4620-1 FM.f.qc
10/28/99
4:00 PM
Page i
®
Windows 2000 Server
Secrets
®
4620-1 FM.f.qc
10/28/99
4:00 PM
Page ii
4620-1 FM.f.qc
10/28/99
4:00 PM
Page iii
Windows 2000
Server Secrets
®
®
Harry M. Brelsford
IDG Books Worldwide, Inc.
An International Data Group Company
Foster City, CA ♦ Chicago, IL ♦ Indianapolis, IN ♦ New York, NY
4620-1 FM.f.qc
10/28/99
®
4:00 PM
Page iv
Windows 2000 Server Secrets
®
Published by
IDG Books Worldwide, Inc.
An International Data Group Company
919 E. Hillsdale Blvd., Suite 400
Foster City, CA 94404
www.idgbooks.com (IDG Books Worldwide Web
site)
Copyright © 2000 IDG Books Worldwide, Inc. All rights
reserved. No part of this book, including interior design,
cover design, and icons, may be reproduced or
transmitted in any form, by any means (electronic,
photocopying, recording, or otherwise) without the prior
written permission of the publisher.
Library of Congress Catalog Card Number: 99-068328
ISBN: 0-7645-4620-1
Printed in the United States of America
10 9 8 7 6 5 4 3 2 1
1B/SZ/RR/ZZ/FC
Distributed in the United States by IDG Books Worldwide,
Inc.
Distributed by CDG Books Canada Inc. for Canada; by
Transworld Publishers Limited in the United Kingdom; by
IDG Norge Books for Norway; by IDG Sweden Books for
Sweden; by IDG Books Australia Publishing Corporation
Pty. Ltd. for Australia and New Zealand; by TransQuest
Publishers Pte Ltd. for Singapore, Malaysia, Thailand,
Indonesia, and Hong Kong; by Gotop Information Inc. for
Taiwan; by ICG Muse, Inc. for Japan; by Intersoft for South
Africa; by Eyrolles for France; by International Thomson
Publishing for Germany, Austria and Switzerland; by
Distribuidora Cuspide for Argentina; by LR International
for Brazil; by Galileo Libros for Chile; by Ediciones ZETA
S.C.R. Ltda. for Peru; by WS Computer Publishing
Corporation, Inc., for the Philippines; by Contemporanea
de Ediciones for Venezuela; by Express Computer
Distributors for the Caribbean and West Indies; by
Micronesia Media Distributor, Inc. for Micronesia; by Chips
Computadoras S.A. de C.V. for Mexico; by Editorial Norma
de Panama S.A. for Panama; by American Bookshops for
Finland.
For general information on IDG Books Worldwide’s books
in the U.S., please call our Consumer Customer Service
department at 800-762-2974. For reseller information,
including discounts and premium sales, please call our
Reseller Customer Service department at 800-434-3422.
For information on where to purchase IDG Books
Worldwide’s books outside the U.S., please contact our
International Sales department at 317-596-5530 or fax
317-596-5692.
For consumer information on foreign language
translations, please contact our Customer Service
department at 800-434-3422, fax 317-596-5692, or e-mail
rights@idgbooks.com.
For information on licensing foreign or domestic rights,
please phone +1-650-655-3109.
For sales inquiries and special prices for bulk quantities,
please contact our Sales department at 650-655-3200 or
write to the address above.
For information on using IDG Books Worldwide’s books in
the classroom or for ordering examination copies, please
contact our Educational Sales department at 800-434-2086
or fax 317-596-5499.
For press review copies, author interviews, or other
publicity information, please contact our Public Relations
department at 650-655-3000 or fax 650-655-3299.
For authorization to photocopy items for corporate,
personal, or educational use, please contact Copyright
Clearance Center, 222 Rosewood Drive, Danvers, MA
01923, or fax 978-750-4470.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND AUTHOR HAVE USED THEIR BEST
EFFORTS IN PREPARING THIS BOOK. THE PUBLISHER AND AUTHOR MAKE NO REPRESENTATIONS OR
WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS BOOK AND
SPECIFICALLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. THERE ARE NO WARRANTIES WHICH EXTEND BEYOND THE DESCRIPTIONS CONTAINED IN THIS
PARAGRAPH. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES OR WRITTEN SALES
MATERIALS. THE ACCURACY AND COMPLETENESS OF THE INFORMATION PROVIDED HEREIN AND THE OPINIONS
STATED HEREIN ARE NOT GUARANTEED OR WARRANTED TO PRODUCE ANY PARTICULAR RESULTS, AND THE
ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY INDIVIDUAL. NEITHER THE
PUBLISHER NOR AUTHOR SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES,
INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.
Trademarks: All brand names and product names used in this book are trade names, service marks, trademarks, or
registered trademarks of their respective owners. IDG Books Worldwide is not associated with any product or vendor
mentioned in this book.
is a registered trademark or trademark under exclusive license
to IDG Books Worldwide, Inc. from International Data Group, Inc.
in the United States and/or other countries.
4620-1 FM.f.qc
10/28/99
4:00 PM
Page v
Welcome to the world of IDG Books Worldwide.
IDG Books Worldwide, Inc., is a subsidiary of International Data Group, the world’s largest publisher of
computer-related information and the leading global provider of information services on information technology.
IDG was founded more than 30 years ago by Patrick J. McGovern and now employs more than 9,000 people
worldwide. IDG publishes more than 290 computer publications in over 75 countries. More than 90 million
people read one or more IDG publications each month.
Launched in 1990, IDG Books Worldwide is today the #1 publisher of best-selling computer books in the
United States. We are proud to have received eight awards from the Computer Press Association in recognition
of editorial excellence and three from Computer Currents’ First Annual Readers’ Choice Awards. Our bestselling ...For Dummies® series has more than 50 million copies in print with translations in 31 languages. IDG
Books Worldwide, through a joint venture with IDG’s Hi-Tech Beijing, became the first U.S. publisher to
publish a computer book in the People’s Republic of China. In record time, IDG Books Worldwide has become
the first choice for millions of readers around the world who want to learn how to better manage their
businesses.
Our mission is simple: Every one of our books is designed to bring extra value and skill-building instructions
to the reader. Our books are written by experts who understand and care about our readers. The knowledge
base of our editorial staff comes from years of experience in publishing, education, and journalism —
experience we use to produce books to carry us into the new millennium. In short, we care about books, so
we attract the best people. We devote special attention to details such as audience, interior design, use of
icons, and illustrations. And because we use an efficient process of authoring, editing, and desktop publishing
our books electronically, we can spend more time ensuring superior content and less time on the technicalities
of making books.
You can count on our commitment to deliver high-quality books at competitive prices on topics you want
to read about. At IDG Books Worldwide, we continue in the IDG tradition of delivering quality for more than
30 years. You’ll find no better book on a subject than one from IDG Books Worldwide.
John Kilcullen
Chairman and CEO
IDG Books Worldwide, Inc.
Eighth Annual
Computer Press
Awards
1992
Ninth Annual
Computer Press
Awards
1993
Steven Berkowitz
President and Publisher
IDG Books Worldwide, Inc.
