Transcript Presentation8 - University Of Worcester

COMP2122
Network
Operating Systems
Richard Henson
University of Worcester
November 2010
Week 8: More on
Windows NT/2000/XP/etc…

Objectives:
 Explain how Windows 2000 & DOS became XP
(client) & 2003 (server)
 Explain why user and system settings need to be
controlled on networked machines
 Explain the role of the registry in NT series
configuration, usability, and security
 Select appropriate software tools for sharing data
and resources between NT series and Netware
networks
 Select appropriate software tools for
system/network monitoring and troubleshooting
Platforms for
Operating Systems

Intel platform survived threats from RISC
architecture…
 alpha platform never that popular
 rights to alpha chip bought by Intel


Success of XP on Intel at client end
suppressed predicted (and expected)
popularity of Linux on Intel platform
Apple platform had a chance to emerge and
develop a good range of apps
 success of i-player & i-phone
 Microsoft’s disastrous (mis)launch of Vista!
“Recent” Developments:
Integration of Windows & NT

Continued success of Intel platform:
 thanks to successful integration of good features
of DOS/Windows with NT produced a hybrid
operating system:
» low level stability and reliability of NT
» popular user interface of Windows

Client end (late 2001)
 2000 professional -> XP professional
» addition of a new (GDI+) interface
» XP home a partly diabled version of XP Professional
“Recent” developments:
Windows 2003

2000 server -> 2003 server
developments took a little longer…

Noteworthy extra features:
GDI+ interface
Enhanced active directory
Group policy management console
BIOS Developments

Earlier motherboards had a single chip
containing the BIOS on ROM and a writeable
CMOS area
 the command line interface invoked was 16-bit

More recent motherboards use EFI
(Extensible Firmware Interface)
 uses a 32-bit command line
 only really exploited with Windows 7…
Hard Disk Interface
Developments

Until about 2004, two main choices:
 IDE (integrated disk environment)
» desktop, two hard disk supported per interface
 SCSI (small computer system interface)
» server, up to seven supported per interface
» extra wide SCSI supports many more…

New, faster SATA interface popular from
2004:
 alternative to IDE & SCSI
 not initially supported by Windows 2003 Server…
More about booting
to an Intel platform

BIOS should “point” to selected medium
that medium needs to have “a bootable
partition”
different media prepared in different ways
» hard disk still the conventional boot medium

could have a number of partitions
» boot medium must contain a “boot loader”


contains “master boot record” (MBR)
points to the partition contain the operating system
» CDs & USBs only have one partition

MBR still needs to include a path to operating system files
Partitions, Hard Disks and
Calling Operating Systems


MBR must be on the first (C:) partition
Possible to have different operating systems
on the same hard disk…
 varieties of Windows
 varieties of Unix…

BUT…
 Master Boot Record systems different on Unix and
Windows
 still possible to have ONE Unix partition…
Rapid Boot-up with
Windows 7 (1)

Huge improvements in time to logon
screen…
32-bit colour animation appears at an early
stage
» driven by the CPU (& using EFI)

graphics card not yet initiated…
meanwhile, operating system's kernel and
critical device drivers are loading into
memory in the background…
Rapid Boot-up with
Windows 7 (2)

Early stage of boot process is i/o bound:
loading the kernel
device driver files
other system component files

Dimensions of the boot animation
limited to a small region of the screen
avoid i/o delay loading animation images
during the early stage of boot…
Rapid Boot-up with
Windows 7 (3)

Changes to the boot “architecture”
 Windows 7 animation happens as the process
moves along
» contrast with Vista, where the pear animation comes only
after the boot sequence is complete…
 fewer transitions in graphics mode during
initialisation of the graphics subsystem and
Windows shell
» again, c.f. Vista, where screen flashes black a few times..

Sound plays BEFORE user login starts…
More on Network Logon

Rapid local boot is fine…
but most organisational computers are on
networks…
“Policies”: Controlling User
and System Settings

Essential part of any network administrator’s
job!
 could be 100s or 1000s of systems, & users

System settings often a major issue
 different types of system need different settings
 system settings for a given computer may need to
be changed for particular users e.g. to change
screen refresh rate for epileptics

User settings more a matter of convenience
 mandatory profiles - all same desktop settings!
 roaming profiles - desktop settings preserved
between user sessions
Storage of Settings:
The Windows Registry

First made available to simplify configuration
in Windows 95
 effectively replaced all settings in:
» CONFIG.SYS (DOS system), AUTOEXEC.BAT (DOS
user)
» SYSTEM.INI (Windows system) and WIN.INI (Windows
user)

Principles later extended in Windows NT v4
to allow system and user settings to be
configured for computers within a network
What is The Registry?


