MICROSOFT CERTIFIED SYSTEM ENGINEER
MCSE (PRACTICALS) window 2003
1: HOW TO CREATE LOCAL USER?
Start>program>administrative tools>active directory users and computer>right click on users>new>user>give any name on two place>next>give password according to policy>next>finish.
2: HOW TO CREATE DOMAIN USER ACCOUNT?
Start>program>administrative tools>active directory user and computer>right click on domain>new>organizational unit>give any name>OK
Right click on organizational unit>new>user>give any name on two place>next>give password according to policy>next>finish.
Right click on user>properties>account
1-log on to
*The following computers
*All computers (as you like give permission)
If you will choose the following computers then you will give name of the computer>name of computer>OK.
2-log on hours>select time>log on denied>OK
Example for log on to:-
If you want to log on administrator then you will give name>administrator
If you want to log as a user>then give user name like User1.
3: MANAGING GROUPS
Group types 1-Security group
2-Distribution group
Group scope 1-Domain local
2-Global
3-Universal
Basic group category 1-Domain local groups
2-Global groups
How to create groups?
Start>program>administrative tools>active directory users and computers>right click on domain>new>organizational unit>new>group>give any name to group.
User add to a group
First create a user in organizational unit
Right click on user name>add to a group>advance>find now>select name of group>OK>OK>OK.
4: HOW TO CREATE ROAMING PROFILE?
First create a folder in any drive and share this after creating a user
Right click on user name>properties>profile>give profile path>\\computer name\folder name\user name>apply>OK
Log on to user>right click on my computer>properties>advance>user profile setting
(For seeing roaming and for changing the type of roaming)
Start>setting>control panel>double click on mouse>pointers>go to scheme and choose any windows>select cursor>apply>OK (change desktop create a folder on the desktop)
Log of user from this PC and log on any other PC of network. You will find all things on other PC.
Roaming-you will find same condition (desktop, mouse)on other PC of network.
5: MANDATORY
First create a folder and share>create user>right click on user>properties>profile>give path (\\computerr name\folder name\user name)>apply>OK>log on to user>right click on my computer>properties>advance>setting (you will find roaming)>go in folder>right click on user name>properties>security>remove system>add>administrator>full control>apply>OK>log on as administrator>go to in folder>go in user name folder>rename NTUSER.DAT to NTUSER.MAN>log on as a user>right click on my computer>properties>advance(you will find MANDATORY)
(In this way if you create a folder and after this you want to delete then you cannot delete. Only administrator has this permission and you will find same desktop when you log on log to user on other PC of network).
6: SHAIRNG AND SECURITY ON A FOLDER
First create a user and group. Add users in a group.
Create a folder in any drive and share>right click on folder>properties>security>advance>click on replace, remove all>add>advance>find now>select your group>OK>OK>OK.
This folder will be open by only your user not by any other user; this type of security is enabled on this folder.
7: MONITORING EVENT VIEWER
Start>program>administrative tools>event viewer>there you can see some files of
1-application, 2-security, 3-system, 4-directory service, 5-DNS server, 6-service file application.
8: MANAGING THE WINDOW 2003 ENVIORNMENT
Start>setting>control panel>accessibility option (This is the setting for keyboard)
Use sticky keys-For which people don’t listen normal.
Use filter keys-For changing writing speed of keyboard.
Use toggle keys-To enable the sound while pressing num lock, caps lock, scroll lock.
Display setting, sound setting, mouse setting and general setting.
9: MANAGING DATA STORAGE
Right click on my computer>select manager>1-Disk defragmenter is used to calculate the hard disc space>defragmenter>stop.2-disc management (to create partition).
10: TO COMPRESS FILE AND FOLDER
First create a folder in any drive>right click on that folder>properties>advance>click compress file and folder>OK>apply>OK.
If you compress any file and folder, then folder will take less space in a memory as early. If you copy and paste any other folder or file from outside in this compressed folder, then that folder or file will show a color and that folder which is compressed will also show color.
If you want that this folder does not show any type of color on compression then open my computer>tools>folder options>view>uncheck the check box which is indicating “Show encrypted or compressed file in color”>apply>OK.
11: TO ENCRYPT FOLDER
First create a user and log on by that user>create a folder in any drive>right click on that folder>advance>check the encrypt check box>OK.
This folder can be opened by this user only; any other user cannot open this folder except Administrator.
12: HOW TO ENABLE SHADOW COPY?
Firstly create a folder (from user side) and some file also inside this folder and share this folder>right click on that drive which is holding that folder>shadow copies>create now>Ok>after this go to other PC of network>my network places>go into your folder and delete any file then come back to your own PC (Administrator) and check that folder>go to entire network>go inside your folder>right click on you folder>previous version>select you deleted folder or files and press restore.
(If any user deletes your files from network then that time you can restore your files by using shadow copy).
13: DISK QUOTA
From Administrator side:
Firstly create a user>right click on any drive>quota>give user limit from this drive>quota entries>quota>click on quota>new quota entry>advance>select your user.
(Your user can use space from this drive according your permission fro checking quota work in that drive).
14: BACKUP FOLES AND FOLDERS
Start>program>system tools>backup file and folder>select your folder>give place to put or save backup>after this delete your folder>go to backup and restore (You will find your folder at your same place).
Command:
Start>run>ntbackup.
15: ENABLING OFFLINE:
Firstly create a folder in any PC of network and share it.
Go to any other PC to enable offline>open my computer>tools>folder option>offline files (check) enable offline files.
My network places>enable network>select your folder from network>right click on folder>make available offline>disable your network (you will this folder network after disabling it. You can this pc (laptop) anywhere where you want to do work in this folder. After this when you connect to this same network)>right click on folder>make available on line (you will find all data in a network).
16: HOW TO MAKE NETWORK:
First of all IP to both computers (User and DC)>connect them by crossover cable>right click on my network places>go to properties>select TCP/IP>give your IP address and subnet also>give the IP address to your Domain Controller (DC)>restart both computers>go to run command and write DCPROMO>OK>next>follow the wizard>give domain name>next.
Right click on my computer>properties>computer name>change>give domain name>OK>username-administrator>password (give any) >go to client PC>right click on my network place>properties>right click on LAN>properties>TCP\IP>give DNS IP>right click on my computer>properties>computer name>change>give domain name>OK (when will do start your PC select the domain name>OK).
17: SHARING BETWEEN ALL COMPUTERS WITHOUT GOING TO ANY OTHER PC
Right click on my computer>manage>right clock on my computer>management>connect any other PC>browse>advance>find now>select computer name>OK>double click on system tools>shared folder>right click on share>new share>next>finish>open my network places>entire network>select computer name (you will find your shared folder).
18: PASSWORD POLICY
Start>program>administrative tools>domain security policy>account policy>password policy>go to run>run the Gpupdate command (you can change according to yourself).
19: FIREWALL XP
Start>program>setting>control panel>security center>windows firewall>ON>, OFF (as you like) (if you will do ON firewall in any PC of network, that PC you will not found in network this all work will do only that operating system which have security center).
Firewall 2003:
My network place>open>properties>local area connection>click>advanced>click>restart my computer.
20: HOW TO CREATE DOMAIN CONTROLLER & ADDITIONAL DOMAIN CONTROLLER
Start>run>DCPROMO>OK>select domain controller or additional domain controller (whatever you want to do and follow the wizard)
21: DELEGATING ADMINISTRATIVE CONTROL
Firstly create an organizational unit and one user>log on to user>start>run>write MMC>click on file>add remove snap in>add>Active directory user and computers (as you like) and save this console on desktop (you can do create OU and user from this delegated user).
22: GROUP POLICY IMPLEMENTING
Firstly create an OU and a user>right click on OU>properties>group policy>new>give any name>edit>click on user configuration>administrative>templates>desktop>remove my computer icon from desktop (as you like) >enable>apply>OK
(In this policy you have some permission; if you will do use of this you can do more changes on users).
23: SOFTWARE INSTALLATION
Publish and software
First of all create a folder and share>copy software in this folder>create OU and user>right click on OU>properties>group policy>new>give any name>edit>user>configuration>software setting>right click on software installation>properties>browse>give location from network> (check) publish and assign (as you like) (if you will do publish then you will find software in control panel>add/remove program and if you will do assign then you will find software in start menu).you can install in client PC from both place.
24: WINDOWS SCRIPTS
Firstly create a notepad file>Wscript.echo”message”>file>save as>dev.vbs (like this only) in my documents>open my documents>copy file>create OU and user>right click on OU>properties>group policy>new>give any name>edit>user configuration>windows setting>scripts>log on, log off (as you like)>double click on log on>add>browse>paste file in log on or write a file name(dev.vbs)>open>OK>OK.
(We use this facility to give message when user log and log off then a user will this pop up message; in this message an administrator can write any thing whatever he wants.)
25: SECURITY CONFIGURATION:
Removing ALT+CTRL+DELETE
Start>run>MMC>file>add remove snap in>add>1-Security configuration>add>2-security templates>add>close>OK
Security templates>right click on C windows security templates>new templates>give any name(123)like this>OK>open 123>local policy>security option>double click on ALT+CTRL+DELETE(which you want to remove)>(check)define>enable>apply>OK>right click on 123>save>right click on security configuration>open database>123 (give file name) >open>select 123>open>right click on security configuration>analyze computer now>OK>right click on security configuration>configure computer now>OK>right click on security configuration>analyze computer now>OK>save this console on desktop>log on log off (to verify) (you will not find ALT+CTRL+DELETE).
Come back ALT+CTRL+DELETE
Open your console>right click on security configuration>import templates>securew.inf>open>right click on security configuration>configure computer now>OK>log on log off (to verify) (You will find ALT+CTRL+DELETE).
26: DISTRIBUTIVE FILE SYSTEM (DFS)
First create two folders and share them>start>program>administrative tools>distribute file system>right click on distribute file system>new root>next domain root>give domain name>next>browse>select computer name>OK>next>give any name and comments for root>next>give folder-1 path>finish>double click on domain name>right click on computer name>check status (you will find on time) >right click on domain name>new link>give any name>browse>entire network>select folder-2>OK>give any comment>Ok>right click on link>new target>browse select your folder>OK.
(In this line you can see your shared folder data).
27: DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)
First of all install DHCP in your system
Start>setting>control panel>add or remove program>networking services>details> (check) DHCP>OK>next>finish.
Start>program>administrative tools>DHCP>right click on DHCP>manage authorized server>authorize>give the server name>OK>OK>close>right click on server>yahoo>new scope>give any name of scope>next>give first and last IP>next>give exclude IP (number of IP which you want to exclude)>add>next>give number of days and minutes>next>next(if you have router then give router IP number or not) next>give server name>resolve>add>next (if you have win server then give IP or not)>next>finish.
Go to client PC>start>run>cmd>
C# ipconfig/all (to see all IP)
C# ipconfig/resolve (00000000 all IP)
C# ipconfig/renew (you will find your IP)
C# ipconfig/all (to see all IP)
(Use of DHCP gives IP address to the clients from server).
28: TO CONFIIGURE DOMAIN NAME SYSTEM (DNS)
First of all go to C drive>windows>system32>DNS>backup>-meds, yahoo.com (delete both files)>right click on my network>properties>right click on LAN>properties>double click on TCP/IP>delete DNS IP (if in network any computer have DNS you will do this) Start>run>DCPROMO>follow the wizard>give DNS name (iacm.com) like this>next>start>program>administrative tools>DNS forward lookup zone.
(Here you will find each and every one computer host name and IP.DNS will do this work automatically)
(It resolves the host name to IP & IP to host name). (To check DNS will do work properly or not go to C drive >windows>system32>DNS>backup>here if you will find both file then OK if not you will do again this whole step)
(It resolves the host name to IP and IP to host).
29: IMPLEMENTING WEB SERVICES
First of all we will Save the programming language of the website in any shared folder or we can search the programming language of the web site from search by typing .htm there you will get the lots of programming language files. You can also take from here.
(If you have not install IIS then install from control panel from application server)
Start>program>administrative tools>IIS>server>website>right click on default>new website>next>give any name (cool.com) >right click on cool.com>properties>documents>remove all files and add your file name (123.HTML) >OK.
Start>program>administrative tools>DNS>right click on forward>new zone>next-3>give zone name (cool.com) >next>finish.
Right click on cool.com>new host>give server name>give IP to your PC>add host>done>right click on cool.com>new alias>give www>browse>give full path to your site.
Go to internet explorer>provide your site name (www.cool.com)
(You will find your notepad on this site).
30: COMMANDS
C# netstat –e (Inter face static)
C# netstat –a (Display all listening connection)
C# netstat –r (Routing table interface)
C# netstat –s (Information of IP, UDP, ICMP Protocol statistic)
C# netstat –p IP (For active connection)
C# netstat –p TCP (For active connection)
C# nslookup (Used for DNS trouble shooting problem)
C# exit (come back)
Start>program>administrative tools>DNS>right click on reverse look up>new zone>next>give IP class only (192.168.100.1) >right click on space>new pointer>give computer IP and name (192.168.100.n.1, 2, 3, 4) (Server, Server1, XP) like this.
Start>run>cmd
C# nslookup
>Server
>Server1
>XP (Give computer name to see computer IP and domain IP).
31: DISK MIRRORING
First right click on My computer>manage>Disk management>right click on disk -0>convert to dynamic>OK>yes>(Automatically computer restart)>right click on disk -2>convert to dynamic>right click on disk-2(which you want to make mirror) >add mirror>select disk-2>add mirror>OK>restart computer>go to BIOS (To verify disable disk-0 and boot by disk-2) (in this if your disk get corrupted that time you can boot by mirroring disk. This is facility by this mirroring).
32: RAID-5
Requirement
Minimum 3 hard disk and all should be in dynamic.
Right click on any hard disk free space>new volume> (check) raid>next>select all available disk & add>give space (100 MB) as you like>next-3>finish.
(You will find raid in every disk, if you create folder in any disk that folder you will find in every disk).
33: IP SECURITY POLICY
Firstly ping both computers
Start>run>ping 192.168.100.2
Start>run>mmc>file>add remove snap in>add>IP security policy management>add>finish>close>OK>right click on IP security policy. Create IP security policy>next>give any name>next> (uncheck) active default response role>next>finish>(uncheck) user add wizard>add(uncheck)user add wizard>give any name(11)>add>select a specific IP address from source>give our PC IP address>select a specific IP address from destination give second PC IP address>OK>OK select(11) >apply>OK>filter action>add>add>O>apply>OK>select new filter action>apply>authentication method>add>(check)use this string key (give any number) 01 >OK>apply>remove>Kerberos>OK>close.
Go to second PC and does same process like first PC but key number should be same (01) (right click on your policy and assign. You will find negotiating pinging use of this for making a secure connection).
34: VPN (Virtual Private Network)
Start>program>administrative tools>routing and remote access>right click on server (computer name) >configure and enable routing and remote access>next>select remote access VPN>next>dial up>next-3>finish>OK>open server(computer name)>create user>right click on user>properties>dialing>select allow access>go to second PC>right click on my network>properties>right click on new connection>add new connection>next>give any name>next>give host name>next>my use only>next>select add a shortcut>finish.
Open shortcut>give user name>connect.
Wednesday, January 28, 2009
Microsoft 2000 Question and Answare
Questions and Answers
Chapter 1
Review Questions
What is the major difference between a workgroup and a domain?
The major difference between a workgroup and a domain is where the user account information resides for user logon authentication. For a workgroup, user account information resides in the local security database on each computer in the workgroup. For the domain, the user account information resides in the Active Directory database.
What are Active Directory directory services, and what do they provide?
Active Directory directory services comprise the Windows 2000 directory service. A directory service consists of a database that stores information about network resources, such as computers and printers, and the services that make this information available to users and applications. Active Directory directory services also provide administrators with the capability to control access to resources.
What information must a user provide when he or she logs on to a computer?
A user name and a password.
What happens when a user logs on locally to a computer?
Windows 2000 authenticates the user during the logon process by comparing the user's logon information to the user's information in the local database and verifies the identity of the user. Only valid users can gain access to resources and data on a computer.
How do you use the Windows 2000 Security dialog box?
The Windows 2000 Security dialog box provides easy access to important security options, which include the ability to lock a computer, change a password, log off of a computer, stop programs that aren't responding, and shut down the computer.
Chapter 2
Review Questions
Your company has decided to install Windows 2000 Professional on all new computers that are purchased for desktop users. What should you do before you purchase new computers to ensure that Windows 2000 can be installed and run without difficulty?
Verify that the hardware components meet the minimum requirements for Windows 2000. Also, verify that all of the hardware components that are installed in the new computers are on the Windows 2000 HCL. If a component is not listed, contact the manufacturer to verify that a Windows 2000 driver is available.
You are attempting to install Windows 2000 Professional from a CD-ROM; however, you have discovered that your computer doesn't support booting from the CD-ROM drive. How can you install Windows 2000?
Start the computer by using the Setup boot disks. When prompted, insert the Windows 2000 Professional CD-ROM, and then continue setup.
You are installing Windows 2000 Server on a computer that will be a client in an existing Windows 2000 domain. You want to add the computer to the domain during installation. What information do you need, and which computers must be available on the network before you run the Setup program?
You need the DNS domain name of the domain that you are joining. You must also make sure that a computer account for the client exists in the domain, or you must have the user name and password of a user account in the domain with the authority to create computer accounts in the domain. A server running the DNS service and a domain controller in the domain you are joining must be available on the network.
You are using a CD-ROM to install Windows 2000 Professional on a computer that was previously running another operating system. How should you configure the hard disk to simplify the installation process?
Use a disk partitioning tool to remove any existing partitions, and then create and format a new partition for the Windows 2000 installation.
You are installing Windows 2000 Professional over the network. Before you install to a client computer, what must you do?
Locate the path to the shared installation files on the distribution server. Create a 500-MB FAT partition on the target computer (1 GB recommended). Create a client disk with a network client so that you can connect from the computer, without an operating system, to the distribution server.
Chapter 3
Practice Questions
Lesson 2: Using Consoles
Practice: Creating a Customized Microsoft Management Console
· To remove extensions from a snap-in
Click Computer Management (Local), and then click the Extensions tab.
The MMC displays a list of available extensions for the Computer Management snap-in.
What option determines which extensions the MMC displays in the Available Extensions list in this dialog box?
The available extensions depend on which snap-in you select.
Review Questions
When and why would you use an extension?
You use an extension when specific snap-ins need additional functionality—extensions are snap-ins that provide additional administrative functionality to another snap-in.
You need to create a custom console for an administrator who needs to use only the Computer Management and Active Directory Users And Computers snap-ins. The administrator
Must not be able to add any additional snap-ins.
Needs full access to all snap-ins.
Must be able to navigate between snap-ins.
Which console mode would you use to configure the custom console?
User mode, Full Access.
What do you need to do to remotely administer a computer running Windows 2000 Server from a computer running Windows 2000 Professional?
Windows 2000 Professional doesn't include all snap-ins that are included with Windows 2000 Server. To enable remote administration of many Windows 2000 Server components from a computer running Windows 2000 Professional, you need to add the required snap-ins on the computer running Windows 2000 Professional.
You need to schedule a maintenance utility to automatically run once a week on your computer, which is running Windows 2000 Professional. How do you accomplish this?
Use Task Scheduler to schedule the necessary maintenance utilities to run at specific times.
Chapter 4
Review Questions
What should you do if you can't see any output on the secondary display?
If you can't see any output on the secondary display, try the following:
Activate the device in the Display Properties dialog box.
Confirm that you chose the correct video driver.
Restart the computer and check its status in Device Manager.
Switch the order of the display adapters on the motherboard.
You have configured recovery options on a computer running Windows 2000 Professional to write debugging information to a file if a system failure occurs. You notice, however, that the file isn't being created. What could be causing this problem?
The problem could be one or more of the following:
The paging file size could be set to less than the amount of physical RAM in your system.
The paging file might not be located on your system partition.
You might not have enough free space to create the Memory.dmp file.
How can you optimize virtual memory performance?
To optimize virtual memory, do the following:
If you have multiple hard disks, create a separate paging file on each hard disk.
Move the paging file off of the disk that contains the Windows 2000 system files.
Set the minimum size of the paging file to be equal to or greater than the amount of disk space that is allocated by Virtual Memory Manager when your system is operating under a typical load.
You installed a new network interface card (NIC) in your computer, but it doesn't seem to be working. Describe how you would troubleshoot this problem.
You would do the following to troubleshoot the problem:
Check Device Manager to determine whether Windows 2000 properly detected the network card.
If the card isn't listed in Device Manager, run the Add/Remove Hardware wizard to have Windows 2000 detect the new card. If the card is listed in Device Manager but the icon representing the new card contains either an exclamation mark or a stop sign, view the properties of the card for further details. You might need to reinstall the drivers for the card, or the card might be causing a resource conflict.
Chapter 5
Practice Questions
Lesson 2: Using Registry Editor
Practice: Using Registry Editor
Exercise 1: Exploring the Registry
· To view information in the registry
Double-click the HARDWARE\DESCRIPTION\System subkey to expand it, and then answer the following questions:
What is the basic input/output system (BIOS) version of your computer and its date?
Answers will vary based on the contents of the SYSTEMBIOSVERSION and SYSTEMBIOSDATE entries.
What is the computer type of your local machine according to the Identifier entry?
Answers might vary; it will likely be AT/AT compatible.
Expand the SOFTWARE\Microsoft\Windows NT\CurrentVersion subkey, and then fill in the following information.
Software configuration
Value and string
Current build number
2195 (for Evaluation Software)
Current version
5
Registered organization
Answers will vary.
Registered owner
Answers will vary.
Review Questions
What is the registry and what does it do?
The registry is a hierarchical database that stores Windows 2000 hardware and software settings. The registry controls the Windows 2000 operating system by providing the appropriate initialization information to start applications and load components, such as device drivers and network protocols. The registry contains a variety of different types of data, including the hardware installed on the computer, the installed device drivers, applications, network protocols, and network adapter card settings.
What is a hive?
A hive is a discrete body of keys, subkeys, and entries. Each hive has a corresponding registry file and a .LOG file located in systemroot\System32\Config. Windows 2000 uses the .LOG file to record changes and to ensure the integrity of the registry.
What is the recommended editor for viewing and modifying the registry?
Regedt32.exe is the recommended editor for viewing and modifying the registry.
What option should you enable when you are viewing the contents of the registry? Why?
Using Registry Editor incorrectly can cause serious, systemwide problems that could require reinstallation of Windows 2000. When using Registry Editor to view data, save a backup copy of the registry file before viewing and click Read Only Mode on the Options menu to prevent accidental updating or deleting of configuration data.
Chapter 6
Practice Questions
Lesson 2: Common Disk Management Tasks
Practice: Working with Dynamic Storage
Exercise 2: Extending a Volume
· To examine the new volume
Change the working directory to the root directory of drive C (if necessary) or to the root directory of the drive where you mounted your volume, type dir and then press Enter.
How much free space does the Dir command report?
Answer will vary.
Why is there a difference between the free space reported for drive C and the free space reported for C:\Mount? (If you mounted your volume on a drive other than drive C, replace C with the appropriate drive letter.)
The amount of free space reported for C:\Mount is the amount of free space available on the mounted volume.
Review Questions
You install a new 10-GB disk drive that you want to divide into five equal 2-GB sections. What are your options?
You can leave the disk as a basic disk and then create a combination of primary partitions (up to three) and logical drives in an extended partition; or, you can upgrade the disk to a dynamic disk and create five 2-GB simple volumes.
You are trying to create a striped volume on your Windows NT Server to improve performance. You confirm that you have enough unallocated disk space on two disks in your computer, but when you right-click an area of unallocated space on a disk, your only option is to create a partition. What is the problem and how would you resolve it?
You can create striped volumes only on dynamic disks. The option to create a partition rather than a volume indicates that the disk you are trying to use is a basic disk. You will need to upgrade all of the disks that you want to use in your striped volume to dynamic disks before you stripe them.
You add a new disk to your computer and attempt to extend an existing volume to include the unallocated space on the new disk, but the option to extend the volume isn't available. What is the problem and how would you resolve it?
The existing volume is not formatted with Microsoft Windows 2000 File System (NTFS). You can extend only NTFS volumes. You should back up any data on the existing volume, convert it to NTFS, and then extend the volume.
You dual boot your computer with Windows 98 and Windows 2000 Professional. You upgrade a second drive—which you are using to archive files—from basic storage to dynamic storage. The next time you try to access your archived files from Windows 98, you are unable to read the files. Why?
Only Windows 2000 can read dynamic storage.
Chapter 7
Practice Questions
Lesson 1: TCP/IP
Practice: Installing and Configuring TCP/IP
Exercise 2: Configuring TCP/IP to Use a Static IP Address
· To test the static TCP/IP configuration
To verify that the IP address is working and configured for your adapter, type ping 127.0.0.1 and then press Enter.
What happens?
Four Reply from 127.0.0.l messages should appear.
If you have a computer that you are using to test connectivity, type ping ip_address (where ip_address is the IP address of the computer you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip to step 7.
What happens?
Four Reply from ip_address messages should appear.
Exercise 3: Configuring TCP/IP to Automatically Obtain an IP Address
· To configure TCP/IP to automatically obtain an IP address
Click Obtain An IP Address Automatically.
Which IP address settings will the DHCP Service configure for your computer?
IP address and subnet mask.
Exercise 4: Obtaining an IP Address by Using Automatic Private IP Addressing
· To obtain an IP address by using Automatic Private IP Addressing
At the command prompt, type ipconfig /renew and then press Enter.
There will be a pause while Windows 2000 attempts to locate a DHCP server on the network.
What message appears, and what does it indicate?
DHCP Server Unreachable.
Your computer was not assigned an address from a DHCP server because there wasn't one available.
· To test the TCP/IP configuration
At the command prompt, type ipconfig more and then press Enter.
Pressing Spacebar as necessary, record the current TCP/IP settings for your local area connection in the following table.
Setting
Value
IP address
Answer will vary.
Subnet mask
Answer will vary.
Default gateway
Answer will vary.
Is this the same IP address assigned to your computer in Exercise 3? Why or why not?
No, the IP address isn't the same as the one assigned in Exercise 3. In this exercise, the Automatic Private IP Addressing feature of Windows 2000 assigned the IP address because a DHCP server wasn't available. In Exercise 3, the DHCP Service assigned an IP address.
If you have a computer to test TCP/IP connectivity with your computer, type ping ip_address (where ip_address is the IP address of the computer that you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip this step and proceed to Exercise 5.
Were you successful? Why or why not?
Answers will vary. If you don't have a computer that you can use to test your computer's connectivity, you can't do this exercise.
No, because the computer you are using to test your computer's connectivity is configured with a static IP address in another network and no default gateway is configured on your computer.
Yes, because the computer you are using to test your computer's connectivity is also configured with an IP address assigned by Automatic Private IP Addressing and it is on the same subnet so that a default gateway is unnecessary.
Lesson 2: NWLink
Practice: Installing and Configuring NWLink
· To install and configure NWLink
Click Protocol, and then click Add.
The Select Network Protocol dialog box appears.
Which protocols can you install?
AppleTalk, DLC, NetBEUI, Network Monitor Driver, and NWLink IPX/SPX/NetBIOS Compatible Transport Protocol.
Select NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and then click Properties.
Which type of frame detection is selected by default?
Auto frame type detection.
Lesson 4: Network Bindings
Practice: Working with Network Bindings
Exercise 1: Changing the Binding Order of a Protocol
· To change the protocol binding order
Maximize the Network And Dial-Up Connections window, and on the Advanced menu, click Advanced Settings.
The Advanced Settings dialog box appears.
What is the order of the protocols listed under Client For Microsoft Networks in the Bindings For Local Area Connection list?
The first protocol listed under Client For Microsoft Networks is NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and the second one is Internet Protocol (TCP/IP).
Review Questions
Your computer running Windows 2000 Client for Microsoft Networks was configured manually for TCP/IP. You can connect to any host on your own subnet, but you can't connect to or even ping any host on a remote subnet. What is the likely cause of the problem and how would you fix it?
The default gateway might be missing or incorrect. You specify the default gateway in the Internet Protocol (TCP/IP) Properties dialog box (under Network And Dial-Up Connections in My Network Places). Other possibilities are that the default gateway is offline or that the subnet mask is incorrect.
Your computer running Windows 2000 Professional can communicate with some, but not all, of the NetWare servers on your network. Some of the NetWare servers are running frame type 802.2 and some are running 802.3. What is the likely cause of the problem?
Although the NWLink implementation in Windows 2000 can automatically detect a frame type for IPX/SPX-compatible protocols, it can automatically detect only one frame type. This network uses two frame types; you must manually configure the additional frame type (802.3).
What are the limitations of the NetBEUI protocol?
NetBEUI can't be routed and therefore is not suitable for WANs. Since NetBEUI isn't routable, you must connect computers running Windows 2000 and NetBEUI by using bridges instead of routers.
The NetBEUI protocol relies on broadcasts for many of its functions, such as name registration and discovery, so it creates more broadcast traffic than other protocols.
What is the primary function of the DLC protocol?
DLC provides connectivity to IBM mainframes and to LAN print devices that are directly attached to the network.
What is the significance of the binding order of network protocols?
You specify the binding order to optimize network performance. For example, a computer running Windows 2000 Workstation has NetBEUI, NWLink IPX/SPX, and TCP/IP installed. However, most of the servers to which this computer connects are running only TCP/IP. You would adjust the binding order so that the workstation binding to TCP/IP is listed before the workstation bindings for the other protocols. In this way, when a user attempts to connect to a server, Client for Microsoft Networks first attempts to use TCP/IP to establish the connection.
Chapter 8
Review Questions
What is the function of the following DNS components?
Domain name space
The domain name space provides the hierarchical structure for the DNS distributed database.
Zones
Zones are used to divide the domain name space into administrative units.
Name servers
Name servers store the zone information and perform name resolution for their authoritative domain name spaces.
Why would you want to have multiple name servers?
Installing multiple name servers provides redundancy, reduces the load on the server that stores the primary zone database file, and allows for faster access speed for remote locations.
What's the difference between a forward lookup query and a reverse lookup query?
A forward lookup query resolves a name to an IP address. A reverse lookup query resolves an IP address to a name.
When would you configure your connection to obtain a DNS server address automatically?
Configure your connection to obtain a DNS server address automatically only if you have a functioning DHCP server on the network that can provide the IP address of functioning DNS servers on the network.
Chapter 9
Review Questions
What are four major features of Active Directory directory services?
Active Directory directory services offer simplified administration, scaleability, open standards support, and support for standard name formats.
What are sites and domains, and how are they different?
A site is a combination of one or more IP subnets that should be connected by a high-speed link.
A domain is a logical grouping of servers and other network resources organized under a single name.
A site is a component of Active Directory directory services' physical structure, while a domain is a component of the logical structure.
What is the schema, and how can you extend it?
The schema contains a formal definition of the contents and structure of Active Directory directory services, including all attributes, classes, and class properties. You can extend the schema by using the Schema Manager snap-in or the Active Directory Services Interface (ADSI).
Which Windows 2000 products provide Active Directory directory services?
Only the Windows 2000 Server products, which include Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter, provide Active Directory directory services. Windows 2000 Professional doesn't provide Active Directory directory services, but clients running Windows 2000 Professional that are members of a domain can use Active Directory directory services.
Chapter 10
Review Questions
Where does Windows 2000 create local user accounts?
When you create a local user account, Windows 2000 creates the account only in that computer's security database.
What different capabilities do domain user accounts and local user accounts provide to users?
A domain user account allows a user to log on to the domain from any computer in the network and to gain access to resources anywhere in the domain, provided the user has permission to access these resources. A local user account allows the user to log on at and gain access to resources on only the computer where you create the local user account.
What should you consider when you plan new user accounts?
A naming convention that ensures unique but consistent user account names.
Whether you or the user will determine the user account password.
Whether the user account should be disabled.
What information is required to create a local user account?
A user name.
What are built-in user accounts and what are they used for?
Windows 2000 automatically creates accounts called built-in accounts. Two commonly used built-in accounts are Administrator and Guest. You use the built-in Administrator account to manage the overall computer (for example, creating and modifying user accounts and groups, and setting account properties on user accounts). You use the built-in Guest account to give occasional users the ability to log on and gain access to resources.
Chapter 11
Review Questions
Why should you use groups?
Use groups to simplify administration by granting rights and assigning permissions once to the group rather than multiple times to each individual member.
How do you create a local group?
Start the Computer Management snap-in and expand Local Users And Groups. Right-click Groups, and then click New Group. Fill in the appropriate fields and then click Create.
Are there any consequences to deleting a group?
When you delete a group, the unique identifier that the system uses to represent the group is lost. Even if you create a second group with the same name, the group will not have the same identifier, so you must grant the group any permissions or rights that it once had, and you must add back the users who need to be a member of that group.
What's the difference between built-in local groups and local groups?
You create local groups and assign the appropriate permissions to them.
Windows 2000 Professional comes with precreated built-in local groups. You can't create built-in local groups. Built-in local groups give rights to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system resources.
Chapter 12
Review Questions
What's the difference between a printer and a print device?
A printer is the software interface between the operating system and the print device. The print device is the hardware device that produces printed documents.
A print server can connect to two different types of print devices. What are these two types of print devices, and what are the differences?
The two types are local and network-interface print devices. A local print device is connected directly to a physical port of the print server. A network-interface print device is connected to the print server through the network. Also, a network-interface print device requires a network interface card.
You have added and shared a printer. What must you do to set up client computers running Windows 2000 so that users can print, and why?
You (or the user) must make a connection to the printer from the client computer. When you make a connection to the printer from the client computer, Windows 2000 automatically copies the printer driver to the client computer.
What advantages does connecting to a printer by using http://server_name/printers provide for users?
It allows a user to make a connection to a printer without having to use the Add Printer wizard. It makes a connection to a Web site, which displays all of the printers for which the user has permission. The Web site also provides information on the printers to help the user make the correct selection. Also, a Web designer can customize this Web page, such as by displaying a floor plan that shows the location of print devices, which makes it easier for users to choose a print device.
Why would you connect multiple printers to one print device?
To set priorities between the printers so that users can send critical documents to the printer with the highest priority. These documents will always print before documents that are sent from printers with lower priorities.
Why would you create a printer pool?
To speed up printing. Users can print to one printer that has several print devices so that documents do not wait in the print queue. It also simplifies administration; it's easier to manage one printer for several print devices than it is to manage one printer for each print device.
Chapter 13
Practice Questions
Lesson 2: Managing Printers
Practice: Performing Printer Management
Exercise 3: Taking Ownership of a Printer
· To take ownership of a printer
On the Security tab, click Advanced, and then click the Owner tab.
Who currently owns the printer?
The Administrators group.
Lesson 3: Managing Documents
Practice: Managing Documents
· To set a notification
In the printer's window, select README.txt, and then click Properties on the Document menu.
Windows 2000 displays the README.txt Document Properties dialog box with the General tab active.
Which user is specified in the Notify box? Why?
The Notify box currently displays the user Administrator because Administrator printed the document.
· To increase the priority of a document
In the README.txt Document Properties dialog box, on the General tab, notice the default priority.
What is the current priority? Is it the lowest or highest priority?
The current priority is the default of 1, which is the lowest priority.
Review Questions
For which printer permission does a user need to change the priority on another user's document?
The Manage Documents permission.
