|
|
 |
|
|
|
Microsoft® Windows® 2000 Administrator's Pocket Consultant, Second Edition
|
|
|
Author
|
|
William R. Stanek
|
|
|
Pages
|
560
|
|
Disk
|
N/A
|
|
Level
|
All Levels
|
|
Published
|
08/14/2002
|
|
ISBN
|
9780735617926
|
|
Price
|
$29.99
To see this book's discounted price, select a reseller below.
|
|
|
|
|
|
|
|
|
Index
A
A (address) record, 489, 490-91
access control. See also permissions; security model, Windows 2000
DNS servers, 500
Windows security model, 150
Access Control Settings dialog box, 426
access permissions
account capabilities and, 162
printers, 425-26
removable media, 382-83
account delegation, security options, 215-16
account lockout
enabling locked out accounts, 226
managing with group policies, 72
policies, 186-87
Account Lockout Duration, 186-87
Account Lockout Threshold, 186
Account Operators group, 170-71
account policies, 180-84
effective, 183-84
Kerberos policies, 188-89
lockout policies, 186-87
password policies, 184-86
secure passwords, 180
security policies, 91
setting, 180-83
user rights policies, 189-93
account setup
account policies, 180-84
domain user accounts, 194-96
global group accounts, 198
global group membership, 200-201
Kerberos policies and, 188-89
local group accounts, 198-200
local user accounts, 196-97
lockout policies, 186-87
naming, 177-80
password policies, 184-86
passwords, 180
primary groups, 201
user rights policies, 189-93
accounts. See group accounts; user accounts
Active Directory, 105-34
advanced permissions, 228-29
auditing objects, 332
authorizing DHCP servers, 439
comparing Active Directory domains with Domain Name Systems (DNS) domains, 111
data store, 118-19
defined, 3
directory structure, 118
DNS and, 105-6, 478
domains, 106-8
global catalogs, 119-20
Lightweight Directory Access Protocol (LDAP) and, 122
logical structures, 106-7
operations master roles, 122-24
organizational units, 109
physical and logical structures, 106-7
replication, 121-22
restoring, 364-66
sites and subnets, 110
Windows 2000 add-ons, 7
Windows 2000 and Windows XP Professional and, 112
Windows 95 and Windows 98 and, 115-17
Windows Me and XP Home Edition and, 118
Windows NT and, 113-15
Windows XP and, 112
Windows XP Home Edition and, 118
Active Directory administration, 125-48
accounts and shared resources, searching for, 129-31
Active Directory Users And Computers, 127-28
command-line role transfer, 144-46. See also ntdsutil utility
computer accounts, 131-35
computers, 136-41
domain controllers, connecting to, 128-29
domain controllers, installing and demoting, 141-42
domain naming master role, 143-44
domain-wide roles, 142-43
domains, connecting to, 129
global catalog configuration, 146
key tools, 125
organizational units, 147-48
schema master role, 144
support tools, 126
Active Directory client
installing, 116-17
Windows 95 and Windows 98 and, 116
Windows Me and Windows XP Home Edition and, 117
Active Directory Domains And Trusts
domain naming master role, 143-44
domain structures, accessing, 108
functions of, 125
mixed mode operation, 113-14
native mode operation, 114
Active Directory-integrated primary servers, DNS, 479
Active Directory Schema, 125-26, 144
Active Directory Service Interface (ADSI), 122
Active Directory Sites And Services
functions of, 125
global catalog configuration, 146
site and subnet management, 110-11
Active Directory Users And Computers
computer accounts, 131-35
computers, 136-41
domain controllers, 128
domain user accounts, 193-96
domains, 129
domain-wide roles, 142-43
folders of, 128
functions of, 125
global group accounts, 198
group membership, 200-201
local user accounts, 196-97
multiple accounts, 225
organizational units, 109, 147-48
profile path assignment, 216
Profile tab, 206
searching for accounts and shared resources, 129-31
starting, 127
updating accounts, 222-23
active partitions, 241
Add A Group Policy Object Link dialog box, 78
Add Printer Wizard
local configuration, 412
locating printer on network, 418
port selection, 414
print device detection, 413
printer manufacturers and models, 415
Printer Sharing page, 416
remote configuration, 411
add-on components, 6-7
Add/Remove Hardware utility, Control Panel, 10
Add/Remove Hardware Wizard, 35-37
installing hardware, 36
overview of, 10
troubleshooting hardware and device problems, 37
uninstalling hardware, 36-37
Add/Remove Programs utility, Control Panel, 10
Add/Remove Snap-In dialog box, 74, 127
address book, 205
address conflicts, DHCP, 443
address (A) record, 489, 490-91
addressing. See IP addresses
Adm subfolder, 75
Administrative shares, 313
administrative templates, 83-86
adding/removing, 85-86
OS policies and, 80
viewing, 83-85
administrative tools
configuring, 14-15
list of, 13-14
menu, 109
administrative wizards, 9
Administrator account, 157-58
Administrator groups, 168-69
ADSI (Active Directory Service Interface), 122
advanced permissions
Active Directory, 228-29
computer accounts, 228-30
group accounts, 228-30
user accounts, 228-30
Advanced properties, files, 299
Advanced RISC Computer (ARC), 251
Advanced tab, System utility, 26-29
application performance, 26
registry size, 28-29
virtual memory, 26-28
Advanced Transmission Control Protocol/Internet Protocol (TCP/IP) Settings dialog box
DNS settings, 397
multiple IP addresses and gateways, 394-95
Windows Internet Name Service (WINS) settings, 398
alert configuration, 67-70
Alert dialog box, 68
aliases, canonical name (CNAME) records and, 491
Anonymous Logon identity, 174
APIs (application programming interfaces), 122
application logs, 53
application media pools, 376-77
application programming interfaces (APIs), 122
application servers, 7
applications
administration, 40-41
management, 21
