Windows
NT 4.0 Server in the Enterprise
-
Windows
NT Setup
-
WINNT32.EXE is used to upgrade only from a previous version
of Windows NT.
WINNT.EXE
is used for the regular Windows NT setup, or an installation through
DOS or Windows 95.
Upgrading
from Windows 3.1x or a previous version of NT will keep all user,
network and program settings.
There
are no conversion options from Windows 95 to Windows NT that will
allow you to maintain user settings. To dual boot between the two,
install NT in a separate directory and reinstall all your applications.
Command
modifiers for installation:
/B |
Put boot files on hard drive instead of using boot floppies
(takes an extra 4-5MB of hard disk space). |
/S |
Specify source file location(s) - multiple locations will
speed up installation. |
/U |
Specify answer file location for use with unattended installation
- MUST be used with /s to specify source file location(s). |
/T |
Specifies location of temp directory created for install
(/t:<path>). |
/OX |
Create the setup disks from CD-ROM or shared network folder.
Used to replace damaged boot disks. |
/F |
Don't verify files. Can speed up installation. |
/C |
Don't check for free space when creating boot disks. |
/I |
Specify setup information (.inf) file. This file tells setup
how to run. The default name is DOSNET.INF. |
Setup
disks can be created by running WINNT.EXE /OX or running WINNT.EXE
from the cdrom.
-
Answer
file - Used when performing unattended installs. Provides
information that would normally be answered by the user during
setup. Default name is UNATTEND.TXT.
-
UDF
(Uniqueness Database File) - Used in conjunction with the answer
file when performing unattended installs. Provides information
for settings that are user or group specific. Default name
is $UNIQUE$.UDF.
To
uninstall NT on a FAT partition, you will need to boot to DOS, run
SYS.COM, and remove the WINNT directory and files.
In
the server properties menu, there are options to optimize server
memory for certain situations.
Minimize Memory Used |
Allows memory to be allocated for up to 10 network connections. |
Balance |
Provides memory for up to approximately 64 connections. |
Maximize Throughput for File Sharing |
Optimizes server memory for file sharing operations (default). |
Maximize Throughput for Network Applications |
Optimizes server memory for server-based network applications.
Key word is SQL. |
-
Virtual
memory
-
Virtual memory can be controlled in the Control Panel -> System
properties under the Performance tab.
The
paging file size can be in/decreased here, and even distributed
across multiple drives to speed up access.
The
most efficient paging file is distributed on several drives but
not on the boot or system drive.
The
recommended initial paging file size equals the amount of RAM in
the system plus 12MB.
Paging
file size can increase during operation, but will not shrink. Page
file size will be reset when the computer is restarted.
-
Multiple
Disk Sets
Disk Striping
(without parity) |
Divides data into 64k blocks and spreads it equally among
all disks in the array. Needs a minimum of two hard disks. Does
not provide fault tolerance. |
Disk Mirroring |
Duplicates a partition on another physical disk. Provides
fault tolerance by keeping data stored on two different disks,
in case of drive failure. |
Disk Duplexing |
Duplicates a partition on another physical disk which is connected
to another Hard Drive Controller. Provides fault tolerance by
keeping data stored on two different disks, in case of drive
failure, and by having two hard drive controllers, in case of
drive controller failure. |
Disk Striping with parity |
Distributes data and parity information across all disks in
the array. The data and parity information are arranged so they
are always on separate disks. A parity stripe block exists for
each row across the disk. The parity stripe is used for disk
reconstruction in case of a failed disk. Supports a minimum
of three disks and a maximum of thirty-two disks. |
Volume Set |
Merges numerous partitions into one drive mapping. Drives
are read one at a time. Does not provide fault tolerance. |
-
-
System
and boot partitions cannot be part of a stripe or volume set, but
can be a part of disk mirroring and duplexing partitions.
-
Speed
factors
- Disk
striping will provide the fastest read/write performance as
it can read multiple disks at a time.
