Windows 2000 Fundamentals

Windows NT history

Windows NT4

Windows NT was rewrite of Windows that had a number of advantages over Windows 95 and 98:

NT4 was still widely used by businesses until 2004, when Microsoft finally retired product support for it.  NT4 did not support USB devices.

Windows 2000

Windows 2000 is Windows NT version 5.0.  It comes in two main flavours: Professional and Server.  There were a number of server variants, such as Advanced Server and Datacenter Server, offering special features.


Although My Computer was still a major desktop icon, the focus changed to My Documents as the default folder.  The Start Menu also features "personalized" menus (where rarely-used options are removed from view).

Personal profile data is stored in C:\Documents and Settings.

Server licences

Server versions require client access licences (CAL) for machines accessing the server (excepting web services).  This is organised per server or per seat.

Windows XP / Server 2003

2000 Professional has been replaced by XP Professional (NT5.1).2000 Server has been superseded by Windows Server 2003 (NT5.2).

Windows Vista / Longhorn Server

Windows Vista (NT6) will start to replace XP over coming years.


Modular design

Windows NT is modular: each module has sole responsibility for the function it is designed to provide.  The OS has two pieces (called modes): user mode and kernel mode.

Windows NT architecture

User Mode

Applications programs run in user mode:

The Win32 subsystem is the primary application subsystem.  All 32-bit Windows applications run in the Win32 Subsystem.

Programs use Win32's Application Program Interface (API) to request system services from a kernel mode component.  This protects applications from crashing the system, and against unauthorized user access.

DOS and Windows 16-bit applications are handled by a series of nested subsystems (culminating as always with the Win32 Subsystem).  The NT Virtual DOS Machine (NTVDM) provides a DOS-compatible environment for DOS programs. 16-bit Windows program communicate first with a subsystem designed to handle such applications' 16-bit system calls; these calls are converted to the 32-bit calls used by Windows NT in a subsystem called Windows on Win32 (WOW). These applications also require a NTVDM environment because they also depend on DOS services.

In 64-bit versions of Windows XP and Server 2003 the main subsystem is Win64.  A Windows-on-Win64 (WoW64) subsystem allows 32-bit programs to interact with the 64-bit Windows executive.  Thus programs designed for Win32 can run on Win64.  (This does not include device drivers, which form part of the executive and therefore must be specifically written to be compatible with 64-bit Windows).

The OS/2 and Posix subsystems allow Windows to run programs built for OS/2 or Posix operating systems, where supported.

Security Subsystem supports the logon process.  The Security Subsystem also communicates with the Win32 Subsystem.

Kernel Mode

All code that runs in kernel mode can:

The entire set of services that comprise kernel mode is called Executive Services (or sometimes the Windows NT Executive).

The I/O Manager controls most input and output on the system.

The Object Manager creates, modifies and deletes system objects.  These objects represent a specific instance of a resource (for example, a file, a process, or a port).

The Security Reference Manager (SRM) is responsible for enforcing system security settings by granting or denying access to objects and system resources upon request from the Object Manager. This process relies on data structures known as security access tokens (SATs).

The Process Manager creates and manages system processes. However, process scheduling is handled by the microkernel.

The Local Procedure Call Facility is responsible for communication between processes.

The Virtual Memory Manager handles the allocation and use of the system's memory.  Virtual memory is the physical space on a hard disk that NT treats as though it were RAM. Virtual memory can also be thought of as an extension of RAM, or "fake" RAM.  Memory is divided into 'pages' and is stored in a pagefile on disk.

Window Manager is responsible for providing all of the GUI.  It communicates directly with the Graphics Device Drivers, which in turn communicate directly with hardware.

The five other kernel mode subsystems communicate directly with the microkernel, the very heart of the NT operating system. It handles interrupts, schedules threads, and synchronizes processing activity. The microkernel, in turn, communicates with the hardware abstraction layer (HAL).


NTFS provides file and folder security for both local and remote users on a network by utilizing the user's security identifier (SID) to determine which files that user can access.  Each user has a separate recycle bin.

Each file and folder on an NTFS partition has an access control list (ACL) containing user and group SIDs with the associated privileges of each user and group.

NTFS offers many other advantages over FAT: FAT partitions are limited to 2GB size but NTFS partitions can be up to 2TB (terabytes).  Also, NTFS folders can be automatically compressed to save disk space.

To convert a drive from FAT to NTFS there is a CONVERT command in DOS.

Users & groups

There are two built-in user accounts in Windows NT:

You can create further user accounts by using Administrative Tools > Computer Manager > Local Users and Groups

User management

Network Security

Domain model

Microsoft decided that networks will fall into two designs:

Domain controllers

The Domain Controller acts as a central security manager:

Installing Windows 2000 / XP

To install Windows 2000 or XP you boot from CD and follow on-screen instructions.

If you do not have a bootable CD then you must create boot floppies before starting installation (you'll need four disks).  This is done with the program \bootdisk\makeboot.exe a: on the installation CD.

