发信人: ericxie()
整理人: reynolds(2001-08-27 17:05:07), 站内信件
|
Exam 70-210 - Installing, Configuring, and Administering
Microsoft Windows 2000 Professional
Installing Windows 2000 Professional:
Requirements:
Component Recomended Minimum Suggested
Configuration
CPU Pentium-based Pentium II or higher
Memory 32 MB 64 MB or higher
Hard disk space 685 MB 2 GB or higher
Networking NIC NIC
Display VGA SVGA
CD-ROM needed when not
installing over
the network needed when not
installing over
the network
Keyboard and
mouse required required
Sound card not required required for visually impaired
users needing narrative
voice to guide installation
All hardware should appear on the Windows 2000 Hardware Compatibility
List (HCL) (KB# Q142865)
Windows 2000 Professional supports Symetric Multi-processing with a ma
ximum of two processors, and up to 4 GB of RAM.
Attended installations:
Setup has four stages:
1. Setup Program (text mode)- preps hard drive for following stages of
install and copies files needed for running Setup Wizard. Requires re
boot.
2. Setup Wizard (graphical mode) - prompts for additional info such as
product key, names, passwords, regional settings, etc.
3. Install Windows Networking - detects adapter cards, installs networ
king components (Client for MS Networks, File & Printer Sharing for MS
Networks), and installs TCP/IP protocol by default (other protocols c
an be installed later). Choose to join a workgroup or domain at this p
oint (must be connected to network and provide credentials to join a d
omain). After all choices are made components are configured, addition
al files copied, and the system is rebooted.
4. Setup Completion - installs Start Menu items, register's components
, saves configuration, removes temporary files and system rebooted one
final time.
Installing from CD-ROM:
 Setup disks are not required if your CD-ROM is bootable or yo
u are upgrading a previous version of Windows.
 To make boot floppies, type makeboot a: in the \i386 director
y of your W2K CD. Creates set of four 1.44 MB boot floppies. (KB# Q197
063)
 If installing using a MS-DOS or Win95/98 boot floppy, run win
nt.exe from the i/386 to begin Windows 2000 setup.
 Setup will not prompt the user to specify the name of an inst
allation folder unless you are performing an unattended installation o
r using winnt32 to perform a clean installation. (KB# Q222939)
Installing over a Network:
 Create a distribution server which has a file share containin
g the contents of the /i386 directory from the Windows 2000 CD-ROM.
 685 MB minimum plus 100 - 200 MB free hard drive space to hol
d temporary files during installation.
 Install a network client on the target computer or use a boot
floppy that includes a network client (KB# Q142857). Run winnt.exe fr
om file share on distribution server if installing a new operating sys
tem or winnt32.exe if upgrading a previous version of Windows.
 Clean installation is now possible with Windows 2000. NT 4 re
quired a pre-existing FAT partition.
Command line switches for winnt.exe:
Switch Function
/a Enables accessibility options
/e[:command] Specifies a command that will be run at the end of Stage
4 of setup
/r[:folder] Specifies optional folder to be installed. Folder is not r
emoved with temporary files after installation
/rx[:folder Specifies optional folder to be copied. Folder is deleted
after installation
/s[:sourcepath] Specifies source location of Windows 2000 files. Can e
ither be a full path or network share
/t[:tempdrive] Specifies drive to hold temporary setup files
/u[:answer file] Specifies unattended setup using answer file (require
s /s)
/udf:id[,UDF_file] Establishes ID that Setup uses to specify how a UDF
file modifies an answer file
Modifying Setup using winnt32.exe:
Switch Function
/checkupgradeonly Checks system for compatibility with Windows 2000. C
reates reports for upgrade installations.
/copydir:folder_name Creates additional folder inside %systemroot% fol
der. Retained after setup.
/copysource:folder_name Same as above except folder and it's contents
are deleted after installation completes
/cmd: command_line Runs a command before the final phase of Setup
/cmdcons This adds a Recovery Console option to the operating system s
election screen
/debug[level]
[:file_name] Creates a debug log. 0=Sever errors only. 1=regular error
s. 2=warnings. 3=all messages.
/m:folder_name Forces Setup to look in specified folder for setup file
s first. If files are not present, Setup uses files from default locat
ion.
/makelocalsource Forces Setup to copy all installation files to local
hard drive so that they will be available during successive phases of
setup if access to CD drive or network fails.
/nodownload Used when upgrading from Win95/98. Forces copying of winnt
32.exe and related files to local system to avoid installation problem
s associated with network congestion. (KB# Q244001)
/noreboot Tells system not to reboot after first stage of installation
.
/s:source_path Specifies source path of installation files. Can be use
d to simultaneously copy files from multiple paths if desired (first p
ath specified must be valid or setup will fail, though).
/syspart:drive_letter Copies all Setup startup files to a hard disk an
d marks the drive as active. You can physically move the drive to anot
her computer and have the computer move to Stage 2 of Setup automatica
lly when it is started. Requires /tempdrive switch. (KB# Q234037 & Q24
1803)
/tempdrive:drive_letter Setup uses the specified tempdrive to hold tem
porary setup files. Used when there are drive space concerns
/unattend: [number]
[:answer_file] Specifies answer file for unattended installations.
/udf:id[,udf_file] Establishes ID that Setup uses to specify how a UDF
file modifies an answer file.
Unattended installations:
 Unattended installations rely on an answer file to provide in
formation to provide information during setup process that is usually
provided through manual user input. (KB# Q183245)
 Answer files can be created manually using a text editor or b
y using the Setup Manager Wizard (SMW) (found in the Windows 2000 Reso
urce Kit Deployment Tools).
 SMW allows for creation of a shared Distribution Folder and O
EM Branding
 If you had a CD in drive D: and an unattended installation an
swer file named salesans.txt in C:\, you could start your install with
this command: D:\i386\winnt32 /s:d:\i386 /unattend:c:\salesans.txt (K
B# Q216258)
 There are five levels of user interaction during unattended i
nstalls:
1. Provide Defaults - Administrator supplies default answers and user
only has to accept defaults or make changes where necessary.
2. Fully Automated - Mainly used for Win2000 Professional desktop inst
alls. User just has to sit on their hands and watch.
3. Hide Pages - Users can only interact with setup where Administrator
did not provide default information. Display of all other dialogs is
supressed.
4. Read Only - Similar to above, but will display information to user
without allowing interaction to pages where Administrator has provided
default information.
5. GUI Attended - Only used for automating the second stage of setup.
All other stages require manual input.
Remote installations:
 Only supports installation of Windows 2000 Professional at th
is time.
 Requires the presence of a Windows 2000 Remote Installation S
ervices (RIS) server. Following services are also needed on the networ
k; DNS (for locating directory service and client computer accounts),
DHCP (to get an IP address), and Active Directory (to locate RIS serve
rs). (KB# Q239004)
 RIS must be mounted on a shared hard drive volume, but not th
e same volume that is running Windows 2000 Server and must be formatte
d with NTFS.
 Shared volume must be large enough to hold RIS as well as num
erous Windows 2000 Professional drive (RIPRep) images.
 RIPRep images can have applications pre-installed. Unique ide
ntifiers are like SIDs are stripped from RIPRep images as they are gen
erated.