In an environment where many users print to the same print device, how can you help reduce the likelihood of users picking up the wrong documents?
Create a separator page that identifies and separates printed documents.
Can you redirect a single document?
No. You can change the configuration of the print server only to send documents to another printer or print device, which redirects all documents on that printer.
A user needs to print a large document. How can the user print the job after hours, without being present while the document prints?
You can control print jobs by setting the printing time. You set the printing time for a document on the General tab of the Properties dialog box for the document. To open the Properties dialog box for a document, select the document in the printer's window, click the Document menu, and then click Properties. Click Only From in the Schedule section of the Properties dialog box, and then set the Only From hour to the earliest time you want the document to begin printing after regular business hours. Set the To time to a couple of hours before normal business hours start. To set the printing time for a document, you must be the owner of the document or have the Manage Documents permission for the appropriate printer.
What are the advantages of using a Web browser to administer printing?
You can administer any printer on a Windows 2000 print server on the intranet by using any computer running a Web browser, regardless of whether the computer is running Windows 2000 or has the correct printer driver installed. Additionally, a Web browser provides a summary page and reports real-time print device status, and you can customize the interface.
Chapter 14
Practice Questions
Lesson 3: Assigning NTFS Permissions
Practice: Planning and Assigning NTFS Permissions
Exercise 1: Planning NTFS Permissions
When you apply custom permissions to a folder or file, which default permission entry should you remove?
The Full Control permission for the Everyone group.
Complete the following table to plan and record your permissions:
Path
User account or group
NTFS permissions
Block inheritance (yes/no)
Apps
Administrators group
Full Control
No
Apps\WordProcessing
Users group
Read & Execute
No
Apps\Spreadsheet
Accounting group Managers groupExecutives group
Read & ExecuteRead & ExecuteRead & Execute
No
Apps\Database
Accounting groupManagers groupExecutives group
Read & ExecuteRead & ExecuteRead & Execute
No
Public
Administrators group CreatorOwnerUsers group
Full ControlFull Control Write
No
Public\Library
Administrators group Users group
Full ControlRead & Execute
Yes
Public\Manuals
Administrators groupUsers group User81
Full Control Read & Execute Full Control
Yes
Exercise 2: Assigning NTFS Permissions for the Public Folder
· To remove permissions from the Everyone group
Click the Security tab to display the permissions for the Public folder.
Windows 2000 displays the Public Properties dialog box with the Security tab active.
What are the existing folder permissions?
The Everyone group has Full Control.
Notice that the current allowed permissions can't be modified.
Under Name, select the Everyone group, and then click Remove.
What do you see?
Windows 2000 displays a message box indicating that you can't remove "Everyone" because the folder is inheriting the permissions for the Everyone group from its parent folder. To change permissions for Everyone, you must first block inheritance.
Click Remove.
What are the existing folder permissions?
No permissions are currently assigned.
· To assign permissions to the Users group for the Public folder
Click OK to return to the Public Properties dialog box.
What are the existing allowed folder permissions?
The Users group has the following permissions: Read & Execute, List Folder Contents, and Read. These are the default permissions that Windows 2000 assigns when you add a user account or group to the list of permissions.
· To assign permissions to the CREATOR OWNER group for the Public folder
Under Permission Entries, select CREATOR OWNER if necessary.
Which permissions are assigned to CREATOR OWNER, and where do these permissions apply?
Full Control permission is applied to subfolders and files only. Permissions that are assigned to the CREATOR OWNER group are not applied to the folder but only to new files and folders that are created within the folder.
· To test the folder permissions that you assigned for the Public folder
In the Public folder, attempt to create a text file named User81.
Were you successful? Why or why not?
Yes, because the Users group is assigned the Write permission for the Public folder.
Exercise 4: Testing NTFS Permissions
· To test permissions for the Misc folder while logged on as User81
Attempt to create a file in the Misc folder.
Were you successful? Why or why not?
No, because only User82 has NTFS permissions to create and modify files in the Misc folder.
· To test permissions for the Misc folder while logged on as User82
Attempt to create a file in the Misc folder.
Were you successful? Why or why not?
Yes, because User82 has the Modify permission for the folder.
· To test permissions for the Manuals folder while logged on as Administrator
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
Yes, because the Administrators group has the Full Control permission for the Manuals folder.
· To test permissions for the Manuals folder while logged on as User81
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
No, because User81 has only the Read & Execute permission for the Manuals folder.
· To test permissions for the Manuals folder while logged on as User82
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
Yes, because User82 is a member of the Manuals group, which has been assigned the Modify permission for the Sales folder.
Lesson 6: Solving Permissions Problems
Practice: Managing NTFS Permissions
Exercise 1: Taking Ownership of a File
· To determine the permissions for a file
Click the Security tab to display the permissions for the Owner.txt file.
What are the current allowed permissions for Owner.txt?
The Administrators group has the Full Control permission.
The Users group has the Read & Execute permission.
Click the Owner tab.
Who is the current owner of the Owner.txt file?
The Administrators group.
· To take ownership of a file
Click Advanced to display the Access Control Settings For Owner dialog box, and then click the Owner tab.
Who is the current owner of Owner.txt?
The Administrators group.
In the Change Owner To box, select User84, and then click Apply.
Who is the current owner of Owner.txt?
User84.
Exercise 2: Copying and Moving Folders
· To create a folder while logged on as a user
While you are logged on as User84, in Windows Explorer, in drive C, create a folder named Temp1.
What are the permissions that are assigned to the folder?
The Everyone group has Full Control.
Who is the owner? Why?
User84 is the owner because the person who creates a folder or file is the owner.
· To create a folder while logged on as Administrator
In drive C, create the following two folders: Temp2 and Temp3.
What are the permissions for the folders that you just created?
The Everyone group has the Full Control permission.
Who is the owner of the Temp2 and Temp3 folders? Why?
The Administrators group is the owner of the Temp2 and Temp3 folders because a member of the Administrators group created these folders.
· To copy a folder to another folder within a Windows 2000 NTFS volume
Select C:\Temp1\Temp2, and then compare the permissions and ownership with C:\Temp2.
Who is the owner of C:\Temp1\Temp2 and what are the permissions? Why?
The owner is still the Administrators group because you are logged on as Administrator. When a folder or file is copied within an NTFS volume, the person who copies the folder or file becomes the owner.
The Everyone group has the Full Control permission because when a folder or file is copied within an NTFS volume, the folder or file inherits the permissions of the folder into which it is copied.
· To move a folder within the same NTFS volume
In Windows Explorer, select C:\Temp3, and then move it to C:\Temp1.
What happens to the permissions and ownership for C:\Temp1\Temp3? Why?
The Backup Operators group has Read & Execute permission and the Users group has Full Control. The Administrators group is the owner of C:\Temp1\Temp3.
C:\Temp1\Temp3 retains the original permissions as C:\Temp3. This is because when a file or folder is moved within the same NTFS volume, the file or folder retains its original permissions. Even though User84 did the moving, the folder's creator remains the owner.
Exercise 3: Deleting a File With All Permissions Denied
· To view the result of the Full Control permission for a folder
In Windows Explorer, double-click Noaccess.txt in the Fullaccess folder to open the file.
Were you successful? Why or why not?
No. The Everyone group has been denied the Full Control permission for C:\ FullControl\Noaccess.txt. The Administrator user account is a member of the Everyone group.
Delete Noaccess.txt.
Were you successful? Why or why not?
Yes, because Full Control includes the Delete Subfolders and Files special permission for POSIX compliance. This special permission allows a user to delete files in the root of a folder to which the user has been assigned the Full Control permission. This permission overrides the file permissions.
How would you prevent users with Full Control permission for a folder from deleting a file in that folder for which they have been denied the Full Control permission?
Allow users all of the individual permissions, and then deny users the Delete Subfolders and Files special permission.
Review Questions
What is the default permission when a volume is formatted with NTFS? Who has access to the volume?
The default permission is Full Control. The Everyone group has access to the volume.
If a user has Write permission for a folder and is also a member of a group with Read permission for the folder, what are the user's effective permissions for the folder?
The user has both Read permission and Write permission for the folder because NTFS permissions are cumulative.
If you assign the Modify permission to a user account for a folder and the Read permission for a file, and then you copy the file to that folder, which permission does the user have for the file?
The user can modify the file because the file inherits the Modify permission from the folder.
What happens to permissions that are assigned to a file when the file is moved from one folder to another folder on the same NTFS volume? What happens when the file is moved to a folder on another NTFS volume?
When the file is moved from one folder to another folder on the same NTFS volume, the file retains its permissions. When the file is moved to a folder on a different NTFS volume, the file inherits the permissions of the destination folder.
If an employee leaves the company, what must you do to transfer ownership of his or her files and folders to another employee?
You must be logged on as Administrator to take ownership of the employee's folders and files. Assign the Take Ownership special access permission to another employee to allow that employee to take ownership of the folders and files. Notify the employee to whom you assigned Take Ownership to take ownership of the folders and files.
What three details should you check when a user can't gain access to a resource?
Check the permissions that are assigned to the user account and to groups in which the user is a member.
Check whether the user account, or a group of which the user is a member, has been denied permission for the file or folder.
Check whether the folder or file has been copied to any other file or folder or moved to another volume. If it has, the permissions will have changed.
Chapter 15
Practice Questions
Lesson 1: Understanding Shared Folders
Practice: Applied Permissions
User101 is a member of Group1, Group2, and Group3. Group1 has Read permission and Group3 has Full Control permission for FolderA. Group2 has no permissions assigned for FolderA. What are User101's effective permissions for FolderA?
Since User101 gets the permissions of all groups, User101's effective permission for FolderA is Full Control, which also includes all capabilities of the Read permission.
User101 is also a member of the Sales group, which has the Read permission for FolderB. User101 has been denied the shared folder permission Full Control for FolderB as an individual user. What are User101's effective permissions for FolderB?
User101 has no access to FolderB. Even though User101 is a member of the Sales group, which has Read permission for FolderB, User101 has been denied Full Control access to FolderB. Denied permissions override all other permissions.
Lesson 4: Combining Shared Folder Permissions and NTFS Permissions
Practice: Managing Shared Folders
Exercise 1: Combining Permissions
In the first example, the Data folder is shared. The Sales group has the shared folder Read permission for the Data folder and the NTFS Full Control permission for the Sales subfolder.
What are the Sales group's effective permissions for the Sales subfolder when they gain access to the Sales subfolder by making a connection to the Data shared folder?
The Sales group has the Read permission for the Sales subfolder because when shared folder permissions are combined with NTFS permissions, the more restrictive permission applies.
In the second example, the Users folder contains user home folders. Each user home folder contains data that is accessible only to the user for whom the folder is named. The Users folder has been shared, and the Users group has the shared folder Full Control permission for the Users folder. User1 and User2 have the NTFS Full Control permission for only their home folder and no NTFS permissions for other folders. These users are all members of the Users group.
What permissions does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder? What are User1's permissions for the User2 subfolder?
User1 has the Full Control permission for the User1 subfolder because both the shared folder permission and the NTFS permission allow Full Control. User1 can't access the User2 subfolder because she or he has no NTFS permissions to gain access to it.
Exercise 2: Planning Shared Folders
Record your answers in the table.
You have two choices for permissions. You can rely entirely on NTFS permissions and assign Full Control for all shared folders to the Everyone group, or you can use shared folder permissions according to resource needs. The following suggested shared folders include required permissions if you decide to assign shared folder permissions.
Share Management Guidelines as MgmtGd. Assign the Full Control permission to the Managers group.
Share Data as Data. Assign the Full Control permission to the Administrators built-in group.
Share Data\Customer Service as CustServ. Assign the Change permission to the Customer Service group.
Share Data\Public as Public. Assign the Change permission to the Users built-in group.
Share Applications as Apps. Assign the Read permission to the Users built-in group and the Full Control permission to the Administrators built-in group.
Share Project Management as ProjMan. Assign the Change permission to the Managers group and the Full Control permission to the Administrators built-in group.
Share Database\Customers as CustDB. Assign the Change permission to the CustomerDBFull group, the Read permission to the CustomerDBRead group, and the Full Control permission to the Administrators built-in group.
Share Users as Users. Create a folder for every employee below this folder. Assign the Full Control permission to each employee for his or her own folder. Preferably, have Windows 2000 create the folder and assign permissions automatically when you create each user account.
Exercise 4: Assigning Shared Folder Permissions
· To assign Full Control to the Administrators group
Click OK.
Windows 2000 adds Administrators to the list of names with permissions.
Which type of access does Windows 2000 assign to Administrators by default?
The Read permission.
In the Permissions box, under Allow, click the Full Control check box.
Why did Windows Explorer also select the Change permission for you?
Full Control includes both the Change permission and the Read permission.
Exercise 5 (Optional): Connecting to a Shared Folder
· To connect a network drive to a shared folder by using the Map Network Drive command
To complete the connection, click Finish.
Windows 2000 displays the MktApps On 'PRO1' (P:) window.
How does Windows Explorer indicate that this drive points to a remote shared folder?
Windows Explorer uses an icon that shows a network cable attached to the drive. The network cable icon indicates a mapped network drive.
Exercise 8 (Optional): Testing NTFS and Shared Folder Permissions
· To test permissions for the Manuals folder when a user logs on locally
In the Manuals folder, attempt to create a file.
Were you successful? Why or why not?
No. Only Administrators have the NTFS permission to create and modify files in the Manuals folder.
· To test permissions for the Manuals folder when a user makes a connection over the network
In the Manuals window, attempt to create a file.
Were you successful? Why or why not?
No. Although the Users group has the Full Control shared folder permission for \\PRO1\MktApps, only Administrators have the NTFS permission to create and modify files in the Manuals folder.
· To test permissions for the Manuals folder when a user logs on over the network as Administrator
In the Manuals window, attempt to create a file.
Were you successful? Why or why not?
Yes. Administrator has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Manuals.
· To test permissions for the Public folder when a user makes a connection over the network
In the Public window, attempt to create a file.
Were you successful? Why or why not?
Yes. User1 has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Public.
Review Questions
When a folder is shared on a FAT volume, what does a user with the Full Control shared folder permissions for the folder have access to?
All folders and files in the shared folder.
What are the shared folder permissions?
Full Control, Change, and Read.
By default, what are the permissions that are assigned to a shared folder?
The Everyone group is assigned the Full Control permission.
When a folder is shared on an NTFS volume, what does a user with the Full Control shared folder permissions for the folder have access to?
Only the folder, but not necessarily any of the folder's contents. The user would also need NTFS permissions for each file and subfolder in the shared folder to gain access to those files and subfolders.
When you share a public folder, why should you use centralized data folders?
Centralized data folders enable data to be backed up easily.
What is the best way to secure files and folders that you share on NTFS partitions?
Put the files that you want to share in a shared folder and keep the default shared folder permission (the Everyone group with the Full Control permission for the shared folder). Assign NTFS permissions to users and groups to control access to all contents in the shared folder or to individual files.
Chapter 16
Review Questions
What two tasks must you perform to audit access to a file?
Set the audit policy for object access and configure the file for the type of access to audit.
Who can set up auditing for a computer?
By default, only members of the Administrators group can set up and administer auditing. You can also give other users the Manage Auditing and Security log user right, which is required to configure an audit policy and review audit logs.
When you view a security log, how do you determine whether an event failed or succeeded?
Successful events appear with a key icon; unsuccessful events appear with a lock icon.
If you click the Do Not Overwrite Events option in the Properties dialog box for an audit log, what happens when the log file becomes full?
Windows 2000 will stop. You must clear the log manually.
Chapter 17
Practice Questions
Lesson 1: Configuring Account Policies
Practice: Configuring Account Policies
Exercise 2: Configuring and Testing Additional Account Policies Settings
· To configure Account Policies settings
Use the Group Policy snap-in to configure the following Account Policies settings:
A user should have at least five different passwords before he or she accesses a previously used password.
After changing a password, a user must wait 24 hours before changing it again.
A user should change his or her password every three weeks.
Which settings did you use for each of the three listed items?
Set Enforce Password History to 5 so that a user must have at least five different passwords before he or she can access a previously used password.
Set Minimum Password Age to one day so that a user must wait 24 hours before he or she can change it again.
Set Maximum Password Age to 21 days so that a user must change his/her password every three weeks.
· To test Account Policies settings
Change your password to waters.
Were you successful? Why or why not?
You were successful because the minimum password length is set to 6, and the password waters contains six characters.
Change your password to papers.
Were you successful? Why or why not?
You weren't successful because you must wait 24 hours (one day) before you can change your password a second time. A Change Password dialog box appeared indicating that you can't change the password at this time.
Exercise 3: Configuring Account Lockout Policy
· To configure the Account Lockout Policy settings
Use Account Lockout Policy settings to do the following:
Lock out a user account after four failed logon attempts.
Lock out user accounts until the administrator unlocks the user account.
Which Account Lockout Policy settings did you use for each of the two conditions?
Set Account Lockout Threshold to 4 to lock out a user account after four failed logon attempts. When you set one of the three Account Lockout Policy options and the other two options have not been set, a dialog box appears indicating that the other two options will be set to default values.
Set Account Lockout Duration to 0 to have locked accounts remain locked until the administrator unlocks them.
Review Questions
Why would you want to force users to change passwords?
Forcing users to change passwords regularly will decrease the chances of an unauthorized person breaking into your computer. If a user account and password combination for your computer falls into unauthorized hands, forcing users to change their passwords regularly will cause the user account and password combination to fail and secure the computer.
Why would you want to control the length of the passwords used on your computers?
Longer passwords are more difficult to figure out because there are more characters to discover. In general, you want to do what you can to make it difficult to get unauthorized access to your computers.
Why would you want to lock out a user account?
If a user forgets his or her password, he or she can ask the administrator to reset the password. If someone repeatedly enters an incorrect password, the person is probably trying to gain unauthorized access to your computer. Setting a limit on the number of failed logon attempts and locking out any user account that exceeds this number makes it more difficult for someone to gain unauthorized access to your computers.
Why would you want to force users to press Ctrl+Alt+Delete before they can log on to your computers?
To increase security on your computers, you can force users to press Ctrl+Alt+Delete before they can log on. This key combination is recognized only by Windows and ensures that only Windows is receiving the password and not a Trojan horse program waiting to capture your password.
How do you prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box?
To prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box, click the Local Policies node in the console tree of the Local Security Settings window, and then click Security Options. In the details pane, right-click Do Not Display Last User Name In Logon Screen, click Security, and then disable this feature.
Chapter 18
Practice Questions
Lesson 1: Managing NTFS Compression
Practice: Managing NTFS Compression
Exercise 1: Compressing Files in an NTFS Partition
· To view the capacity and free space for drive C
Right-click drive C, and then click Properties.
Windows 2000 displays the Local Disk (C:) Properties dialog box with the General tab active.
What is the capacity of drive C?
Answers will vary.
What is the free space on drive C?
Answers will vary.
· To uncompress a folder
Click OK to close the CompTest2 Properties dialog box.
Since the CompTest2 folder is empty, Windows 2000 doesn't display the Confirm Attributes Changes dialog box asking you to specify whether to uncompress only this folder or this folder and all subfolders.
What indication do you have that the CompTest2 folder is no longer compressed?
The CompTest2 folder name is displayed in black.
Exercise 2: Copying and Moving Files
· To create a compressed file
Type Text1 and then press Enter.
How can you verify that Text1 is compressed?
The name of the file is displayed in blue. You could also check the properties for the file.
· To copy a compressed file to an uncompressed folder
Examine the properties for Text1 in the CompTest2 folder.
Is the Text1.txt file in the CompTest\CompTest2 folder compressed or uncompressed? Why?
Uncompressed. A new file inherits the compression attribute of the folder in which it is created.
· To move a compressed file to an uncompressed folder
Examine the properties of the Text1.txt file in the CompTest folder.
Is Text1.txt compressed or uncompressed?
Compressed.
Examine the properties of Text1.txt in the CompTest2 folder.
Is Text1.txt compressed or uncompressed? Why?
Compressed. When a file is moved to a new folder on the same partition, its compression attribute doesn't change.
Lesson 2: Managing Disk Quotas
Practice: Enabling and Disabling Disk Quotas
Exercise 1: Configuring Quota Management Settings
· To configure default quota management settings
On the Quota tab, click the Enable Quota Management check box.
What is the default disk space limit for new users?
1 KB.
· To configure quota management settings for a user
On the Quota tab of the Local Disk (C:) Properties dialog box, click the Quota Entries button.
Windows 2000 displays the Quota Entries For Local Disk (C:) window.
Are any user accounts listed? Why or why not?
Yes. The accounts listed are those that have logged on and gained access to drive C.
Click OK.
Windows 2000 displays the Add New Quota Entry dialog box.
What are the default settings for the user you just set a quota limit for?
Limit disk space to 10 MB and Set the warning level to 6 MB. These are the default settings that are selected for drive C.
· To test quota management settings
Copy the i386 folder from your CD-ROM to the User5 folder.
Windows 2000 Professional begins copying files from the i386 folder on the CD-ROM to a new i386 folder in the User5 folder on drive C. After copying several files, however, Windows 2000 displays the Error Copying File Or Folder dialog box indicating that there isn't enough room on the disk.
Why did you get this error message?
You have exceeded your quota limit and since the Deny Disk Space To Users Exceeding Quota Limit check box is selected, once you exceed your quota limit, you can't use more disk space.
Lesson 3: Increasing Security with EFS
Practice: Encrypting and Decrypting Files
Exercise 2: Testing the Encrypted Files
· To test an encrypted file
Start Windows Explorer and open the file File1.txt in the Secret folder.
What happens?
A Notepad dialog box appears indicating that Access Is Denied.
Review Questions
You are the administrator for a computer running Windows 2000 Professional. You want to restrict users to 25 MB of available storage space. How do you configure the volumes on the computer?
Format all volumes with NTFS and enable disk quotas for all of the volumes. Specify a limit of 25 MB and select the Deny Disk Space To Users Exceeding Quota Limit check box.
The Sales department archives legacy sales data on a network computer running Windows 2000 Professional. Several other departments share the computer. You have begun to receive complaints from users in other departments that the computer has little remaining disk space. What can you do to alleviate the problem?
Compress the folders that the Sales department uses to store archive data.
Your department has recently archived several gigabytes of data from a computer running Windows 2000 Professional to CD-ROMs. As users have been adding files to the computer, you have noticed that the computer has been taking longer than usual to gain access to the hard disk. How can you increase disk access time for the computer?
Use Disk Defragmenter to defragment files on the computer's hard disk.
Chapter 19
Practice Questions
Lesson 2: Backing Up Data
Practice: Backing Up Files
Exercise 1: Starting a Backup Job
· To back up files by using Backup wizard
Click Replace The Data On The Media With This Backup.
When is it appropriate to select the check box labeled Allow Only The Owner And The Administrator Access To The Backup Data And To Any Backups Appended To This Media?
Unless the data that is being backed up will be restored by anyone other than the person doing the backing up or an administrator, you should consider selecting this check box if you want to minimize the risk of unauthorized access to your data.
Exercise 2: Creating and Running an Unattended Backup Job
· To verify that the backup job was performed
Start Microsoft Windows Explorer and click drive C.
Does the Backup2.bkf file exist?
Yes.
Lesson 3: Restoring Data
Practice: Restoring Files
· To verify that the data was restored
Start Windows Explorer and expand drive C.
Does the Restored Data folder exist?
Yes.
What are the contents of the Restored Data folder?
The file Boot.ini.
Review Questions
If you want a user to perform backups, what do you need to do?
Make sure that the user is a member of the Administrators or Backup Operators groups.
You performed a normal backup on Monday. For the remaining days of the week, you want to back up only files and folders that have changed since the previous day. What backup type do you select?
Incremental. The incremental backup type backs up changes since the last markers were set and then clears the markers. Thus, for Tuesday through Friday, you back up only changes since the previous day.
What are the considerations for using tapes as your backup media?
Tapes are a less expensive medium and are more convenient for large backups because of their higher storage capacity. However, the medium deteriorates with time and thus has a limited lifespan.
You are restoring a file that has the same name as a file on the volume to which you are restoring. You aren't sure which is the most current version. What do you do?
Do not replace the file. Restore the file to another location, and then compare the two files.
Chapter 20
Review Questions
Why would you want to monitor access to network resources?
For performing maintenance tasks that require making resources unavailable, you want to notify users before making the resource unavailable. To maintain a network's security, you need to monitor which users are gaining access to which resources. For planning purposes, you want to determine which resources are being used and how often they are being used.
What can you monitor on a network with the Computer Management snap-in or the Shared Folders snap-in?
You can monitor the number of users who have a current connection to the computer that you are monitoring, the files to which users are currently gaining access and which users are currently gaining access to each file, the shared folders to which users are currently gaining access on the network, and how many users have a connection to each folder. You can monitor all this information on the computer where you are physically located or on a remote computer.
Why would you send an administrative message to users with current connections?
To inform the users that you are about to disconnect them from the resource so that you can perform a backup or restore operation, upgrade software or hardware, or shut down the computer.
What can you do to prevent a user from reconnecting to a shared folder after you have disconnected the user from the shared folder?
To prevent all users from reconnecting, stop sharing the folder. To prevent only one user from reconnecting, change the permissions for the folder so that the user no longer has access, and then disconnect the user from the shared folder.
How can you create and manage shares on a remote computer?
To create and manage shares on a remote folder, use the MMC to create a custom console and add the Shared Folders snap-in to it. When you add the Shared Folders snap-in, you specify the remote computer on which you want to create and manage shares. When adding the Shared Folders snap-in to the console, you can also select the Allow The Selected Computer To Be Changed When Launching From The Command Line check box so that you can choose the remote computer on which you want to create and manage shares.
Chapter 21
Review Questions
What are the advantages of using L2TP over using PPTP?
L2TP supports more types of internetworks, it supports header compression, and it cooperates with IPSec for encryption.
While you're using the Network Connection wizard, you must configure two new settings regarding sharing the connection. Describe the difference between these two settings.
The settings are whether you want to allow others that use the computer to use the connection (access to the connection) and whether you want to allow other computers to access resources through this port (sharing the connection once it is established).
What is callback and when might you want to enable it?
The callback feature causes the remote server to disconnect and call back the client attempting to access the remote server. By using callback, you can have the bill for the phone call charged to your phone number rather than to the phone number of the user who called in. You can also use callback to increase security by specifying the callback number. Even if an unauthorized user calls in, the system calls back at the number you specified, not the number of the unauthorized user.
Chapter 22
Practice Questions
Lesson 5: Using the Recovery Console
Practice: Using the Windows 2000 Recovery Console
Exercise 1: Troubleshooting a Windows 2000 Installation
· To create a system boot failure
Restart the computer.
What error do you receive when attempting to restart the computer?
NTLDR is missing. Press Ctrl+Alt+Del to restart.
Review Questions
What are the five major phases of the boot process for Intel-based computers?
The boot process for Intel-based computers includes the preboot sequence, boot sequence, kernel load, kernel initialization, and logon phases.
What are the various Safe Mode advanced boot options for booting Windows 2000, and how do they differ?
The Safe Mode option loads only the basic devices and drivers required to start the system, including the mouse, keyboard, mass storage devices, base video, and the standard/default set of system services.
The Safe Mode With Networking option loads the devices and drivers loaded with the Safe Mode option, but it also loads the services and drivers required for networking.
The Safe Mode With Command Prompt option is identical to the Safe Mode option, but it launches a command prompt instead of Windows Explorer.
What are the two sections of the Boot.ini file, and what information does each section contain?
The two sections of the Boot.ini file are [boot loader] and [operating systems]. The [boot loader] section of Boot.ini specifies the default operating system and provides a timeout value.
The [operating systems] section of Boot.ini contains the list of operating systems that appear in the Boot Loader Operating System Selection menu. Each entry includes the path to the operating system and the name that appears in the Boot Loader Operating System Selection menu (the text between the quotation marks). Each entry can also contain optional parameters.
You install a new device driver for a SCSI adapter in your computer. When you restart the computer, however, Windows 2000 stops responding after the kernel load phase. How can you get Windows 2000 to restart successfully?
Select the Last Known Good Configuration option to use the LastKnownGood configuration control to start Windows 2000 because it doesn't contain any reference to the new, and possibly faulty, driver.
Chapter 23
Review Questions
How do you install the Windows 2000 deployment tools, such as the Setup Manager Wizard and the System Preparation tool?
To install the Windows 2000 Setup Tools, display the contents of the Deploy.cab file, which is located in the Support\Tools folder on the Windows 2000 CD-ROM. Select all the files you want to extract, right-click a selected file, and then select Extract from the menu. You will be prompted for a destination, the location and name of a folder, for the extracted files.
Which five resources are required to use Remote Installation Services to install Windows 2000 Professional?
A Windows 2000 Server with RIS installed, a DNS server available on the network, a DHCP server available on the network, a Windows 2000 domain to provide Active Directory directory services, and client computers that meet the Net PC specification or have a boot floppy to connect to the RIS server.
Which utility is provided to create boot floppies and how do you access it?
Windows 2000 ships with the Windows 2000 Remote Boot Disk Generator, rbfg.exe, which is used to create boot disks. It is found on the RIS Server in the folder where the Windows 2000 Professional installation files are stored. The path is RemoteInst\Admin\i386\rbfg.exe.
You are planning on installing 45 computers with Windows 2000 Professional. You have determined that these 45 computers have seven different network adapter cards. How can you determine whether these seven different types of network adapter cards are supported by the boot floppies you created?
The boot floppies created using Rbfg only support the PCI-based network adapters listed in the Adapters List. Start Rbfg.exe and then click the Adapter List button to see the list of supported adapters.
You have a laptop running Windows 95 and you want to upgrade it to Windows 2000. The computer has 16 MB of RAM, and this can be upgraded to 24 MB. Can you upgrade this computer to Windows 2000? If not, how would you make it so this computer was able to access Active Directory directory services?
No, Windows 2000 Professional requires at least 32 MB of memory. You can install the Directory Service Client for Windows 95 or 98. The laptop would then be able to access Active Directory directory services.
Name at least two problems the System Preparation tool resolves that makes creating and copying a master disk image to other computers much simpler to do.
The System Preparation tool adds a system service to the master image that will create a unique local domain security ID (SID) the first time the computer to which the master image is copied is started.
The System Preparation tool adds a Mini-Setup wizard to the master disk image that runs the first time the computer to which the master image is copied is started. It guides the user through entering the user-specific information such as the end-user license agreement, the Product ID, user name, company name, and time zone selection.
The System Preparation tool causes the master image to force the computer on which the master image is copied to run a full Plug and Play device detection, so that peripherals, such as the network adapter, the video adapter, and sound cards on the computer on which the disk image was copied need not be identical to the ones on the computer on which the image was generated.
Chapter 24
Review Questions
A friend of yours just installed Windows 2000 Professional on his home computer. He called you to help him configure APM, and when you told him to double-click Power Options in Control Panel and click on the APM tab, he told you he did not have an APM tab. What is the most likely reason there is no APM tab?
The most likely reason there is no APM is that his computer does not have an APM-based BIOS installed. When Windows 2000 does not detect an APM-based BIOS, Setup does not install APM and there is no APM tab in the Power Options Properties dialog box.
A user calls the help desk in a panic. She spent 15 hours editing a proposal as an offline file at her house. Over the weekend, her boss came in and spent about four hours editing the same proposal. She needs to synchronize the files, but she doesn't want to lose her edits or those made by her boss. What can she do?
If both her cached offline copy of the file and the network copy of the file are edited, she should rename her version of the file so that both copies will exist on her hard disk and on the network. She could then compare the two and edit her version, adding any edits made by her boss.
Many commercial airlines require you to turn off portable computers during certain portions of a flight. Does placing your computer in Hibernate mode comply with these airline requirements? Why or why not?
No. Hibernate mode makes your computer appear to be turned off, but it is not. You must shut down your computer to comply with these airline requirements.
Chapter 25
Practice Questions
Lesson 1: Using Device Manager and System Information
Practice: Using Device Manager and System Information
Exercise 2: Using System Information
· To use System Information
In the details pane, double-click Hardware Resources, and then double-click IRQs.
Are there any IRQs being shared?
Answer will vary.
Review Questions
Your boss has started to manually assign resource settings to all devices, including Plug and Play devices, and wants you to finish the job. What should you do?
Explain to your boss that it is not a good idea to manually change or assign resource settings for Plug and Play devices. Windows 2000 arbitrates resources, but if you manually assign them, then Windows 2000 will not be able to arbitrate the assigned resources if requested by another Plug and Play device.
Once you have convinced your boss that this is not a good idea, start Device Manager. Plug and Play devices have a Resources tab on their Properties page. You can free the resource settings that were manually assigned and allow Windows 2000 to again arbitrate the resources by selecting the Use Automatic Settings check box on the Resources tab.
What benefits do you gain by Microsoft digitally signing all system files?
Windows 2000 drivers and operating system files are digitally signed by Microsoft to ensure the files have not been tampered with. Some applications overwrite existing operating files as part of their installation process. These files may cause system errors that are difficult to troubleshoot. Device Manager allows you to look at the Driver tab and verify that the digital signer of the installed driver is correct. This can save you many frustrating hours of trying to resolve problems caused by a file that replaced one or more original operating system drivers.
What are three ways Microsoft has provided to help you make sure the files on your system have the correct digital signature?
Windows 2000 provides Device Manager, which allows you to verify that the digital signer of the installed driver is correct. Windows 2000 also provides two utilities to verify the digital signatures. The first utility is the File Signature Verification utility, sigverif. Windows 2000 also provides System File Checker (SFC), a command-line utility that you can use to check the digital signature of files.
You receive a call at the Help desk from a user who is trying to configure her fax settings, and she tells you that she does not have an Advanced Options tab. What could the problem be?
For the Advanced Options tab to display, the user must be logged on as Administrator or have administrator privileges.
[Previous] [Next]
Appendix B -- Creating Setup Boot Disks
Unless your computer supports booting from a CD-ROM drive, you must have the four Windows 2000 Professional Setup disks to complete the installation of Microsoft Windows 2000 Professional. To create these Setup disks, complete the following procedure.
Label the four 1.44 MB disks with the appropriate product name, as follows:
Windows 2000 Professional Setup Boot Disk
Windows 2000 Professional Setup Disk #2
Windows 2000 Professional Setup Disk #3
Windows 2000 Professional Setup Disk #4
Insert the Microsoft Windows 2000 Professional CD-ROM into the CD-ROM drive.
If the Windows 2000 CD-ROM dialog box appears prompting you to upgrade to Windows 2000, click No.
Open a Command Prompt window.
At the command prompt, change to your CD-ROM drive. For example, if your CD-ROM drive letter is E, type e: and press Enter.
At the command prompt, change to the Bootdisk folder by typing cd bootdisk and pressing Enter.
With Bootdisk as the active folder, type makeboot a: (where a: is the floppy disk drive) and then press Enter.
Windows 2000 displays a message indicating that this script creates the four Windows 2000 Setup disks for installing from a CD-ROM. It also indicates that four blank formatted floppy disks are required.
Press any key to continue.
Windows 2000 displays a message prompting you to insert the disk labeled Disk 1. (This is the disk you labeled Windows 2000 Professional Setup Boot Disk.)
Insert the blank formatted disk labeled Windows 2000 Professional Setup Boot Disk into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 2.
Remove Disk 1, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #2 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 3.
Remove Disk #2, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #3 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 4.
