WINDOWS NT NETWORK ADMINISTRATION
NT Workstation - is optimized for use as a high performance, secure network client and corporate desktop operating system. It can be used alone as a desktop, networked in a peer-to-peer workgroup environment, or used as a workstation in a Windows NT Server domain environment.
NT Server - is optimized for use as a file, print, and application server that can handle tasks for organizations ranging from small workgroups to enterprise networks.
Domain Model - has at least
one computer running Windows NT Server configured as a domain
controller. A domain is a logical grouping of computers that
share common security and user account information. This
information is stored in the domain controller's master directory
database. Logging On to Windows NT -
Press CTRL+ALT+DELETE at the same time. Then put in the Username, Password, and
Domain. Using CTRL+ALT+DELETE to prevent
Trojan Horse Attacks By requiring the user to press CTRL+ALT+DELETE
to display the begin log in dialog box, Windows NT provides an
important safeguard against Trojan horse programs, which are MS-DOS
based programs that try to trick users into typing their user ID
and password. The program then captures and saves the username
and password, giving the Trojan horse programmer access to the
network. Because most operating systems use CTRL+ALT+DELETE to
restart a computer, it is difficult for programs to stay resident
which assures that information is only given to the operating
system itself. Using Windows NT Server Client-based
Tools - You can install the windows NT Server client-based
tools on any computer running Microsoft Windows 95, 98, or NT
Workstation. This gives an administrator the ability to perform
domain administration from a client. This is useful in networks
where the server is locked in a room and is not easily accessible. Types of User Accounts Accounts that you create - A user
account enables the user to log on to the local computer or
domain and, with the appropriate permissions, allows access to
network resources. Guest - The built-in Guest account
is used to give occasional users the ability to log on and gain
access to resources on the local computer. The Guest account is disabled
by default. Administrator - The built-in account
used to manage the overall computer and domain configuration and
resources. Used for administrative tasks, such as creating or
modifying user and group accounts, managing security policies,
creating printers, and assigning permissions and rights to user
accounts to access resources. Domain User Account A domain user account contains
information that defines a user to the domain. With a domain user
account, a user can log on to the domain and gain access to
domain resources from any computer on the network using a single
user account and password. A domain user account is always created in
User Manager for Domains. Although it can be created from any
computer running User Manager for Domains, the account is always
created in the master directory database on the primary domain
controller (PDC). A copy of the master directory database is
stored on all backup domain controllers (BDCs). The copy is
automatically synchronized every five minutes with the master
directory database on the PDC. Elements to Consider in Planning New
User Accounts Enforce Password change, number of
characters, expire Logon hours - avoid 24/7 logon
ability Workstation restrictions should be
set for a high-security network Home Folder Location. When creating a user, username is the
only required option. A user who is connected to a network
resource on the domain is not disconnected when the user's logon
hours run out. However, the user will be unable to make any new
connections. Dialin Information No Call Back - When selected, the
RAS server will not call back the user, and the user will incur
the telephone charges for the session. This is the default. Set By Caller - Lets the user
specify a phone number so that the RAS server can call the user
back. This means that the organization that owns the RAS server
will incur the telephone charges for the session. Preset To - Lets you specify a
telephone number that the RAS server will use to call back the
user. This reduces risk of an unauthorized person using the user's
account, because the user must be at the specified phone number
in order to connect to the RAS server. Recommended for high
security networks. Deleting and Renaming User Accounts Every account is assigned a unique security
identifier (SID) when the account is first created. Deleting an
account permanently removes the account and the permissions and
rights associated with it. Rename an account when you want to
retain all rights, permissions,and group memberships for the
account for a different user. Delete an account when the account
is no longer needed. The Administrator and Guest accounts cannot
be deleted. Roaming User Profiles Roaming personal user profile. Profile
that a user can change (NTUSER.DAT) Roaming mandatory user profile.
Preconfigured user profile that users cannot change. One
mandatory profile can be assigned to many users. (NTUSER.MAN) Permission and User Rights Permissions are rules that regulate
which users can use a resource, such as a folder, file, or printer. Because maintaining permissions for a group is
easier than maintaining permissions for many user accounts, you
generally want to use groups to manage access to resources. User rights are rules that regulate
which users can perform certain tasks on the system,
such as creating a user account, logging on to the local PC, or
shutting down a server Local and Global Groups Local Groups - are used to provide
users with permission to access a network resource on the local
computer. You assign resource permissions to a local group and
then add user accounts or global groups to the local group from
one or more domains. Global Groups - are used to organize
domain user accounts, typically by function or geographical
location. Global goups can contain only user accounts from the
domain where the global group is created. They cannot contain
local groups or other global groups. The account policy sets the requirements for: * If the PDC goes offline, users can
still log on with BDC, but you can no longer administer accounts. Server Manager promotes BDC to PDC and
demotes PDC to BDC. Share Permissions Full Control - Least restrictive.
Modify file permissions. Change - Create folders and add
files. Change, delete data to files, Attributes. Read - Display folder name and file
names, run program files, access other folers within that folder. No Access - Most restrictive. No Access permission
overrides other permissions 1. Workgroup model must have at least one PDC. 2. Which of the following is something that you can do if the PDC is not online? 3. Which of the following is not a share level permission? Write 4. Which one would you assign to a local group to allow them to read a document and edit it if needed? 5. Which of the following built in accounts is disabled by default? 6. Which one is a task that you can not perform from user manager(NT Workstation)? 7. ***
8. Which of the following cannot be done by server manager? 9. You can install the Windows NT Server client-based tools on all of
the following machines except a machine running which of the following OS? 10. Which of the following would you use to ensure that a user will
get their profile regardless of the machine they login to? 11. The account policy sets the requirements for all of the following except:
Workgroup doesn't require a domain controller. Only Domain requires
a domain controller.
FALSE
LOGIN with help of BDC (you cannot administer user accounts when PDC is down.)
(share permissions include, Full Control, Change, Read, and No Access)
CHANGE (it allows you to create folders and add files, change data in files, append data to files, change file attributes, and delete folders)
Guest
modify a domain user account
promote a member server (with server manager, you can promote BDC to PDC,
demote PDC to BDC, and join a new machine into the domain)
Windows for Workgroups(you can install it on Windows NT, Workstation, 95, and 98)
roaming personal user profile
username uniqueness requirements (account policy sets