- Disk
striping with parity is slower, as it has to write the parity
information, but is still faster than disk mirroring and volume
set.
- Disk
mirroring is slow due to the redundancy factor of writing the
same information to two drives at once.
- Volume
set can only read/write one drive at a time.
To
recover from drive failure with disk mirroring, you must install
the new drive, boot the system into NT, run Disk Administrator,
break the mirror from the Fault Tolerance menu, and then reestablish
the mirror. This will not be done automatically.
To
recover from drive failure with disk striping with parity, you must
install the new drive, boot the system into NT, run Disk Administrator,
and choose the Regenerate option.
To
recover from multiple drive failure with disk striping with parity,
you must install the new drives, boot the system into NT, and restore
the system backup from tape.
-
File
systems
-
NTFS has file level security, and is faster over 400M, but has a
larger overhead (cannot format a floppy disk with NTFS) and cannot
be read by DOS, WIN 3.1, WIN 3.1.1 or WIN95.
FAT16
is compatible with MS-DOS & WIN95. (Note: Win95 FAT32 is not
NT compatible), but has no file-level security.
For
upgrading NT3.51 HPFS you must convert that partition(s) to NTFS
before upgrading the OS.
NTFS
vs. FAT
-
FAT
-
Files and directories on a FAT partition only contain the standard
attributes of Volume, Read-Only, System and Hidden.
-
Cannot set local security access on a FAT volume.
-
Can convert the partition to NTFS by running CONVERT.EXE
-
A FAT partition can be defragmented by booting with a DOS diskette
and running DEFRAG.EXE
-
File moved from a FAT partition to an NTFS partition retain their
attributes and long-filename.
NTFS
-
NTFS partitions contain the standard attributes, as well as security
descriptors basing file access from file-level security.
-
Can set local security access on an NTFS volume.
-
Partition cannot be converted to FAT. The partition must be deleted
and recreated as a FAT partition.
-
NTFS partitions cannot be defragmented. To defragment an NTFS
partition, it must be formatted and restored from backup.
-
Files moved from an NTFS partition to a FAT partition do not retain
their attributes or security descriptors, but will retain their
long filenames.
-
Domains
-
Workgroup |
Recommended for networks containing under 20 users. Users
in this type of network administer all shares and methods of
access on their personal computers. |
Single Domain |
No trust relationships are involved in this domain model.
User and resource management is all controlled from a central
location. Can contain up to 40,000 user accounts, but is usually
recommended for 20-500 users. |
Single Master Domain |
A master domain is trusted by one or several domains. The
master domain should contain all user accounts while all the
trusting domains should contain resources. The master domain
provides central administration of user accounts while resources
can all be managed locally in each domain. Can contain up to
40,000 user accounts, and is usually recommended for 500-10,000
users. |
Muliple Master Domain |
Several master domains are setup with complete trusts between
each other, and all resource domains are setup to trust the
master domains. Is usually recommended for more than 10,000
users and can potentially scale to any size. |
Complete Trust Domain |
All domains in this model have complete trusts setup with
each other. |
Domain
A trusts Domain B. Domain A is trusting Domain B to access Domain
A's resources. Domain A is the trusting domain and Domain B is the
trusted domain.
The
arrow points from the trusting domain to the trusted domain.
A
two way trust is simply two one way trusts between two domains. In
this arrangement, each domains trusts the other domain's users to
access its resources.
-
Security
-
Share-Level Security - Governs user accesses a resource through the
network. Can be implemented on NTFS or FAT partitions. Applied through
the Sharing tab of the resource's properties.
File-Level
Security - Governs local user file and folder security on NTFS partitions
only. Applied through the Security tab of the resource's properties.
Share Security Levels
Full Control |
- Is assigned to the Everyone group by default.
- Allows user to take ownership of files and folders.
- Users can change file access rights.
- Grants user all permissions assigned by the Change and Read
levels.
|
Change |
- User can add and create files.
- Grants ability to modify files.
- User can change the attributes of the file.
