Courseware Samples Complete Training Courses available for FREE preview

available for FREE preview

PREVIEW SAMPLE ONLY - NOT TO BE USED FOR TRAINING  Cheltenham Computer Training 1998

PLEASE SHOW THIS SAMPLE TO YOUR TRAINING DEPARTMENT

This freely available version of the training courseware is for preview/evaluation purposes only and

must NOT be used for training purposes. Viewing of this courseware indicates your acceptance of

these restrictions and any violation will be prosecuted to the full extent of local law. All material

contained on this site is copyrighted by Cheltenham Computer Training. This material must not be

altered or copied in any way.

Tel: +44 (0)1242 227200

Fax: +44 (0)1242 253200

Email [email protected]

http://www.cctglobal.com/

For best results print this sample using a postscript printer. Some laser printers will print the

watermark as solid black which will make the sample hard to read. Consult your technical

department and you may find that you can adjust your printer driver so that it prints the watermark

correctly (i.e. as light gray). If your printer is unable to print the watermark correctly, then be

assured that the non-sample version of the course does not contain the watermark!

ENJOY ...

After previewing this courseware, please let us know what you think!

(email to

[email protected]

). We value your feedback!

For the latest pricing and discount information, please ring Cheltenham

Computer Training on +44 (0)1242 227200 or visit our Web site prices page

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

Basic System Administration

Cheltenham Computer Training

Crescent House

24 Lansdown Crescent Lane

Cheltenham

Gloucestershire

GL50 2LD

United Kingdom

Tel: + 44 (0)1242 227200 Fax: + 44 (0)1242 253200 Email: [email protected] Internet: http://www.cctglobal.com/

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

All reasonable precautions have been taken in the preparation of this document, including both technical and non-technical proofing. Cheltenham Computer Training and any staff delivering this course on their behalf assume no responsibility for any errors or omissions. No warranties are made, expressed or implied with regard to these notes. Cheltenham Computer Training shall not be responsible for any direct, incidental or consequential damages arising from the use of any material contained in this document.

If you find any errors in these training modules, please alert your tutor. Whilst every effort is made to eradicate typing or technical mistakes, we apologize for any errors you may detect. All courses are updated on a monthly basis, so your feedback is both valued by us and may well be of benefit to future delegates using this document.

No part of this document may be copied without written permission from Cheltenham Computer Training  Cheltenham Computer Training 1998

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

A site license number should appear above. If it does not, or to check licensing details, please contact Cheltenham Computer Training.

This training manual has been reproduced in accordance with the site license agreement between Cheltenham Computer Training and the organization to whom the site license is issued. This training manual is provided to you as a delegate/student on a course for reference purposes only. No part of this training manual may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, photocopying, mechanical, recording or otherwise, without the prior permission of the copyright owner.

 Cheltenham Computer Training 1998 Crescent House,

24 Lansdown Crescent Lane, Cheltenham, Gloucestershire, GL50 2LD, UK

Tel: +44 (0)1242 227200 - Fax: +44 (0)1242 253200 - Email: [email protected] - Internet: http://www.cctglobal.com/

