CHAPTER 1
INTRODUCTION TO ADMINISTERING WINDOWS NT
Lesson 1: Introduction to Windows NT
..
3
Lesson 2: Overview of Windows NT Directory Services
.. 10
Lesson 3: Logging on to Windows NT
13
Lesson 4: Windows NT Administrative Tasks and Tools
. 19
Lesson 5: The Windows NT Security Dialog Box
. 24
Best Practices
30
Review
31
Lesson 1:
Introduction to Window NT
Windows NT workstation can be used alone as a desktop operating system, networked in a
peer-to-peer workgroup environment, or used as a workstation in a Windows NT Server
domain environment. Windows NT can be used with Microsofts BackOffice products.
Advantages of Windows NT Workstation:
Desktop Performance: Supports preemptive multitasking, with multiple processors. For
example, it you run a multithreaded program such as Microsoft Word, you can work on one
document while another document prints.
Hardware Profiles: You can have a profile to match your laptop while it is in the docking
station, or when you go home to work you can have another profile with a configuration for
dial-in hardware.
Microsoft Internet Explorer: Fast, simple, browser, compatible with existing standards.
Microsoft messaging: Receive and stores electronic mail, including files and objects created
in other programs.
Peer Web Services: Provides a personal Web Server, optimized to run on Windows NT
Workstation Version 4.0.
Security: Provides Local security for files, folders, printers, and other resources.
Operating System Stability: Supports each program in its own memory address space.
Malfunctioning programs will not affect other programs or the operating system.
======================================================================
wntadm1.html PAGE
2
2001/10/20
What is Windows NT Server?
Windows NT works well as a file, print, and application server that handle tasks for organizations
ranging from small workgroups to enterprise networks.
Windows NT server offers the following
advantages:
Server Performance. Windows NT Server handles file, print and application server performance.
OEM, Original Equipment Manufacturers of Windows NT Server supports up to 32 processors
in a symmetric multiprocessing environment.
Built-in communications. Salespeople, traveling workers, or other mobile users can connect to
Windows NT Server 4.0 using RAS (remote access service), a feature that lets remote users dial-in
to the network. Windows NT provides support for 256 inbound RAS sessions.
Management tools. Task Manager and Network Monitor simplify the day-to-day administration
of your network server. Task Manager monitors programs, tasks, and key performance on
Windows NT Server 4.0, providing detailed information on each program and process running
on the system. You can get rid of sluggish programs. Network Monitor also examines network
traffic to and from the server at the packet level. Therefore, making it easier to troubleshoot.
Internet Information Server (IIS). This allows for Web Server installation and management
are now part of the Operating System. With IIS 2.0 you can remotely administer your Web site
from any Microsoft Windows computer with a Web browser. IIS is fast, secure and powerful for
offering HTTP or Hypertext Transfer Protocol, FTP (File Transfer Protocol), and Gopher service.
Administrative Wizards. Wizards group the common server management tools such as User
Manager for Domains and Server Manager, and walk you through the steps required to add users,
create and manage groups of users, manage file and folder access for network clients, etc.
Macintosh client support. This feature provides file and print sharing services for Macintosh clients.
Additional network services. These services include MPR, (multiprotocol routing), DNS,
(Domain Name System), DHCP (Dynamic Host Configuration Protocol, and WINS (Windows
Internet Name Service.).
Windows NT Directory Services. A directory database provides a single network logon, a single
point of administration, and the ability for users to access resources throughout the network.
======================================================================
wntadm1.html PAGE
3
2001/10/20
Administrative Differences
Can be set up by using either a domain model or a workgroup model. Windows NT Server and
Windows NT Workstation will work with either model. The administrative differences depends
on the model.
Domain Model
A domain model has a least one computer running Windows NT Server configured as a domain
controller. A domain is a logical grouping of computers that share common security and user
account information. This information is stored in the domain controllers master directory database.
NOTE: Windows NT Server can also be configured as a member server (a non-domain controller).