Remove Disk 3, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #4 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message indicating that the imaging process is done.
At the command prompt, type exit and then press Enter.
Remove the disk from drive A and the CD-ROM from the CD-ROM drive.
[Previous] [Next]
Appendix C -- Understanding the DHCP Service
The Dynamic Host Configuration Protocol (DHCP) Service in Microsoft Windows 2000 centralizes and manages the allocation of Microsoft Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information by assigning Internet Protocol (IP) addresses automatically to computers that are configured as DHCP clients. Implementing the DHCP Service can eliminate many of the configuration problems associated with configuring TCP/IP manually.
To introduce you to DHCP, the following six topics are covered in this appendix:
The Bootstrap Protocol (BOOTP)
Manual versus automatic TCP/IP configuration
The requirements for a server running the DHCP Service
The requirements for DHCP clients
The DHCP lease process
IP lease renewal and release
The Bootstrap Protocol
The Bootstrap Protocol, based on the User Datagram Protocol/Internet Protocol (UDP/IP), enables a booting host to configure itself dynamically. DHCP is an extension of BOOTP, which enables diskless clients to start up and automatically configure TCP/IP. Each time that a DHCP client starts, it requests IP addressing information from a DHCP server, including the following:
An IP address
A subnet mask
Optional values, such as the following:
A default gateway address
A Domain Name System (DNS) server address
A Windows Internet Name Service (WINS) server address
When a DHCP server receives a request for an IP address, it selects IP addressing information from a pool of addresses that are defined in its database and offers the IP addressing information to the DHCP client, as shown in Figure C.1. If the client accepts the offer, the DHCP server leases the IP addressing information to the client for a specified period of time.
Figure C.1 A DHCP server provides IP addresses to DHCP clients
Manual Versus Automatic TCP/IP Configuration
To understand why the DHCP Service is beneficial for configuring TCP/IP on clients, it is useful to contrast the manual method of configuring TCP/IP with the automatic method using DHCP, as shown in Table C.1.
Table C.1 Configuring TCP/IP Manually Versus Using the DHCP Service
Configuring TCP/IP manually
Configuring TCP/IP using DHCP
Users can pick an IP address randomly rather than obtaining a valid IP address from the network administrator. Using incorrect addresses can lead to network problems that can be difficult to trace to the source.
Users no longer need to acquire IP addressing information from an administrator to configure TCP/IP. The DHCP Service supplies all the necessary configuration information to all the DHCP clients.
Typing the IP address, subnet mask, or default gateway can lead to problems ranging from difficulty communicating, if the default gateway or subnet mask is incorrect, to problems associated with a duplicate IP address.
Correct configuration information ensures correct configuration, which eliminates most difficult-to-trace network problems.
There is administrative overhead for networks if you frequently move computers from one subnet to another. For example, you must change the IP address and default gateway address for a client to communicate from a new location.
Having servers running the DHCP Service on each subnet eliminates the overhead of having to manually reconfigure IP addresses, subnet masks, and default gateways when you move computers from one subnet to another.
To implement DHCP, you must install and configure the DHCP Service on at least one computer running Windows 2000 Server within the TCP/IP network. The computer can be configured as a domain controller or as a stand-alone server. In addition, for DHCP to function properly, you must configure the server and all of the clients.
Requirements for a Server Running the DHCP Service
A DHCP server requires a computer running Windows 2000 Server that is configured with the following:
The DHCP Service.
A static IP address (it can't be a DHCP client itself), subnet mask, default gateway (if necessary), and other TCP/IP parameters.
A DHCP scope. A scope is a range of IP addresses that are available for lease or assignment to clients.
Requirements for DHCP Clients
A DHCP client requires a computer that is DHCP-enabled and running any of the following supported operating systems:
Windows 2000, Windows NT Server version 3.51 or later, or Windows NT Workstation version 3.51 or later.
Microsoft Windows 95 or later.
Windows for Workgroups version 3.11 running Microsoft TCP/IP-32, which is included on the Windows 2000 Server CD-ROM.
Microsoft Network Client version 3 for Microsoft MS-DOS with the real-mode TCP/IP driver, which is included on the Windows 2000 Server CD-ROM.
LAN Manager version 2.2c, which is included on the Windows 2000 Server CD-ROM. LAN Manager 2.2c for OS/2 is not supported.
The DHCP Lease Process
To understand the DHCP lease process, you must first understand when the lease process occurs. The DHCP lease process occurs when one of the following events happens:
TCP/IP is initialized for the first time on a DHCP client.
A client requests a specific IP address and is denied, possibly because the DHCP server dropped the lease.
A client previously leased an IP address but released the IP address and requires a new one.
DHCP uses a four-phase process to lease IP addressing information to a DHCP client for a specific period of time: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK. (See Figure C.2.)
Figure C.2 The DHCP lease process
The DHCPDISCOVER Phase
The first phase in the DHCP lease process is DHCPDISCOVER. To begin the DHCP lease process, a client initializes a limited version of TCP/IP and broadcasts a DHCPDISCOVER message requesting the location of a DHCP server and IP addressing information. Because the client doesn't know the IP address of a DHCP server, the client uses 0.0.0.0 as the source address and 255.255.255.255 as the destination address.
The DHCPDISCOVER message contains the client's hardware address and computer name so that the DHCP servers can determine which client sent the request.
The DHCPOFFER Phase
The second phase in the DHCP lease process is DHCPOFFER. All DHCP servers that receive the IP lease request and have a valid client configuration broadcast a DHCPOFFER message that includes the following information:
The client's hardware address
An offered IP address
A subnet mask
The length of the lease
A server identifier (the IP address of the offering DHCP server)
The DHCP server sends a broadcast because the client doesn't yet have an IP address. The DHCP client selects the IP address from the first offer that it receives. The DHCP server that is issuing the IP address reserves the address so that it can't be offered to another DHCP client.
The DHCPREQUEST Phase
The third phase in the DHCP lease process occurs after the client receives a DHCPOFFER from at least one DHCP server and selects an IP address. The client broadcasts a DHCPREQUEST message to all DHCP servers, indicating that it has accepted an offer. The DHCPREQUEST message includes the server identifier (IP address) of the server whose offer it accepted. All other DHCP servers then retract their offers and retain their IP addresses for the next IP lease request.
The DHCPACK Phase
The final phase in a successful DHCP lease process occurs when the DHCP server issuing the accepted offer broadcasts a successful acknowledgment to the client in the form of a DHCPACK message. This message contains a valid lease for an IP address and possibly other configuration information.
When the DHCP client receives the acknowledgment, TCP/IP is completely initialized and the client is considered a bound DHCP client. Once bound, the client can use TCP/IP to communicate on the network.
The DHCPNACK Message
If the DHCPREQUEST is not successful, the DHCP server broadcasts a negative acknowledgement (DHCPNACK). A DHCP server broadcasts a DHCPNACK if
The client is trying to lease its previous IP address, and the IP address is no longer available.
The IP address is invalid because the client physically has been moved to a different subnet.
When the client receives an unsuccessful acknowledgment, it resumes the DHCP lease process.
NOTE
If a computer has multiple network adapters that are bound to TCP/IP, the DHCP process occurs separately over each adapter. The DHCP Service assigns a unique IP address to each adapter in the computer that is bound to TCP/IP.
IP Lease Renewal and Release
All DHCP clients attempt to renew their lease when 50 percent of the lease time has expired. To renew its lease, a DHCP client sends a DHCPREQUEST message directly to the DHCP server from which it obtained the lease. If the DHCP server is available, it renews the lease and sends the client a DHCPACK message with the new lease time and any updated configuration parameters, as shown in Figure C.3. The client updates its configuration when it receives the acknowledgment.
Figure C.3 Renewing an IP lease
NOTE
Each time a DHCP client restarts, it attempts to lease the same IP address from the original DHCP server. If the lease request is unsuccessful and lease time is still available, the DHCP client continues to use the same IP address until the next attempt to renew the lease.
If a DHCP client can't renew its lease with the original DHCP server at the 50 percent interval, the client broadcasts a DHCPREQUEST to contact any available DHCP server when 87.5 percent of the lease time has expired. Any DHCP server can respond with a DHCPACK message (renewing the lease) or a DHCPNACK message (forcing the DHCP client to reinitialize and obtain a lease for a different IP address).
If the lease expires, or if a DHCPNACK message is received, the DHCP client must immediately discontinue using that IP address. The DHCP client then begins the DHCP lease process to lease a new IP address.
Using Ipconfig to Renew a Lease
Use the ipconfig command with the /renew switch to send a DHCPREQUEST message to the DHCP server to receive updated options and lease time. If the DHCP server is unavailable, the client continues using the current DHCP- supplied configuration options.
Using Ipconfig to Release a Lease
Use the ipconfig command with the /release switch to cause a DHCP client to send a DHCPRELEASE message to the DHCP server and to release its lease. This is useful when you are moving a client to a different network and the client will not need its previous lease. TCP/IP communications with the client will stop after you issue this command.
Microsoft DHCP clients don't initiate DHCPRELEASE messages when shutting down. If a client remains shut down for the length of its lease (and the lease is not renewed), the DHCP server might assign that client's IP address to a different client after the lease expires. A client has a better chance of receiving the same IP address during initialization if it doesn't send a DHCPRELEASE message.
[Previous] [Next]
Appendix D -- Managing Backup Tapes
If you use tapes as your backup medium, consider the distinction between rotating tapes and archiving tapes. Rotating tapes means reusing them when the data stored on them is no longer viable for restoring. This common practice helps to lower the cost of backing up data. Archiving tapes means storing the tape to keep a record of the data rather than as prevention against data loss. When you archive a tape, you remove that tape from the tape rotation. Archived tapes are useful for maintaining a record of data for a specific date and time, such as employee records at the end of a fiscal year.
Rotating and Archiving Tapes
The following two examples provide strategies for rotating and archiving tapes.
Rotation and Archive Example 1
The following table illustrates one strategy for rotating and archiving tapes and is explained below.
Monday
Tuesday
Wednesday
Thursday
Friday
Week 1
Tape 1
Tape 2
Tape 3
Tape 4
Tape 5(Archive)
Week 2
Tape 1(Replace or Append)
Tape 2(Replace or Append)
Tape 3(Replace or Append)
Tape 4(Replace or Append)
Tape 6(Archive)
Week 1. The backup job for each day of the week is on a different tape. The backup tape for Friday is archived and removed from rotation.
Week 2. For this week, you reuse the tapes for the same day of the week (the Monday backup job is on the previous Monday tape 1). You can either replace or append to the existing backup job. However, on Friday, use a new tape that you archive and remove from rotation.
Rotation and Archive Example 2
The following table illustrates another strategy for rotating and archiving tapes and is explained below.
Monday
Tuesday
Wednesday
Thursday
Friday
Week 1
Tape 1
Tape 1(Append)
Tape 1(Append)
Tape 1(Append)
Tape 2(Archive)
Week 2
Tape 1
Tape 1(Append)
Tape 1(Append)
Tape 1(Append)
Tape 3(Archive)
Week 1. The backup job for each day of the week, except Friday, is on the same tape. The backup tape for Friday is archived and removed from rotation. Use the same tape for the Monday through Thursday backup jobs and append each new backup job to the previous one. The Friday backup job is on a different tape (tape 2) that you archive and remove from rotation.
Week 2. For this week, reuse the tape from the previous week (tape 1) for all backup jobs. The Friday backup job is on a tape (tape 3) that is different from the one that you used the previous Friday. You archive and remove this tape from rotation.
Determining the Number of Tapes Required
When determining the number of tapes you need, consider the tape rotation and archival schedule, the amount of the data that you back up, and the tape life cycle.
The life cycle of a tape depends on the tape itself and storage conditions. Follow the tape manufacturer's usage guidelines. If your company doesn't have a suitable storage facility, consider using a third-party company that specializes in offsite storage for backup media.
[Previous] [Next]
Glossary
A
access control entry (ACE) The entries on the access control list (ACL) that control user account or group access to a resource. The entry must allow the type of access that is requested (for example, Read access) for the user to gain access. If no ACE exists in the ACL, the user can't gain access to the resource or folder on an NTFS partition.
access control list (ACL) The ACL contains a list of all user accounts and groups that have been granted access for the file or folder on an NTFS partition or volume, as well as the type of access that they have been granted. When a user attempts to gain access to a resource, the ACL must contain an entry, called an access control entry (ACE), for the user account or group to which the user belongs. See alsoaccess control entry.
access permissions Features that control access to shared resources in Windows 2000.
Account See user account.
account lockout A Windows 2000 security feature that locks a user account if a number of failed logon attempts occur within a specified amount of time, based on account policy lockout settings. (Locked accounts can't log on.) Account policy controls how passwords must be used by all user accounts in an individual computer or in a domain.
ACE See access control entry.
ACL See access control list.
Active Directory directory services The directory services included in Windows 2000 Server products. These directory services identify all resources on a network and make them accessible to users and applications.
Address Resolution Protocol (ARP) A protocol that determines hardware addresses (MAC addresses) that correspond to an IP address.
ADSL See asymmetric digital subscriber line (ADSL).
agent A program that performs a background task for a user and reports to the user when the task is done or when some expected event has taken place.
American National Standards Institute (ANSI) An organization of American industry and business groups dedicated to the development of trade and communications standards. ANSI is the American representative to the International Organization for Standardization (ISO). See also International Organization for Standardization (ISO).
American Standard Code for Information Interchange (ASCII) A coding scheme that assigns numeric values to letters, numbers, punctuation marks, and certain other characters. By standardizing the values used for these characters, ASCII enables computers and computer programs to exchange information.
ANSI See American National Standards Institute (ANSI).
application layer The top (seventh) layer of the OSI reference model. This layer serves as the window that application processes use to access network services. It represents the services that directly support user applications, such as software for file transfers, database access, and e-mail.
application programming interface (API) A set of routines that an application program uses to request and carry out lower-level services performed by the operating system.
application protocol A protocol that works at the higher end of the OSI reference model, providing application-to-application interaction and data exchange. Popular application protocols include File Transfer Access and Management (FTAM), a file access protocol; Simple Mail Transfer Protocol (SMTP), a TCP/IP protocol for transferring e-mail; Telnet, a TCP/IP protocol for logging on to remote hosts and processing data locally; and NetWare Core Protocol (NCP), the primary protocol used to transmit information between a NetWare server and its clients.
ARP See Address Resolution Protocol (ARP).
asymmetric digital subscriber line (ADSL) A recent modem technology that converts existing twisted-pair telephone lines into access paths for multimedia and high-speed data communications. These new connections can transmit more than 8 Mbps to the subscriber and up to 1 Mbps from the subscriber. ADSL is recognized as a physical layer transmission protocol for unshielded twisted-pair media.
asynchronous transfer mode (ATM) An advanced implementation of packet switching that provides high-speed data transmission rates to send fixed-size cells over broadband LANs or WANs. Cells are 53 bytes—48 bytes of data with five additional bytes of address. ATM accommodates voice, data, fax, real-time video, CD-quality audio, imaging, and multimegabit data transmission. ATM uses switches as multiplexers to permit several computers to put data on a network simultaneously. Most commercial ATM boards transmit data at about 155 Mbps, but theoretically, a rate of 1.2 gigabits per second is possible.
asynchronous transmission A form of data transmission in which information is sent one character at a time, with variable time intervals between characters. Asynchronous transmission doesn't rely on a shared timer that allows the sending and receiving units to separate characters by specific time periods. Therefore, each transmitted character consists of a number of data bits (that compose the character itself), preceded by a start bit and ending in an optional parity bit followed by a 1-, 1.5-, or 2-stop bit.
ATM See asynchronous transfer mode (ATM).
auditing A process that tracks network activities by user accounts and a routine element of network security. Auditing can produce records or list users who have accessed—or attempted to access—specific resources; help administrators identify unauthorized activity; and track activities such as logon attempts, connection and disconnection from designated resources, changes made to files and directories, server events and modifications, password changes, and logon parameter changes.
audit policy A policy that defines the types of security events that Windows 2000 records in the security log on each computer.
authentication A verification based on user name, passwords, and time and account restrictions.
B
back end In a client/server application, the part of the program that runs on the server.
backup A duplicate copy of a program, a disk, or data, made to secure valuable files from loss.
backup job A single process of backing up data.
Bandwidth Allocation Protocol (BAP) A PPP control protocol that helps provide bandwidth on demand. BAP dynamically controls the use of multilinked lines and is an efficient mechanism for controlling connection costs while dynamically providing optimum bandwidth.
BAP See Bandwidth Allocation Protocol (BAP).
base I/O port A port that specifies a channel through which information is transferred between a computer's hardware, such as the network interface card (NIC), and its CPU.
base memory address A setting that defines the address of the location in a computer's memory (RAM) that is used by the NIC. This setting is sometimes called the RAM start address.
baud A measure of data-transmission speed named after the French engineer and telegrapher Jean-Maurice-Emile Baudot. It is a measure of the speed of oscillation of the sound wave on which a bit of data is carried over telephone lines. Because baud was originally used to measure the transmission speed of telegraph equipment, the term sometimes refers to the data-transmission speed of a modem. However, current modems can send at a speed higher than 1-bit per oscillation, so baud is being replaced by the more accurate bps (bits per second) as a measure of modem speed.
baud rate The speed at which a modem can transmit data. Often confused with bps (the number of bits per second transmitted), baud rate actually measures the number of events, or signal changes, that occur in one second. Because one event can actually encode more than one bit in high-speed digital communication, baud rate and bps are not always synonymous, and the latter is the more accurate term to apply to modems. For example, the 9600-baud modem that encodes 4-bits per event actually operates at 2400 baud but transmits at 9600 bps (2400 events times 4-bits per event), and thus should be called a 9600-bps modem.
binary synchronous communications protocol (bisync) A communications protocol developed by IBM. Bisync transmissions are encoded in either ASCII or EBCDIC. Messages can be of any length and are sent in units called frames that are optionally preceded by a message header. Because bisync uses synchronous transmission, in which message elements are separated by a specific time interval, each frame is preceded and followed by special characters that enable the sending and receiving machines to synchronize their clocks.
bind A term used to describe the association of two pieces of information with one another.
binding A process that establishes the communication channel between network components on different levels to enable communication between those components. For example, the binding of a protocol driver (such as TCP/IP) and a network adapter.
bit A short word for binary digit: either 1 or 0 in the binary number system. In processing and storage, a bit is the smallest unit of information handled by a computer. It is represented physically by an element such as a single pulse sent through a circuit or a small spot on a magnetic disk capable of storing either a 1 or 0. Eight bits make a byte.
bits per second (bps) A measure of the speed at which a device can transfer data. See also baud rate.
bit time The time it takes for each station to receive and store a bit.
boot-sector virus A type of virus that resides in the first sector of a floppy disk or hard disk. When the computer is booted, the virus executes. In this common method of transmitting viruses from one floppy disk to another, the virus replicates itself onto the new disk each time a new disk is inserted and accessed.
bottleneck A device or program that significantly degrades network performance. Poor network performance results when a device uses noticeably more CPU time than it should, consumes too much of a resource, or lacks the capacity to handle the load. Potential bottlenecks can be found in the CPU, memory, NIC, and other components.
Bps See bits per second (bps).
broadcast A transmission sent simultaneously to more than one recipient. In communication and on networks, a broadcast message is one distributed to all stations or computers on the network.
broadcast storm An event that occurs when so many broadcast messages are on the network that they approach or surpass the capacity of the network bandwidth. This can happen when one computer on the network transmits a flood of frames saturating the network with traffic so it can no longer carry messages from any other computer. Such a broadcast storm can shut down a network.
buffer A reserved portion of RAM in which data is held temporarily, pending an opportunity to complete its transfer to or from a storage device or another location in memory.
built-in groups One type of group account used by Microsoft Windows 2000. Built-in groups, as the name implies, are included with the network operating system. Built-in groups have been granted useful collections of rights and built-in abilities. In most cases, a built-in group provides all the capabilities needed by a particular user. For example, if a user account belongs to the built-in Administrators group, logging on with that account gives the user administrative capabilities. See also user account.
Bus Parallel wires or cabling that connect components in a computer.
Byte A unit of information consisting of 8 bits. In computer processing or storage, a byte is equivalent to a single character, such as a letter, numeral, or punctuation mark. Because a byte represents only a small amount of information, amounts of computer memory are usually given in kilobytes (1,024 bytes, or 2 raised to the 10th power), megabytes (1,048,576 bytes, or 2 raised to the 20th power), gigabytes (1,024 megabytes), terabytes (1,024 gigabytes), petabytes (1,024 terabytes), or exabytes (1,024 petabytes).
C
cache A special memory subsystem or part of RAM in which frequently used data values are duplicated for quick access. A memory cache stores the contents of frequently accessed RAM locations and the addresses where these data items are stored. When the processor references an address in memory, the cache checks to See whether it holds that address. If it does hold the address, the data is returned to the processor; if it doesn't, regular memory access occurs. A cache is useful when RAM accesses are slow as compared to the microprocessor speed.
callback A Windows 2000 feature that you can set to cause the remote server to disconnect and call back the client attempting to access the remote server. This reduces the client's phone bill by having the call charged to the remote server's phone number. The callback feature can also improve security by calling back the phone number that you specified.
central processing unit (CPU) The computational and control unit of a computer, the device that interprets and carries out instructions. Single-chip CPUs, called microprocessors, made personal computers possible. Examples include the 80286, 80386, 80486, and Pentium processors.
client A computer that accesses shared network resources provided by another computer, called a server.
client/server A network architecture designed around the concept of distributed processing in which a task is divided between a back end (server), which stores and distributes data, and a front end (client), which requests specific data from the server.
codec (compressor/decompressor) A compression/decompression technology for digital video and stereo audio.
companion virus A virus that uses the name of a real program but has a different file extension from that of the program. The virus is activated when its companion program is opened. The companion virus uses a .COM file extension, which overrides the .EXE file extension and activates the virus.
compression state The state of each file and folder on an NTFS volume. the compression state that can be either compressed or uncompressed.
CPU See central processing unit (CPU).
D
database management system (DBMS) A layer of software between the physical database and the user. The DBMS manages all requests for database action from the user, including keeping track of the physical details of file locations and formats, indexing schemes, and so on. In addition, a DBMS permits centralized control of security and data integrity requirements.
data encryption See encryption.
data encryption standard (DES) A commonly used, highly sophisticated algorithm developed by the U.S. National Bureau of Standards for encrypting and decoding data. See also encryption.
data frames Logical, structured packages in which data can be placed. Data being transmitted is segmented into small units and combined with control information such as message-start and message-end indicators. Each package of information is transmitted as a single unit, called a frame. The data-link layer packages raw bits from the physical layer into data frames. The exact format of the frame used by the network depends on the topology. See also frame.
data-link layer The second layer in the OSI reference model. This layer packages raw bits from the physical layer into data frames. See also Open Systems Interconnection (OSI) reference model.
data stream An undifferentiated, byte-by-byte flow of data.
DBMS See database management system (DBMS).
defragmenting The process of finding and consolidating fragmented files and folders. Defragmenting involves moving the pieces of each file or folder to one location so that each file or folder occupies a single, contiguous space on the hard disk. The system can then gain access to files and folders and save them more efficiently.
DES See data encryption standard (DES).
device A generic term for a computer subsystem. Printers, serial ports, and disk drives are referred to as devices.
DHCP See Dynamic Host Configuration Protocol (DHCP).
digital A system that encodes information numerically, such as 0 and 1, in a binary context. Computers use digital encoding to process data. A digital signal is a discrete binary state, either on or off.
digital line A communication line that carries information only in binary-encoded (digital) form. To minimize distortion and noise interference, a digital line uses repeaters to regenerate the signal periodically during transmission.
digital video disc (DVD) Also known as a digital versatile disc, an optical storage medium with higher capacity and bandwidth than a compact disc. A DVD can hold a full-length film with up to 133 minutes of high-quality video, in MPEG-2 format, and audio.
direct memory access (DMA) Memory access that doesn't involve the microprocessor, frequently employed for data transfer directly between memory and an "intelligent" peripheral device such as a disk drive.
direct memory access (DMA) channel A channel for direct memory access that doesn't involve the microprocessor, providing data transfer directly between memory and a disk drive.
Directory A storage space for information about network resources, as well as all the services that make the information available and useful. The resources stored in the Directory, such as user data, printers, servers, databases, groups, computers, and security policies, are known as objects. The Directory is part of Active Directory directory services.
directory service A network service that identifies all resources on a network and makes them accessible to users and applications.
disk duplexing See disk mirroring; fault tolerance.
disk duplicating See disk mirroring.
diskless computers Computers that have neither a floppy disk nor a hard disk. Diskless computers depend on special ROM to provide users with an interface through which they can log on to the network.
disk mirroring A technique, also known as disk duplicating, in which all or part of a hard disk is duplicated onto one or more hard disks, each of which ideally is attached to its own controller. With disk mirroring, any change made to the original disk is simultaneously made to the other disk or disks. Disk mirroring is used in situations in which a backup copy of current data must be maintained at all times. See also disk striping; fault tolerance.
disk striping A technique that divides data into 64 K blocks and spreads it equally in a fixed rate and order among all disks in an array. However, disk striping doesn't provide any fault tolerance because there is no data redundancy. If any partition in the set fails, all data is lost. See also disk mirroring; fault tolerance.
distribution server A server that stores the distribution folder structure, which contains the files needed to install a product—for example, Windows 2000.
DMA See direct memory access (DMA).
DMA channel See direct memory access (DMA) channel.
DNS See Domain Name System (DNS).
domain For Microsoft networking, a collection of computers and users that share a common database and security policy that are stored on a computer running Windows 2000 Server and configured as a domain controller. Each domain has a unique name. See also workgroup.
domain controller For Microsoft networking, the Windows 2000 Server-based computer that authenticates domain logons and maintains the security policy and master database for a domain.
domain name space The naming scheme that provides the hierarchical structure for the DNS database.
Domain Name System (DNS) A general-purpose, distributed, replicated data-query service used primarily on the Internet for translating host names into Internet addresses.
downtime The amount of time a computer system or associated hardware remains nonfunctional. Although downtime can occur because hardware fails unexpectedly, it can also be a scheduled event, such as when a network is shut down to allow time for maintaining the system, changing hardware, or archiving files.
driver A software component that permits a computer system to communicate with a device. For example, a printer driver is a device driver that translates computer data into a form understood by the target printer. In most cases, the driver also manipulates the hardware to transmit the data to the device.
dual in-line package (DIP) switch One or more small rocker or sliding switches that can be set to one of two states—closed or open—to control options on a circuit board.
DVD See digital video disc (DVD).
Dynamic Host Configuration Protocol (DHCP) A protocol for automatic TCP/IP configuration that provides static and dynamic address allocation and management. See also Transport Control Protocol/Internet Protocol (TCP/IP).
E
EAP See Extensible Authentication Protocol (EAP).
EBCDIC See Extended Binary Coded Decimal Interchange Code (EBCDIC).
effective permissions The sum of the NTFS permissions assigned to the user account and to all of the groups to which the user belongs. If a user has Read permission for a folder and is a member of a group with Write permission for the same folder, then the user has both Read and Write permission for the folder.
EISA See Extended Industry Standard Architecture (EISA).
encryption The process of making information indecipherable to protect it from unauthorized viewing or use, especially during transmission or when the data is stored on a transportable magnetic medium. A key is required to decode the information. See also data encryption standard (DES).
Enhanced Small Device Interface (ESDI) A standard that can be used with high-capacity hard disks and tape drives to enable high-speed communication with a computer. ESDI drivers typically transfer data at about 10 Mbps.
ESDI See Enhanced Small Device Interface (ESDI).
event An action or occurrence to which a program might respond. Examples of events are mouse clicks, key presses, and mouse movements. Also, any significant occurrence in the system or in a program that requires users to be notified or an entry to be added to a log.
exabyte See byte.
Extended Binary Coded Decimal Interchange Code (EBCDIC) A coding scheme developed by IBM for use with IBM mainframes and PCs as a standard method of assigning binary (numeric) values to alphabetic, numeric, punctuation, and transmission-control characters.
Extended Industry Standard Architecture (EISA) A 32-bit bus design for x86-based computers introduced in 1988. EISA was specified by an industry consortium of nine computer-industry companies (AST Research, Compaq, Epson, Hewlett-Packard, NEC, Olivetti, Tandy, Wyse, and Zenith). An EISA device uses cards that are upwardly compatible from ISA. See also Industry Standard Architecture (ISA).
Extensible Authentication Protocol (EAP) An extension to the Point-to-Point Protocol (PPP) that works with Dial-Up, PPTP, and L2TP clients. EAP allows for an arbitrary authentication mechanism to validate a dial-in connection. The exact authentication method to be used is negotiated by the dial-in client and the remote access server.
F
fault tolerance The ability of a computer or an operating system to respond to an event such as a power outage or a hardware failure in such a way that no data is lost and any work in progress is not corrupted.
Fiber Distributed Data Interface (FDDI) A standard developed by ANSI for high-speed, fiber-optic local area networks. FDDI provides specifications for transmission rates of 100 Mbps on networks based on the Token Ring standard.
file infector A type of virus that attaches itself to a file or program and activates any time the file is used. Many subcategories of file infectors exist. See also companion virus; macro virus; polymorphic virus; stealth virus.
File Transfer Protocol (FTP) A process that provides file transfers between local and remote computers. FTP supports several commands that allow bidirectional transfer of binary and ASCII files between computers. The FTP client is installed with the TCP/IP connectivity utilities. See also American Standard Code for Information Interchange (ASCII), Transport Control Protocol/Internet Protocol (TCP/IP).
firewall A security system, usually a combination of hardware and software, intended to protect a network against external threats coming from another network, including the Internet. Firewalls prevent an organization's networked computers from communicating directly with computers that are external to the network, and vice versa. Instead, all incoming and outgoing communication is routed through a proxy server outside the organization's network. Firewalls also audit network activity, recording the volume of traffic and information about unauthorized attempts to gain access. See also proxy server.
firmware Software routines stored in ROM. Unlike RAM, ROM stays intact even in the absence of electrical power. Startup routines and low-level I/O instructions are stored in firmware.
flow control The regulation of the flow of data through routers to ensure that no segment becomes overloaded with transmissions.
forest A grouping or hierarchical arrangement of one or more domain trees that form a disjointed namespace.
frame A package of information transmitted on a network as a single unit. Frame is a term most often used with Ethernet networks. A frame is similar to the packet used in other networks. See also data frames; packet.
frame preamble Header information, added to the beginning of a data frame in the physical layer of the OSI reference model.
frame relay An advanced, fast-packet, variable-length digital packet-switching technology. It is a point-to-point system that uses a private virtual circuit (PVC) to transmit variable-length frames at the data-link layer of the OSI reference model. Frame relay networks can also provide subscribers with bandwidth, as needed, that allows users to make nearly any type of transmission.
front end In a client/server application, refers to the part of the program carried out on the client computer.
FTP See File Transfer Protocol (FTP).
full-duplex transmission Communication that takes place simultaneously, in both directions. Also called duplex transmission. See also half-duplex transmission.
G
gateway A device used to connect networks using different protocols so that information can be passed from one system to the other. Gateways functions at the network layer of the OSI reference model.
Gb See gigabit.
GB See gigabyte.
gigabit A unit of measure that equals 1,073,741,824 bits. Also referred to as 1 billion bits.
gigabyte A unit of measure that commonly refers to 1 thousand megabytes. However, the precise meaning often varies with the context. A gigabyte is 1 billion bytes. In the context of computing, bytes are often expressed in multiples of powers of 2. Therefore, a gigabyte can also be either 1,000 megabytes or 1,024 megabytes, where a megabyte is considered to be 1,048,576 bytes (2 raised to the 20th power).
global catalog A service and a physical storage location that contains a replica of selected attributes for every object in Active Directory directory services.
global group One type of group account used by Microsoft Windows 2000. Used across an entire domain, global groups are created on domain controllers in the domain in which the user accounts reside. Global groups can contain user accounts only from the domain in which the global group is created. Members of global groups obtain resource permissions when the global group is added to a local group. See also group.
group In networking, an account containing other accounts that are called members. The permissions and rights granted to a group are also provided to its members; thus, groups offer a convenient way to grant common capabilities to collections of user accounts. For Windows 2000, groups are managed with the Computer Management snap-in. For Windows 2000 Server, groups are managed with the Active Directory Users and Computers snap-in.
H
half-duplex transmission Communication that takes place in either direction, but not both directions at the same time. See also full-duplex transmission.
handshaking A term applied to modem-to- modem communication. Refers to the process by which information is transmitted between the sending and receiving devices to maintain and coordinate data flow between them. Proper handshaking ensures that the receiving device will be ready to accept data before the sending device transmits.
hard disk One or more inflexible platters coated with material that allows the magnetic recording of computer data. A typical hard disk rotates at up to 7,200 revolutions per minute (RPM), and the read/write heads ride over the surface of the disk on a cushion of air 10 to 25 millionths of an inch deep. A hard disk is sealed to prevent contaminants from interfering with the close head-to-disk tolerances. Hard disks provide faster access to data than floppy disks and are capable of storing much more information. Because platters are rigid, they can be stacked so that one hard-disk drive can access more than one platter. Most hard disks have between two and eight platters.
hardware The physical components of a computer system, including any peripheral equipment such as printers, modems, and mouse devices.
hardware compatibility list (HCL) A list of computers and peripherals that have been tested and have passed compatibility testing with the product for which the HCL is being developed. For example, the Windows 2000 HCL lists the products that have been tested and found to be compatible with Windows 2000.
hardware loopback A connector on a computer that is useful for troubleshooting hardware problems, allowing data to be transmitted to a line and then returned as received data. If the transmitted data doesn't return, the hardware loopback detects a hardware malfunction.
HCL See hardware compatibility list (HCL).
HDLC See High-Level Data Link Control (HDLC).
header In network data transmission, one of the three sections of a packet component. It includes an alert signal to indicate that the packet is being transmitted, the source address, the destination address, and clock information to synchronize transmission.
hertz (Hz) The unit of frequency measurement. Frequency measures how often a periodic event occurs, such as the manner in which a wave's amplitude changes with time. One hertz equals one cycle per second. Frequency is often measured in kilohertz (KHz, 1000 Hz), megahertz (MHz), gigahertz (GHz, 1000 MHz), or terahertz (THz, 10,000 GHz).
High-Level Data Link Control (HDLC) A widely accepted international protocol developed by the International Organization for Standardization (ISO) that governs information transfer. HDLC is a bit-oriented, synchronous protocol that applies to the data-link (message packaging) layer of the OSI reference model. Under the HDLC protocol, data is transmitted in frames, each of which can contain a variable amount of data, but which must be organized in a particular way. See also data frames; frame.
host See server.
hot fixing See sector sparing.
HTML See Hypertext Markup Language (HTML).
Hypertext Markup Language (HTML) A language developed for writing pages for the World Wide Web. HTML allows text to include codes that define fonts, layout, embedded graphics, and hypertext links. Hypertext provides a method for presenting text, images, sound, and videos that are linked together in a nonsequential web of associations.
Hypertext Transport Protocol (HTTP) The method by which World Wide Web pages are transferred over the network.
I
ICM See Image Color Management (ICM) 2.
ICMP See Internet Control Message Protocol (ICMP).
IDE See Integrated Device Electronics (IDE).
