all users of the computer. It contains five keys Hardware, SAM, Security, Software, and System. All of the keys, save Hardware, exist on disk as hive files. Ntdetect.com the Windows Server 2003 hardware recognizer builds the contents of this key from scratch during startup. The information is held in RAM you can think of it as a...

Telnet Server

Windows Server 2003 includes a telnet server, so it can accept incoming telnet connection requests. In earlier versions of Windows, the telnet service didn't provide this feature, so you had to use third-party telnet servers. The Windows Server 2003 telnet server can be configured to use standard authentication methods username and password , or domain user account information, to grant clients access to the server. Each telnet server is configured for a maximum of two concurrent connections,...

Hot Spare Cluster Model

The hot-spare cluster model, illustrated in Figure 24-13, is also called the active passive model because not all the hardware resources are being used simultaneously. As a result, this model provides the highest level of availability. In the hot-spare model, one node in the server cluster services all requests for resources. The other node sits idle until the active node fails. You can think of this paradigm as a dedicated backup. Typically, the passive node uses the same hardware...

Moving Quota Entries to Another Volume

Suppose a user transfers to another location in the company, or for some other reason is going to use another volume for file services. You can move his or her quota entries to the new volume to the user, it's like a haunting . The following events characterize a transfer of quota entries The files on the source volume are not transferred. The quota levels on the source volume are not removed the user now has quota levels on two volumes . There are three methods for transferring a user's quota...

Transfer the Domain Naming Master Role Using the New Role Holder

If you're working at the DC that you want to transfer the role to, it takes fewer steps to effect the role transfer 1. Open Active Directory Domains and Trusts from the Administrative Tools menu. 2. Right-click Active Directory Domains and Trusts and choose Operations Master. 3. In the Change Operations Manager dialog, the name of the current domain naming master is displayed, and the system assumes you want to transfer the role to the current DC. ihe domain narnirra operations master ensures...

Universal Group Membership Caching

Windows Server 2003 has improved the way universal group membership works when authenticating users. The first time a member of a universal group logs on, the universal group membership information that's obtained from the global catalog is cached. In subsequent logons, the authenticating Windows Server 2003 DC obtains the universal group membership information from its local cache. For remote-site users, where the global catalog isn't on the site, this saves a great deal of time and bandwidth....

Intellimirror and Active Directory Software Installation and Maintenance

Intellimirror and use of group policies in Active Directory to distribute software are key features of Windows 2003 management and are excellent follow-on or enhancement technologies for RIS use in the Windows 2003 environment. Settings required are held in Active Directory group policies and can affect objects in forests, domains, or sites. The technology name is quite descriptive, as this feature of Active Directory is designed to mirror settings for a user from one computer to the next....

Enable Remote Desktop on the Server

To enable remote desktop access on your Windows Server 2003 computer, open the System Properties dialog by right-clicking My Computer and choosing Properties from the shortcut menu. Move to the Remote tab see Figure 3-4 and select the option to accept remote desktop access. Once the feature is enabled, you need to establish a list of users who can access the server remotely. Members of the Administrators group are automatically permitted access to the server, but you may want to add additional...

Relative ID Master

This is a domain role, and you can only have one relative ID RID master in each domain. The RID master is the keeper of the pool of unique security IDs SIDs . As discussed earlier in this chapter, administrators can create new user and computer objects on any DC. When these new objects are created, they are assigned a SID that is created from multiple parts A set of identifiers linked to the domain all objects in the domain have the same domain identifiers A set of identifiers linked to the new...

Using a Snapin for Remote Desktop

You can use a snap-in to manage your remote desktop activities from your Windows XP workstation, if you prefer the MMC to the remote desktop dialog. The snap-in doesn't exist on Windows XP computers by default, but you can add it. The file, adminpak.msi, is in the i386 folder on the Windows Server 2003 CD. You can copy the file to any computer, or to a network share. Right-click the file listing and choose Install from the shortcut menu. Adminpak.msi is a collection of many snap-ins, not just...

Local Print Provider

The local print provider is Localspl.dll, which is in the SystemRoot System32 directory. It sends print jobs to the locally attached printer. To accomplish this, it performs the following tasks using RPC calls 1. When the print job is received from a local application or a remote user , it writes the job to disk as a spool file. It also writes the shadow file. 2. If there is a configuration option for separator pages, it processes them. 3. It checks to see which print processor is needed for...

Client for Microsoft Networks

Client for Microsoft Networks is a software component that allows a computer to access resources, such as file and print services, on a Microsoft network. When you install networking components hardware and drivers for network interface devices , this client is installed automatically. Client for Microsoft Networks is independent of the protocol that you choose to use for network communication although Windows also installs TCP IP by default . PP H Client for Microsoft Networks is actually the...

Use the Scheduled Task Wizard

Open the Add Scheduled Task icon to launch the wizard, and click Next to move past the welcome window. The wizard presents a list of the application files on your computer. The list of applications displayed in the wizard window includes the components you installed with the operating system, and any third-party software you installed that appears in the list of applications in the Add or Remove Programs applet. Don't configure Windows Backup from the Scheduled Tasks window it works in the...

Password Protected Screensavers

A password-protected screensaver enables Windows Server 2003 to automatically lock the screen after a set period of inactivity. This can be a backup when a user or administrator forgets to lock the workstation. Once the computer screen lock is invoked, only the user whose account is currently logged on to the computer or an authorized administrator will be able to unlock it. To set an automatic screen lock on an individual computer 1. Right-click the user desktop and select Properties. The...

Internet Protocol Security

IP Security IPSec can be used to securely send data between two computers. It is completely transparent to applications since it is implemented at the OSI transport level, allowing applications to communicate using TCP and UDP ports. IPSec has the capability to Provide message confidentiality by encrypting all of the data sent over network connections including remote access connections such as dial-ups. Provide message integrity between two computers by protecting data from unauthorized...

Performance Logs and Alerts

Working in conjunction with System Monitor is the Performance Logs and Alerts service. It stores the data it collects in a data file, or log. Logged data isn't viewed in real time, so logging provides a historical perspective on system performance. Logging is the preferred approach in performance optimization because it makes it easier to interpret trends or patterns in system performance. It also provides a mechanism for storing data in a convenient format for future scrutiny. You can use...

Start Menu Left Pane

The left pane of the Start menu is divided by two horizontal separators, which work as follows Program listings above the top separator are pinned to the menu, and you can pin any applications you wish. Microsoft has prepinned Manage Your Server and Windows Explorer. Program listings below the top separator are recently accessed programs for convenience, Windows prepopulates the list with Command Prompt and Notepad . Below the bottom separator is the All Programs listing, which works the same...