Tenth Annual
Computer Press
Awards
1994
Eleventh Annual
Computer Press
Awards
1995
IDG is the world’s leading IT media, research and exposition company. Founded in 1964, IDG had 1997 revenues of $2.05
billion and has more than 9,000 employees worldwide. IDG offers the widest range of media options that reach IT buyers
in 75 countries representing 95% of worldwide IT spending. IDG’s diverse product and services portfolio spans six key areas
including print publishing, online publishing, expositions and conferences, market research, education and training, and
global marketing services. More than 90 million people read one or more of IDG’s 290 magazines and newspapers, including
IDG’s leading global brands — Computerworld, PC World, Network World, Macworld and the Channel World family of
publications. IDG Books Worldwide is one of the fastest-growing computer book publishers in the world, with more than
700 titles in 36 languages. The “...For Dummies®” series alone has more than 50 million copies in print. IDG offers online
users the largest network of technology-specific Web sites around the world through IDG.net (http://www.idg.net), which
comprises more than 225 targeted Web sites in 55 countries worldwide. International Data Corporation (IDC) is the world’s
largest provider of information technology data, analysis and consulting, with research centers in over 41 countries and more
than 400 research analysts worldwide. IDG World Expo is a leading producer of more than 168 globally branded conferences
and expositions in 35 countries including E3 (Electronic Entertainment Expo), Macworld Expo, ComNet, Windows World
Expo, ICE (Internet Commerce Expo), Agenda, DEMO, and Spotlight. IDG’s training subsidiary, ExecuTrain, is the world’s
largest computer training company, with more than 230 locations worldwide and 785 training courses. IDG Marketing
Services helps industry-leading IT companies build international brand recognition by developing global integrated marketing
programs via IDG’s print, online and exposition products worldwide. Further information about the company can be found
at www.idg.com.
1/24/99
4620-1 FM.f.qc
10/28/99
4:00 PM
Page vi
Credits
Acquisitions Editor
Jim Sumser
Development Editors
Kurt Stephan
Jennifer Rowe
Brian MacDonald
Technical Editor
James R. Kiniry, Jr.
Copy Editors
Chandani Thapa
Victoria Anne Lee
Lauren Kennedy
Project Coordinator
Linda Marousek
Graphics and Production
Specialists
Mario Amador
Stephanie Hollier
Jude Levinson
Ramses Ramirez
Quality Control Specialist
Chris Weisbart
Book Designer
Drew Moore
Illustrators
Shelley Norris
Karl Brandt
Proofreading and Indexing
York Production Services
Cover Design
Deborah Reinerio
About the Author
Harry M. Brelsford, MCSE, MCT, CNE, CLSE, CNP, MBA, is a contributing
editor at Microsoft Certified Professional Magazine, for which he pens the
regular online column, “Windows 2000 Foundations.” He is a practicing
network consultant in the Seattle, Washington area, where he specializes in
Microsoft BackOffice projects. Harry is an instructor in the online MCSE
program at Seattle Pacific University, a Microsoft AATP. He has published
over 100 technology and business articles in numerous magazines, and is a
founding member of the BackOffice Professionals Association (BOPA) in
Redmond, Washington. A life-long learner, Harry earned his MBA from the
University of Denver in 1986. When time allows, Harry enjoys cross-country
skiing and sailing with his family in the Pacific Northwest. You can contact
him at harryb@nwlink.com or www.nwlink.com/~harryb.
4620-1 FM.f.qc
10/28/99
4:00 PM
Page vii
To Kristen, my wife and the mother of our Geoffrey Sailor and Harry Skier!
You were truly there, whether you knew it or not, typing each key, writing
each page, and reviewing each draft with me. You made contributions to this
book in a billion ways. And let’s not forget dear Mom, Diane Brelsford, who
ultimately made everything possible for me.
4620-1 FM.f.qc
10/28/99
4:00 PM
Page viii
4620-1 FM.f.qc
10/28/99
4:00 PM
Page ix
Foreword
Making the decision to install Windows 2000 Server is really just the first
step in yet another long, challenging journey you face as a network
administrator. That’s why you’ll want to take Harry Brelsford, who’s been
there, along with you.
If you’re a network professional responsible for deploying, supporting, and
maintaining this new and highly complex product, you know that running
MAKEBOOT.EXE to create those first setup disks is just the beginning. What
comes after that is a huge need for hands-on knowledge — far beyond what’s
available from Microsoft sources.
Harry Brelsford knows what it means to sit in front of a server and install a
Microsoft product, then support and maintain it for demanding customers
after the fact. His expertise as a consultant and his years of in-the-field
experience as a practicing network administrator are reflected in this book.
I’ve worked with Harry since shortly after the launch of Microsoft Certified
Professional Magazine in early 1995, so I know that he’s been out there in the
trenches right along with the rest of you. He’s both a contributing editor to
the magazine and an MCSE — further proof that he understands Microsoft
technology in general and Microsoft Windows in particular.
The title of the book says it all. The “secrets” about Windows 2000 Server
inserted throughout the book are truly that: little-known tips and tricks for
saving time and increasing productivity, tested by someone who’s worked
extensively with both Windows NT and Windows 2000 Server in the field.
If you need further proof of Harry’s real-world expertise, take a look at the
table of contents. Only someone who really understands Windows 2000
Server would know that you won’t get far without solid knowledge of
TCP/IP — hence Part II is devoted to the topic.
And only somebody who’s done plenty of installations, troubleshooting, and
support calls would include extensive information on third-party tools that
will be useful in many Windows 2000 Server installations. If you’re not using
some of these now, perhaps this information will be an eye-opener about
what’s out there, and can save you time and hassle. And you’ll also want to
take a look at Harry’s coverage of optimization and troubleshooting — much
of it information that I haven’t seen anywhere else.
If you’re not familiar with Windows 2000 Server yet but are eyeing it with
interest, this is the perfect book to show you the richness and complexity of
the product, from someone who enjoys working with it. You won’t find
marketing spiels or product apologies here. Instead, you’ll get useful,
professional information, all of it written in Harry’s inimitable style.
4620-1 FM.f.qc
x
10/28/99
4:00 PM
Page x
Foreword
■
■
It’s tough to stay on top of new product releases from Microsoft, but this
book is a timely one. In fact, as I read through the diverse topics covered,
I thought over and over, “What a great article idea for the magazine!” Harry’s
been brightening the pages of MCP Magazine for years with his knowledge,
insights, and wit. Spend some time with this book and let him give you a true
insider’s coaching on Windows 2000 Server.
Linda Briggs
Editor-in-Chief, Microsoft Certified Professional Magazine
September 1999
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xi
Preface
Welcome! Windows 2000 Server Secrets is a book based on Microsoft’s latest
release of its successful network operating system. It is a book unlike many
others on the shelf. It is a collection of secrets gathered in the trenches from
my 10+ years of experience as a computer professional. This book is about
having “been there, done that, and still doing it daily” with networking, and
specifically Windows 2000 Server. And with its quippy delivery, it is both a
reference book and a summer-vacation-at-the-beach kind of read.
Why use this book? Can’t you just read a user manual and trade journal story
about Windows 2000 Server? I can give you at least eight reasons to purchase
this book today:
■ Expectation management. Windows 2000 Server is in its infancy as far as
network operating systems go. And while my (and your) enthusiasm is
most likely very high for this product, we need to remain realistic about
what Windows 2000 Server can do today and what it’ll likely deliver on
tomorrow. As often as possible, I draw out areas in Windows 2000 Server
where you should proactively manage your expectations.
■ Windows 2000 Server transition and planning. The adage “proper
planning prevents poor performance” clearly applies to Windows 2000
Server today. By getting your Windows 2000 Server house in order up
front with help from this book, you’ll have more success when you
enhance, upgrade, and expand your network later on for whatever
reason. Transition and planning is a recurring theme that spans the
entire book.
■ Windows 2000 Server. It’s now time! Simply stated, it’s now time to start
using Windows 2000 Server. You’ve waited long enough, riding the
emotional rollercoaster waiting for Windows 2000 Server to arrive. It has
arrived, and this book is focused on deployment. No more talk about
what will be. The talk is about what is.
■ MCSE certification tips. This book is written by a practicing MCSE. Hey,
I’ve taken those demanding exams over the years (sometimes more than
once). May my well-placed MCSE insights enable you to pass your exams
sooner rather than later. And don’t forget the Windows 2000 Server MCSE
track is very different from past MCSE operating system tracks. In fact, if
you’re a Windows NT 4.0 MCSE, you will need to re-certify on Windows
2000 Server.
■ TCP/IP. This is a timeless topic that you can never get enough of.
