Free Guides
Language Tutorials
Windows 2000 Server Study Guide ( 70-215 )
INSTALLATION REQUIREMENTS
Windows 2000 Server requires the following:
Windows 2000 Server:
- 133 MHz+ Pentium-compatible CPU.
- 128 MB of RAM minimum (256 MB recommended; 4 GB maximum).
- 2 GB hard disk with a minimum of 1.0 GB free space. (Additional free hard disk space is required if you are installing over a network.)
- Windows 2000 Server supports up to four CPUs.
Windows 2000 Advanced Server:
- 133 MHz+ Pentium-compatible CPU.
- 128 MB of RAM minimum (256 MB recommended; 8 GB maximum).
- 2 GB hard disk with a minimum of 1.0 GB free space. (Additional free hard disk space is required if you are installing over a network.)
- Windows 2000 Advanced Server supports up to eight CPUs.
Once you meet these criteria, you need to check your hardware and software compatibility at Microsoft's web site
UPGRADE PATHS
Listed below are important upgrade paths that you will need to know:
| CURRENT OS: | UPGRADE TO: |
| Windows 95 | Windows 2000 Professional |
| Windows 98 | Windows 2000 Professional |
| Windows NT Workstation | Windows 2000 Professional |
| Windows NT Server | Windows 2000 Server |
| Windows NT Terminal Service Addition | Windows 2000 Server, Advanced Server |
| Windows NT Enterprise Edition | Windows 2000 Advanced Server, Datacenter |
| Windows 2000 Advanced Server | Windows 2000 Datacenter |
There
is no upgrade path from Windows 3.x
INSTALLING
As in NT 4.0, there are 2 installation options. You can use
WINNT.EXE or WINNT32.EXE depending on your situation. Winnt.exe is
used for a clean installation on a computer running DOS or Windows
3.x and can use the following installation switches:
| WINNT.EXE: | |
| /e: command | Executes a command before the last phase of setup. |
| /r: foldername | Creates an additional folder in the folder where the Windows 2000 files are installed. The folder IS NOT DELETED after Setup finishes. You can use additional /r switches to install additional folders. |
| /rx: foldername | Creates a folder to be copied as a part of setup - into the Windows 2000 directory, but the folder IS DELETED as setup finishes. |
Use Winnt32.exe for a clean installation or upgrade on an NT 4.0 server. This is the option that most of you will be using. There are a number of switches that can be used with winn32.exe. Below are a couple of the important ones:
| WINNT32.EXE: | |
| /copydir: foldername | Creates an additional folder in the folder where the Windows 2000 files are installed. The folder IS NOT DELETED after Setup finishes. You can use additional /r switches to install additional folders. Same as /r for winnt.exe. |
| /copysource: foldername | Creates a folder to be copied as a part of setup - into the Windows 2000 directory, but the folder IS DELETED as setup finishes. Same as /rx for winnt.exe. |
| /cmd: | Executes a command before the last phase of setup. Same as /e: for winnt.exe. |
| /cmdcons | Installs the appropriate files to restart the system in command-line non-graphical mode for repair purposes. |
| /syspart | Prepares a hard disk to be transferred to another computer system. This switch installs setup files and marks the partition active. Requires the use of /tempdrive switch. |
| /tempdrive | Specifies which drive to install Windows 2000 temporary files during setup. |
| /makelocalsource | Copies all of the Windows 2000 source files to the target drive during installation. |
| /noreboot | Avoids reboot after installation so that another command can be run. |
| /checkupgradeonly | Checks your system for incompatibilities that will prevent a successful upgrade. |
| /unattend | Upgrades your previous version of Windows by using unattended Setup mode. All user settings are taken from the previous installation so that no user intervention is required during Setup. You can also use this command in an unattended installation by specifying the [seconds][:answer_file] variables. |
Windows 2000 supports unattended installations, of course. Setup
Manager is used to create unattended setup files which will work
with Windows 2000 Professional and server, but not for a domain
controller. For more in depth information on unattended
installations, read our tutorial Windows 2000 Unattended
Installations.
Windows 2000 includes a new utility called SysPrep.exe, which an
installation "image" that can be duplicated using imaging software
while avoiding problems with duplicated SIDS, computer names etc.
For the most part you will find Windows 2000 installation is very
similar to NT 4.0. which is why the following instructions are going
to be fairly brief. The installation is so easy that you probably
won't even need this guide, however, if you do need further help,
read our step-by-step tutorial Installing Windows 2000 Server.
By default, all Win2K servers are installed as Standalone Member
Servers. DCPROMO.EXE is the Active Directory
Installation Wizard and is used to promote a non-domain controller
to a DC and vice versa.