Applications tab, Task Manager, 41-42
ARC (Advanced RISC Computing), 251
archiving logs, 56-58
formats, 57
viewing, 58
ARP (Address Resolution Protocol) command-line utility, 16
At command-line utility
defined, 16
remote task scheduling, 101
running processes at specific time, 39
task deletion, 102
task scheduling, 100-101
viewing scheduled tasks, 101-2
audit policies, setting, 328-30
auditing
Active Directory objects, 332
Dynamic Host Configuration Protocol (DHCP) servers, 440-41
files and folders, 330-31
printers, 426
system resources, 328-32
Authenticated Users identity, 174
authentication
Window NT protocols, 114
Windows 2000 protocols, 149-50
authoritative restore, 365
auto-loader tape systems, 347
Automatic Updates utility, Control Panel, 10-11
B
background processes, 39
backup and recovery, 343-83
Active Directory, 364-66
backup types, 344-45
Backup utility, 348-50
Backup Wizard, 354-56
boot disks, 369
copy backups, 344
daily backups, 345
devices and media, 346-47
differential backups, 344-46
disaster preparation, 368
emergency repair disks, 368-69, 371
encrypted data and certificates, 366-68
exclusions, viewing and setting, 352-53
incremental backups, 345-46
manual backups, 356-59
manual restore, 362-64
media pools, 374-77
normal/full backups, 344
options, default, 351
options, setting, 351-52
planning for, 343-44
Recovery Console, 371-74
remote systems, 366
Restore Wizard, 359-62
Safe Mode, 370-71
tapes, 347-48
backup directory, DHCP, 455
backup domain controllers (BDCs), 113
Backup Operators group, 170-71
backup options, 351
backup plan, 343-44
Backup utility, 348-50
accessing, 348-49
data types and, 350
features of, 349
Backup Wizard, 354-56
baselines, 59
basic disks
active partition, 241
compared with dynamic disks, 240-41
conversion to/from dynamic disks, 241-43
basicdc template, 92
basicsv template, 92
basicwk template, 92
Batch identity, 174
BDCs (backup domain controllers), 113
.bfk file extension, 355
b-node (broadcast), 459
boot disk
adding partitions and, 248-50
creating, 369
editing, 279
updating, 250-51
BOOTP (Bootstrap Protocol), 451
broadcast (b-node), 459
built-in capabilities, 162, 165-67
built-in group accounts, 153, 159
built-in user accounts, 157
burst handling, 466
C
caching values, WINS, 505
caching-only DNS servers, 500
callback parameters, 214-15
canonical name (CNAME) record, 489, 491-92
CD-ROM resources, Windows 2000 distribution, 7
certificates, 366-68
Certificates snap-in, 366-67
Check Disk utility (Chkdsk.exe), 255-56
child domains, DNS, 106, 477
child zones, 486-88
Chkdsk.exe, 255-56
circular trace files, 67
clients
Active Directory, 116-17
DHCP, 433-34
WINS, 458-59
CNAME (canonical name) record, 489, 491-92
color coding
partitions, 245
volumes, 266
command-line
role transfer from, 144-45
seizing server role from, 145-46
utilities, 9, 15-16
commands, recovery console, 373
comments, printers, 420-21
Commit Charge, 44
compatws template, 92
compression
backups and, 355, 359
directories, 258-59
disk drives, 258
files, 258-59
computer accounts
advanced permissions, 228-30
creating, 131-33
deleting, disabling, and enabling, 134
group accounts, 173
moving, 135
resetting, 134-35
storing in Active Directory, 112
viewing and editing, 134
computer configuration node, Group Policy, 79
Computer Management console, 17-21
accessing, 17-18
connections to other computers, 18-19
console messages, 19-20
DHCP Server service, 438
disk quotas, 337-38, 341-42
information lists, exporting, 20
service and application management, 21
share permissions, 311-13
sharing folders, 305, 319
storage tools, 21
system tools, 20-21
tool categories, 18
user and computer sessions, 316
computers
domains and workgroups and, 136
network connections, 137-41
policies, 73-74
startup/shutdown scripts, 86-88
configuration data, replication of, 119, 121
Conflict Detection Attempts, DHCP console, 443
console messages, 19-20
contact information, user accounts, 202-5
Control Panel
System utility, 219-22
utilities, 10-12
Convert utility, 254-55
copy and paste, files and folders, 296
copy backups, 344
Copy Disk dialog box, 295
copying by dragging, files and folders, 295-96
counters
alert configuration, 67-70
choosing, 60-62
defined, 59
logs, 62, 63-65
CPU History, 43
CPU Usage, 43
Create Partition Wizard, 249
Create Shared Folder Wizard, 305
Create Volume Wizard, 268-69, 270
Creator Group identity, 174
Creator Owner identity, 174
Customize This Folder Wizard, 292
cut and paste, files and folders, 297
D
daily backups, 345
DAT (digital audio tape) drives, 347
data
administration, 231
domain data, replication, 119, 121
encrypted data, 366-68
exchange server data, 350
integrity, 272
remote storage data, 350
schema data, 119, 121
system state data, 350
data sharing. See shares
data store, 118-19
database, DHCP, 455-56
database, WINS
management, 471-75
replication, 467-71
version ID, 465
Date/Time utility, Control Panel, 11
Dcpromo utility, 6, 106
default accounts, 156
default rights, groups, 165-67
defragmenting, 257-58
device drivers. See drivers
Device Manager
installing/uninstalling device drivers, 33-35
overview of, 21
viewing/managing hardware devices, 32-33
DHCP (Dynamic Host Configuration Protocol)
dynamic IP address assignment, 389, 393
IP addresses, checking, 434-35
managing, 21
overview, 433
DHCP clients, 433-34
DHCP console
auditing, 441
binding multihomed servers to IP addresses, 440
Conflict Detection Attempts, 443
DNS integration settings, 442
exclusion ranges, 452-53
overview of, 437
remote server connections, 438
reservation management, 453-55
server authorization, 439
server configuration, 437
statistics updates, 440
DHCP scopes, 444-51
activating/deactivating, 450-51
BOOTP and, 451