 Uses .SIF files - variation of unattend.txt files.
 Once RIS is installed on the server and the service is runnin
g, use the Remote Boot Disk Generator (RBFG.EXE) to create remote inst
allation boot disks. These floppies only support the PCI-based network
adapters that can be selected by using the "Adapter List" button. Alt
ernately, if the client system has a PXE based NIC or is a NetPC, you
don't need a boot floppy.
 Client computers can have differing hardware configurations s
o long as they use the same Hardware Abstraction Layer (HAL) (KB# Q22
8908)
 Run riprep.exe to start the RIS Wizard.
Working with SYSDIFF:
 Used for installing applications, usually in conjuction with
an unattended installation. SYSDIFF allows you to take a snapshot of y
our machine's original state, install applications, and then package a
ll of these changes into a single file which can be applied to other m
achines.
 Install your baseline system first. Then take a snapshot of i
t before installing any applications. Syntax is: sysdiff /snap snap_fi
le
 Next install desired applications on target system. Use the S
YSDIFF tool to create a difference file. Syntax is: sysdiff /diff snap
_file diff_file
 You can now apply your difference file to the target system(s
). Syntax is: sysdif /apply \\setupserver\w2k\diff_file
System preparation tool (SYSPREP.EXE): (KB# Q240126)
 Removes the unique elements of a fully installed computer sys
tem so that it can be duplicated using imaging software such as Ghost
or Drive Image Pro. Avoids the NT4 problem of duplicated SIDS , comput
er names etc. Installers can use sysprep to provide and answer file fo
r "imaged" installations.
 Must be extracted from DEPLOY.CAB in the \support\tools folde
r on the Windows 2000 Professional CD-ROM.
 Adds a mini-setup wizard to the image file which is run the f
irst time the computer it is applied to is started. Guides user throug
h re-entering user specific data. This process can be automated by pro
viding a script file. (KB# Q196667)
 Use Setup Manager Wizard (SMW) to create a SYSPREP.INF file.
SMW creates a SYSPREP folder in the root of the drive image and places
sysprep.inf in this folder. The mini-setup wizard checks for this fil
e when it runs.
 Specifying a CMDLINES.TXT file in your SYSPREP.INF file allow
s an administrator to run commands or programs during the mini-Setup p
ortion of SYSPREP. (KB# Q238955)
 Available switches for sysprep.exe are: /quiet (runs without
user interaction), /pnp (forces Setup to detect PnP devices), /reboot
(restarts computer), and /nosidgen (will not regenerate SID on target
computer).
Upgrading from a previous version: (KB# Q232039)
 Run winnt32.exe to upgrade from a previous version of Windows
. (KB# Q199349)
 Windows 2000 will upgrade and preserve settings from the foll
owing operating systems: Windows 95 and 98 (all versions), Windows NT
Workstation 3.51 and 4.0, and Windows NT 3.1 or 3.5 (must be upgraded
to NT 3.51 or 4.0 first, then Professional).
 Upgrade installations from a network file share are not suppo
rted in Windows 2000 (this *can* be done, but only by using SMS). You
must either do a CD-based upgrade or perform a clean installation of W
indows 2000 and re-install needed applications.
 Because of registry and program differences between Win95/98
and 2000, upgrade packs (or migration DLLs) might be needed. Setup che
cks for these in the \i386\Win9xmig folder on the Windows 2000 CD-ROM
or in a user specified location. (KB# Q231418)
 Run winnt32 /checkupgradeonly to check for compatible hardwar
e and software. Generates a report indicating which system components
are Windows 2000 compatible. Same as running the chkupgrd.exe utility
from Microsoft's site.
 All operating system files associated with Windows 95/95 will
be deleted after an upgrade. (KB# Q228986)
Troubleshooting failed installations:
Common errors:
Problem Possible fix
Cannot contact domain controller Verify that network cable is properly
connected. Verify that server(s) running DNS and a domain controller
are both on-line. Make sure your network settings are correct (IP addr
ess, gateway, etc.). Verify that your credentials and domain name are
entered correctly.
Error loading
operating system Caused when a drive is formatted with NTFS during set
up but the disk geometry is reported incorrectly. Try a smaller partit
ion (less than 4 GB) or a FAT32 partition instead. (KB# Q234621)
Failure of
dependency
service to start Make sure you installed the correct protocol and netw
ork adapter in the Network Settings dialog box in the Windows 2000 Set
up Wizard. Also check to make sure your network settings are correct.
Insufficient
disk space Create a new partition using existing free space on the har
d disk, delete or create partitions as needed or reformat an existing
partition to free up space.
Media errors Maybe the CD-ROM you are installing from is dirty or dama
ged. Try using a different CD or trying the affected CD in a different
machine.
Nonsupported
CD drive Swap out the drive for a supported drive or try a network ins
tall instead. (KB# Q228852)
Log files created during Setup:
Logfile name Description
setupact.log Action Log - records setup actions in a chronological ord
er. Includes copied files and registry entries as well as entries made
to the error log.
setuperr.log Error Log - records all errors that occur during setup an
d includes severity of error. Log viewer shows error log at end of set
up if errors occur.
comsetup.log Used for Optional Component manager and COM+ components.
setupapi.log Logs entries each time a line from an .INF file is implem
ented. Indicates failures in .INF file implementations.
netsetup.log Records activity for joining a domain or workgroup.
mmdet.log Records detection of multimedia devices, their port ranges,
etc.
Implementing and Conducting Administration of Resources:
Choosing a file system:
 NTFS provides optimum security and reliability through it's a
bility to lock down individual files and folders on a user by user bas
is. Advanced features such as disk compression, disk quotas and encryp
tion make it the file system recommended by 9 out of 10 MCSEs. (KB# Q2
44600)
 FAT and FAT32 are only used for dual-booting between Windows
2000 and another operating system (like DOS 6.22, Win 3.1 or Win 95/98
). (KB# Q184006)
 Existing NT 4.0 NTFS system parition will be upgraded to Wind
ows 2000 NTFS automatically. If you wish to dual-boot between NT4.0 an
d 2000 you must first install Service Pack 4 on the NT4.0 machine. Thi
s will allow it to read the upgraded NTFS partition, but advanced feat
ures such as EFS and Disk Quotas will be disabled. (KB# Q197056 & Q184
299)
 Use convert.exe to convert a FAT or FAT32 file system to NTFS
. NTFS partitions cannot be converted to FAT or FAT32 - the partition
must be deleted and recreated as FAT or FAT32 (KB# Q156560 & Q214579)
 You cannot convert a FAT partition to FAT32 using convert.exe
. (KB# Q197627)
NTFS file and folder permissions: (KB#S Q183090, Q244600)
File attributes when copying/moving within a partition or between part
itions:
Copying within a partition Creates a new file resembling the old file.
Inherits the target folders permissions.
Moving within a partition Does not create a new file. Simply updates d
irectory pointers. File keeps its original permissions.
Moving across partitions Creates a new file resembling the old file, a
nd deletes the old file. Inherits the target folders permissions.