A member server does not validate domain logon attempts. It maintains a local directory
database just as computer running Windows NT workstation do.
All computer running Windows NT maintain a directory database, however it is the domain controllers
master directory database that provides a central location for administering user accounts and resource
security for the domain. In a domain each user requires only one account and password to gain
access to network resources. If a user changes his or her password, the change is automatically
reflected throughout the domain.
Workgroup Model
A workgroup model is a Windows NT-based network that does not have Windows NT Server
domain controller. A workgroup is also referred to a peer-to-peer network because all computer
share files and printers as equals, or peers.
In a workgroup model, administration of user accounts and resource security is not central to any
one computer. Each computer running Windows NT Workstation or Windows NT Server
maintains its own user accounts and resource security information in a local directory database.
This means that user accounts are created on every computer that the user will access either locally
or over the network.
Every time a user changes a password, they must run around to every computer and change it.
This is a real peer-to-peer type of set-up. To administer a computer in a workgroup, changes are
made on each computer. This can be a time intensive endeavor.
======================================================================
wntadm1.html PAGE
4
2001/10/20
Lesson 2:
Overview of Windows NT Directory Services
Directory Services is one of the services provided by Windows NT Server. DS provides users
with a single user name and password, and allows access to resources throughout the network.
***** do the Demo CD *****
======================================================================
wntadm1.html PAGE
5
2001/10/20
Lesson 3:
Logging on to Windows NT
To gain access to any part of the operating system Windows NT you are prompted to press
CTRL+ALT+DELETE to go on.
Option Description
====================================================================
User Name Enter a unique name, that was
originally assigned by the
Administrator. To log on to a domain, this account must
reside in the directory database on domain controllers. To
log on to the local computer, this account must reside in the
directory database of the local computer.
Password The password appears on the screen as * asterisks to protect
it from onlookers.
Domain To log on to the domain, select the name of the domain.
When a user logs on, the Domain Controllers directory
Database is checked for a valid match. The account is
validated by the domain controllers database.
To log on to the local computer, select the name of the
Computer. This local database is now checked for a match.
The account is validated by the database.
A user can only log on to a local computer with a user name
That resides in the local computers directory database.
Member servers and computers running Windows NT
Workstation have a local Administrator and Guest
Account by default. Other local accounts must be
created.
Logon Using When Remote Access Service (RAS) is installed, selecting
Dial-up this check box allows a user to log on a remote network
Networking using RAS.
Shut Down Closes all files, saves all operating system data, and prepares
the computer to be safely turned off. On Windows NT
Server, this button is disabled to prevent an unauthorized user from shutting
down the server.
======================================================================
wntadm1.html PAGE
6
2001/10/20
Logging On
In the DOMAIN box, the user selects either the name of the domain or the name of the local computer
to which he or she is logging on.
and the domain name, as well as any domains trusted by the computer accounts domain.
The Domain box list all domains where the users accounts can be authenticated. It is
up to the user to select which domain they are logging on to.
computer name. The user name and password must reside in the local computers
directory database. This is the only place were user accounts can be authenticated. Important
A user cannot log on to either the domain or the local computer from any computer running
Windows NT Server, unless that user has been assigned the Log on locally user right by an
administrator or has administrative privileges for the server. This helps with security.
The Validation Process for a Domain Account
When the user clicks OK, the computer sends the domain name, user name, and password to a
domain controller. The domain controller first checks the domain name and then checks the name
and password against that domains directory database.
One of the following
three processes occurs:
1) If the domain name is correct and the user name and password match a domain account,
the server notifies the computer that the logon is approved.
2) If the domain name is different and domain controller recognized the domain as a trusted
domain, the domain controller passes the information to the appropriate domain, which
authenticates the logon and sends the information back to the original domain controller.
3) If the domain name is different and the domain controller does not recognize the domain,
the controller denies domain access.
A Windows NT based client keeps track of the last 10 successful logon attempts. This means that if the
user account cannot be validated by a domain controller, but has been validated from that client within the
last 10 previous successful logon attempts, the user will still have access to the local computer.
