Windows 2000 System Administration Handbook

About

Features

Description

This task-oriented guide delivers the unsurpassed experience of three world-class Windows 2000 deployment and management experts -- organized for quick reference, so you get enterprise-proven answers exactly when you need them! Windows 2000 System Administration Handbook delivers start-to-finish, expert guidance on managing Windows 2000 for maximum performance, reliability, and value. You'll find detailed, real-world techniques for planning, implementing, and managing Active Directory; migrating to Windows 2000 DNS, DHCP, and/or WINS services; and much more. The authors demonstrate how to manage users and groups more efficiently; reduce TCO by using group policies to centrally administer and control workstations; and secure your network using the powerful new tools Windows 2000 provides. From printing to disaster recovery, task scheduling to network monitoring, Windows 2000 System Administration Handbook is the first total guide to effective Windows 2000 administration.

Sample Content

Table of Contents

1. Introduction to Windows 2000.

What Is Windows 2000? Windows 2000 Professional. Windows 2000 Server. Windows 2000 Advanced Server. Windows 2000 Datacenter Server. What Has Changed Between Windows NT 4.0 and Windows 2000? Windows 2000 Workgroups. Windows 2000 Domains. Windows 2000 Domain Trees. Windows 2000 Forests. MMC. Universal Groups. Overview of Windows 2000 Features. Active Directory. Disk Quotas. File System Changes. Group Policies. Security (Kerberos). Distributed File System. Chapter Summary.

2. Installing Windows 2000.

Preparing for Installation. Hardware Requirements. The Hardware Compatibility List. Disk Partition Limitations. Choosing a File System. Licensing Models. Domains and Workgroups. Installing Windows 2000 from a CD-ROM. Licensing the Server. Preparing the Partition. Formatting the Installation Partition. Text Mode Install. Installing Devices. Regional Settings. Name and Organization. Client Licensing. Computer Name and Administrator Password. Configure Local Time and Date. Installing Network Components. Final Configuration. Upgrading to Windows 2000 via CD-ROM. Beginning Setup. Setup Command Line Parameters. Creating Windows 2000 Setup Disks. Remote Installation Services. Prerequisites for RIS. Functions of RIS. Limitations of RIS. Chapter Summary.

3. Using the Microsoft Management Console and Task Scheduler.

An Introduction to the Microsoft Management Console. Terminology, Definitions, and Switches. Consoles Trees. Snap-Ins. Author Mode. User Mode—Full Access. User Mode—Limited Access, Multiple Windows. Opening the MMC from the Command Line. /a. /s. <path>\*.MSC. Creating A Custom Console. Customizing Views. Taskpads. Navigating the MMC with Keyboard Shortcuts. Task Scheduler. Using Task Scheduler. Chapter Summary.

4. The Windows 2000 Registry.

Viewing the Windows 2000 Registry. Regedt32.exe. Regedit.exe. Choosing a Registry Editor. Structure of the Registry. Value Data Types. HKEY_USERS. HKEY_CURRENT_USER. HKEY_CLASSES_ROOT. HKEY_CURRENT_CONFIG. Editing the Registry. Finding a Key or Value in the Registry. Modifying, Deleting, and Adding Keys and Values. Connecting to a Remote Computer. Security and Permissions. Backing up and Restoring the Registry. Backing up the Registry. Restoring the Registry. Viewing Registry Data Indirectly. Chapter Summary.

5. Using the Windows Control Panel.

Defining the Main Applets in Control Panel. Add/Remove Hardware. Add/Remove Programs. Administrative Tools. Users and Passwords. System. Working with Hardware Profiles. Creating and Modifying Hardware Profiles. Using a Hardware Profile. Working with Operating System Settings. Performance Options. Using Environment Variables. Understanding Startup and Recovery Options. Installing Hardware. Plug and Play Hardware. Non-Plug and Play Hardware. Using the Add/Remove Hardware Applet. Viewing Available Hardware Resources. Altering Hardware Resource Assignments. Chapter Summary.

6. Windows 2000 Boot Process.

Overview of the Boot Process. x86-Based Boot Process. Windows 2000 Control Sets. Control Sets. The Last Known Good Control Set. Advanced Boot Options. VGA Mode. Last Known Good Configuration Mode. Directory Services Restore Mode. Debugging Mode. Safe Mode. Boot Logging Mode. The Purpose of the boot.ini. Understanding the Contents of the Boot.ini. Understanding boot.ini ARC Paths. Using Switches in the boot.ini. Editing the boot.ini. Windows 200 Boot Disks. Importance of the Windows 2000 Boot Disks. Creating the Boot Disk. Chapter Summary.

