by Gary Dzurny and Kevin Runnels

• What's new with Windows NT Server?

Discover the new features of Windows NT Server 4.0, including overviews of the new user interface, surprising architectural changes, diagnostics tools, administrative wizards, Domain Name System, communication enhancements, and more.

• Minimum hardware requirements and hardware compatibility

Learn about the necessary hardware requirements, and read about suggested hardware for improved performance and reliability

• Shutting down and restarting the server

Obtain an understanding of how to log on, log off, shut down, and restart the server.

• How to connect a client workstation to the server

Learn how to connect to the Windows NT server from a variety of different client workstations, enhancing your ability to perform network administrator tasks and support your user community.

• Emergency repair process

Create an emergency repair disk so that you can rebuild a server that has suffered a catastrophic failure.

Designed from the ground up as a robust, scaleable, high performance operating system, Windows NT Server represents Microsoft's crown jewel in the family of Windows based operating systems. Since its initial release, Windows NT Server has proven to be a secure and reliable operating system for mission-critical applications. Functioning both as a full-featured, "next generation" desktop operating system as well as a network operating system, Windows NT Server provides the foundation for the entire family of Microsoft BackOffice solutions.

New Features in Windows NT 4.0

Microsoft Windows NT Server introduces several new features with the latest release, including new software tools as well as changes to the underlying operating system. New software tools included in this version are a new task manager, administrative wizards, a new WinMSD diagnostics tool, Internet Information Server, and FrontPage 97. New changes to the operating system range from a newly designed Windows 95-style user interface, to distributed computing support with the distributed component object model (DCOM) additions. Also new to the operating system is support for multi-protocol routing of network packets, support for the internet compatible Domain Name Systems (DNS) addressing scheme, and new communication protocols.

The Windows 95 User Interface

Although not completely identical, the new user interface (UI) in Windows NT Server is very nearly the same as that used in Microsoft Windows 95. In short, if you have used Windows 95 for any length of time, you will instantly feel at home. The new UI sports the Windows 95 desktop, replete with the dockable taskbar and Start button for menu access to folders and programs. Icons are used on the desktop to represent objects that you have decided to make accessible without looking through menus or folders, along with the standard icons for My Computer, Network Neighborhood, and so on. Differences between the UI on Microsoft Windows NT Server and their counterparts on Windows 95 include the System Properties Sheet and Device Manager Sheet.

The new UI is attractive and easier to use than its predecessors; however, you're likely only be interacting with the UI for running system monitors and configuring system components and network connections at the server.

Architectural Changes

Though not as immediately apparent as the new user interface, the new architectural changes in Windows NT Server are actually more significant to its utilization as a mission-critical operating system and file server. The fundamental architecture of the operating system is essentially divided into two sections: the user mode section and the kernel mode section. Windows NT Server has proven itself over the years to be a stable operating system, perhaps at the expense of performance. The stability of the system has been a direct reflection of the architectural division of the operating system into the user and kernel mode sections.

With this newest release, Microsoft has moved portions of the operating system that previously operated in user mode to the kernel mode. One of the more surprising changes is that the graphics device drivers that render output to video cards and printers has been moved to kernel mode. This has resulted in performance improvements, especially with graphics intensive applications. However, because a graphics device driver can now directly access portions of memory that were previously physically impossible for it to access, a tradeoff has been made between graphics performance and the stability of the operating system.

As you will typically be using Windows NT Server to configure and administer your network and Microsoft BackOffice solutions, the speed of the graphics will not be nearly as important to you as the stability of the system. It is important to use only tested and approved graphics device drivers on your server to protect your system from problems with poorly written device drivers.

---

TIP: Use a Microsoft Windows NT Workstation system to administer your servers over a network connection. This enables you to safely take advantage of high resolution displays.

---

Task Manager

The Windows NT Server Task Manager, shown in Figure 5.1, is available by right-clicking the taskbar to activate the context menu, or by pressing Ctrl+Alt+Delete. The Task Manager offers substantially more functionality than the Windows 95 Task Manager and is more like a hybrid of the Windows 95 task manager and the Windows 95 System Monitor. The Windows NT Task Manager allows for the monitoring and control of applications and tasks running on the server and enables you to kill processes that are not responding. In addition, the Task Manager reports on important performance metrics, such as CPU and memory usage.

FIG. 5.1

The Windows NT Server Task Manager provides unified access to the management of system processes and peformance measurements.

WinMSD Diagnostics Utility

WinMSD, or Windows NT Diagnostics, is a diagnostics utility available through in the Administrative Tools group. If you have used the diagnostics utility in previous versions of Windows NT Server, you'll find almost the same information available, though perhaps not under the same tab or menu. WinMSD provides information on device drivers, network usage, system resources, IRQ, and I/O address usage. A very welcome feature is WinMSD's capability to remotely examine diagnostic information from other Windows NT computers over the network.

Administrative Wizards

Following the lead of the wizard concept introduced in Microsoft's application software, Windows NT Server provides administrative wizards in the operating system. These wizards give you a quick and easy, though somewhat limited, way to handle some of the more common administrative tasks. The available wizards provide a roadmap for adding a new user account, creating and modifying group accounts, managing file and folder access, adding printers, adding or removing programs, installing new modems, installing or updating network client workstations, and checking license compliance for installed applications (see Figure 5.2). These wizards will take you, step by step, through their specific tasks. Unfortunately, they don't allow for user customization to provide for some of your more difficult or time consuming administrative duties. The tasks they do cover are really pretty easy to perform without using a wizard, but they can be helpful to new administrators.

FIG. 5.2

New administrative wizards in Windows NT 4.0 can be accessed through the start menu under Administrative Tools.

Domain Name System (DNS)

DNS is a distributed database of computer names and IP addresses. This enables your Windows NT Server to resolve such names as GFR.BIGCO.COM to addresses like 155.39.27.8. DNS is distributed in the sense that DNS systems can query each other for entries they may not contain. If your network consists entirely of Windows NT machines, you don't really need to use DNS. If your network is hooked up to the Internet, you still may not need to maintain your own DNS system if you have access to one through your Internet service provider. However, if you are connected to multiple networks and some of those networks are not Microsoft networks, you may need to configure DNS for internetwork operation.

Windows NT Server still supports the Windows Internet Naming Service (WINS), but this standard never caught on outside of Microsoft operating systems and the NetBEUI protocol. WINS is similar to DNS except that its database of names and corresponding addresses is automatically updated, whereas the traditional DNS system must be manually edited to add or change entries. Windows NT Server, in situations where you need to attach your Windows NT network to a DNS network , enables you to combine the two approaches and eliminate administrative headaches. For an in-depth discussion of name resolution, see Chapter L, "Name Resolution with TCP/IP."

Multi-Protocol Routers

Routers are typically thought of as stand-alone pieces of hardware that perform the role of a traffic cop in directing network packets from one part of the network to another. Microsoft Windows NT Server has the capability to route network traffic by itself, without the need for a specialized router. For smaller enterprises, this capability serves as a low cost solution for LAN to LAN routing if your network utilizes TCP/IP, IPX/SPX, or even AppleTalk protocols. However, it is advisable to purchase a hardware routing solution to handle large traffic loads for larger enterprises.