IEEE See Institute of Electrical and Electronics Engineers (IEEE).
IEEE Project 802 A networking model developed by the IEEE and named for the year and month it began (February 1980). Project 802 defines LAN standards for the physical and data-link layers of the OSI reference model. Project 802 divides the data-link layer into two sublayers: media access control (MAC) and logical link control (LLC).
Image Color Management (ICM) 2 An operating system API that helps ensure that the colors you see on your monitor match those on your scanner and printer.
Industry Standard Architecture (ISA) An unofficial designation for the bus design of the IBM Personal Computer (PC) PC/XT. It allows various adapters to be added to the system by inserting plug-in cards into expansion slots. Commonly, ISA refers to the expansion slots themselves; such slots are called 8-bit slots or 16-bit slots. See also Extended Industry Standard Architecture (EISA); Micro Channel Architecture.
infrared transmission Electromagnetic radiation with frequencies in the electromagnetic spectrum in the range just below that of visible red light. In network communications, infrared technology offers extremely high transmission rates and wide bandwidth in line-of-sight communications.
Institute of Electrical and Electronics Engineers (IEEE) An organization of engineering and electronics professionals, noted in networking for developing the IEEE 802.x standards for the physical and data-link layers of the OSI reference model, applied in a variety of network configurations.
Integrated Device Electronics (IDE) A type of disk-drive interface in which the controller electronics reside on the drive itself, eliminating the need for a separate network interface card. The IDE interface is compatible with the Western Digital ST-506 controller.
Integrated Services Digital Network (ISDN) A worldwide digital communication network that evolved from existing telephone services. The goal of the ISDN is to replace current telephone lines, which require digital-to-analog conversions, with completely digital switching and transmission facilities capable of carrying data ranging from voice to computer transmissions, music, and video. The ISDN is built on two main types of communications channels: B channels, that carry voice, data, or images at a rate of 64 Kbps (kilobits per second), and a D channel, that carries control information, signaling, and link-management data at 16 Kbps. Standard ISDN Basic Rate desktop service is called 2B+D. Computers and other devices connect to ISDN lines through simple standardized interfaces.
interfaces Boundaries that separate the layers from each other. For example, in the OSI reference model, each layer provides some service or action that prepares the data for delivery over the network to another computer.
International Organization for Standardization (ISO) An organization made up of standards- setting groups from various countries. For example, the United States member is the American National Standards Institute (ANSI). The ISO works to establish global standards for communications and information exchange. Primary among its accomplishments is development of the widely accepted OSI reference model. Note that the ISO is often wrongly identified as the International Standards Organization, probably because of the abbreviation ISO; however, ISO is derived from isos, which means equal in Greek, rather than an acronym.
Internet Control Message Protocol (ICMP) A protocol used by IP and higher-level protocols to send and receive status reports about information being transmitted.
Internet Protocol (IP) The TCP/IP protocol for packet forwarding. See also Transport Control Protocol/Internet Protocol (TCP/IP).
Internet Protocol Security (IPSec) A framework of open standards for ensuring secure private communications over IP networks by using cryptographic security services.
Internetworking The intercommunication in a network that is made up of smaller networks.
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) A protocol stack that is used in Novell networks. IPX is the NetWare protocol for packet forwarding and routing. It is a relatively small and fast protocol on a LAN, is a derivative of Xerox Network System (XNS), and supports routing. SPX is a connection-oriented protocol used to guarantee the delivery of the data being sent. NWLink is the Microsoft implementation of the IPX/SPX protocol.
Interoperability The ability of components in one system to work with components in other systems.
interrupt request (IRQ) An electronic signal sent to a computer's CPU to indicate that an event has taken place that requires the processor's attention.
IP See Internet Protocol (IP). See also Transport Control Protocol/Internet Protocol (TCP/IP).
ipconfig A diagnostic command that displays all current TCP/IP network configuration values. It is of particular use on systems running DHCP because it allows users to determine which TCP/IP configuration values have been configured by the DHCP server. See also winipcfg.
IPSec See Internet Protocol Security (IPSec).
IPX/SPX See Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/SPX).
IRQ See interrupt request (IRQ).
ISA See Industry Standard Architecture (ISA).
ISDN See Integrated Services Digital Network (ISDN).
ISO See International Organization for Standardization (ISO).
J
jumper A small plastic-and-metal plug or wire for connecting different points in an electronic circuit. Jumpers are used to select a particular circuit or option from several possible configurations. You can use jumpers on network interface cards to select the type of connection through which the card will transmit, either DIX or BNC.
K
Kevlar A brand name of the DuPont Corporation for the fibers in the reinforcing layer of plastic that surrounds each glass strand of a fiber-optic connector. The name is sometimes used generically.
key In database management, an identifier for a record or group of records in a data file. Most often, the key is defined as the contents of a single field, called the key field in some database management programs and the index field in others. Keys are maintained in tables and are indexed to speed record retrieval. Keys also refer to code that deciphers encrypted data.
kilo (K) A measurement that refers to 1,000 in the metric system. In computing terminology, because computing is based on powers of 2, kilo is most often used to mean 1,024 (2 raised to the 10th power). To distinguish between the two contexts, a lowercase k is often used to indicate 1,000 and an uppercase K is used for 1,024. A kilobyte is 1,024 bytes.
kilobit (Kbit) A measurement that equals 1,024 bits. See also bit; kilo (K).
kilobyte (KB) A measurement that refers to 1,024 bytes. See also byte; kilo (K).
L
L2TP See Layer-Two Tunneling Protocol (L2TP).
LAN See local area network (LAN).
LAN requester See requester (LAN requester).
laser transmission A wireless network that uses a laser beam to carry data between devices.
LAT See local area transport (LAT).
layering The coordination of various protocols in a specific architecture that allows the protocols to work together to ensure that the data is prepared, transferred, received, and acted upon as intended.
Layer-Two Tunneling Protocol (L2TP) A protocol whose primary purpose is to create an encrypted tunnel through an untrusted network. L2TP is similar to PPTP in that it provides tunneling, but it doesn't provide encryption. L2TP provides a secure tunnel by cooperating with other encryption technologies such as IPSec. L2TP functions with IPSec to provide a secure virtual private network solution.
link The communication system that connects two LANs. Equipment that provides the link, including bridges, routers, and gateways.
local area network (LAN) Computers connected in a geographically confined network, such as in the same building, campus, or office park.
local area transport (LAT) A nonroutable protocol from Digital Equipment Corporation.
local group One type of group account used by Microsoft Windows 2000. Implemented in each local computer's account database, local groups contain user accounts and other global groups that need to have access, rights, and permissions assigned to a resource on a local computer. Local groups can't contain other local groups.
local user The user at the computer.
logical link control (LLC) sublayer One of two sublayers created by the IEEE Project 802 out of the data-link layer of the OSI reference model. The LLC is the upper sublayer that manages data-link communication and defines the use of logical interface points, called service access points (SAPs), used by computers to transfer information from the LLC sublayer to the upper OSI layers. See also media access control (MAC) sublayer; service access point (SAP).
M
macro virus A file-infector virus named because it is written as a macro for a specific application. Macro viruses are difficult to detect and they are becoming more common, often infecting widely used applications, such as word-processing programs. When an infected file is opened, the virus attaches itself to the application and then infects any files accessed by that application. See also file infector.
Mb See megabit (Mb).
MB See megabyte (MB).
Mbps See millions of bits per second (Mbps).
media The cable or wire that connects the vast majority of LANs today, which acts as the LAN transmission medium and carries data between computers.
media access control (MAC) driver The device driver located at the media access control sublayer of the OSI reference model. This driver is also known as the NIC driver. It provides low-level access to NICs by providing data-transmission support and some basic NIC management functions. These drivers also pass data from the physical layer to transport protocols at the network and transport layers.
media access control (MAC) sublayer One of two sublayers created by the IEEE Project 802 out of the data-link layer of the OSI reference model. The MAC sublayer communicates directly with the network interface card and is responsible for delivering error-free data between two computers on the network. See also logical link control (LLC) sublayer.
megabit (Mb) A measurement that is usually 1,048,576 bits; sometimes interpreted as 1 million bits. See also bit.
megabyte (MB) A measurement that is usually 1,048,576 bytes (2 raised to the 20th power); sometimes interpreted as 1 million bytes. See also byte.
Micro Channel Architecture The design of the bus in IBM PS/2 computers (except models 25 and 30). The Micro Channel is electrically and physically incompatible with the IBM PC/AT bus. Unlike the PC/AT bus, the Micro Channel functions as either a 16-bit or 32-bit bus. The Micro Channel can also be driven independently by multiple bus master processors. See also Extended Industry Standard Architecture (EISA); Industry Standard Architecture (ISA).
Microcom Network Protocol (MNP) The standard for asynchronous data-error control developed by Microcom Systems. The method works so well that other companies have adopted not only the initial version of the protocol, but later versions as well. Currently, several modem vendors incorporate MNP Classes 2, 3, 4, and 5.
Microsoft Technical Information Network (TechNet) A network that provides informational support for all aspects of networking, with an emphasis on Microsoft products.
millions of bits per second (Mbps) The unit of measurement of supported transmission rates on the following physical media: coaxial cable, twisted-pair cable, and fiber-optic cable. See also bit.
MNP See Microcom Network Protocol (MNP).
mobile computing A technique that incorporates wireless adapters using cellular telephone technology to connect portable computers with the cabled network.
modem A communication device that enables a computer to transmit information over a standard telephone line. Because a computer is digital, it works with discrete electrical signals representing binary 1 and binary 0. A telephone is analog and carries a signal that can have many variations. Modems are needed to convert digital signals to analog and back. When transmitting, modems impose (modulate) a computer's digital signals onto a continuous carrier frequency on the telephone line. When receiving, modems sift out (demodulate) the information from the carrier and transfer it in digital form to the computer.
multitasking A mode of operation offered by an operating system in which a computer works on more than one task at a time. The two primary types of multitasking are preemptive and nonpreemptive. In preemptive multitasking, the operating system can take control of the processor without the task's cooperation. In nonpreemptive multitasking, the processor is never taken from a task. The task itself decides when to give up the processor. A true multitasking operating system can run as many tasks as it has processors. When there are more tasks than processors, the computer must "time slice" so that the available processors devote a certain amount of time to one task and then move on to the next task, alternating between tasks until all the tasks are completed.
N
Name Binding Protocol (NBP) An Apple protocol responsible for keeping track of entities on the network and matching names with Internet addresses. It works at the transport layer of the OSI reference model.
namespace Any bounded area in which a name can be resolved. Name resolution is the process of translating a name into some object or information that the name represents. The Active Directory namespace is based on the DNS naming scheme, which allows for interoperability with Internet technologies.
NBP See Name Binding Protocol (NBP).
nbtstat A diagnostic command that displays protocol statistics and current TCP/IP connections using NetBIOS over TCP/IP (NetBT). This command is available only if the TCP/IP protocol has been installed. See also netstat.
NDIS See Network Driver Interface Specification (NDIS).
NetBIOS Enhanced User Interface (NetBEUI) A protocol supplied with all Microsoft network products. NetBEUI advantages include small stack size (important for MS-DOS-based computers), speed of data transfer on the network medium, and compatibility with all Microsoft-based networks. The major drawback of NetBEUI is that it is a LAN transport protocol and therefore does not support routing. It is also limited to Microsoft-based networks.
netstat A diagnostic command that displays protocol statistics and current TCP/IP network connections. This command is available only if the TCP/IP protocol has been installed. See also nbtstat.
NetWare Core Protocol (NCP) A protocol that defines the connection control and service- request encoding that make it possible for clients and servers to interact. This is the protocol that provides transport and session services. NetWare security is also provided within this protocol.
network In the context of computers, a system in which a number of independent computers are linked together to share data and peripherals, such as hard disks and printers.
network adapter card See network interface card (NIC).
network basic input/output system (NetBIOS) An application programming interface (API) that can be used by application programs on a LAN consisting of IBM-compatible microcomputers running MS-DOS, OS/2, or some version of UNIX. Primarily of interest to programmers, NetBIOS provides application programs with a uniform set of commands for requesting the lower-level network services required to conduct sessions between nodes on a network and transmit information between them.
Network Driver Interface Specification (NDIS) A standard that defines an interface for communication between the media access control (MAC) sublayer and protocol drivers. NDIS allows for a flexible environment of data exchange. It defines the software interface, called the NDIS interface, which is used by protocol drivers to communicate with the network interface card. The advantage of NDIS is that it offers protocol multiplexing so that multiple protocol stacks can be used at the same time. See also Open Data-Link Interface (ODI).
network interface card (NIC) An expansion card installed in each computer and server on the network. The NIC acts as the physical interface or connection between the computer and the network cable.
network layer The third layer in the OSI reference model. This layer is responsible for addressing messages and translating logical addresses and names into physical addresses. This layer also determines the route from the source to the destination computer. It determines which path the data should take based on network conditions, priority of service, and other factors. It also manages traffic problems such as switching, routing, and controlling the congestion of data packets on the network. See also Open Systems Interconnection (OSI) reference model.
network monitors Monitors that track all or a selected part of network traffic. They examine frame-level packets and gather information about packet types, errors, and packet traffic to and from each computer.
NIC See network interface card (NIC).
node On a LAN, a device that is connected to the network and is capable of communicating with other network devices. For example, clients, servers, and repeaters are called nodes.
nonpreemptive multitasking A form of multitasking in which the processor is never taken from a task. The task itself decides when to give up the processor. Programs written for nonpreemptive multitasking systems must include provisions for yielding control of the processor. No other program can run until the nonpreemptive program gives up control of the processor. See also multitasking; preemptive multitasking.
Novell NetWare One of the leading network architectures.
O
Object A distinct, named set of attributes that represent a network resource. Object attributes are characteristics of objects in the Directory. For example, the attributes of a user account might include the user's first and last names, department, and e-mail address.
ODI See Open Data-Link Interface (ODI).
ohm The unit of measurement for electrical resistance. A resistance of 1 ohm will pass 1 ampere of current when a voltage of 1 volt is applied. A 100-watt incandescent bulb has a resistance of approximately 130 ohms.
Open Data-Link Interface (ODI) A specification defined by Novell and Apple to simplify driver development and to provide support for multiple protocols on a single network interface card. Similar to NDIS in many respects, ODI allows Novell NetWare drivers to be written without concern for the protocol that will be used on top of them.
Open Shortest Path First (OSPF) A routing protocol for IP networks, such as the Internet, that allows a router to calculate the shortest path to each node for sending messages.
Open Systems Interconnection (OSI) reference model A seven-layer architecture that standardizes levels of service and types of interaction for computers exchanging information through a network. It is used to describe the flow of data between the physical connection to the network and the end-user application. This model is the best-known and most widely used model for describing networking environments. Following is the OSI seven-layer focus from highest to lowest level:
7. application layer. Program-to-program transfer of information
6. presentation layer. Text formatting and display-code conversion
5. session layer. Establishing, maintaining, and coordinating communication
4. transport layer. Accurate delivery and service quality
3. network layer. Transport routes, message handling, and transfer
2. data-link layer. Coding, addressing, and transmitting information
1. physical layer. Hardware connections
organizational unit (OU) A container that you use to organize objects within a domain into logical administrative groups. An OU can contain objects such as user accounts, groups, computers, printers, applications, file shares, and so on.
OSI See Open Systems Interconnection (OSI) reference model.
OSPF See Open Shortest Path First (OSPF).
P
packet A unit of information transmitted as a whole from one device to another on a network. In packet-switching networks, a packet is defined more specifically as a transmission unit of fixed maximum size that consists of binary digits representing data; a header containing an identification number, source, and destination addresses; and sometimes error-control data. See also frame.
packet assembler/disassembler (PAD) A device that breaks large chunks of data into packets, usually for transmissions over an X.25 network, and reassembles them at the other end. See also packet switching.
Packet Internet Groper (ping) A simple utility that tests whether a network connection is complete, from the server to the workstation, by sending a message to the remote computer. If the remote computer receives the message, it responds with a reply message. The reply consists of the remote workstation's IP address, the number of bytes in the message, how long it took to reply-given in milliseconds (ms)-and the length of Time to Live (TTL) in seconds. Ping works at the IP level and will often respond even when higher level TCP-based services cannot.
packet switching A message delivery technique in which small units of information (packets) are relayed through stations in a computer network along the best route available between the source and the destination. Data is broken into smaller units and then repacked in a process called packet assembler/disassembler (PAD). Although each packet can travel along a different path, and the packets composing a message can arrive at different times or out of sequence, the receiving computer reassembles the original message. Packet-switching networks are considered fast and efficient. Standards for packet switching on networks are documented in the CCITT recommendation X.25.
PAD See packet assembler/disassembler (PAD).
page-description language (PDL) A language that communicates to a printer how printed output should appear. The printer uses the PDL to construct text and graphics to create the page image. PDLs are like blueprints in that they set parameters and features such as type sizes and fonts, but they leave the drawing to the printer.
paging file A special file on one or more of the hard disks of a computer running Windows 2000. Windows 2000 uses virtual memory to store some of the program code and other information in RAM and to temporarily store some of the program code and other information on the computer's hard disks. This increases the amount of available memory on the computer.
parity An error-checking procedure in which the number of 1s must always be the same—either odd or even—for each group of bits transmitted without error. Parity is used for checking data transferred within a computer or between computers.
partition A portion of a physical disk that functions as if it were a physically separate unit.
password-protected share The access to a shared resource that is granted when a user enters the appropriate password.
PDA See personal digital assistant (PDA).
PDL See page-description language (PDL).
PDN See public data network (PDN).
peer-to-peer network A network that has no dedicated servers or hierarchy among the computers. All computers are equal and, therefore, known as peers. Generally, each computer functions as both client and server.
peripheral A term used for devices such as disk drives, printers, modems, mouse devices, and joysticks that are connected to a computer and controlled by its microprocessor.
Peripheral Component Interconnect (PCI) A 32-bit local bus used in most Pentium computers and in the Apple Power Macintosh that meets most of the requirements for providing Plug and Play functionality.
permanent virtual circuit (PVC) A permanent logical connection between two nodes on a packet-switching network; similar to leased lines that are permanent and virtual, except that with PVC, the customer pays for only the time the line is used. This type of connection service is gaining importance because both frame relay and ATM use it. See also packet switching; virtual circuit.
permissions See access permissions.
personal digital assistant (PDA) A type of handheld computer that provides functions including personal organization features—like a calendar, note taking, database manipulation, calculator, and communications. For communication, a PDA uses cellular or wireless technology that is often built into the system but that can be supplemented or enhanced by means of a PC Card.
petabyte See byte.
phase change rewritable (PCR) A type of rewritable optical technology in which the optical devices come from one manufacturer (Matsushita/Panasonic) and the media comes from two (Panasonic and Plasmon).
physical layer The first (bottommost) layer of the OSI reference model. This layer addresses the transmission of the unstructured raw bit stream over a physical medium (the networking cable). The physical layer relates the electrical/optical, mechanical, and functional interfaces to the cable and also carries the signals that transmit data generated by all of the higher OSI layers. See also Open Systems Interconnection (OSI) reference model.
ping See Packet Internet Groper (ping).
Plug and Play (PnP) A capability that enables a computer system to automatically configure a device added to it. Plug and Play capability exists in Macintoshes based on the NuBus and, since Windows 95, on PC-compatible computers. Also refers to specifications developed by Intel and Microsoft that allow a PC to configure itself automatically to work with peripherals such as monitors, modems, and printers.
point-to-point configuration Dedicated circuits that are also known as private, or leased, lines. They are the most popular WAN communication circuits in use today. The carrier guarantees full-duplex bandwidth by setting up a permanent link from each endpoint, using bridges and routers to connect LANs through the circuits. See also Point-to-Point Protocol (PPP); Point-to-Point Tunneling Protocol (PPTP).
Point-to-Point Protocol (PPP) A data-link protocol for transmitting TCP/IP packets over dial-up telephone connections, such as between a computer and the Internet. PPP was developed by the Internet Engineering Task Force in 1991.
Point-to-Point Tunneling Protocol (PPTP) An extension of the Point-to-Point Protocol that is used for communications on the Internet. Microsoft developed PPTP to support virtual private networks (VPNs), which allow individuals and organizations to use the Internet as a secure means of communication. PPTP supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection. See also virtual private network (VPN).
polymorphic virus A variant of a file-infector virus that is named for the fact that it changes its appearance each time it is replicated. This makes it difficult to detect because no two versions of the virus are exactly the same. See also file infector.
polyvinyl chloride (PVC) The material most commonly used for insulating and jacketing cable.
preemptive multitasking A form of multitasking (the ability of a computer's operating system to work on more than one task at a time). With preemptive multitasking—as opposed to nonpreemptive multitasking—the operating system can take control of the processor without the task's cooperation. See also nonpreemptive multitasking.
presentation layer The sixth layer of the OSI reference model. This layer determines the form used to exchange data between networked computers. At the sending computer, this layer translates data from a format sent down from the application layer into a commonly recognized, intermediary format. At the receiving end, this layer translates the intermediary format into a format useful to that computer's application layer. The presentation layer manages network security issues by providing services such as data encryption, provides rules for data transfer, and performs data compression to reduce the number of bits that need to be transmitted. See also Open Systems Interconnection (OSI) reference model.
print device The hardware device that produces printed documents.
print queue A buffer in which a print job is held until the printer is ready to print it.
print server The computer on which the printers that are associated with local and network- interface print devices reside. The print server receives and processes documents from client computers. You set up and share network printers on print servers.
printer The software interface between the operating system and the print device. The printer defines where a document will go to reach the print device, when it will go, and how various other aspects of the printing process will be handled.
printer driver One or more files containing information that Windows 2000 requires to convert print commands into a specific printer language, such as PostScript. A printer driver is specific to each print device model.
printer pool A printer that is connected to multiple print devices through multiple ports on a print server. The print server can be local or network-interface print devices. Print devices should be identical; however, you can use print devices that are not identical but use the same printer driver.
printer port The software interface through which a computer communicates with a print device by means of a locally attached interface. These supported interfaces include LPT, COM, USB, and network-attached devices such as the HP JetDirect and Intel NetPort.
Private Branch Exchange (PBX) or Private Auto-mated Branch Exchange (PABX) A switching telephone network that allows callers within an organization to place intraorganizational calls without going through the public telephone system.
protocol The system of rules and procedures that govern communication between two or more devices. Many varieties of protocols exist, and not all are compatible, but as long as two devices are using the same protocol, they can exchange data. Protocols exist within protocols, as well, governing different aspects of communication. Some protocols, such as the RS-232 standard, affect hardware connections. Other standards govern data transmission, including the parameters and handshaking signals such as XON/OFF used in asynchronous (typically, modem) communications, as well as such data-coding methods as bit- and byte-oriented protocols. Still other protocols, such as the widely used Xmodem, govern file transfer, and others, such as CSMA/CD, define the methods by which messages are passed around the stations on a LAN. Protocols represent attempts to ease the complex process of enabling computers of different makes and models to communicate. Additional examples of protocols include the OSI model, IBM's SNA, and the Internet suite, including TCP/IP. See also Systems Network Architecture (SNA); Transport Control Protocol/Internet Protocol (TCP/IP).
protocol driver The driver responsible for offering four or five basic services to other layers in the network, while "hiding" the details of how the services are actually implemented. Services performed include session management, datagram service, data segmentation and sequencing, acknowledgment, and possibly routing across a WAN.
protocol stack A layered set of protocols that work together to provide a set of network functions.
proxy server A firewall component that manages Internet traffic to and from a local area network (LAN). The proxy server decides whether it is safe to let a particular message or file pass through to the organization's network, providing access control to the network, and filters and discards requests as specified by the owner, including requests for unauthorized access to proprietary data. See also firewall.
public data network (PDN) A commercial packet-switching or circuit-switching WAN service provided by local and long-distance telephone carriers.
PVC See permanent virtual circuit (PVC).
R
RADIUS See Remote Authentication Dial-In User Service.
RAID See redundant array of independent disks (RAID).
random access memory (RAM) Semiconductor-based memory that can be read and written to by the microprocessor or other hardware devices. The storage locations can be accessed in any order. Note that the various types of ROM memory are also capable of random access. However, the term RAM is generally understood to refer to volatile memory, which can be written as well as read. See also read-only memory (ROM).
read-only memory (ROM) Semiconductor-based memory that contains instructions or data that can be read but not modified. See also random access memory (RAM).
redirector Networking software that accepts I/O requests for remote files, named pipes, or mail slots and sends (redirects) the requests to a network service on another computer.
reduced instruction set computing (RISC) A type of microprocessor design that focuses on rapid and efficient processing of a relatively small set of instructions. RISC design is based on the premise that most of the instructions that a computer decodes and executes are simple. As a result, RISC architecture limits the number of instructions that are built into the microprocessor but optimizes each so it can be carried out rapidly, usually within a single clock cycle. RISC chips execute simple instructions faster than microprocessors designed to handle a much wider array of instructions. However, they are slower than general-purpose complex instruction set computing (CISC) chips when executing complex instructions, which must be broken down into many machine instructions before they can be carried out by RISC microprocessors.
redundancy system A fault-tolerant system that protects data by duplicating it in different physical sources. Data redundancy allows access to data even if part of the data system fails. See also fault tolerance.
redundant An array of inexpensive disks (RAID). See also redundant array of independent disks (RAID).
redundant array of independent disks (RAID) A standardization of fault-tolerant options in five levels. The levels offer various combinations of performance, reliability, and cost. Formerly known as redundant array of inexpensive disks.
Remote Authentication Dial-In User Service (RADIUS) A security authentication protocol widely used by Internet Service Providers (ISPs). RADIUS provides authentication and accounting services for distributed dial-up networking.
remote-boot programmable read-only memory (PROM) A special chip in the network interface card that contains the hardwired code that starts the computer and connects the user to the network, used in computers for which there are no hard disks or floppy drives. See also diskless computers.
remote installation The process of connecting to a server running Remote Installation Services (RIS), called the RIS server, and then starting an automated installation of Windows 2000 Professional on a local computer.
remote user A user who dials in to the server over modems and telephone lines from a remote location.
requester (LAN requester) Software that resides in a computer and forwards requests for network services from the computer's application programs to the appropriate server. See also redirector.
resources Any part of a computer system. Users on a network can share computer resources, such as hard disks, printers, modems, CD-ROM drives, and even the processor.
rights The authorization with which a user is entitled to perform certain actions on a computer network. Rights apply to the system as a whole, whereas permissions apply to specific objects. For example, a user might have the right to back up an entire computer system, including the files that the user doesn't have permission to access. See also access permissions.
RISC See reduced instruction set computing (RISC).
ROM See read-only memory (ROM).
routable protocols The protocols that support multipath LAN-to-LAN communications. See also protocol.
router A device used to connect networks of different types, such as those using different architectures and protocols. Routers work at the network layer of the OSI reference model. This means they can switch and route packets across multiple networks, which they do by exchanging protocol-specific information between separate networks. Routers determine the best path for sending data and filter broadcast traffic to the local segment.
Routing Information Protocol (RIP) A protocol that uses distance-vector algorithms to determine routes. With RIP, routers transfer information among other routers to update their internal routing tables and use that information to determine the best routes based on hop counts between routers. TCP/IP and IPX support RIP.
RS-232 standard An industry standard for serial communication connections adopted by the Electrical Industries Association (EIA). This recommended standard defines the specific lines and signal characteristics used by serial communications controllers to standardize the transmission of serial data between devices.
S
SAP See service access point (SAP); Service Advertising Protocol (SAP).
schema A database description to the database management system that contains a formal definition of the contents and structure of Active Directory directory services, including all attributes, classes, and class properties. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which object class can be a parent of the current object class.
SCSI See Small Computer System Interface (SCSI).
SDLC See Synchronous Data Link Control (SDLC).
sector A portion of the data-storage area on a disk. A disk is divided into sides (top and bottom), tracks (rings on each surface), and sectors (sections of each ring). Sectors are the smallest physical storage units on a disk and are of fixed size—typically capable of holding 512 bytes of information apiece.
sector sparing A fault-tolerant system also called hot fixing. It automatically adds sector-recovery capabilities to the file system during operation. If bad sectors are found during disk I/O, the fault-tolerant driver will attempt to move the data to a good sector and map out the bad sector. If the mapping is successful, the file system is not alerted. It is possible for SCSI devices to perform sector sparing, but AT devices (ESDI and IDE) cannot.
security The act of making computers and data stored on them safe from harm or unauthorized access.
Security log A log that records security events. For example, valid and invalid logon attempts and events relating to creating, opening, or deleting files or other objects.
segment The length of cable on a network between two terminators. A segment can also refer to messages that have been broken up into smaller units by the protocol driver.
Sequenced Packet Exchange (SPX) Part of Novell's IPX/SPX protocol suite for sequenced data. See also Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/SPX).
Serial Line Internet Protocol (SLIP) As defined in RFC 1055, an internet protocol that is normally used on Ethernet over a serial line—for example, an RS-232 serial port connected to a modem.
serial transmission A one-way data transfer. The data travels on a network cable with one bit following another.
server A computer that provides shared resources to network users. See also client.
server-based network A network in which resource security and most other network functions are provided by dedicated servers. Server-based networks have become the standard model for networks serving more than 10 users. See also peer-to-peer network.
server message block (SMB) The protocol developed by Microsoft, Intel, and IBM that defines a series of commands used to pass information between network computers. The redirector packages SMB requests into a network control block (NCB) structure that can be sent over the network to a remote device. The network provider listens for SMB messages destined for it and removes the data portion of the SMB request so that it can be processed by a local device.
service access point (SAP) The interface between each of the seven layers in the OSI protocol stack that has connection points, similar to addresses, used for communication between layers. Any protocol layer can have multiple SAPs active at one time.
Service Advertising Protocol (SAP) A protocol that allows service-providing nodes (including file, printer, gateway, and application servers) to advertise their services and addresses.
session A connection or link between stations on the network.
session layer The fifth layer of the OSI reference model. This layer allows two applications on different computers to establish, use, and end a connection called a session. This layer performs name recognition and functions, such as security, needed to allow two applications to communicate over the network. The session layer provides synchronization between user tasks. This layer also implements dialog control between communicating processes, regulating which side transmits, when, for how long, and so on. See also Open Systems Interconnection (OSI) reference model.
session management The process that establishes, maintains, and terminates connections between stations on the network.
sharing The means by which files or folders are publicly posted on a network for access by anyone on the network.
shell A piece of software, usually a separate program, that provides direct communication between the user and the operating system. This usually takes the form of a command-line interface. Examples of shells are Macintosh Finder and the MS-DOS command interface program Command.com.
Simple Mail Transfer Protocol (SMTP) A TCP/IP protocol for transferring e-mail. See also application protocol; Transport Control Protocol/Internet Protocol (TCP/IP).
Simple Network Management Protocol (SNMP) A TCP/IP protocol for monitoring networks. SNMP uses a request and response process. In SNMP, short utility programs, called agents, monitor the network traffic and behavior in key network components to gather statistical data, which they put into a management information base (MIB). To collect the information into a usable form, a special management console program regularly polls the agents and downloads the information in their MIBs. If any of the data falls either above or below parameters set by the manager, the management console program can present signals on the monitor locating the trouble and notify designated support staff by automatically dialing a pager number.
simultaneous peripheral operation online (spool) A process that facilitates the process of moving a print job from the network into a printer.
site A combination of one or more IP subnets, typically connected by a high-speed link.
Small Computer System Interface (SCSI) Pronounced "skuzzy," a standard, high-speed parallel interface defined by ANSI. A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and LANs.
SMB See server message block (SMB).
SMP See symmetric multiprocessing (SMP).
SMTP See Simple Mail Transfer Protocol (SMTP).
SNMP See Simple Network Management Protocol (SNMP).
software Computer programs or sets of instructions that allow the hardware to work. Software can be grouped into four categories: system software, such as operating systems, which control the workings of the computer; application software, such as word-processing programs, spreadsheets, and databases, which perform the tasks for which people use computers; network software, which enables groups of computers to communicate; and language software, which provides programmers with the tools they need to write programs.
SONET See Synchronous Optical Network (SONET).
spanning tree algorithm (STA) An algorithm (mathematical procedure) implemented to eliminate redundant routes and to avoid situations in which multiple LANs are joined by more than one path by the IEEE 802.1 Network Management Committee. Under STA, bridges exchange certain control information in an attempt to find redundant routes. The bridges determine which would be the most efficient route and then use that one and disable the others. Any of the disabled routes can be reactivated if the primary route becomes unavailable.
SPX See Sequenced Packet Exchange (SPX).
SQL See structured query language (SQL).
STA See spanning tree algorithm (STA).
stand-alone computer A computer that isn't connected to any other computers and isn't part of a network.
stand-alone environment A work environment in which each user has a personal computer but works independently, unable to share files and other important information that would be readily available through server access in a networking environment.
stealth virus A variant of a file-infector virus. This virus is so named because it attempts to hide from detection. When an antivirus program attempts to find it, the stealth virus tries to intercept the probe and return false information indicating that it does not exist.
stripe set A form of fault tolerance that combines multiple areas of unformatted free space into one large logical drive, distributing data storage across all drives simultaneously. In Windows 2000, a stripe set requires at least two physical drives and can use up to 32 physical drives. Stripe sets can combine areas on different types of drives, such as Small Computer System Interface (SCSI), Enhanced Small Device Interface (ESDI), and Integrated Device Electronics (IDE) drives.
structured query language (SQL) A standard language for creating, updating, and querying relational database management systems.
Switched Multimegabit Data Services (SMDS) A high-speed, switched-packet service that can provide speeds of up to 34 Mbps.
switched virtual circuit (SVC) A logical connection between end computers that uses a specific route across the network. Network resources are dedicated to the circuit, and the route is maintained until the connection is terminated. These are also known as point-to-multipoint connections. See also virtual circuit.
symmetric multiprocessing (SMP) A system that uses any available processor on an as-needed basis. With this approach, the system load and application needs can be distributed evenly across all available processors.
synchronous A form of communication that relies on a timing scheme coordinated between two devices to separate groups of bits and transmit them in blocks called frames. Special characters are used to begin the synchronization and check its accuracy periodically. Because the bits are sent and received in a timed, controlled (synchronized) fashion, start and stop bits are not required. Transmission stops at the end of one transmission and starts again with a new one. It is a start/stop approach, and more efficient than asynchronous transmission. If an error occurs, the synchronous error detection and correction scheme implements a retransmission. However, because more sophisticated technology and equipment is required to transmit synchronously, it is more expensive than asynchronous transmission.
Synchronous Data Link Control (SDLC) The data link (data transmission) protocol most widely used in networks conforming to IBM's SNA. SDLC is a communications guideline that defines the format in which information is transmitted. As its name implies, SDLC applies to synchronous transmissions. SDLC is also a bit-oriented protocol and organizes information in structured units called frames.
Synchronous Optical Network (SONET) A fiber-optic technology that can transmit data at more than one gigabit per second. Networks based on this technology are capable of delivering voice, data, and video. SONET is a standard for optical transport formulated by the Exchange Carriers Standards Association (ECSA) for ANSI.
Systems Network Architecture (SNA) An IBM-proprietary high-level networking protocol standard for IBM and IBM-compatible mainframe systems. See also protocol.
T
TCO See total cost of ownership (TCO).
TCP See Transmission Control Protocol (TCP).
TCP/IP See Transport Control Protocol/Internet Protocol (TCP/IP).
