PRACTICAL – 1

AIM: Difference between Windows 98, Windows NT and NT- Workstation

Windows 98:

Windows 98 is desktop operating system made up by Microsoft that runs on

Intel/Cyrix/AMD/Pentium and Intel 80x86. Windows 98 is a graphical operating system released
on June 25, 1998 by Microsoft and its predecessor, it is a hybrid 16 bit/ 32 bit monolithic product
based on DOS. Windows 98 stores files in items called folders on different machines/drives. Win
98 offers support for a number of new technologies including FAT 32, AGP, USB, DVD, and
ACPI.

Windows NT:

Windows NT is a windows Microsoft flagship operating system. It currently comes in two

flavors, NT workstation V4.0 and NT, advanced server. Win NT server is the fastest growing
network operating system in American Business today. Win NT server incorporatesMicrosoft
Networking based on IBM’s peer to peer PC-Net. The Microsoft Win NT operating system
supports the concept of preemptive multitasking, multithreading and networking. It provides
fault tolerance, enhanced reliability, multiprocessing, POSIX support, extensive security
features.

Difference between WIN 98 and WIN NT:

Intended Purpose:

ATTRIBUTE Windows 98 Windows NT

Server/Mainframe Only low endserver can run on Microsoft intends NT for
this operating system server use
Desktop/Workstation For general desktop use For Workstation use
Hand Held Not appropriate Not appropriate
Real Time Not appropriate Not appropriate

Hardware Support:

Windows 98: Intel/Cyrix/AMD/Pentium 486µp.

Windows NT: Intel/Cyrix/AMD/Pentium Windows NT 3.51 was ported to DEC alpha, SGI,
MPIS and IBM/Motorola power PC, that is no longer supported Windows NT server enterprise
edition was ported to DEC alpha.

Maximum Number of Bits:

Windows 98: 16/32 bits

Windows NT: 32 bits

File System Supported:

Windows 98:

Preffered file system: FAT 32(NR WF)

File system can read/write: VFAT(RW), FAT(RW), SMB(RW)

File system read only and can write through optimal software: ISO 9600(RW), CD(RW), DVD-
Video(R), DVD-ROM(R)

Windows NT:

Preffered file system: Fat 32(NRWF)

File system can read, write and format: FAT(NRWF)

File system read only and can write through optimal software: ISO 9600, DFS

Text Command Shell:

Windows 98: DOS Command Line

Windows NT: DOS Command Line

Windows NT Workstation and Windows NT Server:

Windows NT is a Microsoft windows personal computer operating system designed for users
and business needing advanced capacity. NT technology is the base for the Microsoft successor
operating system, windows 2000, windows NT is actually two products:

Windows NT Workstation

Windows NT Server

Windows NT Workstation:

The workstation designed for users, especially business users, who need faster performance and
a system little faster, safer than Win 98. Microsoft says that 32 bit application run 20% faster on
this system than Win 95 (assuming both 32 MB RAM). Since older 16 bit application run in a
separate address space, one can crash without crashing other applications or the operating system
security and management features not available on Win 95 and provided. The Workstation has
same desktop user interface as Windows 95.
Windows NT Workstation 4.0 system Requirements:

486/25 MHz or Pentium based system

12 MB RAM

110 MB hard disk space

VGA or higher resolution display adapter

The server is designed for business machine that need to provide services for network attached
computers. The server is required together with an intended server probably the second most
installed network server operating system after Novell Netware operating system. Windows NT
server components can be broken down into following categories:

Networking components

Internet/Intranet components

Inter-operability components

Application enabling components

Administrative components

Workstation components

PRACTICAL – 2

AIM: Introduction to various memory management techniques.

Memory Management:
It describes how the operating system organizes and manages th available memory and it shows
how you can use the services provided by the memory manager and other system software
components to manage memory is your application partition efficiently. The memory
management is usually divided into following areas:
Hardware Memory Management:
Memory management at the high level is concerned with the electronic device that actually store
data. This includes things like RAM and memory cache.
Operating System Management:
In the memory management, memeory must be allocated to user programs and reused by other
program when it is no longer required.
Application Memory Management:
It involves supplying the memory needed for a program’s object and data structure from limited
resources available and recycling that memory from reuse when it is no longer required.
Memory Management Techniques:

• Fixed Partitioning: Main memory is divided into a number of static partitions at

system’s operation time. A process may be loaded into a partition of equal or greater size.
STRENGTH: It is simple to implement and little overhead.
WEAKNESS: Insufficient use of memory due to internal fragmentation.

• Dynamic Partitioning: Partitions are dynamically created so that each process is loaded
into a partition of exactly the same site as the process.
STRENGTH: No internal fragmentation, more efficient use of memory.
WEAKNESS: Insufficient use of processors due to need for comparison to counter
external fragmentation.
• Simple Paging: Main memory is divided into number of equal size frames. Each process
is divided into a equal size pages of same length as frames. A process is loaded by
loading all of its processes into available frames.
STRENGTH: No external fragmentation.
WEAKNESS: small amount of internal fragmentation.

• Simple Segmentation: Main memory is divided into number of segments. A process is

loaded by loading all of its segments into dynamic partition that need not to be
contiguous.
STRENGTH: No internal fragmentation.
WEAKNESS: Need for compaction
• Virtual Memory Paging: As with simple paging, except that it is not necessary to load
all of pages of process. Non-resident pages that are needed are brought in later.
STRENGTH: No internal fragmentation, higher degree of multiprogramming, large
virtual process space.
WEAKNESS: Overhead of complex memory management
PRACTICAL – 3

AIM: Simulation of ATM Switch Performing Throughput with Mixed Load Condition

Switching:
It is the process of transfer of packets from input to output port. This transfer is also referred to
as internal routing of packets.
Hardware Memory Management:
The switch is assumed to perform cell relay and support of control and management functions.
The switching functions are:

• User Plane: Main function of an ATM switch is to relay data cells from input to output
port. The switch processes only the cell header and the payload is carried transparently.
As soon as the cell comes in through the input port, the VPI/VCI information is derived
and used to route the cells into appropriate output port. This function can be divided into
three functional blocks. The input port, the cell switch fabric that performs actual routing
and the output modules at output ports

• Control Plane: This plane represents the function related to the establishment and
control of VP/VC connections unlike the user data cells information in control cell
payload is not transparent to the network. The CAC carries out the major signaling
function required.

• Management Plane: This is concerned with monitoring the controlling the network to
ensure its correct and efficient operation. These operations can be subdivided as fault
management functions, performance management functions accounting and traffic
management functions. The switch management is responsible for supporting the ATM
layer operation and maintenance procedures.

• Traffic Control Functions: The switching system may support CAC, usage/network
parameter control and congestion control. We will regard UPC/NPC functions as handled
by switch management while special buffer management actions are supervised by switch
management.

• The other functions are VCI translation and Switching.

Structure of ATM Switch:

An ATM switch has three basic components:

 • Input Module: It accepts the packets at the input port and then processes them.

• Switching Fabric: It provides the means to route the packets from input port to
output port.