CONTENTS

BASIC ADMINISTRATION ISSUES...1

NT

IS A

M

ULTI

-U

SER

S

YSTEM

...2

D

EFAULT

A

CCOUNTS

...3

The Administrator account...3

The Guest account...3

T

ERMINOLOGY

...4

T

HE

D

EFAULT

G

ROUP

A

CCOUNTS

...5

The Administrator group...5

The Power User group ...5

The Users Group ...5

The Guests group ...5

The Backup Operators group...5

The Replicator group ...5

T

HE

U

SER

M

ANAGER

...6

Security ID (SID)...6

C

REATING

N

EW

A

CCOUNTS

...7

To create a new account ...7

A

SSIGNING

U

SER

A

CCOUNTS TO

G

ROUPS

...8

An example of adding a new user account to the Administration group...8

T

HE

U

SER

E

NVIRONMENT

P

ROFILE

...10

The User Profile Path ...10

System Default Profile ...11

User Default Profile...11

Local User Profile...11

Roaming Profile ...11

Mandatory Profile...11

Specifying a Logon Script name ...11

Setting a home directory ...11

C

OPYING

, D

ELETING

, R

ENAMING AND

D

ISABLING

U

SER

A

CCOUNTS

...12

To copy an account ...12

To delete an account ...13

To disable an account ...13

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

To change the default account policy ...15

Account Policy Options...16

U

SER

R

IGHTS

...17

To grant a user right to a group ...17

To remove a user right from a group...17

A

UDIT

P

OLICIES

...18

To enable Auditing ...18

Viewing the security log...18

EXERCISES ...21

SECURITY AND SHARED FOLDERS ...23

S

ECURITY AND

NT...24

The WINLOGON process ...24

The Local Security Authority (LSA) ...24

The Security Account Manager (SAM)...24

The Security Reference Monitor ...24

S

HARING

F

OLDERS

...25

To share a folder ...25

To stop sharing a folder...25

C

ONNECTING TO A

S

HARED

F

OLDER

...26

To connect to a shared folder on a network ...26

To disconnect from a network drive/folder ...27

EXERCISES ...29

NETWORK PRINTER ISSUES & ADMINISTRATION...31

N

ETWORK

P

RINTERS VS

. PC

S WITH

P

RINTERS

...32

A

DDING A

L

OCAL

P

RINTER

...33

To add a local printer ...33

S

HARING

P

RINTERS

...37

To share a local printer ...37

To connect to a shared printer...37

C

ONFIGURING A

P

RINTER

...38

To configure a printer...38

Printer Properties - General ...38

Printer Properties - Ports...39

Printer Properties - Scheduling...39

Printer Properties – Sharing ...40

Printer Properties – Security...40

Printer Properties – Device Settings...41

S

ETTING

P

RINTER AND

D

OCUMENT

D

EFAULTS

...42

To set a printer as the default printer ...42

To set up defaults for documents ...42

Setting Advanced Document Defaults...42

EXERCISES ...45

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

C

ONVERTING

FAT

TO

NTFS ...52

To convert a FAT formatted volume to NTFS ...52

C

REATING A SET OF

W

INDOWS

NT B

OOT

D

ISKS

...53

To create a set of Startup disks from a DOS environment ...53

H

ARDWARE AND THE

H

ARDWARE

C

OMPATIBILITY

L

IST

...54

Recommended Minimum Hardware for NT workstation ...54

What is the Hardware Compatibility List (HCL)?...54

WINNT

AND

WINNT32...55

N

ETWORK

I

NSTALLATION

S

TARTUP

D

ISKS

...56

What is a Network Installation StartUp Disk? ...56

To Create a Network StartUp Disk ...56

To use a Network Installation StartUp Disk...57

WINNT & WINNT32 S

YNTAX

...58

Help on WINNT syntax...58

U

NATTENDED

I

NSTALLATIONS

...59

EXERCISES ...61

TROUBLESHOOTING ...63

T

ROUBLESHOOTING

I

SSUES AND

T

ECHNIQUES

...64

T

HE

NT B

OOT

P

ROCESS

...65

The original DOS boot process...65

The Windows NT Boot process...65

NTLDR...65

BOOT.INI ...65

BOOTSECT.DOS ...66

NTDETECT.COM...66

NTOSKRNL.EXE ...66

HAL...66

NTBOOTDD.SYS ...66

The Registry ...66

WINLOGON.EXE ...66

BOOT.INI S

WITCHES

...67

To edit the BOOT.INI file...67

L

AST

K

NOWN

G

OOD

...68

T

HE

E

MERGENCY

R

EPAIR

D

ISK

...69

To create an Emergency Repair Disk ...69

To use an Emergency Repair Disk ...69

R

ECOVERY

O

PTIONS

...70

To set STOP recovery options...70

R

EMOVING

'

NON

-

RESPONDING

' P

ROCESSES

...71

To use the Task Manager to remove a program...71

T

HE

E

VENT

V

IEWER

...72

What is the Event Logger? ...72

To view the Event Logger...72

W

INDOWS

NT D

IAGNOSTICS

(W

IN

MSD) ...73

To display the Windows NT Diagnostics ...73

Running the WINMSD from the command line...73

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

EXERCISES ...79

AUDITING, PERFORMANCE & BACKUP ISSUES...81

P

ERFORMANCE

A

NALYSIS

...82

A

PPLICATIONS

, P

ROCESSES AND

P

ERFORMANCE

...83

To display the Task Manager...83

The Task Manager Applications Tab ...83

The Task Manager processes tab...84

The Task Manager Performance tab ...84

G

ENERAL

B

ACKUP

I

SSUES

...85

V

IRUSES

...86

B

ACKING UP AND

R

ESTORING

D

ATA

...87

To back up data ...87

To restore Data ...89

To schedule an unattended backup ...89

To format a tape ...89

D

ISK

P

ROBE AND

D

ISK

S

AVE

...90

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

Basic Administration Issues

Learning Module Objectives

When you have completed this

learning module you will have:

ƒ

Understood the concepts of accounts

ƒ

Understood the concepts of the Administrator group

ƒ

Understood the concepts of the Power User group

ƒ

Understood the concepts of the Users Group

ƒ

Understood the concepts of the Guests group

ƒ

Understood the concepts of the Backup Operators

group

ƒ

Understood the concepts of the User Manager

ƒ

Understood the concepts of the Security ID (SID)

ƒ

Seen how to create a new account

ƒ

Seen how to assign user accounts to groups

ƒ

Understood the concept of profiles

ƒ

Understood the concept of a roaming profile

ƒ

Seen how to specify a Logon Script name

ƒ

Seen how to set a home directory

ƒ

Seen how to copy, delete, rename and disable user

accounts

ƒ

Seen how to create a customized local group

ƒ

Seen how to modify account policies

ƒ

Seen how to modify user rights

ƒ

Seen how to remove a user right from a group

ƒ

Seen how to enable auditing

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 3

&&7

NT is a Multi-User System

• Default User Accounts

• The role of the Administrator

• Passwords

– The NT password is case sensitive!