- User can delete files.
- Grants user all permissions assigned by the Read level.
|
Read |
- User can display and open files.
- User can display the attributes of the file.
- User can execute program files.
|
No Access |
- User cannot display, access, or modify files.
|
-
Permissions
are cumulative, except for No Access, which overrides anything.
When
a resource has both File-Level and Share-Level Securities enabled,
the most restrictive security is given to the user.
File
permissions override the permissions of its parent folder.
Anytime
a new file is created, the file will inherit permissions from the
target folder.
The
priority of attributes to a file is:
1) File
2) Directory
3) Share
File attributes override directory attributes, which override share
attributes.
Copying within a partition |
Creates a new file resembling the old file. Inherits the target
folders permissions. |
Moving within a partition |
Does not create a new file. Simply updates directory pointers.
File keeps its original permissions. |
Moving across partitions |
Creates a new file resembling the old file, and deletes the
old file. Inherits the target folders permissions. |
-
-
Auditing
can be enabled in the User Manager. The Event Viewer is used to view
audited events.
When
using Event Viewer, only local administrators can see the security
log, but anyone (by default) can view other logs.
Only
Administrators and Server Operators have the rights to share folders
on an NT Server.
-
Groups
and Account Managment
-
Creating new accounts requires only two pieces of information: username
and password.
Duplicating
an account requires three pieces of information: username, password
and full name.
Disabling
an account is typically used when someone else will take the users
place or when the user might return.
Delete
an account only when absolutely necessary for space or organization
purposes.
When
copying a user account, the new user will stay in the same groups
that the old user was a member of. The user will keep all group rights
that were granted through groups, but lose all individual rights that
were granted specifically for that user.
NT
Default Accounts
Backup Operators |
Group designated for members to backup and restore computers
from tape. Backup Operators can only backup and restore from
tape when logged in locally to the computer. This group
is found on all NT Servers. |
Account Operators |
Group designated for members to manage user and group accounts.
This group is found only on Domain Controllers. |
Server Operators |
Group designated for members to manage resources, but cannot
manage user accounts. Can backup and restore from tape. This
group is found only on Domain Controllers. |
Replicator |
Group designated for NT computers to perform directory replication.
This group is found on all NT Servers. |
-
Global
groups - Groups which contain users with similar rights and requirements.
Can only be created on Domain Controllers, and can only contain
users in that specific domain.
-
Local
groups - Groups used to allow members to access resources in the
local computer/domain. Can be created on any NT system. Can contain
users from the local computer's database, users from the computer's
domain, or global groups from the computer's domain or a trusted
domain.
To allow a user from one domain to access to a resource
in another domain:
Joe, a member of domain A, needs to access the \\NTSERVER\VIP
share in domain B.
1) Create a trust relationship where domain B trusts domain
A.
2) Create a local group on the computer NTSERVER in domain
B. Grant proper access rights to the VIP directory.
3) Create a global group in domain A, and add Joe as a member.
4) Add the global group from domain A as a member to the
local group on NTSERVER in domain B.
|
-
Computer
accounts take .5 k of hard disk space.
-
User
accounts take 1k of hard disk space.
-
Global
group accounts take .5 k + 12 bytes/user of hard disk space.
-
-
- Local
group accounts take .5 k + 36 bytes/account of hard disk space.
The database size for a single domain should not exceed 40MB. If you
have a combination of computer, user and group accounts that exceed
40MB, you must use either the multiple master or complete trust model.
-
RAS
(Remote Access Services)
-
RAS is capable of using the following connection protocols:
- SLIP
- Has less overhead than PPP, but cannot automatically assign
an IP address, and only uses TCP/IP.
- PPP
- Can automatically assign IP addresses, supports encryption and
other protocols besides TCP/IP.
- RAS
- Used by Windows 3.x and Windows NT 3.x clients.
RAS
supports call back security to either the calling number or to a specified,
non-changing number.