A hierarchical store of system and user
settings
Five basic subtrees:
 HKEY_LOCAL_MACHINE : local computer info.
Does not change no matter which user is logged on
 HKEY_USERS : default user settings
 HKEY_CURRENT_USER : current user settings
 HKEY_CLASSES_ROOT : software config data
 HKEY_CURRENT_CONFIG : “active” hardware
profile

Each subtree contains one or more subkeys
Location of the Windows Registry

In a subfolder…
 c:\windows\system32\config

Six files (no extensions):
 Software
 System – hardware settings
 Sam, Security
» not viewable through regedt32
 Default – default user
 Sysdiff – HKEY USERS subkeys
 Also to be considered: ntuser.dat
» user settings that override default user
Emergency Recovery if
Registry lost or badly damaged

Backup registry files created during text-based
part of windows installation
 also stored in:
» c:\windows\system32\config
» have .sav suffix
 only updated if “R” option is chosen during a
windows recovery/reinstall

Another NEVER UPDATED backup is saved to
C:\windows\repair
 contains no user and software settings
 reboots back to the point:
» “Windows is now setting up”
Backing up the Registry

Much forgotten… an oversight that may later
be much regretted!!!
 can copy to tape, USB stick CD/DVD, or disk
 rarely more than 100 Mb

Two options;
 Use third-party backup tool
» e.g http://www.acronis.co.uk
 Use windows “backup”
» not recommended by experts!
» but already there & does work!
» to copy the registry if this tool is chosen, a “system state”
backup option should be selected
Editing Registry Settings


Contents should not be changed manually
unless you really know what you are doing!!!
Special command line tools available for
editing individual system settings:
 REGEDT32 is used to edit registry settings on
Windows NT systems

Registry data that is loaded into memory can
also be overwritten by data:
 from local profiles
 downloaded across the network…
System Policy File



A collection of registry settings downloaded
from the domain controller during logon
Can apply different system settings to a
computer, depending on the user or group
logging on
Can overwrite:
 local machine registry settings
 current user registry settings

Should therefore only be used by those who
know what they are doing!!!
System Policy File


Saved as NTCONFIG.POL
Normally held on Domain Controllers
 read by local machine during logon procedure
 provides desktop settings, and therefore used to
control aspects of appearance of the desktop

Different NTCONFIG.POL settings can be
applied according to:
 User
 Group
 Computer

Users with roaming profiles additionally save
desktop settings to their profile folders
Active Directory

Microsoft equivalent of Novell’s NDS (Network
Directory Structure)
 An LDAP network-wide directory service for
providing paths to files and services

Available from Windows 2000 onwards
 of limited use on networks with NT v4 clients

All domain controllers contribute to, share, and
are part of the Active Directory system
 data on network resources, services & users all
stored in a single file
» ntds.dit
 tools available for AD system management
» e.g. ntdsutil
Structure of
Active Directory

A hierarchical
system of
organisational
data objects
i.e. domains

A Tree can be
» a single
domain
» group of
domains
Domain Trees & Forests

Domain objects divide into organisational
units (OUs)
 Microsoft recommend using OUs in preference to
domains for imposing structure for admin
purposes
» an OU could contain several domains
» logically linked together through “trusts”

“Forest” contains data needed to connect all
objects in the tree, and connect different trees
 trees can also be logically linked together through
“trusts”
Active Directory and DNS
DNS is the Internet-based system for
naming computers that participate in the
Internet
 In Active directory, each domain in the
tree has a unique DNS identity

and therefore a unique IP address
can cause confusion when setting up
domain structure!!
Redirector
(Workstation Service)

Implemented as a file system driver
 intercepts if local file system cannot find the file or
service, and sends it out to active directory to locate the
data object


