Está en la página 1de 46

Bow Valley College CTC Program

T. McLaughlin mcse, mct, a+, b-admin tom@mclaughlin.net http://tom.mclaughlin.net

1

Table of Contents:
...............................................................................................................................................1 Bow Valley College................................................................................................................1 CTC Program.........................................................................................................................1 ................................................................................................................................................1 Table of Contents:..................................................................................................................2 Introduction to Windows 2000................................................................................................3 Windows 2000 Directory Services.........................................................................................3 Workgroups and Domains......................................................................................................5 Trees and Trusts....................................................................................................................5 Installing Windows 2000 Server ............................................................................................7 Setting Up The Computer...................................................................................................9 Partitions in Windows 2000..............................................................................................11 Features provided only by the NTFS file system:............................................................13 Unattended Windows 2000 Server Installations..............................................................14 Disk Duplication................................................................................................................16 Upgrading a server from Microsoft Windows NT 4.0. .....................................................17 Deploy service packs........................................................................................................18 Network Services..............................................................................................................18 Switches for Windows 2000 Server Installations.............................................................18 Domain Upgrades.............................................................................................................20 Filing System Upgrades...................................................................................................21 Planning and Implementing Your Domain Upgrade.........................................................22 Troubleshooting Windows 2000 Server Installations.......................................................24 Windows 2000 Professional.................................................................................................31 Internet Explorer ..............................................................................................................34 ACPI Power Management ...............................................................................................34 Hot Docking and Undocking Services .............................................................................34 Group Policy ....................................................................................................................34 Microsoft Installer ................................................................................................................34 Intellimirror .......................................................................................................................34 Windows 2000 group types..................................................................................................36 Introduction to Windows 2000 IntelliMirror ......................................................................36 Group Policy Overview ....................................................................................................37 Configuring Your Server as a Domain Controller................................................................39 Active Directory Sample Infrastructure.............................................................................41 Populating Active Directory..............................................................................................41 To create User Accounts..................................................................................................42 To add Users to Security Groups.....................................................................................43 How to Upgrade from Windows 95 or Windows 98.............................................................44

2

Introduction to Windows 2000
Windows 2000 is the latest update in the Microsoft Windows family of products. It is a combination of features designed in the Windows 98 and NT 4.0. Like previous versions of Windows, it uses a Graphical User Interface (GUI) format, Plug-and-Play compatibility, and USB support. What makes Windows 2000 significantly different is the formats it is available in. There are 4 products that compose the Windows 2000 family. Windows 2000 Professional This version of Windows 2000 is equivalent to the Windows 98/NT 4.0 workstation clients. It is designed to offer basic peer-to-peer networking services and client services in a client-server network. It is designed to integrate the ease of usability of Windows 98 with the reliability and security of Windows NT 4.0. Basic improvements include a more reliable user interface, enhanced Plug-and-Play compatibility, increased power management options, and extended hardware compatibility, including direct USB and FireWire support. It also uses a new file encryption system that increases security on the network when integrated with Active Directory Services. Finally, it has a host of new application management tools that simplify and extend administrative and user control over the network. Windows 2000 Server Windows 2000 Server is a network-enhanced version of Windows 2000 Professional. It contains all the same aspects as Windows 2000 Pro, but adds network serving ability, enhanced file and print sharing services, application server technology, and Web-Server utilities. It is designed to allow small-to-mediumsized businesses network their systems efficiently at a lower cost then traditional NT 4.0 methods by stripping out un-used tools. Windows 2000 integrates Active Directory Services into several existing services such as Domain Name System (DNS), Dynamic Host Control Service (DHCP), and WINS (Windows Internet Name Service) allowing central control over management of users, groups, security, and network resources. It supports single-processor systems as well as four-way symmetric multiprocessing (SMP) systems. It supports up to 4 GB of physical memory. Windows 2000 Advanced Server Advanced server is essentially the same as Windows 2000 Server with enhanced scalability and advanced high availability required for larger enterprise servers and departmental solutions. It focuses more on application and departmental networking, with support for eight-way symmetric multiprocessing and two-way clustering. It also integrates Intel's Physical Address Extensions (PAEs) technology to allow for support for larger physical memory quantities. Is is meant for larger businesses with database-intensive requirements. Windows 2000 Datacenter Server Datacenter is a highly specialized version of Windows 2000 designed for large-scale enterprise solutions. It integrates technologies optimized for large data warehouses, econometric analysis, large-scale simulations in science and engineering, online transaction processing (OLTP) and server consolidation projects. It adds elements to enhance Internet Service Provider (ISP) support and Web Hosting services. It supports 4-way clustering, and sixteen-way Symmetric multiprocessing (Upgradeable to 32-way SMP)

Windows 2000 Directory Services
Directory services are used by an operating system to identify users and resources on a network. The directory service is what allows single log-on operation on a network, separating it from the Workgroup networking model. Windows 2000 uses Active Directory as it's directory service, which provides additional features to help ease administration of a Windows 2000 domain. Directories and Directory Services A directory is a collection of information about objects that have a relationship to each other in one form or another. A catalog from a store is a directory of merchandise sold by that store. A newspaper is a directory of current events information. A phone book is a directory of phone numbers and addresses. In all these cases, you use the directory to find out information about a particular object.

3

A directory service is the utility that manages the resources and users on a network. This is known as centralized resource management, and is at the core of client-server networking. Directory services give administrators control over resources and users, allows users to find resources on the network, and allow security measures to be enforced on a network. Directory and directory services differ in that directory services are a special form of directory. A normal directory in computer terms is a storage space for information. The directory service holds the information necessary to locate and manage the users and resources on a network. Because of this, a directory service is a directory, but a directory is not necessarily a directory service. Essentially, the directory service is the center point for communications on the network. It is the central authority for managing both the identities of users on the network and the resources they are allowed to use. Do to the fact that the directory service is the main service for sharing resources, it also must work integrally with the security and management tools of the operating system. By definition it is what gives the network it's ability to share resources, so it is logical that most security systems are built out of the directory service. Windows 2000 Directory Services Active Directory, the directory service for Windows 2000, is both the directory that stores the user and resource information and the service provider for administering the network. The users and resources on a network are called objects, and Active Directory provides several advancements in Windows 2000 to make it more functional. These advancements include; Simplified Administration - Active Directory uses Microsoft's Domain model for storing objects. A domain is a grouping of servers, workstations, and other resources on a single network, or under a single domain name. Each domain has at least one domain controller, which is the server that manages user access to resources, as well as authentication and log-on services. In Windows NT 4.0, there were Primary Domain Controllers and Backup Domain Controllers. This has been eliminated in Windows 2000. All domain controllers are now equal, and any changes made to a single domain controller are replicated through all the domain controllers in the domain. This means that all administrative tasks can occur from a single spot, rather then having to be at the Primary Domain Controller in order to administer objects on the network. Scalability - Scalability is referred to as the ability for an operating system or component to allow for growth over time in the size and nature of the requirements put upon that OS or component. The directory in Active Directory is actually a series of directories instead of one large directory. This allows very small organizations to upgrade their systems to very large networks without worrying about losing directory information. You can even spread the information in a directory service across several computers, making this information more fault-tolerant. Open Standards Support - Windows 2000 uses the internet concept of name space with it's directory service. This means it must be compatible with many of the internet services and standards to manage the domain efficiently. Some of these services include; Domain Name Service (DNS), Lightweight Directory Access Protocol (LDAP), and Hyper-Text Transfer Protocol. (HTTP) It is also compatible with other LDAP version 2 and 3-compatible directory services, such as Novell Directory Service. (NDS) DNS - Windows 2000 integrates DNS with Active directory, making it's domain names DNS names. This allows Windows 2000 to use Dynamic DNS (DDNS) to dynamically assign IP addresses and maintain the DNS database. This eliminates the need for the use of other internet naming services such as WINS. LDAP and HTTP - Windows 2000 also integrates the LDAP and HTTP services for information exchange and display. LDAP allows simple communications between applications and directories, while HTTP allows all directories to be viewed in the common HTML format, making it easier for users to identify with the o/s format. Standard Name Formats - Active Directory continues the Internet integration by providing several common name formats, including; • RFC 822 - Name@domain • Uniform Resource Locator (URL) - http://domain/location-in-directory • Universal Naming Convention - \\sharedirectory\path (For naming network resources) • LDAP URL - Used to define the path to the Active Directory services as well as the name of the object.

4

The primary computer for controlling the security. The obvious tactical disadvantage is in the duplication and memorization of multiple passwords over multiple domains. Within these trees. we will redefine workgroup and domain in Microsoft's terms. known as trusts. Servers on a workgroup are called stand-alone servers. Workgroups have several advantages over domains. which in large domains can be several dozen people. and become useless on networks with more than 10 workstations. They cost more because they require more physical cabling and more expensive hardware. Finally. every workstation defines it's own security. If there are only a few computers to be networked with reasonably proficient users they are cheaper and easier to use. these disadvantages are small. These trees and trusts establish the logical security and access controls needed for a Windows 2000 server to maintain a network. The disadvantages of domains are small. the users of each workstation must be trained on how these controls work. Also. they require less knowledge of each user on the network. Finally. Workgroups are generally a single office or floor of a building. and log-on information in a domain is called a domain controller. and don't require Windows 2000 Server running. going anywhere from 5 users to millions of users. anyone with access to that system has access to all the privileges that system is authorized to. Domains A domain is defined by Microsoft as a logical group of computers on a network linked to a central directory database. data storage. Essentially. (As described above) You can have many domain controllers on network. There is no physical proximity restriction on a domain as there is on a workgroup.Workgroups and Domains Microsoft re-clarifies the networking model differently then the standard peer-to-peer and client/server architecture. as a workgroup setting can not provide the security. and require a higher level of skill to operate each workstation. where domains can go from small buildings to large Wide Area Network (WAN) installations. and have a special installation process to meet their special needs on a network. once a system is attached to a network. They also require a central administration. Workgroups have several major disadvantages over domains. certain policy standards are set out. They are easier to install and implement. making training easier. 5 . The biggest problem with workgroups is that they require each user on the network to have a log-in and share setting on each resource on the network. giving considerable security risks to secure-data communications and storage. For most networks. less secure. saving money. they slow down enormously without a central authority. but only systems with versions of the server software can act as domain controllers. file sharing. or bandwidth utilization of a workgroup setting Trees and Trusts In order to maintain a logical control over networks. Because each workstation defines it's own security and sharing information. administrative. but they have no central authority over security or log-in identification. Servers may be present in a workgroup. They have a central administration. It uses the terms Workgroups and Domains to define networks. They are also more scalable then workgroups. Domains have many advantages. That means they must have a user account and log in separately to each workstation. This means that all administrative and security services are administered by a central computer. application sharing. Workgroup A workgroup is defined by Microsoft as being a logical grouping of computers on a network that share resources. They are faster and more fault-tolerant than workgroups. or administrative authority. which means that only one log-on is required to access all the authorized resources on the network. which means that there is no central log-on. They work on a peer basis. Domains differ in one other feature from workgroups. They are slower. Although peer-to-peer networks and workgroups generally share all the same properties. Windows 2000 Server establishes a standard structure for domains known as a trees.

Domain B will trust any request from Domain A as long as the user has the adequate permissions inside Domain A. first you must realize how Directory Information is stored. The three domains would share a common share directory. a single tree may not be practical. all domains within a tree or forest must share a common global catalog. but is scalable to large groupings spanning multiple networks. and the products and sales domains are considered child domains.thecomputernews. Through trust relationships. For example. This allows a user on a domain to access resources on a connected domain as if it was a local system. Windows 2000 Server uses a transitive two-way trust. but each individual domain controller does not keep information about other domains' users and groups. with each domain hosting the portion of the domain that has their user information.com. called a trust. By allowing these trust relationships.thecomputernews. Additionally. and products. and in Windows 2000 Server are two-way. This simple means that if A trusts B and B trusts C. A intuitively trusts C. Kerberos transitive trust relationships.com. which is a formal definition of all object types you can store in an Active Directory deployment. Forests allow groups of domains to communicate without requiring a standard naming systems or communication path. As we stated earlier. Trusts are transparent on the network. sales. Inside a tree all the domains share services as a single unit. a Forest is a better logical unit. or namespace. In a network with many domains. In order to simplify this process. By combining this user information. This means that a domain within a tree does not need to develop trusts with each individual domain in the tree. a Tree and a Forest must have. a tree structure for the domains thecomputernews could include thecomputernews. All members of a tree must share a standard naming structure. This namespace sets out the structure of the tree in a logical format. Trees follow a standard set of rules that make them globally accessible. it allows distinct domains to share information with every other domain within their tree. thecomputernews. This allows transparent sharing of resources without having to have defined groups for every domain within a tree.Trees When a network has more than a single domain. A Hierarchy of Trees Separate Namespaces between Trees Kerberos Transitive Trust Relationships Between Trees A Common Schema A Global Catalog Forest-Wide Forests 6 . All domains within a tree must also share a common Schema. which takes up resources and bandwidth. A tree can consist of a single domain. They have a single directory that is shared by all domains and users. which is the central index of information about each object within the tree and/or forest. Windows 2000 Server creates a hierarchical grouping of domains known as a tree. This information is shared in a common directory for the tree. each domain stores information about the users and groups on it's network in it's domain controller. To understand trusts. and would have their trust relationships between these directories set in each domain's share of the share directory index. In this case.com. it becomes more difficult for the server in these networks to control communications in a secure yet accessible fashion. This simplifies the trust model by eliminating the need for separate trusts for each domain.com would be the parent domain. Essentially forests are groups of trees that require communication but operate independent of each other. Trees A Hierarchy of Domains A Single Standard Namespace Kerberos Transitive Trust Relationships Between Domains A Common Schema A Global Catalog Tree-Wide Trust Relationships All domains in a Tree are linked together by a common relationship. To summarize. it is possible to create globally accessible and enforceable policies. as long as that user has the required permissions.