Miscellaneous:
 NTFS in Windows 2000 (version 5) features enhancements not fo
und in Windows NT 4.0 version 4). Reparse Points, Encrypting File Syst
em (EFS), Disk Quotas, Volume Mount Points, SID Searching, Bulk ACL Ch
ecking, and Sparse File Support. (KB# Q183090)
 Volume Mount Points allow new volumes to be added to the file
system without needing to assign a drive letter to it. Instead of mou
nting a CD-ROM as drive E:, it can be mounted and accessed under an ex
isting drive (e.g., C:\CD-ROM). As Volume Mount Points are based on Re
parse Points, they are only available under NTFS5 using Dynamic Volume
s.
 NTFS4 stored ACLs on each file. With bulk ACL checking, NTFS5
uses unique ACLs only once even if ten objects share it. NTFS can als
o perform a volume wide scan for files using the owner's SID (SID Sear
ching). Both functions require installation of the Indexing Service.
 Sparse File Support prevents files containing large consecuti
ve areas of zero bits from being allocated corresponding physical spac
e on the drive and improves system performance.
 NTFS partitions can be defragmented in Windows 2000 (as can F
AT and FAT32 partitions). Use Start > Programs > Accessories > System
Tools > Disk Defragmenter.
 Local security access can be set on a NTFS volume.
 Files moved from an NTFS partition to a FAT partition do not
retain their attributes or security descriptors, but will retain their
long filenames.
 Permissions are cumulative, except for No Access, which overr
ides anything.
 File permissions override the permissions of its parent folde
r.
 Anytime a new file is created, the file will inherit permissi
ons from the target folder.
 The cacls.exe utility is used to modify NTFS volume permissio
ns. (KB# Q237701)
Windows File Protection Feature (WFP): (KB# Q222193)
 New to Windows 2000 - prevents the replacement of certain mon
itored system files (important DLLs and EXEs in the %systemroot%\syste
m32 directory).
 Uses file signatures and code signing to verify if protected
system files are the Microsoft versions.
 WFP does not generate signatures of any type.
 Critical DLLs are restored from the %systemroot%\system32\dll
cache directory. Default maximum size for Professional is 50MB. This c
an be increased by editing the Registry. (KB# Q229656)
Local and network print devices:
 Windows 2000 Professional supports the following printer port
s: Line Printer (LPT), COM, USB, IEEE 1394, and network attached devic
es.
 Print services can only be provided for Windows and UNIX clie
nts on Windows 2000 Professional (KB# Q124734)- Windows 2000 Server is
required to support Apple and Novell clients.
 Windows 2000 Professional automatically downloads the printer
drivers for clients running Win2000, WinNT 4, WinNT 3.51 and Windows
95/98. (KB# Q142667)
 Internet Printing is a new feature in Windows 2000. You have
the option of entering the URL where your printer is located. The prin
t server must be a Windows 2000 Server running Internet Information Se
rver or a Windows 2000 Professional system running Personal Web Server
- all shared printers can be viewed at: http://servername/printers
 Print Pooling allows two or more identical printers to be ins
talled as one logical printer.
 Print Priority is set by creating multiple logical printers f
or one physical printer and assigning different priorities to each. Pr
iority ranges from 1, the lowest (default) to 99, the highest.
 Enabling "Availability" option allows Administrator to specif
y the hours the printer is available.
 Use Separater Pages to separate print jobs at a shared printe
r. A template for the separater page can be created and saved in the %
systemroot%\system32 directory with a .SEP file extension. (KB# Q10271
2)
 You can select Restart in the printer's menu to reprint a doc
ument. This is useful when a document is printing and the printer jams
. Resume can be selected to start printing where you left off.
 You can change the directory containing the print spooler in
the advanced server properties for the printer. (KB# Q123747)
 To remedy a stalled spooler, you will need to stop and restar
t the spooler services in the Services applet in Administrative Tools
in the Control Panel. (KB# Q240683 &
 Use the fixprnsv.exe command-line utility to resolve printer
incompatibility issues. (KB# Q247196)
Managing file systems: (KB# Q222189)
Windows 2000 supports both Basic and Dynamic storage. In basic storage
you divide a hard disk into partitions. Windows 2000 recognizes prima
ry and extended partitions. A disk initialized for basic storage is c
alled a Basic disk. It can contain primary partitions, extended partit
ions and logical drives. Basic volumes cannot be created on dynamic di
sks. Basic volumes should be used when dual-booting between Windows 20
00 and DOS, Windows 3.x, Windows 95/98 and all version of Windows NT.
(KB# Q175761)
Dynamic storage (Windows 2000 only) allows you to create a single part
ition that includes the entire hard disk. A disk initialized for dynam
ic storage is called a Dynamic disk. Dynamic disks are divided into vo
lumes which can include portions of one, or many, disks. These can be
resized without needing to restart the operating system. (KB# Q225551)
There are three volume types:
 Simple volume - contains space from a single disk
 Spanned volume - contains space from multiple disks (maximum
of 32). First fills one volume before going to the next. If a volume i
n a spanned set fails, all data in the spanned volume set is lost. Per
formance is degraded as disks in spanned volume set are read sequentia
lly.
 Striped set- contains free space from multiple disks (maximum
of 32) in one logical drive. Increases performance by reading/writing
data from all disks at the same rate. If a disk in a stripe set fails
, all data is lost.
Dynamic Volume States:
State Description
Failed Volume cannot be automatically restarted and needs to be repair
ed
Healthy Is accessible and has no known problems
Healthy
(at risk) Accessible, but I/O errors have been detected on the disk. U
nderlying disk is displayed as Online (Errors)
Initializing Volume is being initialized and will be displayed as heal
thy when process is complete
Dynamic Volume Limitations:
 Cannot be directly accessed by DOS, Win95/98 or any versions
of Windows NT if you are dual-booting as they do not use the tradition
al disk organization scheme of partitions and logical volumes. MBR on
dynamic disks contains a pointer to disk configuration data stored in
the last 1 MB of space at the end of the disk. (KB# Q197738)
 Dynamic volumes which were upgraded from basic disk partitons
cannot be extended, especially the system volume which holds hardware
-specific files required to start Windows 2000 and the boot volume. Vo
lumes created after the disk was upgraded to dynamic can be extended.
(KB# Q222188)
 When installing Windows 2000, if a dynamic volume is created
from unallocated space on a dynamic disk, Windows 2000 cannot be insta
lled on that volume. (KB# Q216341)
 Not supported on portable computers or removable media. (KB#
Q232463)
 A boot disk that has been converted from basic to dynamic can
not be converted back to basic. (KB# Q217226)
Translation of terms between Basic and Dynamic Disks:
Basic Disks Dynamic Disks
Active partition Active volume
Extended partition Volume and unallocated space
Logical drive Simple volume
Mirror set Mirrored volume (Server only)
Primary partition Simple volume
Stripe set Striped volume
Stripe set with parity RAID-5 volume (Server only)
System and boot partitions System and boot volumes
Volume set Spanned volumes
There is NO fault-tolerance with Windows 2000 Professional. Fault-tole
rance (RAID levels 1 and 5) are only available in the Windows 2000 Ser
ver family. (KB# Q113932)
To manage disks on a remote computer you must create a custom console
focused on another computer. Choose Start > Run and type mmc. Press En
ter. On console menu click Add/Remove Snap-in. Click Add. Click Disk M
anagement then click Add. When Choose Computer dialog box appears choo
se the remote system.
