Microsoft Windows 2000 Administrator's Pocket Consultant


"Microsoft Windows 2000 Administrator's Pocket Consultant" is the concise, easy-to-use guide for Windows 2000 administrators — the portable, readable reference that they'll want on their desktops at all times. Above all, it's designed for quick access so administrators can find what they're looking for right away. It has an expanded table of contents and a complete index for finding answers fast, plus quick-reference tabs for finding specific information and chapters. This hands-on guide covers both the Windows 2000 Professional and the Windows

... See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (19) from $1.99   
  • New (2) from $29.51   
  • Used (17) from $1.99   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any coupons and promotions
Seller since 2015

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2008

Feedback rating:


Condition: New

Ships from: Chicago, IL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Sort by
Sending request ...


"Microsoft Windows 2000 Administrator's Pocket Consultant" is the concise, easy-to-use guide for Windows 2000 administrators — the portable, readable reference that they'll want on their desktops at all times. Above all, it's designed for quick access so administrators can find what they're looking for right away. It has an expanded table of contents and a complete index for finding answers fast, plus quick-reference tabs for finding specific information and chapters. This hands-on guide covers both the Windows 2000 Professional and the Windows 2000 Server versions, but because much of the information applies to previous versions of Windows as well, administrators of Windows NT 4.0 can also use it. They'll find to be an invaluable resource, both for supporting current Windows systems and for migrating to Windows 2000.

Read More Show Less

Product Details

  • ISBN-13: 9780735608313
  • Publisher: Microsoft Press
  • Publication date: 1/1/2000
  • Series: Pocket Consultant Series
  • Pages: 350
  • Product dimensions: 5.52 (w) x 7.99 (h) x 1.47 (d)

Meet the Author

William R. Stanek is an award-winning author who's written more than 100 books, including Windows Server 2012 Inside Out, Windows 8 Administration Pocket Consultant, and Microsoft SQL Server 2012 Pocket Consultant. He is the series editor for the Pocket Consultant line of books.

Read More Show Less

Read an Excerpt

Chapter 8: Creating User and Group Accounts

A key part of your job as an administrator is to create user accounts, and this chapter will show you how to do that.

User accounts allow Microsoft Windows 2000 to track and manage information about users, including permissions and privileges. When you create user accounts, the primary account administration tools you use are

  • Active Directory Users And Computers, which is designed to administer accounts throughout an Active Directory domain.
  • Local Users And Groups, which is designed to administer accounts on a local computer.

Creating domain accounts as well as local users and groups is covered in this chapter.

User Account Setup and Organization

The most important aspects of account creation are account setup and organization. Without the appropriate policies, you could quickly find that you need to rework all your user accounts. So before you create accounts, determine the policies you'll use for setup and organization.

Account Naming Policies

A key policy you'll need to set is the naming scheme for accounts. User accounts have display names and logon names. The display name (or full name) is the name displayed to users and the name referenced in user sessions. The logon name is the name used to log on to the domain. Logon names were discussed briefly in the section of Chapter 7 entitled "Logon Names, Passwords, and Public Certificates."
Rules for Display Names
In Windows 2000, the display name is normally the concatenation of the user's first name and last name, but you can set it to any string value. The display names must follow these rules:
  • Local display names must be unique on a workstation.
  • Display names must be unique throughout a domain.
  • Display names must be no more than 64 characters long.
  • Display names can contain alphanumeric characters and special characters.
Rules for Logon Names
Logon names must follow these rules:
  • Local logon names must be unique on a workstation and global logon names must be unique throughout a domain.
  • Logon names can be up to 104 characters. However, it isn't practical to use logon names that are longer than 64 characters.
  • A Microsoft Windows NT version 4.0 or earlier logon name is given to all accounts, which by default is set to the first 20 characters of the Windows 2000 logon name. The Windows NT version 4.0 or earlier logon name must be unique throughout a domain.
  • Users logging on to the domain from Windows 2000 computers can use their Windows 2000 logon name or their Windows NT version 4.0 or earlier logon name, regardless of the domain operations mode.
  • Logon names can't contain certain characters. Invalid characters are
    " / \ [ ] : ; | = , + * ? < >
  • Logon names can contain all other special characters, including spaces, periods, dashes, and underscores. But it's generally not a good idea to use spaces in account names.

