WINDOWS NT 4.0 -- TECHNICAL SUPPORT

Managing NT Resources

Chapter 4: Managing System Policies

Chapter 5: Managing File Systems

Chapter 6: Managing Partitions

Chapter 7: Managing Fault Tolerance

Chapter 8: Supporting Applications

Chapter 15: Implementing Network Clients

Chapter 16: File Synchronization and Directory Replication

Chapter 18: NT Troubleshooting Tools

Chapter 4: Managing System Policies

The Purpose of System Pocicies
Implementing a System Policy
Using System Policy Editor to Manage a System Policy
Key Points
 

The Purpose of System Policies

Note: System Policy Editor is in NT Server only !

Implementing a System Policy

To create a new policy for a domain

1. File >> New Policy

2. To specify the computers to which your Registry-setting changes will apply, you can do the following:

>>Default User -- to change HKEY_CURRENT_USER Registry settings for all computers on the domain.
>>Default Computer -- to change HKEY_LOCAL_MACHINE Registry settings for all computers on the domain.

3. To add to the Registry settings, click Commands on the Edit menu to do the following:

>>Add User -- to change HKEY_CURRENT_USER for specific users
>>Add Computer -- to change HKEY_LOCAL_MACHINE for specific computers.
>>Add Group -- to change HKEY_CURRENT_USER for specific groups.

4. >>File >>Save As -- Ntconfig.pol on the PDC in the Netlogon folder:

systemroot\System32\Repl\Import\Scripts

(note Netlogon is in the Import folder!?)

On domain controllers, NT installation automatically shares this folder as Netlogon

5. Use Server Manager to enable Replication services on all domain controllers so that the Ntconfig.pol file is replicated to the same folder on all BDCs.

  1. User Policy:

    User Policy Specific to the logged_on_User >>Group Policy (only when this user is a member of these groups) >> Default User Policy

  2. + Computer policy: (has higher priority over User Policy)

    Computer Policy specified for this computer >> Default Computer policy

Note: Policies are applied ONLY at the time a user log on. If a user is logged on when a system policy change is implemented, the user must log off and log back on for the policy to take effect.

By default, an NT computer automatically downloads the info in the Ntconfig.pol file from the DC the authenticated the user logon request. However, you can configure an NT computer to implemente a local policy located on a non-DC computer. This is, you are not restricted to using only one system policy in a domain.
 
To use a system policy from a computer that is not a DC -- Use System Policy Editor on NT Server, Create a System Policy file, save it on to an NT Workstation computer (not PDC this time). Steps --
 
on NT Server, System Policy Editor >>Computer Policy >>Network >>System remote update >>change the "Settings for remote update" >> "Update mode" from "automatic (use default path)" to "Manual (use specific path)", and specify the "Path for manual update".
 
Save this system policy file to an NT Workstation computer (by default, in the system_root), as specified in the "Path for manual update".

Using System Policy Editor to Manage a System Policy

The default settings (Default User and Default Computer) can affect the entire domain. To customize System Policy for Users, Groups, and Computers, use the Policy mode >>Edit >> Add User or >>Add Group, or >>Add Computer, to let them have separate entries in the Ntconfig.pol file.

Options >>Group Priority >>Click a group in Group Order >>Move Up or Move Down.

Groups highest on the list have the highest priority.

Note --The order in which groups are evaluated is important if some users belong to more than one group for which policy is defined and if the policy settings in two or more of these groups contain different settings for the same policy. To specify which policy has priority, use Group Order to order the groups.

>> Local User -- to change HKEY_CURRENT_USER Registry settings.
>> Local Computer -- to change HKEY_LOCAL_MACHINE Registry settings.
then >>File >>Save >>File >> Disconnect

Note: You can access the Registry only on computers for which you have administrative permission. The computer can be running any version of Windows NT Workstation or Windows NT Server.

While at the individual computer:

>>File >>Open Registry, Or, >>File >>Connect >>specify a computer name.

>>Default Computer >>Network >>System policies update >>Remote update >>to have registry process error messages displayed on client computers -->>Display error messages.

to download the policy file from a server other than domain controllers -->>Manual (use specific path) in Update mode, and then provide the specific path.

>> save the policy files in the appropriate folder.

Note: You can access the Registry only on computers for which you have administrative permission.

 

Key Points

Chapter 5: Managing File Systems

File system support by NT
Working with File Names
Managing NTFS compression
Key Points

File system support by NT

FAT16, NTFS, and CDFS (read-only).
Note: NT 4.0 or older cannot access FAT32.

You CANNOT convert an NTFS partitiion to FAT. To change NTFS to FAT, you must do:

Back up all files >> Reformat the partition with FAT, using format command or Disk Administrator >>Restore the files from the backup

Working with File Names

NT automatically generates an 8.3 alias for each long file name (LFN) to allow Windows 3.x and DOS-based application to recognize and load LFN files.

  LFN Entry 8.3 Entry
1 My Term Paper A.doc MYTERM~1.DOC
2 My Term Paper B.doc MYTERM~2.DOC
3 My Term Paper C.doc MYTERM~3.DOC
4 My Term Paper D.doc MYTERM~4.DOC
5 My Term Paper E.doc MY0F58~1.DOC
6 My Term Paper F.doc MY6968~1.DOC

All file names characters that are not allowed in DOS are removed, such as spaces.

The conversion takes the first 6 characters of the LFN and uses a ~number to keep the name unique.

If there are already four files with the same first 6 characters, and the exact same 3 characters after the last period in the LFN, then the 5th keeps the first 2 characters of the LFN, but the next four random characters are generated by a hashing algorithm. For example, in above table, MY0F58~1.DOC. Only when the hashing of the middle four character (0F58) fails to generate a unique name, is the ~1 incremented to ~2.

For each LFN on FAT partitions, NT creates one folder entry for its alias and a hidden secondary folder entry for every 13 characters of the LFN. For example, the file name, This is a long Name.txt, is a 23 characters, and has three folder entries: one for the alias and two secondary for the LFN.

Folder entry for storing
Alias Directory Entry THISIS~1.TXT
Secondary Directory Entry 1 This is a Lon
Secondary Directory Entry 2 g Name.txt

The FAT root folder has a hard-coded limit of 512 entries. If many LFN files are stored in the root folder, the user could run out of entries in the root folder; and the user would be unable to create any more LFN files, 8.3 files or folders in the root folder.

NT can be configured to prevent the use of LFN on FAT partiton (by modifying System Policy, or) by changing this registry value to 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\Win31FileSystem

On a FAT partition, a mixed-cased file name generates an uppercase alias, even if the original file name meets the 8.3 requirement. For example, MyFile.txt generates an alias of MYFILE.TXT on a FAT partition. However, this same file on an NTFS does NOT generate an alias.

Managing NTFS compression

NTFS system support automatic compression and decompression of files and folders. Compression can be performed on individual files, folders, and even entire drives.

Note: for performance reason, compression is NOT supported on NTFS partitions with cluster sizes greater than 4 KB.

On a NTFS partition, each file and folder has a compression attribute. Note that if the compression attribute is set for a folder, it indicates that any files created in that folder are automatically compressed.

Note: Any user that has Read and Write permissions can do compressing and decompressing

If NT is installed on an NTFS partition, it is possible to compress the entire systemroot folder and subfolders. However, it is not possible to compress the NT Boot Loader (NTLDR) if you are booting from an NTFS partition on an Intel x86-based computer.

Pageing files cannot be compressed while in use. A closed paging file from another NT installation can be compressed, but when that installation restarts, the paging file is immediately decompressed.