======================================================================
wntadm1.html PAGE
7
2001/10/20
The Validation Process for a Local Account
When the user clicks OK, the computer checks the computer name, and then checks the user name
and password against the local directory database. If the names match, the user account is
validated and the user gains access to local resources. If the user account is not validated, the
user does not gain access to the computer.
To log on to your
domain:
1) Press CTRL+ALT+DELETE
The Welcome dialog box appears
2) In the User Name box, type user1 (your domain user account name). By default, the
account name that was last used to log on appears in this box. If this is the first time
logging on, the default Administrator account appears in this box.
3) In the Password box, type secret (the password that is assigned to the account). Keep in
mind that passwords are case-sensitive, and note that for security reasons, the password
appears as asterisks to shield the password from onlookers.
4) In the Domain box, select your domain (where your account was created). By default
the domain or computer name that was last used to log on appears in this box.
5) Click OK.
Using CTRL+ALT+DELETE to Prevent Trojan Horse
Attacks
By pressing CTRL+ATL+DELETE at logon, Windows NT provides an important safeguard against
Trojan horse programs. A Trojan horse program is an MS-DOS based program that tries to trick
users into typing their user ID and password. The Trojan horse program then captures and saves
the users user name and password, giving the Trojan horse programmer access to the network.
Because most operating systems use CTRL+ALT+DELETE to restart a computer, it is difficult for
programs to stay resident during a CTRL+ALT+DELETE keystroke operation. Educate all users
that this practice is important, and why. The reason to always press CTRL+ALT+DELETE is to
guarantee that you are providing your user name and password only to the operating system itself.
======================================================================
wntadm1.html PAGE
8
2001/10/20
Lesson 4:
Windows NT Administrative Tasks and Tools
Administering Windows NT involves both post-installation and day-to-day maintenance tasks.
Administrative tasks for Windows NT Workstation and Windows NT Server are similar, but
have some differences.
=======================================================================
Administrative Tasks Specific
Tasks
Catetories
=======================================================================
User and group account Planning, creating, and maintaining user and group
Administration accounts to ensure that each user can log on to the
Network and gain access to necessary resources.
Security Administration Planning, implementation, and enforcing a security
Policy to ensure protection of data and shared
Network resources, including folders, files and
Printers.
Print Administration Setting up local and network printers to ensure that
Users can connect to and use printer resources easily.
Troubleshooting common printing problems.
Monitoring network events Planning and implementing a policy to audit
And resources network events to that you can find security
breaches. Monitoring and controlling resource
usage.
Backing up and Planning, scheduling, and performing regular
Restoring data backups to ensure quick restoration of critical
Data.
=====================================================================
Windows NT Administrative Tools
Both Windows NT Server and Windows NT Workstation include administrative tools. The
Windows NT workstation administrative tools are only used to administer the local computer.
The Windows NT Server Administrative Tools are used to administer any computer in the domain.
Start/Programs/Administrative Tools (Common) (See the list window provided).
======================================================================
wntadm1.html PAGE
9
2001/10/20
=======================================================================
Administrative Tool Function
=======================================================================
Administrative A guide through tasks such as creating user accounts
Wizard creating and modifying group accounts, setting
permissions on files and folders, and setting up
network printers.
User Manager Delete or disable domain user accounts. You can
For Domains also set security policies and add user accounts to
Groups.
User Manager Delete or disable local user and group accounts.
Server Management View and manage computers and domains.
Event Viewer Notifies you and or puts the event in a log.
If provides error information, warnings, and the
success or failure of a task. Such as a user logon
attempt.
Windows NT Displays and prints system configuration inform-
Diagnostics ation, such as data about memory, drives and
Installed services.
Backup Backs up information to your local tape drive.
=====================================================================
Using Windows NT Server Client-based Tools
You can install the Windows NT Server client-based tools on any computer running Microsoft
Windows 95 or Window NT Workstation. This gives the administrator the ability to perform
domain administration from a client. This is useful in networks were a server is locked in a room.
