Professional Documents
Culture Documents
Table of Contents
Chapter 1
1.1 1.2 1.3 1.4 1.5 1.6
Overview of Windows NT
1-1
Windows 95 and Windows NT 1-2 NT Server and NT Workstation 1-3 Types of NT Server 1-4 License Management 1-5 Work Group and Domain 1-7 Management Tools 1-9
2-1
2-2 2-4 2-7 2-8 2-9 2-10 2-11
3-1
File System 3-2 NTFS Permission 3-4 Setting NTFS Permission 3-7 Copying and Moving a File or Folder 3-9 Shared Folder 3-10 Shared Folder Permission 3-11 Setting a Shared Folder 3-13 Accessing to a Shared Folder 3-16 Printer Management 3-17
Chapter 4
4.1 4.2 4.3 4.4
4-1
Audit 4-2 Setting Up for Audit 4-3 Event Viewer 4-6 Using the Event Viewer 4-8
Chapter 5 Tools
5.1 5.2 5.3 5.4 5.5 5.6
5-1
Task Manager 5-2 Windows NT Diagnostic Program 5-3 Performance Monitor 5-4 Network Monitor Tool 5-5 Disk Administrator 5-6 Server Tools 5-7
OS
1.0 3.1 1.0 5.0 3.1 6.2
Network support OS
Windows95 Windows98
MS-DOS
MS-Windows
WindowsNT
3.1 3.5 3.51 4.0 5.0
Netware
4.0 4.1
IntranetWare
Network OS
Memo
n Features of Windows 95 Derived form MS-DOS to Windows 3.1, then to Windows 95. Highly compatible with currently available software and hardware. Provides the plug-and-play and APM functions.
Plug-and-play A function to automatically detect and configure hardware devices. APM Advanced Power Management
n Windows NT Developed separately as a 32-bit OS. Provides the multi-user environment. Provides a user interface similar to Windows 95. Available in 2 types: NT Server and NT Workstation.
Multi-user An environment that allows multiple users to use a single computer by providing each user with his own work environment.
1-2
Memo
n NT Server Optimized as a file, print, or application server used in a network environment. Provides the user management function (NTDS) in a network environment.
NTDS windows NT Directory Service A system to provide management of a network environment using a distributed database. Domain management is also available.
1-3
Small Business Server Provides integrated applications with NT. NT Server Enterprise Edition Designed to be used for large-scale backbone works.
n NT Server packages In addition to a standard package, multiples packages are available in accordance with network scales.
Memo
n Small Business Server Windows NT Server integrated with an electronic mail function, a groupware, databases, a Internet server, a home page design tool, an Internet connection gateway function, a FAX server, a centralized management tool, and others.
n Windows NT Server, Enterprise Edition 4.0 Designed to be used for large-scale backbone works.
Tips Although the prices of personal computers and peripheral devices have been lowered, the costs of management and operations, including software upgrades, employment of support personnel, and problem solutions, are becoming rather expensive due to complexity of the system. This has triggered business users to place much interest in TCO.
1-4
NT Server
A single user accesses A single user accesses to aasingle folder via to single folder via multiple computers. multiple computers. Text
Text
Data
n Access license Using NT Server resources via a network requires a separate client access license.
Memo
n What is an access license? Using resources via a network is called a connection and each connection requires a license.
1-5
2 2 2 2
NT Server
4 (22) 4 (22) 2 2
NT Server
NT Server
n License mode There are 2 license grant modes available: number of concurrent users and number of connected clients. n Number of concurrent users Provides the same number of licenses as the number of accesses per server.
Memo
n Number of connected clients Provides the same number of licenses as the number of clients in a network.
n Changing license mode Available only one time from the number of concurrent users to the number of connected clients.
1-6
User data
n Window NT user management Windows NT user management is provided form 2 aspects: a work group and a domain.
Memo
n Work group A logical group for providing a list of computers and users.
User authentication A process to verify whether to give a permission to a user attempting to use a Windows NT server. This process is performed every time a user attempts to use a Windows NT server.
User data is stored in each computer for user management and user authentication.
1-7
Added
User data
Automatically copied.
Directory database
Memo
Tips You must determine an application of a Window NT server at installation. You may use it as a PDC or BDC for domain management, a member server, or a computer called a stand alone server. To change the application, you must reinstall the Window NT server.