leases and reservations, 453-55
modifying, 450
multicast scopes, 448, 451
normal scopes, 445-48
option settings, 449-50
overview of, 435-36
range exclusions, 452-53
removing, 451
statistics, 452
superscopes, 444-45
DHCP Server Properties dialog box, 439
DHCP servers
address conflicts, 443
auditing and troubleshooting, 440-41
authorizing, 439
backup directory, 455
binding multihomed server to IP address, 440
configuring, 439-43
database, restoring from backup, 455-56
DNS integration, 442
installing, 436-37
remote connections, 438
saving and restoring configuration, 443
starting/stopping, 438
statistics updates, 440
troubleshooting, 440-41
DHCP Server service, 438
dial-in privileges, user accounts, 213-15
Dial-Up identity, 174
differential backups
compared with incremental, 345-46
defined, 344
digital audio tape (DAT) drives, 347
directories
compressing, 258-59
decrypting, 264
deleting, 297
encrypting, 261-62
properties, 299-301
renaming, 297
selecting, 295
structure, 118
Directory Service Client Setup Wizard, 117
disaster preparation, 368
Disk Defragmenter, 21, 257-58
disk drives, 233. See also floppy disks
backup and recovery, 347
compressing, 258
defragmenting, 257-58
deleting, 253
drive status, 239
encrypting, 259
error checking, 255-56
installing and checking, 238
Integrated Drive Electronics (IDE), 234-35
overview of, 233-34
preparation of, 235-38
properties, 298-99
rescanning, 243
Small Computer System Interface (SCSI), 234
disk duplexing, 275
Disk Management
color coding partitions, 245
color coding volumes, 266
Disk List view, 237
drive letter, assigning, 252
drive preparation, 235-36
drive status, 239
dynamic disk, moving to new system, 244
dynamic disks, reactivating, 243
Graphical view, 237
logical drives, 246-48
mirrored sets, breaking, 278
mirrored sets, creating, 276
mirrored sets, removing, 280
overview of, 21
partitions, 246-48, 253
path letter, assigning, 252
paths, deleting, 253
Rescan Disk, 243
striped sets, creating, 277
upgrading basic disk to dynamic, 241-43
volume label, changing or deleting, 253
Volume List view, 236-37
volumes and volume sets, creating, 267-70
disk mirroring (RAID 1)
breaking mirrored sets, 277-78
overview of, 274-76
removing mirrored sets, 280
repairing mirrored volume, 279-80
resynchronizing and repairing mirrored sets, 278
disk quotas
creating entries, 339-40
deleting entries, 340-41
disabling, 342
enabling on NTFS volumes, 337-38
importing/exporting settings, 341-42
overview of, 332-34
policies, 335
setting, 334-37
viewing entries, 338-39
disk striping (RAID 0), 273-74, 280
disk striping with parity (RAID 5), 276-77, 280-81
display names, 178
Display utility, Control Panel, 12
distribution groups, 153
DLLs (Dynamic Link Libraries), 37
DNS (Domain Name System), 477-506
advanced settings, 396-97
basic settings, 395
compared with WINS, 458
comparing Active Directory domains with DNS domains, 111
discontiguous vs. contiguous names, 107-8
domain hierarchy, 105-6
domain naming master role, 122, 143-44
dynamic updates, 498-99
enabling on network, 479
fully qualified domain name (FQDN) and, 151
integration with Active Directory, 478
integration with DHCP, 442
integration with WINS, 503-6
overview of, 23-24, 477
pinging host names, 406
DNS console
child zones, 486-88
dynamic updates, 498
IP addresses, 499
Monitoring tab, 502
primary DNS servers, 480-82
records, managing, 489-97
records, viewing/updating, 494
reverse lookups, 484
Reverse Lookup Zones folder, 504
secondary DNS servers, 483
server management, 484-86
WINS caching and time-out values, 505
WINS tab, 503
DNS records
Alias (A) and Pointer (PTR), 490-91
Conical Name (CNAME), 491-92
Mail Exchange (MX), 492-93
Name Server (NS), 493-94
Start Of Authority (SOA), 495-97
types of, 489
viewing and updating, 494
DNS Server, event logs, 53
DNS servers
access control, 500
caching-only, 500
configuring, 480-83
event logs, 501
forwarding servers, 501
forwarding-only DNS servers, 500-501
installing, 479-80
IP addresses, enabling/disabling, 499
managing, 484-89
monitoring, 502
reverse lookups, 483-84
types of, 479
DNS zones
restricting transfer, 497-98
setting type, 498
SOA record and, 495-96
document management
default settings, 426
print management window, 431
Domain Admins group, 168-69
domain controllers
accessing, 127
compared with member servers, 112
configuring Windows 2000 as, 5-6
connecting to, 128-29
global catalogs and, 120
installing and demoting, 141-42
storing in data store, 119
Domain Controllers, group, 173
domain data, replication, 119, 121
domain forests, 106, 107-8
Domain Group Policy Object (GPO), 90-91
Domain Guests, 165, 171-73
domain local groups, 153, 155
Domain Name System. See DNS
domain naming master role, 122, 143-44
domain policies
applying existing policies, 77-78
block policy inheritance, 77
creating and editing, 75-77
inheriting, 72-73
overriding and disabling, 77
domain trees, 106, 107-8
domain user accounts
copying, 224-25
creating, 194-96
as user account type, 151
Domain Users, 171-72
domain-wide roles, 142-43
domains
Active Directory vs. Windows NT, 6
adding computers to, 136
configuring, 4
connecting to, 129
defined, 106deleting, 489
DNS, 477
overview of, 107
drive partitions. See partitions
drivers
installing/uninstalling, 33-35
printers, 407-8, 421
drives. See also disk drives; floppy disks
letter assignment, 245, 252, 269
mapping network, 319-20
path assignment, 245, 252
properties, 298-99
status, 239
dynamic disks
active partition, 241
compared with basic disks, 240-41
converting to/from basic, 241-43
moving to new system, 244
reactivating, 243
special drive sections of, 240
Dynamic Host Configuration Protocol. See DHCP
dynamic IP addresses, 393