(Page 22)
Client-Based Tools or Windows NT Server: (add notes once loaded on CD @ school)
======================================================================
wntadm1.html PAGE
10
2001/10/20
Lesson 5:
The Windows NT Security Dialog Box
Once you are logged on, you can use the CTRL+ALT+DELETE key sequence, also referred to as
the secure attention sequence, to access Windows NT Security dialog box.
Windows NT Security
=====================================================================
Option Function
=====================================================================
Lock Workstation Secures the computer without logging off. All
programs remain running. Lock your workstation
when leaving your workstation momentarily. The
user who locks the workstation must unlock it by
entering the valid password.
If a user forgets the password, an administrator
can unlock the workstation, log the user off the
system, and then reassign a new password.
Change Password The user must know the old password before a new
one can be created. This prevents users from
changing other users passwords. This is the only
way for users to change their passwords.
Logoff Logs off the current user but leaves Windows NT
Running. The user can still connect to any
shared resources. Always log off when you no
longer need the computer.
Task Manager Lists the current programs that are running. Task
Manager give you a summary of overall CPU and
Memory resources.
Shut Down Closes all files, sales all operating system data, and
Prepares the computer to be safely turned off.
Cancel Closes the Windows NT Security dialog box.
======================================================================
How to Lock your Workstation
The Windows NT Security dialog box appears.
The Workstation locked window appears, indicating that the workstation
is in use, but locked, and can only be opened by an administrator or by the
authenticated user.
The Unlock Workstation dialog box appears.
How to Change your Password:
The Windows NT Security dialog box appears.
The Change Password dialog box appears. Notice that the User name and Domain boxes
show the current user account and domain.
and then click OK.
Your password change is confirmed.
======================================================================
wntadm1.html PAGE
12 2001/10/20
How To close a program from Task
Manager
In this procedure you open Word Pad, and then close it using Task Manager. Use this procedure
anytime a program has stopped responding, or hung.
How To Log off
NOTE: Another method to log off is to click the Start button, click Shut Down, and then
click. Close all programs and log on a different user.
How to
Shut Down your Workstation:
The Windows NT Security dialog box appears.
Security dialog box.
======================================================================
wntadm1.html PAGE
13
2001/10/20
Minimum Requirements
for Windows:
Windows NT Workstation Windows NT Server
=====================================================================
RAM 12MB 16MB
Hard Drive 110MB 125MB
(500MB real world) (1,000MB real world)
(Risk Based = 160MB)
Processors 486dx33 486dx33
DOS Version Version 5.0 Version 5.0
=====================================================================
NOTE: dx = deluxe, nees the Math Co-Processor. Also NT will not install on a 386 processor.
Workstation NT Install Types:
NT Server Install Types:
Tips during Installation:
1) The installation will normally create 3 boot-up diskettes.
2) Windows 3.1 version minimum standards can upgrade to 3.11 (Windows 95x does not work, the
registry is different), maybe could be on a class test case study.
3) Boot CD ROM (eltorido standard)
4) Boot to a: disks
5) Must be a previous operating system (DOS 5.0 Minimum)
6) WINNT needs FAT 16 for installation, it does not know what FAT32 is.
The Primary Partition must have FAT16 not FAT32.
7) Is the Hardware compatible, look at the HCL Microsoft list, gives you a
Copy on HCL on CD, but out of date by the time you get it.
Chapter 1 Quiz or Exam Review
both a
__________________ and a
_________________ in a network
Desktop Performance. Supports preemptive multitasking, multithreaded programs.
Hardware. Inventory, takes an internal list of hardware.
Microsoft Internet Explorer. Fast simple to user browser.
E-Mail. Receives and stores electronic mail.
Web Server.
Security. Provides local security
for files.
Operating
System Stability. Isolates malfunctioning programs.
11. If you wanted a fast and simple-to-use browser that is compatible with
Existing standards, which of the
following would you choose for a
Windows NT Workstation?