Distributed Component Object Model (DCOM)

Object-oriented software is the new paradigm for modern systems. The Windows NT Server Distributed Component Object Model, or DCOM, is distributed in the sense that software objects can use this service to communicate with each other from different machines over a network. Using Access Control Lists, or shares, you can specify which users have access to specific object servers. A configuration utility called DCOMCNFG is used to configure the individual software objects (see Figure 5.3). Software that you can purchase that can utilize DCOM should have specific configuration information for that specific software component. DCOM configuration is covered in more detail in Chapter 38, "An Inside Look at Distributed Transaction Coordinator (DTC) and Microsoft Transaction Server (MTS)."

FIG. 5.3

The DCOMCNFG utility can be located in the system directory of your Windows NT installation directory.

Internet Information Server

Riding the wave of Internet connectivity and the World Wide Web phenomenon, Microsoft Windows NT Server provides a host of new Internet specific components. The Internet Information Server, or IIS. IIS actually incorporates a World Wide Web server, FTP server, and Gopher server all in one package. Touted as the fastest Web server available today, IIS does offer excellent overall performance, but especially shines when combined with SQL Server to deliver database information via the World Wide Web. IIS supports an API level interface to SQL Server that provides much faster database access through the Web than conventional CGI scripting. Additional information regarding the integration of IIS with SQL Server can be found in Chapter 24, "Dynamic Content with IIS Using dbWeb and IDC." For additional information regarding the setup and configuration of IIS, see Chapter 18, "Building A Web With Internet Information Server (IIS)."

As complements to IIS, Windows NT Server provides Microsoft FrontPage 97, Microsoft Index Server, and Microsoft Proxy Server. FrontPage is used for Web page content creation and includes an HTML editor and wizards to assist in building Web sites that follow a common style, such as the corporate presence and project Web site styles. FrontPage also includes a Personal Server and server extensions. The Personal Server is a scaled down replacement for IIS and only exists because FrontPage is also marketed through the retail channel as a standalone product. Windows 95 users would make use of the Personal Server as the Windows 95 operating system lacks an integrated Web server. The server extensions provide hooks to integrate Web pages created with FrontPage more closely with features provided in IIS. Detailed information about Microsoft FrontPage can be found in Chapter 20, "Using Microsoft FrontPage 97."

The Microsoft Index Server is used for quick indexing and searching of documents for corporate Internet/intranet sites. Index Server searches are not restricted to searching only HTML pages, as do many other search tools. IIS utilizes open standard content filters to search any file type, including Excel and Word formats. Chapter 21, "Implementing Index Server and the Content Replication System," contains detailed information on the administration and use of Index Server.

New Communication Capabilities

Microsoft Windows NT Server has introduced a new TCP/IP based communication protocol in the Point to Point Tunneling Protocol (PPTP). PPTP enables you to "privately" connect to your company network over the Internet, a technique Microsoft refers to as virtual private networking. Essentially, PPTP encapsulates your original packet into an encrypted TCP/IP packet, which is then sent over the TCP/IP network. The TCP/IP network could even include the Internet. When the packet arrives at its destination on the network, it is then decrypted, and the original network packet is restored. PPTP is covered in more detail in Chapter 9, "Using TCP/IP with Windows NT Server."

Another new communication technology introduced with Windows NT Server is Multilink Channel Aggregation. Utilized through dial-up networking, Multilink enables computers dialing into Windows NT Server to use more than one dial up line at a time to achieve higher transfer speeds. For example, two 28.8K modems can be used for one network connection, sending packets through both lines simultaneously. This would provide the same throughput as a single 56K leased line. For information on how to set up and configure Multilink, see Chapter 13, "Implementing Dial-Up Networking Clients."

Verifying Hardware Compatibility

A server's performance directly affects the productivity of everyone who uses it. Select hardware carefully to ensure a fast, yet reliable system. There are many bargain basement hardware systems available that advertise blistering performance at a low price. However, if your server is constructed of lower quality components or isn't completely compatible with your operating system, then your perceived cost savings just became a major expense. Invest wisely in hardware. Important decisions include processor type (Intel or RISC), number of processors, speed of processors, memory capacity, and disk storage capacity.

A Hardware Compatibility List is on the installation CD for Windows NT. This list details hardware that the Windows Hardware Quality Labs has tested and found to be compatible with Windows NT. To be as certain as possible you are making a wise hardware investment, you may want to consider purchasing only listed hardware.

---

TIP: The latest Hardware Compatibility List can be downloaded from the Windows Hardware Quality Labs at www.microsoft.com/hwtest.

---

System Requirements

The minimum system requirements for Windows NT server are described by Microsoft as a 486/33 MHz or higher, or Pentium or Pentium PRO processor with 16M of RAM and 125M of available hard disk space. Never purchase a system that only meets the minimum requirements. It can only be assumed that these "minimum" requirements exist to encourage sales of Windows NT by suggesting that relatively inexpensive hardware can capably run the system. Reasonable performance can be obtained by utilizing a 133 MHz Pentium processor with 32M of RAM and 1 GB of hard disk space. The price of hardware continues to drop at an astonishing rate and this "reasonable performance" hardware requirement outlined above is not an expensive computer. Other BackOffice solutions will require more disk space, and memory seems to make the biggest performance difference, so consider investing in those areas first.

---

TIP: The number of users has the biggest impact on the performance of a server. Microsoft publishes a number of worksheets and whitepapers on planning a Windows NT Server Network; these are available from http://www.microsoft.com/windows/common/aa56.htm. Use such materials to guide you in your hardware purchases.

---

Intel versus RISC

The Intel architecture dominates the Windows NT Server market. Although it is true that the RISC implementations of Windows NT can outperform competing Intel products in many tests, they always perform Intel emulation slower than the native Intel processor. The fact is that the majority of software available for Windows NT was developed on a machine that has an Intel processor and will perform best on that same architecture. Version 4.0 of Windows NT Server has dropped support for the 386 processor (despite the legacy existence of the /i386 subdirectory on the installation CD). If you intend to run any software on the server besides BackOffice, invest in an Intel based machine.

Symmetric Multiprocessing versus Uniprocessor

The vast majority of desktop computers have a single microprocessor. Windows NT Server is the first Microsoft operating system to support more than one processor. In fact, Windows NT Server 4.0 can support up to 4 microprocessors in the standard version you purchase over the counter. Support for more than 4 microprocessors can be obtained by contacting your system hardware manufacturer.

Multiprocessing systems are categorized as being either asymmetric or symmetric. Asymmetric systems typically use one processor for operating system code and other processors for user applications. Symmetric systems, however, can execute operating system code or user code on any available processor. As you can see, symmetric multiprocessing provides a much cleaner way to balance loads on the system and provides for superior throughput. Windows NT Server uses the symmetric processing design.

Multiprocessing systems provide performance advantages when CPU utilization is high. However, as a server, you'll find that your real performance issues will typically be related to the amount of available RAM and hard disk space. A server that has insufficient RAM will page out to the hard disk often and become very sluggish.

---

TIP: Use Performance Monitor to determine whether your server is I/O bound or CPU bound.

---

Memory

You can never have too much memory. Start with at least 32 megabytes. Many manufacturers now install non-parity memory in some systems, but an enterprise server requires parity memory. Expect to pay about a small premium to get parity memory. Parity memory adds one extra bit to each byte, and some extra parity checking circuitry. The parity bit indicates whether the data bit contains an even or odd number of 1's. This scheme can detect memory errors.