– Unlike Windows 95 a correct user name and password MUST

be supplied to gain access to the computer!

NT is a Multi-User System

Windows NT was designed to be multitasking and multi-user. Multitasking means that unlike much older operating systems such as Microsoft DOS, Windows NT is designed to allow many different programs to run on a single computer at the same time. Multi-user operating allows many different people to use a single computer (one at a time) and when they log on and supply a suitable password, the user sees only what they are supposed to see. For instance the Administrator could have set up the computer so that the user has very limited 'rights' over the computers operation, or at the other end of the scale the Administrator who set up the computer may have assigned Administrator level rights to another user, in which case that user could have unlimited access to all the computers operations.

Another advantage of this system is that one user can customize the look and feel of the Windows NT screen to suit their particular requirements, but the computer screen will only look like this when that particular user logs on. Other users can customize their screen as they see fit.

Under Windows NT this is all achieved by you, the Administrator, managing User Accounts. Each user must have their own user account with a unique username and password which is supplied to the system after booting up and pressing

Ctrl+Alt+Del.

As there may be hundreds of users using a large system, the task of managing all these users is simplified by using the idea of groups, whereby a particular user can

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 4

Default Accounts

• Administration account

– Manage security policies

– Create, alter, rename or delete user accounts and groups – Manage the hard disk including formatting and partitioning – Manage shared directories and printing settings

– Manage system updates

– Only used to manage the local computer – This account maybe renamed but NOT deleted!

• Guest account

– A special account for temporary users

– Guest account customization settings are NOT stored when

the guest logs out!

– Disabled by default

Default Accounts

Two group accounts are installed by default. Administrator and Guest.

The

Administrator account

This is the account that you use to manage the workstation and gives you complete control of the computer.

The Guest account

The Guest account is a built-in account which will allow guests access to the computer/domain.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 5

&&7

Terminology

• User Accounts

• The Administrator

• Groups

– Local groups – Global groups

• Profiles

– User profiles

• Domain Controls

– Domain Master Account Database

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 6

The Default Group Accounts

• Six Local Groups are installed by default

• Only manage resources on the local workstation

• Each group

has predefined

rights

– Administrator – Backup Operators – Guests – Power Users – Replicator – Users

The Default Group Accounts

The

Administrator group

Allows full access rights and privileges to the workstation. The Administrator account created when you installed NT is part of this group. If the workstation is part of a domain then any domain Administrators are also contained within this group.

The Power User group

Allows sharing of directories, manipulation of Start Menu groups, users groups and the ability to change the system clock.

The Users Group

Most ordinary users will fall into this group which allows them to run applications, manage their own user profiles and to print documents.

If you create a new account, by default it is added to this group.

The Guests group

The guest account is a member of this group which permits access to many parts of the system that you would not want an ordinary user to access. By default the guest account is disabled for security reasons and needs to be activated by the Administrator.

The Backup Operators group

Allows access to the Backup and Restore commands so that ALL files may be backed up. Any user has access to the Backup and Restore commands but being a member of this group also allows access to protected files.

The Replicator group

A group used by the Replicator Service, which allows automatic updating of files from a network server.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 7

&&7

The User Manager

• Program for managing user accounts

• New accounts can be created by:

– Creating a new accounts from scratch – Copying existing accounts

• Each new account name must be unique

– NT assigns each new account a Security ID (SID)

• When a new account is created you can:

– Modify specific information for that account – Assign the account to one or more groups – Set user profile information

The User Manager

Security ID (SID)

Windows assigns a unique Security ID (SID) to each user account or group that is set up. The SID is part of the access token that is given to the account when a user logs on.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 8

Creating New User Accounts

• The New

User

dialog

box

Creating New Accounts

To create a new account

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• From the User drop down menu, select New User.

• In the Username field, enter the user name, such as MurrayD (maximum of 20

characters).

• In the Full Name field, enter the full name, such as David Murray.

• In the Description field, enter a descriptive name, such as Technical Author.

• In the Password field, enter a password (up to 14 characters which is case

sensitive). In the Confirm Password field, re-enter the password.

• The User Must Change Password at Next Logon field is optional and does

what is says.

• The User Cannot Change Password field is optional and again performs as

per it's description.

• The Password Never Expires field is optional and again performs as per it's

description.

• The Account Disabled field is optional and disables the account so that

nobody can log on with it.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 9

&&7

Assigning User Accounts to Groups

• New User Accounts can be assigned to any group

and will inherit all the privileges available to that

group

Assigning User Accounts to Groups

An example of adding a new user account to the Administration group

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Select the account that you wish to assign to a group.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

• Click on the Groups button.

• From the Not a member of: list select a group, (such as Administrators or Users).

• Click on the Add button.

• Click on the OK button.

• Click on the OK button again.