7. Introduction to Active Directory.

What Is Active Directory? Where Did Active Directory Come From? Active Directory and Open Standard Support. DNS. LDAP. HTTP. Naming Schemes. What Are the Real Benefits? The Structure of the Active Directory. The Basics of Active Directory. Physical versus the Logical Structure. The Physical. The Logical. Chapter Summary.

8. Active Directory Replication.

An Introduction to Active Directory Replication. Directory Synchronization. How Does Replication Work? Originating and Replicated Updates. Update Sequence Numbers. Replication Loops. What About Change Conflicts? Directory Partitions. What about the Real World? Operations Masters. Site and Replication. Replication Topology. What Is a Connection Object? When Should I Create Manual Connections? How Do I Know What's Going On? Chapter Summary.

9. Planning and Installing Active Directory.

Planning Active Directory Implementations. Active Directory Namespace. Site Planning. Organizational Unit Planning. Installing Active Directory. Creating a Domain Controller for a New Domain. Adding a Domain Controller to an Existing Domain. Uninstalling Active Directory. The Active Directory Database. The Shared System Volume. Active Directory Domain Modes. Working in a Multiple-Domain Environment. Understanding Trust Relationships. Domain Security in the Active Directory. Multiple Domains in a Tree. Chapter Summary.

10. Administering the Active Directory.

Creating Active Directory Objects. Common Active Directory Objects. Adding Resources to the Active Directory. Creating Organizational Units. Finding Active Directory Objects. Understanding and Controlling Access to Active Directory Objects. Active Directory Permission Types. Using Active Directory Permissions. Permission Inheritance. Moving Objects. Assigning Administrative Control of Active Directory Objects. Planning for Delegation. Assigning Administrative Control with the Delegation of Control Wizard. Guidelines for Active Directory Administration. Chapter Summary.

11. User Accounts and Their Role.

Understanding the Different Types of User Accounts. Built-In User Accounts. Local User Accounts. Domain User Accounts. Using New User Accounts. Suggested Naming Conventions. Defining Password Requirements. Other Account Options. Creating Domain User Accounts. Using the Directory Management Snap-in. Chapter Summary.

12. Administering User Accounts.

Introduction to Administration of User Accounts. Locating User Accounts. Performing Administrative Tasks. User Profiles. What Does a Profile Contain? Roaming User Profiles. Customizing Roaming User Profiles. Mandatory Roaming User Profiles. Home Folders. The Purpose of Group Policies. Common Problems. Chapter Summary.

13. Windows 2000 Groups.

Why Do We Need Groups? Using Groups in Windows 2000. The Rules of Group Usage. Windows 2000 Group Types. Examining Group Scopes. The Effect of Groups on Your Network. Using Groups in Windows 2000. Other Group Strategies. Creating Groups in Windows 2000. The Purpose of Local Groups. Using Built-In Groups. Built.In Global Groups. Built-In Domain Local Groups. Built-In Local Groups. Built-In System Accounts. Tips on Using Groups. Chapter Summary.

14. Group Policy.

Group Policy in Windows 2000. Group Policy User and Computer Settings. How are Group Policies Stored in Active Directory? How Settings are Applied. Group Policy Inheritance. Overriding and Blocking Inheritance. Processing Order. Preventing GPOs from Executing. Creating a GPO. Delegating Control. Security Settings. Folder Redirection. Guidelines for Group Policy. Implementing Registry-Based Settings. Options for Applying Group Policy. Different Scope Options. Strategies for Delegating Control of GPOs. What to do Before Applying Group Policy. Resolving Problems. Chapter Summary.

15. Managing Disks.

Windows 2000 Hard Disk Basics. Hard Disk Components. Windows 2000 Storage Standards. Windows 2000 Partition Types (Basic Disks). Windows 2000 Volume Types (Dynamic Disks). Managing Disks within Windows 2000. Using the Disk Management Window. Viewing and Updating Information. Managing Basic Disks. Managing Dynamic Disks. Chapter Summary.

16. NTFS Permissions.

Understanding NTFS Permissions. NTFS Permissions and Files. NTFS Permissions and Folders. Understanding the Access Control List (ACL). Applying Multiple NTFS Permissions. Understanding Inherited NTFS Permission. Using NTFS Permissions. Planning NTFS Permissions. Working with NTFS Permissions. Using Special Access Permissions. Defining Special Access Permissions. Using Special Access Permissions. Taking Ownership of Secure Resources. Copying and Moving Data. Copying Files and Folders. Moving Files and Folders. Troubleshooting Permissions Problems. Avoiding NTFS Permission Problems. Troubleshooting NTFS Permissions. Chapter Summary.