Modern semiconductor memory is extremely reliable, and many question the value of parity checking. Parity unquestionably adds expense and slows performance. When the system detects a parity error, the only appropriate response is to stop the system. (Error-correcting parity chips are available, but are more expensive.) Opponents of parity say that failures are extremely rare, and the response to errors (system shutdown) is unsatisfactory. On the other hand, undetected system errors can manifest as bizarre, inexplicable problems, or subtle undetected errors in critical applications. The late Seymour Cray once designed a computer with non-parity memory. In production, the machines displayed anomalous behaviors ultimately traced to memory errors. Subsequent Cray designs used parity memory.

Mass Storage

Your Windows NT server will probably include multiple hard disks, a tape drive and CD-ROM. Windows NT includes excellent support for the Small Computer Systems Interface (SCSI), and the SCSI provides the best support for this variety of mass storage devices. Windows NT Server includes a number of fault tolerance features that work only with SCSI controllers.

Invest in superior performance and reliability. The hard disk subsystem is the hardest working component of a network server, and the component most prone to failure. Invest in a high-end, bus-mastering SCSI controller. Windows NT Server provides software implementation for Redundant Array of Inexpensive Disks (RAID) level 0 (disk striping), level 1 (disk mirroring), or level 5 (disk striping with parity) with ordinary IDE or SCSI drives. However, IDE controllers can only access one drive at a time, whereas SCSI supports parallel access. Windows NT Server also supports sector sparing (hot fixing) on SCSI drives. When the Windows NT Server fault tolerance driver detects imminent failure in a disk sector, it moves the data to a spare sector with no interruption of service.

Note that Windows NT supports only SCSI tape drives. The popular and inexpensive QIC-40 and QIC-80 tape drives, which run from a floppy controller, are not supported. Almost all high-capacity tape drives are SCSI-based; don't invest in anything less than 2G.

You're unlikely to run multimedia applications on your Windows NT Server, so you need not buy the fastest CD-ROM available. An inexpensive double-speed or quad-speed drive will serve nicely. Windows NT prefers SCSI-based CD-ROMs, but a few proprietary semi-SCSI interfaces are supported. A separate CD-ROM interface will use an expansion slot, an IRQ, and a DMA. You might also consider a fast CD-ROM "jukebox" to share as a network resource. This can be particularly valuable to a software development group because so much developers' documentation is now distributed on CD-ROM.

Power Conditioning

Most desktop computers are protected with inexpensive surge protectors. This might be better than nothing, but it certainly will not suffice for an enterprise server. Manufacturers exploit fear of lightning to sell surge protectors, but small power glitches cause far more problems. An IBM engineer tells the story of a customer whose mainframe computer kept randomly rebooting. After weeks of troubleshooting, a crack team of IBM engineers began to torture test the system. They attacked the machine with diagnostic software, rubber hammers, and huge electrostatic discharges, but the machine shrugged it all off (as it was designed to do). However, the machine continued to reboot unpredictably. The team finally traced the problem to a faulty contact in an elevator shaft. When the elevator passed this contact, a brief short circuit interrupted power on the high voltage loop that supplied the computer. A team of IBM's best engineers spent weeks tracking down this problem, which could have been prevented by simple power conditioning.

Less dramatically, a simple power outage can wreak havoc with SQL Server or Exchange Server. A good uninterruptible power supply (UPS) will include an RS-232 connection to signal the attached server when power fails. This signal can trigger a script to shut down the server in an orderly fashion while running on battery power. Because most power outages last less than a minute, the shutdown script might be triggered by a low battery signal from the UPS, rather than by power failure.

Expect to spend at least 300 dollars for a UPS with good power filtering and signaling capabilities. A better UPS will enable you to monitor power quality. Widely used brands include American Power Conversion, Tripp Lite, Clary, and Liebert. Purchase the serial cable to interface the UPS to your Windows NT server from the manufacturer. There is no real standard and the cables are usually specific to the brand of UPS that you purchase. You'll find references to UPS Interface Voltages in the UPS applet in the Control Panel. Again, you will need to refer to documentation from the manufacturer to identify the correct positive or negative settings for each signal. Make it a habit to check the battery each time you shut down the server.

Installing Windows NT Server

The fastest way to install Windows NT is to order it pre-installed on your system. Many hardware vendors now offer this service.

The following section describes, in detail, a typical installation from a supported CD-ROM. Subsequent sections discuss differences when installing from a shared network drive, and issues in upgrading or replacing an existing operating system.

Installing from a Supported CD-ROM

The typical Windows NT installation kit includes three floppy disks and a CD-ROM. The floppy disks include just enough of the Windows NT operating system (OS) to boot up, mount a supported CD-ROM drive, and continue installation from the CD-ROM. This method does not require any previously installed OS and generally allows the greatest flexibility.

If an OS is already installed on the server, you can install from a supported CD-ROM without benefit of floppy disks. Select the drive containing the Windows NT Server CD-ROM, switch to the appropriate directory for your hardware (for example, I386), and run WINNT /b (WINNT32 /b if your current OS is 32-bit). This can be a convenient option when upgrading a prior version of Windows NT. The process copies all files needed for the installation from the CD-ROM to a local hard drive, updates the system files, and then reboots the computer.

The installation proceeds as an interactive dialog session. The Setup program assesses the availability of necessary system resources. If the process encounters a problem, the installation or upgrade will halt. At certain times in the process, the computer will reboot to establish modifications to the computer's configuration. This is normal. If the computer's hard disk drive was originally formatted using MS-DOS, you will notice that it now has dual boot capability. For the duration of the setup process, choose the Windows NT Server 4.0 option when booting.

Follow these steps to install Windows NT Server from a supported CD-ROM:

1. Insert the setup boot disk in drive A and insert the Windows NT Server CD in the CD-ROM drive. Boot the computer.
   
   
2. The setup process begins with hardware detection.
   
   
3. A blue screen with white lettering announces Windows NT Setup. When prompted, insert Setup Disk Number 2.
   
   
4. Setup switches to 50-line video mode while the Windows NT kernel loads. After another few moments, GUI mode starts with the Welcome to Setup dialog box. Press Enter to continue the process.
   
   
5. You will encounter a dialog box concerning mass storage devices not long into the process. These mass storage devices include IDE drives, SCSI drives, CD-ROM drives, or other special disk controllers. If you know other devices are present, but are not listed as mass storage devices, cancel the Setup program at the first opportunity. Check the connections and configuration of these devices. Consult the vendor if necessary.
   
   
6. You will find a 12-page License Agreement that you are supposed to read. After you have done this, press F8 to continue.
   
   
7. The system will present a list of detected devices, such as your display adapter and your keyboard type. If you want to change any item on the list, press the up or down cursor keys to highlight the item you want to change and press Enter. Otherwise, select No Changes and press the Enter key.
   
   
8. The setup process will identify which partitions are available for installation. If you have an existing DOS partition that you want to keep, install Windows NT on a different partition. You will be able to access data on the DOS partition from Windows NT, even if you install with the NTFS option. However, you will not be able to access the NTFS partition from DOS. Unless you have an overwhelming need to access the NTFS partition from DOS, choose the NTFS option for your new server installation. If you have an existing DOS partition that you don't want to keep, the Setup program will convert the partition to NTFS for you.
   
   
9. You will be asked for a directory to install your operating system with a suggested default of WINNT. Choose the default directory.
   