TDI See transport driver interface (TDI).
TechNet See Microsoft Technical Information Network (TechNet).
Telnet The command and program used to log in from one Internet site to another. The Telnet command and program brings the user to the login prompt of another host.
terabyte See byte.
throughput A measure of the data transfer rate through a component, connection, or system. In networking, throughput is a good indicator of the system's total performance because it defines how well the components work together to transfer data from one computer to another. In this case, the throughput would indicate how many bytes or packets the network could process per second.
topology The arrangement or layout of computers, cables, and other components on a network. Topology is the standard term that most network professionals use when referring to the network's basic design.
total cost of ownership (TCO) The total amount of money and time associated with purchasing computer hardware and software, and deploying, configuring, and maintaining the hardware and software. It includes hardware and software updates, training, maintenance and administration, and technical support. One other major factor is lost productivity due to user errors, hardware problems, software upgrades, and retraining.
tracert A Traceroute command-line utility that shows every router interface through which a TCP/IP packet passes on its way to a destination.
trailer One of the three sections of a packet component. The exact content of the trailer varies depending on the protocol, but it usually includes an error-checking component, or cyclical redundancy check (CRC).
transceiver A device that connects a computer to the network. The term is derived from transmitter/receiver; thus, a transceiver is a device that receives and transmits signals. It switches the parallel data stream used on the computer's bus into a serial data stream used in the cables connecting the computers.
Transmission Control Protocol (TCP) The TCP/IP protocol for sequenced data. See also Transport Control Protocol/Internet Protocol (TCP/IP).
Transport Control Protocol/Internet Protocol (TCP/IP) An industry standard suite of protocols providing communications in a heterogeneous environment. In addition, TCP/IP provides a routable enterprise networking protocol and access to the Internet and its resources. It is a transport layer protocol that actually consists of several other protocols in a stack that operates at the session layer. Most networks support TCP/IP as a protocol.
transport driver interface (TDI) An interface that works between the file-system driver and the transport protocols, allowing any protocol written to TDI to communicate with the file-system drivers.
transport layer The fourth layer of the OSI reference model. It ensures that messages are delivered error free, in sequence, and without losses or duplications. This layer repackages messages for efficient transmission over the network. At the receiving end, the transport layer unpacks the messages, reassembles the original messages, and sends an acknowledgment of receipt. See also Open Systems Interconnection (OSI) reference model.
transport protocols Protocols that provide for communication sessions between computers and ensure that data is able to move reliably between computers.
tree A grouping of hierarchical arrangements of one or more Windows 2000 domains that share a contiguous namespace.
Trojan horse virus A type of virus that appears to be a legitimate program that might be found on any system. The Trojan horse virus can destroy files and cause physical damage to disks.
trust relationship A link between domains that enables pass-through authentication, in which a user has only one user account in one domain, yet can access the entire network. User accounts and global groups defined in a trusted domain can be given rights and resource permissions in a trusting domain even though those accounts don't exist in the trusting domain's database. A trusting domain honors the logon authentication of a trusted domain.
U
UART See universal asynchronous receiver transmitter (UART).
UDP See User Datagram Protocol (UDP).
Uniform Resource Locator (URL) An address for a resource on the Internet that provides the hypertext links between documents on the World Wide Web (WWW). Every resource on the Internet has its own location identifier, or URL, that specifies the server to access as well as the access method and the location. URLs can use various protocols including FTP and HTTP.
uninterruptible power supply (UPS) A device connected between a computer or another piece of electronic equipment and a power source, such as an electrical outlet. The UPS ensures that the electrical flow to the computer is not interrupted because of a blackout and, in most cases, protects the computer against potentially damaging events such as power surges and brownouts. Different UPS models offer different levels of protection. All UPS units are equipped with a battery and loss-of-power sensor. If the sensor detects a loss of power, it immediately switches over to the battery so that users have time to save their work and shut off the computer. Most higher-end models have features such as power filtering, sophisticated surge protection, and a serial port so that an operating system capable of communicating with a UPS (such as Windows 2000) can work with the UPS to facilitate automatic system shutdown.
universal asynchronous receiver transmitter (UART) A module, usually composed of a single integrated circuit, that contains both the receiving and transmitting circuits required for asynchronous serial communication. Two computers, each equipped with a UART, can communicate over a simple wire connection. The operation of the sending and receiving units are not synchronized by a common clock signal, so the data stream itself must contain information about when packets of information (usually bytes) begin and end. This information about the beginning and ending of a packet is provided by the start and stop bits in the data stream. A UART is the most common type of circuit used in personal-computer modems.
universal serial bus (USB) A serial bus with a data transfer rate of 12 megabits per second (Mbps) for connecting peripherals to a microcomputer. USB can connect up to 127 peripheral devices to the system through a single, general-purpose port. This is accomplished by daisy chaining peripherals together. USB is designed to support the ability to automatically add and configure new devices and the ability to add such devices without having to shut down and restart the system.
UPS See uninterruptible power supply (UPS).
URL See Uniform Resource Locator (URL).
USB See universal serial bus (USB).
user account An account that consists of all of the information that defines a user on a network. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the system and accessing its resources.
User Datagram Protocol (UDP) A connectionless protocol, responsible for end-to-end data transmission.
user groups Groups of users who meet online or in person to discuss installation, administration, and other network challenges for the purpose of sharing and drawing on each other's expertise in developing ideas and solutions.
V
virtual circuit A series of logical connections between a sending computer and a receiving computer. The connection is made after both computers exchange information and agree on communication parameters that establish and maintain the connection, including maximum message size and path. Virtual circuits incorporate communication parameters such as acknowledgments, flow control, and error control to ensure reliability. They can be either temporary, lasting only as long as the conversation, or permanent, lasting as long as the users keep the communication channel open.
virtual memory The space on one or more of a computer's hard disks used by Windows 2000 as if it were RAM. This space on the hard disks is known as a paging file. The benefit of virtual memory is being able to run more applications at one time than would be possible by using just the RAM (physical memory) on the computer.
virtual private network (VPN) A set of computers on a public network such as the Internet that communicate among themselves using encryption technology. In this way, their messages are safe from being intercepted and understood by unauthorized users. VPNs operate as if the computers were connected by private lines.
virus Computer programming, or code, that hides in computer programs or on the boot sector of storage devices such as hard-disk drives and floppy-disk drives. The primary purpose of a virus is to reproduce itself as often as possible; a secondary purpose is to disrupt the operation of the computer or the program.
volume set A collection of hard-disk partitions that are treated as a single partition, thus increasing the disk space available in a single drive letter. Volume sets are created by combining between 2 and 32 areas of unformatted free space on one or more physical drives. These spaces form one large logical volume set that is treated like a single partition.
VPN See virtual private network (VPN).
W
wide area network (WAN) A computer network that uses long-range telecommunication links to connect networked computers across long distances.
winipcfg A diagnostic command specific to Microsoft Windows 95 and 98. Although this graphical user interface utility (GUI) duplicates the functionality of ipconfig, its GUI makes it easier to use. See also ipconfig.
workgroup A collection of computers grouped for sharing resources such as data and peripherals over a LAN. Each workgroup is identified by a unique name. See also domain; peer-to-peer network.
World Wide Web (the Web, or WWW) The Internet multimedia service that contains a vast storehouse of hypertext documents written in HTML. See also Hypertext Markup Language (HTML).
WORM See Write-Once Read-Many (WORM).
Write-Once Read-Many (WORM) Any type of storage medium to which data can be written only once but can be read any number of times. Typically, this is an optical disc whose surface is permanently etched using a laser to record information.
Z
Zone A discrete portion of the domain name space. Zones provide a way to partition the domain name space into discrete manageable sections.
Chapter 1
Review Questions
What is the major difference between a workgroup and a domain?
The major difference between a workgroup and a domain is where the user account information resides for user logon authentication. For a workgroup, user account information resides in the local security database on each computer in the workgroup. For the domain, the user account information resides in the Active Directory database.
What are Active Directory directory services, and what do they provide?
Active Directory directory services comprise the Windows 2000 directory service. A directory service consists of a database that stores information about network resources, such as computers and printers, and the services that make this information available to users and applications. Active Directory directory services also provide administrators with the capability to control access to resources.
What information must a user provide when he or she logs on to a computer?
A user name and a password.
What happens when a user logs on locally to a computer?
Windows 2000 authenticates the user during the logon process by comparing the user's logon information to the user's information in the local database and verifies the identity of the user. Only valid users can gain access to resources and data on a computer.
How do you use the Windows 2000 Security dialog box?
The Windows 2000 Security dialog box provides easy access to important security options, which include the ability to lock a computer, change a password, log off of a computer, stop programs that aren't responding, and shut down the computer.
Chapter 2
Review Questions
Your company has decided to install Windows 2000 Professional on all new computers that are purchased for desktop users. What should you do before you purchase new computers to ensure that Windows 2000 can be installed and run without difficulty?
Verify that the hardware components meet the minimum requirements for Windows 2000. Also, verify that all of the hardware components that are installed in the new computers are on the Windows 2000 HCL. If a component is not listed, contact the manufacturer to verify that a Windows 2000 driver is available.
You are attempting to install Windows 2000 Professional from a CD-ROM; however, you have discovered that your computer doesn't support booting from the CD-ROM drive. How can you install Windows 2000?
Start the computer by using the Setup boot disks. When prompted, insert the Windows 2000 Professional CD-ROM, and then continue setup.
You are installing Windows 2000 Server on a computer that will be a client in an existing Windows 2000 domain. You want to add the computer to the domain during installation. What information do you need, and which computers must be available on the network before you run the Setup program?
You need the DNS domain name of the domain that you are joining. You must also make sure that a computer account for the client exists in the domain, or you must have the user name and password of a user account in the domain with the authority to create computer accounts in the domain. A server running the DNS service and a domain controller in the domain you are joining must be available on the network.
You are using a CD-ROM to install Windows 2000 Professional on a computer that was previously running another operating system. How should you configure the hard disk to simplify the installation process?
Use a disk partitioning tool to remove any existing partitions, and then create and format a new partition for the Windows 2000 installation.
You are installing Windows 2000 Professional over the network. Before you install to a client computer, what must you do?
Locate the path to the shared installation files on the distribution server. Create a 500-MB FAT partition on the target computer (1 GB recommended). Create a client disk with a network client so that you can connect from the computer, without an operating system, to the distribution server.
Chapter 3
Practice Questions
Lesson 2: Using Consoles
Practice: Creating a Customized Microsoft Management Console
· To remove extensions from a snap-in
Click Computer Management (Local), and then click the Extensions tab.
The MMC displays a list of available extensions for the Computer Management snap-in.
What option determines which extensions the MMC displays in the Available Extensions list in this dialog box?
The available extensions depend on which snap-in you select.
Review Questions
When and why would you use an extension?
You use an extension when specific snap-ins need additional functionality—extensions are snap-ins that provide additional administrative functionality to another snap-in.
You need to create a custom console for an administrator who needs to use only the Computer Management and Active Directory Users And Computers snap-ins. The administrator
Must not be able to add any additional snap-ins.
Needs full access to all snap-ins.
Must be able to navigate between snap-ins.
Which console mode would you use to configure the custom console?
User mode, Full Access.
What do you need to do to remotely administer a computer running Windows 2000 Server from a computer running Windows 2000 Professional?
Windows 2000 Professional doesn't include all snap-ins that are included with Windows 2000 Server. To enable remote administration of many Windows 2000 Server components from a computer running Windows 2000 Professional, you need to add the required snap-ins on the computer running Windows 2000 Professional.
You need to schedule a maintenance utility to automatically run once a week on your computer, which is running Windows 2000 Professional. How do you accomplish this?
Use Task Scheduler to schedule the necessary maintenance utilities to run at specific times.
Chapter 4
Review Questions
What should you do if you can't see any output on the secondary display?
If you can't see any output on the secondary display, try the following:
Activate the device in the Display Properties dialog box.
Confirm that you chose the correct video driver.
Restart the computer and check its status in Device Manager.
Switch the order of the display adapters on the motherboard.
You have configured recovery options on a computer running Windows 2000 Professional to write debugging information to a file if a system failure occurs. You notice, however, that the file isn't being created. What could be causing this problem?
The problem could be one or more of the following:
The paging file size could be set to less than the amount of physical RAM in your system.
The paging file might not be located on your system partition.
You might not have enough free space to create the Memory.dmp file.
How can you optimize virtual memory performance?
To optimize virtual memory, do the following:
If you have multiple hard disks, create a separate paging file on each hard disk.
Move the paging file off of the disk that contains the Windows 2000 system files.
Set the minimum size of the paging file to be equal to or greater than the amount of disk space that is allocated by Virtual Memory Manager when your system is operating under a typical load.
You installed a new network interface card (NIC) in your computer, but it doesn't seem to be working. Describe how you would troubleshoot this problem.
You would do the following to troubleshoot the problem:
Check Device Manager to determine whether Windows 2000 properly detected the network card.
If the card isn't listed in Device Manager, run the Add/Remove Hardware wizard to have Windows 2000 detect the new card. If the card is listed in Device Manager but the icon representing the new card contains either an exclamation mark or a stop sign, view the properties of the card for further details. You might need to reinstall the drivers for the card, or the card might be causing a resource conflict.
Chapter 5
Practice Questions
Lesson 2: Using Registry Editor
Practice: Using Registry Editor
Exercise 1: Exploring the Registry
· To view information in the registry
Double-click the HARDWARE\DESCRIPTION\System subkey to expand it, and then answer the following questions:
What is the basic input/output system (BIOS) version of your computer and its date?
Answers will vary based on the contents of the SYSTEMBIOSVERSION and SYSTEMBIOSDATE entries.
What is the computer type of your local machine according to the Identifier entry?
Answers might vary; it will likely be AT/AT compatible.
Expand the SOFTWARE\Microsoft\Windows NT\CurrentVersion subkey, and then fill in the following information.
Software configuration
Value and string
Current build number
2195 (for Evaluation Software)
Current version
5
Registered organization
Answers will vary.
Registered owner
Answers will vary.
Review Questions
What is the registry and what does it do?
The registry is a hierarchical database that stores Windows 2000 hardware and software settings. The registry controls the Windows 2000 operating system by providing the appropriate initialization information to start applications and load components, such as device drivers and network protocols. The registry contains a variety of different types of data, including the hardware installed on the computer, the installed device drivers, applications, network protocols, and network adapter card settings.
What is a hive?
A hive is a discrete body of keys, subkeys, and entries. Each hive has a corresponding registry file and a .LOG file located in systemroot\System32\Config. Windows 2000 uses the .LOG file to record changes and to ensure the integrity of the registry.
What is the recommended editor for viewing and modifying the registry?
Regedt32.exe is the recommended editor for viewing and modifying the registry.
What option should you enable when you are viewing the contents of the registry? Why?
Using Registry Editor incorrectly can cause serious, systemwide problems that could require reinstallation of Windows 2000. When using Registry Editor to view data, save a backup copy of the registry file before viewing and click Read Only Mode on the Options menu to prevent accidental updating or deleting of configuration data.
Chapter 6
Practice Questions
Lesson 2: Common Disk Management Tasks
Practice: Working with Dynamic Storage
Exercise 2: Extending a Volume
· To examine the new volume
Change the working directory to the root directory of drive C (if necessary) or to the root directory of the drive where you mounted your volume, type dir and then press Enter.
How much free space does the Dir command report?
Answer will vary.
Why is there a difference between the free space reported for drive C and the free space reported for C:\Mount? (If you mounted your volume on a drive other than drive C, replace C with the appropriate drive letter.)
The amount of free space reported for C:\Mount is the amount of free space available on the mounted volume.
Review Questions
You install a new 10-GB disk drive that you want to divide into five equal 2-GB sections. What are your options?
You can leave the disk as a basic disk and then create a combination of primary partitions (up to three) and logical drives in an extended partition; or, you can upgrade the disk to a dynamic disk and create five 2-GB simple volumes.
You are trying to create a striped volume on your Windows NT Server to improve performance. You confirm that you have enough unallocated disk space on two disks in your computer, but when you right-click an area of unallocated space on a disk, your only option is to create a partition. What is the problem and how would you resolve it?
You can create striped volumes only on dynamic disks. The option to create a partition rather than a volume indicates that the disk you are trying to use is a basic disk. You will need to upgrade all of the disks that you want to use in your striped volume to dynamic disks before you stripe them.
You add a new disk to your computer and attempt to extend an existing volume to include the unallocated space on the new disk, but the option to extend the volume isn't available. What is the problem and how would you resolve it?
The existing volume is not formatted with Microsoft Windows 2000 File System (NTFS). You can extend only NTFS volumes. You should back up any data on the existing volume, convert it to NTFS, and then extend the volume.
You dual boot your computer with Windows 98 and Windows 2000 Professional. You upgrade a second drive—which you are using to archive files—from basic storage to dynamic storage. The next time you try to access your archived files from Windows 98, you are unable to read the files. Why?
Only Windows 2000 can read dynamic storage.
Chapter 7
Practice Questions
Lesson 1: TCP/IP
Practice: Installing and Configuring TCP/IP
Exercise 2: Configuring TCP/IP to Use a Static IP Address
· To test the static TCP/IP configuration
To verify that the IP address is working and configured for your adapter, type ping 127.0.0.1 and then press Enter.
What happens?
Four Reply from 127.0.0.l messages should appear.
If you have a computer that you are using to test connectivity, type ping ip_address (where ip_address is the IP address of the computer you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip to step 7.
What happens?
Four Reply from ip_address messages should appear.
Exercise 3: Configuring TCP/IP to Automatically Obtain an IP Address
· To configure TCP/IP to automatically obtain an IP address
Click Obtain An IP Address Automatically.
Which IP address settings will the DHCP Service configure for your computer?
IP address and subnet mask.
Exercise 4: Obtaining an IP Address by Using Automatic Private IP Addressing
· To obtain an IP address by using Automatic Private IP Addressing
At the command prompt, type ipconfig /renew and then press Enter.
There will be a pause while Windows 2000 attempts to locate a DHCP server on the network.
What message appears, and what does it indicate?
DHCP Server Unreachable.
Your computer was not assigned an address from a DHCP server because there wasn't one available.
· To test the TCP/IP configuration
At the command prompt, type ipconfig more and then press Enter.
Pressing Spacebar as necessary, record the current TCP/IP settings for your local area connection in the following table.
Setting
Value
IP address
Answer will vary.
Subnet mask
Answer will vary.
Default gateway
Answer will vary.
Is this the same IP address assigned to your computer in Exercise 3? Why or why not?
No, the IP address isn't the same as the one assigned in Exercise 3. In this exercise, the Automatic Private IP Addressing feature of Windows 2000 assigned the IP address because a DHCP server wasn't available. In Exercise 3, the DHCP Service assigned an IP address.
If you have a computer to test TCP/IP connectivity with your computer, type ping ip_address (where ip_address is the IP address of the computer that you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip this step and proceed to Exercise 5.
Were you successful? Why or why not?
Answers will vary. If you don't have a computer that you can use to test your computer's connectivity, you can't do this exercise.
No, because the computer you are using to test your computer's connectivity is configured with a static IP address in another network and no default gateway is configured on your computer.
Yes, because the computer you are using to test your computer's connectivity is also configured with an IP address assigned by Automatic Private IP Addressing and it is on the same subnet so that a default gateway is unnecessary.
Lesson 2: NWLink
Practice: Installing and Configuring NWLink
· To install and configure NWLink
Click Protocol, and then click Add.
The Select Network Protocol dialog box appears.
Which protocols can you install?
AppleTalk, DLC, NetBEUI, Network Monitor Driver, and NWLink IPX/SPX/NetBIOS Compatible Transport Protocol.
Select NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and then click Properties.
Which type of frame detection is selected by default?
Auto frame type detection.
Lesson 4: Network Bindings
Practice: Working with Network Bindings
Exercise 1: Changing the Binding Order of a Protocol
· To change the protocol binding order
Maximize the Network And Dial-Up Connections window, and on the Advanced menu, click Advanced Settings.
The Advanced Settings dialog box appears.
What is the order of the protocols listed under Client For Microsoft Networks in the Bindings For Local Area Connection list?
The first protocol listed under Client For Microsoft Networks is NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and the second one is Internet Protocol (TCP/IP).
Review Questions
Your computer running Windows 2000 Client for Microsoft Networks was configured manually for TCP/IP. You can connect to any host on your own subnet, but you can't connect to or even ping any host on a remote subnet. What is the likely cause of the problem and how would you fix it?
The default gateway might be missing or incorrect. You specify the default gateway in the Internet Protocol (TCP/IP) Properties dialog box (under Network And Dial-Up Connections in My Network Places). Other possibilities are that the default gateway is offline or that the subnet mask is incorrect.
Your computer running Windows 2000 Professional can communicate with some, but not all, of the NetWare servers on your network. Some of the NetWare servers are running frame type 802.2 and some are running 802.3. What is the likely cause of the problem?
Although the NWLink implementation in Windows 2000 can automatically detect a frame type for IPX/SPX-compatible protocols, it can automatically detect only one frame type. This network uses two frame types; you must manually configure the additional frame type (802.3).
What are the limitations of the NetBEUI protocol?
NetBEUI can't be routed and therefore is not suitable for WANs. Since NetBEUI isn't routable, you must connect computers running Windows 2000 and NetBEUI by using bridges instead of routers.
The NetBEUI protocol relies on broadcasts for many of its functions, such as name registration and discovery, so it creates more broadcast traffic than other protocols.
What is the primary function of the DLC protocol?
DLC provides connectivity to IBM mainframes and to LAN print devices that are directly attached to the network.
What is the significance of the binding order of network protocols?
You specify the binding order to optimize network performance. For example, a computer running Windows 2000 Workstation has NetBEUI, NWLink IPX/SPX, and TCP/IP installed. However, most of the servers to which this computer connects are running only TCP/IP. You would adjust the binding order so that the workstation binding to TCP/IP is listed before the workstation bindings for the other protocols. In this way, when a user attempts to connect to a server, Client for Microsoft Networks first attempts to use TCP/IP to establish the connection.
Chapter 8
Review Questions
What is the function of the following DNS components?
Domain name space
The domain name space provides the hierarchical structure for the DNS distributed database.
Zones
Zones are used to divide the domain name space into administrative units.
Name servers
Name servers store the zone information and perform name resolution for their authoritative domain name spaces.
Why would you want to have multiple name servers?
Installing multiple name servers provides redundancy, reduces the load on the server that stores the primary zone database file, and allows for faster access speed for remote locations.
What's the difference between a forward lookup query and a reverse lookup query?
A forward lookup query resolves a name to an IP address. A reverse lookup query resolves an IP address to a name.
When would you configure your connection to obtain a DNS server address automatically?
Configure your connection to obtain a DNS server address automatically only if you have a functioning DHCP server on the network that can provide the IP address of functioning DNS servers on the network.
Chapter 9
Review Questions
What are four major features of Active Directory directory services?
Active Directory directory services offer simplified administration, scaleability, open standards support, and support for standard name formats.
What are sites and domains, and how are they different?
A site is a combination of one or more IP subnets that should be connected by a high-speed link.
A domain is a logical grouping of servers and other network resources organized under a single name.
A site is a component of Active Directory directory services' physical structure, while a domain is a component of the logical structure.
What is the schema, and how can you extend it?
The schema contains a formal definition of the contents and structure of Active Directory directory services, including all attributes, classes, and class properties. You can extend the schema by using the Schema Manager snap-in or the Active Directory Services Interface (ADSI).
Which Windows 2000 products provide Active Directory directory services?
Only the Windows 2000 Server products, which include Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter, provide Active Directory directory services. Windows 2000 Professional doesn't provide Active Directory directory services, but clients running Windows 2000 Professional that are members of a domain can use Active Directory directory services.
Chapter 10
Review Questions
Where does Windows 2000 create local user accounts?
When you create a local user account, Windows 2000 creates the account only in that computer's security database.
What different capabilities do domain user accounts and local user accounts provide to users?
A domain user account allows a user to log on to the domain from any computer in the network and to gain access to resources anywhere in the domain, provided the user has permission to access these resources. A local user account allows the user to log on at and gain access to resources on only the computer where you create the local user account.
What should you consider when you plan new user accounts?
A naming convention that ensures unique but consistent user account names.
Whether you or the user will determine the user account password.
Whether the user account should be disabled.
What information is required to create a local user account?
A user name.
What are built-in user accounts and what are they used for?
Windows 2000 automatically creates accounts called built-in accounts. Two commonly used built-in accounts are Administrator and Guest. You use the built-in Administrator account to manage the overall computer (for example, creating and modifying user accounts and groups, and setting account properties on user accounts). You use the built-in Guest account to give occasional users the ability to log on and gain access to resources.
Chapter 11
Review Questions
Why should you use groups?
Use groups to simplify administration by granting rights and assigning permissions once to the group rather than multiple times to each individual member.
How do you create a local group?
Start the Computer Management snap-in and expand Local Users And Groups. Right-click Groups, and then click New Group. Fill in the appropriate fields and then click Create.
Are there any consequences to deleting a group?
When you delete a group, the unique identifier that the system uses to represent the group is lost. Even if you create a second group with the same name, the group will not have the same identifier, so you must grant the group any permissions or rights that it once had, and you must add back the users who need to be a member of that group.
What's the difference between built-in local groups and local groups?
You create local groups and assign the appropriate permissions to them.
Windows 2000 Professional comes with precreated built-in local groups. You can't create built-in local groups. Built-in local groups give rights to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system resources.
Chapter 12
Review Questions
What's the difference between a printer and a print device?
A printer is the software interface between the operating system and the print device. The print device is the hardware device that produces printed documents.
A print server can connect to two different types of print devices. What are these two types of print devices, and what are the differences?
The two types are local and network-interface print devices. A local print device is connected directly to a physical port of the print server. A network-interface print device is connected to the print server through the network. Also, a network-interface print device requires a network interface card.
You have added and shared a printer. What must you do to set up client computers running Windows 2000 so that users can print, and why?
You (or the user) must make a connection to the printer from the client computer. When you make a connection to the printer from the client computer, Windows 2000 automatically copies the printer driver to the client computer.
What advantages does connecting to a printer by using http://server_name/printers provide for users?
It allows a user to make a connection to a printer without having to use the Add Printer wizard. It makes a connection to a Web site, which displays all of the printers for which the user has permission. The Web site also provides information on the printers to help the user make the correct selection. Also, a Web designer can customize this Web page, such as by displaying a floor plan that shows the location of print devices, which makes it easier for users to choose a print device.
Why would you connect multiple printers to one print device?
To set priorities between the printers so that users can send critical documents to the printer with the highest priority. These documents will always print before documents that are sent from printers with lower priorities.
Why would you create a printer pool?
To speed up printing. Users can print to one printer that has several print devices so that documents do not wait in the print queue. It also simplifies administration; it's easier to manage one printer for several print devices than it is to manage one printer for each print device.
Chapter 13
Practice Questions
Lesson 2: Managing Printers
Practice: Performing Printer Management
Exercise 3: Taking Ownership of a Printer
· To take ownership of a printer
On the Security tab, click Advanced, and then click the Owner tab.
Who currently owns the printer?
The Administrators group.
Lesson 3: Managing Documents
Practice: Managing Documents
· To set a notification
In the printer's window, select README.txt, and then click Properties on the Document menu.
Windows 2000 displays the README.txt Document Properties dialog box with the General tab active.
Which user is specified in the Notify box? Why?
The Notify box currently displays the user Administrator because Administrator printed the document.
· To increase the priority of a document
In the README.txt Document Properties dialog box, on the General tab, notice the default priority.
What is the current priority? Is it the lowest or highest priority?
The current priority is the default of 1, which is the lowest priority.
Review Questions
For which printer permission does a user need to change the priority on another user's document?
The Manage Documents permission.
In an environment where many users print to the same print device, how can you help reduce the likelihood of users picking up the wrong documents?
Create a separator page that identifies and separates printed documents.
Can you redirect a single document?
No. You can change the configuration of the print server only to send documents to another printer or print device, which redirects all documents on that printer.
A user needs to print a large document. How can the user print the job after hours, without being present while the document prints?
You can control print jobs by setting the printing time. You set the printing time for a document on the General tab of the Properties dialog box for the document. To open the Properties dialog box for a document, select the document in the printer's window, click the Document menu, and then click Properties. Click Only From in the Schedule section of the Properties dialog box, and then set the Only From hour to the earliest time you want the document to begin printing after regular business hours. Set the To time to a couple of hours before normal business hours start. To set the printing time for a document, you must be the owner of the document or have the Manage Documents permission for the appropriate printer.
What are the advantages of using a Web browser to administer printing?
You can administer any printer on a Windows 2000 print server on the intranet by using any computer running a Web browser, regardless of whether the computer is running Windows 2000 or has the correct printer driver installed. Additionally, a Web browser provides a summary page and reports real-time print device status, and you can customize the interface.
Chapter 14
Practice Questions
Lesson 3: Assigning NTFS Permissions
Practice: Planning and Assigning NTFS Permissions
Exercise 1: Planning NTFS Permissions
When you apply custom permissions to a folder or file, which default permission entry should you remove?
The Full Control permission for the Everyone group.
Complete the following table to plan and record your permissions:
Path
User account or group
NTFS permissions
Block inheritance (yes/no)
Apps
Administrators group
Full Control
No
Apps\WordProcessing
Users group
Read & Execute
No
Apps\Spreadsheet
Accounting group Managers groupExecutives group
Read & ExecuteRead & ExecuteRead & Execute
No
Apps\Database
Accounting groupManagers groupExecutives group
Read & ExecuteRead & ExecuteRead & Execute
No
Public
Administrators group CreatorOwnerUsers group
Full ControlFull Control Write
No
Public\Library
Administrators group Users group
Full ControlRead & Execute
Yes
Public\Manuals
Administrators groupUsers group User81
Full Control Read & Execute Full Control
Yes
Exercise 2: Assigning NTFS Permissions for the Public Folder
· To remove permissions from the Everyone group
Click the Security tab to display the permissions for the Public folder.
Windows 2000 displays the Public Properties dialog box with the Security tab active.
What are the existing folder permissions?
The Everyone group has Full Control.
Notice that the current allowed permissions can't be modified.
Under Name, select the Everyone group, and then click Remove.
What do you see?
Windows 2000 displays a message box indicating that you can't remove "Everyone" because the folder is inheriting the permissions for the Everyone group from its parent folder. To change permissions for Everyone, you must first block inheritance.
Click Remove.
What are the existing folder permissions?
No permissions are currently assigned.
· To assign permissions to the Users group for the Public folder
Click OK to return to the Public Properties dialog box.
What are the existing allowed folder permissions?
The Users group has the following permissions: Read & Execute, List Folder Contents, and Read. These are the default permissions that Windows 2000 assigns when you add a user account or group to the list of permissions.
· To assign permissions to the CREATOR OWNER group for the Public folder
Under Permission Entries, select CREATOR OWNER if necessary.
Which permissions are assigned to CREATOR OWNER, and where do these permissions apply?
Full Control permission is applied to subfolders and files only. Permissions that are assigned to the CREATOR OWNER group are not applied to the folder but only to new files and folders that are created within the folder.
· To test the folder permissions that you assigned for the Public folder
In the Public folder, attempt to create a text file named User81.
Were you successful? Why or why not?
Yes, because the Users group is assigned the Write permission for the Public folder.
Exercise 4: Testing NTFS Permissions
· To test permissions for the Misc folder while logged on as User81
Attempt to create a file in the Misc folder.
Were you successful? Why or why not?
No, because only User82 has NTFS permissions to create and modify files in the Misc folder.
· To test permissions for the Misc folder while logged on as User82
Attempt to create a file in the Misc folder.
Were you successful? Why or why not?
Yes, because User82 has the Modify permission for the folder.
· To test permissions for the Manuals folder while logged on as Administrator
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
Yes, because the Administrators group has the Full Control permission for the Manuals folder.
· To test permissions for the Manuals folder while logged on as User81
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
No, because User81 has only the Read & Execute permission for the Manuals folder.
· To test permissions for the Manuals folder while logged on as User82
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
Yes, because User82 is a member of the Manuals group, which has been assigned the Modify permission for the Sales folder.
Lesson 6: Solving Permissions Problems
Practice: Managing NTFS Permissions
Exercise 1: Taking Ownership of a File
· To determine the permissions for a file
Click the Security tab to display the permissions for the Owner.txt file.
What are the current allowed permissions for Owner.txt?
The Administrators group has the Full Control permission.
The Users group has the Read & Execute permission.
Click the Owner tab.
Who is the current owner of the Owner.txt file?
The Administrators group.
· To take ownership of a file
Click Advanced to display the Access Control Settings For Owner dialog box, and then click the Owner tab.
Who is the current owner of Owner.txt?
The Administrators group.
In the Change Owner To box, select User84, and then click Apply.
Who is the current owner of Owner.txt?
User84.
Exercise 2: Copying and Moving Folders
· To create a folder while logged on as a user
While you are logged on as User84, in Windows Explorer, in drive C, create a folder named Temp1.
What are the permissions that are assigned to the folder?
The Everyone group has Full Control.
Who is the owner? Why?
User84 is the owner because the person who creates a folder or file is the owner.
· To create a folder while logged on as Administrator
In drive C, create the following two folders: Temp2 and Temp3.
What are the permissions for the folders that you just created?
The Everyone group has the Full Control permission.
Who is the owner of the Temp2 and Temp3 folders? Why?
The Administrators group is the owner of the Temp2 and Temp3 folders because a member of the Administrators group created these folders.
· To copy a folder to another folder within a Windows 2000 NTFS volume
Select C:\Temp1\Temp2, and then compare the permissions and ownership with C:\Temp2.
Who is the owner of C:\Temp1\Temp2 and what are the permissions? Why?
The owner is still the Administrators group because you are logged on as Administrator. When a folder or file is copied within an NTFS volume, the person who copies the folder or file becomes the owner.
The Everyone group has the Full Control permission because when a folder or file is copied within an NTFS volume, the folder or file inherits the permissions of the folder into which it is copied.
· To move a folder within the same NTFS volume
In Windows Explorer, select C:\Temp3, and then move it to C:\Temp1.
What happens to the permissions and ownership for C:\Temp1\Temp3? Why?
The Backup Operators group has Read & Execute permission and the Users group has Full Control. The Administrators group is the owner of C:\Temp1\Temp3.
C:\Temp1\Temp3 retains the original permissions as C:\Temp3. This is because when a file or folder is moved within the same NTFS volume, the file or folder retains its original permissions. Even though User84 did the moving, the folder's creator remains the owner.
Exercise 3: Deleting a File With All Permissions Denied
· To view the result of the Full Control permission for a folder
In Windows Explorer, double-click Noaccess.txt in the Fullaccess folder to open the file.
Were you successful? Why or why not?
No. The Everyone group has been denied the Full Control permission for C:\ FullControl\Noaccess.txt. The Administrator user account is a member of the Everyone group.
Delete Noaccess.txt.
Were you successful? Why or why not?
Yes, because Full Control includes the Delete Subfolders and Files special permission for POSIX compliance. This special permission allows a user to delete files in the root of a folder to which the user has been assigned the Full Control permission. This permission overrides the file permissions.
How would you prevent users with Full Control permission for a folder from deleting a file in that folder for which they have been denied the Full Control permission?