RAS
for NT 4.0 supports multilink (the use of more than one modem to achieve
higher transmission speeds). Multilink cannot be used with
callback security unless there are two (or more) ISDN modems
configured on the same phone number.
RAS
uses NetBEUI as the default network protocol, but can also use TCP/IP
and IPX/SPX. TCP/IP will need to be used if you are using programs
that utilize the Windows Sockets (Winsock) interface over the RAS
services.
RAS
will default to the first network protocol on each side of the connection.
Thus, if NetBEUI is the first protocol that is in common, Winsock
applications (such as a web browser) will not be available to the
client.
To
speed up NetBIOS resolution on RAS clients, put an LMHOSTS file on
each client locally.
RAS
encryption settings
Allow any authentication including clear text |
This will allow RAS to use a number of password authentication
protocols including the Password Authentication Protocol (PAP)
which uses a plain-text password authentication. This option
is useful if you have a number of different types of RAS clients,
or to support third-party RAS clients. |
Require encrypted authentication |
This option will support any authentication used by RAS except
PAP. |
Require Microsoft encrypted authentication |
This option will only make use of Microsoft's CHAP (Challenge
Handshake Authentication Protocol). All Microsoft operating
systems use MS-CHAP by default. |
Require data encryption |
This option will enable the encryption of all data sent to
and from the RAS server. |
-
RAS
will write to a log file which can be used for troubleshooting RAS
services. In order to enable RAS to write to the log, you have to
enable it in the Registry.
-
Netware
-
NWLink (MS's version of the IPX/SPX protocol) is the protocol used
by NT to allow Netware systems to access its resources.
NWLink
is all that you need to run in order to allow and NT system to run
applications off of a NetWare server.
To
allow file and print sharing between NT and a NetWare server, CSNW
(Client Services for NetWare) must be installed on the NT system.
Both NWLink and CSNW are automatically installed when Gateway Services
for Netware is installed.
Gateway
Services for Netware can be implemented on your NT Server to provide
a MS client system to access your Netware server by using the NT Server
as a gateway. You must have a group account setup on the Netware server
called NTGATEWAY. In this Netware group you must add a user account
with the same name and password as the user account set up on the
NT server. This account on the NetWare server must have the necessary
permissions for the resources to be accessed.
NWLink
is automatically installed when Gateway Services for Netware is installed.
Frame
types for the NWLink protocol must match the computer that the NT
system is trying to connect with. Unmatching frame types will cause
connectivity problems between the two systems. If multiple frame types
are in use, you should manually specify each frame type. If NT is
set to auto sense the frame type it will only detect one frame type
and in the following order: 802.2, 802.3, Ethernet_II and 802.5 (token
ring).
Netware
3 servers uses Bindery (Preferred Server in CSNW).
Netware 4 servers use NDS (Default Tree and Context.)
There
are two ways to change a password on a netware server - SETPASS.EXE
and the Change Password option (from the CTRL-ALT-DEL dialog box).
The Change Password option is only available to Netware 4.x servers
using NDS.
-
Netware
Migration
-
To convert a Netware server to an NT Server, you will first need to
implement the NWLink and Gateway Services for Netware on the NT Server.
Once the conversion has completed, you will need to make sure all
Netware workstations have had the Microsoft (SMB) redirector installed
on their systems to access the NT Server. Alternatively, you can install
File and Print Services for Netware on the NT Server.
By
default, if a user account on the Netware server you are converting
has the same name as an existing user account on the NT server, the
account will not not be transferred. Use a mapping file to specify
a new user name or indicate that you want the NT user account to be
overwritten.
Use
a mapping file when you are converting several Netware servers and
they contain multiple user accounts with the same name. Also use a
mapping file to preserve passwords for the Netware user accounts.
Otherwise, the passwords will be blank upon conversion to NT.
-
Networking
-
Computer Name Resolution:
- DNS
(Domain Name Services) - Used to resolve DNS host name to an IP
address.
- WINS
(Windows Internet Naming Service) - Used to resolve NetBIOS computer
name to an IP address.