1. Hardware Profile.
2. Operating System Stability
3. Security
4. Desktop Performance
5. Microsoft Internet Explorer
6. Microsoft Messaging
7. Peer Web Services
ANSWER:
5. Microsoft Internet Explorer
12.
How is Windows NT Server different from Windows NT Workstation?
ANSWER:
A Server is a domain and users can log on locally or at any machine and access files.
Workstation is peer-to-peer, you need your profile on each computer you log onto.
This means lots of running around to different machines.
13.
List the advantages of using Windows
NT Server.
Server Performance. OEM Support up to 32 processors.
Management Tools. Task Manager and Network Monitor, monitors the traffic to
and from the server.
Built-in Communications RAS. 256 inbound sessions.
Internet Information Server IIS. Web Server installation is another part the operating
system. IIS is fast, powerful and secure for offering HTTP, FTP, and Gopher service.
Administration Wizards. Management is easier, walks you through creating users,
and
managing groups.
Macintosh
Client Support. File and
Print sharing services.
Additional network services. MPR or Multiprotocol routing, DNS, Domain name system,
DHCP, Dynamic Host Configuration
Protocol, and WINS, Windows Internet Name Service.
Windows NT Directory Services. A directory database provides a single network logon,
a single point of administration.
14.
If you were using Windows NT Server and you wanted to access your
RAS connection, which of the
following features would you need?
· Server Performance
· Management tools
· Built-in Communication
· Windows NT Directory Services
· Administrative Wizards
· Built-in Communications
15.
Which of the
Windows NT Server tools groups the common server Management tools
such as User manager for Domains and Server Manager,
and shows you how to add users,
create and manage groups of users?
· Internet Information Server
· Windows NT Directory Services
· Macintosh Client Support
· Administrative Wizards
· Server Performance
· Management Tools.
d. Administration Wizards
16.
A Microsoft Windows NT-bases network can be set-up as either a
___________________ or a _________________ model.
Domain model or as a workgroup model
17.
Describe what a domain is.
A logical grouping of computers that share common security and user account information.
18.
A workgroup
is often referred to as a __________________ network because all
computers
share files and printers as equals, or _______________.
Peer-to-peer, peer
19.
Windows NT Workstation and
Windows NT Server member servers are administered
on an
individual basis. T or
F (p9)
T.
20.
Each time you start a computer running Windows
NT, you are prompted to
press
the following to log on.
· CTRL+ESC+DELETE
· CTRL+DELETE
· CTRL+ALT+DELETE
· ALT+DELETE
c. CTRL+ALT+DELETE
21.
When Remote Access Service (RAS)
is installed, selecting this check box
Allows the
user to log on to a remote network using RAS. T
or F (p14)
T.
22.
During logon when the user clicks OK, the computer
sends the domain
name, user name,
password domain controller. T or F (p15).
T.
23.
A Windows NT-based client keeps track of the last _________ successful
Attempts.
10
24.
How do you prevent the Trojan Horse Attack?
Getting users to CTRL+ALT+DELETE each time you log on.
25.
What are the five Windows NT Administrative Tasks?
· User and group account administration
· Security Administration
· Printer Administration
· Monitor Network events and resources
26.
Back-up and restore data
27. List the
Windows NT Administrative Tools.
· Administration Wizard
· User Manager for Domain
· User Manager
· Server Manager
· Event Viewer
· Windows NT Diagnostic
· Back-up
28. Using
the Windows NT Security dialog box is the only way that users can
Change their
passwords. T or
F (p29)
T
29.
Define SAM, and explain.
Security Access Manager, is a database of security information. SAM is a
folder that holds all this information.
30. What is SID?
Security Identification, is a unique name that identifies a logged-on user to the
security system.
31.
What is HAL, and why is it so important?
Hardware Abstraction List is the program that views all the hardware to determine the
compatibility factor. Similar to the HCL, or the Hardware Compatibility List for Microsoft.