Although Windows 2000 stores user names in the case that you enter, user names aren't case sensitive. For example, you can access the Administrator account with the user name Administrator or administrator. Thus, user names are case aware but not case sensitive.
Naming Schemes
You'll find that most small organizations tend to assign logon names that use the user's first or last name. But you can have several Toms, Dicks, and Harrys in an organization of any size. So rather than having to rework your logon naming scheme when you run into problems, select a good naming scheme now and make sure other administrators use it. For naming accounts, you should use a consistent procedure that allows your user base to grow and limits the possibility of name conflicts and ensures that your accounts have secure names that aren't easily exploited. If you follow these guidelines, the types of naming schemes you may want to use include:
  • User's first name and last initial You take the user's first name and combine it with the first letter of the last name to create the logon name. For William Stanek, you would use williams or bills. This naming scheme isn't practical for large organizations.
  • User's first initial and last name You take the user's first initial and combine it with the last name to create the logon name. For William Stanek, you would use wstanek. This naming scheme isn't practical for large organizations, either.
  • User's first initial, middle initial, and last name You combine the user's first initial, middle initial, and last name to create the logon name. For William R. Stanek, you would use wrstanek.
  • User's first initial, middle initial, and first five characters of the last name You combine the user's first initial, middle initial, and the first five characters of the last name to create the logon name. For William R. Stanek, you would use wrstane.
  • User's first name and last name You combine the user's first and last name. To separate the names, you could use the underscore character ( _ ) or hyphen (-). For William Stanek, you could use william_ stanek or william-stanek.

In tight security environments, you can assign a numeric code for the logon name. This numeric code should be at least 20 characters long. Combine this strict naming method with smart cards and smart card readers to allow users to quickly log on to the domain. Don't worry, users can still have a display name that humans can read.

Password and Account Policies

Windows 2000 accounts use passwords and public certificates to authenticate access to network resources. This section focuses on passwords.
Secure Passwords
A password is a case-sensitive string that can contain up to 104 characters with Active Directory directory service and up to 14 characters with Windows NT Security Manager. Valid characters for passwords are letters, numbers, and symbols. When you set a password for an account, Windows 2000 stores the password in an encrypted format in the account database.

But simply having a password isn't enough. The key to preventing unauthorized access to network resources is to use secure passwords. The difference between an average password and a secure password is that secure passwords are difficult to guess and crack. You make passwords difficult to crack by using combinations of all the available character types-including lowercase letters, uppercase letters, numbers, and symbols. For example, instead of using happydays for a password you would use haPPy2Days&, Ha**y!dayS, or even h*PPY%d*ys.

Unfortunately, no matter how secure you initially make a user's password, eventually the user usually chooses the password. Because of this, you'll want to set account policies. Account policies are a subset of the policies configurable as a group policy.

Setting Account Policies
As you know from previous discussions, you can apply group policies at various levels within the network structure. You manage local group policies in the manner discussed in the section of Chapter 4 entitled "Managing Local Group Policies." You manage global group policies as explained in the section of Chapter 4 entitled "Managing Site, Domain, and Unit Policies."

Once you access the group policy container you want to work with, you can set account policies by completing the following steps:

  1. As shown in Figure 8-1, access the Account Policies node by working your way down the console tree. Expand Computer Configuration, then Windows Settings, and then Security Settings.
  2. You can now manage account policies through the Password Policy, Account Lockout Policy, and Kerberos Policy nodes.
    Kerberos policies aren't used with local computers. Kerberos policies are only available with group policies that affect sites, domains, and organizational units.
  3. To configure a policy, double-click its entry or right-click on it and select
  4. Security. This opens a Properties dialog box for the policy.
  5. For a local policy, the Properties dialog box is similar to the one shown in Figure 8-2. The effective policy for the computer is displayed but you can't change it. You can change the local policy settings, however. Use the fields provided to configure the local policy. For a local policy, skip the remaining steps; those steps apply to global group policies.
    Site, domain, and organizational unit policies have precedence over local policies.

    For a site, domain, or organizational unit, the Properties dialog box is similar to the one shown in Figure 8-3.

  6. All policies are either defined or not defined. That is, they are either configured for use or not configured for use. A policy that isn't defined in the current container could be inherited from another container.
  7. Select or clear the Define This Policy Setting check box to determine whether a policy is defined.

Policies can have additional fields for configuring the policy. Often, these fields are option buttons labeled Enabled and Disabled. Enabled turns on the policy restriction. Disabled turns off the policy restriction.

Specific procedures for working with account policies are discussed in the sections of the chapter entitled "Configuring Password Policies," "Configuring Account Lockout Policies," and "Configuring Kerberos Policies." This chapter's next section, "Viewing Effective Policies," will teach you more about viewing the effective policy on a local computer.

Viewing Effective Policies

When working with account policies and user rights assignment, you'll often want to view the effective policy on a local system. The effective policy is the policy being enforced and, as discussed in Chapter 4 under "Group Policy Management," the effective policy depends on the order in which you apply the policies.