Copying -- the file inherits both the compression attribute and permission of the target folder, regardless from which NTFS partition.

Moving -- if on the same NTFS partition, the file retains its own compress attribute and permission

-- if move to another NTFS partitiion, same as copying, the file inherits both the compression attribute and permission of the target folder (this is because a move between partitions is actually a copy-and-delete operation)

Only when moving on the same NTFS partition, the file/folder retains its own compress attribute and permissions.

Key Points

  FAT NTFS
File name and folder length 255 characters 255 characters
File size 4GB 4GB~64GB actual, 16EBtheoretical
Partition size 4GB 2TB actual; 16EBtheoretical
Attributes Read Only, Archive, System, Hidden Compress, and further extensible
Accessible through many OS' NT only
Built-in security No Yap
Suports file or folder permissions /security No Yap
automatic file and folder de-/ compression No Yap
Transaction-based recoverability No Yap
Support for Macintosh files (for support Services for Macintosh on NT Server) No Yap
Support for POSIX requirements: case-sensitive naming, additional time stamp and hard links. No Yap
Suitable for drives and partitions smaller than 400MB
low system overhead; 		-- larger than 400MB
-- high system overhead
Disadvantage Can decrease performance if drives or partitions larger than 400MB Not efficient for volumes smaller than 400MB because disk overhead are 1-5MB

Chapter 6: Managing Partitions

Partitioning a Disk
Managing Partition Using Disk Administrator
General Maintenance and Troubleshooting

Partitioning a Disk

A hard disk can be divided into maximum of 4 partitions (primary + extended).

If there are four partitions, up to four can be primary (then no extended), but only one can be extended (3 primary + 1 extended).

NT supports several types of partitions -- primary and extended partitions, volume sets, and stripe sets.

Note: the difference between Partitions and Drives:

one primary partition = one dirve (automatically);
one extended partition = one~many drives (you divide the extended partition into logical drives one by one manually) --- that's why should extended partition exist!

Primary partition -- can be marked as active and used by the system to start the computer. A primary partition cannot be divided into smaller partitions.

All partitions used by Win9x or MS-DOS must be formatted with the FAT file system.

On RISC-based computers, the primary partitions created by the manufacturer's configuration program must be FAT, and at least 2 MB in size.

Some OS, such as MS-DOS 5.0, can only recognize only one primary partition per disk, even if they are formated with FAT.

Extended partition -- an extended partition is a method for avoiding the four-partition limit, and for configure a hard disk into more than four logical volumes.

An extended partition is effectively a logical disk. Unlike a primary partition, you do not format the extended partiton, nor is it assigned a drive letter. Instead, you create one or more logical drives within it, and each logical drive is assigned a drive letter. You format each logical drive with a particular file system; this allows additional drive letters for organizing multiple file systems, applications, data files, and so on.

(Note: Primary partitions are assigned drive letters and formatted directly; Extended partitions must be devided into logical drivers at first, then format each logical driver. You cannot format the extended partition directly)

NT System and Boot Partitions -- NT system partition must be a primary partition. NT boot partition can be either a primary or a logical drive in an extended partition. (simply remember this wordings are the opposite to Windows9x and MS-DOS)

A volume set is a partition formed by collecting 2 to 32 areas of unformatted free space on one or more hard disks. Create a volume set when you have disk space from two or more unused areas that can be combined into a single large partition, or when an application requires a larger amount of disk space than you have on any single hard disk.

Each area is referred as a member of the volume set. When creating a volume set, the free space can be an unallocated are within an extended partition, or an unpartition area elsewhere on the disk.

A volume set can combine areas from different types of hard disks, including SCSI, ESDI and IDE.

Guidelines for Managing Volume Sets

Stripe sets are similiar to volume set in that they also combine areas of unformatted free areas into one larger logical drive. And stripe sets, like volume sets, can include disk space from as many as 32 hard disks and can combine areas on different hard disks, such as SCSI, ESDI, and IDE.

The amount of space used on each disk will be equal to the smallest unpartitioned space that you selected on the disks.

Guideline for Managing Stripe Sets

-- Similiar to volume sets in the following ways:

--- Unlike a volume set:

Stripe Set vs Volume Set

Condition Stripe Set Volume Set
Manimum and Maximum areas can be combined 2~32
Can it contain the NT system or boot partition No
Can be accessed by Win95 or DOS No
Can use areas on different types of Hard Disk Yes
Can it created on one hard disk? No (at least 2) Yes
Can be extended after being created? No Yes (NTFS only)
Must the areas combined of about same size? Yes No
Sequence of data writing to areas one row at a time,
evenly across all the physical disks		 area after area
Can improve disk I/O performance? Yes No

Adding hard disks -- There is no need to indicate to NT that a new hard disk has been added. As long as the drivers are installed for the disk controller, NT automatically detects the hard disk and allows it to be partitioned and used.

Removable media --can have only one partition, and it must be primary partition. They cannot be part of a volume set or stripe set, and cannot contain an NT system or boot partition.

NT supports formatting removable media as either FAT or NTFS. However, if the removable disk is formatted as NTFS, the computer must be shut down and restarted to change disks. ?? a floppy is NOT a removable media, you cannot format a floppy as NTFS!

Managing Partition Using Disk Administrator

Can be thought as a graphical NT version of MS-DOS fdisk utility and the MS LAN Manager Fault Tolerance character applications, into one graphical interfac, for managing hard disks (no operations of floppy disks).

Disk Administrator cannot be used to further partition the system partition because it contains files required to operate Windows NT Server.

The first time Disk Administrator run, or one or more disks have just been added, you will be prompt to write a 32-bit signature that identifies the disk (s). This signature is written in the Master Boot Record. Even if a disk if moved to a different controller, or its identification is changed, Disk Administrator and the NT fault tolerance (Ftdisk.sys) recognize it. (Note: fault tolerance is included ONLY in NT Server)

Writting a signature is a safe operation and will not affect ability to access this disk from other operating systems, such as DOS.

Note: You can open Disk Administrator only if you are logged on as a member of the Administrators group.

Use >>Disk Administrator >>Partition >>Create / Creat Extended ... to create a new partition

Use either of the 2 ways to format a partition:

Partitions except the NT system and boot partitions and a partition containing an open file (i.e. Pagefile.sys) can be deleted at any time using Disk Administrator.

To remove the system and boot partitions --

Creating volume sets --

Extending volume sets

Deleting volume sets

Stripe sets CANNOT be extended

Stripe sets are created/deleted similarly to volume sets, but with more restrictions. Each member partition of the stripe set must be on a different disk up to a limit of 32 disks. Also, Disk Administrator will make all the partitions approximately the same size.

Disk Administrator divides the total size by the number of disks to create equal-sized unformatted partitions in each of the selected disks and assigns a single drive letter to the collection of partitions that make up the stripe set. If you choose a number that cannot be divided equally, Disk Administrator rounds to the closest higher or lower value.

Operating systems that do not have stripe-set functionality, such as MS-DOS, cannot recognize any stripe sets that are created by NT. If you create a stripe set on a dual-boot computer, those partitions become unusable by MS-DOS.

If you make changes and commit to them upon quitting, Disk Administrator makes the requested changes and displays a message when the disks have been successfully updated. Sometimes after you click OK, another message will advise you that changes have been made that require you to restart the computer. This happens when, for example, you extend a volume set, lock a volume, or search for or restore disk configuration information. When you click OK, Disk Administrator initiates a complete system shutdown, closes all open applications, and restarts the computer.

