| Lifelong Learning | ||||||
| Reports Written In Pursuit Of Professional Diploma On IT | ||||||
|
Contents Report on Educational Technology |
Windows NT Overview Architecture Windows NT is designed to run both 16 and 32 bit applications under an environment subsystem that also enables OS/2 and POSIX applications to be run on the same computer. DOS and other 16 bit windows applications are made to run inside any number of virtual DOS machines to prevent them from affecting other 32 bit applications. Users can choose to run 16 bit applications in a separate memory space by including the /separate option n the run command or by signifying the same in the graphical run utility. A user can also make a shortcut to the program and edit the program information file (PIF) of the shortcut specifying that the program should be run in separate memory space. The Windows NT architecture also features a Hardware Abstraction Layer which enables the operating system to run in both the Intel and Alpha hardware platforms. It uses the Network Device Interface Specifications (NDIS) to enable multiple protocols to be bound to different network adapters and media types. Domain Management Windows NT may be installed as a Primary Domain Controller (PDC), Backup Domain Controller (BDC) or Stand Alone Server. The PDC should be the first computer to be installed in the office. When a Windows NT computer becomes a member of the domain, users may use it to logon to the domain or log on locally to the computer only. An administrator may work on the computer's local security database or the domain's security accounts maintained at the PDC. A BDC maintains a copy of the security accounts database maintained at the PDC. The BDC regularly receives updates to the accounts database from the PDC. We promote a BDC to PDC using the Server Manager administrative tool in a Windows NT computer. The Server manager can also be used in managing Windows NT's shares and any directory replication schemes. For directory replication to work, the Directory Replication Service must be configured to automatically start in the Windows NT servers participating in the scheme. The Directory Replication tool in Server Manager should then be configured in the export server. Finally, the Directory replication tool in the server properties section of the Server Manager must be configured in the import computer. A domain is a group of computers that share the same accounts database. In a domain, computing resources are managed centrally in one server, the PDC. A workgroup, on the other hand, is a group of computers where computer accounts are managed separately by each computer in the group. Browser Services is a Windows NT feature that maintains the list of computers in a domain together with the resources that they share. An election mechanism ensures that qualified computers perform various roles in the maintenance of the browser list. A registry key called MaintainServiceList is used to force or keep a Windows computer from performing a browser role. ProtocolsBy default, Windows NT installs the NETBEUI and the TCP/IP protocols. NETBEUI is a small but swift means of communication between computers. Unfortunately, it can only be used inside a subnet since it does not know how to talk with routers. In other words, it is not a routable protocol. On the other hand, TCP/IP is the standard protocol of the Internet. It is a powerful, reliable, and flexible communication protocol with a fairly big overhead. It enables a Windows NT computer to traverse other internal and external networks including the World Wide Web. NETBEUI is a self-configuring protocol and does not need any configuration from an administrator unlike the TCP/IP which require additional configuration information. To make TCP/IP work on Windows NT, the administrator needs to provide it with an IP address and subnet mask either manually or through a DHCP server. TCP/IP also needs to know which DNS server it will go for hostname resolution and to which router it will pass the packets destined for outside networks. If the domain is using WINS, the administrator also needs to specify which WINS server to use for NETBIOS name resolution. A Windows NT default installation will also include the Server service which enables the Windows NT computer to share its resources with the workgroup or domain and the Workstation service which enables access to shared resources from another computer in the workgroup or domain. User Accounts and TrustsWindows NT is equipped with a very powerful administrative tool for managing access to domain resources in the form of a utility called the User Manager for Domains. It enables a Windows NT administrator to set up domain wide accounts policies and manage domain computer users and groups. An administrator uses groups to provide file and printer permissions that may be used inside the domain or may traverse across domains through the trust relationship mechanism. Trust relationship is a two-way scheme for enabling access to resources among domains. A trusting domain is first made to trust another domain by including the domain in its list of trusted domains. Then, the trusted domain confirms the trust by including the trusting domain in its trusting domain list. This is done using a single password known to the administrators of both domains. Trust relationship may be one-way or two-way. A two-way rust relationship is set up when users in both domains need access to resources on the other domain. It is effected by repeating the one way trust while reversing the roles of the two domains, that is from trusting to trusted and vice versa. Resource Access PermissionsAdministrators normally manage resource access