Dynamic Link Libraries (DLLs), 37
dynamic updates, DNS, 498-99
E
EFS (Encrypting File System), 259-64
decrypting directories and files, 264
encrypting directories and files, 261-62
overview of, 260-61
recovery policy, 263-64
working with, 262
emergency repair disks, 368-69, 371
encrypted data, 366-68
Encrypting File System. See EFS encryption
directories and files, 261-62
disk drives, 259
security options, 215-16
stored passwords, 186
working with encrypted files and folders, 262
End Process, 41
Enforce Password History, 184
Enforce User Logon Restrictions, 188
Enterprise Admins group, 168-69
Enterprise Domain Controller identity, 174
environment settings, user accounts, 206-7
environment variables, 207
Environmental Variables dialog box, 29-30
error checking, disk drives, 255-56
event logs
accessing and applying, 53-55
application logs, 53
archives, 57, 58
archiving, 56-58
clearing, 56
DHCP, 440-41
DNS, 501
options, 55-56
policies, 91
printer events, 429
types of, 53
WINS, 465
Event Viewer
clearing event logs, 56
displaying events of selected logs, 54
log archives, 57
overview of, 21
events, 54
Everyone identity, 174
Exchange server data, 350
expiration, domain accounts, 226
Export List feature, 20
extended partitions, 244
F
Failed Redundancy, 280
FAT volumes
converting to NTFS, 254-55
FAT 16, 283
FAT 32, 284
share permissions and, 310
fault tolerance, 240, 275
file name truncation, 287
file permissions
overview of, 323-26
setting, 326-28
file servers, 7
file system
FAT volumes, 283-84
FAT vs. NTFS, 249-50
folder templates, 291
folder views, 292-94
folder Web content, 291
local vs. remote, 233
long file names support, 286-87
naming conventions, 285-86
NTFS volumes, 284-85
policies, 91
volumes and, 266
Windows Explorer and, 287-90
files
auditing, 330-31
compressing, 258-59
copy and paste, 296
copying by dragging, 295-96
cut and paste, 297
decrypting, 264
deleting, 297
encrypting, 261-62
properties, 299-301
renaming, 297
replication, 53
selecting, 295
sharing, 319
File Transfer Protocol (FTP) utility, 16
Find Computers dialog box, 129-30
Find People dialog box, 205
floppy disks, 294-95
Folder Options dialog box, 290, 293
Folder Options utility, Control Panel, 12
folders
Active Directory, 128
auditing, 330-31
copying by dragging, 295-96
creating, 298
customizing views, 292-93
multiple views, 293-94
permissions, 323-28
sharing, 319
templates, 291
Web content, 291
foreground processes, 39
Format dialog box, 249
formatting
floppy disks, 294
partitions, 248-50
forward lookups, 483, 503
Forward Lookup Zones folder, 485
forwarding servers, 500-501
forwarding-only servers, DNS, 479, 500-501
Found New Hardware message box, 412
FQDN (fully qualified domain name), 151, 477
FTP (File Transfer Protocol) command-line utility, 16
full backups, 344
full integration
DNS and Active Directory, 478
NetBIOS names and, 505-6
fully qualified domain name (FQDN), 151, 477
G
gateways, 393-95
General tab, Properties dialog box, 238
General tab, System utility, 22-23
global catalogs
configuration, 146
logon authentication, 113
overview of, 119-20
replication, 121-22
global groups
application of, 155
creating, 198
group scope, 153
membership, 200-201
Globally Unique Identifier (GUID), 76, 133
Go To Process, 41
GPOs (Group Policy Objects)
storing group policies in, 72
updating Domain GPO, 90-91
graph display, CPU, 43
graphical administrative tools, 9, 12-15
graphical user interface (GUI)-based tools, 12
group accounts
administrator, 168-69
applications, 155-56
built-in, 159
computer, 173
default rights, 165-67
deleting, 225
implicit and special identities, 160-61, 174-75
logon rights, 164-65
operator, 170-71
overview of, 152
permissions, 228-30
predefined, 160
privileges, 162-64, 410
renaming, 223-24
scope of, 153-54
security identifiers, 154-55
share permissions, 313
special identities, 160-61, 174-75
types of, 153
updating, 222-23
user, 171-73
Group Policies, 71-86
administrative templates for, 83-86
Audit Policy, 329
computer and user policies, 73-74
disabling, 78
disk quotas, 334
functions of, 71-72
local group policies, 74-75
order of application, 73
overview of, 72-73
printer problems and, 409
restricted, 91
site, domain, and unit policies, 75-78
special folders and, 80-83
Group Policy console, 79-80
Group Policy Objects (GPOs)
storing group policies in, 72
updating Domain GPO, 90-91
group scope, 153, 154
Guest account, 158-59, 171-73
GUI (graphical user interface)-based tools, 12
GUID (Globally Unique Identifier), 76, 133
H
hard disks. See disk drives
hardware devices
installing, 36
troubleshooting, 37
uninstalling, 36-37
viewing and managing, 32-33
hardware profiles, 24-25
Hardware tab, System utility, 24-25
hidden files, 290
Hidden property, files, 299
Hidden shares, 313
hisecdc template, 93
hisecws template, 93
h-node (hybrid), 459
home directories, 209
%HomeDrive%, 207
%HomePath%, 207
hostname command-line utility, 16
hot fixes, 7-9
hot swapping drives, 238
hybrid (h-node), 459
I
icons, Windows Explorer, 289
IDE disk drives, 234-35
IIS Admin Service Properties, 51-52
IIS (Internet Information Services), 303
implicit and special identities, 160-61, 174-75
incremental backups
compared with differential, 345-46
defined, 345
tape rotation for, 348
infrastructure master role, 123-24, 142-43
inheritance
blocking, 77
group policies and, 72-73
objects and, 322-23
IntelliMirror, 3
Interactive identity, 174
interactive processes, 39
Internet Information Services (IIS), 303
Internet Protocol (TCP/IP) Properties dialog box, 392
I/O handles, 44
IP addresses
binding multihomed DHCP server to, 440
centralized control of, 433
checking with ipconfig, 434-35
dynamic, 393
enabling/disabling, 499
multiple, 393-95