Allow users all of the individual permissions, and then deny users the Delete Subfolders and Files special permission.
Review Questions
What is the default permission when a volume is formatted with NTFS? Who has access to the volume?
The default permission is Full Control. The Everyone group has access to the volume.
If a user has Write permission for a folder and is also a member of a group with Read permission for the folder, what are the user's effective permissions for the folder?
The user has both Read permission and Write permission for the folder because NTFS permissions are cumulative.
If you assign the Modify permission to a user account for a folder and the Read permission for a file, and then you copy the file to that folder, which permission does the user have for the file?
The user can modify the file because the file inherits the Modify permission from the folder.
What happens to permissions that are assigned to a file when the file is moved from one folder to another folder on the same NTFS volume? What happens when the file is moved to a folder on another NTFS volume?
When the file is moved from one folder to another folder on the same NTFS volume, the file retains its permissions. When the file is moved to a folder on a different NTFS volume, the file inherits the permissions of the destination folder.
If an employee leaves the company, what must you do to transfer ownership of his or her files and folders to another employee?
You must be logged on as Administrator to take ownership of the employee's folders and files. Assign the Take Ownership special access permission to another employee to allow that employee to take ownership of the folders and files. Notify the employee to whom you assigned Take Ownership to take ownership of the folders and files.
What three details should you check when a user can't gain access to a resource?
Check the permissions that are assigned to the user account and to groups in which the user is a member.
Check whether the user account, or a group of which the user is a member, has been denied permission for the file or folder.
Check whether the folder or file has been copied to any other file or folder or moved to another volume. If it has, the permissions will have changed.
Chapter 15
Practice Questions
Lesson 1: Understanding Shared Folders
Practice: Applied Permissions
User101 is a member of Group1, Group2, and Group3. Group1 has Read permission and Group3 has Full Control permission for FolderA. Group2 has no permissions assigned for FolderA. What are User101's effective permissions for FolderA?
Since User101 gets the permissions of all groups, User101's effective permission for FolderA is Full Control, which also includes all capabilities of the Read permission.
User101 is also a member of the Sales group, which has the Read permission for FolderB. User101 has been denied the shared folder permission Full Control for FolderB as an individual user. What are User101's effective permissions for FolderB?
User101 has no access to FolderB. Even though User101 is a member of the Sales group, which has Read permission for FolderB, User101 has been denied Full Control access to FolderB. Denied permissions override all other permissions.
Lesson 4: Combining Shared Folder Permissions and NTFS Permissions
Practice: Managing Shared Folders
Exercise 1: Combining Permissions
In the first example, the Data folder is shared. The Sales group has the shared folder Read permission for the Data folder and the NTFS Full Control permission for the Sales subfolder.
What are the Sales group's effective permissions for the Sales subfolder when they gain access to the Sales subfolder by making a connection to the Data shared folder?
The Sales group has the Read permission for the Sales subfolder because when shared folder permissions are combined with NTFS permissions, the more restrictive permission applies.
In the second example, the Users folder contains user home folders. Each user home folder contains data that is accessible only to the user for whom the folder is named. The Users folder has been shared, and the Users group has the shared folder Full Control permission for the Users folder. User1 and User2 have the NTFS Full Control permission for only their home folder and no NTFS permissions for other folders. These users are all members of the Users group.
What permissions does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder? What are User1's permissions for the User2 subfolder?
User1 has the Full Control permission for the User1 subfolder because both the shared folder permission and the NTFS permission allow Full Control. User1 can't access the User2 subfolder because she or he has no NTFS permissions to gain access to it.
Exercise 2: Planning Shared Folders
Record your answers in the table.
You have two choices for permissions. You can rely entirely on NTFS permissions and assign Full Control for all shared folders to the Everyone group, or you can use shared folder permissions according to resource needs. The following suggested shared folders include required permissions if you decide to assign shared folder permissions.
Share Management Guidelines as MgmtGd. Assign the Full Control permission to the Managers group.
Share Data as Data. Assign the Full Control permission to the Administrators built-in group.
Share Data\Customer Service as CustServ. Assign the Change permission to the Customer Service group.
Share Data\Public as Public. Assign the Change permission to the Users built-in group.
Share Applications as Apps. Assign the Read permission to the Users built-in group and the Full Control permission to the Administrators built-in group.
Share Project Management as ProjMan. Assign the Change permission to the Managers group and the Full Control permission to the Administrators built-in group.
Share Database\Customers as CustDB. Assign the Change permission to the CustomerDBFull group, the Read permission to the CustomerDBRead group, and the Full Control permission to the Administrators built-in group.
Share Users as Users. Create a folder for every employee below this folder. Assign the Full Control permission to each employee for his or her own folder. Preferably, have Windows 2000 create the folder and assign permissions automatically when you create each user account.
Exercise 4: Assigning Shared Folder Permissions
· To assign Full Control to the Administrators group
Click OK.
Windows 2000 adds Administrators to the list of names with permissions.
Which type of access does Windows 2000 assign to Administrators by default?
The Read permission.
In the Permissions box, under Allow, click the Full Control check box.
Why did Windows Explorer also select the Change permission for you?
Full Control includes both the Change permission and the Read permission.
Exercise 5 (Optional): Connecting to a Shared Folder
· To connect a network drive to a shared folder by using the Map Network Drive command
To complete the connection, click Finish.
Windows 2000 displays the MktApps On 'PRO1' (P:) window.
How does Windows Explorer indicate that this drive points to a remote shared folder?
Windows Explorer uses an icon that shows a network cable attached to the drive. The network cable icon indicates a mapped network drive.
Exercise 8 (Optional): Testing NTFS and Shared Folder Permissions
· To test permissions for the Manuals folder when a user logs on locally
In the Manuals folder, attempt to create a file.
Were you successful? Why or why not?
No. Only Administrators have the NTFS permission to create and modify files in the Manuals folder.
· To test permissions for the Manuals folder when a user makes a connection over the network
In the Manuals window, attempt to create a file.
Were you successful? Why or why not?
No. Although the Users group has the Full Control shared folder permission for \\PRO1\MktApps, only Administrators have the NTFS permission to create and modify files in the Manuals folder.
· To test permissions for the Manuals folder when a user logs on over the network as Administrator
In the Manuals window, attempt to create a file.
Were you successful? Why or why not?
Yes. Administrator has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Manuals.
· To test permissions for the Public folder when a user makes a connection over the network
In the Public window, attempt to create a file.
Were you successful? Why or why not?
Yes. User1 has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Public.
Review Questions
When a folder is shared on a FAT volume, what does a user with the Full Control shared folder permissions for the folder have access to?
All folders and files in the shared folder.
What are the shared folder permissions?
Full Control, Change, and Read.
By default, what are the permissions that are assigned to a shared folder?
The Everyone group is assigned the Full Control permission.
When a folder is shared on an NTFS volume, what does a user with the Full Control shared folder permissions for the folder have access to?
Only the folder, but not necessarily any of the folder's contents. The user would also need NTFS permissions for each file and subfolder in the shared folder to gain access to those files and subfolders.
When you share a public folder, why should you use centralized data folders?
Centralized data folders enable data to be backed up easily.
What is the best way to secure files and folders that you share on NTFS partitions?
Put the files that you want to share in a shared folder and keep the default shared folder permission (the Everyone group with the Full Control permission for the shared folder). Assign NTFS permissions to users and groups to control access to all contents in the shared folder or to individual files.
Chapter 16
Review Questions
What two tasks must you perform to audit access to a file?
Set the audit policy for object access and configure the file for the type of access to audit.
Who can set up auditing for a computer?
By default, only members of the Administrators group can set up and administer auditing. You can also give other users the Manage Auditing and Security log user right, which is required to configure an audit policy and review audit logs.
When you view a security log, how do you determine whether an event failed or succeeded?
Successful events appear with a key icon; unsuccessful events appear with a lock icon.
If you click the Do Not Overwrite Events option in the Properties dialog box for an audit log, what happens when the log file becomes full?
Windows 2000 will stop. You must clear the log manually.
Chapter 17
Practice Questions
Lesson 1: Configuring Account Policies
Practice: Configuring Account Policies
Exercise 2: Configuring and Testing Additional Account Policies Settings
· To configure Account Policies settings
Use the Group Policy snap-in to configure the following Account Policies settings:
A user should have at least five different passwords before he or she accesses a previously used password.
After changing a password, a user must wait 24 hours before changing it again.
A user should change his or her password every three weeks.
Which settings did you use for each of the three listed items?
Set Enforce Password History to 5 so that a user must have at least five different passwords before he or she can access a previously used password.
Set Minimum Password Age to one day so that a user must wait 24 hours before he or she can change it again.
Set Maximum Password Age to 21 days so that a user must change his/her password every three weeks.
· To test Account Policies settings
Change your password to waters.
Were you successful? Why or why not?
You were successful because the minimum password length is set to 6, and the password waters contains six characters.
Change your password to papers.
Were you successful? Why or why not?
You weren't successful because you must wait 24 hours (one day) before you can change your password a second time. A Change Password dialog box appeared indicating that you can't change the password at this time.
Exercise 3: Configuring Account Lockout Policy
· To configure the Account Lockout Policy settings
Use Account Lockout Policy settings to do the following:
Lock out a user account after four failed logon attempts.
Lock out user accounts until the administrator unlocks the user account.
Which Account Lockout Policy settings did you use for each of the two conditions?
Set Account Lockout Threshold to 4 to lock out a user account after four failed logon attempts. When you set one of the three Account Lockout Policy options and the other two options have not been set, a dialog box appears indicating that the other two options will be set to default values.
Set Account Lockout Duration to 0 to have locked accounts remain locked until the administrator unlocks them.
Review Questions
Why would you want to force users to change passwords?
Forcing users to change passwords regularly will decrease the chances of an unauthorized person breaking into your computer. If a user account and password combination for your computer falls into unauthorized hands, forcing users to change their passwords regularly will cause the user account and password combination to fail and secure the computer.
Why would you want to control the length of the passwords used on your computers?
Longer passwords are more difficult to figure out because there are more characters to discover. In general, you want to do what you can to make it difficult to get unauthorized access to your computers.
Why would you want to lock out a user account?
If a user forgets his or her password, he or she can ask the administrator to reset the password. If someone repeatedly enters an incorrect password, the person is probably trying to gain unauthorized access to your computer. Setting a limit on the number of failed logon attempts and locking out any user account that exceeds this number makes it more difficult for someone to gain unauthorized access to your computers.
Why would you want to force users to press Ctrl+Alt+Delete before they can log on to your computers?
To increase security on your computers, you can force users to press Ctrl+Alt+Delete before they can log on. This key combination is recognized only by Windows and ensures that only Windows is receiving the password and not a Trojan horse program waiting to capture your password.
How do you prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box?
To prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box, click the Local Policies node in the console tree of the Local Security Settings window, and then click Security Options. In the details pane, right-click Do Not Display Last User Name In Logon Screen, click Security, and then disable this feature.
Chapter 18
Practice Questions
Lesson 1: Managing NTFS Compression
Practice: Managing NTFS Compression
Exercise 1: Compressing Files in an NTFS Partition
· To view the capacity and free space for drive C
Right-click drive C, and then click Properties.
Windows 2000 displays the Local Disk (C:) Properties dialog box with the General tab active.
What is the capacity of drive C?
Answers will vary.
What is the free space on drive C?
Answers will vary.
· To uncompress a folder
Click OK to close the CompTest2 Properties dialog box.
Since the CompTest2 folder is empty, Windows 2000 doesn't display the Confirm Attributes Changes dialog box asking you to specify whether to uncompress only this folder or this folder and all subfolders.
What indication do you have that the CompTest2 folder is no longer compressed?
The CompTest2 folder name is displayed in black.
Exercise 2: Copying and Moving Files
· To create a compressed file
Type Text1 and then press Enter.
How can you verify that Text1 is compressed?
The name of the file is displayed in blue. You could also check the properties for the file.
· To copy a compressed file to an uncompressed folder
Examine the properties for Text1 in the CompTest2 folder.
Is the Text1.txt file in the CompTest\CompTest2 folder compressed or uncompressed? Why?
Uncompressed. A new file inherits the compression attribute of the folder in which it is created.
· To move a compressed file to an uncompressed folder
Examine the properties of the Text1.txt file in the CompTest folder.
Is Text1.txt compressed or uncompressed?
Compressed.
Examine the properties of Text1.txt in the CompTest2 folder.
Is Text1.txt compressed or uncompressed? Why?
Compressed. When a file is moved to a new folder on the same partition, its compression attribute doesn't change.
Lesson 2: Managing Disk Quotas
Practice: Enabling and Disabling Disk Quotas
Exercise 1: Configuring Quota Management Settings
· To configure default quota management settings
On the Quota tab, click the Enable Quota Management check box.
What is the default disk space limit for new users?
1 KB.
· To configure quota management settings for a user
On the Quota tab of the Local Disk (C:) Properties dialog box, click the Quota Entries button.
Windows 2000 displays the Quota Entries For Local Disk (C:) window.
Are any user accounts listed? Why or why not?
Yes. The accounts listed are those that have logged on and gained access to drive C.
Click OK.
Windows 2000 displays the Add New Quota Entry dialog box.
What are the default settings for the user you just set a quota limit for?
Limit disk space to 10 MB and Set the warning level to 6 MB. These are the default settings that are selected for drive C.
· To test quota management settings
Copy the i386 folder from your CD-ROM to the User5 folder.
Windows 2000 Professional begins copying files from the i386 folder on the CD-ROM to a new i386 folder in the User5 folder on drive C. After copying several files, however, Windows 2000 displays the Error Copying File Or Folder dialog box indicating that there isn't enough room on the disk.
Why did you get this error message?
You have exceeded your quota limit and since the Deny Disk Space To Users Exceeding Quota Limit check box is selected, once you exceed your quota limit, you can't use more disk space.
Lesson 3: Increasing Security with EFS
Practice: Encrypting and Decrypting Files
Exercise 2: Testing the Encrypted Files
· To test an encrypted file
Start Windows Explorer and open the file File1.txt in the Secret folder.
What happens?
A Notepad dialog box appears indicating that Access Is Denied.
Review Questions
You are the administrator for a computer running Windows 2000 Professional. You want to restrict users to 25 MB of available storage space. How do you configure the volumes on the computer?
Format all volumes with NTFS and enable disk quotas for all of the volumes. Specify a limit of 25 MB and select the Deny Disk Space To Users Exceeding Quota Limit check box.
The Sales department archives legacy sales data on a network computer running Windows 2000 Professional. Several other departments share the computer. You have begun to receive complaints from users in other departments that the computer has little remaining disk space. What can you do to alleviate the problem?
Compress the folders that the Sales department uses to store archive data.
Your department has recently archived several gigabytes of data from a computer running Windows 2000 Professional to CD-ROMs. As users have been adding files to the computer, you have noticed that the computer has been taking longer than usual to gain access to the hard disk. How can you increase disk access time for the computer?
Use Disk Defragmenter to defragment files on the computer's hard disk.
Chapter 19
Practice Questions
Lesson 2: Backing Up Data
Practice: Backing Up Files
Exercise 1: Starting a Backup Job
· To back up files by using Backup wizard
Click Replace The Data On The Media With This Backup.
When is it appropriate to select the check box labeled Allow Only The Owner And The Administrator Access To The Backup Data And To Any Backups Appended To This Media?
Unless the data that is being backed up will be restored by anyone other than the person doing the backing up or an administrator, you should consider selecting this check box if you want to minimize the risk of unauthorized access to your data.
Exercise 2: Creating and Running an Unattended Backup Job
· To verify that the backup job was performed
Start Microsoft Windows Explorer and click drive C.
Does the Backup2.bkf file exist?
Yes.
Lesson 3: Restoring Data
Practice: Restoring Files
· To verify that the data was restored
Start Windows Explorer and expand drive C.
Does the Restored Data folder exist?
Yes.
What are the contents of the Restored Data folder?
The file Boot.ini.
Review Questions
If you want a user to perform backups, what do you need to do?
Make sure that the user is a member of the Administrators or Backup Operators groups.
You performed a normal backup on Monday. For the remaining days of the week, you want to back up only files and folders that have changed since the previous day. What backup type do you select?
Incremental. The incremental backup type backs up changes since the last markers were set and then clears the markers. Thus, for Tuesday through Friday, you back up only changes since the previous day.
What are the considerations for using tapes as your backup media?
Tapes are a less expensive medium and are more convenient for large backups because of their higher storage capacity. However, the medium deteriorates with time and thus has a limited lifespan.
You are restoring a file that has the same name as a file on the volume to which you are restoring. You aren't sure which is the most current version. What do you do?
Do not replace the file. Restore the file to another location, and then compare the two files.
Chapter 20
Review Questions
Why would you want to monitor access to network resources?
For performing maintenance tasks that require making resources unavailable, you want to notify users before making the resource unavailable. To maintain a network's security, you need to monitor which users are gaining access to which resources. For planning purposes, you want to determine which resources are being used and how often they are being used.
What can you monitor on a network with the Computer Management snap-in or the Shared Folders snap-in?
You can monitor the number of users who have a current connection to the computer that you are monitoring, the files to which users are currently gaining access and which users are currently gaining access to each file, the shared folders to which users are currently gaining access on the network, and how many users have a connection to each folder. You can monitor all this information on the computer where you are physically located or on a remote computer.
Why would you send an administrative message to users with current connections?
To inform the users that you are about to disconnect them from the resource so that you can perform a backup or restore operation, upgrade software or hardware, or shut down the computer.
What can you do to prevent a user from reconnecting to a shared folder after you have disconnected the user from the shared folder?
To prevent all users from reconnecting, stop sharing the folder. To prevent only one user from reconnecting, change the permissions for the folder so that the user no longer has access, and then disconnect the user from the shared folder.
How can you create and manage shares on a remote computer?
To create and manage shares on a remote folder, use the MMC to create a custom console and add the Shared Folders snap-in to it. When you add the Shared Folders snap-in, you specify the remote computer on which you want to create and manage shares. When adding the Shared Folders snap-in to the console, you can also select the Allow The Selected Computer To Be Changed When Launching From The Command Line check box so that you can choose the remote computer on which you want to create and manage shares.
Chapter 21
Review Questions
What are the advantages of using L2TP over using PPTP?
L2TP supports more types of internetworks, it supports header compression, and it cooperates with IPSec for encryption.
While you're using the Network Connection wizard, you must configure two new settings regarding sharing the connection. Describe the difference between these two settings.
The settings are whether you want to allow others that use the computer to use the connection (access to the connection) and whether you want to allow other computers to access resources through this port (sharing the connection once it is established).
What is callback and when might you want to enable it?
The callback feature causes the remote server to disconnect and call back the client attempting to access the remote server. By using callback, you can have the bill for the phone call charged to your phone number rather than to the phone number of the user who called in. You can also use callback to increase security by specifying the callback number. Even if an unauthorized user calls in, the system calls back at the number you specified, not the number of the unauthorized user.
Chapter 22
Practice Questions
Lesson 5: Using the Recovery Console
Practice: Using the Windows 2000 Recovery Console
Exercise 1: Troubleshooting a Windows 2000 Installation
· To create a system boot failure
Restart the computer.
What error do you receive when attempting to restart the computer?
NTLDR is missing. Press Ctrl+Alt+Del to restart.
Review Questions
What are the five major phases of the boot process for Intel-based computers?
The boot process for Intel-based computers includes the preboot sequence, boot sequence, kernel load, kernel initialization, and logon phases.
What are the various Safe Mode advanced boot options for booting Windows 2000, and how do they differ?
The Safe Mode option loads only the basic devices and drivers required to start the system, including the mouse, keyboard, mass storage devices, base video, and the standard/default set of system services.
The Safe Mode With Networking option loads the devices and drivers loaded with the Safe Mode option, but it also loads the services and drivers required for networking.
The Safe Mode With Command Prompt option is identical to the Safe Mode option, but it launches a command prompt instead of Windows Explorer.
What are the two sections of the Boot.ini file, and what information does each section contain?
The two sections of the Boot.ini file are [boot loader] and [operating systems]. The [boot loader] section of Boot.ini specifies the default operating system and provides a timeout value.
The [operating systems] section of Boot.ini contains the list of operating systems that appear in the Boot Loader Operating System Selection menu. Each entry includes the path to the operating system and the name that appears in the Boot Loader Operating System Selection menu (the text between the quotation marks). Each entry can also contain optional parameters.
You install a new device driver for a SCSI adapter in your computer. When you restart the computer, however, Windows 2000 stops responding after the kernel load phase. How can you get Windows 2000 to restart successfully?
Select the Last Known Good Configuration option to use the LastKnownGood configuration control to start Windows 2000 because it doesn't contain any reference to the new, and possibly faulty, driver.
Chapter 23
Review Questions
How do you install the Windows 2000 deployment tools, such as the Setup Manager Wizard and the System Preparation tool?
To install the Windows 2000 Setup Tools, display the contents of the Deploy.cab file, which is located in the Support\Tools folder on the Windows 2000 CD-ROM. Select all the files you want to extract, right-click a selected file, and then select Extract from the menu. You will be prompted for a destination, the location and name of a folder, for the extracted files.
Which five resources are required to use Remote Installation Services to install Windows 2000 Professional?
A Windows 2000 Server with RIS installed, a DNS server available on the network, a DHCP server available on the network, a Windows 2000 domain to provide Active Directory directory services, and client computers that meet the Net PC specification or have a boot floppy to connect to the RIS server.
Which utility is provided to create boot floppies and how do you access it?
Windows 2000 ships with the Windows 2000 Remote Boot Disk Generator, rbfg.exe, which is used to create boot disks. It is found on the RIS Server in the folder where the Windows 2000 Professional installation files are stored. The path is RemoteInst\Admin\i386\rbfg.exe.
You are planning on installing 45 computers with Windows 2000 Professional. You have determined that these 45 computers have seven different network adapter cards. How can you determine whether these seven different types of network adapter cards are supported by the boot floppies you created?
The boot floppies created using Rbfg only support the PCI-based network adapters listed in the Adapters List. Start Rbfg.exe and then click the Adapter List button to see the list of supported adapters.
You have a laptop running Windows 95 and you want to upgrade it to Windows 2000. The computer has 16 MB of RAM, and this can be upgraded to 24 MB. Can you upgrade this computer to Windows 2000? If not, how would you make it so this computer was able to access Active Directory directory services?
No, Windows 2000 Professional requires at least 32 MB of memory. You can install the Directory Service Client for Windows 95 or 98. The laptop would then be able to access Active Directory directory services.
Name at least two problems the System Preparation tool resolves that makes creating and copying a master disk image to other computers much simpler to do.
The System Preparation tool adds a system service to the master image that will create a unique local domain security ID (SID) the first time the computer to which the master image is copied is started.
The System Preparation tool adds a Mini-Setup wizard to the master disk image that runs the first time the computer to which the master image is copied is started. It guides the user through entering the user-specific information such as the end-user license agreement, the Product ID, user name, company name, and time zone selection.
The System Preparation tool causes the master image to force the computer on which the master image is copied to run a full Plug and Play device detection, so that peripherals, such as the network adapter, the video adapter, and sound cards on the computer on which the disk image was copied need not be identical to the ones on the computer on which the image was generated.
Chapter 24
Review Questions
A friend of yours just installed Windows 2000 Professional on his home computer. He called you to help him configure APM, and when you told him to double-click Power Options in Control Panel and click on the APM tab, he told you he did not have an APM tab. What is the most likely reason there is no APM tab?
The most likely reason there is no APM is that his computer does not have an APM-based BIOS installed. When Windows 2000 does not detect an APM-based BIOS, Setup does not install APM and there is no APM tab in the Power Options Properties dialog box.
A user calls the help desk in a panic. She spent 15 hours editing a proposal as an offline file at her house. Over the weekend, her boss came in and spent about four hours editing the same proposal. She needs to synchronize the files, but she doesn't want to lose her edits or those made by her boss. What can she do?
If both her cached offline copy of the file and the network copy of the file are edited, she should rename her version of the file so that both copies will exist on her hard disk and on the network. She could then compare the two and edit her version, adding any edits made by her boss.
Many commercial airlines require you to turn off portable computers during certain portions of a flight. Does placing your computer in Hibernate mode comply with these airline requirements? Why or why not?
No. Hibernate mode makes your computer appear to be turned off, but it is not. You must shut down your computer to comply with these airline requirements.
Chapter 25
Practice Questions
Lesson 1: Using Device Manager and System Information
Practice: Using Device Manager and System Information
Exercise 2: Using System Information
· To use System Information
In the details pane, double-click Hardware Resources, and then double-click IRQs.
Are there any IRQs being shared?
Answer will vary.
Review Questions
Your boss has started to manually assign resource settings to all devices, including Plug and Play devices, and wants you to finish the job. What should you do?
Explain to your boss that it is not a good idea to manually change or assign resource settings for Plug and Play devices. Windows 2000 arbitrates resources, but if you manually assign them, then Windows 2000 will not be able to arbitrate the assigned resources if requested by another Plug and Play device.
Once you have convinced your boss that this is not a good idea, start Device Manager. Plug and Play devices have a Resources tab on their Properties page. You can free the resource settings that were manually assigned and allow Windows 2000 to again arbitrate the resources by selecting the Use Automatic Settings check box on the Resources tab.
What benefits do you gain by Microsoft digitally signing all system files?
Windows 2000 drivers and operating system files are digitally signed by Microsoft to ensure the files have not been tampered with. Some applications overwrite existing operating files as part of their installation process. These files may cause system errors that are difficult to troubleshoot. Device Manager allows you to look at the Driver tab and verify that the digital signer of the installed driver is correct. This can save you many frustrating hours of trying to resolve problems caused by a file that replaced one or more original operating system drivers.
What are three ways Microsoft has provided to help you make sure the files on your system have the correct digital signature?
Windows 2000 provides Device Manager, which allows you to verify that the digital signer of the installed driver is correct. Windows 2000 also provides two utilities to verify the digital signatures. The first utility is the File Signature Verification utility, sigverif. Windows 2000 also provides System File Checker (SFC), a command-line utility that you can use to check the digital signature of files.
You receive a call at the Help desk from a user who is trying to configure her fax settings, and she tells you that she does not have an Advanced Options tab. What could the problem be?
For the Advanced Options tab to display, the user must be logged on as Administrator or have administrator privileges.
[Previous] [Next]
Appendix B -- Creating Setup Boot Disks
Unless your computer supports booting from a CD-ROM drive, you must have the four Windows 2000 Professional Setup disks to complete the installation of Microsoft Windows 2000 Professional. To create these Setup disks, complete the following procedure.
Label the four 1.44 MB disks with the appropriate product name, as follows:
Windows 2000 Professional Setup Boot Disk
Windows 2000 Professional Setup Disk #2
Windows 2000 Professional Setup Disk #3
Windows 2000 Professional Setup Disk #4
Insert the Microsoft Windows 2000 Professional CD-ROM into the CD-ROM drive.
If the Windows 2000 CD-ROM dialog box appears prompting you to upgrade to Windows 2000, click No.
Open a Command Prompt window.
At the command prompt, change to your CD-ROM drive. For example, if your CD-ROM drive letter is E, type e: and press Enter.
At the command prompt, change to the Bootdisk folder by typing cd bootdisk and pressing Enter.
With Bootdisk as the active folder, type makeboot a: (where a: is the floppy disk drive) and then press Enter.
Windows 2000 displays a message indicating that this script creates the four Windows 2000 Setup disks for installing from a CD-ROM. It also indicates that four blank formatted floppy disks are required.
Press any key to continue.
Windows 2000 displays a message prompting you to insert the disk labeled Disk 1. (This is the disk you labeled Windows 2000 Professional Setup Boot Disk.)
Insert the blank formatted disk labeled Windows 2000 Professional Setup Boot Disk into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 2.
Remove Disk 1, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #2 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 3.
Remove Disk #2, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #3 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 4.
Remove Disk 3, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #4 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message indicating that the imaging process is done.
At the command prompt, type exit and then press Enter.
Remove the disk from drive A and the CD-ROM from the CD-ROM drive.
[Previous] [Next]
Appendix C -- Understanding the DHCP Service
The Dynamic Host Configuration Protocol (DHCP) Service in Microsoft Windows 2000 centralizes and manages the allocation of Microsoft Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information by assigning Internet Protocol (IP) addresses automatically to computers that are configured as DHCP clients. Implementing the DHCP Service can eliminate many of the configuration problems associated with configuring TCP/IP manually.
To introduce you to DHCP, the following six topics are covered in this appendix:
The Bootstrap Protocol (BOOTP)
Manual versus automatic TCP/IP configuration
The requirements for a server running the DHCP Service
The requirements for DHCP clients
The DHCP lease process
IP lease renewal and release
The Bootstrap Protocol
The Bootstrap Protocol, based on the User Datagram Protocol/Internet Protocol (UDP/IP), enables a booting host to configure itself dynamically. DHCP is an extension of BOOTP, which enables diskless clients to start up and automatically configure TCP/IP. Each time that a DHCP client starts, it requests IP addressing information from a DHCP server, including the following:
An IP address
A subnet mask
Optional values, such as the following:
A default gateway address
A Domain Name System (DNS) server address
A Windows Internet Name Service (WINS) server address
When a DHCP server receives a request for an IP address, it selects IP addressing information from a pool of addresses that are defined in its database and offers the IP addressing information to the DHCP client, as shown in Figure C.1. If the client accepts the offer, the DHCP server leases the IP addressing information to the client for a specified period of time.
Figure C.1 A DHCP server provides IP addresses to DHCP clients
Manual Versus Automatic TCP/IP Configuration
To understand why the DHCP Service is beneficial for configuring TCP/IP on clients, it is useful to contrast the manual method of configuring TCP/IP with the automatic method using DHCP, as shown in Table C.1.
Table C.1 Configuring TCP/IP Manually Versus Using the DHCP Service
Configuring TCP/IP manually
Configuring TCP/IP using DHCP
Users can pick an IP address randomly rather than obtaining a valid IP address from the network administrator. Using incorrect addresses can lead to network problems that can be difficult to trace to the source.
Users no longer need to acquire IP addressing information from an administrator to configure TCP/IP. The DHCP Service supplies all the necessary configuration information to all the DHCP clients.
Typing the IP address, subnet mask, or default gateway can lead to problems ranging from difficulty communicating, if the default gateway or subnet mask is incorrect, to problems associated with a duplicate IP address.
Correct configuration information ensures correct configuration, which eliminates most difficult-to-trace network problems.
There is administrative overhead for networks if you frequently move computers from one subnet to another. For example, you must change the IP address and default gateway address for a client to communicate from a new location.
Having servers running the DHCP Service on each subnet eliminates the overhead of having to manually reconfigure IP addresses, subnet masks, and default gateways when you move computers from one subnet to another.
To implement DHCP, you must install and configure the DHCP Service on at least one computer running Windows 2000 Server within the TCP/IP network. The computer can be configured as a domain controller or as a stand-alone server. In addition, for DHCP to function properly, you must configure the server and all of the clients.
Requirements for a Server Running the DHCP Service
A DHCP server requires a computer running Windows 2000 Server that is configured with the following:
The DHCP Service.
A static IP address (it can't be a DHCP client itself), subnet mask, default gateway (if necessary), and other TCP/IP parameters.
A DHCP scope. A scope is a range of IP addresses that are available for lease or assignment to clients.
Requirements for DHCP Clients
A DHCP client requires a computer that is DHCP-enabled and running any of the following supported operating systems:
Windows 2000, Windows NT Server version 3.51 or later, or Windows NT Workstation version 3.51 or later.
Microsoft Windows 95 or later.
Windows for Workgroups version 3.11 running Microsoft TCP/IP-32, which is included on the Windows 2000 Server CD-ROM.
Microsoft Network Client version 3 for Microsoft MS-DOS with the real-mode TCP/IP driver, which is included on the Windows 2000 Server CD-ROM.
LAN Manager version 2.2c, which is included on the Windows 2000 Server CD-ROM. LAN Manager 2.2c for OS/2 is not supported.
The DHCP Lease Process
To understand the DHCP lease process, you must first understand when the lease process occurs. The DHCP lease process occurs when one of the following events happens:
TCP/IP is initialized for the first time on a DHCP client.
A client requests a specific IP address and is denied, possibly because the DHCP server dropped the lease.
A client previously leased an IP address but released the IP address and requires a new one.
DHCP uses a four-phase process to lease IP addressing information to a DHCP client for a specific period of time: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK. (See Figure C.2.)
Figure C.2 The DHCP lease process
The DHCPDISCOVER Phase
The first phase in the DHCP lease process is DHCPDISCOVER. To begin the DHCP lease process, a client initializes a limited version of TCP/IP and broadcasts a DHCPDISCOVER message requesting the location of a DHCP server and IP addressing information. Because the client doesn't know the IP address of a DHCP server, the client uses 0.0.0.0 as the source address and 255.255.255.255 as the destination address.
The DHCPDISCOVER message contains the client's hardware address and computer name so that the DHCP servers can determine which client sent the request.
The DHCPOFFER Phase
The second phase in the DHCP lease process is DHCPOFFER. All DHCP servers that receive the IP lease request and have a valid client configuration broadcast a DHCPOFFER message that includes the following information:
The client's hardware address
An offered IP address
A subnet mask
The length of the lease
A server identifier (the IP address of the offering DHCP server)
The DHCP server sends a broadcast because the client doesn't yet have an IP address. The DHCP client selects the IP address from the first offer that it receives. The DHCP server that is issuing the IP address reserves the address so that it can't be offered to another DHCP client.
The DHCPREQUEST Phase
The third phase in the DHCP lease process occurs after the client receives a DHCPOFFER from at least one DHCP server and selects an IP address. The client broadcasts a DHCPREQUEST message to all DHCP servers, indicating that it has accepted an offer. The DHCPREQUEST message includes the server identifier (IP address) of the server whose offer it accepted. All other DHCP servers then retract their offers and retain their IP addresses for the next IP lease request.
The DHCPACK Phase
The final phase in a successful DHCP lease process occurs when the DHCP server issuing the accepted offer broadcasts a successful acknowledgment to the client in the form of a DHCPACK message. This message contains a valid lease for an IP address and possibly other configuration information.
When the DHCP client receives the acknowledgment, TCP/IP is completely initialized and the client is considered a bound DHCP client. Once bound, the client can use TCP/IP to communicate on the network.
The DHCPNACK Message
If the DHCPREQUEST is not successful, the DHCP server broadcasts a negative acknowledgement (DHCPNACK). A DHCP server broadcasts a DHCPNACK if
The client is trying to lease its previous IP address, and the IP address is no longer available.
The IP address is invalid because the client physically has been moved to a different subnet.
When the client receives an unsuccessful acknowledgment, it resumes the DHCP lease process.
NOTE
If a computer has multiple network adapters that are bound to TCP/IP, the DHCP process occurs separately over each adapter. The DHCP Service assigns a unique IP address to each adapter in the computer that is bound to TCP/IP.
IP Lease Renewal and Release
All DHCP clients attempt to renew their lease when 50 percent of the lease time has expired. To renew its lease, a DHCP client sends a DHCPREQUEST message directly to the DHCP server from which it obtained the lease. If the DHCP server is available, it renews the lease and sends the client a DHCPACK message with the new lease time and any updated configuration parameters, as shown in Figure C.3. The client updates its configuration when it receives the acknowledgment.