NT assigns partition numbers to all primary partitions before assigning partition numbers to any logical drives within an extended partition. (refer to the illustrations on page 226)

Important! -- If the NT boot partition resides on an extended partiton that was subsequently renumbered, then the Boot.ini file must be manually updated so that it point to the boot partitions.

Refer to the illustration on page 228.

  1. Starting with Disk 0, the first primary partition on each disk is assigned a consecutive drive letter, begining with the active system partition as drive C.
  2. Then, starting with Disk 0, logical drives on each disk are assigned the next consecutive letter(s).
  3. The remaining primary partition on each disk with assigned partitions are each assigned a letter.

In summary, drive letter sequence are assigned in this order/cycle: first primary partition on every HD -> logical drives ->remaining primary partitions

Note:

General Maintenance and Troubleshooting

Disk configuration info is initially stored on the Emergency Repair Disk (ERD) and in the systemroot\Repair folder at system installation. Every time when a changes is made to hard disk(s), Disk Administrator provides an option for saving the info and updating the ERD.

Restoring computer disk configuration info is useful when:

You can use the Repair Disk utility Rdisk.exe (in systemroot\System32 folder) to update the repair info, or to create a new Emergency Repair Disk using the repair info currently saved on your hard disk.

The repair information on your hard disk or your ERD can be used to reconstruct NT system files, system configuration, and startup environment variables if they become damaged.

The Repair Disk utility should not be used as a backup tool.

Chapter 7: Managing Fault Tolerance

Fault Tolerance
Recovering from Hard Disk Failure

Fault Tolerance

Fault tolerance is designed to combat problems with disk failures, power outages, or corrupted operating systems. Fully fault-tolerant system include redundant disk controllers, power supplies, and UPSs.

Always remember that fault-tolerant system should never be used as a replacement for the regular backup of servers and local hard disks. A carefully planned backup strategy is the BEST insurance for recovering lost of damaged data.

RAID (Redundant Arrays of Inexpensive Disks) provides fault tolerance by implementing data redundancy -- data is written to more than one disk in a manner that allows recovery of the data in the event of a single hard disk failure. RAID technology is standardized and categorized in levels. NT supports two software implementation of RAID:

RAID 1 -- mirror set, and RAID 5 -- stripe set with parity.

Hardware and Software Implementation of RAID

RAID fault tolerance can be implemented as either a hardware or software solution. Consider the following points when deciding whether to implement fault tolerance in hardware or software:

Note:

RAID 1:Mirror Sets

Mirror sets use the NT fault tolerance driver (Ftdisk.sys -- Fault tolerance ) to simultaneouly write the same data to two physical drives.

Hardware Requirements for a Mirror Set -- one controller, two (drives on different) physical disks

Note: NT Server configure fault tolerance at level of logical drive letter, not the physical disk level. The two members of a mirror set have the same driver letter. (but the two member must on two different physical hard disks controlled by the same disk controller!).

Features of RAID 1:

Disk Duplexing -- each physical disk in the mirror set has its own controller. In this way, the mirror set is protected against both controller failure and disk failure.

Without disk duplexing, i.e. both physical disks that comprise a mirror set are controlled by the same disk controller, then when the disk controller fails, both members of the mirror set are inaccessible.

Disk duplexing also reduces bus traffic and potentially improve READ performance.

Hardware Requirements for a Disk Duplexing -- TWO controllers, two (drives on different) physical disks

Disk duplexing is a hardware enhancement to NT Server mirror set. No additional software configuration is necessary.

RAID 5: Stripe Sets with Parity

Parity is a mathematical method of verifying data integrity. Fault tolerance is achieved by adding a parity-info stripe to EACH disk partition in the volume.

RAID 1 vs RAID 5

RAID 1 -- Mirror Sets RAID 5 -- Stripe Sets with Parity
Supports/Can be implemented on both FAT and NTFS
Can mirror system or boot partiton Can NOT mirror system or boot partiton
Uses 2 and only 2 hard disks Requires minimu 3, maximum 32 hard disks(same as Stripe Set)
Improved read performance Better read perf. than RAID 1, especially with multiple controllers
Slightly decreased write performance. Slower write perf (due to parity calculation)
Use less system memory Use more system mem for parity calculation
Can Win95/MS-DOS access? should Can Win95/MS-DOS access? No
Higher cost per MB (50% utilization) Lower cost per MB
(overhead = 1/n, n is the the number of HD's in use)

RAID 1 (mirror set) and 5 (stripe set with parity) can coexist on the same computer.

Because a stripe set with parity cannot include the system or boot partition, consider protect the system and boot partitions in RAID 1, and protecting the remaining data in RAID 5.

When implementing RAID 5, same as when using stripe sets --

Recovering from Hard Disk Failure

When a member of a mirror set or a stripe set with parity fails, the fault tolerance driver directs all I/O to the remaining member(s). This ensures continuous service.

You can configure the computer to send administrative alerts (use Server Manager) to notify the specified accounts that this failure has occured.

Note: if the failed disk is part of a mirror set that contains the boot partition, and if the failed disk is the primary physical drive, then a fault tolerance boot disk will be required to restart the system.

  1. Break the mirror set (using Disk Administrator -->Fault Tolerance >>Break Mirror) first, in order to replace the failed member.

Note: Regardless of which disk contains the fault, when the mirror set is broken using the Disk Administrator command, the secondary/mirrored member is assigned the next available drive letter of the computer. Therefore,

  1. If the failed drive is the primary member, assign the drive letter that was for the complete mirror set to the working member, i.e. the secondary/mirrored member.

  2. Delete the failed partition.

  3. Using free space on another disk, create a new mirror set relationship.

Note: Use Event Viewer to look at the System Log to determine which partition/member failed.

If a member of a stripe set with parity fails, the computer continues to operate and to gain access to all data, however, with decreased system preference, because the fault tolerance driver needs to use the parity bits to regenerate the missing data in RAM.

To regenerate the data and return the computer to it previous performance level, use >>Disk Adminstrator >>Fault Tolerance >>Regenerate

When making a mirror set for the boot or system partition, it is important to create a fault tolerance boot dik for use in case of physical disk failure. (Remeber only mirror sets can provide fault tolerance for the boot and system partitions). Steps to make a fault tolerance boot disk:

  1. Format a disk using NT Server (a Fault Tolerance Boot Disk must be formatted on NT Server! remember there is NO fault tolerance in NT Workstation)

  2. Copy the following files from the primary partition of the NT Server computer (x86-based) :
    Ntldr, Ntdetect.com, Boot.ini, and if exist-- Ntbootdd.sys (for SCSI disks not using SCSI BIOS or is disenabled), and Bootsect.dos (if it's dual boot)

    For RISC-based computer: Osloader.exe, Hal.dll, and *.pal

  3. Edit Boot.ini to change the operating system entry (ARC paths) to point to the mirrored copy of the boot partiton

    why the file is named BOOT.ini

    • ARC is used to tell where is your NT operating system

    • the NT operating system, i.e. the \winnt\system32... folders, is on the BOOT partition

  4. Test the boot disk to ensure it works and boots using data from the mirrored copy of the boot partition.

Creating a fault tolerance boot disk for recovery of a mirrored boot or system partition requires editing the ARC (Advenced RISC Computing) names in the Boot.ini file. 