1-8
n Windows NT management Management tools to be used by a system administrator are available by selecting [Start] - [Program] - [Administrative Tools (Common)].
Memo
1-9
n User account Unique identification of a user. Required when a user attempts to use a computer or to use resources of other computer via a network. One account is required per user.
Memo
Tips Since the Administrator account is highly privileged, a mistake in operation with this account for ordinary operations may cause a serious problem. To avoid this to happen, an administrator is provided with a user account to perform ordinary operations as well as the Administrator account to perform only management tasks.
2-2
n Place to save user accounts User accounts are classified into domain user accounts and local user accounts.
Memo
Tips It takes a few minuets for the database on the BDC to synchronize with the PDC. Thus a user data just created will not be copied and a new user may not log in for a while. When this happens, you can use the server manager to copy the database manually.
2-3
n Procedure to create a user account Start the user manager for domains. Click on [New User...] from [User] menu. Enter configuration data. (1) Username (2) Full Name (3) Description (4) Password (5) Confirm Password (6) User Must Change Password at Next Logon (7) Password Never Expires (8) Account Disabled Press [Add] button.
Memo
User Manager for Domain Use the user manager on a Windows NT workstation.
Account Disabled This setup item for a built-in account Guest is enabled.
2-4
n Logon hours Setup procedure for the logon hours (1) Click on [Hours] in the [New User] dialog box. (2) Select hours to prohibit logon by dragging on bars and click on [Disallow]. (3) Click on [OK].
Memo
n Workstation to log on Setup procedure for a workstation to log on (1) Click on [Logon to] in the [New User] dialog box. (2) Click on [User May Log On To These Workstations]. (3) Enter up to 8 computer names. You must enter at least one. (4) Click on [OK].
2-5
n Account information Set 2 items related to an account. (1) Valid period of an account
Memo
Setup procedure for the account information (1) Click on [Account] in the [New User] dialog box. (2) Click on [Account Expires] and enter a date. (3) Check [Local Account] to define it as a local account. n Dial-in access right Setup procedure for the dial-in access right (1) Click on [Dialin] in the [New User] dialog box. (2) Check [Grant dialin permission to user]. (3) Configure the Call Back option and press [OK].
Call Back A process in which an RAS server that received a call disconnects the call and calls a client computer to make a connection.
2-6
n Changing the user account information Start the user manager for domains. Select a user account and click on [Properties...] in [User] menu.
Memo
n Deleting an account Procedure to delete an account (1) Start the user manager for domains and select a user account. (2) Press [Delete] key or select [Delete] from [User] menu.
n Changing a user account name Start the user manager for domains. Select a user account and click on [Rename...] in [User] menu.
Tips Window NT manages accounts using unique numbers called S-IDs (Security IDs), which makes a new account created using a previously delete account name to handled as a separate user account. Until you are sure that you can really delete an account, you should check [Account Disallow] to prevent the account from being used and save it.
2-7
BDC
Global group accounts
PDC
Global group accounts
.
.
Local group accounts
Memo
Created in the local directory database or the master directory database on the PDC.
n Global group May only include user accounts of a domain to which a group is registered.
2-8
n Creating a local/global group Creating a global group (1) Click on [New Global Group...] in [User] menu. (2) Enter a group name and a brief description in the [New Global Group] dialog box. (3) Select a user to include in a group from [Not Members] list and click on the [<-Add] button. (4) Click on [OK]. Creating a local group (1) Click on [New Local Group...] in [User] menu. (2) Enter a group name and a brief description in the [New Local Group] dialog box. (3) Click on the [<-Add] button. (4) Select a user to include in a group from [Name] list in the [Add Users and Groups] dialog box and click on the [Add] button. (5) Click on [OK].
Memo
2-9
n Changing the group account information Start the user manager for domains. Select a user account and click on [Properties...] in [User] menu.
Memo
n Deleting a group account Procedure to delete a group account (1) Start the user manager for domains and select a group account. (2) Press [Delete] key or select [Delete] from [User] menu. (3) Click on [OK].
n Changing a group name You can not change any group name.
2-10
Memo
Use of a template
2-11
n Changing multiple user accounts Multiple user settings may be changed at once.
Memo
(1) Start the user manager for domains and select all user accounts of which information you want to change.