Figure C.3 Renewing an IP lease
NOTE
Each time a DHCP client restarts, it attempts to lease the same IP address from the original DHCP server. If the lease request is unsuccessful and lease time is still available, the DHCP client continues to use the same IP address until the next attempt to renew the lease.
If a DHCP client can't renew its lease with the original DHCP server at the 50 percent interval, the client broadcasts a DHCPREQUEST to contact any available DHCP server when 87.5 percent of the lease time has expired. Any DHCP server can respond with a DHCPACK message (renewing the lease) or a DHCPNACK message (forcing the DHCP client to reinitialize and obtain a lease for a different IP address).
If the lease expires, or if a DHCPNACK message is received, the DHCP client must immediately discontinue using that IP address. The DHCP client then begins the DHCP lease process to lease a new IP address.
Using Ipconfig to Renew a Lease
Use the ipconfig command with the /renew switch to send a DHCPREQUEST message to the DHCP server to receive updated options and lease time. If the DHCP server is unavailable, the client continues using the current DHCP- supplied configuration options.
Using Ipconfig to Release a Lease
Use the ipconfig command with the /release switch to cause a DHCP client to send a DHCPRELEASE message to the DHCP server and to release its lease. This is useful when you are moving a client to a different network and the client will not need its previous lease. TCP/IP communications with the client will stop after you issue this command.
Microsoft DHCP clients don't initiate DHCPRELEASE messages when shutting down. If a client remains shut down for the length of its lease (and the lease is not renewed), the DHCP server might assign that client's IP address to a different client after the lease expires. A client has a better chance of receiving the same IP address during initialization if it doesn't send a DHCPRELEASE message.
[Previous] [Next]
Appendix D -- Managing Backup Tapes
If you use tapes as your backup medium, consider the distinction between rotating tapes and archiving tapes. Rotating tapes means reusing them when the data stored on them is no longer viable for restoring. This common practice helps to lower the cost of backing up data. Archiving tapes means storing the tape to keep a record of the data rather than as prevention against data loss. When you archive a tape, you remove that tape from the tape rotation. Archived tapes are useful for maintaining a record of data for a specific date and time, such as employee records at the end of a fiscal year.
Rotating and Archiving Tapes
The following two examples provide strategies for rotating and archiving tapes.
Rotation and Archive Example 1
The following table illustrates one strategy for rotating and archiving tapes and is explained below.
Monday
Tuesday
Wednesday
Thursday
Friday
Week 1
Tape 1
Tape 2
Tape 3
Tape 4
Tape 5(Archive)
Week 2
Tape 1(Replace or Append)
Tape 2(Replace or Append)
Tape 3(Replace or Append)
Tape 4(Replace or Append)
Tape 6(Archive)
Week 1. The backup job for each day of the week is on a different tape. The backup tape for Friday is archived and removed from rotation.
Week 2. For this week, you reuse the tapes for the same day of the week (the Monday backup job is on the previous Monday tape 1). You can either replace or append to the existing backup job. However, on Friday, use a new tape that you archive and remove from rotation.
Rotation and Archive Example 2
The following table illustrates another strategy for rotating and archiving tapes and is explained below.
Monday
Tuesday
Wednesday
Thursday
Friday
Week 1
Tape 1
Tape 1(Append)
Tape 1(Append)
Tape 1(Append)
Tape 2(Archive)
Week 2
Tape 1
Tape 1(Append)
Tape 1(Append)
Tape 1(Append)
Tape 3(Archive)
Week 1. The backup job for each day of the week, except Friday, is on the same tape. The backup tape for Friday is archived and removed from rotation. Use the same tape for the Monday through Thursday backup jobs and append each new backup job to the previous one. The Friday backup job is on a different tape (tape 2) that you archive and remove from rotation.
Week 2. For this week, reuse the tape from the previous week (tape 1) for all backup jobs. The Friday backup job is on a tape (tape 3) that is different from the one that you used the previous Friday. You archive and remove this tape from rotation.
Determining the Number of Tapes Required
When determining the number of tapes you need, consider the tape rotation and archival schedule, the amount of the data that you back up, and the tape life cycle.
The life cycle of a tape depends on the tape itself and storage conditions. Follow the tape manufacturer's usage guidelines. If your company doesn't have a suitable storage facility, consider using a third-party company that specializes in offsite storage for backup media.
[Previous] [Next]
Glossary
A
access control entry (ACE) The entries on the access control list (ACL) that control user account or group access to a resource. The entry must allow the type of access that is requested (for example, Read access) for the user to gain access. If no ACE exists in the ACL, the user can't gain access to the resource or folder on an NTFS partition.
access control list (ACL) The ACL contains a list of all user accounts and groups that have been granted access for the file or folder on an NTFS partition or volume, as well as the type of access that they have been granted. When a user attempts to gain access to a resource, the ACL must contain an entry, called an access control entry (ACE), for the user account or group to which the user belongs. See alsoaccess control entry.
access permissions Features that control access to shared resources in Windows 2000.
Account See user account.
account lockout A Windows 2000 security feature that locks a user account if a number of failed logon attempts occur within a specified amount of time, based on account policy lockout settings. (Locked accounts can't log on.) Account policy controls how passwords must be used by all user accounts in an individual computer or in a domain.
ACE See access control entry.
ACL See access control list.
Active Directory directory services The directory services included in Windows 2000 Server products. These directory services identify all resources on a network and make them accessible to users and applications.
Address Resolution Protocol (ARP) A protocol that determines hardware addresses (MAC addresses) that correspond to an IP address.
ADSL See asymmetric digital subscriber line (ADSL).
agent A program that performs a background task for a user and reports to the user when the task is done or when some expected event has taken place.
American National Standards Institute (ANSI) An organization of American industry and business groups dedicated to the development of trade and communications standards. ANSI is the American representative to the International Organization for Standardization (ISO). See also International Organization for Standardization (ISO).
American Standard Code for Information Interchange (ASCII) A coding scheme that assigns numeric values to letters, numbers, punctuation marks, and certain other characters. By standardizing the values used for these characters, ASCII enables computers and computer programs to exchange information.
ANSI See American National Standards Institute (ANSI).
application layer The top (seventh) layer of the OSI reference model. This layer serves as the window that application processes use to access network services. It represents the services that directly support user applications, such as software for file transfers, database access, and e-mail.
application programming interface (API) A set of routines that an application program uses to request and carry out lower-level services performed by the operating system.
application protocol A protocol that works at the higher end of the OSI reference model, providing application-to-application interaction and data exchange. Popular application protocols include File Transfer Access and Management (FTAM), a file access protocol; Simple Mail Transfer Protocol (SMTP), a TCP/IP protocol for transferring e-mail; Telnet, a TCP/IP protocol for logging on to remote hosts and processing data locally; and NetWare Core Protocol (NCP), the primary protocol used to transmit information between a NetWare server and its clients.
ARP See Address Resolution Protocol (ARP).
asymmetric digital subscriber line (ADSL) A recent modem technology that converts existing twisted-pair telephone lines into access paths for multimedia and high-speed data communications. These new connections can transmit more than 8 Mbps to the subscriber and up to 1 Mbps from the subscriber. ADSL is recognized as a physical layer transmission protocol for unshielded twisted-pair media.
asynchronous transfer mode (ATM) An advanced implementation of packet switching that provides high-speed data transmission rates to send fixed-size cells over broadband LANs or WANs. Cells are 53 bytes—48 bytes of data with five additional bytes of address. ATM accommodates voice, data, fax, real-time video, CD-quality audio, imaging, and multimegabit data transmission. ATM uses switches as multiplexers to permit several computers to put data on a network simultaneously. Most commercial ATM boards transmit data at about 155 Mbps, but theoretically, a rate of 1.2 gigabits per second is possible.
asynchronous transmission A form of data transmission in which information is sent one character at a time, with variable time intervals between characters. Asynchronous transmission doesn't rely on a shared timer that allows the sending and receiving units to separate characters by specific time periods. Therefore, each transmitted character consists of a number of data bits (that compose the character itself), preceded by a start bit and ending in an optional parity bit followed by a 1-, 1.5-, or 2-stop bit.
ATM See asynchronous transfer mode (ATM).
auditing A process that tracks network activities by user accounts and a routine element of network security. Auditing can produce records or list users who have accessed—or attempted to access—specific resources; help administrators identify unauthorized activity; and track activities such as logon attempts, connection and disconnection from designated resources, changes made to files and directories, server events and modifications, password changes, and logon parameter changes.
audit policy A policy that defines the types of security events that Windows 2000 records in the security log on each computer.
authentication A verification based on user name, passwords, and time and account restrictions.
B
back end In a client/server application, the part of the program that runs on the server.
backup A duplicate copy of a program, a disk, or data, made to secure valuable files from loss.
backup job A single process of backing up data.
Bandwidth Allocation Protocol (BAP) A PPP control protocol that helps provide bandwidth on demand. BAP dynamically controls the use of multilinked lines and is an efficient mechanism for controlling connection costs while dynamically providing optimum bandwidth.
BAP See Bandwidth Allocation Protocol (BAP).
base I/O port A port that specifies a channel through which information is transferred between a computer's hardware, such as the network interface card (NIC), and its CPU.
base memory address A setting that defines the address of the location in a computer's memory (RAM) that is used by the NIC. This setting is sometimes called the RAM start address.
baud A measure of data-transmission speed named after the French engineer and telegrapher Jean-Maurice-Emile Baudot. It is a measure of the speed of oscillation of the sound wave on which a bit of data is carried over telephone lines. Because baud was originally used to measure the transmission speed of telegraph equipment, the term sometimes refers to the data-transmission speed of a modem. However, current modems can send at a speed higher than 1-bit per oscillation, so baud is being replaced by the more accurate bps (bits per second) as a measure of modem speed.
baud rate The speed at which a modem can transmit data. Often confused with bps (the number of bits per second transmitted), baud rate actually measures the number of events, or signal changes, that occur in one second. Because one event can actually encode more than one bit in high-speed digital communication, baud rate and bps are not always synonymous, and the latter is the more accurate term to apply to modems. For example, the 9600-baud modem that encodes 4-bits per event actually operates at 2400 baud but transmits at 9600 bps (2400 events times 4-bits per event), and thus should be called a 9600-bps modem.
binary synchronous communications protocol (bisync) A communications protocol developed by IBM. Bisync transmissions are encoded in either ASCII or EBCDIC. Messages can be of any length and are sent in units called frames that are optionally preceded by a message header. Because bisync uses synchronous transmission, in which message elements are separated by a specific time interval, each frame is preceded and followed by special characters that enable the sending and receiving machines to synchronize their clocks.
bind A term used to describe the association of two pieces of information with one another.
binding A process that establishes the communication channel between network components on different levels to enable communication between those components. For example, the binding of a protocol driver (such as TCP/IP) and a network adapter.
bit A short word for binary digit: either 1 or 0 in the binary number system. In processing and storage, a bit is the smallest unit of information handled by a computer. It is represented physically by an element such as a single pulse sent through a circuit or a small spot on a magnetic disk capable of storing either a 1 or 0. Eight bits make a byte.
bits per second (bps) A measure of the speed at which a device can transfer data. See also baud rate.
bit time The time it takes for each station to receive and store a bit.
boot-sector virus A type of virus that resides in the first sector of a floppy disk or hard disk. When the computer is booted, the virus executes. In this common method of transmitting viruses from one floppy disk to another, the virus replicates itself onto the new disk each time a new disk is inserted and accessed.
bottleneck A device or program that significantly degrades network performance. Poor network performance results when a device uses noticeably more CPU time than it should, consumes too much of a resource, or lacks the capacity to handle the load. Potential bottlenecks can be found in the CPU, memory, NIC, and other components.
Bps See bits per second (bps).
broadcast A transmission sent simultaneously to more than one recipient. In communication and on networks, a broadcast message is one distributed to all stations or computers on the network.
broadcast storm An event that occurs when so many broadcast messages are on the network that they approach or surpass the capacity of the network bandwidth. This can happen when one computer on the network transmits a flood of frames saturating the network with traffic so it can no longer carry messages from any other computer. Such a broadcast storm can shut down a network.
buffer A reserved portion of RAM in which data is held temporarily, pending an opportunity to complete its transfer to or from a storage device or another location in memory.
built-in groups One type of group account used by Microsoft Windows 2000. Built-in groups, as the name implies, are included with the network operating system. Built-in groups have been granted useful collections of rights and built-in abilities. In most cases, a built-in group provides all the capabilities needed by a particular user. For example, if a user account belongs to the built-in Administrators group, logging on with that account gives the user administrative capabilities. See also user account.
Bus Parallel wires or cabling that connect components in a computer.
Byte A unit of information consisting of 8 bits. In computer processing or storage, a byte is equivalent to a single character, such as a letter, numeral, or punctuation mark. Because a byte represents only a small amount of information, amounts of computer memory are usually given in kilobytes (1,024 bytes, or 2 raised to the 10th power), megabytes (1,048,576 bytes, or 2 raised to the 20th power), gigabytes (1,024 megabytes), terabytes (1,024 gigabytes), petabytes (1,024 terabytes), or exabytes (1,024 petabytes).
C
cache A special memory subsystem or part of RAM in which frequently used data values are duplicated for quick access. A memory cache stores the contents of frequently accessed RAM locations and the addresses where these data items are stored. When the processor references an address in memory, the cache checks to See whether it holds that address. If it does hold the address, the data is returned to the processor; if it doesn't, regular memory access occurs. A cache is useful when RAM accesses are slow as compared to the microprocessor speed.
callback A Windows 2000 feature that you can set to cause the remote server to disconnect and call back the client attempting to access the remote server. This reduces the client's phone bill by having the call charged to the remote server's phone number. The callback feature can also improve security by calling back the phone number that you specified.
central processing unit (CPU) The computational and control unit of a computer, the device that interprets and carries out instructions. Single-chip CPUs, called microprocessors, made personal computers possible. Examples include the 80286, 80386, 80486, and Pentium processors.
client A computer that accesses shared network resources provided by another computer, called a server.
client/server A network architecture designed around the concept of distributed processing in which a task is divided between a back end (server), which stores and distributes data, and a front end (client), which requests specific data from the server.
codec (compressor/decompressor) A compression/decompression technology for digital video and stereo audio.
companion virus A virus that uses the name of a real program but has a different file extension from that of the program. The virus is activated when its companion program is opened. The companion virus uses a .COM file extension, which overrides the .EXE file extension and activates the virus.
compression state The state of each file and folder on an NTFS volume. the compression state that can be either compressed or uncompressed.
CPU See central processing unit (CPU).
D
database management system (DBMS) A layer of software between the physical database and the user. The DBMS manages all requests for database action from the user, including keeping track of the physical details of file locations and formats, indexing schemes, and so on. In addition, a DBMS permits centralized control of security and data integrity requirements.
data encryption See encryption.
data encryption standard (DES) A commonly used, highly sophisticated algorithm developed by the U.S. National Bureau of Standards for encrypting and decoding data. See also encryption.
data frames Logical, structured packages in which data can be placed. Data being transmitted is segmented into small units and combined with control information such as message-start and message-end indicators. Each package of information is transmitted as a single unit, called a frame. The data-link layer packages raw bits from the physical layer into data frames. The exact format of the frame used by the network depends on the topology. See also frame.
data-link layer The second layer in the OSI reference model. This layer packages raw bits from the physical layer into data frames. See also Open Systems Interconnection (OSI) reference model.
data stream An undifferentiated, byte-by-byte flow of data.
DBMS See database management system (DBMS).
defragmenting The process of finding and consolidating fragmented files and folders. Defragmenting involves moving the pieces of each file or folder to one location so that each file or folder occupies a single, contiguous space on the hard disk. The system can then gain access to files and folders and save them more efficiently.
DES See data encryption standard (DES).
device A generic term for a computer subsystem. Printers, serial ports, and disk drives are referred to as devices.
DHCP See Dynamic Host Configuration Protocol (DHCP).
digital A system that encodes information numerically, such as 0 and 1, in a binary context. Computers use digital encoding to process data. A digital signal is a discrete binary state, either on or off.
digital line A communication line that carries information only in binary-encoded (digital) form. To minimize distortion and noise interference, a digital line uses repeaters to regenerate the signal periodically during transmission.
digital video disc (DVD) Also known as a digital versatile disc, an optical storage medium with higher capacity and bandwidth than a compact disc. A DVD can hold a full-length film with up to 133 minutes of high-quality video, in MPEG-2 format, and audio.
direct memory access (DMA) Memory access that doesn't involve the microprocessor, frequently employed for data transfer directly between memory and an "intelligent" peripheral device such as a disk drive.
direct memory access (DMA) channel A channel for direct memory access that doesn't involve the microprocessor, providing data transfer directly between memory and a disk drive.
Directory A storage space for information about network resources, as well as all the services that make the information available and useful. The resources stored in the Directory, such as user data, printers, servers, databases, groups, computers, and security policies, are known as objects. The Directory is part of Active Directory directory services.
directory service A network service that identifies all resources on a network and makes them accessible to users and applications.
disk duplexing See disk mirroring; fault tolerance.
disk duplicating See disk mirroring.
diskless computers Computers that have neither a floppy disk nor a hard disk. Diskless computers depend on special ROM to provide users with an interface through which they can log on to the network.
disk mirroring A technique, also known as disk duplicating, in which all or part of a hard disk is duplicated onto one or more hard disks, each of which ideally is attached to its own controller. With disk mirroring, any change made to the original disk is simultaneously made to the other disk or disks. Disk mirroring is used in situations in which a backup copy of current data must be maintained at all times. See also disk striping; fault tolerance.
disk striping A technique that divides data into 64 K blocks and spreads it equally in a fixed rate and order among all disks in an array. However, disk striping doesn't provide any fault tolerance because there is no data redundancy. If any partition in the set fails, all data is lost. See also disk mirroring; fault tolerance.
distribution server A server that stores the distribution folder structure, which contains the files needed to install a product—for example, Windows 2000.
DMA See direct memory access (DMA).
DMA channel See direct memory access (DMA) channel.
DNS See Domain Name System (DNS).
domain For Microsoft networking, a collection of computers and users that share a common database and security policy that are stored on a computer running Windows 2000 Server and configured as a domain controller. Each domain has a unique name. See also workgroup.
domain controller For Microsoft networking, the Windows 2000 Server-based computer that authenticates domain logons and maintains the security policy and master database for a domain.
domain name space The naming scheme that provides the hierarchical structure for the DNS database.
Domain Name System (DNS) A general-purpose, distributed, replicated data-query service used primarily on the Internet for translating host names into Internet addresses.
downtime The amount of time a computer system or associated hardware remains nonfunctional. Although downtime can occur because hardware fails unexpectedly, it can also be a scheduled event, such as when a network is shut down to allow time for maintaining the system, changing hardware, or archiving files.
driver A software component that permits a computer system to communicate with a device. For example, a printer driver is a device driver that translates computer data into a form understood by the target printer. In most cases, the driver also manipulates the hardware to transmit the data to the device.
dual in-line package (DIP) switch One or more small rocker or sliding switches that can be set to one of two states—closed or open—to control options on a circuit board.
DVD See digital video disc (DVD).
Dynamic Host Configuration Protocol (DHCP) A protocol for automatic TCP/IP configuration that provides static and dynamic address allocation and management. See also Transport Control Protocol/Internet Protocol (TCP/IP).
E
EAP See Extensible Authentication Protocol (EAP).
EBCDIC See Extended Binary Coded Decimal Interchange Code (EBCDIC).
effective permissions The sum of the NTFS permissions assigned to the user account and to all of the groups to which the user belongs. If a user has Read permission for a folder and is a member of a group with Write permission for the same folder, then the user has both Read and Write permission for the folder.
EISA See Extended Industry Standard Architecture (EISA).
encryption The process of making information indecipherable to protect it from unauthorized viewing or use, especially during transmission or when the data is stored on a transportable magnetic medium. A key is required to decode the information. See also data encryption standard (DES).
Enhanced Small Device Interface (ESDI) A standard that can be used with high-capacity hard disks and tape drives to enable high-speed communication with a computer. ESDI drivers typically transfer data at about 10 Mbps.
ESDI See Enhanced Small Device Interface (ESDI).
event An action or occurrence to which a program might respond. Examples of events are mouse clicks, key presses, and mouse movements. Also, any significant occurrence in the system or in a program that requires users to be notified or an entry to be added to a log.
exabyte See byte.
Extended Binary Coded Decimal Interchange Code (EBCDIC) A coding scheme developed by IBM for use with IBM mainframes and PCs as a standard method of assigning binary (numeric) values to alphabetic, numeric, punctuation, and transmission-control characters.
Extended Industry Standard Architecture (EISA) A 32-bit bus design for x86-based computers introduced in 1988. EISA was specified by an industry consortium of nine computer-industry companies (AST Research, Compaq, Epson, Hewlett-Packard, NEC, Olivetti, Tandy, Wyse, and Zenith). An EISA device uses cards that are upwardly compatible from ISA. See also Industry Standard Architecture (ISA).
Extensible Authentication Protocol (EAP) An extension to the Point-to-Point Protocol (PPP) that works with Dial-Up, PPTP, and L2TP clients. EAP allows for an arbitrary authentication mechanism to validate a dial-in connection. The exact authentication method to be used is negotiated by the dial-in client and the remote access server.
F
fault tolerance The ability of a computer or an operating system to respond to an event such as a power outage or a hardware failure in such a way that no data is lost and any work in progress is not corrupted.
Fiber Distributed Data Interface (FDDI) A standard developed by ANSI for high-speed, fiber-optic local area networks. FDDI provides specifications for transmission rates of 100 Mbps on networks based on the Token Ring standard.
file infector A type of virus that attaches itself to a file or program and activates any time the file is used. Many subcategories of file infectors exist. See also companion virus; macro virus; polymorphic virus; stealth virus.
File Transfer Protocol (FTP) A process that provides file transfers between local and remote computers. FTP supports several commands that allow bidirectional transfer of binary and ASCII files between computers. The FTP client is installed with the TCP/IP connectivity utilities. See also American Standard Code for Information Interchange (ASCII), Transport Control Protocol/Internet Protocol (TCP/IP).
firewall A security system, usually a combination of hardware and software, intended to protect a network against external threats coming from another network, including the Internet. Firewalls prevent an organization's networked computers from communicating directly with computers that are external to the network, and vice versa. Instead, all incoming and outgoing communication is routed through a proxy server outside the organization's network. Firewalls also audit network activity, recording the volume of traffic and information about unauthorized attempts to gain access. See also proxy server.
firmware Software routines stored in ROM. Unlike RAM, ROM stays intact even in the absence of electrical power. Startup routines and low-level I/O instructions are stored in firmware.
flow control The regulation of the flow of data through routers to ensure that no segment becomes overloaded with transmissions.
forest A grouping or hierarchical arrangement of one or more domain trees that form a disjointed namespace.
frame A package of information transmitted on a network as a single unit. Frame is a term most often used with Ethernet networks. A frame is similar to the packet used in other networks. See also data frames; packet.
frame preamble Header information, added to the beginning of a data frame in the physical layer of the OSI reference model.
frame relay An advanced, fast-packet, variable-length digital packet-switching technology. It is a point-to-point system that uses a private virtual circuit (PVC) to transmit variable-length frames at the data-link layer of the OSI reference model. Frame relay networks can also provide subscribers with bandwidth, as needed, that allows users to make nearly any type of transmission.
front end In a client/server application, refers to the part of the program carried out on the client computer.
FTP See File Transfer Protocol (FTP).
full-duplex transmission Communication that takes place simultaneously, in both directions. Also called duplex transmission. See also half-duplex transmission.
G
gateway A device used to connect networks using different protocols so that information can be passed from one system to the other. Gateways functions at the network layer of the OSI reference model.
Gb See gigabit.
GB See gigabyte.
gigabit A unit of measure that equals 1,073,741,824 bits. Also referred to as 1 billion bits.
gigabyte A unit of measure that commonly refers to 1 thousand megabytes. However, the precise meaning often varies with the context. A gigabyte is 1 billion bytes. In the context of computing, bytes are often expressed in multiples of powers of 2. Therefore, a gigabyte can also be either 1,000 megabytes or 1,024 megabytes, where a megabyte is considered to be 1,048,576 bytes (2 raised to the 20th power).
global catalog A service and a physical storage location that contains a replica of selected attributes for every object in Active Directory directory services.
global group One type of group account used by Microsoft Windows 2000. Used across an entire domain, global groups are created on domain controllers in the domain in which the user accounts reside. Global groups can contain user accounts only from the domain in which the global group is created. Members of global groups obtain resource permissions when the global group is added to a local group. See also group.
group In networking, an account containing other accounts that are called members. The permissions and rights granted to a group are also provided to its members; thus, groups offer a convenient way to grant common capabilities to collections of user accounts. For Windows 2000, groups are managed with the Computer Management snap-in. For Windows 2000 Server, groups are managed with the Active Directory Users and Computers snap-in.
H
half-duplex transmission Communication that takes place in either direction, but not both directions at the same time. See also full-duplex transmission.
handshaking A term applied to modem-to- modem communication. Refers to the process by which information is transmitted between the sending and receiving devices to maintain and coordinate data flow between them. Proper handshaking ensures that the receiving device will be ready to accept data before the sending device transmits.
hard disk One or more inflexible platters coated with material that allows the magnetic recording of computer data. A typical hard disk rotates at up to 7,200 revolutions per minute (RPM), and the read/write heads ride over the surface of the disk on a cushion of air 10 to 25 millionths of an inch deep. A hard disk is sealed to prevent contaminants from interfering with the close head-to-disk tolerances. Hard disks provide faster access to data than floppy disks and are capable of storing much more information. Because platters are rigid, they can be stacked so that one hard-disk drive can access more than one platter. Most hard disks have between two and eight platters.
hardware The physical components of a computer system, including any peripheral equipment such as printers, modems, and mouse devices.
hardware compatibility list (HCL) A list of computers and peripherals that have been tested and have passed compatibility testing with the product for which the HCL is being developed. For example, the Windows 2000 HCL lists the products that have been tested and found to be compatible with Windows 2000.
hardware loopback A connector on a computer that is useful for troubleshooting hardware problems, allowing data to be transmitted to a line and then returned as received data. If the transmitted data doesn't return, the hardware loopback detects a hardware malfunction.
HCL See hardware compatibility list (HCL).
HDLC See High-Level Data Link Control (HDLC).
header In network data transmission, one of the three sections of a packet component. It includes an alert signal to indicate that the packet is being transmitted, the source address, the destination address, and clock information to synchronize transmission.
hertz (Hz) The unit of frequency measurement. Frequency measures how often a periodic event occurs, such as the manner in which a wave's amplitude changes with time. One hertz equals one cycle per second. Frequency is often measured in kilohertz (KHz, 1000 Hz), megahertz (MHz), gigahertz (GHz, 1000 MHz), or terahertz (THz, 10,000 GHz).
High-Level Data Link Control (HDLC) A widely accepted international protocol developed by the International Organization for Standardization (ISO) that governs information transfer. HDLC is a bit-oriented, synchronous protocol that applies to the data-link (message packaging) layer of the OSI reference model. Under the HDLC protocol, data is transmitted in frames, each of which can contain a variable amount of data, but which must be organized in a particular way. See also data frames; frame.
host See server.
hot fixing See sector sparing.
HTML See Hypertext Markup Language (HTML).
Hypertext Markup Language (HTML) A language developed for writing pages for the World Wide Web. HTML allows text to include codes that define fonts, layout, embedded graphics, and hypertext links. Hypertext provides a method for presenting text, images, sound, and videos that are linked together in a nonsequential web of associations.
Hypertext Transport Protocol (HTTP) The method by which World Wide Web pages are transferred over the network.
I
ICM See Image Color Management (ICM) 2.
ICMP See Internet Control Message Protocol (ICMP).
IDE See Integrated Device Electronics (IDE).
IEEE See Institute of Electrical and Electronics Engineers (IEEE).
IEEE Project 802 A networking model developed by the IEEE and named for the year and month it began (February 1980). Project 802 defines LAN standards for the physical and data-link layers of the OSI reference model. Project 802 divides the data-link layer into two sublayers: media access control (MAC) and logical link control (LLC).
Image Color Management (ICM) 2 An operating system API that helps ensure that the colors you see on your monitor match those on your scanner and printer.
Industry Standard Architecture (ISA) An unofficial designation for the bus design of the IBM Personal Computer (PC) PC/XT. It allows various adapters to be added to the system by inserting plug-in cards into expansion slots. Commonly, ISA refers to the expansion slots themselves; such slots are called 8-bit slots or 16-bit slots. See also Extended Industry Standard Architecture (EISA); Micro Channel Architecture.
infrared transmission Electromagnetic radiation with frequencies in the electromagnetic spectrum in the range just below that of visible red light. In network communications, infrared technology offers extremely high transmission rates and wide bandwidth in line-of-sight communications.
Institute of Electrical and Electronics Engineers (IEEE) An organization of engineering and electronics professionals, noted in networking for developing the IEEE 802.x standards for the physical and data-link layers of the OSI reference model, applied in a variety of network configurations.
Integrated Device Electronics (IDE) A type of disk-drive interface in which the controller electronics reside on the drive itself, eliminating the need for a separate network interface card. The IDE interface is compatible with the Western Digital ST-506 controller.
Integrated Services Digital Network (ISDN) A worldwide digital communication network that evolved from existing telephone services. The goal of the ISDN is to replace current telephone lines, which require digital-to-analog conversions, with completely digital switching and transmission facilities capable of carrying data ranging from voice to computer transmissions, music, and video. The ISDN is built on two main types of communications channels: B channels, that carry voice, data, or images at a rate of 64 Kbps (kilobits per second), and a D channel, that carries control information, signaling, and link-management data at 16 Kbps. Standard ISDN Basic Rate desktop service is called 2B+D. Computers and other devices connect to ISDN lines through simple standardized interfaces.
interfaces Boundaries that separate the layers from each other. For example, in the OSI reference model, each layer provides some service or action that prepares the data for delivery over the network to another computer.
International Organization for Standardization (ISO) An organization made up of standards- setting groups from various countries. For example, the United States member is the American National Standards Institute (ANSI). The ISO works to establish global standards for communications and information exchange. Primary among its accomplishments is development of the widely accepted OSI reference model. Note that the ISO is often wrongly identified as the International Standards Organization, probably because of the abbreviation ISO; however, ISO is derived from isos, which means equal in Greek, rather than an acronym.
Internet Control Message Protocol (ICMP) A protocol used by IP and higher-level protocols to send and receive status reports about information being transmitted.
Internet Protocol (IP) The TCP/IP protocol for packet forwarding. See also Transport Control Protocol/Internet Protocol (TCP/IP).
Internet Protocol Security (IPSec) A framework of open standards for ensuring secure private communications over IP networks by using cryptographic security services.
Internetworking The intercommunication in a network that is made up of smaller networks.
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) A protocol stack that is used in Novell networks. IPX is the NetWare protocol for packet forwarding and routing. It is a relatively small and fast protocol on a LAN, is a derivative of Xerox Network System (XNS), and supports routing. SPX is a connection-oriented protocol used to guarantee the delivery of the data being sent. NWLink is the Microsoft implementation of the IPX/SPX protocol.
Interoperability The ability of components in one system to work with components in other systems.
interrupt request (IRQ) An electronic signal sent to a computer's CPU to indicate that an event has taken place that requires the processor's attention.
IP See Internet Protocol (IP). See also Transport Control Protocol/Internet Protocol (TCP/IP).
ipconfig A diagnostic command that displays all current TCP/IP network configuration values. It is of particular use on systems running DHCP because it allows users to determine which TCP/IP configuration values have been configured by the DHCP server. See also winipcfg.
IPSec See Internet Protocol Security (IPSec).
IPX/SPX See Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/SPX).
IRQ See interrupt request (IRQ).
ISA See Industry Standard Architecture (ISA).
ISDN See Integrated Services Digital Network (ISDN).
ISO See International Organization for Standardization (ISO).
J
jumper A small plastic-and-metal plug or wire for connecting different points in an electronic circuit. Jumpers are used to select a particular circuit or option from several possible configurations. You can use jumpers on network interface cards to select the type of connection through which the card will transmit, either DIX or BNC.
K
Kevlar A brand name of the DuPont Corporation for the fibers in the reinforcing layer of plastic that surrounds each glass strand of a fiber-optic connector. The name is sometimes used generically.
key In database management, an identifier for a record or group of records in a data file. Most often, the key is defined as the contents of a single field, called the key field in some database management programs and the index field in others. Keys are maintained in tables and are indexed to speed record retrieval. Keys also refer to code that deciphers encrypted data.
kilo (K) A measurement that refers to 1,000 in the metric system. In computing terminology, because computing is based on powers of 2, kilo is most often used to mean 1,024 (2 raised to the 10th power). To distinguish between the two contexts, a lowercase k is often used to indicate 1,000 and an uppercase K is used for 1,024. A kilobyte is 1,024 bytes.
kilobit (Kbit) A measurement that equals 1,024 bits. See also bit; kilo (K).
kilobyte (KB) A measurement that refers to 1,024 bytes. See also byte; kilo (K).
L
L2TP See Layer-Two Tunneling Protocol (L2TP).
LAN See local area network (LAN).
LAN requester See requester (LAN requester).
laser transmission A wireless network that uses a laser beam to carry data between devices.
LAT See local area transport (LAT).
layering The coordination of various protocols in a specific architecture that allows the protocols to work together to ensure that the data is prepared, transferred, received, and acted upon as intended.
Layer-Two Tunneling Protocol (L2TP) A protocol whose primary purpose is to create an encrypted tunnel through an untrusted network. L2TP is similar to PPTP in that it provides tunneling, but it doesn't provide encryption. L2TP provides a secure tunnel by cooperating with other encryption technologies such as IPSec. L2TP functions with IPSec to provide a secure virtual private network solution.
link The communication system that connects two LANs. Equipment that provides the link, including bridges, routers, and gateways.
local area network (LAN) Computers connected in a geographically confined network, such as in the same building, campus, or office park.
local area transport (LAT) A nonroutable protocol from Digital Equipment Corporation.
local group One type of group account used by Microsoft Windows 2000. Implemented in each local computer's account database, local groups contain user accounts and other global groups that need to have access, rights, and permissions assigned to a resource on a local computer. Local groups can't contain other local groups.
local user The user at the computer.
logical link control (LLC) sublayer One of two sublayers created by the IEEE Project 802 out of the data-link layer of the OSI reference model. The LLC is the upper sublayer that manages data-link communication and defines the use of logical interface points, called service access points (SAPs), used by computers to transfer information from the LLC sublayer to the upper OSI layers. See also media access control (MAC) sublayer; service access point (SAP).
M
macro virus A file-infector virus named because it is written as a macro for a specific application. Macro viruses are difficult to detect and they are becoming more common, often infecting widely used applications, such as word-processing programs. When an infected file is opened, the virus attaches itself to the application and then infects any files accessed by that application. See also file infector.
Mb See megabit (Mb).
MB See megabyte (MB).
