Using the Security Configuration Tool

Implement, configure, manage, and troubleshoot security by using the Security Configuration Tool Set. Security is an all-pervasive part of Windows 2000 Server. Hardly an area in the administrative structure is not impacted by security in some way. Windows NT (the precursor) always had good security tools the problem was you had to go all over the place to configure security. As a result, configuring security meant knowing a bunch of tools and a number of interfaces, and knowing which tool did...

Implementing Local Account Lockout Policy

A Windows 2000 account lockout policy consists of three settings This policy allows you to ensure that you have control over how many times a user can enter an incorrect password and what happens at the point when you think that an attempt to crack your network is occurring. You can control how many bad passwords can be entered before the account is locked. You can control how long the counter tracking incorrect lockouts stays active. You can also control how long an account is locked before a...

Installing and Maintaining the NWLink protocol

One of the protocols used in Windows 2000 networks is the NWLink IPX SPX NetBIOS Compatible Transport Protocol, NWLink for short. This protocol is Microsoft's emulation of Novell's IPX SPX protocol and was developed to enable interconnectivity between Microsoft and NetWare networks. NWLink is routable, meaning that it can be transferred from a local network to a remote one through a router. A router is a computer or dedicated hardware device that is able to look at the destination address on a...

The Drivers

Drivers are the software components responsible for converting high-level requests for printing into commands the processor can execute (see Figure 2.53). These commands are specific to the print device, the operating system that is requesting a print service, and the processor that is in the computer requesting the print service. As a result, a very large number of print drivers are available. When you install a printer on your Windows 2000 server, the driver for your print device that is...

Configuring a PPTP Remote Access Server

Configure a connection to the Internet from the remote access server. This will require you to configure an adapter to the Internet (T1, ISDN, and so on). 2. Configure a connection to the intranet (the internal network) from the remote access server. This will require a network card connected to the internal network. 3. Configure the remote access server to allow remote access clients to connect to the server. Begin by opening the Routing and Remote Access console. 4. Right-click the server and...

Step By Step

6.9 Authorizing a DHCP Server in the Active Directory 1. Open the DHCP console and select the server. 2. From the Action menu, choose Authorize. Enter the Domain name and DNS server address(es) for the client. Enter the Domain name and DNS server address(es) for the client. Enter the WINS server address(es) for the client. Enter the WINS server address(es) for the client. DHCP logging is enabled on the General property sheet. DHCP logging is enabled on the General property sheet. The DHCP...

Apply Your Knowledge

Beverly is correct in thinking she must run DISKPERF. The execution of DISKPERF sets a startup flag to turn on or off disk counters and must always be accompanied by a system restart. -yd is the default, and it starts only the physical counters. -nv turns off the logical disk counters. -y turns on both the physical and logical counters (-yv would have also worked because it turns on only logical counters). For more information, see the section Monitoring and Optimizing System Resource...

Minimum Password

Minimum password age is a numeric value between 0 and 999 days that defines the minimum length of time a password must be in place before a user can change it (see Figure 7.10). Although on the surface it looks as though this property contradicts the maximum age, they actually go together with the password history to form a complete package. Consider this scenario as an example. A password policy is set to keep five passwords in history with a maximum age of 20 days. Harold wants to keep his...

Controlling Web Site Access Through TCP Port Number

Most common TCP IP utilities have specific TCP ports associated with them, and the software that allows you to use these expect the ports to conform to the standard defaults. However, like a TV channel, these ports can be changed. If a certain set of data is being broadcast on a certain port, and that port is not the default port for that utility (like port 80 for HTTP traffic), the port must be determined in order to access the data. This may sound trivial, but because there are more than...

About the Authors

Dennis Maione is a Microsoft Certified Trainer and consultant, a Lotus Business Partner specializing in Lotus Notes solutions (development and infrastructure), and a software developer (VB, Java, and JavaScript). In addition to writing books, he spends his time helping people and companies make smart choices about network infrastructure, security, and software. He has been working with Windows NT since version 3.51 and has played with Windows 2000 since it was NT 5.0, pre-beta. Not to have his...

Install by Using Setup Diskettes and a CDROM

If you have a machine with no current operating system on it that will not boot from a CD-ROM, you must use this method. Setup disks are a set of four disks that form a minimal installation of Windows 2000 (the closest thing you have to booting Windows 2000 from disk). Having made the disks, you boot from the first one and progress through all four, at which point you will be prompted to insert the CD-ROM in the CD-ROM drive, and the installation will continue using that medium. The disks are...