the proper domain controller can be located in order to validate the logon. Windows 2000 Server supports up to 4 processors. the user automatically gains a trust relationship with any domain in the tree. this information is automatically updated on each of their directories as well. there is not much difference among Windows 2000 Server. Domain C. it automatically establishes a trust relationship between itself and the root or parent domain. which are a logical grouping of IP subnet masks. Active Directory uses the concept of sites. The advantage of this is that the replication traffic that normally occurs within a domain can be reduced by defining sites within the same domain. Windows 2000 Server. Minimum: 32MB Recommended: 64 MB Maximum: 4GB 2 GB with a minimum of 650MB free space Minimum: 64MB (up to 5 clients) Recommended: 128MB or higher Maximum: 4GB 2 GB with a minimum of 850MB free space Windows 2000 Server Memory Hard disk 7 . We will discuss the use of users and groups in depth in a later lesson. Windows NT 4. Pentium 133MHz microprocessor. Installing Windows 2000 Server Performing an attended installation of Windows 2000 Server. Windows 2000 Advanced Server supports up to 8 processors. and so on. This means that trusts between domains in a tree are automatically established. There are four operating systems in Microsoft Windows 2000 products family -. the information about that user is stored on a domain controller. The following table lists the hardware requirements for Windows 2000. Except the processor number that supported. Windows 2000 Professional supports up to 2 processors. This required Domain A to keep track of it's trust relationship with Domain B.Windows 2000 Professional. When a domain is joined to a Windows 2000 domain tree. Windows 2000 Datacenter supports up to 16 processors.0 required one-way individual trusts.In comparison. Windows 2000 Advanced Server supports up to 8 processors. By comparing the subnets of the client and the user. two ranges of subnet masks over a Wide-Area Network can be within the same domain even though they are in different physical areas. This saves administrative management effort by allows domains to generate their own trusts based on established user and group policies without administrator action. Windows 2000 Server supports up to 4 processors. If there are multiple domain controllers in the domain. Windows 2000 Professional CPU Pentium 133MHz or higher Windows 2000 Professional supports up to 2 processors. Domain C. It also allows users to validate logon credentials while at a different site from the domain controller where their user information is located. Windows 2000 Datacenter supports up to 16 processors. and so on for each domain in the tree. By storing this information within the directory that is used throughout the tree. How Trusts Are Established Trusts are always established through the use of domain controllers. Or. Domain B was required to keep trust information on Domain A. Windows 2000 Advanced Server and Windows 2000 Datacenter. When a user account is created. This made maintaining trust relationships between domains a complex task. Windows 2000 Advanced Server and Windows Datacenter. as each Domain required information about each domain. This allows a range of IP addresses to be defined within the same site without being within the same domain. Sites There is one more logical grouping that Windows 2000 uses for resources. 64M memory and 850M hard disk space are the minim installation requirements for a Windows 2000 Server.

Filing Systems The next decision is extremely important. Windows 2000 Server will work with most current equipment. This week's lesson will deal strictly with what you should know before you start installing the server software. Decisions. Installing Windows 2000 Server. If Windows 2000 is the only operating system that will be run on the server. but not Per-Server to Per-Seat. Licensing The choice of licensing methods should be determined by the size and growth expectations of your network. as it is easier to administer and is more cost-effective. 64MB or RAM.. You must choose the filing system you wish to use. This is more economical for larger networks with multiple domains and/or servers. you must install NTFS. Always give Windows 2000 Server its own dedicated hard drive partition with at least 2GB of space available. Your choices are FAT32 and NTFS. Client Access Licenses As discussed previously. Decisions. these are the minimum requirements to run Windows 2000 Server. Before you even begin there are several decisions you must make that are vitally important to getting the best performance out of your server. CALs are NOT required for connections through an Internet Information Server (IIS) or Web-server that provides HTTP or HTML file access. which allows it to access any server on the network. Per-Server licensing is good for small networks that are single-server. or any server software. In other words. It has better security options and allows for greater use of the integration of the Active Desktop..For most of us. Each client accessing a server must have it's own CAL. you avoid fragmentation problems and can use more virtual memory. The Client Access Licenses (CAL) are maintained on the server itself. Also remember that you can change from Per-Seat to Per-Server at any time. and a 12x CD-ROM drive. you should install a FAT-compatible filing system. (Microsoft recommends Per-Seat licensing in almost every case. Per-Seat licenses the client rather than the server. You simply run the setup program and follow the instructions. either stored locally or on the server. If you plan on using terminal services. you should use Per Seat.) Per-Server Licenses In a Per Server Licensing scenario. This includes a Pentium-class processor with a minimum speed of 133MHz. a minimum of 2GB of hard drive space. Per-Seat licensing is better for larger networks or networks that expect growth in the near future. but it does have some minimum requirements in order to work. If you plan to use Active Directory or use the server as a domain controller. the installation of a new operating system isn't all that difficult. and is not recommended for larger networks Per-Seat Licenses In a Per Sear Licensing scenario. you pay according to the number of clients that will access that server. and you should never try running a Server on a computer that just barely meets these requirements. and the hardest part is the wait for the program to finish. Decisions. Next you must come up with a hard drive partitioning plan. The most obvious task you must perform is the Hardware Compatibility check. 8 . and don't expect much growth. the Server must maintain enough licenses to cover every computer that has access to the basic networking functions of the server. as a CAL for each machine does not need to be kept on each server. This is fine for small networks with limited numbers of users. choose NTFS. CALs are the licenses that allow for access to servers. Simply installing the operating system without thinking about how to divvy up the drive space can lead to problems later on. The installation program handles most of the details. It gets significantly harder to maintain on multi-server networks. each client keeps it's own CAL. requires a little more work. Again. or FTP connections. If you are going to use multiple operating systems. Telenet access. This licenses the server rather than the client. By giving the server software its own space.

you should know the components you intend to install for your server. Each of the four disks has a separate set of files that it loads onto the computer in order to allow setup to install Windows 2000 Server. Setting Up The Computer Beyond the decisions you must make. Windows 2000 can not upgrade on a computer using DoubleSpace or DriveSpace compression.Server Formats Another important piece of information you need is the type of Server you are going to install. the bootable CD-ROM. Windows 2000 is also unable to upgrade while Disk Mirroring is turned on. • • The Domain Name System (DNS) name for the network you are joining If you are upgrading a Windows NT system. but not Windows 2000 Server. as it will perform a boot sector virus check. You can do this by running the file makedisk. make sure you have the proper domain name and computer account name.) Create a Windows 2000 boot disk.Installing Windows 2000 Server Part 2 • • • • There are two ways to install Windows 2000 Server. If you don't have the setup disks handy. If you have a version of Windows NT Server prior to 3. (UPS equipment can cause the autodetect process to fail) Turn off any Virus software working on the computer. Because most of the install process will look the same regardless of your install method. If you're installing into a domain. Only drives compressed under NTFS's compression utility can be upgraded while still compressed. so be sure you know which type of network you're going to be setting up.51. In the Domain model. or over the network. In a Workgroup model. and the type of previous operating system installed. but you can save yourself some time by installing them with the initial installation. we will deal with upgrades and clean installs in one area. IP address (if DHCP is not installed). Disk Mirroring disabled. Ensure you have Disk Compression turned off. boot the computer with the boot disk inserted. Lesson #6 . Upgrading Windows NT Notes There are several issues regarding upgrades of Windows 2000 server that you must be aware of.exe files from the Windows 2000 installation CD-ROM in the \Bootdisk directory. Windows NT Workstation and Windows 2000 Professional can not be upgraded to Windows 2000 server. Installation Methods You can install Windows 2000 Server onto a computer using one of three methods. Set-Up Boot Disks Upon purchasing Windows 2000 Server. Using a set-up boot disk. After creating this disk.exe or makebt32. but it is standard now) you will have to use the setup disks in order to install the operating system. domain or workgroup name.0 Terminal server. make sure you have the existing computer name. (Virus software often see operating system installs as virus activity and do not let the install occur. Lastly. and all your files backed up. the server is installed as a Stand-Along server. They include. 9 .. Upgrading a Windows NT 4. it is installed as a regular server. You can not change a Stand-Alone server to a Domain server without formatting the hard drive.bat on the Windows 2000 Server CD at \valueadd\3rdparty\ca_antiv. you can make your own by running the Makeboot. as you can't connect to the network without them.0 or 3. and a Clean Install. Disconnect any UPS equipment connected the the computer. you can upgrade Windows NT 4. you can not upgrade directly to Windows 2000. First off.0 Server Enterprise Edition to Windows 2000 Advanced Server. there are several important pieces of information you must know in order to properly set up Windows 2000 Server.51 server or NT 4. the DHCP server (if installed). Most networking services can be added later. If your system can not boot from the CD-ROM drive (Some early Pentiums still did not have this ability. you receive a CD-ROM and four set-up floppy disks.

exe file located in the I386 directory of the CD copy that you made. Bootable CD-ROM For clean installs of Windows 2000 Server through a bootable CD-ROM drive. which inspects and detects all the information the operating system requires to setup the software. it meets the minimum free space requirement but does not satisfy the hard disk requirement. use the Install Windows 2000 Server option. if your network consists more than 6 client computers. erase.exe. You can add these functions later through the Add/Remove Windows Components option in the Control Panel. You will be required to remove the CD upon re-boot. During this process. From the above table. and create partitions. you will see that the minimum memory requirements for Windows 2000 Professional and Windows 2000 Server are different. Disk 2 loads the HAL. But why the maximum supported memory for Windows 2000 Professional and Windows 2000 Server is the same? 4GB. NTFS. Over-The-Network In order to install Windows 2000 Server over the network. You will be required to choose a filing system (NTFS or FAT). and all the fonts for the system Disk 3 loads the Compaq Drive array and disk controller drivers. but the files accessed are all from within the CD itself. (FAT. and you will be asked if you wish to install the Windows 2000 operating system over top of your existing OS. floppy. all the device drivers that are required. where you can detect. To dual-boot.bin file. Simply follow the prompts as above. and the partitions are formatted. Also.) Installing Components There are 13 component included that you can choose to install that add functionality to your Windows 2000 server. The more components added. If your computer only has a 1GB hard disk with 1GB free space. controllers. simply place the CD in the drive while the existing operating system is running. 10 .exe.exe is loaded into the Executive.exe running and 500KB of conventional memory free. the more resources required to run the operating system. 128MB memory is required. (In order to run the installation program. use the Upgrade Windows NT Server option. previous versions of Windows are detected. and the system reboots. The autoplay will run. You will have to choice to upgrade your current system. However. Windows 2000 server requires 2 GB with a minimum of 850MB free space. as the setup program will re-run if you have the CD in the drive that is still bootable. or create a dual-boot operating system that will allow you to retain your existing installation. if you don't install Smartdrv. All files added beyond this point are added from the CD-ROM. The process is pretty much the same as above. If you don't want to install Windows 9x before installing the server. you can have Windows 2000 server installed on a computer with 64MB memory. The text mode portion of Windows 2000 Setup is loaded. and fixed disk drivers. To do this. File copy takes place. To upgrade a Windows-based compatible operating system. and the file Ntkrnlmp. To upgrade. copy the Windows 2000 Server CD files to a shared directory on the server. and CDFS) At this point Windows 2000 loads and setup is controller through Windows 2000 itself. If you have less than 5 clients in your network. installation times can vary from 3 to 16 hours. New installations over the net require an existing operating system to be installed. locale-specific data. you will need Emm386. and Windows 2000 takes you through the partitioning phase of the install.Disk 1 contains the Setupldr. as well as the file system drivers. you merely must have the Windows 2000 Server CD in the drive with the CD-ROM drive set in the BIOS as bootable. configuration tools. You still cannot install Windows 2000 on your computer. and run Winnt. install a copy of MS-DOS and an MS-DOS network client. and you shouldn't add more components than you need. Connect to the network share you installed the CD files into. Upgrading from another version of windows requires you to run the Winnt32. the system sources all the drivers that are required for the system and loads the dynamic volume support (dmboot1) Disk 4 loads the the SCSI CD-ROM. you must have the system files available on the network.

0x10111111111111111111111111011111 is a 32-bit number. Windows 2000 is a 32-bit operating system. • • • • • Select Add/Troubleshoot a device.INI. Please remember the following two sentences for the Windows 2000 exams. which is quite bigger compared that we usually only have 64MB or 128MB in our system.EXE.) needed to load Windows NT. The Boot Partition includes the System files. xxx-bit means the address space is xxx-bit. I want to select the hardware from a list in the next screen. \winnt) and its support files (i. the boot partition must have at least 850MB free disk space to install Windows 2000 Server. Some Unix system such as TrueUnix from Compaq is a 64-bit operating system. MS-DOS and Windows 3. The System Partition includes the files to boot Windows 2000. Because of the same reason. BOOT. go to Start -> Settings -> Control Panel and click Add/Remove Hardware applet. In fact. Windows 2000 has a memory limitation to 4GB. Windows 95 and Windows NT are 32-bit operating systems because they handle data in 32 bits unit.The reason is quite simple. TCP/IP protocols can not be installed without a NIC in your system. Some people might have no idea about the 16bit or 32-bit operating system. 11 .e. you can have all the networking related components installed in your system although they do not generate any real network traffic. The user should be careful not to change the drive letter of the system partition because many MS-DOS and Windows programs make reference to the C: drive.e. \winnt\system32). Windows 95. Windows 2000 is a 32-bit operating system. For example. Some people might mix the System partition with Boot Partition because they thought the system partition contains system files. Select Network adapters and click Next button. After that select Add a new device and click Next button. 2. However some of the home PCs only have modem while not have NIC installed. it must be a primary partition that has been marked active for startup purposes. 1. To install Microsoft loopback adapter. NTLDR or OSLOADER. After you have Microsoft Loopback Adapter installed in your computer. 2^32 = 4GB. Choose No. and type CMD) and type “echo %systemroot%” The System Partition is the volume that has the hardware-specific files (i. Compared to a 32-bit operating system. you can only have numbers ranging from 0x00000000000000000000000000000000 to 0x11111111111111111111111111111111. Among those Microsoft operating systems.. 0x1101111111111111 has 16 bits and we call it a 16-bit number. Some people have a wrong impression that 16-bit operating system cannot handle 32-bit numbers. Boot Partition contains the Windows operating system files (i. Windows will search for the new plug and play devices. In a 32-bit operating system. a 16-bit operating system requires extra operations such as borrowing bit to process 32-bit numbers. Like all other 32-bit operating systems. MS-DOS is a 16-bit operating system because it handles data in 16 bits unit. etc. which gives you totally 4G numbers. Add/Remove Hardware Wizard will be popped up.1 are 16-bit operating systems. Windows NT and Windows 2000 are 32-bit operating system. you need to go to Command Prompt (From Start -> Run. the 16-bit operating system can merge two 16-bit numbers into a 32-bit number. Choose Microsoft as the Manufactures and select Microsoft Loopback Adapter in the above diagram. You can install Microsoft loopback adapter to solve this problem. The system partition can be (but does not have to be) the same partition as the boot partition. Partitions in Windows 2000 If you have multiple partitions in your computer. Windows 98. On x86 based computers. To check which drive is your boot partition. It is recommended to have a network interface card (NIC) installed in your computer to prepare Windows 2000 exams.e. Because most networking components such as active directory. In fact.