17. Shared Folders.

Introduction to Shared Folders. Shared Folder Permissions. Permission Interactions. Recommendations for Using Shared Folder Permissions. Shared Folder Strategies. Application Folders. Data Folders. Creating Shared Folders. Creating Administrative Shares. Shared Folder and NTFS Permissions Combined. Distributed File System. Chapter Summary.

18. Managing Data Storage.

Data Compression. Introduction to Data Compression. Compressing Files and Folders. Using Compressed Files. Disk Quotas. Encrypting Data. Introduction to File Encryption. Encrypting Files and Folders. Using an Encrypted File or Folder. Disk Defragmentor. Using the Defragmenting Tool. Recommendations. Chapter Summary.

19. Backing Up and Restoring.

Understanding Backup and Restoring. Windows Backup. Remote Storage. Removable Storage. Windows Backup Strategies. Different Backup Types. Backup Strategy Best Practices. Performing Data Backup. Preparing to Perform a Backup. How to Select Files and Folders to Back Up. Backup Destination and Media Settings. Using the Advanced Backup Settings. Automating Backup Jobs. Performing Data Restore. Preparing to Restore Data. How to Select Which Backup Sets, Files, and Folders to Restore. Using the Advanced Restore Options. Chapter Summary.

20. Planning for Disaster Recovery.

Disaster Protection. Power Issues. Hardware Failures. Implementing Software RAID. Implementing RAID 1. Implementing RAID 5. Disaster Recovery with Software RAID. Mirrored Volume Recovery. RAID 5 Recovery. Emergency OS Repair. Safe Mode. Windows 2000 Recovery Console. Emergency Repair Disk. Chapter Summary.

21. Installing and Configuring Network Protocols.

Transmission Control Protocol/Internet Protocol. The TCP/IP Protocol Suite. Configuring TCP/IP on Windows 2000. Automatic Private IP Addressing. TCP/IP Utilities. Using TCP/IP Utilities for Troubleshooting. NWlink. Brief History and Uses of NWLINK. Installing NWLink. Configuring NWLink. Other Supported Protocols. NetBIOS Extended User Interface (NetBEUI). Data Link Control (DLC). AppleTalk. Understanding Network Bindings. Purpose of Network Bindings. The Importance of Binding Order. Viewing Binding Order. Changing Binding Order. Chapter Summary.

22. Dynamic Host Configuration Service (DHCS).

Understanding DHCP. Advantages of DHCP. DHCP Server Requirements. DHCP Client Requirements. DHCP Address Assignment. DHCP Lease Release and Renewal. Installing the DHCP Server Service. Configuring the DHCP Service. Installing and Configuring DHCP Scopes. Configuring a Scope. Managing the DHCP Service. Reservation Within a Scope. Viewing Current Leases. Managing Exclusions. Disaster Recovery and DHCP. Backing Up the DHCP Database. Restoring the DHCP Database. Redundant Servers. Command-Line Tasks. Chapter Summary.

23. Windows Internet Naming Service (WINS).

Uses of WINS within a Windows 2000 Network. Why Use WINS? Is WINS Required? New WINS Features in Windows 2000. WINS Name Resolution Process. WINS Registration. Name Resolution. Installing the WINS Service. Managing the WINS Service. Overview of the Management Console. Managing Servers. Adding a WINS Server to the Management Console. Removing a WINS Server from the Management Console. Decommissioning a WINS Server. Exporting WINS Server Information. Managing a Particular Server. Server Statistics. Database Management. Managing Records. Types of Records. Viewing Records. Manipulating Records. Command-Line Tasks. Chapter Summary.

24. Domain Name Server Service.

Understanding DNS. Defining the Domain Namespace. Host Names. Naming Guidelines. Understanding Zones. The Name Resolution Process. Defining Forward Lookup Query. Name Server Caching. Defining Reverse Lookup Query. Installing the DNS Service on a Windows 2000 Server. Server Prerequisites. Performing the Installation. Administering the DNS Service. Configuring a DNS Server. Creating Zones. Adding Resource Records. Setting up Dynamic DNS. Configuring DNS on a Client. Troubleshooting the DNS Service. Monitoring a DNS Server. Configuring Logging Options. Using Nslookup. Chapter Summary.