2-12
n File system Windows NT supports 3 file systems: FAT, NTFS, and CDFS (CD-ROM).
Memo
n FAT Supported by OSs such as Windows NT, Windows 95, MS-DOS, and OS/2.
FAT File Allocation Table Windows NT 4.0 does not support FAT32, the latest version of FAT. NTFS windows NT File System
n NTFS Supported only by Windows NT. An access right may be set per file.
Tips When using Windows NT in a multi-boot environment, no access can be made to a partition using the NTFS from any other OS. NTFS can not be used for a start-up drive.
3-2
n CONVERT.EXE Converts the file system from FAT to NTFS while maintaining partition information.
Memo
To convert (1) Start [Console]. (2) Enter CONVERT <drive_name:> /FS:NTFS and press [Enter]. where <drive_name> is an FAT drive to convert. Example: CONVERT E: /FS:NTSF (to convert E drive)
3-3
Write/Execute Delete/Execute
n What is an NTFS permission? A function to restrict access to files and folders on an NTFS formatted drive.
Memo
Write (W)
Execute (X)
3-4
Folder permission
Everyone
Add and Read (RWX)(RX)
Everyone
New file
Read (RX)
n File permission File permission types (1) No Access (None) (2) Read (RX) (3) Change (RWXD) (4) Full Control (All)
Memo
n Folder permission Folder permission types (1) No Access (None) (None) (2) List (RX) (Not Specified) (3) Add (WX) (Not Specified) (4) Add & Read (RWX) (RX) (5) Change (RWXD) (RWXD) (6) Full Control (All) (All)
3-5
n User and group setup Permission may be given to a user and a group to which the user belongs. (1) If Read (RX) permission is given to USER1 and Change (RWXD) permission is given to GROUP1 to which USER1 belongs, Change (RWXD) will be applied to USER1. (2) If Read (RX) permission is given to USER2 and Change (RWXD) and No Access (None) are given respectively to GROUP2 and GROUP3 to which USER2 belongs, No Access (None) will be applied to USER2. n File and folder setup The file permission has higher priority than the folder permission. Therefore, specifying a full path name to a file allows you to access the file regardless of the permission of the parent folder. (1) If a folder with No Access to USER3 contains a file with Full Control permission to USER3, Full Control permission to the file will be given to USER3.
Memo
3-6
n Prerequisite for permission setup To set a permission to a file or folder, you must be its owner or hold either of the following permissions: (1) Full Control (2) Special access permission to change the permission
Memo
n Default permission Formatting a drive with the NTFS assigns Full Control permission to the group Everyone.
Tips The NTFS permissions include Special Accesswith which an administrator can combine permissions to set a unique permission. This permission is used for special purposes, such as giving ownership to another user.
3-7
n Setting a permission to a file or folder Procedure to set a permission to a file or folder (1) Right-click on a folder or file in Explorer and click on [Properties] (2) Click on the [Security] tab in the Properties dialog box, then click on [Permission]. (3) Click on [Add...] to add users or groups to which you set a permission. (4) In the Add Users and Groups dialog box, select a user(s) or group(s) and set a permission to it (them).
Memo
3-8
Move
Change (RWXD) Change (RWXD)
n Change of permission Copying or moving a file or folder may change its permission and ownership.
Memo
n Moving a file or folder Maintains an access permission of the source folder if moving was carried out in the same drive.
Takes over a permission of the destination folder just like copying if moving was carried out between drives.
3-9
Print request
n Sharing service Sharing is a function of Window NT and Windows 95 to offer resources to other computers via a network.
Memo
n Shared folder Sharing a folder allows a user to access to network applications, data, and a home holder.
3-10
Change
Read
No Access
Memo
Read (RX)
Change (RWXD)
3-11
n User and group setup Permission may be given to a user and a group to which the user belongs.
Memo
n Combination of shared folder permission with NTFS access permission Sharing a folder on an NTFS volume allows you to set 2 types of restriction: NTFS permission and shared folder permission. (1) If a shared folder with Full Control permission contains a file with Read NTFS permission to USER1, USER1 will have Read permission to the file.
Tips Setting a different permission type for the NTFS and shared folder permissions will complicate management. Since the NTFS permission is good for remote and local access, it is better to give Full Control permission to a shared folder and restrict access to it with the NTFS permission, which will simplify management operations while maintaining security.