- HOSTS
- File which contains mappings between DNS host names and their
IP addresses. Must be maintained manually.
- LMHOSTS
- File which contains mappings between NetBIOS computer names
and their IP addresses. Must be maintained manually.
TCP/IP
is an internet protocol currently used for most networking situations.
Each computer using TCP/IP will contain a unique address in a x.x.x.x
format (where each x equals a number between 0 and 255) and
a subnet mask.
Subnet
mask - A value that is used to distinguish the network ID portion
of the IP address from the host ID.
Default
gateway - A TCP/IP address for the host which you would send packets
to, to be sent elsewhere on the network (typically a bridge or a router).
Common
TCP/IP problems are caused by incorrect subnet masks and default gateways.
Install
a WINS server in addition to a DNS server to alleviate traffic due
to b node broacasts.
If
bandwidth is hogged by a particular group of users on a TCP/IP network,
create a separate physical subnet by installing a 2nd NIC on the server,
installing a new hub, and putting the problem users on this hub.
UNIX
computers use the TCP/IP protocol.
NetBEUI
is a non-routable protocol that is used solely by Microsoft O/S's.
Universal
Naming Convention (UNC) - Universal network pathname which is integrated
into Microsoft systems. Named as \\computername\sharename, where computername
= the NetBIOS name of the computer, and sharename = the share name
of the folder.
Trap
messages are sent using SNMP (Simple Network Management Protocol).
-
Profiles
-
Profiles are the user settings which are loaded when a user logs in.
They can contain desktop and start menu preferences. These files can
be located either locally or on a server which has been mapped in
the User Manager.
NTUser.dat
and *.dat files are the typical, user-configurable profiles used.
NTUser.man
and *.man files are read-only. If the user attempts to configure their
desktop, the *.man file will not be updated. When the user logs in
again, it will restore the original profile.
You
may copy profiles using the User Profiles menu located under CONTROL
PANEL | SYSTEM PROPERTIES.
-
Policies
-
Policies take precedence over profiles.
Individual
policies take precendence over group policies.
Machine
policies take precedence over all policies.
If
there are multiple group policies, the will be applied in the order
as specfied Policy Editor (POLEDIT.EXE).
To
create a domain wide policy, use POLEDIT.EXE and save the policy as
NTconfig.pol in the NetLogon shared folder on the PDC. When a user
logs on, The NetLogon checks here to see if a policy exists.
If
you've made some polices and want to apply them to an existing domain
wide policy, select them in Policy Editor and select Copy. Next, open
NTconfig.pol in NetLogon and select Paste.
-
Printing
-
Microsoft uses the terminology "Print Device" to refer to
the physical piece of hardware, whereas a "Printer" is a
conceptual idea describing the icon in the Control Panel.
NT
4.0 has the option to maintain drivers for different operating systems
on the server. Each operating system uses different drivers. For example,
NT 4.0, NT 3.51 and Win95 systems cannot use the same print drivers.
By installing the drivers for each of these types of system on the
print server, each of these tpyes of clients can automatically download
the driver they need without manual installation.
NT
clients (3.51 and 4.0) automatically download updated drivers from
the server. Win95 machines will initially download print drivers but
will not automatically update to a newer version of the driver. Win
3.1x and DOS clients must have the drivers installed on each client
manually.
-
Print
Pooling - Consists of two or more identical print devices associated
with one printer.
-
Availability
- This option allows you to specify which hours the printer can
be printed to.
-
Priority
- This option specifies which virtual printer should print first
if other virtual printers are trying to print to the same physical
printer at the same time. Priorities range from 1 - 99 with 1 being
the lowest and 99 the highest.
You
can select Restart in the Document Menu of the printer to reprint
a document from the beginning. This is useful when a document is
printing and the printer jams. Resume can be selected to start printing
where you left off.
You
can change the directory containing the print spooler in the advanced
server properties for the printer.