• Output Module: It processes the packets just before transmission on the output port.

Switching Elements:
These are the basic switching building blocks. A switching element is the basic unit of switch
fabric. It can be implemented in a single integrated circuit element. At the input port the routing
information of the cell is analyzed and the cell then is diverted to the correct output port. In
general, the switching element consists of an interconnection network and input controller for
each incoming lines and output controller for each outgoing line. The IC and OC are coupled by
the interconnection network.
Technical Aspects:
• Queue Size: The size of the queue depends on the performance requirements of the use
queuing method in use. The queue size is reflected in number of cells buffers which are
supported by switching elements.

• Memory Speed: The access time of the queuing elements depends on the queuing
method in use. The number of outlets of the switching elements, the rate of incoming and
outgoing cells.
• Memory Control: In order to control the switching element, additional control logic is
required.
ATM Simulation:
An ATM network simulation has been developed to provide a means for researchers and network
planners to analyze the behavior of the ATM network without expense of building a real
network. The simulation is used as a network planning tool.
The simulation can also be used as a protocol analyzer tool to study the total system effect by a
particular ATM network protocol.
PRACTICAL – 4

AIM: Installation of Windows NT 4.0

Windows NT 4. 0 can be installed on Intel x86, PowerPC, MIPS R4x00 and DEC Alpha AXP.
The NT Hardware Qualifier is used on Intel machines to identify hardware. You can install NT
from a CD using DOS drivers if the NT drivers do not exist. You can dual boot DOS/Win 95 and
NT but DOS/Win 95 must be installed first and applications must be installed twice.

The System Partition is for the hardware-specific files and is on the Active partition. The Boot
Partition is for the OS files and can be on the System partition.
NTFS is used if file-level security is required, Services for Macintosh, permission preserved
when moving files from a Netware server or NT file compression is required.

Setup automatically formats with FAT16 up to 4Gb. If NTFS is required than the partition is
marked for conversion after installation. Convert.exe will preserve data when changing from
FAT16 to NTFS. For dual boot, drive C: must be FAT16 and a minimum of 2Mb must be
formatted on drive C: of a RISC computer.

Member servers can move between Domains but PDCs and BDCs remain in the Domain because
the Domain Security Identifier (SID) is created on NT installation. Member servers just have
their own SID rather than the Domain one. Domain names can be changed though, starting with
the PDC.

A user who connects to a folder on one workstation and then accesses a file from another
workstation is deemed to have two connections.

As far as licensing goes you need a Server License agreement for each server and a Client
Access License (CAL). For the CALs you can use Per Server Licensing which is the number of
clients allowed to access a particular server. You could opt for Per Seat Licensing which applies
per client. With this any number of clients can access any server. It is possible to convert ONCE
from Per Server to Per Seat licencing. Per Seat Licensing is more suitable in a multiple server
environment.

You run the Licensing Program by double-clicking Licensing in Control Panel. This allows
you to view the licencing mode for each backoffice product including NT Server. You can add or
remove CALS and also specify how licensing information is replicated to a master server
or Enterprise Server that handles lots of domains.

License Manager is started from the Administrative Tools menu. You can view the licensing
for the whole organisation and look at the usage. In addition you can perfom the one-way change
from Per Server to Per Seat licensing. Licence Groups can be created if many users use one
computer or one user uses multiple computers, the idea is to enable correct licensing information
to be obtained.

Network Administration Tools for NT Workstation enables the computer to administer NT

servers and domains. The icons must be manually set up, the tools being installed in
the \svrtools directory.

Services for Macintosh allows a Macintosh to share files and printers, simple network
administration and AppleTalk routing support. The Macintosh requires System OS 6.0.7 or later
plus AppleShare. Services for Macintosh is installed via the Services tab of the Network
program a MacFile menu is then added to the Server Manager.

You can run Winnt.exe from the CD in DOS/Win 95 to install NT rather than use the minimal
NT OS on the three floppy disks provided. For RISC computers, the Setupldr program is used
from the CD. Typical, Portable, Compact and Custom setups are the options for Workstation, NT
only uses Custom. A PDC requires a unique Domain name, the domain is then automatically
created. A NetBios computer name cannot be the same as a Domain name.

There are 4 phases to the NT installation:

• Initialising Installation - detection of hardware, partition, file system, NT files location.

• Gathering Information - Installation method (Workstation), licensing mode (Server), type
of Server, a password for Admin, Emergency Repair Disk.
• Installing Networking - LAN, RAS, Internet Information Server (IIS), network cards,
network protocols, workgroup or domain for this computer.
• Finishing - time, video, Exchange Inbox configurations.

For Winnt.exe the following switches control the setup process:

• /x - stops the setup disks being created.

• /ox - only create boot disks.
• /b - floppyless installation.
• /u - unattended installation followed by an answer file, used with /s switch.
• /udf - Uniqueness Database File is specified for unattended installations of unique
computers with individual settings.
• /s - location of NT source files used with /u switch.
• /f - prevents verification of files.
• /i - specify the file name (default Dosnet.inf) for the setup information.
• /c - skips the free space check on the setup boot disks.
 • /t - specifies the drive used for the temporary setup files (default is the drive with the
most room).
• /l - creates log file $Winnt.log.

Winnt32.exe is used only for upgrading from earlier versions of NT.

The Unattend.txt answer file can be copied from the resource kit, renamed and used with
the /u switch to identify unique settings for a computer. It is best to use one answer file for an
unattended group install and use the UDFs for computer specific settings such as computer
name. Uniqueness IDs are listed in the answer file referencing the numerous UDFs (perhaps one
per computer).

System Management Server (SMS) is used for large rollouts, and can also be used to pull down
other applications.

The Initial Parameter Files created from the command line switches, the Unattend.txt file or the
graphical menus in Setup. The text mode version is called Winnt.sif whilst the graphical mode
one is called $winnt$.inf in the system32 directory. You can use these files to create your own
Unattend.txt file.

Other applications can be installed by creating a directory called $oem$\Oemfiles and placing
the extra components in there. For hardware components that need extra files installed need
individual directories in $oem$\Oemfiles\Textmode.

If an application does not support scripted installation, then the Sysdiff.exe utility must be used.
this works by first creating a snapshot of a reference computer using sysdiff /snap snapshot_file,
install the applications required on the reference computer, use sysdiff /diff snapshot_file
difference_fileto create a difference file. You can then place the difference file
in $oem$\Oemfiles\$$root and add the sysdiff /apply difference_file to
the$oem$\Oemfiles\Cmdlines.txt, or apply it to an existing NT installation.

To remove NT, boot from a DOS/Win 95 floppy and type sys c: to remove the NT boot loader.
Restart the system from the hard disk, delete the following:

• c:\Pagefile.sys
• c:\Boot.ini
• c:\nt*.*
 • c:\bootsect.dos
• The Winnt folder
• Program files\Windows NT

You can remove an NTFS partition from the NT Setup program. Fdisk in DOS 6.22 will remove
an NTFS partition but not a logical drive.