we usually don’t call FAT FAT16. However. FAT is limited to 2 GB hard drives. and various features for the POSIX subsystem. Therefore. Therefore. NTFS supports file system recovery. you might encounter other file systems such as HPFS on the Windows 2000 exam. FAT is the only file system that is supported by all the Microsoft operating systems. Windows 2000 supports FAT. if you want to dual boot MS-DOS with Windows 2000. It also supports object-oriented applications by treating all files as objects with user-defined and system-defined attributes. you can either use FAT or FAT32 file system. extremely large storage media. you must implement FAT file system. you divide the disk into one or more areas that can be formatted for use by a file system. This is because of he 2GB limitation of the FAT file system. You can choose which operating systems you want to start each time you reboot the computer. Windows 95. However. FAT32 was available on Windows 95 since late 1996 and it increased the drive limitation to 2TB. FAT32 and NTFS three file systems. When you create partitions on a disk. long filenames. if you want to dual boot Windows 2000 with Windows 98. let's study the definitions of these file systems first: FAT (File Allocation Table) is a table maintained by some operating systems such as MS-DOS. NTFS (NT File System) is an advanced file system that was designed for use specifically within the Windows NT operating system. On a Windows 95 or DOS system. Although FAT is a 16-bit file system. such as FAT or NTFS. Windows 98 and Windows 2000 while not MS-DOS and Windows NT. A dual boot is a configuration that you have multiple operating systems installed on your computer. When you open the Properties of C: and D: drivers. Because MS-DOS can only support FAT file system. you will see the following diagram:  Fat 16 Win98 view | NTFS Win2000 View  12 . Some people may have found that when they purchased a 6GB hard disk. FAT32 is the 32-bit version of FAT. Windows NT as well as OS/2 to keep track of the status of various segments of disk space used for file storage. d: and e: three disk drives in their system. FAT is also called the FAT file system. We format C: to FAT and D: to NTFS. if you want to dual boot Windows 2000 with MS-DOS. Suppose we have two hard disks in the system.Disk partitioning can be used to divide your physical disk into separate unit. FAT32 is supported on Windows 95. they had to partition the disk to three 2GB disks using the fdisk command and ended up with (c:. you can only use FAT.

Supporting more file systems will definitely increase the system’s overhead. you will find that D: drive has three more tabs called Hardware. Windows NT 4. when you logon to a Windows NT computer locally.500 MB. 13 . This structure minimizes the number of disk accesses required to find a file. Please note that HPFS has nothing to do with HP Corporation but is an IBM product. The NTFS file system uses a binary tree structure for all directories. you can implement more security issues with NTFS. There is no way to prevent anyone from accessing these FAT folders if he can login locally. you need to purchase 15 Per Seat CALs.0 and Windows 2000 no longer supports HPFS. so you can specify who is allowed various kinds of access to a file or folder. Windows 2000 Server supports two Client Access License (CAL) licensing modes: Per Seat or Per Server.In the above diagram. Requires a CAL for each concurrent connection to the server. As far as Microsoft Products go HPFS is compatible only with Windows NT 3. Per Server. You can also use NTFS to control disk usage on a per-user basis and encrypt the file data. 1. In fact. NTFS compression enables you to read and write the files while they are compressed. It coexists with the existing FAT system. After Microsoft acquires the market share. it converts the file to FAT.5. It is read-only and when the files on CD-ROM are copied to the Windows 2000 system. Features provided only by the NTFS file system: You can assign permissions to individual files and folders. That’s because the FAT file system starts out with very little overhead. However. go to Control Panel and open the Licensing applet. security and disk quota. Windows 95/98. Windows NT as well as Windows 2000. It is easy to understand that when not many people use Microsoft’s products. HPFS (High Performance File System) from IBM is the file system introduced with OS/2 that handles large disks (2TB volumes. you’d better always implement NTFS instead of FAT except that you need to dual boot the system with Windows 95/98 and MSDOS. user-level security can be implemented on different folders and you can prevent users from accessing local system files. CDFS is used on a CD-ROM driver. The NTFS file system offers more permission than the FAT file system and you can set permissions for individual users or groups of users. Microsoft needs to support as many file systems as possible. Hence. you need to purchase 16 Per Server CALs. Because Windows 2000 requires a 2GB hard disk. Per Seat. FAT32 or NTFS depending on where the file is copied to. For the drives using NTFS. If you have 15 client computers. To setup the licensing setting. To reduce the system overhead. the FAT file system is very inefficient for the volumes large that 1 Gigabyte (GB). anybody can access the folders on the FAT file system. Windows 3. 2. That’s the reason why Microsoft suggests people use NTFS on Windows 2000. NTFS on Windows NT does not support disk quota and file encryption. Requires a separate CAL for each client computer that accesses a Windows 2000 Server.1. The FAT file system is best used on smaller volumes than approximately 400 . Microsoft is focusing more on its operating system’s performance. Disk quota and file encryption are two new features on Windows 2000. You can compress individual files and folders on an NTFS volume. which means that the NTFS file system should be faster for larger directories. The following table lists the supported file system on MS-DOS. without having to use a program to uncompress them. 2GB files) and long file names (256 bytes). If your network maximally has 16 connections.

inf for the unattended installation.UDF_file] Where <answer file> contains the information to automate the installation process and <install source> specifies the source location of the Windows NT installation files. for example. it only requires three floppy disks to boot the system. People usually use unatted.Unattend. i386 directory in Windows 2000 retail CD.sif is used when you install Windows 2000 from a bootable CD-ROM drive and sysprep. Because different hardware requires different unattend. The answer file specifies general information that is consistent to all of the servers. 250 are identical notebooks. FTP server as well as TELNET server installed on your Windows 2000 server. For example. Microsoft does not CALs for the anonymous access to your web server.inf can be used to create a disk image of your Windows 2000 computer installation.udf. If you are not quite sure which mode to use. Run makeboot.exe (in bootdisk folder on Windows 2000 CD) program from another Windows 2000 computer. You cannot convert from Per Seat to Per Server. A sample UDF could be as following: [UniqueIds] mcse1 = 123 mcse2 = 456 mcse3 = 789 [123:Identification] JoinDomain = MCSE1 [456:Identification] JoinDomain = MCSE2 [789:Identification] JoinDomain = MCSE3 Suppose the UDF name is unattend. However. Winnt.sif and sysprep. Compared to Windows NT. The UDF contains information that is unique to computer on the network.udf WinNT[32] /s:<install source> /u:<answer file> /udf: id [. you can use any name you like as long as you specify it after the /u switch. This can save you time as an administrator by cutting the amount of time you have to spend on each machine. Unattended Windows 2000 Server Installations Like Windows NT 4. totally you need 2 answer files for the unattended installation. 250 are identical desktops. Winnt32 /unattend:Unattend. Windows 2000 Server provides tools to allow you to install the operating system unattended and from remote locations. run the Makeboot. such as the network settings and computer name.exe in Command Prompt .txt files are required. you can run the following command to let a computer automatically join domain MCSE2. if you want to install Windows NT on both the laptop and the desktop computers. if you have 500 computers in your network.txt /udf:mcse2. the system will prompt the following dialogue box. To create the Setup disks. and by allowing you to set up computers that aren't in the same physical location. you can also use winnt. at least two unattend.txt file.txt.If you click Per seat radio button. The primary key to unattended installations is the Answer File. choose Per Server because you can change from Per Server to Per Seat once at no cost.you will see that Windows 2000 requires four floppies to start the system. You can also copy all files in i386 directory to the hard disk and specify the corresponding location in the hard drive. 14 .0. That’s because it could be hundreds of connections to your web server and you really cannot control how many people connecting to your web site.txt as the <Answer file>. Besides unattend.

txt file from within the Deploy.Answer File The answer file is a script file that tells Windows 2000 the answers to several questions that are asked during installation.EXE command used to install Windows 2000. InstallDefaultComponents = YES [Identification] JoinWorkGroup = Workgroup 15 . the ability to create subdirectories in your distribution folder. and the Client for Microsoft Networks. Some keys are optional and do not need to be included. There is a sample answer file on the Windows 2000 Server CD called Unattended. Some have default values that SETUP will use in the absence of a key value. and some answer file settings not normally used. The answer file is generally saved as a text (. This utility allows you to set the settings you want for your answer file without having to directly modify the text file itself. This information allows Windows 2000 to be installed without any button clicks to answer standard questions that Windows 2000 asks during installation. To find Setup Manager. and the location of files on a remote server. All the keys you use in your answer file must have a value associated with them. You can find Setup Manager under \support\tools folder of Windows [GuiRunOnce] List the programs that you want to launch when the machine is logged on to for the first time [Display] BitPerPel = 8 XResolution = 800 YResolution = 600 VRefresh = 70 [Networking] When set to YES.txt file is presented here. This includes the setup directory. You must name this file Winnt.txt) file. and can be in either upper or lower case.txt that can be used either as is or modified to fit your needs.cab file. setup will install default networking components. For more information on how to modify the Unattended. but can be useful for creating answer files in real-life situations.sif in order for Windows 2000 to access the file. look in the SUPPORT\TOOLS\Deploy. The components are TCP/IP. The Answer file has a specific format that you must follow in order for Windows 2000 to be able to understand the file. Setup Manager provides a graphical interface with which you can create and modify answer files and Uniqueness Database Files (UDFs). extract the Readme.txt file and on using Setup Manager. the use of temporary files. The sample Unattended. finish the normal Setup Manager tasks and add the extra tasks with a text editor. File and Print Sharing. Keys are not case-sensitive. One exception to this text rule is when you are installing Windows 2000 from a bootable CD-ROM drive. there is a utility included with Windows 2000 called Setup Manager.cab file. [Unattended] Unattendmode = FullUnattended OemPreinstall = NO TargetPath = WINNT FileSystem = LeaveAlong [UserData] FullName = "Your Full Name" OrgName = "Your Organization Name" ComputerName = "Computer_Name" [GuiUnattended] Sets the Timezone to the Pacific Northwest Sets the Admin Password to NULL Turn AutoLogon ON and login once TimeZone = "004" AdminPassword = * AutoLogon = Yes AutoLogonCount = 1 Fir Server installs [LicenseFilePrintData] AutoMode = "PerServer" AutoUsers = "5" Setup Manager In order to make creating answer files easier. This information will probably not show up on your test. There are some settings that Setup Manager can not add to an answer file. If you have special requirements for your answer file. This includes optional component settings. and is called during the initial SETUP.

the Setup Manager wizard will create an Unattend.exe. You can install Windows 2000 and all the applications on a computer. Some people might have a wrong impression that sysprep. you can only use RIS install Windows 2000 professional while not Windows 2000 Server. the Mini-Setup program will be bypassed and the system will load Windows 2000 without user’s intervention. You can use syspart to copy Setup startup files to a hard disk. If Remote Installation Services is selected. and then install the disk into another computer.inf. After you run setup Manager.exe can be used for disk duplication so it can be used to copy all contends from one hard disk to another. Therefore. you can use Remote Installation Services Setup wizard to configure the RIS settings. After that. After that. sysprep install as well as Remote Installation Services. You can use Windows Explorer to extract Deploy.exe while not winnt. After that. To install RIS in your system. You must always use the /tempdrive parameter with the /syspart parameter. double click the Add/Remove Programs icon in the Control Panel. If you choose Sysprep install. When you start that computer. mark the disk as active. and copying that image onto multiple destination computers. Take a look at the name sysprep. sysprep means system preparation.sif file will be created. Therefore. the Mini-Setup program will prompt the user for computer-specific variables. remboot. Reboot the computer and use third party disk image-copying tool (not sysprep. Syspart can be used to for the installation of the computer that has similiar installation and operating system while dissimilar hardware. When you start the destination computers.exe to start the Setup Manager. 16 . If you choose Windows 2000 unattended installation.txt file.exe. Please note that RIS is used to install client computers. run sysprep. The DNS server.2000 installation CD-ROM. To perform the disk duplication. DHCP server and Active directory must be available before you perform the remote installation.exe can only prepare the master computer’s hard disk to be duplicated and sysprep itself cannot be used to duplicate the hard disk. it automatically starts with the next phase of the Setup . If you have use Setup Manager to create a Sysprep. you need to use the tool called sysprep.cab file to a new folder in your computer. it will create a file called sysprep. Disk Duplication Disk duplication is the most efficient installation method by creating a disk image of a Windows 2000 installation.exe on that computer.inf on your system. sysprep. double click the setupmgr. such as the administrator password and the computer name. Syspart switch is only available on winnt32. Remote Installation Services (RIS) allows you to install new client computers remotely without having to visit each client.exe) to create a master disk image. you will see that you can create three kinds of answer files for Windows 2000 unattended installation.