3-12
n Prerequisite for sharing a folder Members of the following groups may share any folder. (1) Administrators (2) Server Operators (Domain controller only) (3) Power Users (Member server and Windows NT workstations)
Memo
n Management sharing Windows NT automatically set the following folders to a shared folder. (1) C$, D$, E$...
(2) Admin$
Tips Placing a dollar sign at the end of a share name makes concealed sharing, which hides the folder when browsed in Network Computer. Use this method to set a shared folder for administrators only.
3-13
n Sharing a folder Procedure to set a shared folder (1) Right-click on a folder in Explorer and click on [Sharing...]. The Properties dialog box with the [Sharing] tab appears on top appears. (2) Click on [Shared As] and enter a share name. (3) Enter a description in the [Comment] entry box. (Optional) (4) Set the number of users to allow concurrent access to a shared folder in [User Limit]. (5) Click on the [Permissions...] button to set permission. (6) Click on [OK].
Memo
Share Name A name that other computers use to connect to a shared folder. This is displayed in Network Computer. You may also assign a name that is different from a folder name.
Tips When an already shared folder is selected, the [New Sharing] button will be displayed. Clicking on this button allows you to share a single folder with another share name. Use this function to provide both short and long names for users of an old client OS that can not recognize a long share name and for users of Windows Client, respectively.
3-14
n Shared folder permission Procedure to set shared folder permission (1) Right-click on a shared folder in Explorer and click on [Sharing...]. (2) Click on [Shared As] on the [Sharing] tab in the Properties dialog box. (3) Click on [Add...] in the [Access Through Share Permissions] dialog box. (4) Click on a user or group to give permission in the Add Users and Groups] dialog box. (5) Select a desired permission from the [Type of Access] box. (6) Click on [OK] to bring back the [Access Through Share Permissions] dialog box. (7) Click on [OK].
Memo
3-15
n Connecting to a network drive Procedure to connect to a network drive (1) Start Explorer and click on [Map Network Drive] in the [Tools] menu. (2) Select a drive name to map in the [Drive] box. (3) Specify an UNC path to a desired shared folder to connect in the [Path] box. (4) Click on [OK].
Memo
n Direct access to a shared folder Click on the [Start] button and select [Run...], then enter an UNC path to a desired shared folder.
3-16
n Permission to access to a printer You may set permission to access to each printer.
n Creating a new printer Double-click on [Add Printer] in [Printers] under [Control Panel].
Tips With Full Control permission to access to a printer, you may perform operations related to printers and documents, such as setting a shared printer, deleting a printer, and changing permission, but can not create a printer. Creating a printer requires device driver loading, and you need permission to do so.
3-17
n Creating a network printer Procedure to create a network printer (1) Right-click on an existing printer icon in [Printer] under [Control Panel] and click on [Sharing...]. (2) Click on [Shared] and specify a share name, then click on [OK].
Memo
n Setting permission to access a printer Procedure to set permission (1) Right-click on an existing printer icon in [Printer] under [Control Panel] and click on [Properties]. (2) Click on the [Security] tab, then click on the [Permissions] button. (3) Add a user or group and specify a permission type, then click on [OK].
3-18
4.1 Audit
Monitoring resources and events Audit records user operations. Audit Records operated users, executed operations, date, and time.
n Monitoring resources and events Audit allows you to monitor resources and accesses to the system to find fraud use of resources.
Memo
n About audit Operated users, executed operations, date, and time are recorded.
n Audit procedure Use the user manager for domains to enable audit and select events to audit. Set audit items to a file, folder, and printer.
Event Items recorded by auditing, such as file operations and logon.
4-2
n Auditing a domain Logon and logoff File and Object Access Use of User Rights Security Policy Changes Restart, Shutdown, and System Process Tracking
Memo
Procedure to enable audit (1) Start [User Manager for Domains] and click on [Auditing] in the [Policies] menu. (2) Click on [Events to Audit] and select an appropriate event in the [Audit Policy] dialog box.
4-3
n Auditing a file or folder Procedure to audit a file or folder (1) Start Explorer and right-click on a file or folder to audit, then select [Properties]. (2) Click on the [Security] tab. (3) Click on [Auditing]. (4) Click on the [Add...] button and select a user to audit. (5) Set an event(s) to audit on success and/or failure in [Events to Audit]. (6) Click on [OK] to bring back the [%Name% Properties] dialog box and click on [OK].