BACKUP AND RECOVERY
Recovery Console:
Now that you have
installed Windows 2000, you should immediately take steps to protect
your installation by installing the Recovery Console. Recovery
Console is similar to the emergency repair disk in NT 4.0, but with
many functionality enhancements. Recovery Console will allow you to
You can start and stop services, read and write data on a local
drive (including drives formatted with the NTFS file system), copy
data from a floppy disk or CD, format drives, fix the boot sector or
master boot record, and perform other administrative tasks. With
Windows NT 4.0, many administrators would create a FAT partition
that would allow them to boot to a DOS prompt. The recovery console
eliminates the need to create a FAT partition for this purpose.
Recovery Console is set up as follows:
Insert the installation CD and switch to the I386 directory. Type
C:\>winnt32 /cmdcons. When asked for
confirmation, answer "yes". The file will be copied to the hard
disk. After rebooting the computer you will be able to select
"Microsoft Windows 2000 Command Console" and start Windows 2000 in
command mode. You will be prompted for a Windows 2000 installation
that you wish to repair and will be prompted for the Adminstrator
password. Once you are in, there is a wide variety of commands that
you will be able to perform. Type HELP for a list of all of the
commands. Some of the more important commands are:
- DISKPART - Similar to fdisk
- LISTSVC - Lists services
- ENABLE/DISABLE - Enable/disable service or driver
- FIXBOOT - Create a new boot sector on the system partition
- FIXMBR - Repairs master boot record
- MAP - Shows a list of drives and ARC paths.
- LOGON - Choose which installation to work with
Backup:
The Backup program has
been greatly enhanced in order to support Active Directory and a
much wider variety of backup media including removable disks,
network drives, logical drives and tape devices are now supported.
Another nice feature is that an integrated scheduling option has
been added which relieves the need to use AT or other scheduling
utility. For more in depth information on backing up Windows 2000,
read our tutorial Backing Up and Restoring Windows 2000.
Other:
Windows 2000 has
several other utilities to aid in the event of a failure, many of
which are included in "Advanced Options" which are accessed by
pressing F8 at the boot menu. In order to troubleshoot failures, it
is a good idea to understand the boot process which occurs in the
following steps:
- Power-on self test (POST)
- Initial startup
- Bootstrap loader process
- Select operating system
- Detecting hardware
- Selecting a configuration
- Loading and initializing the kernel(Ntoskrnl.exe)
- Log on
The boot process requires the following files:
|
File |
Location |
|---|---|
|
NTLDR |
Active Partition |
|
Boot.ini |
Active Partition |
|
Ntdetect.com |
Active Partition |
|
Ntoskrnl.exe |
%SystemRoot%\System32 |
|
Hal.dll |
%SystemRoot%\System32 |
|
SYSTEM key |
%SystemRoot%\System32\Config |
|
Device drivers |
%SystemRoot%\System32\Drivers |
Ntbootdd.sys is required only if you are using a SCSI-controlled
boot partition, and the SCSI adapter does not have a SCSI BIOS
enabled. Bootsect.dos is required only for multiple booting.
When working with the boot.ini file, you need to understand ARC
naming conventions. ARC is an architecture-independant way of naming
drives for x86, risc, alpha, etc. NT uses this convention in its
boot.ini file to determine which disk holds the OS. The table below
will explain the different options.
| Multi(x) | Specifies an EIDE disk or a SCSI disk if the bios is enabled to detect it. Can only be used on x86 systems. "x" is the number of the controller. |
| SCSI(x) | Defines a SCSI controller if the BIOS is not enabled to do so. Again, "x" is the number of the controller. |
| Disk(x) | Defines which SCSI disk the OS is on. If SCSI(x) was used then x=the SCSI ID of the drive. If Multi(x) was used then x=0. |
| Rdisk(x) | Defines disk which the OS is on when it is on an EIDE disk. x=0-1 if on primary controller. x=2-3 if on multi-channel EIDE controller. |
| Partition(x) | Specifies the partition that the operating system is located on. (x)=the partition's number. |
Below are the various recovery tools included in Windows 2000.
|
|
FILE SYSTEM
Disk systems now support FAT32, NTFS, and FAT. The convert.exe
utility can be used to convert a FAT or FAT32 partition to NTFS.
NTFS partitions cannot be converted to FAT or FAT32. If such a need
exists, the partition must be deleted and recreated as FAT or FAT32.