Mastering TCP/IP is one of the fastest ways to achieve greatness in the
Windows 2000 Server community. I am especially proud of my discussion
on DNS in Chapter 6. DNS is an area I highly recommend you master
immediately, because it has assumed a core role in Windows 2000 Server.
TCP/IP is covered from cradle to grave in Part II, “TCP/IP.”
4620-1 FM.f.qc
xii
10/28/99
4:00 PM
Page xii
Preface
■
■
■ Performance analysis. Like TCP/IP, this topic doesn’t have an expiration
date. In fact, the more experienced you become with Windows 2000 Server,
the more important performance analysis becomes. Too often, you learn
performance analysis in a crisis, but hopefully you’ll read Part VI,
“Optimizing Windows 2000 Server” before that day arrives. Truth be told, I
initially wrote this section for my own benefit because I just could not find
great books on the market that adequately addressed performance analysis
issues, such as Performance Monitor logging and Network Monitor packet
analysis. I hope you will benefit from my efforts in this area.
■ Third-party solutions. Another motivating factor in writing this book was
my use of the Microsoft Official Curriculum (MOC) and other Microsoftcentric texts as a practicing MCT. The MOC is a great first step for getting
certified. But the MOC has not and will probably never highlight thirdparty solutions that we experienced network professionals like to use (and
often must use) to keep our networks humming and our stakeholders
singing. In that spirit, I serve up deft discussions on the use of third-party
applications, utilities, and tools such as NessSoft’s PingPlotter. Let’s face
it — too many books on the shelves are written myopically about Microsoft
networking solutions, such as Windows 2000 Server, in a vacuum. Most of
us, however, supplement Windows 2000 Server with a variety of third-party
applications, utilities, and tools. My book reflects this real-world paradigm.
■ Real-world attitude. Speaking of the real world, I’ve committed my waking
hours, both day and night, to write this book for you as one of you. By day,
I’m an MCSE consultant who is typing commands, rebooting servers, and
downloading drivers. At night, when I’m not training future MCSEs as an
instructor, I morph into a scratch writer, brining you the tools to navigate
your network in the new Windows 2000 Server world. I’m not just a
technology writer, and because of that, this book is unique when
compared against many others. And perhaps most important of all, I don’t
have a staff of writers doing the dirty work for me. The buck stops here.
Introducing Windows 2000 Server
Many of us likened the arrival of Windows 2000 Server to the pathetic main
characters in Samuel Beckett’s Waiting for Godot who wait and wait for Godot.
Fortunately, for you and I, Godot has arrived at long last. It was worth the
wait. On all counts, Microsoft has delivered with Windows 2000 Server a
network operating system that is mature beyond its days (maybe that’s why
it took so long to get it out the door!).
But don’t be lulled into thinking that Windows 2000 Server doesn’t have its
own high need for attention. While you’re not dealing with an infant here,
more often than not you’re dealing with a toddler. At times, you can let
Windows 2000 Server run wild without a great deal of concern. Other times it
must be disciplined. The Windows 2000 Server wisdom contained within
these covers will help you understand these differences.
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xiii
Preface
■
xiii
■
With the first release of Windows 2000 Server (see Figure P-1), you will find
yourself assuming the role of a parent. In other words, you’re the proud
parent of a new network operating system. Congratulations! And while this
book doesn’t recite Microsoft’s Windows 2000 Server’s user manual, consider
this book a “what to expect when you’re raising a network operating system”
supplement. Stick with me on this Windows 2000 Server “secrets” journey and
I can promise you’ll feel a wonderful sense of accomplishment. You will learn
how to use this product in the real world and feel empowered to implement
Windows 2000 Server in ways that weren’t even anticipated by the developers
at Microsoft.
Figure P-2: Microsoft Management Console
What Is Windows 2000 Server?
Microsoft has positioned Windows 2000 Server as a robust, reliable, and
secure network server operating system, with an emphasis on providing
directory services and running applications. It is a 29 million-line, 32-bit
operating system that participates in a “true” server scenario, that of the
Active Directory/domain security model. And don’t overlook its easy-to-use,
Windows 98-like graphical user interface (GUI). The Windows 2000 Server
interface is already appreciated by other NOS crowds such as seasoned
NetWare administrators!
4620-1 FM.f.qc
xiv
10/28/99
4:00 PM
Page xiv
Preface
■
■
Beneath the pretty face, Windows 2000 Server is a huge, powerful network
operating system. Needless to say, Windows 2000 Server is too big for any
one individual to completely master. At the enterprise level, it is common
to see Windows 2000 Server job classes divided so that one person is
responsible for managing only part of the Windows 2000 Server. And while
some would say you’re just a cog in the enterprise wheel, in reality, you’re on
the front line of Windows 2000 Server, seeing it deployed as the masters at
Microsoft intended.
As many of you know the basics of Windows 2000 Server, or at least I assume
you do, you won’t be acting as a feature creature in this or other chapters.
But I will attempt to help define the Windows 2000 Server paradigm in this
book. This includes:
■ Lightweight Directory Access Protocol (LDAP)-based Active Directory
(see Chapters 11 and 12)
■ Different types of Windows 2000 Server such as Professional (Chapter 14)
and Advanced Server and Datacenter (Chapter 15)
■ New domain structure based on the industry standard Domain Name
System (DNS) server (Chapter 6)
■ Robust security based on the Kerberos Internet standard (Chapter 13)
TCP/IP paradigm shift
Clearly, Windows 2000 Server extends the use of the TCP/IP protocol suite
“paradigm shift” that started with Windows NT Server 3.51. Microsoft has not
only embraced the TCP/IP de facto standard for network and internetworking
protocols but, I submit, with Windows 2000 Server, they’ve mastered it. The
paradigm shift I speak of relates to Microsoft using TCP/IP because of its
worldwide acceptance, its open standards (something lacking in IPX/SPX),
and its routable nature (something that’s missing in NetBEUI). And because
the Internet uses the TCP/IP protocol suite, Microsoft’s TCP/IP paradigm shift
was also Microsoft’s Internet paradigm shift — but more on that in a moment.
The default network protocol in Windows 2000 Server, TCP/IP is
automatically installed when you set up Windows 2000 Server (discussed in
Chapter 2). And while you may continue using other network protocols such
as NetBEUI and IPX/SPX, you have fewer and fewer reasons to do so.
With the TCP/IP protocol suite, Windows 2000 Server is a true enterpriselevel network server that conforms to the conventional thinking of the
Internet. In order for you to exploit the vast resources of the Internet on your
Windows 2000 Server network, it is critical that you use the TCP/IP protocol
suite. By reading the chapters in Part II, “TCP/IP,” you will have the
opportunity to master this protocol. The information in Part II may be the
most important part of this book. But whatever your motivations and
viewpoints, mastering TCP/IP is a smart move on your climb to Windows
2000 Server guru status.
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xv
Preface
■
xv
■
Internet paradigm shift
The release of Windows 2000 Server represents Microsoft’s continued shift in
its business mission from its traditional LAN and desktop view of computing
to Internet-based. Many of the improvements that Microsoft has introduced
in Windows 2000 Server, such as the Internet Connection Wizard, have
dramatically increased Internet functionality. This is also apparent with
Microsoft’s further integration between Internet Explorer (IE) and the
operating system. Eat your heart out, U.S. Justice Department!
Windows 2000 Server Zen
With the release of Windows 2000 Server, network professionals are starting a
long journey toward ultimately mastering Microsoft’s new generation of
network operating systems. But there are many smart reasons for
introducing Windows 2000 Server in your organization today.
■ Learning Curve Analysis. Windows 2000 Server has a new look and feel.
That said, you can now exhale a sigh or relief; the GUI changes between
Windows NT Server 3.5x and Windows NT Server 4.0 were more dramatic
than those you’ll discover in Windows 2000 Server. In some ways, you
already know Windows 2000 Server better than you might think. One
example of this is the Microsoft Management Console (MMC) shown in
Figure P-2. If you have ever installed the Windows NT Server 4.0 Option
Pack, you’ve most likely encountered the MMC. If not, don’t worry; it’s
easy to work with and is discussed several times in this book.