1 or 4. However. you can just upgrade it to a domain controller running Windows 2000 server. you cannot switch from a domain controller to a member server without reinstallation. you can use dcpromo command to promote a member server to a domain controller or demote a domain controller to a member server. This is very convenient for your computer configuration. you need to install RIS and copy the Windows 2000 Professional installation files to the server. 2.0.mclaughlin. you can upgrade it to a member server running Windows 2000 server. manually assigning IP address will dramatically burden system administrator's administration and management work. If you have a member server of Windows NT 3. rights. In Windows NT 4. you do not need to reinstall files and applications if you perform an upgrade instead of the fresh new installation. Active Directory services is the directory service included with Windows 2000 Server. You can implement multiple domain controllers in your network and all domain controllers are peers. For the RIS installation. A DNS server maintains a database of domain names (host names) and their corresponding IP addresses. you need to keep the %systemroot% as the original system.0. The PXE is an industry standard network card that can request an IP address. and then upgrade to Windows 2000 Server. and access to the directory and shared resources. you need to upgrade it to Windows NT Server 3. authentication. In Windows 2000 domain. Same as in Windows NT. or Rbfg. 3.0 first. To create a remote installation Startup disk. It works fine if you don't have many computers within your network.DNS: Domain Name System provides the user-friendly name for the TCP/IP addresses. However if you have hundreds of computers in your network. settings. A configuration meeting the Network PC (Net PC) specification. you can only install domain controller on Windows 2000 server while not Windows 2000 professional. Try the following command in DOS command when you are connecting the Internet.0 server. and permissions. Windows NT server.1 or Windows NT Server 3. Upgrading can keep the existing settings on your users.51 or 4. C:\ Ping tom. A DHCP server can only be implemented in a Windows 2000 server. groups. at server end.5. However in Windows 2000. Windows 95/98. Windows for Workgroup or even the DOS with LAN manager installed. A network adapter with a Pre-Boot Execution Environment (PXE) boot ROM or basic input/output system (BIOS) support for starting from the PXE boot ROM. 17 . the card starts up a minimal operating system that contacts a RIS server and then brings up a menu so the user can select the operating system they want. A supported network adapter and a remote installation Startup disk. you only have one type of domain controller. Moreover. Using DHCP to configure IP addresses will solve the above problem. Windows 2000 professional. Windows NT workstation. Domain Controller (DC) is a computer running Windows 2000 Server that manages user access to a network. you need to run Windows 2000 Remote Boot Disk Generator. You can always manually assign IP address to a computer.net DHCP (Dynamic Host Configuration Protocol) offers dynamic configuration of IP addresses for the client computers. If no operating system exists. which includes logging on. When you upgrade a system. Upgrading a server from Microsoft Windows NT 4. Client computers that support remote installation must have one of the following configurations: 1.0 server.51 or 4. It provides network administrators a single point of administration for all network objects.exe. If your computer still runs Windows NT Server 3. DHCP clients can be implemented in almost all the Microsoft networking operating systems including Windows 2000 server. Microsoft eliminates the concepts PDC(Primary Domain Control) and BDC(Backup Domain Controller) in Windows NT 4.5. If you have a PDC or BDC running Windows NT 3. Active Directory supports single logon and the network users can access to the permitted resources anywhere on the network.0.

Site Server ILS Support .Provides NetBIOS over TCP/IP name resolution for legacy Windows products. If you receive an error message INACCESSIBLE_BOOT_DEVICE when you perform an upgrade. Deploy service packs. To apply a new service pack.Allows control over network bandwidth 6. To solve this problem. Before upgrading to Windows 2000. 18 . the /w/p switches modify the dir command to give it more usability. For examine. it will be annoyed if you deploy hundreds of computers in your network. third-party network services.Character generator. Network Services Network services consist of 8 services you can install to add functionality to your system. run update. Internet Authentication Service . as you will be questioned on the proper switches. installing from DOS or Windows.Supports authentication for Dial-in users 5. If you want to install service pack one on Windows 98. then manually install the service pack thereafter.Supports distributed applications that use HTTP to communicate through IIS 2. Switches are modifiers to a command in DOS that allow you to change how a program behaves.Provides name resolution services 3. Windows 2000 supports service pack slipstreaming.Supports telephony applications 8. QoS Admission Control Service . it might because you did not reserve IRQs (interrupt requests) for non-Plug and Play ISA devices.Allows for dynamic IP addressing 4. you need to know the switches that can help automate the process.It is always correct that you can only upgrade from a workstation product to a workstation product and upgrade from a server product to a server product. you need to set your system BIOS (basic input/output system) to reserve all IRQs currently in use by non-Plug and Play ISA devices. In Windows NT. When Windows 2000 is installed. Dynamic Host Configurations Protocol (DHCP) . Windows Internet Naming Service (WINS) . It is OK if you only have one or several computers in your network. Windows 2000 also eliminates the need to reinstall the previously installed components. services packs are installed separately after the operating system is installed. Windows 95 and Windows 98. Service pack is mainly used to fix the bugs in the software. You can never upgrade from a Windows NT workstation to a Windows 2000 server. Although knowing every switch is difficult. or any other possible install. typing dir at a DOS prompt will bring up a directory of the current folder. Simple TCP/IP Services . You also need to remove any virus scanners. the appropriate files from the service pack are installed without your intervention. and stop when the screen is full. and Quote of the Day 7. 1. Echo. daytime discard.0. Whether you're upgrading a 16 bit or 32 bit operating system.exe /slip in Command Prompt. you need to backup the critical data such as registry and drivers on Windows NT 4. However. Domain Name System (DNS) . Typing dir /w/p will create several rows of listings. COM Internet Services Proxy . which means you can install service pack during your Windows 2000 installation. there are also several switches you can use to install different options. They are listed together because they are installed as a package rather than one by one. you must install Windows 98 first. it is important to know as many as possible for the exam. Service Pack is a software patch that is applied to an installed application. Switches for Windows 2000 Server Installations Because Windows 2000 server can be installed in several methods. They include. or client software and disconnect serial cables to UPS.

allowing unattended/remote installation.exe Switches There are 8 switches used for the installation of Win2K server setup files from a 16bit platform. Allows you to set the location of the temporary file directory. This also sets the install drive that Windows 2000 Server will use. /tempdrive /unattend /u /tempdrive:{drive letter} /u or /unattend /unattend{num} Performs an automated installation using the files found in the answer file. You must install using the Command Prompt or Start Menu in order to use these Switch /s Usage /s: {source path} Description States the location of the Windows 2000 setup files.Winnt. States a command that is executed at the end of the Graphical User Interface (GUI) mode setup. An answer file allows automated installation of Windows 2000 Server. They are: Switch /s Usage /s: {source path} Description States the location of the Windows 2000 setup files. The /u command requires the /s command. States a folder which setup copies from the source location during installation to the installation folder. the command to run this software can be placed here to start that installation.exe Switches The 32bit installation of Win2K Server setup files has many of the same switches as the 16bit version. Allows you to set the location of the temporary file directory. The UDF files allows Win2K installation to choose modified answers to the answer file. The {id} variable states which ID file number to use. If standard software is to be installed. This also sets the install drive that Windows 2000 Server will use. Automates the installation program using all the previous installation defaults from the current operating system. {UDF file} /r /rx /r: {folder} /rx: {folder} /e /e: {command} /a /a A complete switched winnt. /t /t: {temp drive} /u /u: {answer file} /udf:id /udf:{id}. This allows you to state information such as the computer name without modifications to the answer file. Enables accessibility options.{UDF file} /r{folder} /rx{folder} /e:{command} /a Winnt32. but the folder is deleted upon completion of the setup.exe install command would look like this: winnt /s{source path} /t{temp drive} /u{answer file} /udf:id. This allows you to state the file location if it is not being installed from the standard CD Directory. /copydir:{folder name} States a folder which setup copies from the source location during installation to the installation folder. Same as above. This allows you to state the file location if it is not being installed from the standard CD Directory. plus a few 32bit specific switches. You must use the /s switch to specify a source location. /copydir 19 . The answer file contains answers to the standard questions that Win2K Server asks during the install process. The {Num} variable is the number of seconds Win2K /unattend{num}:{answer setup waits between copying the files and rebooting the file} computer.

20 . and install the disk into another computer.log file. Checks to see if the computer is compatible with a Win2K installation. This allows you to copy the source files from a computer onto a hard drive to install them on another computer. an upgrade keeps many of the existing server settings. Upon completion of the install. Because you are allowing the operating system to keep many of it's existing settings. the computer will continue the installation.1to-Windows 95 upgrade and above. 2= warnings. and the Final Set-up phase Domain Upgrades Although many times you might be required to perform a clean install of Windows 2000. Tells setup to issue a command after the second re-boot and after the the configuration information is detected. Tells setup not to restart after the file copy phase of Winnt32 so that additional commands can be entered. Copies all the installation files to the hard drive. 3= information. and 4= detailed information. 1= errors. the Text Mode phase. there are also many instances where an upgrade of an existing server will be required. make the disk active. The {id} variable states which ID file number to use. and default to the other directory if the files aren't found. the folder is deleted. meaning it will be easier to bring your machine back on-line In my own experience./copysource /copysource:{folder name} /cmd:{command} Copies a directory within the source location that contains information used by the GUI mode set-up to the folder where NT is installed. upgrading operating systems never works perfectly.txt file. while NT information is stored in the Winnt32. with only the above exceptions. The {level} variable states which level of debugging is used. upgrading an operating system has always been a challenge at best. They are the Pre-Copy phase. Setup will check this directory first. From the original Windows 3. There are situations where a clean install (also called a virgin install) is not possible. Other times you may have to upgrade an operating system to protect data. Creates a debugging log in the specified file name. This allows you to state information such as the computer name without modifications to the answer file. the Network Component Installation phase. (Although your back-up plan should avoid this problem) My personal suggestion is that you always do a clean install from a fresh format for all operating system upgrades where ever possible. This type of install will only work from NT and 2000 format operating systems. The UDF files allows Win2K installation to choose modified answers to the answer file. Large networks with huge numbers of clients may require that you keep your existing settings for easy of configuration. Upon manual reboot. Allows you to have a second default directory in cases where files may be spread in different areas. the Information Collection phase. so you must be aware of the format for upgrading for the exams. /cmd /debug /debug{level}:{file name} /udf /udf:id. you are also allowing it to keep many of it's existing problems. Win 9x information is stored in the Upgrade.{UDF file} /syspart /syspart:{drive letter} /checkupgradeonly /checkupgradeonly /cmdcons /cmdcons /m /m:{folder name} /makelocalsource /makelocalsource /noreboot /noreboot Step-By-Step Through the Installation Process There are 5 stages to a Win2K Server installation. Allows you to copy the Setup files to a hard disk. Microsoft recommends upgrades in many cases. Adds the Recovery Console option to the operating system. Where a clean install lets you start from scratch. Each level contains the level below it as well.

dll files to determine existing software and hardware setups in order to maintain these setups after the installation is complete. allowing all DC's to share authentication tasks. avoiding bottlenecks in the system.exe and ntdll. Having multiple domain controllers allows the duties involved with user authentication to be split among servers. BDC's can be upgraded to Domain Controllers or member servers.0 domains with Primary and backup domain controllers. In order for domain controllers to function. In Windows NT 4.51 or 4.Filing System Upgrades When you insert the Windows 2000 Server CD-ROM in the drive. It uses the Ntoskrnl. you MUST upgrade to NTFS. System32\Drivers. there are several differences between Windows 2000 and Windows NT 4.ini file for previous installations of the software. It can also be a member server. It then searches the directories System32.0 Server in regards to Domain Controllers. you MUST upgrade the Primary domain controller first. If the version of Windows that you wish to upgrade is not present. which use Active Directory services to replicate domain user accounts and control logons. This allows you to recover damaged installations that have previously failed. As discussed previously. Domain Properties Windows 2000 Server can upgrade an existing server into one of three formats. After determining what operating systems are compatible with the Windows 2000 Server upgrade. It searches the boot. In order to dual-boot with NTFS installed. and must be upgraded first. You must have at least one domain controller in each domain in order for the domain to function. Because of this. such as shared file permissions and local access protection. The first question that you will see after this is about your filing system. any partitions on the hard drives of the server not formatted with NTFS will lose certain security features that Active Directory allows.0. but not until the PDC is upgraded. They carry the most up-to-date domain information. a menu will be shown asking you to choose which installation you wish to upgrade. which are installed onto workgroups instead of domains. it will cancel the upgrade. as these duties will cut into it's other functions. This will also affect your choice of filing system. Finally. as they provide fault-tolerance to a domain with little processor overhead. Lastly. This option allows you to have two operating systems running on the computer. and each time you boot you choose the operating system you wish to use. If you are upgrading a computer that has FAT16 or FAT32. You can press F3 to escape this installation without affecting the previous installations. You should NOT upgrade a computer with extremely high network traffic or processing duties into a domain controller. Windows 2000 Server also has certain security and directory functions that will not work without an NTFS filing system. and Backup Domain Controllers (BDC) that acted as back-ups to the PDC. it will auto-boot and ask you if you wish to upgrade your current operating system. You also will be given the opportunity to dual-boot your computer. Windows 2000 Server setup will examine your computer for several pieces of information. Most Windows 2000 Server installations are Domain Controllers. Domain controllers in Windows 2000 rely solely on Active Directory. you must choose roles for your existing Domain Controllers carefully. it didn't meet the requirements for a Windows 2000 Server upgrade. It can become a Domain Controller. and version number. There were Primary Domain Controllers (PDC) that carried out all the authentication functions. Windows 2000 only uses Domain Controllers. Upgrade Functions After the initial upgrade choices. as only Windows NT and Windows 2000 operating systems can run on an NTFS format. build number. you will need to decide whether or not to convert to the NT filing system. which offers member services without having domain logon control. and System32\Config for setup information. it can become a Stand-Alone server. so their upgrade is imperative for retaining your existing domain information. (NTFS) If you wish to use Active Directory with TCP/IP. 21 . If it finds versions other than Windows NT Server 3. Finally. the registry is accessed to determine the existing type of NT installation.0. PDC's MUST become domain controllers. you must have a separate partition available for Windows 2000. and this requires an NTFS partition. In Windows NT 4. they MUST have NTFS filing systems.