Windows 2000 now supports disk-based quotas. Quotas can be set on NTFS
volumes, but not on FAT or FAT32 volumes. Quotas cannot be set on ind
ividual folders within a NTFS partition. (KB# Q183322)
Disk information is now stored on the physical disk itself, facilitati
ng moving hard drives between systems. As managing disk numbering can
become quite complex, the dmtool.exe utility has been provided. (KB# Q
222470)
When using the Disk Management Snap-in Tool:
 Whenever you add a new disk in a computer it is added as Basi
c Storage
 Every time you remove or add a new disk to your computer you
must choose Rescan Disks
 Disks that have been removed from another computer will appea
r labeled as Foreign. Choose "Import Foreign Disk" and a wizard appear
s to provide instructions.
 For multiple disks removed from another computer, they will a
ppear as a group. Right-click on any of the disks and choose "Add Disk
".
 Disks can be upgraded from Basic to Dynamic storage at any ti
me but must contain at least 1 MB of unallocated space for the upgrade
to work.
Implementing, Managing, and Troubleshooting Hardware Devices and Drive
rs: (KB# Q199276)
Miscellaneous:
 Windows 2000 now fully supports Plug and Play. (KB# Q133159)
 Use the "System Information" snap-in to view configuration in
formation about your computer (or create a custom console focused on a
nother computer - powerful tool!!).
 "Hardware Resources" under System Information allows you to v
iew Conflicts/Sharing, DMAs, IRQs, Forced Hardware, I/O and Memory.
 Hardware is added and removed using the "Add/Remove Hardware"
applet in the Control Panel (can also be accessed from Control Panel
> System > Hardware > Hardware Wizard).
 All currently installed hardware is managed through the "Devi
ce Manager" snap-in.
 To troubleshoot a device using Device Manager, click the "Tro
ubleshoot" button on the General tab.
Disk devices:
 Managed through "Computer Management" under Control Panel > A
dministrative tools or by creating a custom console and adding the "Di
sk Management" snap-in. Choosing the "Computer Management" snap-in for
your custom console gives you the following tools: Disk Management, D
isk Defragmenter, Logical Drives and Removable Storage. There is a sep
arate snap-in for each of these tools except for Logical Drives.
 Using Disk Management, you can create, delete, and format par
titions as FAT, FAT32 and NTFS. Can also be used to change volume labe
ls, reassign drive letters, check drives for errors and backup drives.
 Defragment drives by using "Disk Defragmenter" under "Compute
r Management" or add the "Disk Defragmenter" snap-in to your own custo
m console. (KB# Q227463)
 Removable media are managed through the "Removable Media" sna
p-in.
Display devices:
 Desktop display properties (software settings) are managed th
rough the Display applet in Control Panel.
 Display adapters are installed, removed and have their driver
s updated through "Display Adapters" under the Device Manager.
 Monitors are installed, removed, and have their drivers updat
ed through "Monitors" under the Device Manager.
 Windows 2000 Professional supports multiple monitors running
concurrently.
Mobile computer hardware:
 PCMCIA (PC Card) adapters, USB ports, IEEE 1394 (FireWire), a
nd Infrared devices now supported. These are managed through Device Ma
nager.
 Hot (computer is fully powered) and warm (computer is in susp
end mode) docking and undocking are now fully supported for computers
with a PnP BIOS.
 Support is provided for Advanced Power Management (APM) and A
dvanced Configuration and Power Interface (ACPI). (KB# Q242495)
 Hibernation (complete power down while maintaining state of o
pen programs and connected hardware) and Suspend (deep sleep with some
power) modes are now supported, extending battery life.
 When a PC Card, USB or Infrared device is installed, Windows
2000 will automatically recognize and configure it (if it meets PnP sp
ecifications). If Windows does not have an entry in its driver base fo
r the new hardware, you will be prompted to supply one.
 Equipping mobile computers with SmartCards and Encrypting Fil
e System decreases the likelihood of confidential corporate data being
compromised if the computer is stolen or lost.
 Use hardware profiles for mobile computers. Accessed through
Control Panel > System applet > Hardware tab > Hardware Profiles. Mult
iple profiles can be created and designated as a docked or undocked po
rtable computer.
Input and output (I/O) devices:
 Keyboards are installed under "Keyboards" in Device Manager.
 Mice, graphics tablets and other pointing devices are install
ed under "Mice and other pointing devices" in Device Manager.
 Troubleshoot I/O resource conflicts using the "System Informa
tion" snap-in. Look under Hardware Resources > I/O for a list of memor
y ranges in use.
Updating drivers:
 Drivers are updated using Device Manager. Highlight the devic
e, right-click and choose Properties. A properties dialog appears. Cho
ose the Drivers tab and then the Update Driver... button.
 Microsoft recommends using Microsoft digitally signed drivers
whenever possible. (KB# Q244617)
 The Driver.cab cabinet file on the Windows 2000 CD contains a
ll of the drivers the OS ships with. Whenever a driver is updated, W2K
looks here first. The location of this file is stored in a registry k
ey and can be changed: HKLM\Software\Windows\CurrentVersion\Setup\Driv
erCachePath (KB# Q230644)
 The Driver Verifier is used to troubleshoot and isolate drive
r problems. It must be enabled through changing a Registry setting. Th
e Driver Verifier Manager, verifier.exe, provides a command-line inter
face for working with Driver Verifier. (KB# Q244617)
Managing/configuring multiple CPUs:
 Adding a processor to your system to improve performance is c
alled scaling. Typically done for CPU intensive applications such as C
AD and graphics rendering.
 Windows 2000 Professional supports a maximum of two CPUs. If
you need more consider using Windows 2000 Server (up to 4 CPUs), Advan
ced Server (up to 8 CPUs) and Datacentre Server (maximum of 32 CPUs).
 Windows 2000 supports Symetric Multiprocessing (SMP). Process
or affinity is also supported. Asymetric Multiprocessing (ASMP) is not
supported.
 Upgrading to multiple CPUs might increase the load on other s
ystem resources.
 Update your Windows driver to convert your system from a sing
le to multiple CPUs. This is done through Device Manager > Computer >
Update Driver. (KB# Q234558)
Install and manage network adapters:
 Adapters are installed using the Add/Remove Hardware applet i
n Control Panel
 Change the binding order of protocols and the Provider order
using Advanced Settings under the Advanced menu of the Network and Dia
l-up Connections window (accessed by right-clicking on My Network Plac
es icon)
 Each network adapter has an icon in Network and Dial-up conne
ction. Right click on the icon to set it's properties, install protoco
ls, change addresses, etc.