   
10. Setup will then examine your hard disk for errors. You can choose between performing a quick scan or a more exhaustive and time consuming scan. It is best to take the time to do a full examination of your hard disk. As was stated in the previous section "Mass Storage," the hard disk subsystem is a critical component to your system and you should do all you can to make sure that it is working properly. If you have more than one hard drive, the exhaustive examination will examine all of them. This is a non-destructive examination, so any data on an existing DOS partition will remain unaffected.
    
    
11. Setup will copy files to the new drive and partition and reboot to the Windows NT graphical user interface (GUI). A Setup Wizard guides you through the rest of the setup process.
    
    
12. You are prompted for your name and the name of your organization.
    
    
13. Keep your CD case nearby as you are expected to type in the ten-digit CD key on the back of your CD case.
    
    
14. Select a licensing mode for this server. The options are licenses per server and licenses per seat. Determine the number of users this server will support in advance. Take into consideration network growth. In either case, you must complete the License Agreement dialog box.
    
    
15. The next dialog box asks for a name for your computer. This name must be 15 characters or less. This name must be unique on the network. As you type in your computer name, it will appear as all capitals.
    
    
16. You are now asked to specify what type of server you want, and you are presented with the following three choices:
    
    

    • Primary domain controller
      
      
    • Backup domain controller
      
      
    • Stand-alone server
      
      

17. You are now prompted to enter a password for the default Administrator account. The password must be 14 characters or less. Write down this password and keep it in a safe place.
    
    
18. The Setup program offers to create an emergency disk. Go ahead and make one now, but you can make one later using the rdisk utility if you desire.
    
    
19. The next screen enables you to select which components of the operating system you want to install. The components all fall under the following categories:
    
    

    • Accessibility options
      
      
    • Accessories
      
      
    • Communication
      
      
    • Games
      
      
    • Multimedia
      
      
    • Windows messaging
      
      

20. The system then begins to install Windows NT Networking and will present the following options regarding how your computer will participate on a network:
    
    

    • Do not connect to a network at this time.
      
      
    • This computer will participate on a network.
      
      

21. In addition, the way your computer is physically connected to the network must be identified, as follows:
    
    

    • Wired to the network (ISDN or network adapter)
      
      
    • Remotely connect to a network using a modem
      
      

22. The system enables you to identify your time zone and set the date and time.
    
    
23. An auto-detection of your graphics subsystem is performed and a test screen is shown so that you can determine the best display for your needs.
    
    
24. Depending on the options you selected earlier in the setup process, the Setup program will install and configure various files, including Windows messaging, shortcuts, and system security.
    
    
25. If you chose to create an emergency repair disk, the system prompts for the blank floppy at this point. The disk is formatted and configuration files are copied to it.
    
    
26. Setup cleans up its temporary files and enables you to reboot to your new operating system.

---

TIP: Make a backup of the emergency repair disk and store it in a safe place.

---

Installing from a Network Drive

Installing from the network requires a DOS-based network and a shared directory that points to the network directory where the Setup program resides. You can run the Setup program from any computer running Windows NT, Windows for Workgroups, LAN Manager, Novell NetWare, or Banyan VINES. After establishing a connection to the shared network directory, copy all files located in the \I386 subdirectories to the computer on which Windows NT is being installed.

After copying all installation files from the network, switch to the local drive and directory containing the installation files and run WINNT /b (WINNT32 /b from Windows NT or Windows 95).

---

NOTE: The network installation procedure can be modified slightly to install from an unsupported CD-ROM. Just copy all files from the \I386 directory on the NT Server CD to a local hard drive and run WINNT /b.

---

Using the Hardware Profile/Last Known Good Feature

During startup, right after the hardware detection routine executes, the user is given the option to invoke the Hardware Profile/Last Known Good menu, which can be done by simply pressing the space bar when prompted. This option enables a user to select a hardware profile to be used when Windows NT is started. A hardware profile indicates which drivers are to be loaded during the startup process. This is particularly convenient when using a portable computer because it allows for a boot configuration with different video display and network settings at home or on the road. One can create new hardware profiles via the Hardware Profiles option under the System Properties menu (see Figure 5.4).

FIG. 5.4

The Hardware Profiles listing allows for configuring multiple hardware profiles.

The current hardware profile in use is indicated in the list of the list of profiles available for that system. You can disable a network connection or indicate that the profile is for a docked portable computer via the properties option (see Figure 5.5). The startup criteria can also be set to select which profile should be used as default.

FIG. 5.5

Portable computer properties for a hardware profile can be set via the property option.

The user can also select the Last Known Good profile within Hardware Profile/Last Known Good startup menu. This feature can save the day when configuration changes render a server unbootable. Each time the server boots successfully, the current configuration is saved as the last known good profile. Be aware that configuration changes since last successful startup will be lost by using the last known good configuration.

---

TIP: The configuration is actually saved when the first user successfully logs on after startup. To avoid saving the current startup configuration as the last known good configuration, reset before logging on.

---

Using the Emergency Repair Disk

In the event your system fails (that is, the system files, boot sector, or BOOT.INI file become corrupted), and you are unable to restart the computer using the Last Known Good option, an emergency repair can be performed to restore system-type files and configuration preferences established prior to the failure. To repair a Windows NT Server installation, Windows NT Setup uses information saved on the emergency repair disk (ERD) or in the Windows subdirectory called REPAIR.

During installation of Windows NT Server, you are provided the option of creating an ERD. Regardless of whether the disk is created at that time, repair information is written to the REPAIR subdirectory. During a repair of the system, you can direct the program to use the ERD, or the information in the REPAIR subdirectory. If the repair process is successful, the computer will be returned to the condition it was in after the last update to the repair information. Refer to "Installing Windows NT Server" earlier in this chapter for more information on creating the emergency repair disk during Windows NT Server installation.

Creating an Updated Emergency Repair Disk

Windows NT Server automatically creates repair information during installation. However, this information is not maintained dynamically. As the complexion of the server changes due to installation of additional software, you should update the ERD.

The repair disk utility updates repair information and creates an ERD in separate steps. You can update repair information in the REPAIR subdirectory without creating a new ERD. If you create an ERD without first updating the repair information, the ERD will reflect an old configuration. Normally, update repair information and then create a new ERD.

Follow these steps to update repair information and create a new ERD:

1. Log on as an administrator.
   
   
2. Run the RDISK.EXE program (normally found in the WINNT35\SYSTEM32 directory). The Repair Disk Utility message box appears. It tells you the purpose of the utility and warns you against using it as a backup tool. It also has four buttons: Update Repair Info, Create Repair Disk, Exit, and Help.
   
   
3. Click Update Repair Info. The utility updates the repair information stored in the REPAIR directory.
   
   
4. Click Create Repair Disk. The program prompts you to insert a floppy disk.

   ---

   NOTE: Make sure that the disk you are using for the emergency repair disk does not contain important files. Creation of the disk erases all files previously saved on it. Also, the emergency repair disk is not a boot disk, so trying to boot your machine with it will not be unsuccessful.

   ---

5. The program formats the floppy disk inserted in step 4 and copies repair information onto the disk.
   
   
6. Click Exit to close the Repair Disk Utility.

When you create the ERD, the following files are copied from the REPAIR subdirectory to the floppy:

• AUTOEXEC.NT
• CONFIG.NT
• DEFAULT._
• NTUSER.DA_
• SAM._
• SECURITY._
• SETUP.LOG
• SOFTWARE._
• SYSTEM._

The ERD is PC specific and should only be used with the PC on which it was created. Make backup copies of the disk in case the original is corrupted. Be sure to store it in a safe place. Place a label, with the date and description, on each disk created.