Microsoft also recommends setting up test user accounts and groups to verify the upgrade upon completion. You also must disable DCHP for the same reasons. Finally. The log file can also remain on any FAT or NTFS partition. before you can start the upgrade you must disable WINS. and perform the upgrade. This can mean shuffling objects within domains. and cost over runs. but the System Volume FIle (SYSVOL) must be placed on an NTFS format. this makes Windows 2000 fully backwards compatible. This can also help balance out the administrative tasks involved with the network by changing domain areas that are too large. or consolidation or create of new domains to fit your business's current physical and logical make-up. If the installation should fail. This can lead to confusion. Before you Upgrade The most common function that every network administrator must do before performing a major change on a server is back up the data on that server. Choosing Your Domain The first element to planning your upgrade is choosing the DNS structure for your domain. Stand-Alone servers also have this one-time opportunity to be upgraded to member servers. The Windows NT 4. you can upgrade them one-by-one without fear of losing networking ability. too small. Lastly. There are three important files that you can choose the location of on a partition. Planning and Implementing Your Domain Upgrade When preparing a domain for an upgrade. If your domain is going to be suitably large enough (over 5 servers). Having a plan on dealing with user accounts is important for maintaining good group permissions and for keeping security on your network functioning. Most upgrades done on Windows NT domains are done haphazardly with no forethought. data loss. This creates a cohesive structure that allows domains to be added and Active Directory to implement the necessary replication services. you can promote the disconnected BDC to a PDC and resume normal network operations until the installation can be repaired. create a new forest and a new domain. Upgrading BDC's 22 . Another important element of a Windows 2000 domain controller upgrade is the size of the accounts database it contains. This means that if you have multiple servers in your environment.0 accounts database is significantly smaller than the Windows 2000 Server database. This will give you a back-up of your Domain Controller information in the event that the installation fails. You must devise a plan for the root network domain on each tree in your forest. the Windows 2000 domain controller will emulate a PDC in the Windows NT 4. you must re-visit your user accounts and determine where the fit in to your organizational units. You should make sure that you have plenty of hard drive space for this database upgrade to take place. Microsoft suggest you create two or three groups and user accounts with varying properties in order to determine whether the groups and users database upgrades correctly. Some simple planning can make upgrading your domain simple and cost-effective. The User Accounts database and Active Directory data can stay on any FAT or NTFS partition. Upgrading PDC's As stated last week. You will be given the choice of creating a new domain or a child domain. The Microsoft handbook also suggests disconnecting a single BDC from the network while you are upgrading. and a new forest or a domain tree in an existing forest. and develop the naming structure for the subdomains below. errors. Start with the PDC on the root network. The next element is planning out the organizational units within domains. or remain stand-alone servers. the Primary Domain Controller must be upgraded first. or that don't function properly in your network scheme.Existing member servers can either remain member servers or change to stand-alone servers. there are several important factors that you must take into consideration. Upon completion of the upgrade.0 environment. as the conversion process requires the WINS database to be converted during the upgrade.

When moves user accounts between domains. security policies can be defined centrally. you have the choice to change your servers into Native Mode.) Although the Security Identity (SID) is transferred. As new computers join the domain. and have the ability to grow to meet the needs of the network. Test each upgrade before proceeding to the next BDC. Because Windows 2000 Server can handle a larger number of user accounts. Mixed and Native Modes As each domain controller is added to the network. nor will they be able to upgrade to a domain controller. This allows the emulation that makes Windows 2000 Server backward compatible. These changes can be extremely disruptive and time consuming. When the last Windows NT Domain Controller is upgraded. as they will cease to be able to communicate with the other servers if they are still using Windows NT. domain consolidation can also reduce the need for certain services within a network. See the Active Directory tutorial for more. Mixed Mode is necessary for the upgrade process to be successful. (All domains in the tree use the same schema. The Active Directory database files are a template for each BDC installation. upgrading to Windows 2000 Servers gives your network the perfect opportunity to adjust some of it's user settings. Once you choose to upgrade to Native Mode. First. it is possible to transfer single user accounts among domains to maintain their groups and permissions statuses. you can begin upgrading the BDC's in the same fashion. Make sure each new domain controller is functioning properly in every way before starting on the next server. it runs in a Mixed Mode setting that allows it to communicate with other Windows NT servers on the domain. It can also reduce the amount of network traffic created by Active Directory by reducing the number of master domain account trust relationships that must be maintained. and never upgrade more than one BDC at a time. It is important that all BDC's be upgraded to Windows 2000 before you turn to Native Mode. but will give you greater ability to utilize the services within Windows 2000 Active Directory. It also uses the Kerebos transitive trust model throughout the network. and must be planned out early in order to avoid deleting users and services from the network during normal network usage. Re-Working Your Domains As discussed early. users and groups can be moved across domain boundaries while still maintaining their previous security identity. especially when it comes to groups and trusts. 23 . Previous versions of Windows are not compatible with the Active Directory's current configuration. This allows the administrator to make changes in the logical features of the domain without having to be present at the domain. so each BDC becomes an exact replica of the domain controller. the password for that user is not. and therefore share the same groups and permissions settings. Windows 2000 also provides tools to update access rights to reflect the changes in the network and the business. making permissions and groups easier to manage. (The information needed to become a domain controller can not be transmitted to a Windows NT server in Native Mode. Lastly. All Windows 2000 Server upgrades start in Mixed Mode. you can not go back to Mixed Mode. Native Mode removes all the emulation for Windows NT in a Windows 2000 environment to reduce overhead. If you run into a problem. Consolidating domains and arranging your Organization Units within Active Directory will give you more administrative control and reduce network overhead. This is not a requirement of a Windows 2000 upgrade. Windows 2000 has several features that make domain consolidations easier to manage. they automatically pick up the security policies already in effect in the new domain. it is easy to fix one BDC and less likely to cause network disturbances if you only have one down server at a time. Windows 2000 allows domain controllers to be demoted to member servers if they are not required to be domain controllers in the new domain. Secondly.After testing the new domain controller to make sure your user account settings are functioning and the installation was complete. Computers can also be moved using remote administration tools.

Most of the time. you can try another way for the installation. Windows 2000 supports quite few installation methods. either install a different CD-ROM drive or use a boot ROM Drive disk with the proper CD-ROM drivers installed to copy the files from the Windows 2000 Server Installation CD. If all Controller else fails. This error will occur when the partition you wish to install Windows 2000 Server on does Insufficient Disk not have the required amount of free space that Setup uses for temporary files and Space installation files. clients. and computer identification properties. If your computer is already networked and have a DNS for the Internet connection. Ensure that the hardware you installed is on the Microsoft HCL. As we have learnt before. You should start the computer in safe mode and install the newest drivers from the hardware vendor to see if this fixes the boot problems. delete the computer account and re-create it. you need to check the network settings in your computer and make sure the local computer name is unique on the network. Failures in Windows 2000 Server To Start After Installation Is Also verify that Windows 2000 properly detected all components when installing. these errors are caused by hardware faults. These problems can range from simple hardware incompatibilities to hard disk and file system errors. you must ensure that you have the correct Dependency network settings in order for the computer to be seen on the network. You must free up enough space by deleting files from the desired partition. scanners. it is possible you have a defective CD. format a partition. Therefore. you also need to add the DNS for your Windows 2000 domain at your network configuration. request a replacement Windows 2000 Server Installation CD from Microsoft or your software vendor. Make sure your protocols. It is Complete common for modems.Troubleshooting Windows 2000 Server Installations There are many problems that can occur with a standard Windows 2000 Server installation. if your CD-ROM is broken or not in the HCL (Hardware Compatible List). If you think that domain name you specified is correct. Either the drivers installed during installation conflict or do not operate with Windows 2000 Server. or attempt to load it in another CD-ROM CD-ROM Errors drive. The most common problem for the Windows 2000 installation is unable to connect to the domain controller. you can try RIS or network installation. It is most commonly an error with the Domain Name setup you used. 24 . protocols. For example. If you can't get it to connect. or choose a different partition to install Windows 2000 on. and that you have the right clients installed. If you see the failure of dependency service when you start the Windows 2000. This includes the Service To Start proper hardware settings. If you are attempting to connect to a Domain Controller and can not gain access. and cause errors upon boot. This doesn't mean that it can support every CD-ROM drive. you will see this error. If your Unsupported CDCD-ROM drive won't run under Setup. To Domain and network adapter settings are correct. and other equipment not to install during the setup process. you need to make sure both domain controller and DNS Server are online. domain names. Below is a list of the most common Windows 2000 Server installation errors. Failure Of If you are installing Windows 2000 Server. Clean the CD. Problem Description and Solution If you are attempting to install from a CD-ROM drive and keep receiving media errors. as corrupt computer accounts could cause the inability to connect. but Unable To Connect can also be caused by bad network settings. If it will not run. if one method fails. Windows 2000 Server Setup comes with utilities to support many different CD-ROM drive types during setup. install in workgroup mode and troubleshoot the domain afterwards.

In addition. This chapter also introduces you to the next generation of NTFS. copying and moving data with NTFS permissions assigned. Permission Traverse Folder/Execute File List Folder/Read Data Read Attributes Read Extended Attributes Create Files/Write Data Create Folders/Append Data Write Attributes Write Extended Attributes Delete Subfolders and Files Delete Description This allows or denies a user to browse through a folder's subfolders and files where he would otherwise not have access. it allows or denies the user the right to add data to the end of files. This allows or denies a user to view the standard NTFS attributes of a file or folder. she can still delete. The 25 . This allows or denies the deleting of files and folders. using special access permission. This allows or denies a user the ability to change the extended attributes of a file or folder. These attributes are defined by programs and may vary. This allows or denies the ability to change the attributes of a files or folder. Read Permissions This allows or denies the user the ability to read the standard NTFS permissions of a file or folder. Change Permissions Take Ownership This allows or denies the user the ability to change the standard NTFS permissions of a files or folder. which Windows 2000 touts as its standard file system. The chapter covers NTFS file and folder permissions. it allows or denies the user the ability to run programs within that folder. this chapter outlines all of the components of using NTFS permissions on a NTFS 5. If the user does not have this permission assigned but does have the Delete Subfolders and Files permission. which can vary due to the fact that they are defined by the programs themselves. NTFS 5.0 file system effectively on a Windows 2000 network. In addition. This allows or denies the user to view subfolders and fill names in the parent folder. and troubleshooting NTFS permission problems. It also true that if this permission is assigned files and subfolders can be deleted even if the Delete special access permission has not been granted. This does not include making changes to any existing data within a file. This allows or denies the deleting of files and subfolder within the parent folder. It specifically discusses security on files and folders within the NT File System (NFTS). In addition. In addition. and they provide the finite level of security to resources on a Windows 2000 network that some administrators require. This allows or denies the user to view the extended attributes of a file or folder. This allows or denies the user the right to create new files in the parent folder. This allows or denies a user the ability to take ownership of a file or folder. planning NTFS permission. Defining Special Access Permissions There are fourteen Special Access Permissions. I will use three tables to explain the Special Access Permissions and how they relate to NTFS file and folder permissions. access control lists. This allows or denies the user to create new folders in the parent folder.0. such as Read-Only and Hidden. it allows or denies the user to view the data within the files in the parent folder or subfolders of that parent. In addition. using NTFS permissions. Table 4 lists the Special Access Permissions and provides a description of the kind of access they allow or deny.NTFS Permissions This chapter discusses resource security using NTFS permissions. it allows or denies the user to modify or overwrite existing data in a file.

The Write NTFS permission is actually made up of the Create Files/Write Data. Table 5 displays a cross-reference chart of NTFS file permissions and special access permissions. Write Extended Attributes. if User A leaves the organization for another position. Remember this when referring to these tables. Synchronize This allows or denies different threads to wait on the handle for the file or folder and synchronize with another thread that may signal it. and Synchronize special access permissions. File and folder ownership can be transfer to another user or group. Administrators can then assign the Take Ownership special access permission to another user or group. which allows taking control of that file or folder. Change Permissions Two of the special access permissions are particularly useful in application. The first applies to folders and the second only to files. This permission applies to only multithreaded. That way the user or Windows 2000 administrator can control the access to the data but not delete any of the data itself. they do not have access to delete any files or subfolders. as shown in Table 4. Remember these when thinking about granting someone the ability to take ownership of a file or folder. Two hard-and-fast rules apply here. User A can now take ownership of any files or folders in D:\Apps. This is usually a Windows 2000 Administrator. 2. NOTE: Some of the Special Access Permissions have two parts. you have the ability to take control of any files or folders on the NTFS volume. Read Permissions. The owner of a file or folder or any user with the Full Control NTFS permission to a file or folder can assign the Full Control standard NTFS permission or the Take Ownership special access permission. Take Ownership The second particularly useful special access permission is Take Ownership. Write Attributes. Table 6 displays the same list of special access permissions but shows how they interrelate to the NTFS folder permissions. Using the Change Permissions special access permission a user or Windows 2000 administrator can change permissions to a file or folder. the Change Permissions special access permission.owner of a file or folder can change the permissions on the files and folders she owns. As an administrator. You can grant a user account or a user group the ability to take ownership of a file or folder. Create Folders/Append Data. 1. Now let's look at how these new special access permissions are related to the standard NTFS file permissions. multiprocessing programs. For instance. a Windows 2000 administrator can assign the Take Ownership special access permission to the former employee's 26 . All files and folders on a nNTFS volume have an owner. You will see that the each of the standard NTFS file permissions is actually a group made up of special access permissions. When using special access permissions it is no longer necessary to assign a user or Windows 2000 administrator the Full Control NTFS permission so that they have the allowed right to change permissions. You will find that having these reference tables will be very helpful when deciding which special access permissions to use in your organization. A Windows 2000 administrator can take ownership of a file or folder at any time. We discuss here the first one. so that they can take control of the files and folders in a parent folder. For instance. Notice also how the Write NTFS permission is made up of six special access permissions. By default. regardless of any other permission that might be in place. However. This is one of the inherited rights that administrators have. if User A has the Full Control standard NTFS permission to D:\Apps and assigns the Take Ownership special access permission to User A. the owner is the person installing the volume and formatting it with the NTFS file system.