Administrative Tools

MMC & .msc

Microsoft Management Console converts common system tools into snap-in components (.msc) that can be added to custom toolboxes.  The following toolboxes are all built from preset snap-ins.  You will have the opportunity in later exercises to create your own MMC toolbox.


System services are programs that run in the background; services.msc allows you to start, stop and disable services.

Computer Management

The most important MMC, Computer Management, can be accessed through the Administrative Tools menu.  It can also be executed directly by running compmgmt.msc

This includes:

Disk Management

Disk Management allows you to partition and rename disk drives.  You can decide whether to format drives to use FAT, FAT32 or NTFS.

Disk management

Windows NT incorporates software RAID.

Event Viewer

The Event Viewer (eventvwr.msc) can be used to view three log files:

Event Viewer

The Event Viewer displays information as a set of events of different types:

More information for each event can be displayed by double-clicking the event in question.

Recovery Console


The Recovery Console is a command-line interface to Windows NT5.x that can be used to perform a number of troubleshooting and recovery tasks such as:

The Recovery Console can be installed from the command prompt.  It is then accessible on from the Startup menu by pressing F8.

It is also possible to run the RC by booting from the Windows installation CD.  Select the RC when the repair options are requested.

When using the RC the administrator logon is used.  You must have the administrator's password or you will not be able to use the console!

Recovery Console Commands

Although the RC command-line prompt works like MS-DOS, the external commands are quite different.  There is no FDISK here.

cd Displays or changes the current folder
chkdsk Performs a disk check and produces a report
cls Clears the screen
copy Copies a file to another location
del Deletes one or more files
dir Folder contents listing
disable Disables a system service or device driver
diskpart Manages HDD partitions
enable Enables a system service or device driver
exit Exits the RC
fixboot Repairs the volume boot record
fixmbr Repairs the master boot record
format Formats a disk
help Displays a list of RC commands
logon Logs on to the W2K installation
map Displays any drive letter mappings
mkdir (md) Creates a folder
rmdir (rd) Removes a folder
systemroot Changes to the system root folder for the current system

Practical Exercises

Try the following to familiarise yourself with Windows 2000 / XP features.

Exercise 1 — Advanced Startup Options menu and starting Safe Mode

Action Step-by-step Instructions
Reboot the PC

Click Start - Shutdown

Choose Restart

Click OK

Use F8 to display the Advanced Startup Options menu Press F8 before the Windows startup screen appears
Start Safe Mode Make sure Safe Mode is highlighted and press Enter
Logon as Administrator Logon with a user name of Administrator and a password of password
  What indications are there that you are in Safe Mode?

Exercise 2 — Using the Last Known Good Configuration

Action Step-by-step Instructions
Reboot the PC

Click Start - Shutdown

Choose Restart

Click OK

Use F8 to display the Advanced Startup Options menu Press F8 before the Windows startup screen appears
Start the computer using Last Known Good Configuration

Make sure Last Known Good Configuration is highlighted and press Enter

Press Enter to accept the default profile

Exercise 3 — Using the Recovery Console

Action Step-by-step Instructions
Reboot the PC Boot from CD
Start the Recovery Console At the "Welcome to Setup" screen, press F10 or press 'R' to repair.
Logon to installation 1

A screen appears asking you which installation you would like to logon to?  Press 1 then press Enter

You will be asked for the administrator's password.  Type the administrator's password then press Enter

Your screen should now display C:\WINNT>

Type Help

Press Enter

Press the space bar to page through the list of commands that can be used whilst in Recovery Console

Show the help for fixboot, fixmbr & diskpart commands Type help fixboot then press Enter.  Repeat this step for fixmbr and diskpart
Run the diskpart program Type diskpart and then press Enter
Leave the diskpart program After viewing the diskpart options, press Esc to exit

Type exit then press Enter

This will restart Windows – boot using the default

Exercise 4 — Creating a custom management console

Action Step-by-step Instructions
Run mmc

Click Start – Run

Type mmc in the text entry box

Click OK

Add a snap-in

From the Console menu choose Add/Remove Snap-in

Click Add

Add the Local Users and Groups snap-in to manage the local computer

Scroll down the list until Local Users and Groups

Click on Local Users and Groups

Click the Add button

Click Local Computer in the Choose Target Machine dialogue box

Click Finish

Add the Group Policy snap-in to manage the local computer

From the list of available snap-ins choose Group Policy

Click Add

Click Finish

Click Close

Click OK

Save the console

From the Console menu choose Save

In the File name box type Local Security Tools and click on Save

Close the console From the Console menu choose Exit
Start the console from the Administrative Tools menu

Click Start - Programs – Administrative Tools – Local Security Tools

Leave the console open for the next exercise

Exercise 5 — Modifying a custom management console

Action Step-by-step Instructions
Change the console mode

From the Console menu choose Options

In the Console mode drop-down box choose User mode – limited access, single window

Click OK

Close and save the console

From the Console menu choose Exit

Click Yes to save changes

Start the console from the Administrative Tools menu

Click Start - Programs – Administrative Tools – Local Security Tools

What has happened to the Console menu?