Directory Replication makes the same files available at multiple servers so not overburdening
any one server when commonly used files are being accessed by many users. User's logon scripts
must reside on the domain controller that validates the user. When there are more than one
domain controller in a domain, the logon scripts should be replicated to them all. Directory
replication allows you to just maintain one directory. The same goes for System Policy files,
telephone lists etc. typically read only files.

An NT Server can act as an Export Server and uses \System32\Repl\Export\subdir to hold the
group of files. An account is created for the replication purpose for each Import computer. The
account must be a member of the Backup and Replicators Group, the password must never
expire and the account must have 24 hours access. The Directory Replicator Service can be set
to start automatically from Server Manager or the Services program in Control Panel. The Import
Computer must log on as a member of the local Replicators Group and be configured to receive
files. On a periodic update the Export Server on seeing updated files in the subdirectory sends an
update notice to each of the Import Computers. They in turn download the updated files and
delete the old files.

The boot sequence files required on an Intel x86 machine are as follows:

• Ntldr - loads the OS

• Boot.ini - builds the OS selection menu
• Bootsect.dos - contains the boot sector of another operating system such as Win 95.
• Ntdetect.com - hardware detect program
• Ntbootdd.sys - used only for SCSI based systems that have the BIOS disabled on the
SCSI adapter.
• Ntoskrnl.exe - The NT Kernel
• System - contains the system configuration files
• Device drivers
 • Hal.dll

The Boot sequence is as follows:

1. Power on self test

2. Master Boot Record (MBR) is loaded and ran from the first sector. The first sector also
contains the Partition Table which is scanned by the MBR for the System Partition.
3. Boot sector from the active partition is loaded into memory
4. Ntldr is loaded (this is the responsibility of the Partition Boot Sector Code) and this
controls the operating system selection process and hardware detection.
5. Microprocessor changed to flat memory mode
6. Start minifile system drivers which is code to access files on FAT and NTFS systems.
7. Read Boot.ini and build OS selection screen
8. (Load the selected operating system and Bootsect.dos if the OS is not to be NT)
9. Run Ntdetect.com
10. Load NT

The NT load process then starts and operates as follows:

1. Ntoskrnl.exe loads
2. The Hardware Abstraction Layer (HAL) and the System Hive is loaded with the
drivers
3. The Kernel is initialised along with the drivers
4. The services load which involves starting Smss.exe which is Session Manager.
5. The Win32 Subsystem starts, beginning with Winlogon.exe and the Local Security
Authority (LSA) Lsass.exe.
6. The User logs on whilst the Service Controller (Screg.exe) makes a final pass through
the registry looking for services marked to load automatically.
The message Couldn't find NTLDR means that Ntldr.exe is missing.
The message NTDETECT failed means that Ntdetect.com is missing.
The message the following file is missing or corrupt: \winnt
root\system32\ntoskrnl.exe means that Ntoskrnel.exe is missing.
The message I/O Error accessing boot sector file
multi(0)disk(0)rdisk(0)partition(1)\\bootss means that Bootsect.dos is missing.

Editing the Boot.ini file in the root of the active partition needs the Read-only option to be
turned off.

The [boot loader] determines the OS to boot to plus a timeout setting. The default is the path to
the default OS when the timeout expires. The[operating systems] lists the OSs.

Switches can be added to the [operating systems] and these are the following:

• /basevideo for loading NT in VGA mode (vga.sys and vga.dll in case of video driver
failure.
• /baudrate=nnnn default is 9600Kb/s when a modem is attached and 19200Kb/s with a
null modem cable attached.
• /crashdebug automatic recovery and restart.
• /debug this automatically loads debugger when windows starts
• /debugport=comx
• /nodebug no debugging information being monitored.
• /maxmem=n the maximum amount of RAM that windows will use, good for
troubleshooting parity errors.
• /noserialmice=comx
• /sos causes the names of drivers being loaded to be shown instead of the dots on the blue
load screen.

If the Boot.ini file is missing you get the message that ntoskrnl.exe is missing or corrupt. You
can either edit Boot.ini directly or use the Emergency Repair disk to fix it.
The Drivers Resource Kit provides a command line utility called Drivers.exe which can be used
to show which drivers have loaded.

An NT boot disk is created FROM NT. NT automatically Syss the floppy and the files that are
required on the floppy are Ntldr, Ntdetect.com, Boot.iniand Ntbotdd.sys (for a BIOS-disabled
SCSI adapter). The ARC may need to be modified. When booting from the floppy some files are
loaded from the hard disk.

The Last Known Configuration is good if a new device driver is faulty or the video driver is
bad or SCSIport driver is accidentally disabled. It loses all configuration changes since the last
startup.

If files are missing or corrupted, then you can use the Emergency Repair Disk or expand r to
install new versions of the files or use rdisk.

Run Rdisk.exe to either update or create an Emergency Repair disk. The rdisk /s option saves
user account information and can take up more than a floppy disk's worth. The operator needs to
be a member of the administrators group or the Power Users Group. It is important to make
regular updates of the emergency repair disk as not only account information but disk drive
configurations like mirror sets or volume sets are kept on the disk and if these are not up to date
then it may be impossible to recover some data.

The Emergency Repair Disk contains the following files:

• Setup.log
• System._
• Sam._
• Security._
• Software._
• Default._
• Config.nt
• Autoexec.nt
• Ntuser.da_

Compressed files (using the _) can be expanded using Expand.exe.

To use the ERD, boot the computer with the Setup boot disk and then select the r option when
asked if you wish to repair files. The following options can be selected for the repair process:

• Inspect registry files

• Inspect startup environment
• Verify Windows NT system files
• Inspect boot sector

The blue Stop screen has some codes that are helpful in determining the cause of the error. The
five sections to the Stop screen are:

• Debug Port Status Indicators - MDM, CD, RI, DSR, CTS, SND, RCV, FRM, OVL, PRT.
• Error Code
• Driver Information - preferred load address, the link time stamp and the names of the
drivers loaded at the time of the crash.
• Kernel Build Number and Stack Dump - the build number of the kernel.
• Debug port information - COM port parameters used by the Kernel Debugger on the
target computer.

When debugging the following terms are often used:

• Symbol file - this is a file that has been compiled debug code built in and can replace the
'debug free' version which is normally used by the OS.
• Exception - an event that disrupts the process.
• Structured Exception Handling (SEH) - exceptions in software are trapped to see if
they can be handled so that the process can continue.
• Stack Trace - this is the recent history of events that occurred in the stack (recently
acquired data).
• Host Computer - runs the debugger.
 • Target Computer - where the stop errors occur.

Debuggers include NT Symbolic Debugger (NTSD) (User mode), CDB (User Mode), Kernel
Debugger (Kernel mode) and WinDBG (User and Kernel Mode).

Debugging can be done locally using a null modem cable, remotely using a modem RAS
connection or using a Crashdump.

Kernel Debugger displays the files loaded during the boot and load sequences. The boot.ini file
of the Target computer must have the /debug switch set, or maybe the /crashdebug switch if the
computer is prone to crashing. The Kernel Debugger files must be copied to the Host computer
and decompressed before installing, the files are found in Support\Debug\platform directory.