This is where all special access permission are assigned and denied. Now click on Add. The manager can then take ownership of those files and folders. 27 . right-click My Computer. This dropdown list box lists the level of the folder hierarchy at which the special access permissions being assigned will be applied. however. click OK. or Group dialog box as shown in Figure 6. 7. Table 7 lists the options and their descriptions. Apply onto Permissions Apply these permissions to objects and/or containers within this container only Clear All Taking Ownership of Secure Resources A Windows 2000 administrator working with NTFS file and folder permissions should know how to take ownership of a resource. 10. Now click Advanced to view the Access Control properties dialog box. This will start the Windows Explorer. 11. give ownership of a file or folder to a user account or group. Compute. Clicking on the Change command button can change the user account or group affected. To allow permission inheritance for the special access permissions being assigned select this check box. 2. This opens up the Select User. On your Windows 2000 desktop. I suggest learning how to use them in you own environment.manager for the former employee's files and folders. or select it by clicking on it. The receiving user account or group can then take ownership of the respected resources. Use Alt-Tab to switch to the Securities tab. 3. 5. 6. as shown in Figure 7. Click Explore. To set special access permissions to a folder take the following steps: 1. This is a list of all the special access permissions. Now we see that all of the special access permissions are listed in the permissions list box. This clears all of the check boxes in the Allow and Deny columns in the permissions list box. 4. This doesn't mean walking down to the local parts shop and picking up a new hard disk. Click the Properties option on the list. This allows or denies permission inheritance for the parent folder. I am talking about using the Take Ownership special access permission. This subtopic will give you a quick glance at how to assign special access permissions to an NTFS volume. Find a folder and right-click on that folder. Click the plus sign to the left of an NTFS volume that you would like to view. 9. In addition. Using Special Access Permissions Special access permissions provide a more finite level of security than the standard NTFS permissions. as shown in Figure 5. NOTE: The Take Ownership special access permission can be assigned to a user account or group. Let's discuss the options for a moment. otherwise clear the check box. You cannot. This displays the Permission Entry dialog box. 8. After you select the object that you would like to add the special access permissions to. Permission Name Description This is the user use account or group name that will be affected by the special access permissions. To allow a special access permission click the check box in the Allow column to the right of the permission. to deny a special access permission click the check box in the Deny column to the right of the special access permission.

There are in fact two other cases worth pointing out when moving files and folders from an NTFS volume: moving files and folders within a NTFS volume and moving files and folder to another separate NTFS volume. these rules are followed: 1. That is correct. the permissions change. 4. the permissions are lost. 7. Like any new file. 28 . and click Ok. The following is a list of the steps that you would take: 1. confident that you have the knowledge to do so. Then they must explicitly take ownership of that file or folder. Click Explore. • The user account used to copy the file becomes the Creator Owner of that file. When files and folders are copied from an NTFS volume to a FAT partition. the following things happen if the right criteria are met. 8. Click the plus sign to the left of an NTFS volume that you would like to view. the permissions change. usually on a pretty frequent basis. • The receiving NTFS volume treats the file as a new file. 3. This happens because FAT partitions do not support NTFS permissions. We can safely assume that when files or folders are moved to a FAT partition. This depends entirely on where the destination folder lies. Moving Files and Folders When files or folders are copied from an NTFS volume. Check the Replace owners on sub containers and objects check box. and for same reason that NTFS permissions are lost when copying files and folders from a NTFS volume to a FAT partition. or select it by clicking on it. If you want to keep those same permissions. 2. Copying Files and Folders When files and folders on a NTFS volume are copied to another volume. Select your name in the Change owner to list box. 5. The user account moving the files and folders must have the Write NTFS permission to the destination folder.To take control of a file or folder the user or group member must have the Take Ownership permission assigned to them for that file or folder. Click Advanced to view the Access Control Settings dialog box. Now when files or folders are moved from an NTFS volume. right-click My Computer. When copying files and folders with NTFS permissions assigned to them you need to folder certain guidelines. 10. Find a folder and right-click on that folder. In the Access Control Settings dialog box use <Alt><Tab> to switch to the Owner tab or select it by clicking on it. Click the Properties option on the list. On your Windows 2000 desktop. Use <Alt><Tab> to switch to the Securities tab. This specifies that you are going to take ownership of the resource. it gains the permissions of the folder it is created in. This means that any permissions assigned to that file before it is copied are lost during the copy itself. That is all for special access permissions and how they relate to the standard NTFS permissions. It is important to know these guidelines before you start shuffling data around your Windows 2000 network. if you copy a file from one NTFS volume to another NTFS volume. Now you can assign NTFS permissions with ease on your Windows 2000 network. The NTFS permissions sometimes change as the file and folders are moved or copied. The files and folders keep the original permissions assigned to them. the permissions are lost. This discussion outlines these rules and explains what happens to the NTFS permissions when files and folders are moved or copied. the permissions might or might not change. COPYING AND MOVING DATA Copying and moving data is something that every administrator does. they will have to be reassigned at the destination folder. For instance. • The user account used to copy the file must have the Write NTFS permission in the destination folder on the receiving volume. 6. 2. This will start the Windows Explorer. 9. When moving files and folders within a single NTFS volume.

The Users group. 4. but I'm talking here about the secure data on the network. the file will now carry the latter security settings. The user account moving the files and folders must have the Write NTFS permission to the destination folder. • Try not to deny any NTFS permissions. This is because during a file or folder move. When an administrator wants to update the application executables. This increases the complexity of managing the permissions. If users cannot access the data they need to do their job. For example. the files and folders are deleted from the source directory after they have been copied to the destination folder. • When assigning NTFS permissions. 29 . • Application executables should have Read & Execute and Change assigned to the Administrators group. these are the rules followed: 1. TROUBLESHOOTING PERMISSIONS PROBLEMS The number one goal of a Windows 2000 administrator should be making sure that resources are always available to the users. Table 8 lists the most common ones and solutions. This includes many things. This will prevent users or a virus from modifying the files. Instead of denying access to a resource by denying NTFS permissions.0 file system. Avoiding NTFS Permission Problems Avoiding permission problems involves following some basic guidelines. Permissions may not be assigned for the selected resource. The user account used to move the files and folders becomes the Creator Owner of those files and folders. Use this list as a reference when assigning NTFS permissions on your Windows 2000 network. since a move is really a combination copy/delete. move them to a common folder and assign the permissions to that folder. try to assign only enough access for a user or group of users to perform their job. document it well and state that this is a special case. 4. This way users have full access to the files that they create. on the other hand. if you move a file from a folder that has Everyone with Read permission into a folder on another partition that has permissions only allowing Domain Admins Read access. production slows. The user account moving the file must have either the Modify standard NTFS permission or the Delete special access permission assigned.3. The user account moving the file must have either the Modify standard NTFS permission or the Delete special access permission assigned. he or she can temporarily assign himself or herself Full Control to perform the task. or permission could be denied. If you have to do this to a user or group. Problem A user or group cannot access a file or folder. should have only Read & Execute. 3. and how long will it take for you to fix the NTFS permission problem. Solution Check the permissions assigned to the user or group. The files and folders being moved inherit the permissions of the destination folder. don't assign the permissions to gain access. Below is a list of do's and don'ts when assigning NTFS permissions on a NTFS 5. asking why the users can't get to their data. Now your boss is breathing down you neck. This discussion will lay down some rules on NTFS permission problems. Assign the NTFS permissions at the folder level only. 2. The user account used to move the files and folders becomes the Creator Owner of those files and folders. If several files require the same access. Troubleshooting NTFS Permissions This topic is designed to help you troubleshoot the most common NTFS permission problems. • Try not to assign any NTFS permissions at the file level. In addition. the files and folders are deleted from the source directory after they have been copied to the destination folder. When moving files and folders from one NTFS volume to a separate NTFS volume. The topics include avoiding NTFS permission problems and troubleshooting NTFS permission problems. This is because during a file or folder move. the permissions could have been changed if the file or folder has been copied or moved. • Assign Full Control to the Creator Owner of public folders and the Read and Write NTFS permissions to the Everyone group. but the members of the Everyone group can only read and create files in the folder.

0. For administrators in need of a more granular level of security on file and folder resources. his NTFS permission are updated to include the new group that they were added to. When possible. and I hope that this table provides a starting point for the resolution. we now know that special access permissions are available. and you want to prevent user. We learned the effects of assigning multiple permissions to a single resource and how to use permission inheritance effectively. 30 . but the users of that group still cannot access the file or folder. and that NTFS permissions can be assigned only on an NTFS formatted volume. This forces the permissions to update on the reconnect of the network drive. them from doing it again. it is important to remember that a permission of No Access will always override any other permissions assigned. Another way to update a user's permissions is to ask them to disconnect the network drive on which the file or folder resides and then reconnect it. With a little perseverance any NTFS permission problem can be solved. A user with Full Control to file Open the Permission Entry box for that folder and remove the has deleted some files in a Delete Subfolders and Files special access permission for that folder.The administrator assigns access to a group for a selected file or folder. Now we know that the standard file system for Windows 2000 is NTFS 5. Also. it is usually better to simply omit a user account from the Access Control Lists (ACL) than to explicitly list the account with No Access specified. CHAPTER SUMMARY We discussed the many faces of NT File System (NTFS) permissions being utilized on a Windows 2000 network. Ask the user to log off and then log back on. When the user logs back on. Use this setting sparingly. permissions should be applied at the folder level rather than the file level for ease of administration.

Windows 2000 Professional Windows 2000 Professional Overview To make an informed choice between the two operating systems. Smart Card Support Smart cards are credit card-sized electronic cards that can provide tamper-resistant. and gaming features built into Windows Me are aimed at the consumer market. Windows 2000 Advanced Server. including the types of application programs they need to run. Public Key Infrastructure (PKI) Public key cryptography is an important security mechanism for protecting Internet. the features available in Windows 2000 Professional are targeted at the corporate and institutional computer user. Enhanced Security Windows 2000 Professional provides a number of security features for local and network applications. 31 . Standard Network Authentication Protocols Windows 2000 Professional supports a number of network authentication protocols including: Kerberos 5. which provides enhanced authentication and session security over the previous NTLM implementation included with Windows NT 4. while the home networking. Key Features of Windows 2000 Professional Windows 2000 Professional is the follow-on to Windows NT® 4. Some of the key features of Windows 2000 Professional are described in the following sections. multimedia. PKI provides an integrated set of tools and services for support of public key-based applications. Extensible Authentication Protocol (EAP). Windows NT LAN Manager version 2 (NTLMv2).0. Virtual Private Networks (VPNs) VPNs allow Windows 2000 Professional clients to use the Internet to create secure paths or pipelines over the Internet to their corporate local area networks (LANs). reliability. This article focuses primarily on Windows 2000 Professional. In general. EFS is a particularly valuable feature for mobile systems where confidential data may be at risk should the computer be lost or stolen. an encryption certificate and a private key are generated that are used later to perform the decryption. system management. users should consider a number of factors. a new programming interface that allows third-party security protocols to be installed and used. Windows 2000 Professional is part of the larger Windows 2000 product family that includes Windows 2000 Server. highly portable storage for digital identification and credentials. networking. Encrypting File System (EFS) The EFS component permits encryption of folders and files. EFS can be used whether the computer operates as a stand-alone system or participates on a network as a member of an Active Directory domain.0 and Windows 9x operating systems. their networking environment. Smart card support is integrated into Windows 2000 Professional. It is based on the Windows NT architecture and includes many architectural refinements that improve overall operating system stability and reliability. intranet. Although Windows 2000 Professional can be used with stand-alone computers. VPN technology is especially useful in mobile computer applications because it enables users to dial into most local Internet Service Providers (ISPs) and set up a secure VPN session with their corporate LAN over the Internet. it is only in conjunction with a Windows 2000 Active Directory domain that the complete array of Windows 2000 Professional's powerful security. Windows 2000 Professional includes native PKI support that can take full advantage of public key cryptography. and Windows 2000 Datacenter. When a folder or file is encrypted. and other features can be fully utilized. This can significantly reduce long-distance dial-up charges. and ecommerce data. the default network authentication program for computers running Windows 2000 Professional. and their overall manageability. and security requirements.

This protected kernel-mode architecture makes Windows NT Workstation and Windows 2000 Professional more stable and reliable. This feature protects one user's data from being viewed by an unauthorized user. Stability and Reliability Like Windows NT Workstation. Synchronization Manager The Synchronization Manager lets users synchronize various resources. Internet Connectivity 32 . folders. The following sections describe several of the operating system's stability and reliability features.Windows 2000 supports key VPN tunneling protocols including the Point-to-Point Tunneling Protocol (PPTP). and preferences. corruption. and Internet Protocol Security (IPSec). MMC provides a single interface for many client and server management tools. Microsoft eliminated more than 75 scenarios in Windows NT 4. Synchronization Manager synchronizes only the resources that have changed or have been updated since the last synchronization process. From the Items to Synchronize window. Manageability Windows 2000 Professional includes manageability features that make it easier for IT professionals to deploy. MMC is an extensible console framework that provides a common environment for specialized management applications called snap-ins. reduced boot scenarios. Reduced Reboot Scenarios Windows 2000 Professional requires fewer planned and unplanned system restarts than Windows NT 4. the 32-bit Windows 2000 Professional OS protects itself against the failure of nonnative 16-bit Windows and 16-bit MS-DOS® programs by running those programs in a protected subsystem that has its own separate memory space. and others. support. In a work environment. Microsoft has also reduced the total number of reboot scenarios in Windows Me. Digital signature technology is also used to verify the correct version of the file(s) to be installed. Microsoft Management Console (MMC) Designed for system managers running Windows 2000 clients. Windows File Protection (WFP) The WFP feature (also available in Windows Me as System File Protection [SFP]). Multiple User Profiles Windows 2000 Professional supports multiple user profiles on the same machine. Users can specify strict validation policies to prevent the installation of unsigned drivers or drivers whose validity cannot be authenticated. which make it more robust than previous Windows operating systems. or deletion of protected system files by verifying the source and version of a system file before it is installed. safeguards against coresystem file corruption during application program installations. All device drivers are required to pass rigorous tests for stability before they can be issued a signature.0. Microsoft has reduced the number of reboot scenarios in Windows 2000 Professional to fewer than 10. administrators can configure computers such that users have their own protected sets of data. To improve the operating system's stability and reliability. Snap-ins are ActiveX® controls that provide system management functions or behaviors that system and network administrators can combine to create many types of administration tools. As the primary management host for Windows 2000 Professional. It prevents the replacement. Layer Two Tunneling Protocol (L2TP). The management tools and services described in this section are used in conjunction with Windows 2000 Server management services. application programs. and update the OS over the network. Windows 2000 Professional has added a number of new improvements in core-system file integrity. and off-line Web pages every time they log on or off of the network. users can set the Synchronization Manager to automatically synchronize files. e-mail.0 (such as adding a network protocol or installing a new device) that required a system reboot. driver signing and authentication. Driver Signing and Authentication Driver authentication is an integrated process in Windows 2000 Professional.

and other device sharing across the network. The following features help improve Internet connectivity.Network configuration tools are built into both Windows 2000 Professional and Windows Me. Network Connection Wizard The Network Connection Wizard guides users through the process of establishing access to the Internet and other networks. printer. making it easier for users to establish Internet and other network connections. 33 . It also simplifies the setup procedures required for file.