Understanding the Emergency Repair Process

Before performing an emergency repair, check to make sure that what the process is attempting to fix is the probable cause of the boot failure. Remember, the server is down, and end users are waiting to use its resources. Use your time wisely and economically to determine the source of the problem and eradicate it. If you have been running Windows NT successfully and it fails to boot, you can use the following simple procedure to try to recover:

1. Verify that the problem has not been caused by changes or failures in hardware. Check all cables for loose or bad connections. Verify new settings on existing hardware. Make sure that any new cards or drives are compatible and have been installed correctly. Any of these can be the cause of boot problems.
   
   
2. Try using the Last Known Good option at the OSLOADER screen. Obviously, this option is only useful if the machine has no hardware problems.

If the preceding options do not succeed, you will need to perform an emergency repair. It is useful to know what occurs when performing this procedure. The following steps are performed by the emergency repair process:

1. CHKDSK is run on the disk partition containing Windows NT system files. On x86-based computers, CHKDSK also is run on the system partition. This verifies that every file in the installation is good through a checksum algorithm. If files are missing or corrupt, they can be restored from the Windows NT Server installation software.
   
   
2. The default system and security registry archives are replaced. Each replacement is contingent upon user confirmation.
   
   
3. The boot loader is reinstalled.

The repair process enables you to repair one or more of the following:

• System filesóSetup checks the Windows NT directory tree against the log file on the emergency repair disk to ensure that all system files are present. If they are missing or corrupt, they can be restored. It also checks the Windows NT files on the system partition and verifies that they are present and in good order.
  
  
• Default system configurationóSetup checks the Registry for errors. If any configuration errors are found, you will have the option of restoring a setting to what it was when Windows NT was installed. User accounts and file security added since installation will be lost, unless they were backed up in \%SYSTEMROOT%\SYSTEM32\CONFIG or updated on the emergency repair disk using the Repair Disk Utility.
  
  
• Boot variablesóSetup restores the boot variables for a particular installation on the hard disk. You must provide the emergency repair disk for this option.
  
  
• Boot sector (x86-based only)óSetup writes a new boot sector on the system partition. If any files are missing or corrupt, the repair restores them from the appropriate Windows NT Setup disk or CD. If you have accidentally changed the system partition on your x86-based computer so that Windows NT no longer starts, Repair restores the original boot configuration so that Windows NT can be started.

---

NOTE: The emergency repair disk may be unable to restore some of the Windows NT system files if additional drivers or third-party software were added after the installation. This includes display and printer drivers, network software, audio adapters, and any other software copied to the system after Windows NT Server was installed. The emergency repair disk will have no information on these files and will be unable to verify them. Troubleshooting and restoration of such files must be done manually, rather than with the emergency repair disk. Think about using backup tapes to restore such drivers

---

See "Making Backups," [Ch 7]

Performing an Emergency Repair

To execute a repair on an x86-based computer, perform the following tasks:

1. If you installed Windows NT using the original Setup floppies, CD, or WINNT.EXE, start setup just as you did originally. That is, insert the first Setup Boot Disk in drive A and start the computer.
   
   
2. When prompted, type R to indicate that you want to repair Windows NT files.
   
   
3. A repairs options screen is presented to the user, which enables the selection of optional tasks to be performed during the repair process. These tasks include the following:
   
   

   • Inspect the Registry files.
     
     
   • Inspect the startup environment.
     
     
   • Verify the Windows NT system files.
     
     
   • Inspect the boot sector.
     
     

4. The user can press Enter and accept the default options, which perform each of these optional tasks.
   
   
5. Setup asks you for the emergency repair disk. If you do not have one, Setup presents a list of the Windows NT installations that it found on the computer, and you can pick one.
   
   
6. Follow the instructions on the screen, inserting the emergency repair disk in drive A and providing any other Windows NT Setup disks as requested. You will be enabled to choose what should be restored. You can bypass a repair on one or more items, but it is not recommended.
   
   
7. When the final message appears, remove the emergency repair disk and restart the computer.

To execute a repair on a RISC-based computer, perform the following tasks:

1. Start the NT setup program as instructed in your manufacturer's supplied documentation.
   
   
2. When prompted, type R to indicate that you want to repair Windows NT files.
   
   
3. Follow the instructions on the screen, inserting the Emergency Repair Disk in drive A and providing other Windows NT Setup disks as requested.
   
   
4. When the final message appears, remove the Emergency Repair Disk and press Enter to restart the computer.

Logging On and Off

Normally, Windows NT Server will run with nobody logged on to the local machine.

Many remote users may log on for the purpose of accessing services, but a local user typically logs on only for server administration or maintenance.

Follow these steps to log on to the Windows NT Server:

1. Press Ctrl+Alt+Del. The Welcome dialog box appears.

   ---

   TIP: You can customize the Welcome dialog box. Add the keys LegalNoticeCaption and LegalNoticeText to the registry at \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon. The values you enter will appear as the caption and text, respectively, of the Welcome dialog box. The user must click OK in this message box to continue the logon process. Use this feature to provide fair warning of the consequences of unauthorized access attempts.

   ---

2. Type a valid user ID in the Username box.
   
   
3. If you are logging on to a domain server, select the domain name in the From drop-down list box. Otherwise, select the name of the local machine.
   
   
4. In the Password box, type the password for the User ID entered in step 3.
   
   
5. Click OK or press Enter.

---

Troubleshooting: Your logon fails. The password in Windows NT is case-sensitive. Check Caps Lock and retype your password. (The user ID is not case-sensitive.)

---

Never walk away from an Windows NT Server while logged on locally as an administrator. The intuitive interface makes it easy for any user to make drastic changes to your network configuration (for example, Disk Administrator, delete partition). Even a well-intentioned person can commit an expensive blunder.

After completing administrative tasks, follow these steps to log off the server:

1. Press Ctrl+Alt+Del. The Windows NT Security dialog box appears.
   
   
2. Click the Logoff button.
   
   
3. A confirmation message box appears. Click Yes.

You can also log off by choosing the Shutdown option from the Start menu.

Shutting Down and Restarting the Server

Occasionally, you will need to shut down the server for routine maintenance or equipment upgrades. Configuration changes often require restarting the server, and a restart begins with a shutdown. It's important to perform an orderly shutdown to avoid data loss.

Because a shutdown disconnects all clients, try to schedule configuration changes for periods of low activity. It's also wise to advise concerned users in advance of any scheduled downtime.

Perform the following steps when restarting the server:

1. Log on as an administrator.
   
   
2. Open Control Panel and select the Services icon. Select the Server service and click Pause. Pausing the Server service prevents new users from logging on. Close Control Panel.
   
   
3. Use Server Manager to contact active users. Select Computer, Send Message, and compose a message asking them to log off. Wait a few minutes to allow them to comply.
   
   
4. Shut down active applications, such as SQL Server and Exchange Server. Shutting down these services may also require disconnecting users.

   ---

   NOTE: Sixteen-bit Windows clients must be running the WinPopup program to receive messages from the Server Manager.

   ---

5. Use Server Manager to disconnect any users who could not be contacted. Select Computer, Properties and click Users in the Properties dialog box. Click Disconnect All in the User Sessions dialog box.
   