The NTFS file system has many new capabilities as follows:
|
The Distributed File System has also been enhanced. There are two types of DFS implementations: Stand-alone and Fault Tolerant. Stand-alone DFS stores the configuration information on a single node (server). Child nodes can only go one level below root, and can exist on any server. Fault Tolerant DFS stores the DFS configuration information in Active Directory. There can be two identical shares on different servers configured as a single child node to provide fault tolerance. You can have multiple levels of child volumes and file replication is supported. Clients must have DFS software installed. Windows NT4, Windows 2000 and Windows 98 include this software while Windows 95 clients must download the appropriate DFS client software from Microsoft.com |
Windows 2000 features a new storage type is called "dynamic disks". Dynamic disks' advantages include an unlimited number of volumes created per disk. NTFS Volumes can be extended and we can now include space from different disks. Perhaps the most important item is that the disk configuration is stored on the disk itself. This means that we can move disks between computers (within reason) and have the data available with little additional effort. If you perform an upgrade from NT4, or do a fresh install the disk type is still "Basic", but can be converted to dynamic. If you had RAID of any type set up on the NT4 server that was upgraded, you can continue to maintain those configurations with basic disks. However, if you want to add a new array or mirror set, you will be required to convert to dynamic disks. In a fresh install you will also need to convert before implementing any mirroring or RAID configurations. Once you have converted to dynamic disks, there is no reverse conversion. You must delete and start again.
- Partition - A partition is a portion of a physical hard disk. A partition can be primary or extended
- Primary Partition - This is a bootable partition. One primary partition can be made active.
- Extended Partition - An extended partition is made from the free space on a hard disk and can be broken down into smaller logical drives. There can only be one of these per hard disk.
- Logical Drive - These are a primary partition or portions of an extended partition that are assigned a drive letter.
- Volume - This is a disk or part of a disk that is combined with space from the same or another disk to create one larger volume. This volume can be formatted and assigned a drive letter like a logical drive, but can span more than one hard disk. A volume set can be extended without starting over, however to make it smaller, the set must be deleted and re-created.
- Mounted Drives - As previously discussed, Windows 2000 offers the ability to mount volumes to empty folders on NTFS partitions.
- Disk Management Tool - A snap-in for the MMC. You can create partitions, volume sets, logical drives, format disks, etc.
|
|
FAULT TOLERANCE
In order to understand how fault tolerance works it is first best to
understand the following concepts regarding hard disk
configurations.
- Partition - A partition is a portion of a physical hard disk. A partition can be primary or extended
- Primary Partition - This is a bootable partition. One primary partition can be made active.
- Extended Partition - An extended partition is made from the free space on a hard disk and can be broken down into smaller logical drives. There can only be one of these per hard disk.
- Logical Drive - These are a primary partition or portions of an extended partition that are assigned a drive letter.
- Volume - This is a disk or part of a disk that is combined with space from the same or another disk to create one larger volume. This volume can be formatted and assigned a drive letter like a logical drive, but can span more than one hard disk. A volume set can be extended without starting over, however to make it smaller, the set must be deleted and re-created.
- Mounted Drives - As previously discussed, Windows 2000 offers the ability to mount volumes to empty folders on NTFS partitions.
- Disk Management Tool - A snap-in for the MMC. You can create partitions, volume sets, logical drives, format disks, etc.
|
|
NTFS AND SHARE PERMISSIONS
We recently upgraded our permissions section and it became too long
to list here so we have made it a separate study guide. Read Windows
2000/2003 NTFS and Share Permissions for more information.
OPTIMIZATION AND TUNING
Performance Monitor is included in Windows 2000 and is an MMC
snap-in. Just as in NT 4.0, there are performance counters that can
be used to determine the source of performance problems. The
following is a list of important counters and suggested thresholds.
Processor:
|
Memory: Physical Disk: Logical Disk: Network: |
Windows 2000 Performance Monitor has several different logging
methods. Many 3rd party performance applications utilize the Trace
log feature. Counter logs allow you to log performance values at a
designated interval for local or remote Win2K computers. Alert logs
can send a message or run a script/program when a pre-determined
threshold has been surpassed.
Performance Monitor now offers more flexibility for exporting data
as it can now be saved in HTML, binary, binary circular, .csv, and .tsv.
NETWORK CONNECTIONS
Windows 2000 supports many industry standard protocols including:
Like Windows 98, Windows 2000 supports a new feature called
Automatic Private IP Addressing. When "Obtain An IP Address
Automatically" is enabled, but the client cannot obtain an IP
address from a DHCP server, Automatic Private IP addressing assigns
an address in the form of 169.254.x.x and a class B subnet mask of
(255.255.0.0). The computer broadcasts this address to its local
subnet and if no other computer responds to the address, the
computer allocates this address to itself. Remember that a computer
that picks up one of these addresses will only be able to
communicate with other computers have compatible addresses and
subnet masks.