• If you select the Administrators local group you will see that the new account is now part of the Administrators local group.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 10

&&7

The User Environment Profile

• Allows control of the system environment depending

on which user logs on to the workstation

• The Administrator can:

– Set the User Profile Path

– Run a login script that is customized to a particular user – Set a home directory location

The User Environment Profile

The User Profile Path

The User Environment Profile stores information relating to the customization of the Desktop by a particular user. NT looks at the User Profile Path information to determine the location of this information, which can be on the workstation or on a server. There are five types of user profiles, mostly stored in files with a .DAT file name extension.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

System Default Profile

This sets the desktop configuration if no users are logged on, and is held in a file called DEFAULT in the folder: \WINNT\SYSTEM32\CONFIG

User Default Profile This sets the desktop configuration for new users the first time that they logon and is held in a file called

USERDEF in the folder: \WINNT\SYSTEM32\CONFIG

Local User Profile This sets the desktop configuration for users that log onto a particular workstation and is held in a file named according to the user name.

Roaming Profile Only relevant in a domain environments. The roaming user profiles are setup by the administrator and stored on a central server. This profile can be used by a user regardless of which particular workstation they are using. This profile may be assigned to more than one user!

Mandatory Profile These profiles are the same as the roaming profiles except that they cannot be changed by users. If the user makes changes to their Desktop then these changes are not stored when the user logs off. Mandatory profiles have a file extension of .MAN (as opposed to .DAT used by the other profiles)

Specifying a Logon Script name

Logon scripts are batch files that are used to logon to a Windows NT network run whenever a user logs on to a network. Normally login scripts are not used to log an NT workstation into a network. They are useful for logging in from non-Windows operating systems

Setting a home directory

The home directory sets up a default folder for the user to store their data in. This folder may be on the workstation or on a server in the domain environment. If using a folder on a server care should be taken with regard to access to that folder.

Programs that do not specify their own home directories will use the home folder. When you start MS-DOS command prompt, it will display the home directory location.

If you use the variable %USERNAME% in the directory path then NT will substitute the user name for %USERNAME%. This means you do not have to set a directory for each individual user.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 11

&&7

Copying, Deleting, Renaming and

Disabling User Accounts

• Make sure that you know how to:

– Copy an existing account – Delete an account

– Disable (and re-enabling) an account – Rename an account

Copying, Deleting, Renaming and Disabling User Accounts

To copy an account

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Select an account that you wish to copy.

• Click on the User drop down menu and select the Copy command.

• In the Username filed, enter a new name.

• In the Full Name field enter the new full name.

• Click on the Group button and you will see that the original group settings have been transferred to the new account. Click on the OK button.

• Click on the Profile button and you will see that the original profile settings have been transferred to the new account. Click on the OK button.

• Click on the OK button again and the original account settings will be copied to the new account.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

To delete an account

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Select the account that you wish to delete.

• Click on the User drop down menu and select the Delete command and you will see a warning dialog box, as illustrated.

• Click on the OK button and the account will be deleted.

BEWARE: There is no way to retrieve a deleted account as the Security ID (SID) is

also deleted.

To disable an account

If you wish to temporarily prevent a user from logging on (deletion is permanent), then you can disable the account.

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Select the account that you wish to disable.

• Click on the User drop down menu and select the Properties command.

• Click on the Account Disabled field and then click on the OK button.

• The user owning the disabled account will not be able to log on.

To re-enable an account

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Select the account that you wish to re-enable.

• Click on the User drop down menu and select the Properties command.

• Un-tick the Account Disabled field and then click on the OK button.

• The user owning the re-enabled account should be able to log on again.

To rename an account

You can change the name of a user account without affecting any of the rights assigned to the account (i.e. the Security ID (SID) is not deleted). This may be useful where someone changes their name (maybe through marriage) or where a member of staff has left and been replaced by another person who will require the same computer access.

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Select the account that you wish to rename.

• Click on the User drop down menu and select the Rename command.

• In the Change To field enter the new name.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 12

&&7

Creating a Customized Local Group

Creating a Customized Local Group

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Click on the User drop down menu and select the New Local Group command.

• In the Group Name field enter the name for the new group, such as Trainers.

• In the Description field enter the name for the new group, such as Technical Trainers.

• Click on the Add button and the new group will be created.

• Click on the OK button. You can add new accounts to this group in the normal way.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 13

Modifying Account Policies

• The User Manager (NT workstation)

– Only applies to the local workstation – Need Administrator level access to change – Administrator accounts can not be locked out! – Control password properties and password lockouts

• The User Manager for Domains (NT Server)

– Used to manage account profiles in a domain environment

Modifying Account Policies

To change the default account policy

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Select the account that you wish to modify the policies of.

• Click on the Policies drop down menu and select the Account command.

• Select the right(s) that you wish to modify (see below) and when modified, click on the OK button.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

Account Policy Options Maximum Password Age

Allows you to set the maximum length of time that a password will remain valid, before forcing the user to change the password. The default value is 42 days but can be altered up to 999 days.

Minimum Password Age

Allows you to set a minimum amount of time that a user must use the same password. By default there is no minimum and you can select from 1 to 999 days if you wish.

Minimum Password Length

Allows you to set the minimum number of characters for a password. The default is blank but you should set a sensible value, up to a maximum of 14 characters.