CrashDump is enabled in the Startup/Shutdown tab of System Properties and this dumps the
RAM contents to the pagefile when a Stop occurs. The utilities used to examine the contents
are dumpflop, dumpchk and dumpexam. Dumpchk performs a validity check on a crash dump
to make sure that it can be read by a debugger. The Dumpexam creates a text file
called memory.txt from the dump file memory.dmp.

Debugging application crashes is carried out by Dr. Watson (use the command drwatson). The
text file created is called Drwtsn32.log. There is also an option to create a binary crash dump
file.
The Client Service for Netware (CSNW) is used with NT Workstation and Win 95 to
allow direct connections to file and print resources on Netware Servers 2.x or later. In
addition, there is support for Netware 4.x using NDS or Bindery Emulation and Login
scripts. Netware Core Protocol (NCP),Large Internet Protocol (LIP) and Long file
Names are also supported. CSNW is installed from the Services tab of the Network
program. If the NetWare server that you connect to uses NDS then the Preferred
Server option is not required instead the Default Tree and Context are used. Other
options are Add Form Feed, Notify When Printed, Print Banner and Run Login
Script

Gate Service for Netware (GSNW) is used on NT Servers to access files and printers
on Netware servers. GSNW also contains CSNW. The server has one login and uses
this to allow access to Novell's server directories and printers for any NT client thereby
getting around Netware's 5 user limit for login and the need to run CSNW. GSNW is
configured in the same manner as CSNW other than a Gateway has to be configured.
This is done through theGateway box and requires a share to the NetWare volume.

To get GSNW running follow these steps:

 • Set up a user account on the NetWare server with the same name and password
as an account on the NT server. Use the
tools Syscon orNWAdmin or NetAdmin.
• Set up the correct permissions for the account on the Netware server.
• Create a group called NTGATEWAY on the Netware server.
• Include the user account in NTGATEWAY.

The add-on utility File and Print Services for NetWare (FPNW) is used to allow
Netware clients access to resources on an NT server making it appear as if it were a
Netware 3.12 server. The Server Message Block (SMB) does not need to be added to
each NetWare client.

Syscon is used to set up user accounts, policies and permissions.

RConsole is a remote view of Syscon
PConsole provides tools to manage print servers.

Directory Service Manager for NetWare (DSMN) is used to allow management of a

mixed NT and NetWare server environment using NT directory Services. NetWare user
and group account information is copied to the PDC and changes copied the other way.
Netware Directory Services is good for large corporations. NetWare is server centric
rather than Domain-Network centric.

The NT Server Migration Tool for Netware transfers user/group accounts, volumes,
folders and files from a Netware server. The executable file isNwconv.exe. The
database of users and permissions is the Bindery in 3.12, NDS is used in NetWare 4.x.

NetWare clients can run applications on NT servers that have NWLink.

An NT client running NWLink can run applications on a NetWare server.
An NT client with NWLink and CSNW (or GSNW) can connect to NetWare servers for
file and print services.
NetWare clients can use file and print service on an NT box with NWLink and FPNW
installed
PRACTICAL – 5

AIM: WORKING WITH DISK ADMINISTRATOR TO CREATE & DELETE

PARTITIONS AND ASSIGNING DRIVE LETTERS TO VARIOUS PARTITIONS.

Introducing Disk Administrator

Disk Administrator is a graphical utility that lets you administer disk resources on your
NT computer. Although you can think of Disk Administrator as a replacement for the DOS
FDISK utility (and a few others such as FORMAT and CHKDSK), it goes far beyond these
capabilities. With Disk Administrator, you can:

 Graphically display the status of all disks attached to the computer

 Create and delete disk partitions (and logical drives within extended partitions)
 Format, label, and assign drive letters to partitions
 Scan disks and recover from errors
 Migrate disk configurations from one installation of NT to another
 Create or extend volume sets by combining existing regions of free space
 Create and delete fault tolerance volumes

Navigating in Disk Administrator

To start Disk Administrator, log on with administrator privileges and Click Start
Programs Administrative Tools Disk Administrator option.

When you start Disk Administrator for the first time after installing Windows NT Server, you’ll
see the dialog box shown in Figure 7.1
indicating that a new disk configuration has been detected. Click OK. Once you dismiss the
warning, you’ll see the Disk Configuration view, an example of which is shown in Figure 7.2

This view graphically shows you the layout of physical disk regions, the drive letter assigned to
each partition or logical drive, the file system used to format each volume, and the size of each
region.
Notice that each type of partition is color-coded, and the color-code legend appears near the
bottom of the Disk Administrator window. You can change the displayed colors by clicking
Colors and Patterns on the Options menu.
Making Commitments
The second most confusing part of Disk Administrator’s behavior is that some changes (such as
creating and deleting partitions) don’t actually take place until you commit the changes to disk.

Understanding Partitions and Volumes

I often encounter even seasoned administrators who are confused about the various types of
partitions and the differences between partitions and volumes. So far, I’ve used the term region
to describe an area of the disk that could be either free space, a partition, or a volume. I’ll now
nail down exactly what partitions and volumes are, starting with the fundamental building block
—the partition.
Just as in DOS and other operating systems, you need to organize the drive into one or more
partitions before you can put anything on a hard disk. A partition is a portion of the physical hard
disk that functions as if it were a physically separate drive.

Primary vs. Extended Partitions

Each physical hard disk drive can contain between one and four partitions. Two types of
partitions are available: primary and extended. A primary partition is a disk partition from
which an operating system can boot. Once you create a primary partition, the entire partition can
be formatted and accessed as a single drive letter.

An extended partition, on the other hand, is not directly usable for storage. It must be further
subdivided into logical drives that need to be individually formatted. Why have extended
partitions? Recall that you can’t have more than four partitions on a single physical drive. If you
need more than four logical drives on a single physical hard disk, an extended partition is the
only way to get there. An extended partition can be organized into one or more logical drives,
each with its own drive letter.

Creating a Primary Partition

You can create up to four primary partitions on each physical hard disk drive. The limit reduces
to three primary partitions if you need an extended partition on the drive. A primary partition can
range in size from 1MB (not a very useful size) to the length of the entire physical drive.
Here’s how to create a primary partition:

1. Click to select the region of free space that you want to convert to a primary partition.
2. On the Partition menu, click Create.
3. If there’s already a primary partition on this physical drive, you’ll see a warning message
as shown in Figure 7.3. If you see this warning, click Yes to confirm.
 Remember that if you reboot the computer under DOS, DOS can only see one primary
partition per physical disk drive.

4. In the Create Primary Partition dialog box, type the size of the primary partition that you
want to create, as shown in Figure 7.4. Click OK.

The dialog box provides you with the minimum and maximum sizes of the primary partition.
It can be as large as the entire region of free space that you selected in step 1.