Creating PPTP and LTP Ports

From the Start menu, choose Programs, Administrative Tools, Routing and Remote Access. 2. In the Routing and Remote Access console, expand the server you are working with, right-click the Ports entry, and choose Properties from the menu that appears. 3. In the Ports Properties dialog box, double-click either WAN Miniport (PPTP) or WAN Miniport (L2TP). 4. In the Configure Device dialog box, increase the Maximum Ports field to the maximum number of simultaneous connections required (see Figure...

Mounting Partitions and Volumes in NTFS Folders

A new feature in Windows 2000 is the ability to mount volumes and partitions in NTFS folders. This allows you to reference a partition or volume by a folder name instead of a letter name. For example, you could create a folder called Data on the C drive and then mount a 10GB simple volume into that folder. This would effectively increase the size of the C drive and would make all that space available in the path C Data. In addition, mounting can be used to increase space in commonly used...

ARC Paths and Volumes Partitions

The BOOT.INI file (located on the System partition) contains the path to the Windows 2000 files (the Boot partition). To accurately define the location of these files, Windows 2000 uses a convention called ARC paths. Advanced RISC Computing (ARC) standards are conventions adopted by a variety of vendors that allow a piece of hardware to be defined by physical characteristics instead of by labels provided in the user interface of an operating system. As it relates to partitions and volumes in...

Answers to Review Questions

The service available to automatically configure TCP IP addresses on client machines is DHCP. DHCP has many advantages over manual configuration. Some of them include removal of the tedium of manually configuring clients with TCP IP addresses ability to automatically configure a wide variety of TCP IP-based properties (including name resolution servers) and the ability to reduce TCP IP conflicts on your network by keeping track of addresses allocated and by doing PING tests prior to allocating...

Configuring a Connection in Windows

After creating a connection, you can configure it from a number of dialog boxes accessible from the Network and Dial-Up Connections dialog box. You can reach configuration settings by choosing either the Advanced, Advanced Settings command or the Advanced, Optional Networking Components command. Alternatively, you can double-click the connection icon and modify the properties in the Status dialog box that appears. Finally, you can right-click the connection icon, choose Properties from the menu...

Creating Trace Logs

The subject of trace logs might show up on the exam simply because the feature is new for Windows 2000 and is a bit different from counter logs. There probably will not be more than one question, however, because you must have special third-party tools to analyze them. Therefore, they are generally not very useful to a system administrator (not until some good tools are built, that is). The difference between a trace log and a counter log is the trigger that causes data collection. With a...

Installing Configuring and Troubleshooting Remote Access

Configure, monitor, and troubleshoot remote access. Configure inbound connections Create a remote access policy Configure a remote access profile General Address Pool Special Ports Your Internet service provider (ISP) assigns this address pool. General Address Pool Special Ports Your Internet service provider (ISP) assigns this address pool. Reserve public addiesses from the above list for use by specific private network computers. Reserve public addiesses from the above list for use by...

Using Counter Logs

While the System Monitor is useful for immediate analysis of a performance problem, it is not very useful as a real-time tool for bottleneck analysis. In order to get a good picture of the way resources are used on your server, you need to be able to examine data collected over a long period of time. The data collection needs to be long enough to allow you to take periodic spikes in usage into consideration. For example, it would be a mistake to analyze the need for more system resource solely...

Installing and Configuring NWLink and NetBEUI Protocols

Install, configure, and troubleshoot network protocols. Although the test objective associated with this section deals with all network protocols, only three will be tested on TCP IP, NWLink, and NetBEUI. Moreover, because TCP IP is such an important protocol in Windows 2000 networking, and because it has far reaching implications to other discussions in this chapter (like Network Services, for example) it has been split off into its own section. As a result, the complete discussion of network...

Rights by Connection Permission Level

Remote control another session X Log on to a session on the server X X X Log another user off a session X Send a message to another user's session X X Use virtual channels (provide access from server program to client devices) General Logon Settings j Sessions Environment 1 Remote Control Client Settings Network Adapter Permissions General Logon Settings j Sessions Environment 1 Remote Control Client Settings Network Adapter Permissions Administrators (1 KT H U SE Administrators) Configure...

Iii

A Overview of the Certification Process B What's on the CD-ROM C Using the ExamGear, Training Guide Edition Software You must pass rigorous certification exams to become a Microsoft Certified Professional. These closed-book exams provide a valid and reliable measure of your technical proficiency and expertise. Developed in consultation with computer industry professionals who have experience with Microsoft products in the workplace, the exams are conducted by two independent organizations....