On restart. Standby mode is particularly useful for conserving battery power in portable computers. consuming less power. By defining security settings. Devices such as the monitor and hard disks are switched off. The operating system can recognize and repair such problems. When docking. regardless of the operating system they are running. a newly installed application that has a Dynamic Link Library (DLL) with the identical name of another application's DLL would cause a conflict. Both Windows 2000 Professional and Windows Me also support the earlier Advanced Power Management (APM) initiative. such as a dial-up or VPN connection. For example. This feature also allows open application programs and documents to continue to run even as the computer is moved from one location to another. Intellimirror IntelliMirror management technologies are a collection of features on a Windows 2000-based server that permits Windows 2000 Professional clients to mirror user data. The browser allows close integration of the Internet into the user's desktop environment. then switches off the monitor and hard-disk drive and shuts the computer down. new hardware is automatically detected and installed. An enhanced version of the ACPI power management utility that also supports fast boot capabilities is available in Windows Me. software installation options. the desktop is restored to its previous state. When the computer is returned to full operation. the majority of Windows Me features are targeted at the consumer market Group Policy Group Policy is a Windows 2000 Server utility that enables system administrators to customize and define rules for many aspects of a client computer user's environment. the system is restored to its previous state. ACPI power management modes include:  Standy mode — In standby mode. the computer is put into a low-power state. A consolidated search capability makes it easier to perform highly targeted and refined searching. and other resources. For each remote network connection profile. Microsoft Installer works with the Windows Installer Service provided in the Windows 2000 Server operating system. desktop settings. This is useful for mobile users who. Hot Docking and Undocking Services This feature enables users to dock and undock portable computers without rebooting or changing the computer's hardware configuration. ACPI Power Management Windows 2000 Professional supports the latest Advanced Configuration and Power Interface (ACPI) power management functions. The Installer can fix this problem automatically by storing the DLLs in different folders. Benefits for client systems include time and cost savings associated with system uniformity and automated software installation and updates. Internet Explorer version 5 allows a user to specify different proxy configuration information. transparently install or repair application 34 . which help reduce the need to repeatedly enter information into the browser. Internet Connection Sharing (ICS) This feature allows multiple PCs in home networks or small office networks to share a single dial-up or broadband connection to the Internet. In contrast to the business-related features offered in Windows 2000 Professional. must connect to multiple remote networks with varying proxy configurations.Internet Explorer Microsoft's Internet Explorer 5 is included with Windows 2000 Professional. because standby mode does not save the desktop state to disk. ACPI provides user-defined.  Hibernate mode — Hibernate mode saves everything that is in system memory to disk. However. low-power standby modes that conserve energy while not shutting the computer down entirely. A single Windows 2000 Professional client connected to the Internet can provide Internet connectivity for up to 10 additional Transmission Control Protocol/Internet Protocol (TCP/IP) clients. The browser includes AutoComplete and AutoCorrect features. Microsoft Installer Microsoft Installer technology helps eliminate problems caused by application program installation or uninstallation errors. system administrators can create standard system configurations for specialized groupings of users and computers. while traveling. a power failure while on standby can result in the loss of unsaved information.

Once programs are installed on the client.  User settings management — Similar to the roaming "My Documents" feature. When the client reconnects or logs off of the network. users can disconnect from their network and still access the files in their My Documents folder. This policy-based installation and maintenance capability reduces client-side management costs by providing centralized application management and by removing some of the most common issues that require technician visits to users' systems. If User settings management is also enabled. instantly. upgraded. This feature is particularly useful for users who have a need to frequently disconnect their portable computer from the network. even though these files are normally accessed over the network. and without any interaction on the part of a user or system administrator. With the files in an off-line files cache.  User Data Management — This "roaming" feature allows Windows 2000 Professional users to store their My Documents folder on the server and replicate it to an off-line files cache on the client system. the client can still boot with the locally stored copy of the profile.  Software installation and maintenance — This feature allows deployment and management of policybased application software throughout a Windows 2000 Active Directory domain. the user settings management feature stores users' desktop settings such as Start Menu configurations. IntelliMirror has the following main features. the Windows Installer Service tracks versions of shared components and performs routine checks to ensure that program components are still intact.programs. Internet shortcuts. users can roam to other Windows 2000 Professional-based clients on the corporate network and access their data. and Windows Installer Service lets system administrators automate the software installation and configuration of client systems. Group policy options specify the software that is to be installed. or removed. and store customized OS settings on Windows 2000 servers. and other user preferences in a directory structure on the server. The profile is mirrored on the user's local hard-disk drive so that if the user doesn't have access to the network. the My Documents folder is synchronized with the mirrored copy stored on the network. The profiles are replicated to the local client's hard-disk drive each time the user logs into the domain. 35 . The automatic repair function of applications installed via the Windows Installer Service allows a corrupt application to repair itself automatically.

and Distribution. users have constant access to all their information and applications. Therefore. IntelliMirror is able to recover. IntelliMirror uses different features in both the server and client. and applications. They can be nested. have users directly assigned. group types can be altered. as parts of the AD are replicated to other domains. Global groups can be nested. and personal settings to follow them to any desktop on the network. Global groups are the primary scope into which users are placed in Mixed-mode domains. When fully deployed. and enables the users' data. Windows 2000 has 3 scopes. Windows 2000 has two types of groups.Windows 2000 group types. Domain Local groups can be used for the direct assignment of access policies on objects that are NOT directly stored in the Active Directory (AD). 36 . and Domain Local. and personal settings in a Windows 2000-based environment. they should be relatively static. but they are not security enabled. which controls access and can be used as e-mail distribution lists. Since they are domain-centric. depending on the requirements of the environment.0 has Global and Local groups. and location. If used on a WAN. but are fixed at creation in Mixed-mode domains. NOTE: In Native-mode domains. based on policy definitions. In Native-mode domains. IntelliMirror uses the Active Directory directory service in Windows 2000 Server and Group Policy to provide policy-based management of users' desktops. whether or not they are connected to the network. Introduction to Windows 2000 IntelliMirror IntelliMirror management technologies are a set of powerful features native to Windows 2000 for desktop Change and Configuration Management that combines the advantages of centralized computing with the performance and flexibility of distributed computing. which are considered to be Security groups. or replace users' data. At the core of IntelliMirror are three features: • User Data Management • Software Installation and Maintenance • User Settings Management Administrators can use these IntelliMirror features either separately or together. Global. Universal groups are only available in Native-mode and can be used anywhere within same forest. which are used for e-mail distribution and others administrative grouping. Universal groups are stored in the Global Catalog (GC) and incur a replication load. Security. settings. and they do not impose GC replication loads. Universal. Windows 2000 Professional desktops automatically reconfigure to meet a specific user's requirements each time that user logs onto the network. IntelliMirror increases the availability of the user's computer and computing environment by intelligently storing information. Windows NT 4. applications. applications. restore. they can not be the only mechanism to restrict/allow access to an object from a different domain. All users have data and settings that are specific to each of them. and can be used with ACLs. Through centrally defined policies based on the users' business roles. with the assurance that their data is safely maintained and available from the server. group memberships.

or organizational units (OUs). which is in turn associated with selected Active Directory objects. domain. such as policy settings for registry-based policies. • Has a clear interface and is easy to use Provides slow link detection and straightforward. • Provides an integrated tool for managing policy The Group Policy MMC snap-in extends other Active Directory administrative tools. Group Policy settings are contained in Group Policy Objects that are in turn associated with the following Active Directory containers: sites. or organizational units (OUs). You create a specific desktop configuration for a particular group of users and computers by using the Group Policy Microsoft Management Console1 (MMC) snap-in. use the Administrative Templates node of the Group Policy snap-in. you used the System Policy Editor tool to configure user and computer configurations stored in the Windows NT registry database. domains. You use the Group Policy MMC snap-in and its extensions to define Group Policy options for managed desktop configurations for groups of computers and users. software deployment options. such as sites. • Provides reliability and security After you define Group Policy for groups of users and computers. In Windows 2000. For example. • Software installation and maintenance options—Used to centrally manage application installation. • Security options—Includes options for local computer. • Folder redirection options—Allows administrators to redirect users' special folders to the network. OU. domains. and removal. domain. you could create a system policy to control user work environment and actions and to enforce system configuration settings for all computers running Windows NT Workstation and Windows NT Server. The Group Policy snap-in is a Microsoft Management Console snap-in that includes native features for setting Group Policy. Administrators can delegate control of Group Policy Objects. and for applications. and user logon and logoff. security options. With the Group Policy snap-in you can specify policy settings for the following: • Registry-based policies—Includes Group Policy for the Windows 2000 operating system and its components. and network security settings. you can specify Group Policy for a site.0. Group Policy provides the following advantages: • Capitalizes on the Windows 2000 Active Directory services Group Policy allows for centralized or decentralized management of policy options. scripts. Using Group Policy. such as the Active Directory Users and Computers and Active Directory Site and Services Manager snap-ins.Group Policy Overview In Windows NT®4. updates. Group Policy extends and takes advantage of the Active Directory service. Windows 2000 introduces the Group Policy MMC snap-in. or OUs within an OU. • Scripts options—Includes scripts for computer startup and shutdown. System policies are registry settings that define the behavior of various components of the desktop environment. Group Policies define the various components of the user's environment that system administrators need to manage. 37 . you can rely on the system to enforce those policy settings. a tool that extends the functionality of System Policy Editor and provides enhanced capabilities for specifying user and computer configurations for groups of computers and users. and redirection of folders. Using System Policy Editor. To manage these settings. you use Group Policies to define user and computer configurations for groups of users and computers. unobtrusive feedback. The Group Policy settings that you create are contained in a Group Policy Object (GPO). • Offers flexibility and scalability Group Policy handles a wide range of implementation scenarios that can be applied to both small businesses and large corporations. you can define the state of users' work environment once and rely on the system to enforce the policies you define.

For example. navigate to Administrative Templates. desktop settings. System. user logon and logoff scripts. you can filter the effects of Group Policy based on users' or computers' membership in a Windows 2000 Security Group. you use the Security tab on a Group Policy Object's Properties page to specify Discretionary Access Control List (DACL) permissions. The following graphic illustrates a Group Policy and Active Directory scenario: At the root of the Group Policy snap-in namespace are two parent nodes: Computer Configuration and User Configuration. you can provide finer granularity of policy than just to OUs. These are the parent folders you use to configure specific desktop environments and to enforce policy settings on groups of computers and users on the network. Group Policy affects all computers and users in a selected Active Directory container. Computer Configuration This includes all computer-related policies that specify operating system behavior. User-related policy settings are applied when users log on to the computer. you can modify the application of policy for specific users within an OU. and folder redirection options. To set User Configuration per computer. By using ACLs and Security Groups. The system volume folder is automatically created when you install a Windows 2000 domain controller (or promote a server to domain controller). when you use Security Groups to filter Group Policy. To delegate the use of the Group Policy snap-in tool. To set Group Policy for a selected Active Directory object. assigned applications options. security settings. However. you can modify the scope of Group Policy Objects. Group Policy. you use DACL permissions. Computer-related policy settings are applied when the operating system initializes. and you must have read and write permission to access the system volume of domain controllers (Sysvol folder) and modify rights to the currently selected directory object. in the Group Policy MMC console. and computer startup and shutdown scripts. you must have a Windows 2000 domain controller installed. that is. and set the option for Loopback Policy. desktop behavior. select Computer Configuration. security settings. assigned and published applications options. Doing so enables fast processing of Group Policy Objects and allows Group Policy to be applied to Security Groups. application settings.You can filter Group Policy by using membership in Security Groups and setting Discretionary Access Control List (DACL) permissions. To filter Group Policy. application settings. User Configuration This includes all user-related policies that specify operating system behavior. By default. 38 .

Note: As shown in Figure 2 below. including the operating system components and applications. Domain Name Service (DNS). You can install. In the Domain name box. and DNS. A Group Policy snap-in extension may extend either or both of the User or Computer Configuration nodes in either the Windows Settings node or the Software Settings node. which you use to mandate registry settings that govern the behavior and appearance of the desktop.microsoft. • Software Installation—You use the Software Installation extension to centrally manage software distribution in your organization. The Administrative Templates snap-in extension also includes functionality for managing Disk Quotas and Remote Installation options. 39 . 4. type Reskit.The Group Policy snap-in includes several snap-in extensions. DHCP. available at: http://www. For these purposes. • Scripts—You can use scripts to automate computer startup and shutdown. Most snap-ins extend both of these nodes. Scripting Edition (VBScript). publish. This guide uses the wizard. For the latest information on Windows 2000. and user logon and logoff. assign. type com. • Folder Redirection—Allows you to redirect special folders to the network. When the Windows 2000 Configure Your Server page appears. For more detailed information on Group Policy. The wizard puts the dot (. Click Next. and DCPromo (the commandline tool that creates DNS and Active Directory) can be installed manually or by using the Windows 2000 Configure Your Server Wizard. domain. the manual procedures are not covered here.com/ntserver/ and the Windows NT Server Forum on MSN™. You can define local computer. 1. Click Next to configure the server as a domain controller and set up Active Directory. but frequently with different options.microsoft. update.com/windows/server/Technical/management. 3.) into the name. The Microsoft Network online service (GO WORD: MSNTS). • Security Settings—You use the Security Settings extension to define security configuration for computers within a GPO.com in the Preview of Active Directory domain name box. check out Microsoft TechNet or see the Web site at http://www. the combined name appears as reskit. select This is the only server in my network and click Next. Leave the password blank. Configuring Your Server as a Domain Controller Dynamic Host Configuration Protocol (DHCP). and network security settings. Press Ctrl-Alt-Del and log on to the server as administrator. you can use Windows Scripting Host2 to include Visual Basic®. and Jscript® type scripts. 5. and remove software for groups of users and computers. The following is a list and brief description of the Group Policy snap-in extensions that are included in Windows 2000: • Administrative Templates—Includes registry-based policy settings. Click on the screen outside of the textbox to see the Preview of the Active Directory domain name. 2. see the technical paper entitled Windows 2000 Group Policy. repair. On the What do you want to name your domain page.