5. If you create a primary partition that’s either too large for DOS to handle or it’s starting
and ending points on the drive are too large for DOS, you’ll get a warning message
shown in Figure 7.5. Click Yes to confirm.
 Figure 7.6 shows the resulting disk configuration display. Disk Administrator automatically
assigned drive letter H to the new partition, which is tagged as Unformatted. The new partition is
now ready to be formatted, as described later in this chapter. Notice that the remaining region not
included in the partition is still tagged as free space.

Creating an Extended Partition

You can create one extended partition on each physical hard disk drive. If you do, you can create
up to three additional primary partitions on each drive that contains an extended partition. An
extended partition can range in size from 1MB to the size of the entire physical drive.
Here’s how to create an extended partition:

1. Click to select the region of free space that you want to convert to an extended partition.
2. On the Partition menu, click Create Extended.
3. In the Create Extended Partition dialog box, type the size of the extended partition that
you want to create, as shown in Figure 7.7. Click OK.

The dialog box provides you with the minimum and maximum sizes of the extended
partition. It can be as large as the entire region of free space that you selected in step 1.

4. If you create an extended partition that’s either too large for DOS to handle or its starting
and ending points on the drive are too large for DOS, you’ll get a warning message
shown in Figure 7.8. Click Yes to confirm.

In this situation, DOS won’t be able to access the logical drives that you create on this
extended partition.
 Figure 7.9 shows the resulting Disk Configuration view. Disk Administrator changed the
direction of shading in the second region on Disk 2 to indicate that it represents free space on an
extended partition. No drive letter is assigned, since no logical drives have yet been created on
the extended partition. (You’ll assign logical drives in the next section.) Notice that the status
line at the bottom of the window indicates that this region represents an empty extended
partition.

Creating a Logical Drive

Once you’ve created an extended partition, you need to create logical drives within that partition.
Here’s how:

1. Click to select a region of free space within an extended partition in which you want to
create a logical drive.
 2. On the Partition menu, click Create.
Because you’ve selected a free space region that belongs to an extended partition, Disk
Administrator knows that you want to create a logical drive.
3. In the Create Logical Drive dialog box, type the size of the logical drive that you want to
create. lick OK.

The dialog box provides you with the minimum and maximum sizes of the extended
partition. It can be as large as the entire region of free space that you selected in step 1.Disk
Administrator automatically assigned drive letter I to the new logical drive, which is tagged
as Unformatted. The new logical drive is now ready to be formatted, as described later in this
chapter. Notice that the remaining portion of the extended partition is still tagged as free
space, but the direction of shading indicates that it’s part of the extended partition. Notice
also that the color bar at the top of the logical drive is different from the color bar of a
primary partition. The color legend near the bottom of the Disk Administrator window
indicates which color applies to which type.

Deleting Partitions and Logical Drives

Occasionally, you may need to reorganize and delete some of your disk partitions or logical
drives. The following sections tell you how to accomplish this.

Here’s how to delete a partition or a logical drive within an extended partition:

1. Click to select an existing primary partition, empty extended partition, or logical drive.

2. On the Partition menu, click Delete.

To commit the deleted partition to disk, click Commit Changes Now on the Partition menu, or
exit Disk Administrator and confirm the change by clicking Yes.
PRACTICAL – 6

AIM: WORKING WITH DISK ADMINISTRATOR TO CREATE & DELETE

VOLUME SETS.

Understanding Partitions and Volumes

I often encounter even seasoned administrators who are confused about the various types of
partitions and the differences between partitions and volumes. So far, I’ve used the term region
to describe an area of the disk that could be either free space, a partition, or a volume. I’ll now
nail down exactly what partitions and volumes are, starting with the fundamental building block
—the partition.
Just as in DOS and other operating systems, you need to organize the drive into one or more
partitions before you can put anything on a hard disk. A partition is a portion of the physical hard
disk that functions as if it were a physically separate drive.

Creating a Volume
Once you’ve created a primary partition or a logical drive in an extended partition, you must turn
it into a volume by formatting it. This allows the operating system and applications access to the
drive.

Formatting a Partition
Before formatting a new partition or logical drive, you must commit the changes to disk. Once
the changes are committed, you can proceed with the formatting procedure.

1. Click to select an existing primary partition or logical drive.

2. On the Tools menu, click Format.
Alternatively, you can format volumes from the Command Prompt, using the FORMAT
command.
3. In the Format dialog box, in the File System list, click FAT or NTFS, depending on
which format you want to use. See Figure 8.1.
4. In the Format dialog box, in the Allocation Unit Size list, click Default allocation size.
See Figure 8.2.

If you’re formatting using the FAT file system, this is your only choice. If you’re formatting
with the NTFS file system, you can select a fixed allocation size, but it’s best to go with the
default, which varies depending on the size of the volume.
5. In the Volume Label field, type the name that you want to assign to the volume.
The volume label can be up to 11 characters.
6. If you’re formatting with NTFS and you want the entire contents of the volume
compressed, click to select the Enable Compression checkbox.
If you select compression, files and folders written to this volume will be automatically
compressed. They’ll be automatically decompressed when read. This option is available
only on volumes formatted with NTFS.
7. If you want to quick format the volume, click to select the Quick Format check box.
Quick formatting writes the file system data structures but doesn’t take the time to check
the disk area for bad sectors.
8. In the Format dialog box, click Start. You’ll get a final warning that all data will be
deleted from this partition or logical drive. Click OK to confirm that you want to proceed
with the formatting operation.
9. When you see a dialog box indicating that formatting is complete, click OK. In the
Format dialog box, click Close.

The display of the partition or logical drive will now be updated with the file system and
volume label. You can begin to access the newly formatted volume from NT Explorer,
applications, the Command Prompt, and so forth.

Assigning a Volume Label

When you format a volume, you can assign it a volume label at the same time, as described
in the previous section. If you want to change or add a volume label after a volume is
formatted, click Properties on the Tools menu. Click the General tab, type the new volume
label, and click OK. The new volume label immediately appears in the Disk Configuration
view in Disk Administrator.

Assigning a Drive Letter

Disk Administrator assigns drive letters to new partitions and logical drives automatically.
However, you may want to change these drive letters to suit your needs and preferences. For
example, some applications prefer to use specific drive letters for specific purposes.

Unlike DOS, Windows NT lets you assign drive letters to each volume in Windows NT. This
capability is sometimes called static assignment of drive letters. Some folks call it sticky
drive lettering. (Drive letters are the only sticky things that you should ever let near your
drives.) Here’s how to assign a sticky drive letter to a volume:

1. Click to select a volume, whether or not it already has a drive letter assigned to it. On the
Tools menu, click Assign Drive Letter.
2. In the Assign Drive Letter dialog box, click the drive letter that you want to assign to this
volume, as shown in Figure 8.2. If you don’t want to assign a drive letter, click Do not
assign a drive letter.
 Disk Administrator presents a list of all available drive letters. Any drive letters in use,
including those used for network connections, aren’t included in the list.
3. Click OK. Click Yes to confirm.
The new drive letter (or no drive letter, if you elected not to assign one) will immediately
appear in the disk configuration display of the volume that you selected in step 1.