[boot loader]
timeout=18
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00"
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00 [VGA mode]" /basevideo /sos

As in the Boot.ini file above, the ARC path points to location (s) of the operating system files. Two ARC Formats are multi and SCSI naming:

multi(x)disk(y)rdisk(z)partition(a)
scsi (x)disk(y)rdisk(z)partition(a)

Convention Description
multi /scsi scsi... indicates a SCSI controller on which SCSI BIOS is not enabled (i.e. when file Ntbootdd.sys exists). Remember, use scsi only when Ntbootdd.sys exists.

multi represents all other adapter or disk controllers, including SCSI with BIOS enabled so that the SCSI disk is accessed by the SCSI BIOS.

(x) Ordinal number, starting from 0, of the hardware adapter.
disk(y) SCSI bus number. For multi, this value is always 0
rdisk(z) Ordinal number of the disk. For scsi, this value is always 0 (ignored actually)
partition (a) Ordinal number of the partition starting with 1.
Note: all non-extended partitions are assigned numbers first, followed by all logical drives in extended partitions.

Example1: (refer to the illustration on page 255)

A NT Server computer has two adapters -- one multi adapter, controlls 2 hard disks: the 1st HD has two partitions -- drive letter C: and F: the 2nd HD also has two partitions -- driver letter D: G:
The scsi adapter, 1 HD, has 1 partition, driver letter -- E:

When Boot Partition is located on ARC Path is
drive C: 
multi(0)disk(0)rdisk(0)partition(1)
drive G: 
multi(0)disk(1)rdisk(1)partition(2)
drive E: 
scsi (0)disk(0)rdisk(0)partition(1)

Note: ARC path uses ordinal numbers for partitions on each HD. Don't mix them up with the Drive Letters of the system!

Chapter 8: Supporting Applications

NT Architecture Overview
Subsystem Overview
Task Manager
Supporting Win32-based Applications
Supporting MS DOS-based and Win16-based Applications
Supporting Applications on Different Hardware Platforms
Distribute Component Object Model
Managing Applications

NT Architecture Overview

NT is designed to run applications written for existing OS' such as MS-DOS, OS/2, Win3.x. It achieves this through environment subsystems, which emulate different os environments.

NT uses two processor modes -- user mode and kernel mode, to maintain operating efficiency.

Less privileged processor mode than kernel mode, and has no direct access to hardware. Code running in user mode are only in its own address space. It uses well-defined os APIs to request system services. Applcations, and the subsystems that support them, run in user mode.

Process -- when an application is started, a NT process is created. A process is implemented as an object. An object consists of an executable program, a set of virtual memory addresses, and one or more threads.

Threads -- are objects within processes that run program instructions. They allow concurrent operations within a process and enable one process to run different parts of its program on different processors simultaneously.

Object -- any piece of info, created by using Windows-based application, that can be embedded or linked into another document.

Subsystem Overview

NT supports applications by using environment subsystems, which provide API services to applications written for a specific environment or operating system. An environment subsystem in NT is an intermediary between an application and the Executive Services. The environment subsystem translates the instructions from the application into instructions that the Executive Services can carry out.

There are 4 subsystems -- POSIX, Win32, OS/2 and Security subsystems. Among them:

Common operating system functions are implemented once in the Executive Services, rather than duplicated in each subsystems. This reduces the effort required to develop new subsystems and make them easier to maintain.

In NT 4.0 (different from NT 3.x), the Win32K Window Manager and GDI are incorporated into the Executive Services. Having Window Manager and GDI run in kernel mode enhances system performance. (Win32K Window Manager and GDI are responsible for handling all GUI-related I/O requests, maintaining dispaly, and providing a common GUI for all applications)

-- the privileged mode of operation in which the code has direct access to all hardware and all memory, including the address spaces of all user mode processes.

The memory architecture of NT is a demand-paged, virtual memory system. It is based on a flat, linear 32-bit address space, which allows each process in NT have access to up to 4GB of memory, in other words, NT can provide up to 4GB memory space for each application.

Virtual Memory -- with virtual memory, all applications seem to have a full range of memory addresses available. NT does this by giving each application a private memory range called a virtual memory space and by mapping that virtual memory to physical memory. Each virtual memory space has room for 4GB of addresses. This address space is made up of 1MB (1,048,567) of 4KB pages ( NT maps physical and virtual memory addresses in 4KB blocks called pages).

Virtual RAM allows hard disk space to be used as if it were additional memory. In this manner, the user mode processes have access to more memory than is actually available on the system.

Note: kernel mode processes /applications run ONLY in physical RAM. Or, ONLY user mode applications can be paged to the virtual RAM.

Virtual Memory Process-- this process makes use of the paging file(s), or in other name swap file, on the hard disk (pagefile.sys). The process of managing which pages are stored in RAM, and which are stored in the paging file, is called demand paging.

Task Manager

Task Manger is used to monitor and prioritize applications and processes, and to view system performance data.

Supporting Win32-based Applications

Supporting MS DOS-based and Win16-based Applications

MS-DOS-based applications run in a special Win32-based application called an NT Virtual DOS Machine (NTVDM), which provides a simulated MS-DOS enrironment.

Each MS-DOS application has it own NTVDM, and each has a single thread. Each NTVDM is independently supported in its own address space, so that if an failed NTVDM will not affect all other NTVDMs.

A NTVDM comprises of Ntvdm.exe, Ntio.sys (equivalent of MS-DOS Io.sys), Ntdos.sys (equivalent of MS-DOS Msdos.sys), and Virtual Device Drivers (VDDs) -- to allow DOS applications to access the system hardware (Remeber, DOS applications attempt to access hardware directly, while in NT applications that run in user mode can not directly access hardware).

An NTVDM can be customized for a specific MS-DOS application by changing setting in the application's PIF (program info file), which is in fact the same as the properities of the shortcut to that MS-DOS application.

To create, modify, and save PIFs (automatically) ->>NT Explorer >>right-click the application file name >>Properties >>OK ... The PIF (shortcut) for that application is created.

Autoexec and Config NT file names

Note: the Autoexec.nt and Config.nt are used only for backward compatibility for DOS programs

In NT, PIFs have the Autoexec filename setting and the Config filename setting (such settings are NOT available in Win3.x PIF). This character allows you to specify a different Autoexec and Config files for any specific DOS application.

The default file names are Autoexec.nt and Config.nt, in systemroot\System32 folder.

To specify different Autoexec and Config files -->> right-click the DOS application PIF (shortcut) >>Program >>Windows NT... >> type in the Autoexec filename and Config filename

Note:

WOW (Win16 on Win32) is a 32-bit user-mode program in NT that allows Win16 applications to run in a Win32 environment.

Win16 applications are primarily designed to run in Win3.x, which is itself an MS-DOS-based program, therefore Win16 applications require an NTVDM and WOW (operates in the context of this NTVDM).

WOW environment consist of several components -- Wowexec.exe, Wow32.dll, krnl386.exe, User.exe, Gdi.exe, and the Win16 applicaiton running in the WOW.

WOW thunks, or translates, 16-bit calls to 32-bit calls. Thunking is the process of translating 16-bit calls into 32-bit calls and vice versa.

WOW provides nonpreemptive multiprocessing (or cooperative multiprocessing) environment for which Win16-based application were designed. By default, a single NTVDM starts when the first Win16 application is initialized, and all Win16-based applicaitons run in that same NTVDM and WOW. Thus,

WOW has these limitations:

Multiple NTVDMs for WOW -- to resolve the above-mentioned limitations of a default single NTVDM of for WOW

Win16-based applcations can be configured to run in their own memory spaces, on an application-by-applcation basis, thereby creating multiple NTVDMs.