Ping

The PING command is also useful for troubleshooting. Whereas IPCONFIG tells you what your TCP IP configuration is, PING tells you whether you can communicate with other computers using TCP IP. The syntax of the PING command is PING x.x.x.x, where x.x.x.x is the address of the computer for which you want to test connectivity. The standard PING command sends a request for echo to other TCP IP hosts. This request is sent four times, and a clear line will result in four responses. Where there is an...

Analysis

Which result(s) does the proposed solution produce A. The proposed solution produces the required result as well as both optional desired results. B. The proposed solution produces the required result and one of the optional desired results. C. The proposed solution produces the required result but does not produce either of the optional desired results. D. The proposed solution does not produce the required result. 36. You are attempting to secure, or lock-down, a Windows 2000 server. What...

TCPIP and Name Resolution

As has been mentioned, TCP IP identifies computers using numbers, which is fine for computers. However, people do not like to use numbers to identify things it is completely non-intuitive. Instead, people prefer to identify objects, people, and servers by way of names. The world would be a hard place to communicate if all people were identified by their Social Security or Social Insurance numbers (only the Beagle Boys would find that comfortable). As a result, people have found it convenient to...

Ipconfig

First, it is used to determine the current TCP IP configuration for the local computer. Second, it is used to manually release and renew DHCP addresses. To obtain a summary of the current TCP IP configuration of the local machine, you can go to a command prompt and type IPCONFIG. You should see something like the following listing Windows 2000 IP Configuration Ethernet adapter Local Area Connection Connection-specific DNS Suffix . . ikthuse.com IP Subnet Mask...

Exercises

In this exercise, you learn how to create the four-disk set required for installing Windows 2000 Server and required for repairing your server using the Emergency Repair Disk (discussed in Chapter 4, Managing, Monitoring, and Optimizing System Performance, Reliability, and Availability). This will introduce you to one of the fundamental installation and repair tools that you will always need to keep on hand. To complete this exercise you will need the following items The Windows 2000 Server...

Recovering from a Mirror Volume Failure

Mirror volumes are fault tolerant If one of the drives that makes up the set fails, the other will continue to operate. Because of the nature of the volume, users will be unaware that anything has happened. Two scenarios exist in the configuration of a mirror volume that require two different approaches to recovery mirror volumes that contain the System and or Boot partitions and mirror volumes that do not. Recovering from a Mirrored System or Boot Partition Failure If a mirror volume that...

Running Application Compatibility Scripts

In the WINNT Application Compatibility Scripts Install folder, locate the script for the application you are installing (if one is not available, check the Microsoft Web site or the Web site of the application vendor). Edit the script to modify any paths that need to be customized for your environment. 3. Open a command prompt and run the script 4. If there is a logon script for the application in the WINNT Application Compatibility Scripts Install folder, edit it and modify the paths to suit...

Installing and Maintaining the NetBEUI Protocol

NetBEUI, also known as the NetBIOS Extended User Interface, is a non-routable network transport suite for use in small networks consisting of a single LAN with 50 or fewer computers. In the Microsoft networking world, NetBEUI was the primary protocol for Windows 3.11 (Windows for Workgroups). It is easy to work with, and may still be used where little network configuration is required and where you do not need to route to other networks or communicate with the Internet. NetBEUI is easy to use...

The Ports

From the Ports tab, you define output locations for print jobs (see Figure 2.50). When you define a printer on your server, it must print to a location, like a data pipe. When information goes into the pipe, it is assumed that there is a print device at the other end. Ports enable you to define the openings into which print data is poured. A number of ports come predefined in Windows 2000 Server. Not all of these ports actually define physical connections these are defined by default, and it is...

Scheduling Jobs for Backup Using the Wizard

From the Start menu, choose Programs, Accessories, System Tools, Backup. 2. In the Backup dialog box, click the Schedule Jobs tab and navigate the calendar to find the date for which you want to schedule a backup (see Figure 4.48). 3. Double-click the date you want to schedule a backup for. 4. At the Welcome to the Windows 2000 Backup and Recovery Tools screen, click Next to continue. 5. At the What to Back Up screen, choose Back Up Everything on My Computer Back Up Selected Files, Drives, or...

Install by Booting to a CDROM

If you have a computer whose BIOS supports booting from a CD-ROM, you can set up Windows 2000 Server without installing an operating system on your hard drive and without requiring network support. To do so, configure your computer to boot to the CD-ROM in the BIOS and then follow the instructions in Step by Step 1.1. 1.1 Installing Windows 2000 from a Bootable CD-ROM 1. Insert the Windows 2000 CD-ROM into the drive and boot your computer. After you have confirmed that you want to boot to your...