Account Lockout Allows you to determine what action will be taken after a certain number of unsuccessful login attempts (i.e. possible hackers). You can set values for how long someone can be locked out.

Users must logon in order to change password

This option can be used to let administrators set passwords once the old password has expired.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 14

User Rights

• User Rights include:

– Access this computer from a network – Backup files and directories

– Change the system time

– Force shutdown from a remote system – Load and unload device drivers – Log on locally

– Manage and audit security log – Restore files and directories – Shut down the system

– Take ownership of files and other options

User Rights

To grant a user right to a group

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Select the Policies drop down menu and select the User Rights command.

• Select a user right, such as Change the System Time.

• Select the group to which the user right should be granted from the Grant To list box.

• Click on the Add button, and then click on the OK button.

To remove a user right from a group

• Click on the Start button, and then select the Programs group. From the sun-menu select Administrative Tools. From the next sub-sun-menu displayed, select

User Manager.

• Select the Policies drop down menu and select the User Rights command.

• Select the right that you wish to remove.

• Select the group from which the user right should be removed from the Grant To list box.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 15

&&7

Audit Policies

• Allows you to track user activity:

– The name and action or event – The User name performing an action – The time and date of the action

Audit Policies

To enable Auditing

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

User Manager.

• Select the Policies drop down menu and select the Audit command.

• Select Audit These Events.

• Set the Audit events as required and then click on the OK button.

Viewing the security log

• Click on the Start button, and then select the Programs group. From the sub-menu select Administrative Tools. From the next sub-sub-menu displayed, select

Event Viewer.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 16

Review Questions

Review Questions

1.

Explain the concepts of accounts.

2.

Explain the concepts of the Administrator group.

3.

Explain the concepts of the Power User group.

4.

Explain the concepts of the Users Group.

5.

Explain the concepts of the Guests group.

6.

Explain the concepts of the Backup Operators group.

7.

Explain the concepts of the User Manager.

8.

Explain the concepts of the Security ID (SID).

9.

How would you create a new account?

10.

How would you assign user accounts to groups?

11.

Explain the concepts profiles.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

13.

How would you specify a Logon Script name?

14.

How would you set a home directory?

15.

How would you copy, delete, rename and disable user accounts?

16.

How would you create a customized local group?

17.

How would you modify account policies?

18.

How would you modify user rights?

19.

How would you remove a user right from a group?

20.

How would you enable auditing?

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

ƒ

If necessary, log on as the Administrator.

ƒ

Open the User Manager and examine the groups that it contains.

ƒ

Create a new User Account called Temp, give it a Full Name, Description and password.

Make the new account so that when the new user logs on the user will have to change the

password.

ƒ

Experiment with assigning the new user account to existing groups.

ƒ

Log-in as the new user and verify that the account exists, and that you are forced to change

the name.

ƒ

Log out and then log back on as the Administrator.

ƒ

Experiment with copying, renaming, deleting and renaming accounts.

ƒ

Experiment with creating a new local group

ƒ

Experiment with change account pollicies.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

Security and Shared Folders

Learning Module Objectives

When you have completed this

learning module you will have:

ƒ

Had an insight into the WINLOGON process

ƒ

Understood the terms Local Security Authority (LSA),

Security Account Manager (SAM) and Security

Reference Monitor

ƒ

Seen how to share folders

ƒ

Seen how to stop sharing a folder

ƒ

Seen how to connect to a shared folder

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 18

&&7

Security and NT

• Four levels of security

– WINLOGON (Log on)

– Local Security Authority (LSA) – Security Account Manager (SAM) – Security Reference Monitor (SRM)

Security and NT

The WINLOGON process

Two types, local and remote logon via a network.

The Local Security Authority (LSA)

Creates security access tokens, authenticates users and manages the local security policy. The Local Security Authority uses this database to validate user logons.

The Security Account Manager (SAM)

The SAM database manages all user, group and workstation accounts via a secure database.

The Security Reference Monitor

The Security Reference Monitor checks that a user has the necessary permission to access the requested NT object.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 19

Sharing Folders

Sharing Folders

To share a folder

• Right click on the Start icon and from the pop-up menu displayed, select

Explore. This will open the Windows NT Explorer.

• Select the folder that you wish to share (if you select the root directory, this will enable you to share the entire disk, which can be dangerous).

• Right click on the selected folder and from the pop-up menu displayed, select the Sharing command.

• Click on the Shared As button.

• Enter a Share Name and a Comment.

• Set the maximum number of users allowed to connect to the shared folder.

• Click on the OK button. The shared folder icon will change to show the folder within a hand, as illustrated.

To stop sharing a folder

• Within the Windows NT Explorer, select the folder that you wish to stop sharing.

• Right click on the selected folder and from the pop-up menu displayed select the

Sharing command.

• In the dialog box displayed, click on the Not Shared button and then click on the

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 20

&&7

Connecting to a Shared Folder

Connecting to a Shared Folder

To connect to a shared folder on a network

• Double click on the Network Neighborhood icon. This will display a window showing you which PCs you can connect to.