pinging, 406
static, 390-93
ipconfig command-line utility, 16, 434-35
K
Kerberos
authentication with, 150
policies, 188-89
Primary Domain Controller (PDC) emulators and, 114
security options, 216
Kernel Memory, 44
L
LDAP (Lightweight Directory Access Protocol), 122
leases
DHCP, 453-55
WINS, 464
Licensing utility, Control Panel, 12
Lightweight Directory Access Protocol (LDAP), 122
LMHOSTS, 397-99
Local Area Connection Properties dialog box, 391
local file systems, 233
local group accounts, 153, 198-200
local group policies, 72, 74-75
local policies, 91
local printers, 409-10. See also printers
local profiles, 219-22
changing type, 222
copying, 220
creating, 217-18
creating by hand, 219-20
defined, 216
deleting and assigning new, 221-22
restoring, 220-21
local user accounts, 151, 196-97
Local Users and Groups, 20, 197-200
LocalSystem account, 157
logical drives, 21, 246-48
logical structures, Active Directory, 106
logoff scripts, 88-89
logon
authentication and, 113, 149-50
hours, 210-12
names, 151-52, 178
problems, 227-28
rights, 162, 164-65
scripts, 88-89, 208
services, 49-50
workstations permitted, 212-13
logs. See event logs; performance logs
long name support, 285, 286-87
M
Machine subfolder, 75
mail exchange (MX) record, 489, 492-93
mandatory profiles, 217, 218
manufacturers, printer, 415
mapping network drive, 319-20
Maximum Lifetime, Kerberos, 188
Maximum Log Size, 55-56
Maximum Password Age, 184-85
Maximum Tolerance, Kerberos, 189
media pools, 374-77
changing type of, 376
creating, 376
deleting, 377
moving media to different pool, 375
policies for, 376-77
preparing media for, 375
types of, 374-75
MEM Usage, 43
member servers
compared with domain controllers, 112
configuring Windows 2000 as, 5-6
membership, global groups, 200-201
memory, kernel and physical, 44
Memory Usage History, 43
Microsoft Exchange, 363
Microsoft Management Console (MMC), 74, 125
Microsoft Windows 2000, See Windows 2000
Microsoft Windows 2000 Advanced Server, 4
Microsoft Windows 2000 Datacenter Server, 4
Microsoft Windows 2000 Professional, 4
Microsoft Windows 2000 Server, 4
Microsoft Windows 95/98. See Windows 95/98
Microsoft Windows Me, 118
Microsoft Windows .NET Server family, 5
Microsoft Windows NT, See Windows NT
Microsoft Windows XP Home Edition, 118
Microsoft Windows XP Professional, 90-91, 112
Minimum Password Age, 185
Minimum Password Length, 185
mirrored sets
breaking, 278
creating, 276
removing, 280
mixed (m-node), 459
mixed mode operation, Windows NT, 113-14
mmc command, 74
MMC (Microsoft Management Console) snap-ins, 74, 125
m-node (mixed), 459
monitoring servers, 58
alert configuration, 67-70
counter logs, 63-65
counters, 60-62
DNS servers, 502
performance log types, 62
Performance Monitor, 59-60
preparation, 59
reasons for, 59
replaying performance logs, 67
trace logs, 65-67
MS-DOS and RAID, 273
multicast scopes, DHCP, 436, 448, 451
multihomed DHCP server, 440
multimaster replication model, 6
multiple IP addresses, 393-95
advantages of, 393
assigning, 394
configuring, 393-94
MX (mail exchange) record, 489, 492-93
N
name registration, WINS, 458, 464-65, 466
name release, WINS, 458, 464-65
name renewal, WINS, 458, 464-65
name resolution
DNS, 395-97
WINS, 397-99, 459-60
name server (NS) record, 489, 493-94
naming conventions, files, 285-86
naming policies, 177-80
display names, 178
logon names, 178
naming schemes, 178-80
native mode operation, Windows NT, 113, 114-15
nbtstat command-line utility, 16
net command-line utility, 16
net send command-line utility, 16
net start command-line utility, 16
net stop command-line utility, 16
net time command-line utility, 16
NET tools, 16
net use command-line utility, 16
net view command-line utility, 16
NetBIOS names
full integration and, 505-6
overview of, 458
pinging, 406
WINS and, 397-99
netstat command-line utility, 16
network administration, 385. See also TCP/IP (Transmission Control Protocol/Internet Protocol)
Network And Dial-Up Connections
creating connections, 139-41, 403
existing connections, 137-38
networking component installation, 402
remote access connections, 404-5
static IP address assignment, 391
TCP/IP installation, 388-89
utility, 12
network connections, TCP/IP, 402-6
creating, 403-4
enabling/deleting, 405-6
modifying/duplicating, 406
remote access connections, 404-5
types of, 403
Network Connection Wizard, 404
network drives, 319-20
Network Identification tab, 23-24, 138
Network Identification Wizard, 139-41
Network identity, 174
network interface cards (NICs), 388
network printers, 409-10. See also printers
networking components, TCP/IP, 399-402
available on Windows 2000, 399-400, 401
installing/uninstalling, 400, 402
networking servers, Windows 2000 add-ons, 7
New Reservation dialog box, 453
New Scope Wizard, 446-47
NICs (network interface cards), 388
nonforwarding DNS servers, 500
normal scopes, DHCP, 436, 445-48
normal/full backups, 344
NS (name server) record, 489, 493-94
nslookup command-line utility, 16
NT Local Area Network Manager (NTLM), 114, 150
Ntds.dit (Active Directory data file), 119
Ntdsutil utility
authoritative restore, 365
role transfer, 144-45
NTFS. See NTFS file system volumes
NTFS file system volumes
converting FAT volumes to, 254-55
disk quotas and, 332, 337-38
extending, 271
share permissions, 310
versions, 284-85
NTLM (NT Local Area Network Manager), 114, 150
O
objects
inheritance, 322-23
managers, 320-21
ownership and transfers, 321-22
Windows 2000, list of, 321
Open Files node, 318
open resources, 317-18
operations
changing mount operations, 379
deleting, 379-80
operator notification, 381
Operator Requests queue, 380-81
requests, 381
status in Work Queue, 377-78
Waiting status, 379