Converting a Volume from FAT to NTFS

If you have a volume that’s already formatted as FAT and contains data, you can convert it to
NTFS while leaving your data intact. (This technique is often called in-place file system
conversion.) To do this, you need to use the CONVERT command from a Command Prompt.
For example, to convert drive K to NTFS, you type the following command:

CONVERT K: /FS:NTFS
Just substitute the drive letter that you want to convert in this command. The conversion requires
some free space on the volume to perform the conversion, so if your volume is almost
completely full of files and folders, the conversion may not succeed. The CONVERT utility will
tell you how much free space it needs for the conversion, so you can clear this amount of space
on the volume and try again.

Managing Volume Sets

A Windows NT volume set assembles a series of smaller regions of free space into one large
logical volume. The volume set can span more than one physical disk (which is why it’s
sometimes called volume spanning) and can include multiple free space regions from a single
disk.

You can glue up to 32 free space regions into a single volume set. You can even create a logical
volume that’s bigger than your largest hard disk. For example, if you have three 4GB hard disks,
you can create a volume set that acts like a drive containing 12GB of space. What’s more, you
can extend an existing NTFS volume by adding free space regions to it.
Creating a Volume Set
You can create a volume set out of several regions of free space. Here are the steps required to
create a volume set:

1. Click to select the first region of free space that you want to include in the volume set.
2. While holding down the CTRL key, click to select another region of free space that you
want to include in the volume set.
If you want to include more regions, continue holding down CTRL while you click to
select additional regions of free space. Figure 8.3 shows three regions selected.
 3. On the Partition menu, click Create Volume Set. In the Create Volume Set dialog box,
type the total size of the volume set that you want to create. Then click OK.
The dialog box provides you with the minimum and maximum sizes of the volume set. It
can be as small as the smallest region, and as large as all of the selected regions
combined.

The Disk Configuration view is immediately updated with the volume set information. As shown
in Figure 8.4, a volume set of 8194KB has been created from a 4MB region and two 4GB
drives. To applications, the three regions appear as a single large volume.
Once you’ve successfully created a volume set, and you’ve committed the changes to disk, you
can easily format it and assign a volume label and drive letter to it. Just click to select any region
participating in the volume set and follow the instructions presented earlier, under the section
“Creating a Volume.”

Extending an Existing Volume

You can extend the size of an existing NTFS volume or volume set by adding one or more
regions of free space to it. Here’s how:

1. Click to select the NTFS volume that you want to extend, as shown in Figure 8.5.
If you’re extending an existing NTFS volume set, see Figure 8.6.
You can’t extend existing FAT volumes or volume sets, stripe sets, or mirror sets.

2. While holding down the CTRL key, click to select a region of free space that you want to
add to the existing volume or volume set. To add more regions of free space, continue
holding down CTRL while you click to select additional regions.
3. On the Partition menu, click Extend Volume Set. In the Extend Volume Set dialog box,
type the total size of the volume set that you want to create. Then click OK.
The dialog box provides you with the minimum and maximum sizes of the volume set. It
can be as small as the existing NTFS volume (or volume set) plus 1MB, and as large as
all of the selected regions combined.

The disk configuration display is immediately updated with the extended volume set
information. Figure 8.7 shows that the NTFS volume, drive K, has been extended from its
original 4MB to 4099MB, making use of a new 4GB drive. To applications, the two regions
appear as a single large volume.

Figure 8.8 shows that the drive K NTFS volume set has been extended from 4099MB to
8194MB, making use of yet another 4GB drive.

Deleting a Volume Set

To delete a volume set,
 • Click to select any region participating in the set.
• On the Partition menu, click Delete.
• Click Yes to confirm.
• The disk configuration display is immediately updated to reflect the deleted volume set.
All participating regions are tagged as free space.

PRACTICAL 7

AIM: CONFIGURING WINDOWS NT SERVER AS A PDC.

STEPS TO CONFIGURE WIN NT SERVER AS PDC:

1. Click on Start Run command DCPROMO.EXE

2. The Active Directory Installation Wizard will open. Select the option: DOMAIN
CONTROLLER and click for NEW DOMAIN option and the click NEXT.
3. Next, two options come: Either select option to CREATE NEW FOREST OF
DOMAIN TREES or JOIN THE EXISTING FOREST OF DOMAIN TREES.
4. Click Next.
5. Specify Domain Name for the new Domain.
6. If you want to present it on web select the option concerned and displayed.
7. Specify the location for the Active Directory.
PRACTICAL 8

AIM: CREATING WIN NT SERVER EMERGENCY REPAIR DISK( ERD ).

ERD is used to restore the last time you performed an emergency repair disk
update. The ERD includes the security account manager(SAM) database, disk configuration, and
numerous other system parameters.

You can use the Windows NT RDISK.EXE utility to create and update an emergency
repair disk . This utility has two options—update the repair information or create a new repair
disk.

When you choose to update repair information, RDISK.EXE copies the system hive, the
security accounts manager, the security hive, the software hive, the default hive, and the
CONFIG.NT and AUTOEXE.NT files used when initializing a Windows NT virtual DOS
machine into a directory off the Windows NT root directory called \REPAIR. The utility asks if
you want to create an ERD containing this information.

The emergency repair disk is not a replacement for regular backups. The emergency
repair disk stores only Registry configuration information, not your data.

Creating an ERD.:.

1. Click the start menu and select Programs Command Prompt.

2. Type rdisk at the command prompt and press enter.
3. Click Update Repair Info.
4. Click Yes When asked if you want to overwrite the current repair
information.
5. Click Yes When asked if you want to Create an Emergency Repair Disk.
6. Insert a new floppy disk into drive A and click OK.
7. Remove the emergency repair floppy for safekeeping.
8. Click Exit to close the rdisk program. Close the command prompt
Window.
PRACTICAL 9

AIM: ADMINISTERING WINDOWS NT ACCOUNTS.

Introducing User Manager for Domains:

User Manager for Domains is a graphical utility used to view, create, modify, and delete user
accounts, local groups, and global groups.

In addition, you can administer system-wide policies dealing with how accounts behave, what
events are audited, and what rights each user and group has. Think of User Manager for Domains
as your interface to the SAM database of your domain and other domains on your network.

Navigating in User Manager for Domains:

To start User Manager for Domains, log on with administrator privileges and click Start
Programs Administrative Tools User Manager for Domains. (Members of the Account
Operators group can also administer accounts, but they can’t manage administrator accounts or
domain policies.) You’ll see the window shown in Figure 15-1. The upper half displays a list of
user accounts. NT Server automatically creates the two accounts Administrator and Guest. The
lower half presents a list of local and global groups.
 By default, you’re looking at the accounts in your own domain. User Manager for Domains
can administer accounts in other domains as well. To attach this utility to another domain, click
Select Domain on the User menu. In the Select Domain dialog box, type or click the domain that
you want to administer and click OK.

If you’re the only administrator in the network making changes to the account database, what
you see in the User Manager for Domains windows reflects the actual state of the SAM database.
However, if there are multiple administrators performing account maintenance on the network at

the same time, you won’t see each others’ changes displayed immediately. This utility
periodically polls for changes made by other administrators on the network. If you want to be
sure that what you’re seeing is absolutely up to date, click Refresh on the View menu. This will
force the utility to gather the latest information. (This synchronization activity isn’t performed
continuously because it can lead to added network traffic.)