• Double click on the PC containing the resource that you wish to connect to. In the example illustrated we have double clicked on the PC called Internet. This PC has 5 shared resources.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

• To connect to the resource called CD-ROM, select it and the right click.

• From the pop-up menu displayed, select Map Network Drive.

• This will display a dialog box allowing you to map the remote network resource to a local drive letter.

• Either accept the drive letter offered, or using the drop down list to section another drive letter.

• If you wish this mapping to be permanent, make sure that the Reconnect at

Logon box is ticked.

• Click on the OK button. The remote resource has now been remapped to the selected local drive, and a dialog box will open up and display the contents of the remote resource.

To disconnect from a network drive/folder

• Right click on the Start icon and select Explore.

• Select the drive letter that represents a locally mapped network resource.

• Right click on the drive that you wish to disconnect and from the pop-up menu displayed, select Disconnect.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 21

&&7

Review Questions

Review Questions

1.

How would you how to share folders?

2.

How would you stop sharing a folder?

3.

How would you connect to a shared folder?

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

ƒ

Create a new folder off the root folder called Myshare and share it. Talk to other delegates

on the course and verify that they can see your shared folder.

ƒ

Experiment with connecting to shared folders that other delegates on the course have shared.

ƒ

Stop sharing your folder and verify with others in the group that they can no longer connect to

your resources.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

Network Printer Issues & Administration

Learning Module Objectives

When you have completed this

learning module you will have:

ƒ

Seen how to add a local printer

ƒ

Seen how to share a printer

ƒ

Seen how to connect to a shared printer

ƒ

Seen how to configure a printer

ƒ

Investigated Printer Properties

ƒ

Seen how to set a printer as the default printer

ƒ

Seen how to set up defaults for documents

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 23

&&7

Network Printers vs. PCs with Printers

• You can print to a local printer

• You can print to a printer that is connected to

another PC on your network

• You can print to printers that are directly

connected to your network (i.e. not do need to be

connected to the network via a PC)

– Only certain network printers are supported – Normally require additional protocols, such as DLC – Remember that the DLC protocol is not routable.

Network Printers vs. PCs with Printers

You can print to a local printer connected to your PC, or you can print to a printer that is connected to another PC on your network. In addition you can install some printers that connect directly to your PC network (i.e. do not need to be connected to the network via a PC). Only certain network printers are supported, such as those with Hewlett-Packard Jet-Direct cards using DLC protocol. If you are using Hewlett-Packard Jet-Direct cards you must load the DLC protocol on your system. Also remember that the DLC protocol is not routable.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 24

Adding a Printer Driver

Adding a Local Printer

To add a local printer

• Click on the Start button, select Settings and then click on Printers.

• Double click on the Add Printer icon.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

• Select the port required for the printer (normally LPT1) and then click on Next.

• Select the required printer driver, by first selecting the Printer manufacturer (from the left list) and then the actual model (from the list to the right). Note that if your printer is not listed, and you have the driver on diskette, select the Have

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

• Enter a descriptive name for the printer. Click on the Next button.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

• Select whether or not you wish to print a test page. Click on the Next button.

• Click on the Finish button. Remember that, at this point you may have to insert your NT installation CD-ROM.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 25

Sharing Printers

• Make sure that you know how:

– To share a local printer – To connect to a shared printer

Sharing Printers

To share a local printer

• Click on the Start button, select Settings and then click on Printers.

• Select the printer icon that you wish to share.

• Right-click on the icon and from the pop-up menu displayed select Properties.

• Select the Sharing tab.

• Select the Shared option.

• Enter a name for the shared printer.

• Select other operating systems that you will want to allow to print using this printer and click on the OK button.

To connect to a shared printer

• Double click on the Network Neighborhood icon and select the computer the has the printer that you wish to connect to.

• Double click on the remote printer that you wish to connect to.

• Windows NT then starts the Add Printer Wizard and installs the necessary printer on your system.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 26

&&7

Configuring a Printer

• General

• Ports

• Scheduling

• Sharing

• Security

• Device Settings

Configuring a Printer

To configure a printer

• Click on the Start button, select Settings and then click on Printers.

• Select the printer icon that you wish to configure.

• Right-click on the icon and from the pop-up menu displayed select Properties.

• Modify the printer properties as required.

Printer Properties -General

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

Printer Properties -Ports Printer Properties -Scheduling

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

Printer Properties – Sharing Printer Properties – Security

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

Printer Properties – Device Settings

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 27

&&7

Setting Printer and Document Defaults

Setting Printer and Document Defaults

To set a printer as the default printer

• Click on the Start button, select Settings and then click on Printers.

• Select the printer icon that you wish to configure.

• Right-click on the icon and from the pop-up menu displayed select Set As

Default.

To set up defaults for documents

• Click on the Start button, select Settings and then click on Printers.

• Select the printer icon that you wish to configure.

• Right-click on the icon and from the pop-up menu displayed select Document

Defaults.

• You can set up basic page defaults such as Paper Size and orientation.