■ Applications compatibility testing. Early adopters will jump on the first
opportunity to test critical business applications for basic compatibility
with Windows 2000 Server. Don’t believe me? Look no further than my
good client Jack, who is the MIS manager at a chain of athletic clubs in
the Pacific Northwest. Jack is already testing the membership check-in
program for Windows 2000 Server compatibility.
■ Driver compatibility testing. Second only to application testing will be
the need to test software drivers for common and legacy hardware
devices. Do these devices run on Windows 2000 Server or not? Such an
answer is critical for the landscape architect at a Northwest landscaping
firm hoping to print blueprints from an old HP Plotter via Windows 2000
Server.
■ Planning purposes (Active Directory design). The upstream planning
process is reason enough to deploy Windows 2000 Server sooner rather
than later. One such Windows 2000 Server planning area is Active
Directory (covered in Chapters 11 and 12).
■ Cultural reengineering and acceptance. You may be interested to know
that a recent keynote address at a Windows 2000 conference (summer
1999) brought to my attention that Windows 2000 Server, in particular
Active Directory, will be 20 percent hard work and 80 percent politics at
4620-1 FM.f.qc
xvi
10/28/99
4:00 PM
Page xvi
Preface
■
■
the enterprise level. I suspect that you will encounter similar, noncomputer dynamics in your organization as well.
■ Get the show on the road. Enough already. We’ve waited years for
Windows 2000 Server. The time is now to start mastering it.
And there are several ways to introduce Windows 2000 Server in your
organization before it is truly ready to throw the switch. The following list
goes from silly to serious so as not to ignore the breadth of the Windows 2000
Server community.
■ Basement Weekend Warrior. Like the ham radio operator of the 1960s
and 1970s, the Windows 2000 Server basement weekend warrior is
learning Windows 2000 Server with the idea of introducing it into the
company when appropriate. These are the self-studying types. Bless
their hearts.
■ Skunk Works. To draw on a term floated in the 1980s, within
every company considering Windows 2000 Server, there are network
administrators and engineers operating just under the radar screen.
These individuals, heroes in the eyes of many, are sneaking Windows
2000 Server into the work place, one installation at a time.
■ MCSE Alibis. Repeat the refrain: “I’m getting certified.” Many early
Windows 2000 Server installations are being undertaken more for the
benefit of the certification candidate than the employers. Whatever works.
■ Coexistence. On a more serious note: Early adopters are successfully and
correctly asserting that Windows 2000 Server should be introduced into
the organization today to test for compatibilities.
■ Throw the dog in the water. What the hell: go for it. This is the straight
up approach. Or the “Just do it” Nike approach. Here, Windows 2000
Server is introduced today in the organization. No questions asked.
However, it is important to remember that, like beef and fine wine, an NOS
should be aged to perfection before use. Using an NOS before its time is
certainly not recommended and would be considered foolish among qualified
and experienced network professionals. One of my earliest experiences with
Windows NT Server 4.0 might be applied to today’s Windows 2000 Server
product. Eager to deploy Windows NT Server 4.0 after only its first service
pack (SP1) had been released, I successfully convinced a client not to deploy
Windows NT Server 3.51 with its Service Pack 5 (SP5). Needless to say, this
mistake was serious in a real production environment. Early releases of
Windows NT Server 4.0 were just that: early. Perhaps I was seduced more by
the attractive interface and less by the stability of its predecessor at the SP5
level. If I had to do it again, I would have taken a more conservative approach
in the early days of Windows NT Server 4.0 and deployed Windows NT Server
3.51 (SP5) first.
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xvii
Preface
xvii
■
■
The point is this. Start using Windows 2000 Server today, as it’s finally here
and ready to go. But for goodness’ sake, use it first in a test lab or test
network before deployment on production servers. By following a disciplined
game plan, you’ll avoid failures in deploying Windows 2000 Server in your
organization.
The MCSE
Many readers are pursuing the Microsoft Certified Professional designation
known as Microsoft Certified Systems Engineer (MCSE). As a practicing
MCSE, I know the journey you are on. In general, I have emphasized topics
such as TCP/IP and performance analysis that benefit MCSE candidates
seeking to pass the grueling certification exams. Where possible, I offer
secrets that are MCSE exam-specific. I’ve been there and done that. I hope I
can help you get there too!
The dramatic increase in the popularity of the MCSE designation occurred
before the appearance of Windows 2000 Server. A few of us even started and
obtained our MCSEs during the Windows NT Server 3.x era. Many friends
joined us during the Windows NT Server 4.0 era. And many more peers will
join us as MCSEs in the Windows 2000 Server lifecycle. It’s a good thing!
Designing, installing, implementing, and managing Windows 2000 Server is
enough work for everyone. And mastering such tasks is not only a key aspect
of the MCSE program, but also the underlying emphasis of this book.
This book is not necessarily written for the newly arrived NT professional. In
fact, it is assumed you have worked with Windows 2000 Server before and are
seeking to improve your Windows 2000 Server-specific skill set. Hence the
numerous notes, tips, and (of course) secrets.. Simply stated, this is not a
rewrite of the user manual or the resource kit. I believe you will welcome and
appreciate this approach.
Are You Ready for This Book?
To fully enjoy this book, you must, at a minimum, have a keen interest in
Windows 2000 Server. Add computer-related work experience, network
certifications, degrees, and training, and you’ll get even more benefit from
reading and using this book. In short, you will derive from this book what you
put into it. Those with less networking experience may be the ones to utter
“wow” and “cool” the loudest and longest. The gurus can always benefit from
revisiting many tried-and-true network management methods presented
herein. And I think the gurus will benefit greatly from my inclusion of several
real-world, third-party matters, such as non-Microsoft tools that extend the
reach of Windows 2000 Server.
4620-1 FM.f.qc
10/28/99
xviii
4:00 PM
Page xviii
Preface
■
■
How This Book Is Organized
I have organized the book into six parts, as follows:
■ Part I: Introduction, Planning, Setup, and Implementation. It is here
that I present, in a sincere and honorable way, the steps for installing
Windows 2000 Server. I say “sincere and honorable” because here, as
throughout the book, I go to great lengths to avoid recasting the user
manuals that ship with Windows 2000 Server. Rather, in addition to
providing the installation basics you must follow, I offer supplemental
secrets at every installation and implementation turn in the road.
■ Part II: TCP/IP. Enough said. This important topic is, of course, worthy
of its own book, but I strive to integrate core TCP/IP topics into the
discussion of Windows 2000 Server. I think you will especially enjoy the
DNS, troubleshooting, Internet, and VPN discussions. And no, I don’t
recount for you the history of the Internet, starting with the Department
of Defense (I’m sure you already have books that do that).
■ Part III: Windows 2000 Server Administration. This section could have
been titled “Real-World, Day-to-Day Windows 2000 Server.” I took my own
experiences, validated by a group of peers, and created a list of the 12
most likely Windows NT Server-related tasks you will perform each day.
The result? See Chapter 9, “The Daily Dozen.” Monthly and annual matters
are presented as a baker’s dozen list and are covered in Chapter 10, which
also offers compelling insights into a network vision.
■ Part IV: Active Directory and Security. Clearly this was too large a topic
for a single chapter, so I turned it into an entire section. The two critical
dimensions of Active Directory are covered: planning and
implementation.
■ Part V: All In the Family. Windows 2000 Server doesn’t stand alone as the
only Microsoft networking solution. There are several flavors of Windows
2000 Server, including Professional, Advanced, and Datacenter Server.
These flavors are sampled in this section. And amazingly, for many
smaller businesses, good old Small Business Server (yes, based on
Windows NT Server 4.0) remains the best solution in today’s Windows
2000 world (consider this your first secret in the book). Small Business
Server is covered from A to Z in Chapter 16.