If a Win16 application is configured to run in its own memory space, a new NTVDM is created when it starts, and a new WOW application environment within that NTVDM.

Advantages of Multiple NTVDMs, i.e. running Win16 applications in separate NTVDMs (memory spaces) -- if compare to default single NTVDM for all Win16 applications

Disadvantages of Mutiple NTVDMs for Win16 applications

Starting a Win16 Application in its own NTVDM -- /separate

A Win16 application can be started in its own NTVDM in any of the following ways:

  1. >>Command Prompt >> Start /separate executable_path_and_name

  2. >>Start >>Run >>Open executable_path_and_name, check Run in Separate Memory Space check box (if this check box appears dimmed, either this application is not 16-bit, or the file cannot be found)

  3. From a shortcut >>Properties >>check Run in Separate Memory Space check box. If you want to configure a Win16 application always start in a separate NTVDM, create a shortcut for the application.

  4. NT Explorer >>View >>Options >>File Types >>click the Win16 application >>Edit >>edit the open line to include the /separate switch: 

cmd /c start /separate <path><application_name>

Note: Once started, the default (shared) NTDVM and WOW application environment remains open, even if all Win16 applications that were running in it were closed. (use Task Manager to close the shared NTDVM and WOW).

When a Win16 application is started in a separate memory space, an additional NTVDM and WOW is started. When you close this Win16 app., it NTDVM and WOW is also closed. However, the default NTVDM is not affected, as always.

Supporting Applications on Different Hardware Platforms

Hardware
Platform		 Win32
Applications		 POSIX
Application		 Win 3.x, DOS
Applications		 OS/2
Applications
Intel x86

Source-compatible

Binary-compatible
RISC

Distribute Component Object Model

Distribute Component Object Model (DCOM) uses remote procedure calls (RPCs) and NT security features, such as permissions, to enable application to communicate across networks. One example of an application requiring DCOM would be a stock quote service.

DCOM is network OLE -- that is, COM with a longer wire. It uses the same tools and technologies as COM.

DCOM has its roots in Microsoft's object technology, which has evolved over the last decade from DDE (Dynamic Data Exchange, a form of messaging between Windows programs), OLE (Object Linking and Embedding, embedding visual links between programs within an application), COM (the Component Object Model, used as the basis for all object binding), and ActiveX (COM enabled for the Internet).

RPC provides the basis of communication and interoperability between the various DCOM services. RPCs allow an application to carry out procedures on a remote computer. DCOM uses an RPC to enable existing application to interact across multiple computers in a network.

Before you can use an application with DCOM, you must use DCOM Configuration to set application properties, such as security and location. Note:

To configure DCOM:

>>Command prompt (or >>Start >>Run) >>dcomcnfg

For additional info on DCOM, see Appendix E- The Distributed Component Object Model

Managing Applications

NT Command Prompt (Cmd.exe) starts a 32-bit character mode interface to NT and all of its subsystems.

Note: Starting the Command Prompt does not start an NTVDM. An NTVDM only starts when an MS-DOS-based application is launched.

Command Prompt can be used to:

Configuring the Command Promp

  1. Configuring the default settings for any instance of Command Prompt that the logged-on user runs.

>>Control Panel >>Console

Each user can configure default settings for the Command Prompt. The settings are stored on a user-by-user basis in this registry entry:

\HKEY_CURRENT_USER\Console

  1. Configuring Individual Command Prompts

To configure a Command Prompt that is currently running, in the upper-left corner of the Cmd.exe window >>click MS-DOS icon >>Properties, to configure in one of the two ways:

Priority levels range from 0 to 31. The base priority in normal (8). Critical system applications use higher priorities; others can use lower levels.

Priority Used by
0-15 Dynamic applications: User application and most system function that are not crucial to the performance of the system and can be written to the page file.
16-31 Real-time applications, such as the kernel, that cannot be written to the page file.

Running applications at a specified priority

In a preemptive, multitasking operating system such as NT, the microkernel schedules threads for the processor in order of their priority and interrupts running threads if a higher priority thread is ready to run.

  1. To start an application and change its base priority -->use Start command and one of these options:
option sets base priority to
/realtime 24
/high 13
/normal 8
/low 4

For example, to start notepad.exe at low priority -->> Start /low notepad

  1. To change the base priority class after an application that has started:
    Ctrl+Alt+Del >>Task Manager >>Processes >>right-click a process>>Set Priority

Note: Only users with Administrator privileges can use the /realtime option.

  1. To changing Foreground Application Responsiveness -- relative priority of foreground and background applications

>>Control Panel >>System >>Performance >>move the slid in the Boost settings of "Application Performance"

None -- the foreground applicaiton priority is not changed. All foreground and background applications retain base priority levels. Use this setting when all applications are equally important to the current task.

Middle -- the foreground applicaiton priority increases by one level; backgrouond applications maintain base priority levels.

Maximum -- the foreground applicaiton priority increases by two levels; backgrouond applications maintain base priority levels. Use this setting to run an important application the must receive as much CPU time as possible, but still allow background applications to have minimal access to system resources.

Note: priorities changed in this way are relative, that is, if a foreground applicaiton priority is changed, background applications' priority are changed correspondingly.

Chapter 15: Implementing Network Clients

NT Server 4.0 Licensing
Clients incleded with NT Server
Network Client Administrator
Client-based Network Administrator Tools
Services for Macintosh

NT Server 4.0 Licensing

Clients incleded with NT Server

For a computer to access a NT, the client software must be installed and configured on that computer. On NT Server, NT Workstation, Win9x, the client software is automatically installed during installation of the operating system. For other operating system, such as MS-DOS, that does not include the networking components required to access NT, MS provides networking client software on the NT Server 4.0 compact disc. Such as:

· Microsoft Network Client version 3.0 for MS-DOS
· Microsoft LAN Manager version 2.2c for MS-DOS clients
· Microsoft LAN Manager version 2.2c for MS OS/2 clients
· Microsoft Remote Access Service client version 1.1 for MS-DOS
· Microsoft TCP/IP-32 for Windows for Workgroups version 3.11
· Microsoft Windows for Workgroups version 3.11
· Microsoft Windows 95 operating system

Note: NT Server 4.0 also supports WfW as a client, but does not include the WfW software. Because the version of TCP/IP included with WfW does not support DHCP and WINS, NT Server provides an add-on product, TCP/IP-32 for WfW 3.11, which supports DHCP and WINS.

Network Client Administrator

You can use Network Client Administrator to do the following:

The software installation files are in the CLIENTS Directory of NT Server Setup CD. If you choose "Make Network Installation Disk Set" >>Copy Files to a New Directory, and then Share ... All files in the CLIENTS Directory of NT Server Setup CD are copied to the NT server, and shared. To save hard disk space, delete any folders that are not needed from the Clients folder.

Using the Network Client Administrator, you can quickly install network client software by creating a network installation startup disk or an installation disk set.

The type of installation disk you need to create depends on the type of software you intend to install. To determine whether you need to create a network installation startup disk or an installation disk set, see the Help topic "Determining the Type of Disk You Need to Create."

After you have installed the network client software on the target computer, you can install RAS for MS-DOS, TCP/IP-32 for WfW, or client-based network administration tools.

What Network Client Administrator can be used to do?