operations master roles, 122-24
assigning, 123-24
defined, 112
types of, 122-23
operator groups, 170-71
Operator Requests queue, 380-81
organizational units
defined, 72, 106
functions of, 109
managing, 147-48
overview of, 109
policies, 75-78
P
parent domains, DNS, 106, 477
partial integration, DNS and Active Directory, 478
partitions
active, 241
color coding, 245
creating, 246-48
deleting, 253
drive letter assignment, 245, 252
drive path assignment, 245, 252
formatting, 248-50
types of, 244-45
updating boot disk and, 250-51
volume conversion to NTFS, 254-55
volume label, 253
password policies, 184-86
encrypting stored passwords, 186
Enforce Password History, 184
Maximum Password Age, 184-85
Minimum Password Age, 185
Minimum Password Length, 185
Passwords Must Meet Complexity Requirements, 185
passwords
changing/resetting, 227
remote access connections and, 404
secure, 180
user accounts and, 72, 151-52
Passwords Must Meet Complexity Requirements, 185
path letter assignment, 269
PCL (Printer Control Language), 422
PDC emulators, 113-14, 123-24, 142-43
PDCs (primary domain controllers), 113
peer-to-peer (p-node), 459
performance logs
counter logs, 63-65
monitoring servers, 62-67
replaying, 67
trace logs, 65-67
types, 62
Performance Logs and Alerts, 20
Performance Monitor, 59-60
performance objects, 60
Performance tab, Task Manager, 42-44
permissions
access permissions, 162, 382-83, 425-26
advanced permissions, 228-30
files and folders, 323-28
printers, 425-26
share permissions, 306-7, 310-13
personal certificates, 366-67
Personal Information Exchange (.pfx) format, 366
.pfx (Personal Information Exchange) format, 366
physical drives, 234. See also disk drives
Physical Memory, 44
physical structures, Active Directory, 106
ping command-line utility
checking IP addresses, 390
defined, 16
testing TCP/IP configuration, 406
plug and play devices, 388
p-node (peer-to-peer), 459
pointer (PTR) record, 489, 490-91
Poledit utility, 72
ports, printer, 414, 422
PostScript mode, 422
Power Users, 171-72
predefined group accounts, 160
predefined user accounts, 157-59
primary domain controllers (PDCs), 113
primary group, 201
primary partitions, 244
primary servers, DNS, 479, 480-82
print devices
detection, 413
installing, 410-17
vs. printers, 407
problems and errors, 409
print jobs
completion notification, 429
defined, 408
managing, 429-30
scheduling and prioritizing, 422-24
print management window
access to, 429
document management, 431
emptying print queue, 430
information in, 429-30
pausing/resuming/restarting printing, 430
print monitor, 408
Print Operators group, 170-71
print queue, 408, 430
Print Server Properties dialog box
accessing, 426
logging printer events, 429
printer forms, 427-28
print servers
defined, 410
high volume printing, 428
installing printers on, 410-17
job completion notification, 429
logging printer events, 429
printer forms, viewing and creating, 427-28
spool folder permissions, 428
Windows 2000 add-ons, 7
Print Spooler service, 418-19
print spoolers, local and remote, 408
Printer Control Language (PCL), 422
printer forms, 427-28
printer installation, 410-17
local configuration, 412
manufacturer and model selection, 415
port selection, 414
print device detection, 413
Printer Sharing page, 416
remote configuration, 411
Printer Sharing page, 416
printers, 407-32
access permissions, 425-26
auditing, 426
comments and location information, 420-21
connecting to, 417-18
document settings, 426
driver management, 421
event logs, 429
forms, 427-28
high volume printing, 428
installing locally, 417
installing on print servers, 410-17
job scheduling and prioritizing, 422-24
local and network, 409-10
location information, 420-21
managing, 429-30
ports, 422
prioritizing, 422-24
vs. print devices, 407
separator pages, 422
sharing, 424
spooling problems, 418-19
troubleshooting, 407-9
Printers utility, Control Panel, 12
privileges
account capabilities and, 161
dial-in privileges, 213-15
group accounts, 162-64, 410
user accounts, 162-64
Process tab, Task Manager, 41-42
processes
administration, 41-42
types of, 39
%Processor_Architecture%, 207
Profile tab, Active Directory Users and Computers, 206
properties
accounts, 203-4, 215-16
DHCP servers, 439
directories, 299-301
disk drives, 298-99
DNS zones, 495
files, 299-301
print servers, 426, 427-28, 429
printers, 420
servers, 499
Proxy identity, 174
PTR (pointer) record, 489, 490-91
public certificates, 151-52
publishing directory information, 119
pull partners, WINS replication
creating, 469-70
default parameters, 468-69
defined, 467
push partners, WINS replication
changing replication type, 470-71
creating, 469-70
default parameters, 467-68
defined, 467
Q
queries, 120
Quota tab, 337
quotas. See disk quotas
R
RAID (redundant array of independent disks)
overview of, 272-73
protection and performance with, 265
RAID 0 (disk striping), 273-74, 280
RAID 1 (disk mirroring), 274-80
RAID 5 (disk striping with parity), 276-77, 280-81
Windows 2000 support for, 233
range exclusions, DHCP scopes, 452-53
Read-Only property, files, 299
recovery. See backup and recovery
Recovery Console, 371-74. See also backup and recovery
commands, 373
deleting, 374
functions of, 371-72
installing as startup option, 372
starting computer with, 372-73
recovery options, Startup And Recovery dialog box, 31-32
recovery services, 51-52
Recovery tab, IIS Admin Service Properties, 51-52
registry policies, 91
relative identifier (RID) master
operations master roles, 123-24
seizing with Ntdsutil.exe, 145
viewing and transferring, 142-43
remote access connections, 404-5
Remote Access Services, 213-14
remote file system, 233
remote storage data, 350
remote systems, backup and recovery, 366