Click the + next to Storage if the folder is not already expanded. Click Next. and Volume label. When prompted. Allocation unit size. and click Computer Management. DHCP. Format the Second Disk Drive or Partition Warning: Formatting the partition destroys any data on the partition. Make sure you do this only if necessary. Click Start. 12. Right-click Free space and then click Create logical drive.1 255.0. The Configure Your Server Wizard installs DNS and DHCP and configures DNS. Click Next and then click Finish. point to Programs. Select Logical drive. Right-click unallocated disk space and click Create partition. insert the Windows 2000 Server CD-ROM. your window should look similar to Figure 3 below. The Welcome to the Create Partition wizard appears.10. accept the defaults for File system to use (NTFS format and the entire size of the partition).1 10.0.3-10. Figure 3. 13. When the wizard is finished. and then click Finish. Clear the Show this screen at start-up check box in the Configure Your Server Wizard. The default values set by the wizard are: DHCP Scope: Preferred DNS Server: IP address: Subnet mask: 10. 4. This may take some time depending on the size of the disk and the speed of the computer. 2. Click Next.0. 6. and reskit is the down-level domain name. and close the wizard. and click Next.Figure 2. 5.0. then point to Administrative Tools. 10. 14. and that you select the correct partition. and click Next.0 Reskit.0. Accept the specified partition size by clicking Next. Accept the default drive letter by clicking Next.1. The Welcome to the Create Partition wizard appears. The drive or partition will be formatted. the machine reboots. and Active Directory.0. At the end. The Computer Management snap-in appears. Configure Your Server Wizard Click Next to run the wizard. Select Extended Partition.254 127. Accept the specified partition size by clicking Next. Click the Disk Management folder. 8. 1.0. 11. 15. 9. On the Format Partition page.0. 7. Log on to the server as the Administrator. 6. Disk Management Snap-In Window 40 . 3.com is the Active Directory domain and DNS name.

Laptops. Type Accounts in the name box. 3. Repeat steps 6 and 7 to create the Production and Marketing OUs under Accounts. If you receive this message. click OK.com that was configured using the Configure Your Server Wizard in the preceding section. Request cannot be completed. 8. Repeat steps 3 & 4 to create Groups and Resources OUs. You receive a warning that continuing the format will erase all data. Production.Note: You might get an error message saying Volume is open or in use. Its contents now display in the right pane (it is empty to start). close the Disk management snap-in.com.com to show its contents in the right pane. Figure 4 below illustrates the sample Active Directory structure. 9. 16. 6. and Servers organizational units (OUs). These are represented by circles in Figure 4. and click OK. Active Directory Sample Infrastructure The common infrastructure is based on the fictitious company Reskit. point to New. In the left pane. Click the + next to Reskit. OUs exist for the delegation of administration and for the application of Group Policy and not to simply mirror a business organization Populating Active Directory To create Organizational Units and Groups 1. This is a timing error because you just created the partition. Desktops. 2. Click Start. and click Organizational Unit. and the Accounts. has the DNS name reskit.com to expand it. the OU structure should look like Figure 5 below: 41 . Click Accounts in the left pane. then point to Administrative Tools. Sample Active Directory Structure Of most interest here are the Domain (reskit. point to Programs. and click OK. After the disk or partition has been formatted. Click OK. then right-click the partition again and click Format.com). 7. These 3 OUs show up in the right pane. Type Headquarters. point to New. Right-click Accounts. Click Reskit. Groups. Marketing. and click Organizational Unit. 5. right-click Reskit. Resources. 4. Figure 4. When you have finished. Headquarters. and click Active Directory Users and Computers. Accept all defaults and click OK.

Click Next on the Password page to accept the defaults. 4. Its contents now display in the right pane (it is empty at the beginning of this procedure). Type Teresa for the User logon name. In the left-hand screen. Teresa Atkinson now displays on the right-hand screen. as a user under Reskit. the Headquarters OU screen appears as illustrated in Figure 7 below. Adding a User Click Next.com/Accounts/Headquarters. create Desktops. adding the names listed in Appendix A for the Headquarters OU. 11. point to New.) 5. Laptops. The window will look like Figure 6 below: Figure 6. Create the two security groups by right-clicking Groups. 7. The two groups to add are Management and Non-management. When you are finished. 3. 8. Type Teresa for the first name and Atkinson for the last name. and click User. (Note that the full name is automatically filled in at the full name box. Click OK to create each group. click the + next to the Accounts folder to expand it. Click Finish. In the same way. Right-click Headquarters. Click Headquarters (under Accounts) in the left-hand screen. Create Organizational Units 10.Figure 5. and Servers under the Resources OU. 9. then pointing to New. then clicking Group. 6. 42 . The settings for each group should be Global and Security. To create User Accounts 1. Repeat steps 2 through 7. 2.

43 . 3. Click OK to accept. In the right pane. products. The members of the Management group are drawn from three OUs. Repeat steps 2 through 4 to add members to the Non-management group. organization. Figure 7. 6. Select the users in the upper pane as shown in Figure 8 below by holding down the ctrl key while clicking each name. click Add to add them all at once. person. In the left pane. Important Notes The example company. click Groups. or event is intended or should be inferred. 4. 5. No association with any real company. To add Users to Security Groups 1. Close the Active Directory Users and Computers snap-in. 2. double-click the group Management. User listing in the Headquarters OU Repeat steps 1 through 8 to create the users in the Production and Marketing OUs. Click the Members tab and then click Add.) Their names will display in the bottom pane. Figure 8. people. and events depicted in this step-by-step guide are fictitious. organization. (The users who should be members of this security group are listed in Appendix A.10. product.

• You want to replace your previous Windows operating system with Windows 2000. if your network doesn’t have a Dynamic Host Configuration Protocol (DHCP) server. • You want to maintain your existing user settings and files. However. but the tools available in the compatibility area will help you determine if you need BIOS (basic input/output system) or driver updates before upgrading. Read the release notes. you have no operating system installed on it). manageability. Microsoft recommends waiting for the next consumer-oriented operating system from Microsoft. You should upgrade if all of the following are true: • You’re already using a previous version of Windows that supports upgrading. By installing the operating system from scratch. • You have two partitions and want to create a dual-boot configuration with Windows 2000 and your current operating system. Make sure that Windows 2000 is appropriate for your needs. and support for new hardware devices. strong Internet support. Setup generates a list of known incompatibility issues. (Be sure to install Windows 2000 on a different partition than your current operating system.doc. • Your current operating system does not support an upgrade to Windows 2000. even if you are currently running Windows 95 or Windows 98. Read the release notes in the root directory of the Windows 2000 Server CD-ROM: the Read1st. they are not recommended for long-term production use. Additional upgrade resources are listed at the end of this document. Go to the Hardware and Software Compatibility search area to find out if your hardware and software are compatible with Windows 2000. the Windows 2000 operating system offers business users reliability. install Windows 2000. Make sure your computer can run Windows 2000. however. so you must back up your data. a new installation requires reformatting your hard disk. and then reload your data from backup. and then instruct you on how to get the Setup program underway. Make sure your hardware and software are compatible with Windows 2000. Check your hardware specifications to see if they meet the system requirements for Windows 2000. • You should perform a new installation if any of the following are true: • Your hard drive is blank (that is. For further information. you can upgrade to Windows 2000 Professional. If your computer is connected to a network. Microsoft also recommends that you test your configurations and applications prior to upgrading production systems. skip this step): Name of your computer (you may need to consult with your administrator about using a computer name that conforms to the naming conventions of your network). If you determine that you can and want to do an upgrade. dual-boot configurations are suitable for testing and evaluation. Name of your workgroup or domain. rather than an upgrade to Windows 2000. 44 . proceed with the remaining steps listed below. you place the operating system in a known state and avoid migrating any problems that may have existed in the previous configuration.txt file.How to Upgrade from Windows 95 or Windows 98 If you are running either the Windows® 95 or the Windows 98 operating systems. In certain situations. reinstall your applications. as well as the Readme. Additional Windows 95 and Windows 98 Compatibility Issues Determine whether you need to do an upgrade or a new installation. Windows Millennium Edition. which has an "Application Notes" section with information about programs that need to be disabled or removed before running Setup. Obtain your network information. you may prefer to do a new installation (or "clean install"). make sure you know your network information (if you won’t be connected to a network.) Typically. The steps listed below help you prepare for your upgrade. please see Choosing the Right Client. whether you are using the Windows 2000 Professional CD-ROM or upgrading from a network server. Built on Windows NT® technology. TCP/IP address. For home computer users running Windows 98 or Windows 95.

During Setup. 45 . you may need to provide an IP address during Setup. Back up your files. If you plan to connect to the Internet. Install hardware and software updates. It offers: Better reliability. Do not upgrade to Windows 2000 on a compressed drive unless the drive was compressed with the Windows NT file system (NTFS) compression feature. BIOS. If you are running power management or disk management tools provided by your computer manufacturer. if necessary. and so forth) from your hardware or software manufacturer. Scan for viruses. You will not be able to return to your previous version of Windows after installing Windows 2000 unless you completely reinstall your older version of Windows and all of your programs. Uncompress drives. a tape drive. Uninstall power management or disk management tools. NTFS is the recommended file system for use with Windows 2000. or another computer on your network. Better disk compression. Windows 2000 gives you the choice of using the Windows NT file system (NTFS) or one of the file allocation table file systems (FAT or FAT32). performance with NTFS will not degrade as it does with FAT systems. Better support for large hard disks (up to two terabytes).Choose a file system. Use anti-virus software to scan for and eradicate any viruses on your hard disk. If you haven't established an e-mail or Internet account yet. and as drive size increases. The maximum drive size for NTFS is much greater than for FAT. you should uninstall these programs before you upgrade. It is particularly important to make sure you have the latest BIOS (basic input/output system) available from your computer manufacturer. The conversion to NTFS is one-way. Better file security. An IP address is assigned by your Internet Service Provider for your e-mail and Internet accounts. including the Encrypting File System (EFS) which protects data on your hard drive by encrypting each file with a randomly generated key. Windows 2000 Professional does not provide an uninstall feature. If you decide to switch to NTFS. Uncompress any DriveSpace or DoubleSpace volumes before upgrading to Windows 2000. you can do so during Setup or after Windows 2000 is installed. You will not be able to convert your drive back to FAT if you choose to upgrade your drive. Plan ahead for rolling back. Know your IP address. Check the Hardware and Software Compatibility area for tools to help you determine if you need updates. you can easily add your IP address later. Back up your files to a disk. Review your current system information and then obtain hardware and software updates (drivers.

select Enable Quota Management. This left the market open for products like NTP Software's Quota Manager. The tools can only make exceptions on a per-user basis. users receive a single "disk full" error when they hit their limit. What the built-in tools can't do While the built-in quota management of NTFS 5 is a vast improvement over the complete absence of such tools in previous versions. Since NT was first released in 1992.000 box with 100GB of RAID-5 or SAN storage is their personal Napster service.8MB. as opposed to applying policy to groups of users. a leading distributor of third-party tools for Windows NT. You can use the Quota Entries applet to export and import quota rules to and from other servers and volumes. at several hundred dollars per copy. and select Properties from the pop-up menu. ZDNet Business & Technology Even though today's enterprise file servers offer more and more disk space. Right-click on the disk volume you wish to enable quotas on. Click OK when finished. Stu Sjouwerman. or applying different policies to different share points and directories. such as network virus scanners. In addition to enabling Quota Management on a volume-wide basis. With Quota Management. You can override the default values and create volume quota entries for specific users by clicking on the Quota Entries button in the Quota panel. Click on the Quota tab to get to the Quota panel. the per-server licensing costs kept these add-on administrative products from becoming de rigueur at small to moderate-sized IT shops. or 500KB. Unfortunately. The quota management renaissance Fortunately. For example. only administrators clamored for storage quota management. which leaves most NT admins in the unpleasant position of having to handle storage issues in a reactive rather than a proactive mode. 3GB. as well as generate usage reports per user. Advanced Toolware's Spaceguard and NORTHERN Software's Quota Server. To assign default quota values for users. W. Microsoft never gave NT administrators a way to regulate user storage quotas. While upper management mandated the use of other add-on products. Quinn's QuotaAdvisor. you can set quota values for all users by default. the OS still lacked storage quota capabilities. such as NetWare. the built-in tools work on a per-volume and per-server basis. had storage quota management built into the system for years. Even when NT tipped the scales and gained dominance. Other network operating systems. tells me that only 15 to 20 percent of NT shops use third-party quota management tools. users still find ways to fill all the storage you give them. The built-in tools can't notify users of their disk usage based on definable threshold levels. and in Quota Properties. you can set default user storage limits on a per-volume basis and override these defaults on a per-user basis. Products like these use policy-based management through administrator-definable access control lists and file system device drivers to set limitations on user storage. insert a value in the "Limit Disk Space To" option. To turn Quota Management on. and log events when users exceed warning levels. I'm sure you all have storage hogs. it's still not as robust as most third-party tools. You can use numeric or decimal values such as 1.Disk quota management arrives at last Jason Perlow. president of Sunbelt Software. Microsoft finally implemented quota management as one of the base features of the NTFS 5 file system in Windows 2000. You can further customize quota options to deny disk space to users exceeding the quota limit. log events when users exceed quota limits. but can't apply quota policy across your Windows 2000 network. double-click the My Computer icon on your server's desktop. who despite constant prodding by your network managers. 46 . still keep the last four years of their personal e-mail on the server (replete with scores of 50MB PowerPoint file attachments) and those who feel that your $30.