With Network Client Administrator, you do perform the four tasks:

You can create network installation startup disks for the following network operating systems and clients:

· NT Server 3.5, 3.51, and 4.0
· NT Workstation 3.5, 3.51, and 4.0
· Windows 95
· WfW 3.11
· Network Client for MS-DOS 3.0

· Network Client version 3.0 for MS-DOS
· LAN Manager version 2.2c for MS-DOS clients
· LAN Manager version 2.2c for MS OS/2 clients
· Remote Access Service client version 1.1 for MS-DOS
· TCP/IP-32 for Windows for Workgroups version 3.11

Note: the installation disk set can be used only for the specific client or service you selected. If you have multiple computers with different client(s) or service requirements, you must make separate installation disk sets for each network client or service.

NT Server includes Client-based Network Administration Tools to use on NT Workstation and Windows 95 clients. These tools enable you to administer NT Server, LAN Manager for MS OS/2, or LAN Manager for UNIX from a Windows-based computer.

Note: you must install DLC protocol before install Remoteboot service

To start Network Client Administrator

-->>Start >>Programs >>Network Administrative Tools >>Network Client Administrator.

Client-based Network Administrator Tools

NT Server includes Client-based Network Administration Tools to use on NT Workstation and Win 95 clients. These tools enable you to administer NT Server, LAN Manager for MS OS/2, or LAN Manager for UNIX from a Windows-based computer. You have greater control when using a NT Workstation client because more of these tools are available for NT Workstation clients than for Windows 95 clients.

To use any of the Client-based Network Administration Tools, you must be a member of the Administrators local group at the computer you administer.

In Network Client Administrator, use the Copy Client-based Network Administration Tools option to:

After you copy and share the Client-based Network Administration Tools, clients can install them by connecting to the share.

You can install the following Client-based Network Administration Tools on an NT computer Workstation:

You can install the following Client-based Network Administration Tools on a computer running Windows 95:

In addition, when you install these tools, extensions are added to Explorer and My Computer to allow you to change security on NTFS drives, manage NT printers, and manage NT Servers running FPNW. <and to create new shares??>

Services for Macintosh

NT Server Services for Macintosh (SFM) is a thoroughly integrated component of Microsoft Windows NT Server that makes it possible for PC and Apple Macintosh clients to share files and printers.

With SFM, Macintoshes need only the Macintosh operating system software to function as clients; no additional software is required. You can, however, set up the optional user authentication module, which is software that provides a secure logon to the NT Server.

After SFM is set up, an NT computer Server can also function as an AppleTalk router. Routing capability is supported for AppleTalk Phase 2.

After installing Services for Macintosh on a Windows NT Server computer, you can use the MacFile option in Control Panel or the MacFile menu in Server Manager to configure the Services for Macintosh server. You can also use the MacFile menu in File Manager or Server Manager to configure Macintosh-accessible volumes.

In summary, file sharing, printer sharing (and spooling for Macintosh users), Simplified administration, and AppleTalk routing

· File sharing -- For many applications that have versions for PCs and for Macintoshes, users of both versions can work on the same data file using SFM. When Macintosh users view directories on the server containing these data files, they see the files represented by the appropriate icon (Macintosh-style).

Even though the MS-DOS, OS/2, and Windows NT file systems differ greatly from that of the Macintosh operating system, both PC clients and Macintosh clients can use the same files stored on the server. SFM works in the background to make this possible.

For example, some people in your department use Microsoft Excel for Windows. Others prefer using Microsoft Excel for Macintosh. With SFM, these users can work on the same spreadsheet files.

· Printer sharing -- Clients can send print jobs to either a printer for PCs or a Macintosh-based printer. With SFM, all users can send print jobs to all printers. Moreover, you can control all of the print queues from a single location your NT computer Server or Windows NT Workstation.

SFM provides additional benefits for Macintosh users who use AppleTalk printers -- it provides spooling. With spooling, Macintosh users can start other tasks as soon as they send a print job to the NT Server, where print jobs are stored until a printer becomes available. Without spooling, users must wait until the print job completes before doing anything else.

· Simplified administration -- For example, you have several Macintoshes that you’d like to put on the network. With SFM, you don’t need a Macintosh server: Your NT computer Server can provide file sharing and file security for your Macintoshes and PCs.

By using your NT Server computer with Macintosh clients, you have only one list of users to maintain instead of two (one on a NT Server and one on a Macintosh server).

It also ensures a consistent file-level security for PC and Macintosh users. SFM translates file permissions, which adds a level of security to your network. SFM translates Windows NT file permissions and Macintosh-style permissions (referred to as access privileges by Macintosh users). The reverse is also true: Macintosh-style permissions are translated to Windows NT permissions for PC users .

Note: Both Administrators and Server Operators can administer SFM.

· AppleTalk routing support -- For example, suppose you want to connect an AppleTalk internet (a group of two or more AppleTalk physical networks). With SFM, you can attach networks with Macintosh clients to create an AppleTalk internet.

Version 6.0.7 or later (including System 7™ or higher) Macintosh OS, and AppleShare (the Apple networking software for the Macintosh). These include all Macintoshes except the Macintosh XL and Macintosh 128K.

In addition, SFM supports version 6.x or later of the LaserWriter printer driver, and the AppleTalk Filing Protocol version 2.0 and 2.1.

Volume size limitations of Macintosh client:

· For Macintosh clients older than version 7.5, the volume size must not exceed 2 GB.
· For version 7.5 or later Macintosh clients, the volume size must not exceed 4 GB.

Note: SFM supports LocalTalk, ethernet, token ring, and FDDI. Ethernet and token ring are commonly used when integrating Macintoshes into PC networks.

SFM can be installed during or after NT Server installation -->>Control Panel >>Services >>Add >>Services for Macintosh

If you remove SFM and later decide to set it up again, you must use the Windows NT Server distribution disk and installation program to copy the required SFM files to the server. Removing SFM deletes the distribution files (except Macintosh-accessible volumes) instead of disabling them.

Note You must be an administrator or have administrator permissions to use the Network icon in Control Panel.

-- Creating a Macintosh-Accessible Volume

A Macintosh user shares a file with PC users by storing that file in a Macintosh-accessible volume on the NT Server. After SFM setup, a MacFile menu (in Server Manager) is added for creating Macintosh-accessible volumes. Similar to creating a share (shared directory) for PC users, you can designate a directory as a Macintosh-accessible volume.

To create a Macintosh-accessible volume -->>File Manager >>select the directory that you want to designate as a Macintosh-accessible volume >>MacFile >>Create Volume

All Macintosh-accessible volumes must be created on an NTFS partition or on a CDFS volume. If you specify a CDFS volume, the Macintosh-accessible volume will provide read-only access. (In this case, CDFS volume refers to a hard disk volume.)

Note: If the directory is to be accessed by PC clients as well as Macintosh clients, make sure you share the directory using the Share As command on the Disk menu and designate it as a Macintosh-accessible volume.

Note: Machintosh computers have a maximum partition size of 2GB. If Macintosh clients access a NT Server with an NTFS partitions of more than 2GB (for version <7.5; from 7.5, partition limitation is 4GB), the clients may get a message that there are 0 bytes available.

When you set up SFM, the following are automatically started or enabled: AppleTalk Protocol, File Server for Macintosh, and Print Server for Macintosh.

· The AppleTalk Protocol -- is the layer of AppleTalk Phase 2 protocols that delivers data to its destination on the network. The AppleTalk Protocol can be configured through the Network icon in Control Panel.

· File Server for Macintosh (also called MacFile) -- allows you to designate a directory as a Macintosh-accessible volume, ensures Macintosh filenames are legal NTFS names, and handles permissions. When set up, File Server for Macintosh commands appear in Windows NT Server File Manager and Server Manager under the MacFile menu.