Troubleshooting the boot process:
Files used in the Windows 2000 boot process: (KB# Q114841)
File: Location:
Ntldr System partition root
Boot.ini System partition root (KB# Q99743)
Bootsect.dos System partition root
Ntdetect.com System partition root
Ntbootdd.sys* System partition root
Ntoskrnl.exe %systemroot%\System32
Hal.dll %systemroot%\System32
System %systemroot%\System32\Config
* Optional - only if system partition is on SCSI disk with BIOS disabl
ed
ARC paths in BOOT.INI: (KB# Q113977 & Q119467)
The Advanced Risc Computing (ARC) path is located in the BOOT.INI and
is used by NTLDR to determine which disk contains the operating system
. (KB# Q102873)
multi(x) Specifies SCSI controller with the BIOS enabled, or non-SCSI
controller.
x=ordinal number of controller.
scsi(x) Defines SCSI controller with the BIOS disabled.
x=ordinal number of controller.
disk(x) Defines SCSI disk which the OS resides on.
When multi is used, x=0. When scsi is used, x= the SCSI ID number of t
he disk with the OS.
rdisk(x) Defines disk which the OS resides on. Used when OS does not r
eside on a SCSI disk.
x=0-1 if on primary controller. x=2-3 if on multi-channel EIDE control
ler.
partition(x) Specifies partition number which the OS resides on.
x=cardinal number of partition, and the lowest possible value is 1.
multi(0)disk(0)rdisk(0)partition(1). These are the lowest numbers that
an ARC path can have.
BOOT.INI switches: (KB# Q239780)
 /basevideo - boots using standard VGA driver
 /fastdetect=[comx,y,z] - disables serial mouse detection or a
ll COM ports if port not specified. Included by default
 /maxmem:n - specifies amount of RAM used - use when a memory
chip may be bad
 /noguiboot - boots Windows without displaying graphical start
up screen
 /sos - displays device driver names as they load
 /bootlog - enable boot logging
 /safeboot:minimal - boot in safe mode
 /safeboot:minimal(alternateshell) - safe mode with command pr
ompt
 /safeboot:network - safe mode with networking support (KB# Q2
36346)
Booting in Safe Mode: (KB# Q202485)
 Enter safe mode by pressing F8 during operating system select
ion phase
 Safe mode loads basic files/drivers, VGA monitor, keyboard, m
ouse, mass storage and default system services. Networking is not star
ted in safe mode. (KB# Q199175)
 Enable Boot Logging - logs loading of drivers and services to
ntbtlog.txt in the windir folder
 Enable VGA Mode - boots Windows with VGA driver
 Last Known Good Configuration - uses registry info from previ
ous boot. Used to recover from botched driver installs and registry ch
anges.
 Recovery Console - only appears if it was installed using win
nt32 /cmdcons or specified in the unattended setup file.
 Directory Services Restore Mode - only in Server, not applica
ble to Win2000 Professional.
 Debugging Mode - again, only in Server
 Boot Normally - lets you boot, uh, normally. ;-)
Windows 2000 Control Sets: (KB# Q142033)
 Found under HKEY_LOCAL_MACHINE\System\Select - has four entri
es
 Current- CurrentControlSet. Any changes made to the registry
modify information in CurrentControlSet
 Default - control set to be used next time Windows 2000 start
s. Default and current contain the same control set number
 Failed - control set marked as failed when the computer was l
ast started using the LastKnownGood control set
 LastKnownGood - after a successful logon, the Clone control s
et is copied here
Running the Recovery Console: (KB# Q229716)
 Insert Windows 2000 CD into drive, change to i386 folder and
run winnt32 /cmdcons (KB# Q216417)
 After it is installed, it can be selected from the "Please Se
lect Operating System to Start" menu
 When starting Recovery Console, you must log on as Administra
tor. (KB# Q239803)
 Can also be run from Windows 2000 Setup, repair option.
 Allows you to boot to a "DOS Prompt" when your file system is
formatted with NTFS.
 Looks like DOS, but is very limited. By default, you can copy
from removable media to hard disk, but not vice versa - console can't
be used to copy files to other media (KB# Q240831). As well, by defau
lt, the wildcards in the copy command don't work (KB# Q235364). You ca
n't read or list files on any partition except for system partition.
 Can be used to disable services that prevent Windows from boo
ting properly (KB# Q244905)
Command Description
attrib changes attributes of selected file or folder
cd or chdir displays current directory or changes directories.
chkdsk run CheckDisk
cls clears screen
copy copies from removable media to system folders on hard disk. No wi
ldcards
del or delete deletes service or folder
dir lists contents of selected directory on system partition only
disable disables service or driver
diskpart replaces FDISK - creates/deletes partitions
enable enables service or driver
extract extracts components from .CAB files
fixboot writes new partition boot sector on system partition
fixmbr writes new MBR for partition boot sector
format formats selected disk
listsvc lists all services on W2K workstation
logon lets you choose which W2K installation to logon to if you have m
ore than one
map displays current drive letter mappings
md or mkdir creates a directory
more or type displays contents of text file
rd or rmdir removes a directory
ren or rename renames a single file
systemroot makes current directory system root of drive you're logged
into
Startup and Recovery Settings:
 Accessed through Control Panel > System applet > Advanced tab
> Startup and Recovery
 Memory dumps are always saved with the filename memory.dmp (K
B# Q192463)
 Small memory dump needs 64K of space. Found in %systemroot%\m
inidump
 A paging file must be on the system partition and the pagefil
e itself at least 1 MB larger than the amount of RAM installed for Wri
te debugging information option to work
 Use dumpchk.exe to examine contents of memory.dmp (KB# Q15628
0)
Windows Report Tool: (KB# Q188104)
 Used to gather information from your computer to assist suppo
rt providers in troubleshooting issues. Reports are composed in Window
s 98 and Windows 2000 and then uploaded to a server provided by the su
pport provider using HTTP protocol.
 Reports are stored in a compressed .CAB format and include a
Microsoft System Information (.NFO) file.
 The report generated by Windows Report Tool (winrep.exe) incl
udes a snapshot of complete system software and hardware settings. Use
ful for diagnosing software and hardware resource conflicts.
Emergency Repair Disk:
 Windows NT 4 users - the RDISK utility is gone, ERDs are now
made exclusively with the backup utility. It has been changed from a r
epair disk to a boot disk which lets you run repair tools on the CD (K
B# Q216337)
 To make an ERD, run ntbackup, choose Emergency Repair Disk an
d insert a blank formatted floppy into the A: drive. You will also hav
e the option to copy registry files to the repair directory - it's a g
ood idea to do so (%systemroot%\repair\regback). Also use backup to co
py these registry files to a tape or Zip disk. (KB# Q231777)
 ERD contains the following files: autoexec.nt, config.nt and
setup.log
Monitoring and Optmizing System Performance and Reliability:
Driver signing: (KB# Q224404)
Configuring Driver Signing: (KB# Q236029)
 Open System applet in Control Panel and click Hardware tab. T
hen in the Device Manager box, click Driver Signing to display options
:
 Ignore - Install all files, regardless of file signature
 Warn- Display a message before installing an unsigned file
 Block- Prevent installation of unsigned files
 The Apply Setting As System Default checkbox is only accessib
le to Administrators
Using System File Checker (sfc.exe): (KB# Q222471)
 /scannow - scans all protected system files immediately
 /scanonce - scans all protected system files at next startup
 /scanboot- scans all protected system files at every restart
 /cancel- cancels all pending scans
 /quiet - replaces incorrect files without prompting
 /enable - sets Windows File Protection back to defaults
 /purgecache - purges file cache and forces immediate rescan
 /cachesize=x- sets file cache size
Windows Signature Verification (sigverif.exe):
 running sigverif launches File Signature Verification
 checks system files by default, but non-system files can also
be checked
 saves search results to Sigverif.txt
Task scheduler: (KB# Q235536 & Q226262)
 used to automate events such as batch files, scripts and syst
em backups
 tasks are stored in the Scheduled Tasks folder in Control Pan
el
 running task with a user name and password allows an account
with the required rights to perform the task instead of an administrat
ive account
 set security for a task by group or user
Using offline files:
Offline files replaces My Briefcase and works a lot like Offline Brows
ing in IE5.