To
remedy a stalled spooler, you will need to stop and restart the
spooler services in the Server Manager.
Printing
to a TCP/IP printer requires you to know the IP address and printer
name.
The
DLC protocol needs to be installed in order to connect to a HP print
server.
The
AppleTalk protocol needs to be installed to communicate with Apple
printers.
Use
the PCL.SEP separator to switch from PostScript to PCL.
Use
PSCRIPT.SEP separator to switch from PCL to PostScript.
-
Troubleshooting
-
To create a boot disk, format the diskette from the NT system you
want a boot disk for (Win 95 and DOS will not work), and copy over
the following files: NTLDR, NTDETECT.COM, BOOT.INI and NTBOOTDD.SYS
(SCSI only).
To
create an Emergency Repair diskette, you can choose to do so either
during the installation of NT, or you can run RDISK.EXE. When RDISK.EXE
is run with the /S option, the utility backs up user accounts and
file security.
To
use the Emergency Repair diskette, you will need to boot the server
with the NT installation boot diskettes, and choose to repair NT with
the Emergency Repair disk that was created.
The
Emergency Repair Process can a) inspect the registry files and return
them to the state on the repair disk, b) inspect the startup environment,
c) verify the system files and d) inspect the boot sector.
To
troubleshoot bootup problems, you can edit the Boot.Ini file and add
the /SOS switch to the end of the Windows NT entries in the [Operating
Systems] section of the Boot.Ini file to display driver names while
they are being loaded. The VGA startup option has /SOS added by default.
Use
the Last Known Good option on bootup to restore the system to a bootable
state if problems arise from switching video drivers or changing registry
settings.
Common
error codes:
- No
system or boot disk message when trying to dual-boot = BOOTSECT.DOS
is corrupt
- Copy
single file non-critical error - could not copy file = Occurs
when the file already exists on the hard drive and is in use.
-
Server
stop errors - In the System Properties -> Startup/Shutdown tab,
there are options to configure where you would like the Server stop
errors to be written. The errors are written to a .DMP file which
is readable by the program DUMPEXAM.EXE. You must have free space
in a swapfile on your boot drive equal to or larger than the amount
of physical RAM in your system in order to generate a dumpfile.
-
PDCs
and BDCs
-
To upgrade from a member server to a BDC or PDC, NT Server must be
reinstalled.
To
downgrade from a PDC or BDC to a member server, NT Server must be
reinstalled.
To
change a PDC to a BDC, or a BDC to a PDC, you must promote a BDC to
a PDC in the Server Manager. There is no "Demote" option,
only Promote a BDC. NT will disconnect the current PDC if online and
handle everything automatically.
A
BDC cannot automatically promote itself when the PDC becomes disconnected
from the network. A BDC will continue to service login requests during
the time that the PDC is unavailable.
-
Joining
Domains
-
To configure a member server or NT Workstation PC to participate in
a domain while not being physically connected to the domain, install
NT and configure the PC to be a member of a workgroup with the same
name. Once it is connected to the domain, configure it to join the
domain by making the appropriate changes in Control Panel->Network.
You
cannot configure a PC to be a BDC of a domain without being connected
to the domain. This is because it will not have the same Domain SID
as the domain you want to join.
-
Domain
Optimization
-
Regardless of domain model, if your network is separated physically
across slow WAN links, putting at least one BDC in each remote location
will speed up the logon process for users at that site.
Installing
a DHCP relay agent at each remote site will enable you to centrally
manage IP address assignment from one server but will increase WAN
traffic.
Installing
a WINS proxy server at each remote site will reduce local subnet traffic
by intercepting b-node broadcast frames from non-WINS enabled clients.
It will also reduce WAN traffic by using a local cache for resolution
when possible.
To
provide WINS redundancy, install a WINS server at each remote site
and make them push-pull partners with the master WINS server. While
this will provide WINS fault tolerance, it will increase WAN traffic.
