Windows 2000 Fundamentals
Windows NT history
Windows NT4
Windows NT was rewrite of Windows that had a number of advantages over Windows 95 and 98:
- More stable, modular architecture
- Built-in security
- Better protection against crashes
- Available for Intel 386-family processor and also Dec Alpha and MIPS processors.
- Server versions, which provide extra programs for managing networks; built-in Internet Information Services (IIS) web server.
NT4 was still widely used by businesses until 2004, when Microsoft finally retired product support for it. NT4 did not support USB devices.
Windows 2000
Windows 2000 is Windows NT version 5.0. It comes in two main flavours: Professional and Server. There were a number of server variants, such as Advanced Server and Datacenter Server, offering special features.
Person-centred
Although My Computer was still a major desktop icon, the focus changed to My Documents as the default folder. The Start Menu also features "personalized" menus (where rarely-used options are removed from view).
Personal profile data is stored in C:\Documents and Settings.
Server licences
Server versions require client access licences (CAL) for machines accessing the server (excepting web services). This is organised per server or per seat.
Windows XP / Server 2003
2000 Professional has been replaced by XP Professional (NT5.1).2000 Server has been superseded by Windows Server 2003 (NT5.2).
Windows Vista / Longhorn Server
Windows Vista (NT6) will start to replace XP over coming years.
Architecture
Modular design
Windows NT is modular: each module has sole responsibility for the function it is designed to provide. The OS has two pieces (called modes): user mode and kernel mode.
User Mode
Applications programs run in user mode:
- No direct access to hardware
- Programs are limited to assigned memory address spaces
The Win32 subsystem is the primary application subsystem. All 32-bit Windows applications run in the Win32 Subsystem.
Programs use Win32's Application Program Interface (API) to request system services from a kernel mode component. This protects applications from crashing the system, and against unauthorized user access.
DOS and Windows 16-bit applications are handled by a series of nested subsystems (culminating as always with the Win32 Subsystem). The NT Virtual DOS Machine (NTVDM) provides a DOS-compatible environment for DOS programs. 16-bit Windows program communicate first with a subsystem designed to handle such applications' 16-bit system calls; these calls are converted to the 32-bit calls used by Windows NT in a subsystem called Windows on Win32 (WOW). These applications also require a NTVDM environment because they also depend on DOS services.
In 64-bit versions of Windows XP and Server 2003 the main subsystem is Win64. A Windows-on-Win64 (WoW64) subsystem allows 32-bit programs to interact with the 64-bit Windows executive. Thus programs designed for Win32 can run on Win64. (This does not include device drivers, which form part of the executive and therefore must be specifically written to be compatible with 64-bit Windows).
The OS/2 and Posix subsystems allow Windows to run programs built for OS/2 or Posix operating systems, where supported.
Security Subsystem supports the logon process. The Security Subsystem also communicates with the Win32 Subsystem.
Kernel Mode
All code that runs in kernel mode can:
- Access the hardware directly
- Access all memory.
The entire set of services that comprise kernel mode is called Executive Services (or sometimes the Windows NT Executive).
The I/O Manager controls most input and output on the system.
The Object Manager creates, modifies and deletes system objects. These objects represent a specific instance of a resource (for example, a file, a process, or a port).
The Security Reference Manager (SRM) is responsible for enforcing system security settings by granting or denying access to objects and system resources upon request from the Object Manager. This process relies on data structures known as security access tokens (SATs).
The Process Manager creates and manages system processes. However, process scheduling is handled by the microkernel.
The Local Procedure Call Facility is responsible for communication between processes.
The Virtual Memory Manager handles the allocation and use of the system's memory. Virtual memory is the physical space on a hard disk that NT treats as though it were RAM. Virtual memory can also be thought of as an extension of RAM, or "fake" RAM. Memory is divided into 'pages' and is stored in a pagefile on disk.
Window Manager is responsible for providing all of the GUI. It communicates directly with the Graphics Device Drivers, which in turn communicate directly with hardware.
The five other kernel mode subsystems communicate directly with the microkernel, the very heart of the NT operating system. It handles interrupts, schedules threads, and synchronizes processing activity. The microkernel, in turn, communicates with the hardware abstraction layer (HAL).