Memo
4-4
n Auditing a printer Procedure to audit a printer (1) Open [Printer] in [Control Panel] and double-click on a printer to audit, then select [Properties]. (2) Click on the [Security] tab. (3) Click on [Auditing]. (4) Click on the [Add...] button and select a user to audit. (5) Set an event(s) to audit on success and/or failure in [Events to Audit]. (6) Click on [OK] to bring back the [%Printer Name% Properties] dialog box and click on [OK].
Memo
Tips The audit gives the load to the system. An excessive audit may not give the result which corresponds to the load. Therefore, it should carefully be set that only a necessary event is to be audited.
4-5
n Viewing a log The Event Viewer displays information on errors, warnings, and audit records.
Memo
4-6
Information types
n Log display Records are displayed with an icon specific to each information type in all logs. Information Warning
Memo
Tips When a serious error occurs, a warning message appears on the screen. However, events that are not currently serious, such as reduced free disk space, are only recorded in the system log with no message appearing on the screen. It is recommended to periodically check the logs even when no warning message appears.
4-7
n Displaying logs of other computers Procedure to display logs of other computers (1) Click on [Select Computer] in the [Log] menu. (2) Enter a name of target computer in the [Computer] box.
Memo
Procedure to save a log (1) Click on [Save As...] in the [Log] menu. (2) Enter a folder and a file names to save.
4-8
Chapter 5 Tools
1. 2. 3. 4. 5. 6. Task Manager Windows NT Diagnostic Program Performance Monitor Network Monitor Tool Disk Administrator Server Tools
n Viewing processes This tool display a list of running processes. Information on resources consumed by each process is also displayed.
Memo
Process An execution unit of a program Resource Indicates hardware resources, such as CPU and memory, here. Priority Windows NT provides 32 priorities from 0 through 31. When multiple applications are started at the same time, an application with the highest priority will be executed first.
This tool allows you to abort processes and change priority for execution.
Starting the task manager (1) Press [CTRL] + [ALT] + [DEL] to open the [Windows NT Security] dialog box, then click on [Task Manager...].
5-2
n Viewing configuration data This tool displays information on hardware and OS stored in the registry.
Memo
Use this tool to view configuration information or to look for a cause of a trouble.
Starting the NT Diagnostic Program Select [Start] - [Program] - [Administrative Tools (Common)] and click on [Windows NT Diagnostic].
5-3
n Monitoring performance The Performance Monitor allows you to: (1) Monitor the system performance at real time to log. (2) Learn a chronological trend. (3) Measure processing capability of the system.
Memo
Starting the Performance Monitor Select [Start] - [Program] - [Administrative Tools (Common)] and click on [Performance Monitor].
5-4
n Monitoring the network Using the Network Monitor, you can capture frames or packets sent onto the network and analyze them.
Memo
Frame, Packet A chunk of data carried over the network. Capture To take in data.
Installing the network monitor (1) Open [Network] from [Control Panel] and click on the [Add...] button on the [Services] tab. (2) Select [Network Monitor Tools and Agent] and click on [OK].
Using the Network Monitor (1) Select [Start] - [Program] - [Administrative Tools (Common}] and click on [Network Monitor].
5-5
n Managing disk partitions The Disk Administrator is a tool to manage hard disks and removable media.
Memo
Removable Media Include MO and ZIP.
Starting the Disk Administrator Select [Start] - [Program] - [Administrative Tools (Common)] and click on [Disk Administrator].
Tips The Disk Administrator of Windows NT Server provides menu items to use a function called fault tolerance or RAID which was developed by enhancing the volume set or stripe set function. This allows you to set mirroring that uses 2 disks and striping with parity that uses 3 or more disks.
5-6
n Managing the domain environment A set of applications called server tools to manage the domain environment from a computer running Windows 95 or Windows NT Workstation are available.
Memo
Common server tools (1) User Manager for Domains (2) Server Manager
Tools available for Windows 95 only (1) Event Viewer (2) File and print security tabs
Tools available for Windows NT Workstation only (1) DHCP Manager (2) WINS Manager (3) Remote Access Admin (4) System Policy Editor
5-7