Share a folder and set it's caching to make it available offline - thr
ee types of caching:
 manual caching for documents - default setting. Users must sp
ecify which docs they want available when working offline
 automatic caching for documents - all files opened by a user
are cached on his local hard disk for offline use - older versions on
users machine automatically replaced by newer versions from the file s
hare when they exist
 automatic caching for programs -same as above, but for progra
ms
When synchronizing, if you have edited an offline file and another use
r has also edited the same file you will be prompted to keep and renam
e your copy, overwrite your copy with the network version, or to overw
rite the network version and lose the other user's changes (a wise Sys
Admin will give only a few key people write access to this folder or e
veryone's work will get messed up).
Using Synchronization Manager, you can specify which items are synchro
nized, using which network connection and when synchronization occurs
(at logon, logoff, and when computer is idle).
Performance Console: (KB# Q146005)
 Important objects are cache (file system cache used to buffer
physical device data), memory (physical and virtual/paged memory on s
ystem), physicaldisk (monitors hard disk as a whole), logicaldisk (log
ical drives, stripe sets and spanned volumes), and processor (monitors
CPU load)
 Processor - % Processor Time counter measure's time CPU spend
s executing a non-idle thread. If it is continually at or above 80%, C
PU upgrade is recommended
 Processor - Processor Queue Length - more than 2 threads in
queue indicates CPU is a bottleneck for system performance
 Processor - % CPU DPC Time (deferred procedure call) measures
software interrupts.
 Processor - % CPU Interrupts/Sec measures hardware interrupts
. If processor time exceeds 90% and interrupts/time exceeds 15%, check
for a poorly written driver (bad drivers can generate excessive inter
rupts) or upgrade CPU.
 Logical disk - Disk Queue Length - If averaging more than 2,
drive access is a bottleneck. Upgrade disk, hard drive controller, or
implement stripe set
 Physical disk - Disk Queue Length - same as above
 Physical disk - % Disk Time- If above 90%, move data/pagefile
to another drive or upgrade drive
 Memory - Pages/sec - more than 20 pages per second is a lot o
f paging - add more RAM
 Memory - Commited bytes - should be less than amount of RAM i
n computer
 diskperf command for activating disk counters is not supporte
d in Windows 2000
Performance Alerts and Logs: (KB# Q244640)
 Alert logs are like trace logs, but they only log an event, s
end a message or run a program when a user-defined threshold has been
exceeded
 Counter logs record data from local/remote systems on hardwar
e usage and system service activity
 Trace logs are event driven and record monitored data such as
disk I/O or page faults
 By default, log files are stored in the \Perflogs folder in t
he system's boot partition
 Save logs in CSV (comma separated value) or TSV (tab separate
d value) format for import into programs like Excel
 CSV and TSV must be written all at once, they do not support
logs that stop and start. Use Binary (.BLG) for logging that is writte
n intermittantly
 Logging is used to create a baseline for future reference
Virtual memory/Paging file:
 Recommended minimum paging file size is 1.5 times the amount
of RAM installed. A system with 64 MB should have a 96 MB page file. M
aximum page file size should not exceed 2.5 times the amount of RAM in
stalled
 Set through Control Panel > System applet > Advanced tab > Pe
rformance Options > Change
 The most efficient paging file is spread across several drive
s, but is not on the system or boot partitions. (KB# Q123747)
 Maximum registry size can also be changed through the Virtual
Memory dialog box
Hardware profiles:
 Created to store different sets of configuration settings to
meet a users different needs (usually used with portables) such as whe
ther a computer is docked or undocked.
 User selects the desired profile at Windows 2000 startup
 Profiles are created through Control Panel > System applet >
Hardware tab > Hardware Profiles
 Devices are enabled and disabled in particular profiles throu
gh their properties in the Device Manager snap-in
Data recovery:
 Windows 2000 Backup is launched through Control Panel > Syste
m applet > Backup or by running ntbackup from the Start menu (KB# Q241
007)
 Users can back up their own files and files they have read, e
xecute, modify, or full control permission for
 Users can restore files they have write, modify or full contr
ol permission for
 Administrators and Backup Operators can backup and restore al
l files regardless of permissions
Backup type Description
Normal All selected files and folders are backed up. Archive attribute
is cleared if it exists (fast for restoring)
Copy All selected files and folders are backed up. Archive attribute i
s not cleared (fast for restoring)
Incremental Only selected files and folders that have their archive at
tribute set are backed up and then archive markers are cleared
Differential Only selected files and folders that have their archive a
ttribute set are backed up but archive attributes are not cleared
Daily All selected files and folders that have changed throughout the
day are backed up. Archive attributes are ignored during the backup an
d are not cleared afterwards
The Windows 2000 Registry:
Database that stores Windows 2000 configuration information for all in
stalled software, hardware and users in a hierarchical structure. Cons
ists of five main subtrees:
 HKEY_CLASSES_ROOT - holds software configuration data, file a
ssociations and object linking and embedding (OLE) data
 HKEY_CURRENT_CONFIG - holds data on active hardware profile e
xtracted from SOFTWARE and SYSTEM hives
 HKEY_CURRENT_USER - contains data about current user extracte
d from HKEY_USERS and additional info pulled down from Windows authent
ication
 HKEY_LOCAL_MACHINE - contains all local computer hardware, so
ftware, device driver and startup information. Remains constant regard
less of the user
 HKEY_USERS - holds data for user identities and environments,
custom settings, etc
The Registry Editor (Regedt32.exe) has a read-only mode, a security me
nu, and supports the REG_EXPAND_SZ and REG_MULTI_SZ data types. Regedi
t.exe (another registry editing tool installed by Windows 2000) does n
ot. Registry Editor automatically saves changes as they are made.
Secondary Logon Service (Run As): (KB# Q225035)
 Similar to the SU (Super User) command in UNIX
 Used to test setting using a particular user account while lo
gged in with a different account
 Select the application icon using a single left-click, hold d
own the Shift key and right-click the icon. When the pop-up menu appea
rs, click Run As. This brings up a dialog box titled "Run program as o
ther user" - enter your credentials and click OK
Configuring and Troubleshooting the Desktop Environment:
User profiles:
 Is a collection of data and folders that store the user's des
ktop environment and application settings along with personal data.
 When a user logs onto a client computer running W2K Pro, he/s
he always receives his/her individualized desktop settings and all of
their network connections regardless of how many users share the same
computer.