NTFS
NTFS provides file and folder security for both local and remote users on a network by utilizing the user's security identifier (SID) to determine which files that user can access. Each user has a separate recycle bin.
Each file and folder on an NTFS partition has an access control list (ACL) containing user and group SIDs with the associated privileges of each user and group.
NTFS offers many other advantages over FAT: FAT partitions are limited to 2GB size but NTFS partitions can be up to 2TB (terabytes). Also, NTFS folders can be automatically compressed to save disk space.
- MS-DOS and Windows 95 support FAT (i.e. FAT16) only.
- NT4 supports FAT and NTFS.
- Windows 95b, 98 and Me support FAT and FAT32
- Windows 2000 / XP / Vista supports FAT, FAT32 and NTFS
To convert a drive from FAT to NTFS there is a CONVERT command
in DOS.
Users & groups
There are two built-in user accounts in Windows NT:
- Administrator
- Guest (disabled by default)
You can create further user accounts by using Administrative Tools > Computer Manager > Local Users and Groups
Network Security
Domain model
Microsoft decided that networks will fall into two designs:
- Workgroups — small peer-to-peer networks.
- Domains — larger networks whose security is centralised
Domain controllers
The Domain Controller acts as a central security manager:
- PDC: The Primary Domain Controller stores all passwords and acts as the boss of the network.
- BDC: A Backup Domain Controller keeps copies of the PDC's passwords and may authenticate users but may not change password info. A BDC can be 'promoted' to PDC temporarily in the event of PDC failure.
Installing Windows 2000 / XP
To install Windows 2000 or XP you boot from CD and follow on-screen instructions.
If you do not have a bootable CD then you must create boot floppies before
starting installation (you'll need four disks). This is done with the
program \bootdisk\makeboot.exe a: on the installation CD.
Administrative Tools
MMC & .msc
Microsoft Management Console converts common system tools
into snap-in components (.msc) that can be
added to custom toolboxes. The following toolboxes are all built from
preset snap-ins. You will have the opportunity in later exercises to
create your own MMC toolbox.
Services
System services are programs that run in the background;
services.msc allows you to start, stop and disable services.
Computer Management
The most important MMC, Computer Management, can be accessed through the
Administrative Tools menu. It can also be executed directly by running
compmgmt.msc
This includes:
- Disk management — essentially NT4's disk administrator, it carries out partitioning and formatting and allows the creation of disk-spanning volumes.
- Disk defragmenter — an improved defragging tool that defrags a disk while it is in use.
- Local Users and Groups — the user manager
- Event Viewer — system logs
- Device Manager — hardware control
Disk Management
Disk Management allows you to partition and rename disk drives. You can decide whether to format drives to use FAT, FAT32 or NTFS.
Windows NT incorporates software RAID.
Event Viewer
The Event Viewer (eventvwr.msc) can be used to view three log
files:
- System Log — Contains information about service load failures, hardware conflicts, driver load failures etc.
- Security Log — This log holds the audit data for the system.
- Application Log — Contains information regarding application errors such as file errors or General Protection Faults.
The Event Viewer displays information as a set of events of different types:
- Information — Significant events that describe successful operations such as driver starting or the event log service starting.
- Warning — Events that may indicate future problems such as when the system runs low on disk space.
- Error — Significant problems such as service failures and device conflicts.
- Successful Audit — Security access attempts that were successful.
- Failure Audit — Security access attempts that were unsuccessful. This may indicate a possible security breach.
More information for each event can be displayed by double-clicking the event in question.
Recovery Console
Introduction
The Recovery Console is a command-line interface to Windows NT5.x that can be used to perform a number of troubleshooting and recovery tasks such as:
- Reading and writing data from local drives (including NTFS drives)
- Formatting hard disks
- Starting and stopping services
The Recovery Console can be installed from the command prompt. It is then accessible on from the Startup menu by pressing F8.
It is also possible to run the RC by booting from the Windows installation CD. Select the RC when the repair options are requested.
When using the RC the administrator logon is used. You must have the administrator's password or you will not be able to use the console!