removable disks
backup, 347
formatting, 294
removable media
notifying operators of requests, 381
Operator Requests queue, 380-81
requests, 381
Waiting operations, 379
Work Queues, 377-78
Removable Storage, 21, 382-83
removable storage data, 350
renaming
files and directories, 297
group accounts, 223-24
user accounts, 223-24
replication
data store and, 119
full vs. partial, 119
global catalog and, 121-22
types of data replicated, 121
replication, WINS
default parameters, 468-69
defined, 467
push/pull partners, 469-70
replication type, 470-71
triggering, 471
Replicator group, 170-71
Rescan Disk, Disk Management, 243
reservations, DHCP, 453-55
creating, 453-54
deleting, 455
modifying, 454
options, 450
Reset Account Lockout Counter After, 187
restore options, 352
Restore Wizard, 359-62. See also backup and recovery
Restricted identity, 175
reverse lookups
DNS, 483-84
WINS, 504
Reverse Lookup Zones folder, 485
REVERT TO BASIC DISK command, 243
RID (relative identifier) master
operations master roles, 123-24
seizing with Ntdsutil.exe, 145
viewing and transferring, 142-43
right-clicking a listing, 41
roaming profiles, 217, 218
root domains, DNS, 105, 477
route, defined, 16
route command-line utility, 16
S
Safe Mode, 370-71
scavenging the WINS database, 472
Schedule Task Wizard, 96-100
Scheduled Tasks folder, 95
Scheduled Tasks utility, Control Panel, 12
scheduling tasks, 94-102
At utility, 100-102
preparation, 95
Schedule Task Wizard, 96-100
Task Scheduler, 95-96
utilities for, 94
schema data, replication, 119, 121
schema master role, 122, 144
scope, group accounts, 153-54
scopes. See DHCP scopes
scripts
logon/logoff, 88-89
startup/shutdown, 86-88
SCSI disk drives, 234
searches
Find Computers dialog box, 129-30
Find People dialog box, 205
secondary servers, DNS, 479, 482
secure passwords, 180
Secure Socket Layer (SSL), 150
securedc template, 92
securews template, 92
security. See also permissions
architecture, 3
groups, 153
logs, 53
remote access connections, 404-5
user account options, 215-16
security descriptors, 150
security groups, 153
security identifiers (SIDs)
group accounts, 154-55
renaming accounts and, 223-24
user accounts, 152
security model, Windows 2000, 149-50
access controls, 150
authentication protocols, 149-50
security policies
applying security templates, 93-94
list of templates, 91-93
Security tab, file and folder permissions, 326-27
security templates
applying, 93-94
list of, 92-93
security tokens, 155
Self identity, 175
separator pages, 422
sequential trace files, 67
server configuration, 4
Server Operators group, 170-71
Server Properties dialog box, 499
Service identity, 175
service packs, 7-9
services, 6-7
DHCP Server, 438
disabling unnecessary, 52-53
list of common, 46-47
logon, 49-50
managing, 21
overview of, 21
Print Spooler, 418-19
recovery, 51-52
starting, stopping, and pausing, 48
startup, 48-49
system, 44-45
Services and Applications tools, 18
Services for Macintosh, 201
session management, 317
Set Priority, processes, 41
share permissions
configuring, 311-13
modifying, 313
removing from users and groups, 313
types of, 306-7, 310-11
viewing, 311
Shared folder node, 304
shared folders
creating, 305-7
local and remote, 303
overview of, 21
shared system volume (Sysvol), 119
shares
creating, 307
files, 319
folders, 303, 305-7, 319
Macintosh and NetWare, 306
open resources, 317-18
printers, 424
resources, 129-31
session management, 317
special, 313-15
viewing, 304
viewing connections, 316
Web shares, 308-10
shutdown scripts, 86-88
SIDs (security identifiers)
group accounts, 154-55
renaming accounts and, 223-24
user accounts, 152
simple volumes, 265
single sign-on, 150
site policies
applying to new location, 77-78
blocking, overriding, and disabling, 77
creating and editing, 75-77
sites, 72, 106, 110-11
snap-ins, MMCs, 74, 125
SOA (start of authority) record, 489, 495-97
spanned volumes, 265
special folders
central management, 80-83
redirecting based on group membership, 82-83
redirecting to single location, 80-81
removing redirection, 83
types of, 80
special shares, 313-15
spoolers
configuring, 423-24
folder permissions, 428
local and remote, 408
problems, 418-19
SSL/TLS (Secure Socket Layer/Transport Layer Security), 150
stand-alone server, Windows 2000 as, 5-6
start of authority (SOA) record, 489, 495-97
Startup And Recovery dialog box, 30-32
recovery options, 31-32
startup options, 31
startup services, 48-49
startup/shutdown scripts, 86-88
static IP addresses, 390-93
statistics
DHCP, 440, 452
WINS, 461-62, 463
Statistics dialog box, 452
storage tools, 18, 21
stripes, 273
subnets, 106, 110-11, 489
superscopes, DHCP, 444-45
creating and managing, 444
defined, 436
system administration, 3-14
add-on components and services, 6-7
administrative tools, 13-14
command-line utilities, 15-16
Control Panel utilities, 10-11
domain controllers and member servers, 5-6
features, 3
graphical administrative tools, 12-15
member servers, 5-6
NET tools, 16
service packs and hot fixes, 7-9
support tools, 7-9
utilities, 9
Windows 2000 versions and, 4-5
system environment variables, 207
System identity, 175
System Information, 21
system logs, 53
system performance, 42-44
System Policy Editor, 72
System Properties dialog box, 219
system resources, 43
system services
managing, 44-45
policies, 91
system state data, 350
system tools, 18, 20-21
System utility
Advanced tab, 26-29
Control Panel, 12
General tab, 22-23
Hardware tab, 24-25
local profile management, 219-22
Network Identification tab, 23-24
User Profiles tab, 25
%SystemRoot%, 207
Sysvol (shared system volume), 119
T
tape drives, 346
tape jukeboxes, 347
tape rotation, 348
tapes
backup and, 347-48
organizing into media pools, 374