Mbps See millions of bits per second (Mbps).
media The cable or wire that connects the vast majority of LANs today, which acts as the LAN transmission medium and carries data between computers.
media access control (MAC) driver The device driver located at the media access control sublayer of the OSI reference model. This driver is also known as the NIC driver. It provides low-level access to NICs by providing data-transmission support and some basic NIC management functions. These drivers also pass data from the physical layer to transport protocols at the network and transport layers.
media access control (MAC) sublayer One of two sublayers created by the IEEE Project 802 out of the data-link layer of the OSI reference model. The MAC sublayer communicates directly with the network interface card and is responsible for delivering error-free data between two computers on the network. See also logical link control (LLC) sublayer.
megabit (Mb) A measurement that is usually 1,048,576 bits; sometimes interpreted as 1 million bits. See also bit.
megabyte (MB) A measurement that is usually 1,048,576 bytes (2 raised to the 20th power); sometimes interpreted as 1 million bytes. See also byte.
Micro Channel Architecture The design of the bus in IBM PS/2 computers (except models 25 and 30). The Micro Channel is electrically and physically incompatible with the IBM PC/AT bus. Unlike the PC/AT bus, the Micro Channel functions as either a 16-bit or 32-bit bus. The Micro Channel can also be driven independently by multiple bus master processors. See also Extended Industry Standard Architecture (EISA); Industry Standard Architecture (ISA).
Microcom Network Protocol (MNP) The standard for asynchronous data-error control developed by Microcom Systems. The method works so well that other companies have adopted not only the initial version of the protocol, but later versions as well. Currently, several modem vendors incorporate MNP Classes 2, 3, 4, and 5.
Microsoft Technical Information Network (TechNet) A network that provides informational support for all aspects of networking, with an emphasis on Microsoft products.
millions of bits per second (Mbps) The unit of measurement of supported transmission rates on the following physical media: coaxial cable, twisted-pair cable, and fiber-optic cable. See also bit.
MNP See Microcom Network Protocol (MNP).
mobile computing A technique that incorporates wireless adapters using cellular telephone technology to connect portable computers with the cabled network.
modem A communication device that enables a computer to transmit information over a standard telephone line. Because a computer is digital, it works with discrete electrical signals representing binary 1 and binary 0. A telephone is analog and carries a signal that can have many variations. Modems are needed to convert digital signals to analog and back. When transmitting, modems impose (modulate) a computer's digital signals onto a continuous carrier frequency on the telephone line. When receiving, modems sift out (demodulate) the information from the carrier and transfer it in digital form to the computer.
multitasking A mode of operation offered by an operating system in which a computer works on more than one task at a time. The two primary types of multitasking are preemptive and nonpreemptive. In preemptive multitasking, the operating system can take control of the processor without the task's cooperation. In nonpreemptive multitasking, the processor is never taken from a task. The task itself decides when to give up the processor. A true multitasking operating system can run as many tasks as it has processors. When there are more tasks than processors, the computer must "time slice" so that the available processors devote a certain amount of time to one task and then move on to the next task, alternating between tasks until all the tasks are completed.
N
Name Binding Protocol (NBP) An Apple protocol responsible for keeping track of entities on the network and matching names with Internet addresses. It works at the transport layer of the OSI reference model.
namespace Any bounded area in which a name can be resolved. Name resolution is the process of translating a name into some object or information that the name represents. The Active Directory namespace is based on the DNS naming scheme, which allows for interoperability with Internet technologies.
NBP See Name Binding Protocol (NBP).
nbtstat A diagnostic command that displays protocol statistics and current TCP/IP connections using NetBIOS over TCP/IP (NetBT). This command is available only if the TCP/IP protocol has been installed. See also netstat.
NDIS See Network Driver Interface Specification (NDIS).
NetBIOS Enhanced User Interface (NetBEUI) A protocol supplied with all Microsoft network products. NetBEUI advantages include small stack size (important for MS-DOS-based computers), speed of data transfer on the network medium, and compatibility with all Microsoft-based networks. The major drawback of NetBEUI is that it is a LAN transport protocol and therefore does not support routing. It is also limited to Microsoft-based networks.
netstat A diagnostic command that displays protocol statistics and current TCP/IP network connections. This command is available only if the TCP/IP protocol has been installed. See also nbtstat.
NetWare Core Protocol (NCP) A protocol that defines the connection control and service- request encoding that make it possible for clients and servers to interact. This is the protocol that provides transport and session services. NetWare security is also provided within this protocol.
network In the context of computers, a system in which a number of independent computers are linked together to share data and peripherals, such as hard disks and printers.
network adapter card See network interface card (NIC).
network basic input/output system (NetBIOS) An application programming interface (API) that can be used by application programs on a LAN consisting of IBM-compatible microcomputers running MS-DOS, OS/2, or some version of UNIX. Primarily of interest to programmers, NetBIOS provides application programs with a uniform set of commands for requesting the lower-level network services required to conduct sessions between nodes on a network and transmit information between them.
Network Driver Interface Specification (NDIS) A standard that defines an interface for communication between the media access control (MAC) sublayer and protocol drivers. NDIS allows for a flexible environment of data exchange. It defines the software interface, called the NDIS interface, which is used by protocol drivers to communicate with the network interface card. The advantage of NDIS is that it offers protocol multiplexing so that multiple protocol stacks can be used at the same time. See also Open Data-Link Interface (ODI).
network interface card (NIC) An expansion card installed in each computer and server on the network. The NIC acts as the physical interface or connection between the computer and the network cable.
network layer The third layer in the OSI reference model. This layer is responsible for addressing messages and translating logical addresses and names into physical addresses. This layer also determines the route from the source to the destination computer. It determines which path the data should take based on network conditions, priority of service, and other factors. It also manages traffic problems such as switching, routing, and controlling the congestion of data packets on the network. See also Open Systems Interconnection (OSI) reference model.
network monitors Monitors that track all or a selected part of network traffic. They examine frame-level packets and gather information about packet types, errors, and packet traffic to and from each computer.
NIC See network interface card (NIC).
node On a LAN, a device that is connected to the network and is capable of communicating with other network devices. For example, clients, servers, and repeaters are called nodes.
nonpreemptive multitasking A form of multitasking in which the processor is never taken from a task. The task itself decides when to give up the processor. Programs written for nonpreemptive multitasking systems must include provisions for yielding control of the processor. No other program can run until the nonpreemptive program gives up control of the processor. See also multitasking; preemptive multitasking.
Novell NetWare One of the leading network architectures.
O
Object A distinct, named set of attributes that represent a network resource. Object attributes are characteristics of objects in the Directory. For example, the attributes of a user account might include the user's first and last names, department, and e-mail address.
ODI See Open Data-Link Interface (ODI).
ohm The unit of measurement for electrical resistance. A resistance of 1 ohm will pass 1 ampere of current when a voltage of 1 volt is applied. A 100-watt incandescent bulb has a resistance of approximately 130 ohms.
Open Data-Link Interface (ODI) A specification defined by Novell and Apple to simplify driver development and to provide support for multiple protocols on a single network interface card. Similar to NDIS in many respects, ODI allows Novell NetWare drivers to be written without concern for the protocol that will be used on top of them.
Open Shortest Path First (OSPF) A routing protocol for IP networks, such as the Internet, that allows a router to calculate the shortest path to each node for sending messages.
Open Systems Interconnection (OSI) reference model A seven-layer architecture that standardizes levels of service and types of interaction for computers exchanging information through a network. It is used to describe the flow of data between the physical connection to the network and the end-user application. This model is the best-known and most widely used model for describing networking environments. Following is the OSI seven-layer focus from highest to lowest level:
7. application layer. Program-to-program transfer of information
6. presentation layer. Text formatting and display-code conversion
5. session layer. Establishing, maintaining, and coordinating communication
4. transport layer. Accurate delivery and service quality
3. network layer. Transport routes, message handling, and transfer
2. data-link layer. Coding, addressing, and transmitting information
1. physical layer. Hardware connections
organizational unit (OU) A container that you use to organize objects within a domain into logical administrative groups. An OU can contain objects such as user accounts, groups, computers, printers, applications, file shares, and so on.
OSI See Open Systems Interconnection (OSI) reference model.
OSPF See Open Shortest Path First (OSPF).
P
packet A unit of information transmitted as a whole from one device to another on a network. In packet-switching networks, a packet is defined more specifically as a transmission unit of fixed maximum size that consists of binary digits representing data; a header containing an identification number, source, and destination addresses; and sometimes error-control data. See also frame.
packet assembler/disassembler (PAD) A device that breaks large chunks of data into packets, usually for transmissions over an X.25 network, and reassembles them at the other end. See also packet switching.
Packet Internet Groper (ping) A simple utility that tests whether a network connection is complete, from the server to the workstation, by sending a message to the remote computer. If the remote computer receives the message, it responds with a reply message. The reply consists of the remote workstation's IP address, the number of bytes in the message, how long it took to reply-given in milliseconds (ms)-and the length of Time to Live (TTL) in seconds. Ping works at the IP level and will often respond even when higher level TCP-based services cannot.
packet switching A message delivery technique in which small units of information (packets) are relayed through stations in a computer network along the best route available between the source and the destination. Data is broken into smaller units and then repacked in a process called packet assembler/disassembler (PAD). Although each packet can travel along a different path, and the packets composing a message can arrive at different times or out of sequence, the receiving computer reassembles the original message. Packet-switching networks are considered fast and efficient. Standards for packet switching on networks are documented in the CCITT recommendation X.25.
PAD See packet assembler/disassembler (PAD).
page-description language (PDL) A language that communicates to a printer how printed output should appear. The printer uses the PDL to construct text and graphics to create the page image. PDLs are like blueprints in that they set parameters and features such as type sizes and fonts, but they leave the drawing to the printer.
paging file A special file on one or more of the hard disks of a computer running Windows 2000. Windows 2000 uses virtual memory to store some of the program code and other information in RAM and to temporarily store some of the program code and other information on the computer's hard disks. This increases the amount of available memory on the computer.
parity An error-checking procedure in which the number of 1s must always be the same—either odd or even—for each group of bits transmitted without error. Parity is used for checking data transferred within a computer or between computers.
partition A portion of a physical disk that functions as if it were a physically separate unit.
password-protected share The access to a shared resource that is granted when a user enters the appropriate password.
PDA See personal digital assistant (PDA).
PDL See page-description language (PDL).
PDN See public data network (PDN).
peer-to-peer network A network that has no dedicated servers or hierarchy among the computers. All computers are equal and, therefore, known as peers. Generally, each computer functions as both client and server.
peripheral A term used for devices such as disk drives, printers, modems, mouse devices, and joysticks that are connected to a computer and controlled by its microprocessor.
Peripheral Component Interconnect (PCI) A 32-bit local bus used in most Pentium computers and in the Apple Power Macintosh that meets most of the requirements for providing Plug and Play functionality.
permanent virtual circuit (PVC) A permanent logical connection between two nodes on a packet-switching network; similar to leased lines that are permanent and virtual, except that with PVC, the customer pays for only the time the line is used. This type of connection service is gaining importance because both frame relay and ATM use it. See also packet switching; virtual circuit.
permissions See access permissions.
personal digital assistant (PDA) A type of handheld computer that provides functions including personal organization features—like a calendar, note taking, database manipulation, calculator, and communications. For communication, a PDA uses cellular or wireless technology that is often built into the system but that can be supplemented or enhanced by means of a PC Card.
petabyte See byte.
phase change rewritable (PCR) A type of rewritable optical technology in which the optical devices come from one manufacturer (Matsushita/Panasonic) and the media comes from two (Panasonic and Plasmon).
physical layer The first (bottommost) layer of the OSI reference model. This layer addresses the transmission of the unstructured raw bit stream over a physical medium (the networking cable). The physical layer relates the electrical/optical, mechanical, and functional interfaces to the cable and also carries the signals that transmit data generated by all of the higher OSI layers. See also Open Systems Interconnection (OSI) reference model.
ping See Packet Internet Groper (ping).
Plug and Play (PnP) A capability that enables a computer system to automatically configure a device added to it. Plug and Play capability exists in Macintoshes based on the NuBus and, since Windows 95, on PC-compatible computers. Also refers to specifications developed by Intel and Microsoft that allow a PC to configure itself automatically to work with peripherals such as monitors, modems, and printers.
point-to-point configuration Dedicated circuits that are also known as private, or leased, lines. They are the most popular WAN communication circuits in use today. The carrier guarantees full-duplex bandwidth by setting up a permanent link from each endpoint, using bridges and routers to connect LANs through the circuits. See also Point-to-Point Protocol (PPP); Point-to-Point Tunneling Protocol (PPTP).
Point-to-Point Protocol (PPP) A data-link protocol for transmitting TCP/IP packets over dial-up telephone connections, such as between a computer and the Internet. PPP was developed by the Internet Engineering Task Force in 1991.
Point-to-Point Tunneling Protocol (PPTP) An extension of the Point-to-Point Protocol that is used for communications on the Internet. Microsoft developed PPTP to support virtual private networks (VPNs), which allow individuals and organizations to use the Internet as a secure means of communication. PPTP supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection. See also virtual private network (VPN).
polymorphic virus A variant of a file-infector virus that is named for the fact that it changes its appearance each time it is replicated. This makes it difficult to detect because no two versions of the virus are exactly the same. See also file infector.
polyvinyl chloride (PVC) The material most commonly used for insulating and jacketing cable.
preemptive multitasking A form of multitasking (the ability of a computer's operating system to work on more than one task at a time). With preemptive multitasking—as opposed to nonpreemptive multitasking—the operating system can take control of the processor without the task's cooperation. See also nonpreemptive multitasking.
presentation layer The sixth layer of the OSI reference model. This layer determines the form used to exchange data between networked computers. At the sending computer, this layer translates data from a format sent down from the application layer into a commonly recognized, intermediary format. At the receiving end, this layer translates the intermediary format into a format useful to that computer's application layer. The presentation layer manages network security issues by providing services such as data encryption, provides rules for data transfer, and performs data compression to reduce the number of bits that need to be transmitted. See also Open Systems Interconnection (OSI) reference model.
print device The hardware device that produces printed documents.
print queue A buffer in which a print job is held until the printer is ready to print it.
print server The computer on which the printers that are associated with local and network- interface print devices reside. The print server receives and processes documents from client computers. You set up and share network printers on print servers.
printer The software interface between the operating system and the print device. The printer defines where a document will go to reach the print device, when it will go, and how various other aspects of the printing process will be handled.
printer driver One or more files containing information that Windows 2000 requires to convert print commands into a specific printer language, such as PostScript. A printer driver is specific to each print device model.
printer pool A printer that is connected to multiple print devices through multiple ports on a print server. The print server can be local or network-interface print devices. Print devices should be identical; however, you can use print devices that are not identical but use the same printer driver.
printer port The software interface through which a computer communicates with a print device by means of a locally attached interface. These supported interfaces include LPT, COM, USB, and network-attached devices such as the HP JetDirect and Intel NetPort.
Private Branch Exchange (PBX) or Private Auto-mated Branch Exchange (PABX) A switching telephone network that allows callers within an organization to place intraorganizational calls without going through the public telephone system.
protocol The system of rules and procedures that govern communication between two or more devices. Many varieties of protocols exist, and not all are compatible, but as long as two devices are using the same protocol, they can exchange data. Protocols exist within protocols, as well, governing different aspects of communication. Some protocols, such as the RS-232 standard, affect hardware connections. Other standards govern data transmission, including the parameters and handshaking signals such as XON/OFF used in asynchronous (typically, modem) communications, as well as such data-coding methods as bit- and byte-oriented protocols. Still other protocols, such as the widely used Xmodem, govern file transfer, and others, such as CSMA/CD, define the methods by which messages are passed around the stations on a LAN. Protocols represent attempts to ease the complex process of enabling computers of different makes and models to communicate. Additional examples of protocols include the OSI model, IBM's SNA, and the Internet suite, including TCP/IP. See also Systems Network Architecture (SNA); Transport Control Protocol/Internet Protocol (TCP/IP).
protocol driver The driver responsible for offering four or five basic services to other layers in the network, while "hiding" the details of how the services are actually implemented. Services performed include session management, datagram service, data segmentation and sequencing, acknowledgment, and possibly routing across a WAN.
protocol stack A layered set of protocols that work together to provide a set of network functions.
proxy server A firewall component that manages Internet traffic to and from a local area network (LAN). The proxy server decides whether it is safe to let a particular message or file pass through to the organization's network, providing access control to the network, and filters and discards requests as specified by the owner, including requests for unauthorized access to proprietary data. See also firewall.
public data network (PDN) A commercial packet-switching or circuit-switching WAN service provided by local and long-distance telephone carriers.
PVC See permanent virtual circuit (PVC).
R
RADIUS See Remote Authentication Dial-In User Service.
RAID See redundant array of independent disks (RAID).
random access memory (RAM) Semiconductor-based memory that can be read and written to by the microprocessor or other hardware devices. The storage locations can be accessed in any order. Note that the various types of ROM memory are also capable of random access. However, the term RAM is generally understood to refer to volatile memory, which can be written as well as read. See also read-only memory (ROM).
read-only memory (ROM) Semiconductor-based memory that contains instructions or data that can be read but not modified. See also random access memory (RAM).
redirector Networking software that accepts I/O requests for remote files, named pipes, or mail slots and sends (redirects) the requests to a network service on another computer.
reduced instruction set computing (RISC) A type of microprocessor design that focuses on rapid and efficient processing of a relatively small set of instructions. RISC design is based on the premise that most of the instructions that a computer decodes and executes are simple. As a result, RISC architecture limits the number of instructions that are built into the microprocessor but optimizes each so it can be carried out rapidly, usually within a single clock cycle. RISC chips execute simple instructions faster than microprocessors designed to handle a much wider array of instructions. However, they are slower than general-purpose complex instruction set computing (CISC) chips when executing complex instructions, which must be broken down into many machine instructions before they can be carried out by RISC microprocessors.
redundancy system A fault-tolerant system that protects data by duplicating it in different physical sources. Data redundancy allows access to data even if part of the data system fails. See also fault tolerance.
redundant An array of inexpensive disks (RAID). See also redundant array of independent disks (RAID).
redundant array of independent disks (RAID) A standardization of fault-tolerant options in five levels. The levels offer various combinations of performance, reliability, and cost. Formerly known as redundant array of inexpensive disks.
Remote Authentication Dial-In User Service (RADIUS) A security authentication protocol widely used by Internet Service Providers (ISPs). RADIUS provides authentication and accounting services for distributed dial-up networking.
remote-boot programmable read-only memory (PROM) A special chip in the network interface card that contains the hardwired code that starts the computer and connects the user to the network, used in computers for which there are no hard disks or floppy drives. See also diskless computers.
remote installation The process of connecting to a server running Remote Installation Services (RIS), called the RIS server, and then starting an automated installation of Windows 2000 Professional on a local computer.
remote user A user who dials in to the server over modems and telephone lines from a remote location.
requester (LAN requester) Software that resides in a computer and forwards requests for network services from the computer's application programs to the appropriate server. See also redirector.
resources Any part of a computer system. Users on a network can share computer resources, such as hard disks, printers, modems, CD-ROM drives, and even the processor.
rights The authorization with which a user is entitled to perform certain actions on a computer network. Rights apply to the system as a whole, whereas permissions apply to specific objects. For example, a user might have the right to back up an entire computer system, including the files that the user doesn't have permission to access. See also access permissions.
RISC See reduced instruction set computing (RISC).
ROM See read-only memory (ROM).
routable protocols The protocols that support multipath LAN-to-LAN communications. See also protocol.
router A device used to connect networks of different types, such as those using different architectures and protocols. Routers work at the network layer of the OSI reference model. This means they can switch and route packets across multiple networks, which they do by exchanging protocol-specific information between separate networks. Routers determine the best path for sending data and filter broadcast traffic to the local segment.
Routing Information Protocol (RIP) A protocol that uses distance-vector algorithms to determine routes. With RIP, routers transfer information among other routers to update their internal routing tables and use that information to determine the best routes based on hop counts between routers. TCP/IP and IPX support RIP.
RS-232 standard An industry standard for serial communication connections adopted by the Electrical Industries Association (EIA). This recommended standard defines the specific lines and signal characteristics used by serial communications controllers to standardize the transmission of serial data between devices.
S
SAP See service access point (SAP); Service Advertising Protocol (SAP).
schema A database description to the database management system that contains a formal definition of the contents and structure of Active Directory directory services, including all attributes, classes, and class properties. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which object class can be a parent of the current object class.
SCSI See Small Computer System Interface (SCSI).
SDLC See Synchronous Data Link Control (SDLC).
sector A portion of the data-storage area on a disk. A disk is divided into sides (top and bottom), tracks (rings on each surface), and sectors (sections of each ring). Sectors are the smallest physical storage units on a disk and are of fixed size—typically capable of holding 512 bytes of information apiece.
sector sparing A fault-tolerant system also called hot fixing. It automatically adds sector-recovery capabilities to the file system during operation. If bad sectors are found during disk I/O, the fault-tolerant driver will attempt to move the data to a good sector and map out the bad sector. If the mapping is successful, the file system is not alerted. It is possible for SCSI devices to perform sector sparing, but AT devices (ESDI and IDE) cannot.
security The act of making computers and data stored on them safe from harm or unauthorized access.
Security log A log that records security events. For example, valid and invalid logon attempts and events relating to creating, opening, or deleting files or other objects.
segment The length of cable on a network between two terminators. A segment can also refer to messages that have been broken up into smaller units by the protocol driver.
Sequenced Packet Exchange (SPX) Part of Novell's IPX/SPX protocol suite for sequenced data. See also Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/SPX).
Serial Line Internet Protocol (SLIP) As defined in RFC 1055, an internet protocol that is normally used on Ethernet over a serial line—for example, an RS-232 serial port connected to a modem.
serial transmission A one-way data transfer. The data travels on a network cable with one bit following another.
server A computer that provides shared resources to network users. See also client.
server-based network A network in which resource security and most other network functions are provided by dedicated servers. Server-based networks have become the standard model for networks serving more than 10 users. See also peer-to-peer network.
server message block (SMB) The protocol developed by Microsoft, Intel, and IBM that defines a series of commands used to pass information between network computers. The redirector packages SMB requests into a network control block (NCB) structure that can be sent over the network to a remote device. The network provider listens for SMB messages destined for it and removes the data portion of the SMB request so that it can be processed by a local device.
service access point (SAP) The interface between each of the seven layers in the OSI protocol stack that has connection points, similar to addresses, used for communication between layers. Any protocol layer can have multiple SAPs active at one time.
Service Advertising Protocol (SAP) A protocol that allows service-providing nodes (including file, printer, gateway, and application servers) to advertise their services and addresses.
session A connection or link between stations on the network.
session layer The fifth layer of the OSI reference model. This layer allows two applications on different computers to establish, use, and end a connection called a session. This layer performs name recognition and functions, such as security, needed to allow two applications to communicate over the network. The session layer provides synchronization between user tasks. This layer also implements dialog control between communicating processes, regulating which side transmits, when, for how long, and so on. See also Open Systems Interconnection (OSI) reference model.
session management The process that establishes, maintains, and terminates connections between stations on the network.
sharing The means by which files or folders are publicly posted on a network for access by anyone on the network.
shell A piece of software, usually a separate program, that provides direct communication between the user and the operating system. This usually takes the form of a command-line interface. Examples of shells are Macintosh Finder and the MS-DOS command interface program Command.com.
Simple Mail Transfer Protocol (SMTP) A TCP/IP protocol for transferring e-mail. See also application protocol; Transport Control Protocol/Internet Protocol (TCP/IP).
Simple Network Management Protocol (SNMP) A TCP/IP protocol for monitoring networks. SNMP uses a request and response process. In SNMP, short utility programs, called agents, monitor the network traffic and behavior in key network components to gather statistical data, which they put into a management information base (MIB). To collect the information into a usable form, a special management console program regularly polls the agents and downloads the information in their MIBs. If any of the data falls either above or below parameters set by the manager, the management console program can present signals on the monitor locating the trouble and notify designated support staff by automatically dialing a pager number.
simultaneous peripheral operation online (spool) A process that facilitates the process of moving a print job from the network into a printer.
site A combination of one or more IP subnets, typically connected by a high-speed link.
Small Computer System Interface (SCSI) Pronounced "skuzzy," a standard, high-speed parallel interface defined by ANSI. A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and LANs.
SMB See server message block (SMB).
SMP See symmetric multiprocessing (SMP).
SMTP See Simple Mail Transfer Protocol (SMTP).
SNMP See Simple Network Management Protocol (SNMP).
software Computer programs or sets of instructions that allow the hardware to work. Software can be grouped into four categories: system software, such as operating systems, which control the workings of the computer; application software, such as word-processing programs, spreadsheets, and databases, which perform the tasks for which people use computers; network software, which enables groups of computers to communicate; and language software, which provides programmers with the tools they need to write programs.
SONET See Synchronous Optical Network (SONET).
spanning tree algorithm (STA) An algorithm (mathematical procedure) implemented to eliminate redundant routes and to avoid situations in which multiple LANs are joined by more than one path by the IEEE 802.1 Network Management Committee. Under STA, bridges exchange certain control information in an attempt to find redundant routes. The bridges determine which would be the most efficient route and then use that one and disable the others. Any of the disabled routes can be reactivated if the primary route becomes unavailable.
SPX See Sequenced Packet Exchange (SPX).
SQL See structured query language (SQL).
STA See spanning tree algorithm (STA).
stand-alone computer A computer that isn't connected to any other computers and isn't part of a network.
stand-alone environment A work environment in which each user has a personal computer but works independently, unable to share files and other important information that would be readily available through server access in a networking environment.
stealth virus A variant of a file-infector virus. This virus is so named because it attempts to hide from detection. When an antivirus program attempts to find it, the stealth virus tries to intercept the probe and return false information indicating that it does not exist.
stripe set A form of fault tolerance that combines multiple areas of unformatted free space into one large logical drive, distributing data storage across all drives simultaneously. In Windows 2000, a stripe set requires at least two physical drives and can use up to 32 physical drives. Stripe sets can combine areas on different types of drives, such as Small Computer System Interface (SCSI), Enhanced Small Device Interface (ESDI), and Integrated Device Electronics (IDE) drives.
structured query language (SQL) A standard language for creating, updating, and querying relational database management systems.
Switched Multimegabit Data Services (SMDS) A high-speed, switched-packet service that can provide speeds of up to 34 Mbps.
switched virtual circuit (SVC) A logical connection between end computers that uses a specific route across the network. Network resources are dedicated to the circuit, and the route is maintained until the connection is terminated. These are also known as point-to-multipoint connections. See also virtual circuit.
symmetric multiprocessing (SMP) A system that uses any available processor on an as-needed basis. With this approach, the system load and application needs can be distributed evenly across all available processors.
synchronous A form of communication that relies on a timing scheme coordinated between two devices to separate groups of bits and transmit them in blocks called frames. Special characters are used to begin the synchronization and check its accuracy periodically. Because the bits are sent and received in a timed, controlled (synchronized) fashion, start and stop bits are not required. Transmission stops at the end of one transmission and starts again with a new one. It is a start/stop approach, and more efficient than asynchronous transmission. If an error occurs, the synchronous error detection and correction scheme implements a retransmission. However, because more sophisticated technology and equipment is required to transmit synchronously, it is more expensive than asynchronous transmission.
Synchronous Data Link Control (SDLC) The data link (data transmission) protocol most widely used in networks conforming to IBM's SNA. SDLC is a communications guideline that defines the format in which information is transmitted. As its name implies, SDLC applies to synchronous transmissions. SDLC is also a bit-oriented protocol and organizes information in structured units called frames.
Synchronous Optical Network (SONET) A fiber-optic technology that can transmit data at more than one gigabit per second. Networks based on this technology are capable of delivering voice, data, and video. SONET is a standard for optical transport formulated by the Exchange Carriers Standards Association (ECSA) for ANSI.
Systems Network Architecture (SNA) An IBM-proprietary high-level networking protocol standard for IBM and IBM-compatible mainframe systems. See also protocol.
T
TCO See total cost of ownership (TCO).
TCP See Transmission Control Protocol (TCP).
TCP/IP See Transport Control Protocol/Internet Protocol (TCP/IP).
TDI See transport driver interface (TDI).
TechNet See Microsoft Technical Information Network (TechNet).
Telnet The command and program used to log in from one Internet site to another. The Telnet command and program brings the user to the login prompt of another host.
terabyte See byte.
throughput A measure of the data transfer rate through a component, connection, or system. In networking, throughput is a good indicator of the system's total performance because it defines how well the components work together to transfer data from one computer to another. In this case, the throughput would indicate how many bytes or packets the network could process per second.
topology The arrangement or layout of computers, cables, and other components on a network. Topology is the standard term that most network professionals use when referring to the network's basic design.
total cost of ownership (TCO) The total amount of money and time associated with purchasing computer hardware and software, and deploying, configuring, and maintaining the hardware and software. It includes hardware and software updates, training, maintenance and administration, and technical support. One other major factor is lost productivity due to user errors, hardware problems, software upgrades, and retraining.
tracert A Traceroute command-line utility that shows every router interface through which a TCP/IP packet passes on its way to a destination.
trailer One of the three sections of a packet component. The exact content of the trailer varies depending on the protocol, but it usually includes an error-checking component, or cyclical redundancy check (CRC).
transceiver A device that connects a computer to the network. The term is derived from transmitter/receiver; thus, a transceiver is a device that receives and transmits signals. It switches the parallel data stream used on the computer's bus into a serial data stream used in the cables connecting the computers.
Transmission Control Protocol (TCP) The TCP/IP protocol for sequenced data. See also Transport Control Protocol/Internet Protocol (TCP/IP).
Transport Control Protocol/Internet Protocol (TCP/IP) An industry standard suite of protocols providing communications in a heterogeneous environment. In addition, TCP/IP provides a routable enterprise networking protocol and access to the Internet and its resources. It is a transport layer protocol that actually consists of several other protocols in a stack that operates at the session layer. Most networks support TCP/IP as a protocol.
transport driver interface (TDI) An interface that works between the file-system driver and the transport protocols, allowing any protocol written to TDI to communicate with the file-system drivers.
transport layer The fourth layer of the OSI reference model. It ensures that messages are delivered error free, in sequence, and without losses or duplications. This layer repackages messages for efficient transmission over the network. At the receiving end, the transport layer unpacks the messages, reassembles the original messages, and sends an acknowledgment of receipt. See also Open Systems Interconnection (OSI) reference model.
transport protocols Protocols that provide for communication sessions between computers and ensure that data is able to move reliably between computers.
tree A grouping of hierarchical arrangements of one or more Windows 2000 domains that share a contiguous namespace.
Trojan horse virus A type of virus that appears to be a legitimate program that might be found on any system. The Trojan horse virus can destroy files and cause physical damage to disks.
trust relationship A link between domains that enables pass-through authentication, in which a user has only one user account in one domain, yet can access the entire network. User accounts and global groups defined in a trusted domain can be given rights and resource permissions in a trusting domain even though those accounts don't exist in the trusting domain's database. A trusting domain honors the logon authentication of a trusted domain.
U
UART See universal asynchronous receiver transmitter (UART).
UDP See User Datagram Protocol (UDP).
Uniform Resource Locator (URL) An address for a resource on the Internet that provides the hypertext links between documents on the World Wide Web (WWW). Every resource on the Internet has its own location identifier, or URL, that specifies the server to access as well as the access method and the location. URLs can use various protocols including FTP and HTTP.
uninterruptible power supply (UPS) A device connected between a computer or another piece of electronic equipment and a power source, such as an electrical outlet. The UPS ensures that the electrical flow to the computer is not interrupted because of a blackout and, in most cases, protects the computer against potentially damaging events such as power surges and brownouts. Different UPS models offer different levels of protection. All UPS units are equipped with a battery and loss-of-power sensor. If the sensor detects a loss of power, it immediately switches over to the battery so that users have time to save their work and shut off the computer. Most higher-end models have features such as power filtering, sophisticated surge protection, and a serial port so that an operating system capable of communicating with a UPS (such as Windows 2000) can work with the UPS to facilitate automatic system shutdown.
universal asynchronous receiver transmitter (UART) A module, usually composed of a single integrated circuit, that contains both the receiving and transmitting circuits required for asynchronous serial communication. Two computers, each equipped with a UART, can communicate over a simple wire connection. The operation of the sending and receiving units are not synchronized by a common clock signal, so the data stream itself must contain information about when packets of information (usually bytes) begin and end. This information about the beginning and ending of a packet is provided by the start and stop bits in the data stream. A UART is the most common type of circuit used in personal-computer modems.
universal serial bus (USB) A serial bus with a data transfer rate of 12 megabits per second (Mbps) for connecting peripherals to a microcomputer. USB can connect up to 127 peripheral devices to the system through a single, general-purpose port. This is accomplished by daisy chaining peripherals together. USB is designed to support the ability to automatically add and configure new devices and the ability to add such devices without having to shut down and restart the system.
UPS See uninterruptible power supply (UPS).
URL See Uniform Resource Locator (URL).
USB See universal serial bus (USB).
user account An account that consists of all of the information that defines a user on a network. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the system and accessing its resources.
User Datagram Protocol (UDP) A connectionless protocol, responsible for end-to-end data transmission.
user groups Groups of users who meet online or in person to discuss installation, administration, and other network challenges for the purpose of sharing and drawing on each other's expertise in developing ideas and solutions.
V
virtual circuit A series of logical connections between a sending computer and a receiving computer. The connection is made after both computers exchange information and agree on communication parameters that establish and maintain the connection, including maximum message size and path. Virtual circuits incorporate communication parameters such as acknowledgments, flow control, and error control to ensure reliability. They can be either temporary, lasting only as long as the conversation, or permanent, lasting as long as the users keep the communication channel open.
virtual memory The space on one or more of a computer's hard disks used by Windows 2000 as if it were RAM. This space on the hard disks is known as a paging file. The benefit of virtual memory is being able to run more applications at one time than would be possible by using just the RAM (physical memory) on the computer.
virtual private network (VPN) A set of computers on a public network such as the Internet that communicate among themselves using encryption technology. In this way, their messages are safe from being intercepted and understood by unauthorized users. VPNs operate as if the computers were connected by private lines.
virus Computer programming, or code, that hides in computer programs or on the boot sector of storage devices such as hard-disk drives and floppy-disk drives. The primary purpose of a virus is to reproduce itself as often as possible; a secondary purpose is to disrupt the operation of the computer or the program.
volume set A collection of hard-disk partitions that are treated as a single partition, thus increasing the disk space available in a single drive letter. Volume sets are created by combining between 2 and 32 areas of unformatted free space on one or more physical drives. These spaces form one large logical volume set that is treated like a single partition.
VPN See virtual private network (VPN).
W
wide area network (WAN) A computer network that uses long-range telecommunication links to connect networked computers across long distances.
winipcfg A diagnostic command specific to Microsoft Windows 95 and 98. Although this graphical user interface utility (GUI) duplicates the functionality of ipconfig, its GUI makes it easier to use. See also ipconfig.
workgroup A collection of computers grouped for sharing resources such as data and peripherals over a LAN. Each workgroup is identified by a unique name. See also domain; peer-to-peer network.
World Wide Web (the Web, or WWW) The Internet multimedia service that contains a vast storehouse of hypertext documents written in HTML. See also Hypertext Markup Language (HTML).
WORM See Write-Once Read-Many (WORM).
Write-Once Read-Many (WORM) Any type of storage medium to which data can be written only once but can be read any number of times. Typically, this is an optical disc whose surface is permanently etched using a laser to record information.
Z
Zone A discrete portion of the domain name space. Zones provide a way to partition the domain name space into discrete manageable sections.
Subscribe to:
Posts (Atom)