 A user can change their user profile by changing their deskto
p settings - when they log off, Windows 2000 incorporates the changes
into their user profile.
 Setting a profile as mandatory forces Windows to discard any
changes made during the session so the next time the user logs on, the
session remains unchanged from their last login.
 User profiles are stored in the %systemroot%\Documents and Se
ttings\%username% folder.
 Roaming profiles are used in Windows 2000 domains for users w
ho move from one computer to another but require a consistent desktop
environment.
Multiple languages and locations:
Changed through the Regional Options applet in Control Panel. Open Reg
ion Options and click Input Locale tab to add more locales. Check each
locale or language you want your system to support. (KB# Q177561)
On the Regional Options applet General tab, scroll through the items i
n the box labelled "Your System is Configured to Read and Write Docume
nts in Multiple Languages" to see the available languages as well as t
he current default.
Using Microsoft Installer Packages: (KB# Q242479)
 Recognized by their .MSI extension.
 Integrates software installation into Windows 2000 so that it
is now centrally controlled, distributed, and managed from a central-
point.
 Completely integrated with Active Directory's Group Policies.
 You can assign or publish software packages. Software that is
published has a shortcut appear on a user's Start > Programs menu, bu
t is not installed until the first time they use it. Assigned software
is installed the next time the user logs on regardless of whether or
not they run it.
 Software package is installed on a Windows 2000 Server in a s
hared directory. A Group Policy Object (GPO) is created. Behavior filt
ers are set in the GPO to determine who gets the software. Then add th
e package to the GPO under User Configuration > Software Settings > So
ftware Installation (this is done on the server). You are prompted for
a publishing method - choose it and say OK.
 Non-MSI programs are published as .ZAP files. They cannot tak
e advantage of MSI features such as elevated installation priveleges,
rolling back an unsuccessful installation, install on first use of sof
tware or feature, etc. (KB# Q231747)
Configure and troubleshoot desktop settings:
Desktop settings can be configured using the Display applet in Control
Panel or by right-clicking on a blank area of the desktop and selecti
ng properties.
User can change the appearance of the desktop, desktop wallpaper, scre
en saver settings and more.
Fax support:
 If a fax device (modem) is installed, the Fax applet appears
in Control Panel. Does not appear when no fax device installed
 If the Advanced Options tab is not available in the Fax apple
t log off then log back on as Administrator
 Use the Fax applet to setup rules for how device receives fax
es, number or retries when sending, where to store retrieved and sent
faxes, user security permissions, etc.
 The Fax printer in your printer folder cannot be shared
Accessibility services: (KB# Q210894)
 StickyKeys allows you to press multiple key combinations (CTR
L-ALT-DEL) one key at a time
 FilterKeys tells the keyboard to ignore brief or repeated key
strokes
 SoundSentry displays visual warnings when your computer makes
a sound (for aurally impaired)
 ShowSounds forces programs to display captions for the speech
and sounds they make
 MouseKeys lets you control the mouse pointer with the numeric
keypad
 Magnifier magnifies a portion of the desktop (for visually im
paired) - available during GUI phases of OS installation (KB# Q231843)
 Narrator reads menu options aloud using speech synthesis (for
visually impaired) - available during GUI phases of OS installation.
Implementing, Managing, and Troubleshooting Network Protocols and Serv
ices:
TCP/IP protocol:
Miscellaneous:
 Is an industry-standard suite of protocols
 It is routable and works over most network topologies
 It is the protocol that forms the foundation of the Internet
 Installed by default in Windows 2000
 Can be used to connect dissimilar systems
 Uses Microsoft Windows Sockets interface (Winsock)
 IP addresses can be entered manually or provided automaticall
y by a DHCP server
 DNS is used to resolve computer hostnames to IP addresses
 WINS is used to resolve a NetBIOS name to an IP address
 Subnet mask - A value that is used to distinguish the network
ID portion of the IP address from the host ID.
 Default gateway - A TCP/IP address for the host (typically a
router) which you would send packets for routing elsewhere on the netw
ork.
Automatic Private IP Addressing:
Windows 98 and Windows 2000 support this new feature. When "Obtain An
IP Address Automatically" is enabled, but the client cannot obtain an
IP address, Automatic Private IP addressing takes over:
 IP address is generated in the form of 169.254.x.y (where x.y
is the computer's identifier) and a 16-bit subnet mask (255.255.0.0)
 The computer broadcasts this address to it's local subnet
 If no other computer responds to the address, the first syste
m assigns this address to itself
 When using the Auto Private IP, it can only communicate with
other computers on the same subnet that also use the 169.254.x.y range
with a 16-bit mask.
 The 169.254.0.0 - 169.254.255.255 range has been set aside fo
r this purpose by the Internet Assigned Numbers Authority
TCP/IP Server Utilities:
 Telnet server - Windows 2000 includes a telnet server service
(net start tlntsvr) which is limited to a command line text interface
and two concurrent users. Set security on your telnet server by runni
ng the admin tool, tlntadmn. (KB# Q225233)
 Web Server - stripped version of IIS5 Web server. Limited to
10 connections. Must be installed and service started before sharing y
our printers using Web printing or Internet printing. Can be managed u
sing IIS snap-in or Personal Web Manager, a "dumbed-down" GUI for novi
ce users.
 FTP Server - stripped version of Internet Information Server
5 (IIS5) FTP server. Limited to 10 connections but is adminstered just
like the server version using IIS snap-in or the Personal Web Manager
.
 FrontPage 2000 Server Extensions - extends the functionality
of the Web server and included in W2K Pro for developing and testing W
eb sites before deploying them to a production server.
 SMTP Server - does not appear to have limitations on connecti
ons but this is most likely due to its integration with LDAP and Activ
e Directory replication. Also works with the form handlers in FrontPag
e Server Extensions.
TCP/IP Client Utilities:
 Telnet client - Can be used to open a text based console on U
NIX, Linux and Windows 2000 systems (run telnet servername)
 FTP client - Command line based - simple and powerful (run ft
p servername)
 Internet Explorer 5 - Microsoft's powerful and thoroughly int
egrated Web browser (see IE5 Cramsession for details)
 Outlook Express 5 - SMTP, POP3, IMAP4, NNTP, HTTP, and LDAP c
omplaint E-mail package.
Services for UNIX 2.0:
Miscellaneous:
 TCP/IP protocol is required for communicationg with UNIX host
s
 Windows 2000 uses CIFS (Common Internet File System) which is
an enhanced version of the SMB (Server Message Block) protocol
 UNIX uses NFS (Network File System)
 FTP support has been added to Windows Explorer and to Interne
t Explorer 5.0 allowing users to browse FTP directories as if they wer
e a local resource.
 Install SNMP for Network Management (HP, OpenView, Tivoli and
SMS).
 Print Services for UNIX allows connectivity to UNIX controlle
d Printers (LPR)
 Simple TCP/IP Services provides Echo, Quote of Day, Discard,
Daytime and Character Generator..
Client for NFS:
 Installs a full Network File System (NFS) client that integra
tes with Windows Explorer. Available for both W2K Professional and Ser
ver.