25. Auditing.

Understanding Auditing. Applying an Audit Policy. Designing an Audit Policy. Guidelines for Designing an Audit Policy. Applying an Audit Policy. Configuring Auditing. Setting an Audit Policy. Auditing Data Access. The Windows 2000 Event Viewer. Understanding Logs. Using the Security Log. Managing Logs. Archiving Events. Chapter Summary.

26. Monitoring Network Resources.

Overview of Monitoring Network Resources. Why Monitor Network Resources? Requirements Before Monitoring Network Resources. Monitoring Access to Shared Folders. Shared Folders. Monitoring Access to Open Files. Monitoring Network Users. Administrative Messages to Users. Chapter Summary.

27. Introduction to Windows 2000 Printing.

Printing Terminology. Prerequisites for Network Printing. Planning a Network Printing Environment. Technical Considerations. Nontechnical Considerations. Creating Network Printers. Adding and Sharing Network Printers. Configuring Client Computers. Installing Printers Using the Add Printer Wizard. Installing Printers via a Web Browser. Driver Management. Chapter Summary.

28. Administering Windows 2000 Printing.

Managing the Print Process. Managing Print Devices. Managing Documents. Managing Printer Pools. Permissions and the Printing Process. Securing Printers via Permissions. Accessing Printers for Administration. Troubleshooting Network Printing. Nobody Can Print to a Particular Network Printer. Everyone's Print Jobs Are Garbled. One Person Cannot Print. One Person Receives Garbled Output. Best Practices for Printer Administration. Chapter Summary.

29. Network Administration.

Documentation. Password Documentation. Server Documentation. Network Documentation. Vendor Documentation. Change Control. The Change-Control Process. The Change Request. Chapter Summary.

Index.

Preface

Preface

Welcome to the Windows 2000 Systems Administration Training Course. As IT professionals, we have watched Windows 2000 slowly mature from a very rough NT5 beta 1 to a robust, polished Windows 2000 released product. As authors, we have attempted to bring you a collection of the topics most relevant to systems administration while adding insight from our own personal experiences implementing and administering Windows 2000 throughout the lengthy beta period, up to and including the final release. We hope that you will find this multimedia training course useful as you study and develop your Windows 2000 system administration skills.

Windows 2000, which initially was to be called Windows NT 5.0, is the newest upgrade in Microsoft's NT line of business operating systems. Windows NT was originally launched in 1993 as Windows NT 3.1. Microsoft chose to number it 3.1 rather than 1.0 to capitalize on the name recognition of its consumer Windows product line. At that time, Windows 3.1 was the current version of Windows and ran on top of DOS.

Windows NT 3.1 was upgraded to 3.5 and later to 3.51, while retaining the older "Program Manager" GUI (graphical user interface). After five service packs, Windows NT 3.51 was showing its age, and, in 1996, Microsoft released Windows NT 4.0. NT4 was essentially 3.51, updated to use the Windows 95 "Explorer" style GUI. Although there were a few new features in NT4, notably Microsoft DNS Server, the basic product was largely the same. Any administrator who had worked with NT 3.51 and knew the Explorer GUI could sit down at an NT4 console and instantly administer the system. Technology has changed rapidly since 1996, when NT4 was released, and making NT keep up with newer technologies has been difficult for both Microsoft and for third-party developers. To keep up with the times and push the NT line of operating systems ahead, Microsoft has dramatically revamped NT4 into what is now Windows 2000, finally released in February 2000.

The Audience

The audience for this book is twofold. Topics are explained in sufficient detail to satisfy readers without prior experience in Windows NT systems administration, yet will help Windows NT administrators leverage their existing knowledge to get up to speed quickly on the new features and techniques of Windows 2000. Throughout the book, we often point out changes between Windows NT 4.0 and Windows 2000 and show the new ways to do the old familiar tasks.

The Contents

It is important to note that the authors of this book are all IT professionals with extensive experience in Windows NT systems administration. While brainstorming for this book, the idea came up to present the material in a way that would provide the best benefit not only to someone reading this book for educational purposes, but also for the real-world systems administrator who needs a reference while on the job. To that end, we've taken care to add tips and insight from our own real-world systems administration experiences and have arranged the topics to cover the common tasks of a Windows 2000 systems administrator. The arrangement of subjects in this book is broken down into sections as follows:

Introduction to Windows 2000 Systems Administration

In this section, we provide an overview of Windows 2000 basics, starting with discussing the different versions of the Windows 2000 operating system. Although the vast majority of this book relates to Windows 2000 Server, you will learn about the Windows 2000 Professional, Advanced Server, and Datacenter Server products, as well, and how they differ from each other. Chapter 1 discusses the different versions of Windows 2000 and how they relate to their Windows NT 4.0 counterparts.