   
6. Press Ctrl+Alt+Del. The Windows NT Security dialog box appears.
   
   
7. Click Shutdown.
   
   
8. The Shutdown Computer dialog box appears. To shut down without an immediate restart, click Shutdown and then click OK. To restart the server, click the Shutdown and Restart button, click OK, and continue with step 9.
   
   
9. The server restarts.
   
   
10. Log on as an administrator.
    
    
11. Restart applications and services. Verify successful restart.
    
    
12. Notify users that the server is available.
    
    
13. Log off.

---

TIP: Configuration changes often require a restart before becoming effective. Such changes include installing new or updated drivers and installing certain applications. In such cases, a restart dialog box appears immediately after completing the configuration change. When you know that a configuration change requires a restart, first complete step 1 through step 5 in the preceding list.

---

Getting Connected from a Client Workstation

Most users will interact with Windows NT Server through client workstations. Client sessions typically involve several activities: logging on, using file and print services, using other application services (SQL Server, Exchange Server, and so on), and logging off. A network administrator must know how to configure a variety of workstations to properly perform these tasks.

DOS

Prior versions of Windows NT used software called The Workgroup Connection for DOS to connect DOS workstations. Windows NT Server 4.0 enables you to generate a client setup disk. The software contained on this disk takes better advantage of the Windows NT Server environment, and The Workgroup Connection for DOS should no longer be used.

Windows workstations use the same client software as DOS workstations. Using the PC on which Windows NT Server has been installed, perform the following steps to create a client setup kit for Windows and DOS workstations:

1. Label two formatted high-density floppy disks as Windows NT Server DOS Client Setup Disks 1 and 2.
   
   
2. Insert the Windows NT Server CD-ROM in your CD-ROM drive.
   
   
3. Start Network Client Administrator from the Network Administration program group to display the Network Client Administrator dialog box (See Figure 5.6).

FIG. 5.6

The Network Client main setup menu enables you set up a client workstation from a DOS prompt.

---

NOTE: Network Client Administrator can create either a single network installation startup disk or a set of installation disks. The single disk enables a workstation to boot up, connect to a Windows NT Server, and download the rest of the needed client files. Although this may seem convenient, there are a number of severe limitations, as follows:

• The disk must boot with the same version of DOS as the target workstation. A different disk is required for every DOS version on your network.
  
  
• The disk is specific to the type of network interface card (NIC). A different disk is required for each type of NIC on your network.
  
  
• You must copy all the client setup files to a shared directory on the server.
  
  
• If the procedure fails, you will have to use the multidisk setup kit.

For these reasons, it's best to always use the multidisk install set. The only exception would arise if you have to install many systems of the same type. Then the shortcomings of this method may be offset by an overall time savings, and the avoidance of swapping diskettes during each installation.

---

1. Click the Make Installation Disk Set option button to select the option, and then click Continue. The Share Network Client Installation Files dialog box appears (see Figure 5.7).
   FIG. 5.7The Share Network Client Installation Files dialog box enables you to specify the source of the client installation files.

2. Type D:\CLIENTS (where D: is the letter for your Windows NT Server CD-ROM) in the Path text box.
   
   
3. Click Use Existing Path to select the option.
   
   
4. Click OK to display the Make Installation Disk Set dialog box.
   
   
5. Select Network Client v3.0 for MS-DOS and Windows.
   
   
6. Select a Destination Drive.
   
   
7. Insert the floppy disk labeled Disk 1 in the destination drive and then click OK.
   
   
8. Swap disks as prompted.
   
   
9. Follow these steps to install client software at a DOS or Windows 3.1 workstation:
   
   
10. Identify the make and model of the workstation's NIC. You also need to know the card's IRQ and I/O port settings.
    
    
11. Insert the Windows NT Server DOS Client Setup Disk 1 in the workstation's floppy drive. At the DOS command prompt, type A:SETUP (or B:SETUP, if appropriate) and press Enter.
    
    
12. You will see a typical Microsoft character mode setup screen. Press Enter to proceed.
13. The default directory for installation of the client software is C:\NET. Either accept this default or change it as desired. You cannot install the software in the Windows directory of a Windows 3.1 workstation.
    
    
14. The network drivers use memory on the client. Allocating more memory to the drivers can improve performance, but leaves less memory for other applications. At this point, a dialog box enables you to press Enter to maximize performance; press C to conserve memory.
    
    
15. Enter a computer name of up to 15 characters consisting of letters, numbers and/or the special characters: {, }, !, #, $, %, ^, &, (, ), _, ', and ~. The name must be unique: it cannot match any other computer name or domain name in the network.
    
    
16. The main setup menu appears (see Figure 5.8). Choose Change Names to set the user name, workgroup name, and domain name. Enter the appropriate names, and select The Listed Names Are Correct to return to the main setup menu.

Fig. 5.8
The Network Client main setup menu enables you set up a client workstation from a DOS prompt.

1. Choose Change Setup Options. The Network Client Setup Options screen appears, as shown in Figure 5.9.
   
   FIG. 5.9
   The Network Client main setup options screen facilitates a client workstation installation.

2. Select the Full Redirector or Basic Redirector. The Full Redirector is required for Windows or for dial-in networking. In most other cases, the Basic Redirector is adequate and uses less memory.
   
   
3. Decide whether to run the network client and the Net Pop-Up utility at system startup. If you run the network client, you can also decide whether to log on to a domain during startup. If you choose to load the Net Pop-Up, you can change the default hotkey (Alt+N) to another letter. For most users, you will probably want to run the network client, but not the pop-up (which, of course, consumes additional memory), and log on to a domain.
   
   
4. Select The Listed Options Are Correct to return to the main setup menu.
   
   
5. Choose Change Network Configuration to configure the network adapter and protocols. The Network Client screen appears (see Figure 5.10).
   
   FIG. 5.10
   The Network Client screen enables you to specify the network adapter and protocol for the client being installed.

6. Select the correct network adapter for the workstation in the Installed Network Adapters box. Then select Change Settings in the Options box.
   
   
7. Verify that the Driver, Interrupt, and I/O settings are correct. Change incorrect settings. Select The Listed Options Are Correct to return to the Network Client screen. Repeat steps 13 and 14 for each network adapter.
   
   
8. Use the Tab key to switch between the Protocols box and the Options box. Set up the network protocols appropriate for your network.
   
   
9. Select Network Configuration Is Correct to return to the Network Client main setup menu. Choose The Listed Options Are Correct.
   
   
10. Remove the installation floppy disks and reboot the machine to activate the network client software.

After the client software is installed and activated, the NET command on the client workstation provides access to all network services. Running NET with no command options loads the Net Pop-Up program. The Net Pop-Up provides an intuitive interface for connecting to network drives and printers, but consumes memory.

The NET command also supports a number of command-line options that can be used in batch files. The following are a few of the options:

• NET LOGON logs a user on to the domain specified during setup. User name and password are optional parameters.
  
  
• NET LOGOFF logs the current user off.
  
  
• NET USE <drive> <UNC path> attaches to a shared drive on the network. For example, NET USE F: \\Moby\Users\Larry maps drive F to the shared directory Larry in the Users shared directory on Moby.
  
  
• NET USE <port> <UNC path> [/PERSISTENT:YES] attaches to a shared printer on the network. For example, NET USE LPT1: \\Moby\Laser1 /PERSISTENT:YES redirects the local printer to the shared printer Laser1 on Moby. The /PERSISTENT:YES option causes this device to be automatically reattached when the network client starts, and can be used with drives or printers.
  