Task Manager
application administration, 40-41
process administration, 41-42
system performance, 42-44
techniques for applying, 40
Task Scheduler wizard. See also scheduling tasks
accessing Scheduled Tasks folder, 95
applying, 95-96
existing tasks, 95-96
new tasks, 96-100
overview of, 94-95
task scheduling. See scheduling tasks
taskmgr, 40
TCP/IP (Transmission Control Protocol/Internet Protocol), 387-424
command-line utilities and, 15-16
DNS resolution, 395-97
dynamic IP addresses, 393
installing, 388-89
multiple IP addresses and gateways, 393-95
network connections, 402-6
networking components, 399-402
NIC installation, 388
static IP addresses, 390-93
testing configuration, 406
WINS resolution, 397-99
templates, security
applying, 93-94
list of, 91-93
Terminal Server User identity, 175
terminal services, 3
threads, 44
time-out values, WINS in DNS, 505
TLS (Transport Layer Security), 150
tool categories, Computer Management console, 18
toolbars, Windows Explorer, 288-89
tools
Active Directory administration, 125-27
NET tools, 16
storage tools, 18
system administration, 7-9, 12-15
system tools, 20-21
Totals, CPU usage, 44
trace logs, 62, 65-67
tracert command-line utility, 16
transitive trusts, 112, 116
Transmission Control Protocol/Internet Protocol. See TCP/IP
Transport Layer Security (TLS), 150
troubleshooting
DHCP, 440-41
DNS, 501
hardware devices, 37
logon problems, 227-28
printers, 407-9
U
UNC (Universal Naming Convention), 209
universal groups, 153, 155
Universal Naming Convention (UNC), 209
UNIX, 241
Update Speed, 43
updating accounts, 222-23
updating operating systems, 10-11
user accounts
address book and, 205
advanced permissions, 228-30
built-in, 157
capabilities for, 161-62
contact information, 202-5
deleting, 225
dial-in privileges, 213-15
enabling, 226
environment settings, 206-7
group accounts and, 171-73
home directory assignment, 209
logon hours, 210-12
logon names, passwords, and public certificates, 151-52
logon problems, 227-28
logon rights, 164-65
logon scripts, 208
passwords, 227
predefined, 157-59
privileges, 162-64
removing share permissions, 313
renaming, 223-24
searching for, 129-31
security identifiers, 152
security options, 215-16
types of, 151
updating, 222-23
workstations permitted to logon, 212-13
user configuration node, Group Policy console, 79
user policies, Group Policies, 73-74
user profiles
local profiles, 217-22
management methods, 216
mandatory profiles, 218
roaming profiles, 218
User Profiles tab, System utility, 25
user rights, 161-67
default user rights, 165-67
logon rights, 164-165
privileges, 162-64
user rights policies
account set up, 189-93
administering, 189-90
configuring globally, 190-93
configuring locally, 193
User subfolder, 77
%UserName%, 207
utilities
command-line, 15-16
Control Panel, 10-11
graphical administrative tools, 12-15
installing, 14-15
NET tools, 16
overview, 9
scheduling tasks, 94
V
version ID, WINS database, 465
views, Windows Explorer, 288-89
Virtual Private Network (VPN), 404
volume label, 253
volumes
conversion to NTFS, 254-55
creating volumes and volumes sets, 267-69
deleting volumes and volumes sets, 270
dynamic vs. basic, 267
extending, 271
managing, 271
overview of, 266-67
volume sets, 267
VPN (Virtual Private Network ), 404
W
waiting operations, 379
Web servers, 150
Web shares, creating, 308-10
Web/Media servers, 7
well connected computers, 110
Windows 2000
Active Directory with, 112
add-ons, 7
compatibility with .NET, 5
objects, 321
plug and play (PNP) devices, 388
RAID support, 233, 273-77
security model, 149-50
security tokens and, 155
Support tools, 7-9
TCP/IP networking components, 399-401
versions, 4-5
Windows 2000 Advanced Server, 4
Windows 2000 Datacenter Server, 4
Windows 2000 Professional, 4
Windows 2000 Server, 4
Windows 95/98, 115-17
accessing network as Active Directory client, 116
accessing network through Windows NT domain, 115-16
Active Directory clients, 116-17
Windows Explorer, 287-90
compressed and hidden files, 290
copying floppy disks, 294-95
creating folders, 298
file and folder properties, 299
files and directory selection, 295
folder sharing and, 305
folder templates, 291
folder views, 292
formatting floppy disks, 294
icons, 289
multiple folder views, 293-94
views and toolbars, 288-89
Web content, 291
Windows Internet Name Service. See WINS
Windows Me, 118
Windows .NET Server family, 5
Windows NT, 113-15
Active Directory modes, 113
domains, 6, 105
mixed mode operation, 113-14
native mode operation, 114-15
Windows Optional Networking Components Wizard, 400
Windows Script Host, 3, 122
Windows XP Home Edition, 118
Windows XP Professional, 90-91, 112WINS (Windows Internet Name Service), 457-74
client/server configuration, 458-59
database scavenging, 472
DNS integration, 503-6
installing, 457
lookups, 503
name resolution, 397-99, 459-60
overview of, 458
WINS clients, 458-59
WINS console
adding servers, 461
database backup and recovery, 474
database, clearing, 475
Enable Burst Handling, 466
event logging, 465
server configuration, 463
server management, 460-62
Verify Database Consistency, 472-73
viewing version ID, 465
WINS servers
adding to WINS console, 461
burst handling of name registrations, 466
database management, 471-75
database replication, 467-71
database version ID, 465
event logs, 465
name registration, renewal, and release, 464-65
saving and restoring configuration, 466
starting/stopping, 461
statistics, 461-63
Winspool utility, 408
Work Queues, 377-78
workgroups
adding computers to, 136
configuring, 4
workstations
configuring, 4
permitted to logon, 212-13
Z
zones, DNS
restricting transfer, 497-98
setting type, 498
zone transfer, 503
Last Updated: August 26, 2002
|