We also discuss new Windows 2000 terminology, such as Microsoft Management Console (MMC), Active Directory, domain trees, and forests. Windows NT 4.0 systems administrators will appreciate the quick overview, as well as the new features section that follows the terminology. Readers who are new to the world of Windows NT technology (Windows 2000 is built on NT technology) will gain an insight into some of the topics ahead of them in the book.

Windows 2000 Systems Administration Basics

With the introductory material out of the way, we dive headfirst into Windows 2000, beginning with installing the operating system. Once the OS is installed, we move on to basic systems administration concepts, such as using the Control Panel, Registry, and MMC snap-ins. We finish this section with a discussion of the boot process as it relates to systems administration and troubleshooting.

Windows 2000 Active Directory

Active Directory is probably the most visible and most talked-about new feature of Windows 2000, and we devote an entire section to it. We start with an introduction that explains what Active Directory is and what it does, then we move into a discussion of the structure of Active Directory, which includes terminology, concepts, and planning issues. With a foundation built, we install Active Directory and learn about the issues surrounding single-domain environments versus multidomain environments. We finish the section on Active Directory by learning how to administer it.

Windows 2000 User and Group Management

One of the more common tasks of a systems administrator is user and group management; thus, we devote an entire section to it. Initially, we discuss the basics of user accounts, from the type of accounts available in Windows 2000 to creating and defining options for user accounts. We then learn how to administer user accounts through user profiles, how to make changes to user accounts, and about home directories for user accounts.

With an understanding of user accounts, we expand into groups, which are collections of user accounts, other groups, and/or computers. We discuss groups from the systems administrator's perspective, including strategies for using groups and how to implement groups. We then look at using Group Policy to administer security on a Windows 2000 network.

Windows 2000 Data Management

Server management is another important topic for systems administrators, and we cover it in this section. We start with a discussion of managing server hard disks with Windows 2000 utilities and features and learn about the NTFS file system and its benefits for server file management. Next we learn about shared folders, because one of the most basic functions of a server is to serve files. Once we understand how shared folders work and how to manage them, we expand on that to administer data storage, including NTFS compression, disk quotas, and disk defragmenting.

No discussion of systems administration would be complete without backup and restoring data from servers and planning for disaster recovery. We discuss these subjects and provide insight into fault tolerance issues and best practices for protecting Enterprise data.

Windows 2000 Networking Basics

Up to this point of the book, we have focused primarily on single server administration and functions that take place within a server. In this section we expand our focus into the networking environment as it relates to Windows 2000. We discuss network protocols supported by Windows 2000, with a focus on TCP/IP, the protocol of choice for most networking environments and the required protocol for many Windows 2000 features such as Active Directory. You will learn about TCP/IP topics such as DHCP, WINS, DNS, and how to implement and administer them on a Windows 2000 network.

Windows 2000 Security

Security is another important topic for systems administration, and we discuss auditing access to network resources and monitoring network resource usage. This is done from the systems administrator viewpoint, including designing policies for auditing and monitoring, why it should be done in the first place, and managing security logs. We learn how to view currently used resources and how to disconnect users from resources when necessary.

Windows 2000 Printing

Network printing is another common function of a Windows 2000 network, so we devote a section to it. We introduce printing concepts and learn how to create and share printers, and how to administer printers and print queues. Systems administration issues, such as driver files, client and server configuration, and print pools, are discussed.

Windows 2000 Administration Practices

We finish the book with a general section on systems administration best practices. Some of the topics are about systems administration, in general, rather than being Windows 2000-specific, but all are relevant to the real world administrator. We discuss issues related to documentation, restoring workstations and servers to original configurations, and general administration practices, such as driver management and issues related to when your organization moves from one location to another and you have to move your systems.

Conclusion

After much discussion back and forth, we feel like we have come up with a structure for this training course that will allow the beginning systems administrator to build knowledge throughout the book as later topics build on the foundation laid by previous topics, while allowing the experienced systems administrator to find topics of interest quickly. We hope that you find this training course valuable as you study Windows 2000 systems administration and learn to apply that knowledge in the real world.

Updates

Submit Errata