Establishing Account Policy

Before creating any new user accounts, it’s a good idea to establish overall policies regarding
how accounts should behave. You can modify this behavior any time, but it helps to understand
these settings before you create individual accounts. To administer account policy, click Account
on the Policies menu. You’ll see the Account Policy dialog box shown in Figure 15-2. (See
“Administering Windows NT Security” later in this chapter for details on modifying the
behavior of individual accounts.)

Password Restrictions
The Account Policy dialog box enables you to establish specific restrictions on passwords, and
apply these restrictions to all accounts. The password parameters are:

 Password Expiration. You can make passwords live forever, or expire after a certain
number of days. The default is a 42-day expiration on all passwords. I recommend
expiring all user passwords every 30 to 60 days.
 Password Length. You can either allow blank passwords (which is the default), or
specify a minimum length. I recommend setting a minimum length of at least eight
characters.
  Password Uniqueness. Some users swap between two standard passwords whenever
their password expires. Although this is easy for them, it provides little password
security. You can direct NT to save a history of previous passwords, then use this
information to force a user into changing his or her password to something brand new.
The default keeps no history. I recommend keeping a history of at least four passwords.
 Password Aging. You can allow passwords to change any time, or prevent changes for a
certain number of days. The default allows changes immediately, with no minimum
waiting period. I recommend setting the minimum waiting period to seven days.

By default, NT allows a user to log on once after his or her password has expired. It then
forces the user to change the password. If you click to select the Users must log on in order to
change password check box at the bottom of the dialog box, NT won’t extend this courtesy.
If a user’s password expires, an administrator (probably you) will have to intervene.

Account Lockout Restrictions

Unauthorized users often attempt to gain access to a computer or network with a valid user
account name (which is easy to guess in many organizations). All they have to do is guess the
password. Some of these folks write programs to perform many repeated logon attempts over
a short period of time. I’m a firm believer in implementing an account lockout policy for
failed logon attempts as a key element in any security policy.
With the Account Policy dialog box, shown in Figure 15-2, you can disable the abused
account after the number of failed logon attempts that you specify under Lockout After. I
recommend setting this to four attempts. Under Reset Counter After, you can specify the
maximum number of minutes between any two failed logon attempts for lockout to occur.
Set this field to its maximum value.
Under Lockout Duration, you can specify whether an administrator needs to intervene to re-
enable the account after lockout by clicking forever. You can also click Duration and type the
number of minutes that the account should remain disabled. I highly recommend selecting
forever, so that you hear about every account lockout that occurs on your network. It’s less
convenient for you, but knowing about each lockout is well worth the hassle—you may
discover a security breach.

Logon Time Restrictions

As I discuss later in this chapter, you can specify a maximum number of logon hours for each
account. Normally when this time limit expires, the user’s existing server connections remain
active, but he or she can’t connect to additional servers.
If you want to force all users to disconnect from all servers when the logon time limit is reached,
click to select Forcibly disconnect remote users from server when logon hours expire, as shown
in Figure 15-2. This will cause NT to cut immediately all connections that the user has to servers
in the domain when the logon hours expire.

Preparing for User Account Creation

NT provides only the Administrator and Guest accounts by default. You’ll need to add all
individual user accounts yourself. Before creating accounts, you need to decide on a naming
convention for them. In addition, you’ll need to decide how you want to manage user profiles,
which control how users’ environments are configured.
Preparing User Account Names
Each user account must have a unique name. User names can be up to 20 characters long. I
recommend limiting their length to eight characters, so that you can use the names for users’
home directories for DOS and Windows 3.x clients on your network. If you use names longer
than

eight characters, you’ll have to find an alternative approach to naming home directories, if you
have non-NT network clients.

The second approach that seems to work well involves concatenating the first letter of the first
name with the last name (for example, BCLOWN). In either approach, you can resolve
duplicates by adding numbers to the end of the user name.
Preparing a User Profile Strategy
Perhaps you have individual users who log on to the network from various computers during the
day. Of course, each person has their environment of desktop and menus set just how they like
them, and you’d like that environment to follow the user around from one computer to the next.
Every time a person logs on, he or she is greeted with his or her familiar desktop environment.
Perhaps you want to present the same environment to all your users and control it centrally, to
avoid problems caused by users tweaking their environments in nonstandard ways. Windows NT
Server enables you to centralize and download these environments, called user profiles.
User Profiles
There are three flavors of user profiles: local, roaming, and mandatory. Local profiles are local to
the computer on which they’re created and don’t follow you if you log on to another computer.
Roaming profiles act like your shadow, following you from one computer to the next as you log
on to the network. Mandatory profiles are similar to roaming profiles, but they’re created and
controlled by the network administrator. Both roaming and mandatory profiles live on a server
and are downloaded to your computer when you log on to the network.

You create a user profile with the System application in Control Panel. Click the User
Profiles tab, select an existing profile that you want to copy, click Copy To, and provide a
destination on the network. To change the user or group that’s allowed to use the profile, click
Change.
During user account creation, you’ll need to specify a location where user profiles are centrally
stored. Select a computer that is running Windows NT Server. The profiles are generally stored
in the System Root\PROFILES directory, under a separate subdirectory for each user. For
example, the profile for KENGR on my NT server would be stored in
G:\WINNT\PROFILES\KENGR. Within each profile directory, there’s a file called
NTUSER.DAT. To convert this to a mandatory profile, change the name to NTUSER.MAN.
Logon Scripts
A logon script is simply a batch file that’s automatically run when you log on to the Windows
NT Server network from an NT, DOS, Windows for Workgroups, or OS/2 computer. Logon
scripts aren’t as powerful as profiles, but they’re the only way to go if you’re logging on to the
network from a non-NT computer. So, if a user will be logging on from computers running
different operating systems, you may want to assign both a user profile and a logon script to his
or her user account.
Logon scripts are stored in the directory SystemRoot\SYSTEM32\REPL\IMPORT \SCRIPTS.
Typically, one master set of logon scripts is stored on the primary domain controller (PDC). You
then use directory replication to keep up-to-date copies on other domain controllers. By taking
this approach, you’re assured that users will have access to their logon scripts, regardless of
which domain controller accepted their logon.
When you create a user account, you can specify the name of its logon script. You can specify a
unique batch filename for each user, or use a common batch file for several users. If you take the
latter approach, you can be sure that users are working in a consistent environment, as they
would be if you used mandatory profiles.

Home Directories
Each user account has a home directory associated with it, to be used for storing personal files.
(This is similar to the UNIX home directory concept.) You can configure the user account to
place the home directory on the user’s local computer, or you can opt to store home directories
on the network. The latter approach is more flexible, since users can then access their home
directories regardless of which computer they use to log on to the network.