■ Part VI: Optimizing Windows 2000 Server. Here, you will find the secrets
to improving the performance of your Windows 2000 Server network.
Topics include basic quantitative analysis (MBA-style), Performance
Monitor, and the advanced use of Network Monitor. You will also greatly
benefit from the secrets and insights into Windows 2000 Server
troubleshooting. Troubleshooting topics include troubleshooting handson approaches, methodologies, tools, and resources. If some of my tips
save you even just one hour of network downtime, might I suggest this
book has more than paid back the price you bought it for.
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xix
Preface
■
xix
■
In addition, third-party applications discussed in the book are available, in
trial version, on the companion CD-ROM — see Appendix D for more
information.
Conventions Used in This Book
I use five icons throughout this book. You should know their meaning before
proceeding:
The Secret icon underscores why we’re here. Secrets are the foundation of
this book; they are little-known timesavers, productivity gainers, and other
proprietary Swiss Army knife-type workarounds you might like to know as a
Windows 2000 Server professional.
Notes are more widely known tidbits of information, factoids, trivia, and
the like.
Tips fall somewhere between Secrets and Notes. While important, tips are
typically less tasty than Secrets. Got it?
Caution is used to warn of possible danger. It is a yellow light advising you to
slow down and think. Perhaps a red light is approaching faster than you
think.
A Cross-Reference is used to tie together common topics in themes that
occur in several places within the book. It’s your opportunity to learn more
about something in another chapter.
Tell Us What You Think
A book about Windows 2000 Server necessarily assumes some of the
“behaviors” of Windows 2000 Server, right? By that, I mean that you’ve
probably thought of ways in which Windows 2000 Server could be improved.
Likewise, as you read and refer to this book, you’ll undoubtedly think of ways
in which this book could be improved.
That said, both IDG Books Worldwide and I want to hear from you.
Please register your book online at the IDG Books Worldwide Web site (at
my2cents.idgbooks.com) and give us your feedback. If you are interested in
communicating with me directly, send e-mail to harryb@nwlink.com. Bear
with me; I’ll try to answer your e-mails within a few business days. Hey —
when you’re a practicing Windows 2000 Server professional, things
sometimes get a little crazy!
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xx
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxi
Acknowledgments
No author is an island, although many of us live on ‘em. Behind the title and
author’s name on the cover, there is a supporting cast that contributed to the
production of this book.
First and foremost are the contributing writers who assisted with bits and
pieces of this book. They are Steve Crandall, Kevin Kocis, and Dawn Casey.
And, of course, there is the wonderful Jim Kiniry, the technical editor for
this work.
Second is the support team at IDG Books Worldwide, who worked doubletime to get this book out on the market for your benefit. Thanks in particular
to Jim Sumser, Jennifer Rowe, Kurt Stephan, Chandani Thapa, Brian
MacDonald, Victoria Lee, and Lauren Kennedy. (Needless to say, there are
many other cast members at IDG Books whom I’ve overlooked — thanks
again!)
Third, kindly join me in acknowledging my portfolio of consulting clients who
have provided unlimited contributions to this book. Without them, I would be
“secretless in Seattle,” and this book would have suffered greatly as a result.
Fourth, please recognize those rare and special individuals we all have in our
lives. For me, that includes not only my extended family on both sides, but
also a whole host of mentors who have helped pave my road in life. To
Stumpy Faulkner, former President of Jack White Company in Anchorage,
Alaska, who gave me my first computer job. And thanks to countless others,
including one of the best bosses I ever had, Barry MacKechnie. And finally,
without the hardware support from Compaq in Redmond, Washington, my
attempts to create complex Windows 2000 Server network scenarios would
have been futile. Thanks guys!
Whew! Enjoy the book!!!
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxii
Contents at a Glance
Foreword .........................................................................ix
Preface............................................................................xi
Acknowledgments ...........................................................xxi
Part I: Introduction, Planning, Setup, and Implementation .....1
Chapter 1: Windows 2000 Server Planning ..............................................................................................3
Chapter 2: Installation and Implementation .........................................................................................19
Part II: TCP/IP ...............................................................57
Chapter 3: Implementing TCP/IP ............................................................................................................59
Chapter 4: Installing and Configuring TCP/IP .....................................................................................121
Chapter 5: Troubleshooting TCP/IP .....................................................................................................157
Chapter 6: DNS, DHCP, WINS .................................................................................................................199
Chapter 7: Subnetting via TCP/IP .........................................................................................................265
Chapter 8: Internet Secrets ....................................................................................................................281
Part III: Windows 2000 Server Administration .................317
Chapter 9: The Daily Dozen ...................................................................................................................319
Chapter 10: Monthly and Annual Windows 2000 Activities ..............................................................385
Part IV: Active Directory and Security .............................409
Chapter 11: Active Directory, Part I .....................................................................................................411
Chapter 12: Active Directory, Part II ....................................................................................................425
Chapter 13: Windows 2000 Server Security ........................................................................................443
Chapter 14: Windows 2000 Professional ..............................................................................................463
Chapter 15: Windows 2000 Advanced Server and Datacenter Server .............................................471
Chapter 16: Small Business Server 4.5 .................................................................................................503
Part V: All In the Family ................................................539
Chapter 17: Analyzing and Boosting Performance .............................................................................541
Chapter 18: Performance Monitor ........................................................................................................569
Chapter 19: Network Monitor Secrets ..................................................................................................611
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxiii
Contents at a Glance
xxiii
■
■
Part VI: Optimizing Windows 2000 Server ......................655
Chapter 20: Task Manager and Other Neat Tricks .............................................................................657
Chapter 21: Troubleshooting Secrets ..................................................................................................709
Appendix A: Performance Monitor Objects ........................................................................................751
Appendix B: Protocol Definitions .........................................................................................................791
Appendix C: Common Image Names in Task Manager .......................................................................815
Appendix D: About the CD-ROM ...........................................................................................................819
Index ...........................................................................823
End-User License Agreement ..........................................848
CD-ROM Installation Instructions .....................................852
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxiv
Contents
Foreword .........................................................................ix
Preface............................................................................xi
Acknowledgments ...........................................................xxi
Part I: Introduction, Planning, Setup, and Implementation .....1
Chapter 1: Windows 2000 Server Planning ..........................................3
Physical Site ................................................................................................................................................3
Media infrastructure .............................................................................................................................3
As-builts ..................................................................................................................................................4
Physical infrastructure .........................................................................................................................5
Server Hardware .........................................................................................................................................6
Processor ...............................................................................................................................................7
Memory ..................................................................................................................................................9
Network subsystem ............................................................................................................................10
Server internals ...................................................................................................................................10
Disk storage .........................................................................................................................................11
Name brands versus clones ...............................................................................................................12
Software .....................................................................................................................................................13
Service Providers .....................................................................................................................................14
People ...................................................................................................................................................14
Key contact list ....................................................................................................................................15
Loose Ends ................................................................................................................................................15
General .................................................................................................................................................15
Existing networks ................................................................................................................................16
Chapter 2: Installation and Implementation ..........................................19
Creating Windows 2000 Server Setup Disks ..........................................................................................20
Windows 2000 Server Setup Process .....................................................................................................21
Alternate Setup Methods .........................................................................................................................36
Network installation ...........................................................................................................................37
Automated installations .....................................................................................................................37
Disk duplication ..................................................................................................................................39
Remote installations ...........................................................................................................................40
Setup Workarounds and Troubleshooting ............................................................................................40
Fully Implementing Windows 2000 Server ............................................................................................41
Testing Windows 2000 Server .................................................................................................................43
Reasons for a test lab .........................................................................................................................43
Planning your test lab .........................................................................................................................44
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxv
Contents
xxv
■
■
Lab procedures ...................................................................................................................................46
Testing resources ................................................................................................................................48
Budget ...................................................................................................................................................51
Other considerations ..........................................................................................................................52
Testing Specifics .......................................................................................................................................52
Hardware testing .................................................................................................................................52
Software testing ...................................................................................................................................53
LAN and WAN considerations ............................................................................................................54
Testing results .....................................................................................................................................54
Part II: TCP/IP ...............................................................57
Chapter 3: Implementing TCP/IP ........................................................59
About TCP/IP .............................................................................................................................................60
The standard-bearer ...........................................................................................................................60
By committee: Requests for Comments ..........................................................................................61
It’s a suite, not just a protocol ...........................................................................................................64
Comparing TCP/IP to operating systems .........................................................................................67
A Look at the Protocols ...........................................................................................................................67
Transmission Control Protocol ........................................................................................................68
User Datagram Protocol ....................................................................................................................69
Internet Protocol ................................................................................................................................71
Address Resolution Protocol ............................................................................................................72
Internet Control Message Protocol ..................................................................................................74
Internet Group Management Protocol .............................................................................................75
Simple Network Management Protocol ...........................................................................................77
What Is the Microsoft TCP/IP Protocol Suite in Windows 2000 Server? ...........................................77
The TCP/IP Settings in Windows 2000 Server .......................................................................................80
A Day in the Life of a TCP/IP Packet .......................................................................................................83
IP ............................................................................................................................................................84
TCP ........................................................................................................................................................87
Internetworking with TCP/IP ...................................................................................................................90
Breeder networks ................................................................................................................................91
Heterogeneous networks ...................................................................................................................91
Windows Sockets ................................................................................................................................92
Third-party TCP/IP software support ...............................................................................................92
Simple routing .....................................................................................................................................94
Implementing TCP/IP ...............................................................................................................................95
Internet Addressing ..................................................................................................................................96
IP addresses .........................................................................................................................................96
Subnet masks .....................................................................................................................................101
Default gateways ...............................................................................................................................105
Understanding IP Routing .....................................................................................................................113
Routing Tables ........................................................................................................................................116