Communicates with transport protocols & lower
layers via Transport Driver Interface (TDI)
TDI allows independence of networking
components along OSI lines between layers 2, 3
&4
Redirector
(Workstation Service)

Adherence to OSI layers makes it possible to
independently add or remove:
 transport protocols (layers 3 & 4)
 network cards (layers 1 & 2)

without reconfiguring the whole system
Completely transparent in its interception of
i/o calls
 esp. important when applications are being used
Server Service

Like the redirector:
 implemented as a file system driver
 communicates with lower layers via TDI


Supplies the network connections
requested by the redirector
Receives requests via adapter card
drivers, transport protocol (e.g. TCP/IP),
and TDI
Running Client-Server
Applications

Client process and Server process essential
to provide a mechanism for:
 pipes to link processes that need bi-directional
communication
 mailslots to link processes only requiring onedirectional communication
 running Winsock to manage the communicational
channel
 RPCs (Remote Procedure Calls) allowing
distributed applications to make calls to
procedures anywhere on the network
File and Print Sharing

Shared resource access requires use of
 redirector
 server service…

Multiple UNC Provider allows connection to a
resource on any computer that supports UNC
Universal Naming Convention) names
 Files \\server\shared folder[\sub-folder]\filename)
 Printers \\server\shared printer

Multiple Provider Router supports multiple
redirectors
Microsoft TCP/IP stack



Differs from UNIX TCP/IP (e.g. no FTP, SMTP
or Telnet)
DNS is available as a network service
Application layer components:
 Windows sockets - to interface with sockets-based
applications
 NetBT - to interface with NetBIOS applications

SNMP, TCP, UDP, IP as with Unix protocol
stack
Configuring
Windows 2000 Protocols
Requires local administrator access!!
 1. Need to find to “Local Area
Connection”:

either through Control Panel/Network &Dial
up connections
or by right-clicking on Network Places and
choosing Properties

2. Right click on Local Area
connection…
Configuring Windows 2000
Protocols - continued
Upper box (greyed) allows configuration
of NDIS compatible network card
drivers – operating at OSI levels 1 & 2
 Lower box (scroll down) allows
installation/configuration of protocols:

Microsoft TCP/IP (levels 3 & 4)
NWlink IPX/SPX compatible (3 & 4)
NetBEUI (level 3 only)
Windows 2000
TCP/IP Configuration
Locate and double-click TCP/IP
 If DHCP (dynamic host configuration
protocol) is running, IP addressing is
dealt with automatically by the DHCP
server
 Otherwise, three IP addresses need to
be added:

Local static machine IP address
Subnet mask
Default gateway
TCP/IP Configuration

Local machine IP address
 DHCP protocol can automatically assign IP
addresses from a Windows 2000 server machine
running DHCP server
 Alternatively, a static IP address can be keyed in
manually

Subnet mask:
 normally 255.255.255.0 for small networks
 255.255.x.0 for larger networks
» x -> 0 as the network gets larger

Default gateway is the IP address of the LANInternet interface computer…
Windows TCP/IP utilities



Located in the system32 directory
Not available from the GUI
Only accessible via the NT prompt (Ping
(packet internet groper):
 FTP
 Telnet
 Finger (retrieval of system information from a
computer running TCP/IP & finger
 ARP (displays local IP addresses according to
equivalent MAC or “physical” addresses)
 ipconfig (displays local IP configuration)
 tracert (checks route to a remote IP address)
NWlink (Microsoft 32-bit
version of IPX/SPX)
Microsoft’s implementation of Novell’s
IPX/SPX protocol
 Only needed if a Windows network
needs connectivity with a Novell network

enables devices on an NT network to
communicate with Novell servers

Uses Winsock as application protocol to
complete the stack
NWlink (Microsoft 32-bit
IPX/SPX)

IPX works with MAC addresses
 protocol therefore needs to be configured for frame
type:

double-click on IPX/SPX in protocols tag
 type in correct IEEE frame type for the
corresponding Netware Server:
» e.g. 802.2, 802.3, 802.5, 802.11

Automatic configuration:
 only one frame type supported

Manual configuration:
 several frame types possible
 unique IPX number included for each
Network Bindings