· Print Server for Macintosh (also called MacPrint) -- enables both Windows/DOS and Macintosh clients to send print jobs to either AppleTalk (usually PostScript devices) or non-AppleTalk printing devices. Allows all network users to send print jobs to a spooler on the NT Server and continue working; they need not wait for their print jobs to complete. Windows-based users can also review the print jobs in the Printers folder.

In addition, setting up SFM creates a Control Panel icon that gives you the same server administration capabilities as the MacFile menu (excluding volume management) for the local computer.

Chapter 16: File Synchronization and Directory Replication

NT Briefcase
Directory Replication Overview
Preparing for Directory Replication
Managing Directory Replication
Troubleshooting Directory Replication

The Briefcase and the Directory Replicator service are used to minimize the adminsstation involoved in updating files over network. The Briefcase supports mobile and distributed computing by transparently synchronizing updated files. The Directory Replicator service replicates info such as logon scripts, user profiles, and system policies from a designed export server to one or more import computers.

NT Briefcase

The NT Briefcase allows users to copy files to their Briefcase, take their Briefcase with them, either on a disk or portable computer, modify the files in the Briefcase, and then on reconnecting to the network, synchronize the files with the original source.

Briefcase can be deployed in any organization where employees spend a significant amount of time working on files off-site. It can also be used to synchronize centrally located files with copies on local computers. In addition, it is possible to have a Briefcase synchronized with files on a network server.

For example, network or mobile users can connect to a file source (or centrally located files), drag files from it to their Briefcase and then work on these files. When the work on the files is complete, the user synchronizes files without having to move the updated file copies out of the Briefcase or manually replace the original files. The Briefcase notes whether either copy of the files has changed, and then updates the unchanged copy. If both copies of the files have changed, Briefcase notes that, but does not automatically update the copies. You can then choose which, if either, file to replace.

The Briefcase Database

The Briefcase Database stores the info required to snychronize files. If it is deleted, it is impossible to synchronize updated files.

The Briefcase Database files are stored in the Briefcase folder, but NOT displayed from NT Explorer. These files may be accessed only from command prompt.

Using the Briefcase

Directory Replication Overview

NT Directory Replication service is used to maintain identical folder hierarchies, which could include:

The master directory is maintained on a designated NT Server. Updates made to the files in the master directory are replicated to the other designated computers.

Directory replication makes the same files available at multiple servers. This is useful when a user logs on, because logon scripts must reside on the domain controller that validates the logon. In addition, directory replication helps to balance loads between multiple servers when several users need simultaneous access to file, typically read-only file, thereby avoiding overburdening any one server.

Directory Replication Components

Replicating directory info requires an export server that replicates updated info and one or more import computers that receives a copy of these updated files.

Export /Import Directory and Subdirectories

systemroot\System32\Repl\Export

(This directory is shared as Repl$ when the Directory Replicator Service is started. )

Caution: Files must be placed in subdirectories in the systemroot\System32\Repl\Export directory. Any files placed directly in the directory are NOT replicated.

What computer(s) can be an export server and import computers

The directory replication process

The Directory Replicator service controls the replication process. Periodically, the export server checks the export directory for changes. If any changes have occurred, --> export server sends update notices to the import computers or domains --> import computer calls the export server and reads the export directory when it receives an update notice -->The import computer copies any new or changed files to its import directory, and deletes any of the import files that are no longer in the export directory.

The parameters that control the Directory Replicators service are located in this registry path: 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Replicator\Parameters

Preparing for Directory Replication

Any computer running NT Server can be set up as an export server. (NT Workstation cannot be an export server). Before you set up an export server, you must perform these tasks on the export server:

  1. Create a user account, such as replicator, for the Directory Replicator service to use. This account is added to the domain's Replicator and Backup Operators groups, and all logon hours are allowed. (use User Manager for Domains to create a user account)

  2. From Server Manager >>Computer >>Services >>Directory Replicator, or
    >>Control Panel >>Services >>Directory Replicator, configure this service to start automatically and log on as the directory replicator user account.

  3. Create/place the directories to be exported. They must be subdirectories of the replication export path, usually C:\systemroot\ System32\Repl\Export.

  4. From Server Manager, configure the export server to export files to other computers or domains.
  1. If the import computer is not part of the export server's domain or a trusting domain, create a replicator account (using User Manager for Domains).
  1. Use the Directory Replication dialog box to configure the Directory Replicator service to start automatically and to log on as the directory replicator user account.

    Directory Replication dialog is accessed either from Server Manger or >>Contorl Panel >>Services

  1. configure the import computer to receive files from other servers or domains, using Server Manager >>double-click the computer >>Replication

Note: On the import computer you do not need to create the import subdirectories. A subdirectory is automatically created the first time it is imported.

Tip: You can set up a server to replicate a directory tree to itself (from its export directory to its import directory). This replication can provide a local backup of the files, or you can use the import version of these files as another source for users to access, while preserving the export version of the files as a source master.

Managing Directory Replication

Server Manager is used to configure a server as export server, to specify which computer to export to, and to manage the directories to be exported from the export server.

Replicating Logon Scripts -- among DCs only

A logon script is an optional file that runs each time a user logs on. It can be a batch file (.BAT or .CMD filename extension) or an executable program (.EXE filename extension). A logon script path is a local path to the directory where logon scripts are stored.

When a server processes a logon request, the system locates the logon script by combining a file name specified in User Manager for Domains with a path specified in Server Manager (this means all logon scripts must be stored in ONE folder on a DC).

For NT Workstation computers, the logon script path cannot be changed from the default (usually, systemroot\System32\Repl\Import\Scripts)

For a domain, master copies of every logon script should be stored under one replication export directory of one domain controller, either the PDC or a BDC. Copies of these master logon scripts should be replicated to the other servers of the domain. Then, for every other domain controller, the path to imported logon scripts must be entered in Logon script path of the Directory Replication dialog box (->>Servrices...).

If this is done, only one copy of each logon script will need to be maintained, yet every server that participates in authenticating domain logons will have an available, identical copy of all user logon scripts.

Note: The logon script path cannot be administered for NT member server or NT Workstation computers. On these computers, store logon scripts in C:\systemroot\System32\Repl\Import\Scripts or in subdirectories of that path.

Locks -- on an import computer, you can use locks to prevent imports to subdirectories. Locking a subdirectory on an import computer affects replication to only that computer.

Replication of Multiple Directory Trees -- Solution: set up multiple export servers!

Suppose you have a domain where you want to replicate two directory trees -- one for logon scripts and one for other data. The groups of computers that need to import the two trees are different. The four domain controllers need the logon scripts. However, only two of the domain controllers and two NT Workstation computers need to import the other data. The best solution is to set up different servers as the export servers of the scripts directory tree and the data directory tree.

Remember that a single export server has only one list of import computers to which it replicates. If you set up only a single export server for the two directories, it exports both directory trees to all import computers, even though not all import computers use both directory trees.

Note: in a domain, you can have multiple export servers, and an import computer can receive Directory Replication from more than one export servers.

Troubleshooting Directory Replication

When the Replicator Service generates an error, an event is written to the application log. You view the error using the Event Viewer. Some common problems (as logged in the application log): 

systemroot\System32\Repl\Import\Scripts

Note: The logon script path CANNOT be administered for NT member Server or for NT Workstation computers (in other words, only domain controllers can be). So you have to store the logon scripts manually. ??

Chapter 18: NT Troubleshooting Tools

Diagnostic Tools

Resources for Troubeshooting

Diagnostic Tools

Note: Event Viewer, NT Diagnostics, Performance Monitor can be used for remote computers, as well as local computer.