permissions by including users to groups and then assigning permissions to groups. Permissions to access resources are made to local groups which may include domain users and global groups from other domains. Global groups are made mainly to make possible access to domain resources by users from other domains under a trust relationship scheme. Windows NT comes with an initial set of local and global groups which are used to provide user rights to domain users. Rights enable users to perform their roles in the domain. Administrators and power users are given more and powerful rights than the ordinary domain user. Resource access permissions and rights are normally given to local groups in the domain. Users from other domains are first placed in a global group and the global group is then made a member of a local group. Rights and permissions for domain resources are then given to the local group. Resource access and rights use can be monitored by enabling auditing in the User Manager for Domains and then setting up who and when to audit in the properties list of the resource as seen in Windows Explorer or the Control Panel. Success and failure logs can then be examined using the Event Viewer administrative tool. Share and NTFS PermissionsSince resources in Windows NT can be shared across domains, access permission can be given both to the actual resource and as a share. NTFS permissions are those given to the resource by accessing the resource's security button in Windows Explorer's properties list. Share permissions are given by accessing the Sharing tab in the properties list of the resource in Windows Explorer. Effective permission is what the user finally gets when accessing a shared resource with both shares and NTFS permissions. The rule states that when share and NTFS permissions are in conflict, the more restrictive permission will apply. However, if the no access permission is given in either the share or NTFS permission, the user may not access the resource. NTFS permissions are the only permissions to contend with when the user is logged on locally to the Windows NT computer. When dealing with only NTFS permissions, however, the more liberal permission will apply. When copying files to a different folder within the same partition, the file inherits the permissions of the folder to where the file is copied. But when moving the file to a different folder within the same partition, the original permissions are retained. However, if the file is moved to a folder in a different partition, the file inherits the new folder's permissions. Profiles and PoliciesWindows NT administrators can setup roaming profiles by copying the profile to the Netlogon share of the PDC and specifying the profile in the user properties tab of the User Manage for Domain. They can rename the profile file from Ntuser.dat to Ntuser.man to make the profile mandatory, that is read only and cannot be changed. For better control of what users can do, Windows NT offers the System Policy Editor where administrators can more precisely setup restrictions for users and computers. In System Policy Editor, a default profile may be setup for most users and computers while particular profiles may be made for specific users and computers. In policy mode, the profile is copied to the Netlogon share of the PDC and overwrites the affected portion of the computer registry during logon. In registry mode, System Policy Editor manipulates registry values directly and changes are made effective after reboot. The RegistryWindows NT centralizes all configuration information in the registry which is actually composed of several files. The registry is modified in several ways such as by application installation programs, control panel applets, System Policy Editor and directly using the regedt32 registry editor. Regedit is an older registry editor program that can provide a better search capability but does not provide security features. IISWindows NT comes ready with the Internet Information Server (IIS), a capable HTTP server that can provide web, FTP and gopher services. It can be installed by adding the World Wide Web Publishing service in the Services tab of the network applet in the Control Panel. The IIS comes equipped to serve Active Server Pages (ASP) and provides for several schemes for password authentication including anonymous, basic and Windows NT Challenge/Response. It also features a way of selecting computers that can connect to the web service. RASWindows NT Remote Access Services (RAS) enables access to the domain from outside through the Public Switched Telephone Network (PSTN) using a modem pool. The service provides for a maximum of 256 connections to be made to the Windows NT Server. Connections may use any of the supported protocols line NETBEUI, IPX/SPX and TCP/IP and may be restricted to the server or through the entire domain. RAS enables various authentication schemes to be set up including Challenge Handshake Authentication Protocol (CHAP), Shiva Password Authentication Protocol (SPAP) and Password Authentication Protocol (PAP). Clients use the Dialup Networking Program in Windows to connect to the Windows NT RAS. RAS also uses multilink to enable use of several modem lines for certain connections to increase available bandwidth and the callback mechanism as an added security feature. Fault ToleranceWindows NT provides the Disk Administrator tool which can be used to partition and format hard disks and provide mechanisms for creating and maintaining fault tolerant disk volumes using the Redundant Array of Inexpensive Disks (RAID) technology. Stripe sets (RAID Level 0) are volumes composed of same size partitions from different disks to facilitate data