A Word about Research .........................................................................................................................119
Chapter 4: Installing and Configuring TCP/IP ......................................121
TCP/IP Installation Preparations ..........................................................................................................121
4620-1 FM.f.qc
10/28/99
xxvi
4:00 PM
Page xxvi
Contents
■
■
Installing TCP/IP on Windows 2000 Server .........................................................................................123
At setup ..............................................................................................................................................123
On an existing Windows 2000 server ..............................................................................................125
Supporting roving users with TCP/IP .............................................................................................145
Installing and Configuring Simple Network Management Protocol (SNMP) ...................................145
Planning for SNMP ............................................................................................................................147
Installing SNMP service ....................................................................................................................147
Configuring the SNMP agent ............................................................................................................149
Configuring SNMP communities and traps ....................................................................................151
Configuring SNMP security ..............................................................................................................153
TCP/IP-Related Services ........................................................................................................................155
Chapter 5: Troubleshooting TCP/IP ..................................................157
TCP/IP Troubleshooting Basics ............................................................................................................157
First Step: Ask the Basic Questions ......................................................................................................159
Second Step: Define the Tools ..............................................................................................................159
Third Step: Use the Tools ......................................................................................................................161
IPConfig ..............................................................................................................................................162
Ping .....................................................................................................................................................164
ARP ......................................................................................................................................................168
Nbtstat ................................................................................................................................................172
Route ...................................................................................................................................................173
netstat .................................................................................................................................................174
Tracert ................................................................................................................................................177
hostname ............................................................................................................................................177
FTP ......................................................................................................................................................178
TFTP ....................................................................................................................................................180
Telnet ..................................................................................................................................................181
RCP ......................................................................................................................................................184
RSH ......................................................................................................................................................184
Rexec ..................................................................................................................................................184
Finger ..................................................................................................................................................185
Microsoft Internet Explorer .............................................................................................................185
Other TCP/IP Troubleshooting Angles ................................................................................................185
Troubleshooting TCP/IP database files ..........................................................................................185
Reinstalling TCP/IP ...........................................................................................................................193
TCP/IP Q & A ...........................................................................................................................................194
Additional TCP/IP Troubleshooting Resources ..................................................................................196
Chapter 6: DNS, DHCP, WINS ..........................................................199
Be Resolved .............................................................................................................................................199
NetBIOS name resolution .................................................................................................................200
Host name resolution .......................................................................................................................201
DNS ...........................................................................................................................................................203
How DNS really works ......................................................................................................................207
DNS benefits .......................................................................................................................................208
DNS details and definitions ..............................................................................................................208
Name resolution — how it works ....................................................................................................223
Zone transfer .....................................................................................................................................224
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxvii
Contents
xxvii
■
■
Configuring DNS ................................................................................................................................224
DNS standards and revisions ...........................................................................................................235
DHCP ........................................................................................................................................................236
Benefits and overview of DHCP .......................................................................................................236
Improvements to DHCP in Windows 2000 Server .........................................................................238
How does DHCP really work? ..........................................................................................................239
Installing the DHCP server service .................................................................................................246
Creating DHCP scopes ......................................................................................................................247
Configuring DHCP options ...............................................................................................................251
DHCP and DNS ...................................................................................................................................259
Troubleshooting DHCP servers .......................................................................................................259
WINS .........................................................................................................................................................260
Improvements to WINS in Windows 2000 Server ..........................................................................261
How WINS works ...............................................................................................................................262
Final WINS musings ...........................................................................................................................262
Dynamic DNS ...........................................................................................................................................263
Chapter 7: Subnetting via TCP/IP ....................................................265
What Subnetting Is .................................................................................................................................265
Easier administration .......................................................................................................................266
Less confining ....................................................................................................................................266
IP address conservation ...................................................................................................................266
Improved security .............................................................................................................................266
Another name for switching? ..........................................................................................................267
Bottom line? .......................................................................................................................................268
What Subnetting Isn’t .............................................................................................................................268
Code Breaking 101 ..................................................................................................................................269
Chapter 8: Internet Secrets ............................................................281
Configuring Remote Access Service ....................................................................................................281
Dial-Up Connection .................................................................................................................................288
Configuring a network and dial-up connection .............................................................................289
Dialing the Internet ...........................................................................................................................293
Dial-up connection status ................................................................................................................294
Dial-up networking with ISDN modems ..........................................................................................296
Digital and Wide Area Network Internet Connections .......................................................................297
Scenario 1: ISDN router ....................................................................................................................297
Scenario 2: ISDN and WAN combination ........................................................................................298
Scenario 3: Direct Frame Relay connection ...................................................................................298
Scenario 4: WAN connection ............................................................................................................300
Scenario 5: WAN over the Internet (VPN) ......................................................................................300
Scenario 6: DSL connections ...........................................................................................................301
Scenario 7: Cable modems ...............................................................................................................303
Virtual Private Networks .......................................................................................................................306
Defining Virtual Private Networking ...............................................................................................306
Defining PPTP ....................................................................................................................................306
Internet Explorer Secrets .......................................................................................................................313
4620-1 FM.f.qc
10/28/99
xxviii
4:00 PM
Page xxviii
Contents
■
■
Part III: Windows 2000 Server Administration .................317
Chapter 9: The Daily Dozen ............................................................319
Step 1: Virus Detection ..........................................................................................................................321
Third-party virus protection applications .....................................................................................321
Closing virus entry points ................................................................................................................325
Three levels of virus protection ......................................................................................................325
Ad-hoc DAT file updates ...................................................................................................................329
Step 2: Tape Backup/Restore ................................................................................................................329
Defining data ......................................................................................................................................329
Backup media ....................................................................................................................................330
Backup applications .........................................................................................................................330
Step 3: System Health .............................................................................................................................333
Third-party issues .............................................................................................................................337
Step 4: Adding Users, Groups, and Computers ...................................................................................337
Adding users ......................................................................................................................................338
Adding groups ...................................................................................................................................342
Adding computers ............................................................................................................................343
Group policy ......................................................................................................................................344
Step 5: Security .......................................................................................................................................350
Sharing ................................................................................................................................................350
NTFS security .....................................................................................................................................351
Web sharing .......................................................................................................................................352
Relationship between NTFS and sharing security ........................................................................353
Step 6: Mapping Drives ..........................................................................................................................355
Point and shoot method ...................................................................................................................355
GUI method ........................................................................................................................................357
Geek method ......................................................................................................................................357
Uniform Naming Convention ...........................................................................................................358
Mapping sans drive letters ..............................................................................................................359
Drive mapping scripts ......................................................................................................................360
Step 7: Logon and Logoff Status ...........................................................................................................360
Windows Script Host ........................................................................................................................360
Step 8: Verifying Connectivity ...............................................................................................................361
Once a day .........................................................................................................................................362
Ongoing ..............................................................................................................................................363
Web .....................................................................................................................................................365
Step 9: Add/Remove Software and Hardware .....................................................................................367
Software ..............................................................................................................................................367
Group policies ...................................................................................................................................367
Add/Remove Programs ....................................................................................................................369
InstallShield .......................................................................................................................................370
Setup.exe ............................................................................................................................................370
Hardware ............................................................................................................................................370