If you place home directories on the network, you’ll need to identify a server and directory
where you want them to be located. When you create the account, specify a UNC path name to
the user’s home directory (for example, \\TOWER3\ HOMEDIRS\KENGR). NT automatically
creates this directory and sets permissions on it to allow access only by the user account that
you’re creating.

Preparing Account Restrictions

For each user account that you create, you’ll need to decide in which groups you want the user to
be a member, whether to restrict the user’s logon hours, whether to restrict logons to certain
workstations, and whether the account itself should expire.

Adding a User Account

Here’s how to add and configure a new NT user account:

1. On the User menu, click New User. Type the appropriate values in the Username, Full
Name, Description, Password, and Confirm Password fields, as shown in Figure 15-3.
 The Description field is optional. You can use it for department names, job titles, office
locations, and so forth.

2. Click to select the User Must Change Password at Next Logon check box.
This check box is selected by default. Forcing your users to change their passwords to
something unknown to administrators provides maximum security.
3. If you don’t want the user to be able to change the account password, click to select the
User Cannot Change Password check box.
If more than one user will share this account, you may want to prevent the users from
changing passwords on each other. However, I advise against letting users share
accounts.
In some enterprises, passwords are managed centrally by the MIS group, to ensure that
they’re not easily guessed passwords. In this situation, you’d want to prevent users from
changing their own passwords.
If neither situation applies to you, I recommend leaving the option cleared and allowing
users to change their own passwords.
4. If you want to prevent this particular account password from expiring, click to select the
Password Never Expire check box.
Doing this overrides the account policy that you set earlier in this chapter. There may be
rare specific instances when you want a password to live forever, but for maximum
security, you should avoid this.
5. If you want this account temporarily disabled so that no one can use it, click to select the
Account Disabled check box.
6. Click Groups. In the Group Memberships dialog box, shown in Figure 15-4, under not
member of, click to select the groups that you want this account to join. Then click Add.
When you’re done adding groups, click OK.
You can also withdraw the account from group memberships by clicking the groups under
Member of and clicking Remove. By default, all accounts are members of the Domain Users
group.

7. Click Profile. As shown in Figure 15-5, if this account has a centralized user profile, type
the UNC path to it in the User Profile Path field. If this account has a logon script, type
its filename in the Logon Script Name field.

Under Home Directory, if the home directory of this user will exist on the local computer,
click Local Path and type the path on the user’s local computer. If the home directory is on
the network, click Connect, select a drive letter, and type the UNC path to the user’s home
directory. When you’re done, click OK.
See the section earlier in this chapter called “User Profiles.”
8. Click Hours. You’ll see the Logon Hours dialog box, as shown in Figure 15-6. If you
want to restrict the hours during which the user can log on, select the hours that you want
to restrict and click Disallow. When you’re done, click OK.

Hours marked with a dark blue bar are the hours during which the user is allowed to log on.
The default setting allows the user to log on at any time.

9. Click the Logon To option. In the Logon Workstations dialog box, shown in Figure 15-7,
if you don’t want to restrict the locations from which the user logs on, click User May
Log On To All Workstations. If you want to restrict logons to a subset of computers,
click User May Log On To These Workstations and type the computer names from which
the user can log on. Then click OK.
You can specify up to eight computer names from which the user can log on. Depending on
your choices during NT installation, you may have additional options in this dialog box. If
so, click Help to learn about these additional options.

10. Click Account. In the Account Information dialog box, shown in Figure 15-8, click
Never under Account Expires if you want the account to live forever. If you want it to
expire, click End of and type the date on which you want it to expire. Then click OK.

11. Click Dialing. In the Dialing Information dialog box, shown in Figure 15-9, click to
select the Grant dialing permission to user check box if you want the user to be able to
dial in to the network using RAS. When you’re done, click OK.
 You can also set the RAS callback behavior for this account by clicking the appropriate
choice under Call Back. If you want the server to call back the user at a fixed telephone
number, click Preset To and type the phone number.

12. When you’re done modifying the account, click Add in the New User dialog box to add it
to the account to the database.

Managing a User Account

If you’ve added a user account, you already know almost everything about managing it. In the
User Manager for Domains window, double-click the account that you want to modify. You’re
presented with a dialog box that’s strikingly similar to the New User dialog box. Figure 15-10
shows the User Properties dialog box.
Notice that you can’t change the Username field, but all of the remaining options are accessible
and identical to what you encountered when adding the account originally.
One additional check box, called Account Locked Out, is normally inaccessible. However, if the
account is locked out due to failed logon attempts (described earlier in this chapter), the check
box is accessible, and you can unlock the account by clearing the check box.

Adding a Group Account

Now that you’ve become an expert on the upper half of the User Manager for Domains window,
let’s take a look at the lower half, where the group accounts live. Several group accounts are
created for you automatically when you install Windows NT Server.

Creating a Global Group

Here’s how to create a global group with User Manager for Domains:

1. On the User menu, click New Global Group. Type the name of the group in the Group
Name field. Type a description of the group in the Description field.
The group name is required and can be up to 20 characters long. Descriptions are optional
but are very useful when viewing a long list of groups.
2. Under Not Members, select the user accounts that you want to include in this global
group, and click Add. You’ll see the accounts move from the Not Members list to the
Members list.
This can be a little confusing. You’re selecting accounts from a list of users that aren’t
currently members of the group (the Not Members list). Then you’re using the Add
button to move them to the list of group members (the Members list).
 Deleting user accounts from the group is just the opposite. Select the user accounts under
Members that you want to remove and click Remove. The accounts are removed from the
Members list and moved to the Not Members list.
3. Click OK to add the global group.

Creating a Local Group

Here’s how to create a local group using User Manager for Domains:

1. On the User menu, click New Local Group. Type the name of the group in the Group
Name field. Type a description of the group in the optional Description field. Then click
Add.
2. In the Add Users and Group dialog box, select a user account or group that you want to
add to the local group that you’re creating. Click Add.
3. Repeat step 2 for each user or group that you want to add. When you’re done, click OK.
4. If you want to delete user accounts or groups from the new local group, select the user
accounts under Members that you want to remove and click Remove.
5. Click OK to add the local group.

Managing a Group
If you’ve added groups, you already know everything you need to know about modifying
groups. In User Manager for Domains, double-click the group that you want to modify. Other
than the fact that you can’t change the group name, all of your other options are identical to
those presented when you created the group.

Deleting Accounts and Groups

You can delete any user accounts and groups that you create, but you can’t delete built-in
user accounts or groups. Deleting an account has some important consequences that you need
to consider. Since each account has a unique SID (security ID) associated with it, deleting
and recreating an account with the same name yields a different internal SID. So the new
account won’t have any of the permissions that the old account had. The bottom line is that
once you delete an account, you can’t bring it back.
Having said that, there are certainly situations in which you may want to delete accounts. For
example, if someone leaves the organization permanently and you’ve taken ownership of all
of their files, you may want to get rid of their user account completely. Likewise, if a group
disbands, it makes sense to delete its associated group. To do so, click the user account or
group that you want to delete. On the User menu, click Delete. Click OK in response to the
warning and click Yes to confirm the delete.