If
you have several NT Servers acting as routers between the subnets
in your TCP/IP based network, installing RIP for IP on them will do
away with manually maintaining static routing tables, but will increase
traffic between the subnets.
-
Domain
Synchronization
-
The registry contains settings which set the time between synchronizations
of domain controllers. Synchronization can cause too much traffic
and slow the network down to unacceptable levels. In order to reduce
traffic, increase the value of the Domain Synchronization Pulse
(default 5 minutes) setting in the registry of the PDC, and decrease
the value of the PulseConcurrency (how many BDCs get synched
at once, default 20) setting in the registry of the PDC.
The
ReplicationGovernor key (default value 100) determines what
percentage of bandwidth can be used for synchronization.
-
Browser
Services
-
All NT systems have browser services available. The master browser
will maintain a browse list which contains a list of all workstations,
servers and domains on the network. There can be only one master browser
per subnet.
PDC is always the DOMAIN master browser and in case of PDC failure,
the Administrator MUST PROMOTE a BDC to a PDC for it to become the
DOMAIN master browser. The BDC does not become DOMAIN master browser
automatically..
You
can disable the ability of a system to become a master browser by
changing the value of MaintainServerList from AUTO to NO in
the registry.
-
ARC
Naming Convention
-
The Advanced Risc Computing (ARC) path is located in the BOOT.INI
and is used by NTLDR to determine which disk contains the operating
system.
multi(x) |
Specifies SCSI controller with the BIOS enabled, or non-SCSI
controller.
x=ordinal number of controller. |
scsi(x) |
Defines SCSI controller with the BIOS disabled.
x=ordinal number of controller. |
disk(x) |
Defines SCSI disk which the OS resides on.
When multi is used, x=0. When scsi is used, x=
the SCSI ID number of the disk with the OS. |
rdisk(x) |
Defines disk which the OS resides on. Used when OS does not
reside on a SCSI disk.
x=0-1 if on primary controller. x=2-3 if on multi-channel EIDE
controller. |
partition(x) |
Specifies partition number which the OS resides on.
x=cardinal number of partition, and the lowest possible value
is 1. |
multi(0)disk(0)rdisk(0)partition(1).
These are the lowest numbers that an ARC path can have.
-
Performance
Monitor
-
-
Memory
- add more RAM if you detect problems with the following:
- Pages/sec
- excessive disk paging. Should not be above 20.
- Available
bytes - virtual memory available. Should not be below 4MB.
- Commited
bytes - memory being used by applications. Should be less than
RAM in computer.
-
CPU
- upgrade the processor if you detect problems with the following.
- %Processor
time - amount of time the processor is in use. Upgrade if constantly
over 80%.
-
System
Object: Processor Queue Length - should not be over 2.
-
Disks
- upgrade hard disk or controller, add another hdd controller to
balance the load, or implement disk striping for multiple I/O channels
if receiving inadequate disk performance.
- %Disk
Time Counter - amount of time the disk is in use. Should not be
over 90%.
- Current
Disk Queue Length - files in disk queue. Should not be over 2.
Must
run DISKPERF -Y to enable disk performance counters.
Alert
view allows alerts to be made when the counters surpass the threshold
you set.
Log
view allows the tracked objects to be written to a log file. Used
to create a baseline for future reference.
Report
view gives the ability to present a consice report of current statistics.
-
Network
Monitor
-
Use Network Monitor to capture packets going to and from an NT Server.
Use
a capture filter to specify what kind of packets to catch.
Use
a display filter to filter packets that have already been caught.
Use
the <--> symbol to capture by address.
To
capture packets that are coming to the NT Server from a particular
workstation, use the following syntax in your capture filter. Assuming
the workstation is named NTSYSTEM1:
- INCLUDE
ANY <-- NTSYSTEM1
To
filter by a particular frame of a property of a protocol (e.g. certain
command), type in the name of the protocol followed by a colon, then
the property of the protocol followed by two equal signs and finally,
the hex number of the frame type. Example:
- SMB:Command==0x0(Make
Directory)
|