 Places a second, more powerful Telnet client on your system i
n the %windir%\system32\%sfudir% directory. This new client has been o
ptimized for Windows NT Telnet server and can use NTLM authentication
instead of clear text. (KB# Q250879)
 Users can browse and map drives to NFS volumes and access NFS
resources through My Network Places. Microsoft recommends this over i
nstalling Samba (SMB file services for Windows clients) on your UNIX s
erver.
 NFS shares can be accessed using standard NFS syntax (servern
ame:/pathname) or standard UNC syntax (\\servername\pathname)
 If users' UNIX username/password differ from Windows username
/password, click "Connect Using A Different User Name" option and prov
ide new credentials.
 The following popular UNIX utilities are installed along with
the Client for NFS (not a complete list):
Utility Description
grep Searches files for patterns and displays results containing that
pattern
ps Lists processes and their status
sed Copies files named to a standard output; edits according to a scri
pt of commands
sh Invokes the Korn shell
tar Used to create tape archives or add/extract files from archives
vi Invokes IV text editor
 The nfsadmin command-line utility is used for configuration a
nd administration of the Client for NFS. It's options are:
Option Description
fileaccess UNIX file permissions for reading, writing, and executing.
mapsvr Computer name of the mapping server
mtype Mount type, HARD or SOFT
perf Method for determining performance parameters (MANUAL or DEFAULT)
preferTCP Indicates whether to use TCP (YES or NO)
retry Number of retries for a soft mount - default value is 5
rsize Size of read buffer in KB
timeout Timeout in seconds for an RPC call
wsize Size of write buffer in KB
Server for NFS:
 Allows NFS clients (think UNIX/Linux here) to access files on
a Windows 2000 Professional or Server computer.
 Integrates with Server for PCNFS or Server for NIS to provide
user authentication
 Managed using the UNIX Admin Snap-in (sfumgmt.msc)
Gateway for NFS:
 Allows non-NFS Windows clients to access NFS resources by con
necting thru an NFS-enabled Windows Server to NFS resources.
 Acts as a gateway/translator between the NFS protocol used by
UNIX/Linux and the CIFS protocol used by Windows 2000.
 Not available on W2K Professional - Server only.
Server for PCNFS:
 Can be installed on either W2K Professional or Server
 Provides authentication services for NFS clients (UNIX) needi
ng to access NFS files. Works with the mapping server.
Server for NIS:
 Must be installed on a Windows 2000 Server that is configured
as a Domain Controller.
 Allows server to act as the NIS master for a particular UNIX
domain.
 Can authenticate requests for NFS shares.
Troubleshooting: (KB# Q102908)
 Ipconfig and Ipconfig /all - displays current TCP/IP configur
ation
 Nbtstat - displays statistics for connections using NetBIOS o
ver TCP/IP
 Netstat - displays statistics and connections for TCP/IP prot
ocol
 Ping - tests connections and verifies configurations
 Tracert - check a route to a remote system
 Common TCP/IP problems are caused by incorrect subnet masks a
nd gateways
 If an IP address works but a hostname won't check DNS setting
s
NWLink (IPX/SPX) and NetWare Interoperability: (KB# Q220872)
 NWLink (MS's version of the IPX/SPX protocol) is the protocol
used by NT to allow Netware systems to access its resources. (KB# Q20
3051)
 NWLink is all that you need to run in order to allow an NT sy
stem to run client/server applications from a NetWare server.
 To allow file and print sharing between NT and a NetWare serv
er, CSNW (Client Services for NetWare) must be installed on the NT sys
tem. In a Netware 5 environment, the Microsoft client does not support
connection to a Netware Server over TCP/IP. You will have to use IPX/
SPX or install the Novell NetWare client. (KB# Q235225)
 W2K Setup upgrades all Intel x86 based computers running vers
ion 4.7 or earlier of a Novell client to version 4.51. (KB# Q218158)
 Gateway Services for NetWare can be implemented on your NT Se
rver to provide a MS client system to access your NetWare server by us
ing the NT Server as a gateway. (KB# Q121394 & Q220872)
 Frame types for the NWLink protocol must match the computer t
hat the NT system is trying to connect with. Unmatching frame types wi
ll cause connectivity problems between the two systems.
 When NWLink is set to autodetect the frame type, it will only
detect one type and will go in this order: 802.2, 802.3, ETHERNET_II
and 802.5 (Token Ring).
 Netware 3 servers uses Bindery Emulation (Preferred Server in
CSNW). Netware 4.x and higher servers use NDS (Default Tree and Conte
xt.)
 There are two ways to change a password on a netware server -
SETPASS.EXE and the Change Password option (from the CTRL-ALT-DEL dia
log box). The Change Password option is only available to Netware 4.x
and higher servers using NDS.
Other protocols:
 DLC is a special-purpose, non-routable protocol used by Windo
ws 2000 to talk with IBM mainframes, AS400s and Hewlett Packard printe
rs.
 Appletalk must be installed to allow Windows 2000 Professiona
l to communicate with Apple printers. Do not confuse this with File an
d Print Services for Macintosh which allow Apple Clients to use resour
ces on a Microsoft Network (only available on Server).
 NetBEUI is used soley by Microsoft operating systems and is n
on-routable (it is broadcast-based)
Remote Access Services (RAS):
Authentication protocols:
 EAP - Extensible Authentication Protocol. A set of APIs in Wi
ndows for developing new security protocols as needed to accomodate ne
w technologies. MD5-CHAP and EAP-TLS are two examples of EAP
 EAP-TLS - Transport Level Security. Primarily used for digita
l certificates and smart cards
 MD5-CHAP - Message Digest 5 Challenge Handshake Authenticatio
n Protocol. Encrypts usernames and passwords with an MD5 algorithm
 RADIUS - Remote Authentication Dial-in User Service. Specific
ation for vendor-independant remote user authentication. Windows 2000
Professional can act as a RADIUS client only.
 MS-CHAP (v1 and 2) - Microsoft Challenge Handshake Authentica
tion Protocol. Encrypts entire session, not just username and password
. v2 is supported in Windows 2000 and NT4 and Win 95/98 (with DUN 1.3
upgrade) for VPN connections. MS-CHAP cannot be used with non-Microsof
t clients
 SPAP - Shiva Password Authentication Protocol. Used by Shiva
LAN Rover clients. Encrypts password, but not data
 CHAP - Challenge Handshake Authentication Protocol - encrypts
user names and passwords, but not session data. Works with non-Micros
oft clients
 PAP - Password Authentication Protocol. Sends username and pa
ssword in clear text
Virtual Private Networks (VPNs):
 PPTP - Point to Point Tunneling Protocol. Creates an encrypte
d tunnel through an untrusted network.
 L2TP - Layer Two Tunneling Protocol. Works like PPTP as it cr
eates a tunnel, but it does not provide data encryption. Security is p
rovided by using an encryption technology like IPSec
Feature PPTP L2TP
Header compression No Yes
Tunnel authentication No Yes
Built-in encryption Yes No
Transmits over IP-based
internetwork Yes Yes
Transmits over UDP, Frame
Relay, X.25 or ATM No Yes
Multilink Support: (KB# Q235610)
 Multilinking allows you to combine two or more mode |
|