An event is any potentially significant occurence in the system, or in an application. Event logging starts automatically each time you start an NT computer. With event log and Event Viewer, you can troubleshoot various hardware and software problems and monitor NT security events.

There are three kinds of event logs:

For example, if you enable Logon and Logoff auditing using User Manager for Domains, attempts to log on to and log off of, the system are recorded in the security log.
 
Note:
 
-- System and application logs can be viewed by all users; security logs are accessible only to administrators.
 
-- By default, security logging is turned off. To enable security logging, run User Manager for Domains to enable auditing and to determine what event to audit.
 
Log Files can be saved in one of the three formats:

  • Windows NT Diagnostics

    •

    Windows NT Diagnostics (WinMSD.exe in System32 folder) is a recommanded tool to browser a computer's hardware and operating system data stored in the NT registry.

    There are 9 tabs on the NT Diagnostics:

    Version -- NT version, registered to whom, number of processors installed ...

    System -- type of motherboard, CPU, etc.

    Display -- info about video adapter

    Drives -- info on all of the current installed volumes, grouped by types such as removable drives, hard disks, CD-ROMs, and network drives.

    Memory -- how memory is being used in the system. Shows also how much memory are being used by the Kernel and the page file.

    Services -- all loaded services and device drivers

    Note: to check the dependencies of a service or device driver, click the Dependencies tab (from >>Services >>Properties). For a service or device driver to operate, all of its dependencies must be runing.

    Resources -- shows all state of useage of all the hardware in the computer. When viewing Devices, double-click a device will show all the resources that a device is using. To prevent hardware conflicts, review the Resources tab before install new hardware.

    Environment -- environment variables that NT uses.

    Network -- info about the current network session. The General tab shows which domain or workgroup you are logged into, which account. The Transport tab shows what transport protocols are being used. The Settings shows current network-related settings. The Statistics tab shows network statistics.

    Note:

  • Performance Monitor

    •

    Performance Monitor is a graphical tool for measuring the performance of your own computer or other computers on a network. With Permormance Monitor, you can gauge your computer's efficiency, identify and troubleshoot possible problems, and plan for additional hardware needs. You can also alerts to notify you when resource use reaches a specific value.

    You can view the behavior of objects, such as processors, memory, cache, threads, and processes on a computer. Each of these objects has an associated set of counters that provide info about device usage, queue lengths, delays, and info used to measure throughput and internal congestion.

    It provides charting, alerting, and reporting capabilities that reflect both current activity and ongoing logging. You can open, browse, and chart log files later as if they reflected current activity.

    The following overview lists how you use Performance Monitor to view the performance of objects:

    Use Performance Monitor by selecting in this order: --> computers, either local or remote >>objects of a selected computer >>counters of an object for tracking

    To create a chart to display performance data in real time:

    ->Administrative Tools >>Performance Monitor >>View >>Chart, >>Edit >>Add to Chart >>selecet-- Computer, Object(s), Counter(s) >>Add ... >>Done

    Three counters for the Processor and System objects are particularly useful for identifying problems:

  • Network Monitor Tools and Agent

    •

    Used to capture and display frames (also called packets) in order to detect and troubleshoot problems on LANs. For example, you can use Network Monitor to diagnose hardware and software problems when two or more computers cannot communicate.

    To install Network Monitor ->> Control Panel >>Network >>Services >>Add >>Network Monitor Tools and Agent... After installation, it appears on the Administrative Tools (Common) menu.

    Network Monitor Agent, available with both NT Server and NT Workstation, simply collects packet info from the network. Remeber Network Monitor Agent CANNOT display or analyze captured info!

    Network Monitor Tools, available with only NT Server, display and analyze the captured info.

    Features:

  • System Recovery -- when a STOP error occurs

    •

    NT allows you to configure the way your system responds to a STOP error (or fatal system error, or blue screen) by using the Recovery utility ->>Control Panel >>System >>Startup/Shutdown >>Recovery:

    Recovery

    When a STOP error occurs, do the following:

    Write an event to the system log

    Send an administrative alert

    Write debugging information to

    Overwrite any existing file

    Automatically reboot

    Notes and Tips

    Appendix -- Miscelleous troubleshoot issues

    Corrupted Boot Sectors

    i.e. the MBR is damaged -- use MS-DOS utility FDISK and issuing teh command at the C:\> prompt: fdisk /mbr

    With the /mbr switch, FDISK will write a new master boot record to the hard disk. You may see this problem if you turn off sector translation in the BIOS of your hard disk controller. Try changing sector translation setting before issuing this command.

    This command will not have an adverse effect on your system -- even if it doesn't correct the problem.

    Corrupted Partition Tables

    You have to create new partitions, format them and reinstall NT

    Booting error:

    STOP: 0x0000007E: Inaccessible Boot Device

    Problem: The NT loader cannot access the hard disk. Some SCSI adapters do not conform to the complete SCSI standard may cause this problem.

    Solution: If you have just added a SCSI controller to an NT computer that boots from an IDE hard disk, make sure no SCSI device is set to id 0 (or otherwise disable bootable SCSI hard disks). If not, the boot.ini would refers to the wrong partition number.

    Using the ERD

    The Emergency Repair Disk (ERD) stores mainly some of the configuration info of the Registry, it can be used to (partially) restore the Registry.

    Rdisk.exe is used to create or update the ERD.

    ERD includes the SAM (Security Account Manager) database, disk configuration, and numerous other system parameters.

    To perform an ER, you need to use the 3 NT Startup floppies, ERD and probaly, the installation CD.

    When performing an ER process, you can choose if to restore any of the registry hives that are stored in ERD.

    NT Boot Disk or ERD, which to Use?

    The NT Boot Disk, as it contains only 3~5 NT boot files (Ntldr, Ntdetect.com, boot.ini, and maybe also Ntbootdd.sys, bootsect.sys) which are at the root of NT system partition, can only be used to fix simple problem related to corrupted/missing boot files, or wrong ARC path in boot.ini.

    More severe problem, such as missing/corrupt system files in the boot partition, or damaged Resgistry configuration, the Boot Disk will be of no use. You can use the ERD to perform a repair process in these cases.

    Troubleshooting Application Errors -- Dr. Watson

    The NT utility Dr. Watson is specially for troubleshooting application, it automatically detects, diagnoses, and logs application errors (in binary crash dump files).

    To configure Dr. Watson for using specific parameters, run DrWtsn32.exe command.

    Recordes that Dr. Watson generates are, by default:

    For more info on Dr. Watson for NT, click here

    Memory.dmp and User.dmp

    Memory.dmp is generated when a STOP (a.k.a. the blue screen) error occurs, which is caused by NT sytem failure(s). You specify it via >>Control Panel >>System >>Starup/Shutdown tab >Recovey. Contents of Memory.dmp can be viewed with the DumpExam.exe utility.

    User.dmp is generated by Dr.Watson from application errors; it's a binary dump file which can be loaded into Windows Debugger

    Both the dump files are all located in the systemroot (typically the C:\Winnt folder) by default.

    A Resource Cannot be Used or Deleted even by the Administrator

    Why -- the resource, e.g. a directory/file, was created and assigned permissions under a previous installation of NT that has been overwritten (NOT during a upgrading). Now the old administrator account that no longer exists is the owner. Because NT assigns a new security ID to the new administrator during the new installation, no current user has the permission to use or delete the resource.

    Solution -- an administrator can take ownership of it and then reassign permissions as necessary.

     

    Resources for Troubeshooting