Recovery Console Commands
Although the RC command-line prompt works like MS-DOS, the external commands are quite different. There is no FDISK here.
cd |
Displays or changes the current folder |
chkdsk |
Performs a disk check and produces a report |
cls |
Clears the screen |
copy |
Copies a file to another location |
del |
Deletes one or more files |
dir |
Folder contents listing |
disable |
Disables a system service or device driver |
diskpart |
Manages HDD partitions |
enable |
Enables a system service or device driver |
exit |
Exits the RC |
fixboot |
Repairs the volume boot record |
fixmbr |
Repairs the master boot record |
format |
Formats a disk |
help |
Displays a list of RC commands |
logon |
Logs on to the W2K installation |
map |
Displays any drive letter mappings |
mkdir (md) |
Creates a folder |
rmdir (rd) |
Removes a folder |
systemroot |
Changes to the system root folder for the current system |
Practical Exercises
Try the following to familiarise yourself with Windows 2000 / XP features.
Exercise 1 — Advanced Startup Options menu and starting Safe Mode
| Action | Step-by-step Instructions |
|---|---|
| Reboot the PC |
Click Start - Shutdown Choose Restart Click OK |
| Use F8 to display the Advanced Startup Options menu | Press F8 before the Windows startup screen appears |
| Start Safe Mode | Make sure Safe Mode is highlighted and press Enter |
| Logon as Administrator | Logon with a user name of Administrator and a password of password |
| What indications are there that you are in Safe Mode? |
Exercise 2 — Using the Last Known Good Configuration
| Action | Step-by-step Instructions |
|---|---|
| Reboot the PC |
Click Start - Shutdown Choose Restart Click OK |
| Use F8 to display the Advanced Startup Options menu | Press F8 before the Windows startup screen appears |
| Start the computer using Last Known Good Configuration |
Make sure Last Known Good Configuration is highlighted and press Enter Press Enter to accept the default profile |
Exercise 3 — Using the Recovery Console
| Action | Step-by-step Instructions |
|---|---|
| Reboot the PC | Boot from CD |
| Start the Recovery Console | At the "Welcome to Setup" screen, press F10 or press 'R' to repair. |
| Logon to installation 1 |
A screen appears asking you which installation you would like to logon to? Press 1 then press Enter You will be asked for the administrator's password. Type the administrator's password then press Enter
Your screen should now display
Type Press Enter Press the space bar to page through the list of commands that can be used whilst in Recovery Console |
| Show the help for fixboot, fixmbr & diskpart commands |
Type help fixboot then press Enter.
Repeat this step for fixmbr and diskpart
|
| Run the diskpart program | Type diskpart and then press Enter |
| Leave the diskpart program | After viewing the diskpart options, press Esc to exit |
| Exit |
Type exit then press Enter This will restart Windows – boot using the default |
Exercise 4 — Creating a custom management console
| Action | Step-by-step Instructions |
|---|---|
| Run mmc |
Click Start – Run
Type Click OK |
| Add a snap-in |
From the Console menu choose Add/Remove Snap-in Click Add |
| Add the Local Users and Groups snap-in to manage the local computer |
Scroll down the list until Local Users and Groups Click on Local Users and Groups Click the Add button Click Local Computer in the Choose Target Machine dialogue box Click Finish |
|
Add the Group Policy snap-in to manage the local computer |
From the list of available snap-ins choose Group Policy Click Add Click Finish Click Close Click OK |
| Save the console |
From the Console menu choose Save In the File name box type Local Security Tools and click on Save |
| Close the console | From the Console menu choose Exit |
| Start the console from the Administrative Tools menu |
Click Start - Programs – Administrative Tools – Local Security Tools Leave the console open for the next exercise |
Exercise 5 — Modifying a custom management console
| Action | Step-by-step Instructions |
|---|---|
| Change the console mode |
From the Console menu choose Options In the Console mode drop-down box choose User mode – limited access, single window Click OK |
| Close and save the console |
From the Console menu choose Exit Click Yes to save changes |
| Start the console from the Administrative Tools menu |
Click Start - Programs – Administrative Tools – Local Security Tools What has happened to the Console menu? |