Binding is about linking network components
at the different OSI levels together to enable
communication
With NT, this is about linking the redirector &
server service with the transport protocol and
(via NDIS) adapter card drivers
Binding is done automatically when:
 there is a change of protocol, or protocol settings
 different network adapter drivers are installed
 existing adapter card settings are altered
Connectivity with Netware
networks

A number of available (nwlink) services:
 Client Service for NetWare (CSNW)
» allows NT/2000 clients to access file & print services on
a Netware server
 Gateway Service for Netware (GSNW)
» Allows NT/2000 servers to access file & print services &
can be used as a migration path from a Netware Server
to NT
 File and Print Services for Netware
» Allows an NT/2000 server to function as a Netware file &
print server
 Netware Migration Tool
» Allows users, groups, volumes, folders, files, to be
transferred to an NT/2000 server with existing security
intact
WINS (Windows Internet
Names Service)






Client-server protocol
Manages a dynamic database of IP addresses
and local network (NetBIOS) names
Used on Windows TCP/IP networks to enable
computer devices to communicate using IP
Clients request IP addresses for particular
NetBIOS names
WINS server provides that information
Alternative system: LMHosts – static database
Terminal Services

Allows any PC running a version of
Windows to remotely run an NT series
server
uses a copy of the server’s desktop on the
client machine
Client tools must be installed first, but the
link can run with very little bandwidth
 Therefore possible to remotely manage a
server thousands of miles away using a
phone connection…

Remote Access Service

RAS also allows access to an NT network
through routes such as:
 PSTN
 X25
 ISDN


Uses PPP (Point to Point protocol)
Also supports use of PPP Multilink protocol,
which allows a combination of
communications links and multiple links to be
used
Remote Access Service

Also provides capability for VPNs (Virtual
Private Networks) using secure Internet
access
 using PPTP (point-point tunnelling protocol)


Standard username/password authentication
still required for all remote logins
Can be used as a Gateway for NetBIOS
names or (using IPX) to remotely gain access
to Novell Netware services
RAS & Secure Remote Login


To login remotely, user must have a valid
username/password and RAS dial-in
permission
RAS can use “call back” security:
 Server receives a remote request for access
 Server makes a note of the telephone number
 Server calls the remote client back, guaranteeing
that the connection is made from a trusted site


Login information is encrypted by default
All remote connections can be audited
Internet Information Server (IIS)

Microsoft’s Web Server
 can also provide ftp or smtp publishing service

Purpose:
 make html pages available:
» as a local www service
» across the network as an Intranet
» across trusted external users/domains as an Extranet
 run server-scripts in communication with client
browsers


Sets up its own directory structure for
developing Intranets, Extranets, etc.
Access to any IIS service can be restricted
using username/password security
Internet Information Server

Can allow anonymous remote login:
 Uses a “guest” account – access only to files that
make up the Intranet
 Anonymous login prevents trying to hack in
through guessing passwords of existing users

Provides the software connectivity for a
server-side interface that can connect clientserver Internet applications such as ASPs
(Active Server Pages) to online databases
Troubleshooting Resources

Task Manager
 Applications tab just gives the name and status of
each application that is loaded into memory
 Processes tab:
»
»
»
»
all system processes
Memory usage of each
% CPU time for each
Total CPU time since boot up
 Performance tab
» Total no. of threads, processes, handles running
» % CPU usage


Kernel mode
User mode
» Physical memory available/usage
» Virtual memory available/usage
Troubleshooting Resources

Event viewer
 System events recorded into “event log” files
» Three with NT: system, auditing, application
» Customisable with 2000
 New files daily, old ones archived by default
 Three types of events:
» Information
» Warning
» Error
 More information for each event obtained by
double-clicking
 Wise to check events regularly, and sort out
potential problems before they become real
ones…
Troubleshooting Resources

NT Diagnostics
 Hardware & operating system data from registry

Performance Monitor
 Can monitor many aspects of system performance
 Either display current data graphically, in real-time
 or log data at regular intervals to get a longer term
picture
Troubleshooting Resources


Network Monitor (NT)
System Monitor (2000)
 Captures, filters, or analyses frames or packets sent over the
network

Alerts
 Notify administrator when a particular threshold value has
been reached

System Recovery
 If a fatal error occurs:
» a dump of system memory is made, and can be used for
identifying the cause of the problem
» alerts are sent to users
» system is restarted automatically