retrieval but is not fault tolerant. A volume set is a mechanism to gather free spaces from different disks and make a bigger volume. Mirroring and disk duplexing (RAID Level 1) are fault tolerant means that duplicate the contents of one partition. Disk Stripping with Parity (RAID Level 5) uses parity information to reconstruct a failed member of the stripe set. Recovery from mirrored partition involves breaking the mirror, deleting and creating a new partition and resetting the mirror. If the mirrored system and boot partition fails, a fault tolerant diskette is prepared to boot the computer using the mirror set. Once the computer is up, a new mirror is made and the fault tolerant diskette is updated to point to the new mirror set. Recovery from a failed stripe set with parity involves deleting the failed member, creating a new partition and regenerating the stripe set. A fault tolerant diskette contains the NTLDR, boot.ini, NTDETECT, and NTOSKERNEL files. DNS, WINS and DHCPWindows NT can implement a Domain Name Service (DNS) to provide hostname to IP address resolution for domain clients. It is configured using the DNS Manager tool by specifying information about the domain and including name to IP address resolution records in the database. The records are either address records for straight address resolution or pointer records which are used for reverse address resolution. The server automatically generates the zone files for the name server. The DNS Manager also provides statistics on its name resolution activities. Windows Internet Name Service (WINS) is a NETBIOS name to IP address resolution tool that automatically gathers information and provides name to address resolution to domain clients. Once installed, WINS start its work without much configuration. Hosts that don't know how to talk with the WINS server are given static addresses and their data are included in the database. Windows NT maintains two files which can be used for name resolution in cases where the DNS and WINS service are not working. The hosts and lmhosts files in the Winnt\system32\drivers\etc folder contains hostname/NETBIOS name to IP address mapping records which TCP/IP may refer to if the need arise. To help administrators manage IP address distribution, Windows NT can provide a Dynamic Host Configuration Protocol (DHCP) service for the domain. It can be installed by adding the DHCP service in the Control Panel Network applet. DHCP is configured using the DHCP Manager administrative tool. Administrators need to specify the IP address range to be distributed, address range exclusion, default and maximum lease duration and static address assignment if any. Performance MeasurementPerformance Monitor is an administrative tool that helps administrators look for potential troubles in Windows NT. Administrators use the chart, alert, log or report view depending on what kind of information would be suitable to the problem analysis task. They may choose to monitor performance statistics from a variety of physical and logical objects that include memory, processor, physical disk, logical disk, process, server, system, thread and many others. Disk measurements will result in zero values unless the system administrator enables them by entering the diskperf -y command. Performance Monitor can include measurements for TCP/IP statistics if the system administrator installs the Simple Network Management Protocol (SNMP). Windows NT Diagnostics provide both configuration and performance measurement data regarding the different aspects of the Windows NT operation. It gives administrators information on OS version, display, drives, memory, services, resources, environment and network aspects of the Windows NT computer. BackupThe Windows NT Backup administrative tool provides an easy to use utility for backing up domain and computer data to magnetic tape medium. It presents an explorer-like window for specifying the files that need to be backed up. It can perform different types o backup including normal, copy, incremental, differential and daily copy. Backups can also be performed using the ntbackup command. It can be scheduled to be performed using the at command. Administrators may choose to permit only certain users to perform backup and restore operations, verify if the backup is accurate and specify if the registry should also be backed up. Netware ConnectivityWindows NT comes ready to interact closely with a Netware based network. The NwLink IPX/SPX protocol enables Windows NT to connect to client-server application running on Netware. Its File and Printer Services for Netware enables Netware clients to access its file and printer services. With Gateway and Client Services for Netware, Windows NT can access file and printer shares on the Netware server and enables Windows based computers to access Netware shares using Windows NT as a gateway. Client AdministrationThe Network Client Administrator is an administrative tool used to create either a network installation startup disk or a network installation disk set that can be used to connect a client computer to an installation server or install network client software. Administrators can likewise perform unattended installation using an answer file prepared beforehand. TCP/IP ToolsWindows NT comes prepared with tools and utilities to manage the TCP/IP protocol. These include commands for using the Internet Control Message Protocol (ICMP) like ping and tracert, Address Resolution protocol (ARP) like the arp command, and commands for obtaining TCP/IP statistics like the nbtstat and netstat commands. Download MS Word Version (.doc) of this document. |
|||||
|
Copyright 2008 Aureo P. Castro Email: [email protected] |
||||||