Step 10: End User Support .....................................................................................................................372
Physical ..............................................................................................................................................372
Layer seven: applications ................................................................................................................372
Geopolitical ........................................................................................................................................373
Planning ahead ..................................................................................................................................374
Step 11: The Windows 2000 Server/MCSE Toolkit ..............................................................................376
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxix
Contents
xxix
■
■
Real hardware tools ..........................................................................................................................377
A CD-ROM library ..............................................................................................................................377
More MCSE toolkit items ..................................................................................................................379
Step 12: Updating Network Notebook ..................................................................................................381
Chapter 10: Monthly and Annual Windows 2000 Activities ..................385
Auditing Your Network ..........................................................................................................................386
Reviewing Security .................................................................................................................................387
Baselining and Monitoring Performance .............................................................................................388
The Monthly Reboot ..............................................................................................................................389
Managing Disk Space on Servers ..........................................................................................................391
Disk quotas ........................................................................................................................................392
Automatic management ...................................................................................................................392
A real-world war story ......................................................................................................................392
Dynamic disks ...................................................................................................................................393
Distributed file systems (Dfs) ..........................................................................................................394
Recovering from Disaster ......................................................................................................................394
Native clustering ...............................................................................................................................395
Third-party solutions ........................................................................................................................395
Identical spare servers .....................................................................................................................395
Reciprocity agreements/hot sites ...................................................................................................396
Why bother? ......................................................................................................................................397
Annual drill ........................................................................................................................................397
Implementing Service Packs and Hotfixes ..........................................................................................397
Hotfixes ...............................................................................................................................................399
Be conservative .................................................................................................................................399
Upgrading and Removing Applications ...............................................................................................399
Creating Backup Archives .....................................................................................................................399
Budgeting for Your Network ..................................................................................................................400
Zero-based budgeting .......................................................................................................................400
Linear percent growth ......................................................................................................................400
Percent of revenue ............................................................................................................................401
Windows 2000 Server on $5 a day ...................................................................................................402
Creating a Technology Committee .......................................................................................................403
Evaluating Systems on the Horizon .....................................................................................................405
Two real-world examples .................................................................................................................405
Looking inward ..................................................................................................................................406
Remembering the Annual Planning Retreat ........................................................................................407
Part IV: Active Directory and Security .............................409
Chapter 11: Active Directory, Part I ..................................................411
What is Active Directory? ......................................................................................................................412
S – M – L – XL .....................................................................................................................................413
Capabilities ........................................................................................................................................413
Limitations .........................................................................................................................................413
Logical Structure ....................................................................................................................................414
Objects ...............................................................................................................................................414
4620-1 FM.f.qc
10/28/99
xxx
4:00 PM
Page xxx
Contents
■
■
Domains ..............................................................................................................................................415
Organizational units (OU) ................................................................................................................416
Trees ...................................................................................................................................................417
Forests ................................................................................................................................................418
Physical Structure ..................................................................................................................................418
Sites .....................................................................................................................................................419
Domain controllers ...........................................................................................................................419
Global catalog servers ......................................................................................................................420
Active Directory and DNS ......................................................................................................................420
4 P’s of Active Directory Planning ........................................................................................................420
Political ..............................................................................................................................................420
Physical ..............................................................................................................................................421
Perspective ........................................................................................................................................421
Practical .............................................................................................................................................422
Chapter 12: Active Directory, Part II ................................................425
Optimizing Organizational Units ..........................................................................................................425
An OU inside an OU ..........................................................................................................................427
OU permissions .................................................................................................................................428
Delegating control .............................................................................................................................430
Advanced features ............................................................................................................................433
Creating Users, Groups, and Computers .............................................................................................434
Moving Objects .......................................................................................................................................436
Active Directory Sites and Services .....................................................................................................438
Active Directory Domains and Trusts .................................................................................................440
Chapter 13: Windows 2000 Server Security
....................................443
IPsec .........................................................................................................................................................445
Kerberos V5 .............................................................................................................................................453
What is Kerberos? .............................................................................................................................453
Reasons for the move .......................................................................................................................455
How is it implemented in Windows 2000 Server? .........................................................................456
Kerberos extensions in Windows 2000 Server ..............................................................................457
Smart Card Support ................................................................................................................................458
EFS Encryption ........................................................................................................................................460
Chapter 14: Windows 2000 Professional ..........................................463
Where the Work Gets Done ...................................................................................................................463
Improved ease of use ........................................................................................................................464
Improved management .....................................................................................................................466
Troubleshooting ................................................................................................................................467
File management improvements .....................................................................................................468
Hardware Support ..................................................................................................................................468
Security ....................................................................................................................................................469
Chapter 15: Windows 2000 Advanced Server and Datacenter Server ..471
Deconstructing Windows 2000 Advanced Server ..............................................................................472
Planning Your Upgrade ..........................................................................................................................474
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxxi
Contents
xxxi
■
■
Upgrading ................................................................................................................................................477
Upgrade paths ...................................................................................................................................478
Upgrade preparation ........................................................................................................................478
First looks ...........................................................................................................................................479
Dual-Booting ............................................................................................................................................482
Dual booting between Windows NT 4.0 and Windows 2000 Advanced Server .........................483
Dual booting between multiple Windows 2000 partitions ...........................................................484
Dual booting and file system compatibility ...................................................................................484
Choosing the File System ......................................................................................................................485
NTFS ....................................................................................................................................................486
FAT and FAT32 ....................................................................................................................................486
Disk partition planning for new installations ................................................................................487
Advanced Server Components .............................................................................................................488
Symmetric Multiprocessing (SMP) .......................................................................................................491
Analyzing performance on SMP systems .......................................................................................491
SMP impact on system resources ...................................................................................................492
Maximizing performance .................................................................................................................493
Clustering and Fault Tolerance .............................................................................................................494
Caution! Rolling upgrades ................................................................................................................495
Easier Clustering Service setup and configuration ......................................................................496
Network Load Balancing ........................................................................................................................499
Other Enterprise Improvements ...........................................................................................................500
Memory management improvements ............................................................................................501
High performance sorting ................................................................................................................501
Datacenter Server ...................................................................................................................................501
Chapter 16: Small Business Server 4.5 ............................................503
Defining Small Business Server ............................................................................................................504
Small Business Server 4.5 ................................................................................................................506
Windows NT Server 4.0 ....................................................................................................................507
Microsoft Exchange Server 5.5 ........................................................................................................510
SQL Server 7.0 ...................................................................................................................................512
Microsoft Proxy Server 2.0 ...............................................................................................................514
Microsoft Internet Information Server ...........................................................................................516
Microsoft Fax Service 4.5 .................................................................................................................516
Microsoft Modem Sharing Server 1.0 .............................................................................................517
Microsoft Index Server 2.0 ...............................................................................................................518
SBS Console .......................................................................................................................................520
Client-side components ....................................................................................................................525
The Small Business Model .....................................................................................................................527
Small Business Server philosophy ..................................................................................................527
Who are SBS customers? ..................................................................................................................529
Looks can be deceiving ....................................................................................................................529
SBS architecture ................................................................................................................................529
SBS Server-side Setup ............................................................................................................................530
SBS Workstation-side Setup ..................................................................................................................532