RAS Policies are a new feature in Windows 2000. Now it is possible
to build an entire set of rules called a RAS Policy to dictate
several conditions that must exist before a user can connect. It
allows the flexibility to require that a user must be dialing from a
specific IP address or from a range of addresses, during the right
time of day, from the appropriate caller id location using the
appropriate protocol. We can restrict access by group membership or
the type of service requested. All of these are configurable and
optional. Once the user has met all of the conditions, we can apply
a profile, which can include items such as the IP address to use for
this session, the authentication type that is allowed, any
restrictions such as idle time and the rules for BAP with multilink
sessions.
Windows 2000 now provides support for VPNs. A virtual private
network (VPN) is the extension of a private network that encompasses
links across shared or public networks like the Internet. With a
VPN, you can create a connection between two computers across a
shared or public network that emulates a point-to-point private
link. Windows 2000 supports a couple of different VPN protocols.
Point to Point Tunneling Protocol(PPTP) creates an encrypted
"tunnel" through an untrusted network and is supported by Windows
95/98/NT4/2000. Layer Two Tunneling Protocol(L2TP) works like PPTP
in that it creates a "tunnel", but uses IPSec encryption in order to
support non-IP protocols and authentication. The table below
illustrates the features of each:
Windows 98 supported Internet Connections Sharing(ICS) which is now
also supported in Windows 2000. ICS allows multiple PCs to share a
single connection with the aid of Network Address Translation(NAT)
and is intended for small office/home office(SOHO) environments. You
should not use this feature on a computer running DNS server, DHCP
server or a Windows 2000 Domain Controller. When you enable ICS, the
network adapter connected to the network is given a new static IP
address configuration. Existing TCP/IP connections on the computer
are lost and need to be re-established.
NAT can be configured separately from ICS and provides the following
features and benifits that are do not exist when used with ICS
alone:
|
|
REMOTE ACCESS
RAS has changed rather dramatically. Several new RAS protocols are
now available to make our communications over dial up lines or the
Internet much more secure and more flexible. These new protocols
include Extensible Authentication Protocol (EAP), Layer Two
Tunneling Protocol (L2TP), Bandwidth Allocation Protocol (BAP),
Internet Protocol Security (IPSec) and Remote Authentication Dial-In
User Service (RADIUS).
EAP gives the ability to use Transport Level Security, another
encryption methodology for usernames and passwords.
L2TP enables to create a tunnel through a public network that is
authenticated on both ends, uses header compression, and relies on
IPSec for encryption of data passed through the tunnel.
Bandwidth Allocation Protocol allows to set up Multilink
capabilities, but if a user isn’t using the bandwidth of multiple
lines, we can drop one of the lines assigned to that user and use it
for another user.
IPSec is essentially a driver at the IP layer that provides
encryption very low down in the protocol stack.
RADIUS is an RFC based standard that allows us to provide
authentication services from the corporate network to a client that
is attaching to an ISP that wants access to our server. The ISP’s
dial up server that hosts the client is a client to the Radius
Server Service (IAS) on the corporate network. The IAS server allows
the user to connect.
TERMINAL SERVICES
Terminal Services are now a core function built in to every version
of Windows 2000 from Server and above. There have also been some
enhancements to the old "Windows NT 4.0 Terminal Server Edition"
including the ability to "Shadow" or "remote control" client
systems.
Terminal Services is installed through the "add/remove programs"
applet. Once you've done this and installed the Client software
(also provided), the workstation connects to the server and starts a
virtual session on the server. Only screen, keyboard, and mouse
information is exchanged between the client and server making it an
ideal solution for remote dial up networking - or using a shared
application on a single server. RDP (Remote Desktop Protocol) is the
client-to-server protocol that supports this functionality.
The client doesn't need to be an extremely capable system in that
the execution of the program happens at the server. There are
clients available for Windows 3.1, Windows 95/98, and NT.
Applications that can run on Terminal Services are many, but the
preferred applications are Windows 32 bit programs because they can
be tailored to use memory more efficiently. Don't undersize the
server for this program. Add at least 8MB of RAM per user that
you're going to support to the Terminal Services server. Microsoft
states that a quad processor Pentium Pro with 512MB of RAM will
concurrently support about 60 typical users. Each client must have a
Client access license for Terminal Server and one for NT server (two
licenses per client).
After installing Terminal Services, you should re-install any
applications on the server that you would like clients to use while
connected to Terminal Services. When you "add/remove" programs, the
system changes into a "program installation" mode that enables all
users access to the application while attached. You can accomplish
the same by issuing a "change user" command at the command prompt
and performing the installation from there. Some programs require an
application compatibility script to be run in the terminal services
environment. Microsoft supplies such a script for Office 2000 in the
Office 2000 Resource Kit.