  
• NET PASSWORD changes the user password.
  
  
• NET SEND sends a message to a user, domain, or all users on a server. Users must be running the messenger service (or WinPopup) to receive the message. To notify all users that a server will shut down in five minutes, for example, you might use NET SEND /USERS to send the message The server Moby will shut down in five minutes. Please log off. The /USERS option sends the message to all users logged on the server.
  
  
• NET HELP displays a summary of available options for the NET command. You can specify a particular option for more detailed information. For example, NET HELP USE displays information about NET USE.

Windows

To set up networking for Windows (versions 3.1 and later, excluding Windows for Workgroups), first complete the DOS setup described previously in this section and then follow these steps:

1. Start Windows.
   
   
2. Start the Windows Setup program (usually found in the Main program group).
   
   
3. Choose Options, Change System Settings to display the Change System Settings dialog box.
   
   
4. Drop down the Network list box. Select Microsoft Network (or 100% Compatible). Click OK.
   
   
5. Exit Windows Setup and restart Windows.

To use network drives, you can use the NET USE command from DOS as described earlier. You can also use File Manager to connect to network drives or Print Manager to connect to network printers.

Windows for Workgroups

Windows for Workgroups (WFW) is a network client right out of the box. Typically, you need to make only one small change to set up a WFW workstation as a client in a Windows NT Server domain, as follows:

1. Start WFW.
   
   
2. Start Control Panel. Double-click the Network icon. The Microsoft Windows Network dialog box appears.
   
   
3. Click the Startup button. The Startup Settings dialog box appears.
   
   
4. Under Options for Enterprise Networking, enable Log On to Windows NT or LAN Manager Domain. Enter the Domain Name. Click OK.
   
   
5. Click OK in the Microsoft Windows Network dialog box. Close the Control Panel.
   
   
6. Restart WFW.

---

Troubleshooting: A WFW workstation running only NetBEUI cannot communicate with a Windows NT Workstation running only NWLink. The primary network protocol in Windows NT Server 3.5 is NWLink, Microsoft's implementation of the IPX/SPX protocol used on Novell networks. The primary protocol in WFW is NetBEUI. When two nodes on a Microsoft network cannot communicate, a prevalent cause is the lack of a common protocol. To solve the problem, set up a common protocol by installing IPX/SPX on the WFW client or installing NetBEUI on the server.

---

Log on and off the network using the Logon/Logoff icon in the Network program group. Once logged on to a network, use WFW's File Manager to connect to network drives and use Print Manager to connect to network printers.

Windows 95

Microsoft designed Windows 95 as a network operating system from the ground up. Many of the most important networking features in this operating system will become apparent when Microsoft delivers network OLE. Until then, users can still appreciate the seamless access to network resources built into the Explorer shell.

To configure a Windows 95 workstation as a client for Windows NT Server, follow these steps:

1. Open Control Panel. Select the Network icon. The Network dialog box shown in Figure 5.11 appears.
   
   FIG. 5.11
   The Windows 95 Network dialog box facilitates configuration of a client workstation running Windows 95.

2. Double-click Client for Microsoft Networks. The Client for Microsoft Networks Properties dialog box shown in Figure 5.12 appears.

   FIG. 5.12
   The Client for Microsoft Networks Properties dialog box shows the general configurable property options.

3. Check the Logon to Windows NT Domain check box. Enter the appropriate name for the Windows NT Domain.
   
   
4. Click OK. Click OK again in the Windows 95 Network dialog box. Close Control Panel.
   
   
5. You must restart the computer before the new setting takes effect.

The fastest way to connect to a network drive in Windows 95 is to right-click the Network Neighborhood icon from the desktop and select Map Network Drive from the pop-up menu. The Map Network Drive dialog box appears so that you can specify a drive letter and UNC share name. This dialog box does not have a Browse button, so you must know the exact UNC name of the resource. The dialog box remembers shares to which you have successfully connected in the past, and these shares can be displayed for selection by clicking the Path drop-down list box.

You can also access network resources by exploring the network neighborhood. To open a Word document on a server, for example, right-click Network Neighborhood and choose Explore from the pop-up menu. In Explorer, open Entire Network, the domain, the machine, and the share where the file resides, and then proceed down into the subdirectories until you can double-click the file. As depicted in Figure 5.13, for example, the Word document named REVIEW2.DOC can be opened simply by double-clicking it.

FIG. 5.13
Explorer can be used to open a network file.

Windows 95 can use network printers in a couple of different ways. DOS programs print directly to a printer port, so Windows 95 must capture the printer port and redirect the output across the network. Windows and Windows 95 programs do not need to capture a printer port because they can print to any printer defined in the Printers utility. Follow these steps to set up a network printer for use in Windows 95:

1. Right-click the icon for Network Neighborhood and select Explore from the pop-up menu.
   
   
2. Browse until you find the printer you want to use. Then select that printer (see Figure 5.14).
   
   FIG. 5.14
   Selecting a network printer with Explorer is accomplished by finding the desired printer and clicking it.

3. Choose File, Install from the Network Neighborhood menu.
   
   
4. Follow instructions in the Printer Setup Wizard. You may need a copy of the printer driver.

Windows NT Workstation

Not surprisingly, Windows NT is its own best network client. A Windows NT client can remotely administer a server using Server Manager (provided the user is an administrator). A system running Windows NT Server can be a primary domain controller (PDC), a backup domain controller (BDC), or just a server. Each domain has exactly one PDC that is responsible for maintaining the domain's user accounts database and processing domain logons. A BDC maintains an additional copy of the user database and assists with processing logons.

---

NOTE: A system running Windows NT Server can participate in a Microsoft network only as a member of a domain. A system running Windows NT Workstation can be a member of a workgroup or a member of a domain, but not both at the same time

---

To map a network drive, choose Map Network Drive under the Tools option in Explorer and select the drive letter. You may also enter a network path for the connection. By default, you are connected using the username you logged in under. If you want to connect using a different account, enter the appropriate username within the Connect As dialog box. To add a network printer, select the My Computer icon on the desktop and open the Printers folder. Within this folder is an Add A Printer wizard application that will assist with installing and connecting to a network printer.

OS/2

To create a network client setup kit for OS/2 workstations, follow the earlier procedure for DOS clients, but in step 6, select LAN Manager 2.2c as the Network Client or Service. This setup kit requires four high-density floppy disks.

After creating the setup kit, insert the first floppy in drive A and run A:SETUP. See the Installation Guide supplied with the Windows NT Server software package for guidance on running the Setup program and procedures pertaining to OS/2.

Setting Up Auditing

A thorough security policy includes logging of security events. Different organizations will have different logging requirements, and Windows NT provides good flexibility. Auditing can impose a considerable performance penalty, so monitor only those activities required by your security policy.

Windows NT Server can monitor success and failure for each of the following security events:

• Logon and logoffóVery useful information. Performance penalty usually minimal; depends on volume of logon requests processed by the server.
  
  
• File and object accessóFile access can be audited only for files in NTFS partitions. Auditing for selected files must be enabled in File Manager. Auditing for selected printers must be enabled in Print Manager. Moderate to high performance penalty, depending on objects monitored.
  
  
• Use of user rightsóGenerates mountains of extremely detailed access information. Very high performance penalty.
  
  
• User and group managementóVital information. Negligible performance penalty.
  
  
• Security policy changesóVital information. Negligible performance penalty.
  