The Windows Networking Architecture

Although the hardware components and drivers of the Windows 2000 networking environment are installed and configured much like other hardware devices, the environment into which they are installed is unique unto itself. Because networking is such a vital part of the functioning of a Windows 2000 computer, it has its own specially developed architectural model a model that it has inherited directly from its Windows NT predecessors. This model, based roughly around the OSI seven-layer model, is...

Answers and Explanations

Although encryption is extremely useful for locally securing data, it comes with a price. Encrypted data cannot be used on file systems except NTFS version 5 this means that not only can it not be applied to FAT and FAT32 partition, it also cannot be accessed locally by NT 4.0 systems, regardless of the user account logged on with. In addition, encrypted files are secure only on the hard drive if you access an encrypted file over the network, the network transmission of the data is not...

Changing Account Properties

By default, four property sheets are associated with each account The General property sheet is what you saw when you created the account. It contains the full name, description, and check boxes describing the password properties. However, it has one property that the original New User dialog box did not have the Account Is Locked Out check box (see Figure 7.2) . The differences between this property sheet and the one you filled in when creating the user account are that the user name is...

Store Password Using Reversible Encryption

This password storage feature is required for CHAP authentication for non-Windows clients (see Figure 7.13). It stores the passwords using a reversible encryption scheme that can be provided during the authentication process. For application of this, see the section Interoperation with Apple Macintosh in Chapter 2, Installing, Configuring, and Troubleshooting Access to Resources and the section Installing, Configuring, and Troubleshooting Remote Access in Chapter 6. Step by Steps 7.6 and 7.7...

The Advanced Property Sheet

The Advanced property sheet allows you to configure a number of miscellaneous advanced functions of the printer (see Figure 2.64). The first is printer availability. The default for this feature is to have a specific printer always available, and that is frequently the way this option is left. However, you can also configure a printer to be available only at certain times. When a print job is sent to a printer that is not available at that time, the job is held in the queue until the printer...

Case Study Roaming Profiles and Disk Quotas

The second issue is one that the users are not complaining about (yet), but that is becoming a problem for Claudio. The users' home folders are stored on the file server. He periodically checks storage use and finds that some users are consuming a disproportionate amount of hard drive space on the server. In addition, this space usage is increasing dramatically over time. When he investigates, he finds that many users are downloading quite a large quantity of game demos and pictures, and these...

Installing Terminal Services for Application Server Operation

From the Control Panel, double-click the Add Remove Programs icon. 2. At the Add Remove Programs dialog box, click the Add Remove Windows Components icon. 3. At the Windows Components screen, scroll down and select Terminal Services and Terminal Services Licensing. Click Next to continue. 4. At the Terminal Services Setup screen, ensure that Application Server Mode is selected and click Next (see Figure 6.102). 5. At the next Terminal Services Setup screen, choose the minimum permissions...

Configuring Terminal Services Server

Configuration of the Terminal Services server is done in two separate areas. First, the server itself is configured. Then, users are configured for Terminal Services sessions. Client-server encryption defines the times at which encryption is applied to communication and how strong it is. Client-server encryption defines the times at which encryption is applied to communication and how strong it is. Terminal Services Server Configuration Installed with the Terminal Services on the server is a...

Saving System State and User Data with Windows Backup

The most robust method of saving both system state and user data is to use Windows 2000 Backup. This backup facility is much improved over the one that came with Windows NT 4.0. It allows full backup of all system state information at the click of a check box, as well as the scheduling of backup times and dates. The importance of regular backups cannot be overstated. The ability to recover from catastrophic failure or user error depends on your backups being up-to-date and secure from theft and...

Backing Up Data using the Backup Wizard

From the Start menu, choose Programs, Accessories, System Tools, Backup. 2. At the Welcome page, click the Backup Wizard icon to start the configuration process see Figure 4.38 . 3. At the Welcome to the Windows 2000 Backup and Recovery Tools screen, click Next. The Backup Wizard is invoked from the Welcome page of the Backup dialog box. The Backup Wizard is invoked from the Welcome page of the Backup dialog box. You can specify the items you want to back up. f Back up selected files,...

Managing Monitoring and Optimizing System Performance Reliability and Availability

Monitor and optimize usage of system resources. Manage processes. Set priorities and start and stop processes. Manage and optimize availability of system state data and user data. Recover systems and user data by using Windows Backup. Troubleshoot system restoration by using Safe Mode. Recover systems and user data by using the Recovery Console.