Setting Advanced Document Defaults

• Clicking on the Advanced tab allows you to set more advanced options such as whether to print in duplex (assuming you printer is capable of printing on both sides).

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 28

Review Questions

Review Questions

1.

How would you add a local printer?

2.

How would you share a printer?

3.

How would you connect to a shared printer?

4.

How would you configure a printer?

5.

How would you set a printer as the default printer?

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

ƒ

Add a local printer driver to your system. Note that you do not have to be connected to a

printer to install a printer driver.

ƒ

Share this printer driver

ƒ

Add a printer driver so that you can print to any printers available on your network.

ƒ

Experiment with the options that are available for configuring a printer.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

Installation Techniques

Learning Module Objectives

When you have completed this

learning module you will have:

ƒ

Understood the workgroup model and the domain

model of networking

ƒ

Understood the terms, partitioning, FAT, NTFS, FAT

32

ƒ

Seen how to convert FAT to NTFS

ƒ

Seen how to create a set of Windows NT Boot Disks

ƒ

Understood the term Hardware Compatibility List

(HCL)?

ƒ

Seen how to create a Network StartUp Disk

ƒ

Seen how to use WINNT & WINNT32 Syntax

ƒ

Seen how to perform unattended installations

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 30

&&7

Domain vs. Workgroup Installation

• Windows NT supports both the workgroup and

domain network model so that resources can be

shared within a network

Domain vs. Workgroup Installation

The workgroup model

Used for smaller networks of up to 10 PCs. Each computer within the network must manage their own local sharing of resources and also the use of other shared resources that are available within the network. There is no centralized system for checking user authentication. A major drawback is that if you were to change your account details then every computer on the network that was using a resource that you have shared will also need to make minor changes so that they could still access the shared resource on the computer that was modified. It also means that all the users on the network must have the basic knowledge of how to share their local resources and how to connect to shared resources on a network. On the plus side it is easier to install than the domain model, and also does not required the use of a centralized server (which normally requires Windows NT Server) for

authentication. As no central server is involved this model is not prone to the problems associated with a central server crashing and taking the rest of the network with it.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

The domain model

Used for larger networks of 10 or more PCs. Requires the use of a central server, running Windows NT server, which acts as the domain controller. The domain controller will authenticate all users attempting to access a network resource. The shared resources may be physically attached to the Windows NT Server domain controller, or any other workstation making up the domain.

The big advantage is that there is central administration of user accounts and policies. This makes the network administration task much simpler, and also has the benefit that the users require less technical knowledge of how their network system actually works. The network administrator can add users to groups, modify permissions and lockout accounts. Users are managed via the User Manager for

Domains which allows complete control of all PCs in the domain. In the workgroup

model the User Manager on each workstation, only regulates that particular PC.

You can use multiple domains within a company, which can be organized either logically (i.e. actually physically housed within one NT server PC) or physically (where you physically have a different Windows NT server PC controlling each domain).

Each domain can serve different areas of the company such as accounts, sales and marketing.

Primary domain Controllers and Backup Domain Controllers

There is a top level domain control called the Primary Domain Controller (PDC) which it at the top of the logical domain tree. The PDC maintains a database of all administrative modifications. All other domain controllers are referred to as Backup Domain Controllers (BDCs). The BDCs maintain a copy of the database on the PDC, allowing all the BDCs to authenticate user logons.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 31

&&7

Partitioning Your Disks

• Single or multiple partitions?

• Partitioning a disk prior to installing Windows NT

offers greater flexibility than using the NT Disk

Administrator during the installation process

Partitioning Your Disks

You can partition your hard disk prior to the installation of Windows NT, or if you are installing to a disk that does not yet contain partition information, it can be

partitioned as part of the installation process, using the NT Disk Administrator. The first time you run the NT Disk Administrator you will see a special dialog box.

If you are using a FAT formatted disk, you can manipulate partitions using the FDISK program.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 32

FAT vs. NTFS

• FAT dates back to DOS

– Introduced in 1981!

• NTFS is designed with Windows NT in mind

– Better for large disks – Security features built-in – Fault tolerance built-in

• A FAT formatted disk can be converted to a NTFS

formatted disk (but not the other way around)

FAT Vs NTFS

FAT The File Allocation Table (FAT) type of disk formatting was introduced way back in 1981 with the introduction of MS-DOS. It was also used by Microsoft Windows 3.x. It is supported by Windows NT. The FAT has a number of major drawbacks:

• No file or directory security

• No fault tolerance

• File naming limited to the 8.3 format

• File fragmentation is an inherent problem

• Limited to using 2 GB partitions

FAT 32 This is an extension to the original FAT system that may be familiar to users of Windows 95 version 2 or Windows 98 users. Larger disk volumes are supported but Windows NT 4 does NOT support Fat 32 and you cannot upgrade from a FAT 32 formatted disk to NTFS!

NTFS The New Technology File System (NTFS) is in many ways the best option when using Windows NT. It is similar to the HPFS (High performance File System) included with later versions of OS/2.