SBS Troubleshooting ..............................................................................................................................533
Do your software vendors support SBS? .......................................................................................533
Modem sharing ..................................................................................................................................534
Harmless event logs errors ..............................................................................................................535
4620-1 FM.f.qc
10/28/99
xxxii
4:00 PM
Page xxxii
Contents
■
■
Revisiting SBS security .....................................................................................................................536
Virus detection ..................................................................................................................................536
The Future of SBS ...................................................................................................................................536
Part V: All In the Family ................................................539
Chapter 17: Analyzing and Boosting Performance ..............................541
Performance Analysis ............................................................................................................................542
Built-in performance analysis tools ................................................................................................543
More quantitative tools ....................................................................................................................546
Qualitative tools too! ........................................................................................................................552
Data = information ............................................................................................................................553
Are You Being “Outperformed?” ...........................................................................................................554
System Performance Monitor ..........................................................................................................554
Network Monitor ...............................................................................................................................554
Task Manager .....................................................................................................................................555
Conceptual Steps in Performance Analysis ........................................................................................555
Troubleshooting via Performance Analysis ........................................................................................556
The Four Big Areas to Monitor .............................................................................................................557
Memory ..............................................................................................................................................557
Processor ...........................................................................................................................................557
Disk subsystem .................................................................................................................................558
Network subsystem ..........................................................................................................................559
Why Performance Declines ...................................................................................................................563
Lying with Performance Analysis .........................................................................................................564
Performance Benchmarks .....................................................................................................................565
Chapter 18: Performance Monitor ....................................................569
The Power of Performance Monitor .....................................................................................................570
Comparing Performance Monitor to NetWare MONITOR.NLM ...................................................571
Performance Monitor basics ...........................................................................................................572
Six quick steps to using Performance Monitor .............................................................................574
The Five Faces of Performance Monitor ..............................................................................................577
Chart ...................................................................................................................................................577
Histogram ...........................................................................................................................................578
Alert ....................................................................................................................................................579
Logs .....................................................................................................................................................581
Report .................................................................................................................................................583
Data Collection and Interpretation .......................................................................................................584
Collecting data ...................................................................................................................................584
Interpreting your data ......................................................................................................................589
Performing In-Depth Analysis ...............................................................................................................593
Memory bottlenecks .........................................................................................................................594
Processor bottlenecks ......................................................................................................................597
Disk bottlenecks ................................................................................................................................599
Network bottlenecks .........................................................................................................................601
Analyzing protocols ..........................................................................................................................602
Analysis in Different Computing Environments ..................................................................................603
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxxiii
Contents
xxxiii
■
■
File and print server environment analysis ...................................................................................604
Application server environment system performance ................................................................605
Making Better Use of Performance Monitor .......................................................................................606
Running multiple Performance Monitors .......................................................................................606
Removing clutter ...............................................................................................................................608
Chapter 19: Network Monitor Secrets ..............................................611
Defining Network Monitoring ................................................................................................................611
Network Monitor basics ...................................................................................................................612
Capture window components .........................................................................................................613
Capturing frames ...............................................................................................................................615
Required hardware ...........................................................................................................................615
Analysis ..............................................................................................................................................617
Ongoing Network Monitoring ...............................................................................................................618
Using the capture trigger .................................................................................................................619
Larger capture sessions ...................................................................................................................620
Frame size setting .............................................................................................................................621
Capture filters ....................................................................................................................................622
Display filter .......................................................................................................................................625
Differences between capture filter and display filter ...................................................................629
Watching you watch me ...................................................................................................................632
The name game .................................................................................................................................632
It’s All in the Patterns .............................................................................................................................638
Artificial Intelligence Arrives in Network Monitor .............................................................................640
I Want to Learn More! .............................................................................................................................642
Support incidents ..............................................................................................................................642
Microsoft Certified Solution
Provider Program ...........................................................................................................................642
Official Microsoft Certification Training ........................................................................................643
Display Filter dialog box — protocol definitions ...........................................................................644
Microsoft TechNet CD-ROM .............................................................................................................644
Internet-based research ...................................................................................................................647
Hardware devices ..............................................................................................................................649
Books ..................................................................................................................................................650
Online help .........................................................................................................................................650
Comparing Network Monitors: SMS versus Windows 2000 Server ..................................................651
Part VI: Optimizing Windows 2000 Server ......................655
Chapter 20: Task Manager and Other Neat Tricks ..............................657
Introducing Task Manager .....................................................................................................................658
Configuring Task Manager — Applications view ...........................................................................660
Configuring Task Manager — Performance view ...........................................................................661
Configuring Task Manager — Processes view ................................................................................665
Multiple processors ..........................................................................................................................680
System Information Is a Winner! ...........................................................................................................683
System Summary ...............................................................................................................................684
Hardware Resources .........................................................................................................................684
4620-1 FM.f.qc
10/28/99
xxxiv
4:00 PM
Page xxxiv
Contents
■
■
Components .......................................................................................................................................685
Software Environment ......................................................................................................................687
System Information portal ...............................................................................................................690
Reporting meaningful system information ....................................................................................691
System Properties .............................................................................................................................695
SQL Trace ................................................................................................................................................696
SQL Server ODBCPING and Exchange RPING .....................................................................................697
Event Logs ...............................................................................................................................................698
Microsoft Office — Microsoft System Information .............................................................................699
Last but Not Least — Dr. Watson ..........................................................................................................706
Chapter 21: Troubleshooting Secrets ................................................709
Troubleshooting Steps ...........................................................................................................................710
Defining Troubleshooting ......................................................................................................................712
A methodology ..................................................................................................................................713
The one-hour rule .............................................................................................................................717
Area code changes ............................................................................................................................718
Year 2000 issues ................................................................................................................................718
Workstation side, not server side ...................................................................................................718
The value of downtime .....................................................................................................................719
The Troubleshooting Quilt ....................................................................................................................720
A troubleshooting map .....................................................................................................................721
Learning curve analysis ...................................................................................................................721
Avoiding box canyons ......................................................................................................................722
So much troubleshooting, so little time .........................................................................................723
Hardware versus Software — What a Paradox! ...................................................................................724
Let’s Get Technical! ................................................................................................................................725
Bye-bye BOOT.INI switches ..............................................................................................................726
Recovery Console .............................................................................................................................728
System start values ...........................................................................................................................730
How to Get Out of Trouble ....................................................................................................................731
Troubleshooters ................................................................................................................................732
Expanding your way out of trouble — The case of the missing system files .............................734
911 — Keep a current emergency repair disk ................................................................................736
Double 911 — the emergency repair process ................................................................................738
Examining STOP Screens .......................................................................................................................741
So what to do with STOP screens? .................................................................................................744
Troubleshooting via the Registry .........................................................................................................745
Troubleshooting Resources ..................................................................................................................745
The Internet: The Web and newsgroups ........................................................................................745
Books to help you .............................................................................................................................746
Microsoft TechNet .............................................................................................................................746
Training and education ....................................................................................................................747
Professional resources .....................................................................................................................748
From the Backroom to the Boardroom ................................................................................................749
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxxv
Contents
xxxv
■
■
Appendix A: Performance Monitor Objects ......................751
Appendix B: Protocol Definitions ....................................791
Appendix C: Common Image Names in Task Manager ........815
Appendix D: About the CD-ROM......................................819
Index ...........................................................................823
End-User License Agreement ..........................................848
CD-ROM Installation Instructions .....................................852
4620-1 FM.f.qc
10/28/99
4:00 PM
Page xxxvi