  
• Restart, shutdown, and system securityóVital information. Negligible performance penalty.
  
  
• Process trackingóCan be useful for troubleshooting. High performance penalty.

Follow these steps to enable auditing on a Windows NT Server domain:

1. Log on as an administrator.
   
   
2. Open the Administrative Tools program group. Double-click User Manager for Domains.
   
   
3. Choose User Manager, Policies, and select Audit. The Audit Policy dialog box appears. If the Do Not Audit option button is selected, the Audit These Events area of the dialog box will be grayed, as shown in Figure 5.15.
   FIG. 5.15The Audit Policy dialog box is showing that no audit options are selected.

4. Select Audit These Events. Note that this area of the dialog box becomes available for use.
   
   
5. Select the list of events you want to audit. Figure 5.16 is a sample of what the Audit Policy dialog box should look like (with the possible exception of event selection) after you have completed this step.
   FIG. 5.16The Audit Policy dialog box allows selecting events to be audited.

6. Click OK to return to User Manager. Choose User, Exit to close User Manager.

Files are usually the most sensitive network resources. Therefore, it is critical that access to certain files and directories be tightly controlled and managed. This ultimately requires that access be monitored from time to time to validate the effectiveness of management controls and access restrictions on selected files or directories. Auditing access can be a very useful capability when such monitoring needs to be done.

---

TIP: The audit access can only be used on NTFS partitions.

---

Perform the following steps to audit access to a selected file or directory:

1. Enable File and Object Access auditing for the domain via the Audit Policy menu.
   
   
2. In My Computer or through Explorer, select the file or directory you want to audit.
   
   
3. Choose File, Properties.
   
   
4. Click the Security tab, and then click Auditing. The Directory Auditing dialog box appears (see Figure 5.17).
   FIG. 5.17The Directory Auditing dialog box is showing the audit policy for the selected group.

5. Set the level at which auditing changes will apply by doing one of the following:
   
   

   • To affect only the directory and its files, select Replace Auditing On Existing Files.
     
     
   • To affect the directory, its files, subdirectories, and subdirectory files, select both Replace Auditing On Subdirectories and Replace Auditing On Existing Files.
     
     
   • To affect only the directory (not the files, subdirectories or subdirectory files), click to clear both Replace Auditing On Subdirectories and Replace Auditing On Existing Files.
     
     
   • To affect only the directory and subdirectories (not files in the directory or subdirectories), select Replace Auditing on Subdirectories and click to clear Replace Auditing on Existing Files.
     
     

6. To add a user or group to Name, click Add and complete the Add Users and Groups dialog box.
   
   
7. Select one or more users or groups in Names.
   
   
8. Under Events to Audit, select Success, Failure, or both for each event you want to audit.

Checking the Logs

The EventLog Service is one of the most useful features of Windows NT Server. It provides a common method for capturing information about system startup, configuration errors, security events, and application events. Information captured here is a primary source for troubleshooting and monitoring performance.

Windows NT Server records a variety of events in its three log files, as follows:

• System logóRecords system events, such as system startup, service startup failure, and browser elections. This log can be useful for troubleshooting.
  
  
• Security logóRecords events selected for auditing. Depending on the audits enabled. This log can grow quite rapidly.
  
  
• Application logóCan be used by applications to record important events.

The logs record five types of events:

• Information eventsóMarked by a letter i in a blue circle
  
  
• Warning eventsóMarked by an exclamation point in a yellow circle
  
  
• Critical errorsóMarked by a stop sign icon
  
  
• Success auditsóMarked by a key icon
  
  
• Failure auditsóMarked by a padlock icon

The EventLog Service starts automatically at system startup. In the next two sections, learn to view logged events and manage the log files.

Viewing Event Logs

To view a log, log on as an administrator, and run Event Viewer from the Administrative Tools group. From the Log menu, select the log you want to view. Figure 5.18 is a view of a System log.

FIG. 5.18

The Event Viewer window is showing detailed audit information for system events.

The Event Viewer displays the date and time and five information columns for each event, as explained in the following table:

Column	Description
Source	Identifies the process that logged the event.
Category	A classification of the event as defined by the source. Applies mainly to the Security log.
Event	A numeric identifier referring to the source.
User	Identifies the user account under which the event occurred.
Computer	Identifies the computer where the event occurred.

To view additional details for an event, double-click the event. You see the Event Detail dialog box, as shown in Figure 5.19.

FIG. 5.19

The Event Detail dialog box provides more information about a selected log event.

In addition to the information from the list view, the detail view presents a description of the event and can include additional data, such as a stack dump.

Managing Event Logs

By default, Windows NT Server allocates 512K bytes for each log and overwrites events older than seven days. Each of these parameters can be configured independently for each log. When it's important to save log data for future reference, the overwrite delay should reflect your archiving schedule (seven days with weekly archiving, for example). Perform the following steps to configure these options:

1. Log on as administrator. Start Event Viewer from the Administrative Tools group.
   
   
2. Choose Event Viewer, Log, and select Log Settings. The Event Log Settings dialog box appears, as shown in Figure 5.20.

FIG. 5.20

The Event Log Settings dialog box enables you to customize the logging of each event type.

1. Select the log you want to configure in the Change Settings For drop-down list.
   
   
2. Set the Maximum Log Size.
   
   
3. Configure Event Log Wrapping. Overwrite Events as Needed grows the log to its maximum size and then overwrites the oldest events with new events. Do Not Overwrite Events retains all log entries so that you must manually purge the log. You might use this option for a sensitive security log, but make sure that the allocated size is adequate.

Logs can be saved (archived) for future reference so that space allocated for the logs can be made available for other uses. Logs can be saved in one of the three following formats:

• Native log file format (EVT)óThis format can be loaded and viewed later with Event Viewer.
  
  
• Text format (TXT)óThis format can be viewed with a standard text editor browser.
  
  
• Comma delimited text (TXT)óThis format can be imported into other applications.

To save a log, follow these steps:

1. Log on as administrator. Start Event Viewer from the Administrative Tools group.
   
   
2. Choose Event Viewer, Log, and select Save As. You see the Windows common file dialog box.
   
   
3. Select the format in which to save the file from the Save File as Type drop-down list.
   
   
4. Specify the directory and file name in which to save the file. Click the OK button.

To clear a log, choose Event Viewer, Log, and select Clear All Events. Be sure to select the correct log first! Event Viewer asks if you want to save the file first and then warns you that clearing the log is irreversible.

From Here...

This chapter taught you how to install your Window NT Server. Your server acumen now includes concepts such as system requirements, features new to NT, audit logs, and emergency repair disks. You learned how to connect to the server from a workstation under a variety of operating systems. For more information on the subjects discussed in this chapter, refer to the following chapters:

• To review the goals and strategies of using the suite of BackOffice products, see Chapter 2, "Characteristics of BackOffice."
  
  
• To review the role the server will play in your organization, see Chapter 4,"Enterprise Planning and Implementation."
  
  
• For information on the day-to-day duties of the network administrator, see Chapter 7, "Administering Windows NT Server."
  
  
• To learn about installing, configuring, and using the Remote Access Service, see Chapter 12, "Implementing Remote Access Service (RAS)."
  
  
• For information on configuring and using Internet Information Server (IIS), see Chapter 18, "Building A Web With Internet Information Server (IIS)."

---

© Copyright, Macmillan Computer Publishing. All rights reserved.