Benefits of the NTFS include:

• Directory and File sharing security

• Support for disk volumes greater than 2 GB

• Directories can be compressed

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 33

&&7

Converting FAT to NTFS

• Use an Administrator logon access

– To convert drive to NTFS:

CONVERT D: /FS:NTFS

Converting FAT to NTFS

To convert a FAT formatted volume to NTFS

• Log on with Administrator rights.

• Click on the Start button, and select Programs.

• From the sub-menu select Command Prompt.

• Enter the CONVERT command along with the drive letter of the disk that you

wish to convert FROM FAT to NTFS, thus if you wanted to convert drive D, you would enter the following and then press the Enter key.

CONVERT D: /FS:NTFS

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 34

Creating a Set of

Windows NT Boot Disks

WIN32.EXE /OX

Creating a set of Windows NT Boot Disks

You will need three blank diskettes for this, plus your NT installation CD-ROM.

• Log on to a workstation as Administrator.

• Insert the NT installation CD-ROM into the CD-ROM drive.

• Click on the Start button and select Programs.

• From the sub-menu displayed select Command Prompt.

• At the command prompt change to the drive and folder that contains your NT installation files:

IE if the CD-ROM is drive D, enter the command:

D:

To change to the i386 folder enter the command:

CD \i386

• Enter the command:

WINNT32.EXE /OX

• Follow the on-screen prompts

To create a set of Startup disks from a DOS environment

The process is the same as outlined above, except that you use the WINNT.EXE command rather than the WINNT32.EXE command.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 35

&&7

Hardware and the Hardware

Compatibility List

• Available:

– On the TechNet CD-ROM – From the Microsoft Web site

Whoops it’s not

on the list!

Hardware and the Hardware Compatibility List

Recommended Minimum Hardware for NT workstation

• Intel Pentium (or equivalent)

• 32 MB RAM

• 2 GB hard disk

• CD-ROM

• SVGA or higher

• Mouse

• Fast Network card

• Fast modem or ISDN for Internet and RAS

What is the Hardware Compatibility List (HCL)?

Microsoft provide a list of hardware that is tested and approved for use with Windows NT. If you are using hardware or peripherals not on the HCL then you cannot expect support from Microsoft!

The HCL is available on the TechNet CD-ROM from Microsoft and you can also access it via the Microsoft Web site. Sometimes you will find that during the installation of Windows NT it fails to recognize some item of hardware (maybe hardware that has just been released and the operating system knows nothing about it). You should make sure that you have copies of all necessary Windows NT drivers for any new or non-standard hardware that you are installing!

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 36

WINNT and WINNT32

• WINNT

– Used to upgrade from a 16 bit environment such as DOS or

Windows 3.x

• WINNT32

– Used to upgrade from a previous version of Windows NT

• Distribution Sharepoint

– A central location containing the installation files

• May be run from:

– A command line – A batch file

– Or through the Systems Manager Server

• All files are copied to a temporary directory

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

© Cheltenham Computer Training 1998 Windows NT 4 Admin.- Slide No. 37

&&7

Network Installation Startup Disks

• The problem with installing Windows NT over a

network is that you need the workstation PC to be

connected to the server from which you will

centrally install Windows NT

– The classic chicken and the egg type of problem – DOS on it's own will not do the job

– What you need to do is to place the minimum number of files

on this disk, that will allow connection to a Windows server

• You need Windows NT server to do this for you

Network Installation Startup Disks

What is a Network Installation StartUp Disk?

First you need to make a list of a few items relating to the specific PC that you are creating the Network Installation StartUp Disk for, namely:

• The computer name that the particular PC workstation will use.

• The user name that will be setup on the particular PC workstation. Remember that this name must be unique within the workgroup or domain.

• The name of the users workgroup or domain.

• Details of the network adapter installed on the particular PC workstation.

• The protocols that will be used over the network by the particular PC workstation.

To Create a Network StartUp Disk

• Create a bootable DOS formatted diskette.

• On the Windows NT server PC (which must be running NT Server NOT workstation), double click on the Network Client Administrator Utility. You will find this in the Network Administration program group.

• Follow the onscreen prompts. Note that default settings are used for the Network adapter, you may have to modify these settings.

SAMPLE ONLY

NOT TO BE

USED FOR

TRAINING

To use a Network Installation StartUp Disk

• You need to first set-up and customize any unattended answer files that you will be using, plus the UDF on the installation folder on the NT server PC. Once this is done anyone can use the Network Installation StartUp Disk to automatically install NT on a specified workstation.

• Simply insert the Network Installation StartUp Disk into the correct workstation's diskette drive and boot the PC.

• When prompted supply the username and password.

• When a message is displayed relating to creating a password list, press n and then press the Enter key.

• Enter the command:

net use x: \\windowsnt\ver4 cd x:

Where x: is the letter assigned to the network drive

and : \\windowsnt\ver4 is the folder containing the NT installation files.

• Enter the command

winnt /u:answer_file

to run the automated setup.

NOTE: Many of these steps can be contained within an AUTOEXEC.BAT file on the

diskette, which when used with command line substitution variables can be much easier for an end user!