To view the effective policy on a local system, complete the following steps:

  1. Access the local policy for the system you want to work with, as explained in the section of Chapter 4 entitled "Managing Local Group Policies." Or select Local Policy Settings on the Administrative Tools menu (if these tools are installed and you're currently logged on to the computer you want to examine).
  2. Access the policy node that you want to examine. Figure 8-4 shows the Password Policy node.
  3. With local policies, the Computer Setting column is replaced by a Local Setting column and an Effective Setting column. The Local Setting column shows the local policy settings. The Effective Setting column shows the policy settings that are being enforced on the local computer.
  4. If there are policy conflicts that you want to track down, review the sections of Chapter 4 entitled "In What Order Are Multiple Policies Applied?" and "When Are Group Policies Applied?"

Configuring Account Policies

As you learned in the previous section, there are three types of account policies: password policies, account lockout policies, and Kerberos policies. The sections that follow show you how to configure each one of these policies.

Configuring Password Policies

Password policies control security for passwords and they include:
  • Enforce Password History
  • Maximum Password Age
  • Minimum Password Age
  • Minimum Password Length
  • Passwords Must Meet Complexity Requirements
  • Store Password Using Reversible Encryption For All Users In The Domain
The uses of these policies are discussed in the following sections.
Enforce Password History
Enforce Password History sets how frequently old passwords can be reused. You can use this policy to discourage users from changing back and forth between a set of common passwords. Windows 2000 can store up to 24 passwords for each user in the password history. By default, Windows 2000 stores one password in the password history.

To disable this feature, set the size of the password history to zero. To enable this feature, set the size of the password history using the Passwords Remember field. Windows 2000 will then track old passwords using a password history that is unique for each user, and users won't be allowed to reuse any of the stored passwords.

To discourage users from cheating Enforce Password History, you shouldn't allow them to change passwords immediately. This will prevent users from changing their passwords several times to get back to their old passwords.
Maximum Password Age
Maximum Password Age determines how long users can keep a password before they have to change it. The aim is to periodically force users to change their passwords. When you use this feature, set a value that makes sense for your network. Generally, you use a shorter period when security is very important and a longer period when security is less important.

The default expiration date is 42 days, but set it to any value from 0 to 999. A value of zero specifies that passwords don't expire. Although you may be tempted to set no expiration date, users should change passwords regularly to ensure the network's security. Where security is a concern, good values are 30, 60, or 90 days. Where security is less important, good values are 120, 150, or 180 days.

Windows 2000 notifies users when they're getting close to the password expiration date. Anytime the expiration date is less than 30 days away, users see a warning when they log on that they have to change their password within so many days.
Minimum Password Age
Minimum Password Age determines how long users must keep a password before they can change it. You can use this field to prevent users from cheating the password system by entering a new password and then changing it right back to the old one.

By default, Windows 2000 lets users change their passwords immediately. To prevent this, set a specific minimum age. Reasonable settings are from three to seven days. In this way, you make sure that users are less inclined to switch back to an old password but are able to change their passwords in a reasonable amount of time if they want to.

Minimum Password Length
Minimum Password Length sets the minimum number of characters for a password. If you haven't changed the default setting, you'll want to do so immediately. The default is to allow empty passwords (passwords with zero characters), which is definitely not a good idea.

For security reasons, you'll generally want passwords of at least eight characters. The reason for this is that long passwords are usually harder to crack than short ones. If you want greater security, set the minimum password length to 14 characters.

Passwords Must Meet Complexity Requirements
Beyond the basic password and account policies, Windows 2000 includes facilities for creating additional password controls. These facilities are available in the password filters, which can be installed on a domain controller. If you've installed a password filter, enable Passwords Must Meet Complexity Requirements. Passwords are then required to meet the filter's security requirement.

For example, the standard Windows NT filter (PASSFILT.DLL) enforces the use of secure passwords that follow these guidelines:

  • Passwords must be at least six characters long.
  • Passwords can't contain the user name, such as stevew, or parts of the user's full name, such as Steve.
  • Passwords must use three of the four available character types: lowercase letters, uppercase letters, numbers, and symbols.
Store Password Using Reversible Encryption
Passwords in the password database are encrypted. This encryption can't normally be reversed. If you want to allow the encryption to be reversed, enable Store Password Using Reversible Encryption For All Users In The Domain. Passwords are then stored with reversible encryption and can be recovered in case of emergency. Forgetting a password in not an emergency situation. Any administrator can change user passwords....
Read More Show Less

Table of Contents

.BKF file extension, 319
%HomeDrive%, 191
%Home Path%, 191
%Processor_Architecture%, 191
    backup directory, 405-406
    environmental variables, 191
%UserName%, 191
10-tape rotation, backup schedule, 311-312

A (address) records, 439-440
access control
    DNS servers and, 448-450
    security model and, 138
    sharing and, 277
access control entries (ACEs), 138
access permissions
    account capabilities and, 150
    printers and, 376
account capabilities, 149-150
account disabled, 209
account expired, 209
account lockout policies, 209
    Account Lockout Threshold, 171-172
    Account Lockout Duration, 172
    Reset Account Lockout Threshold After, 172
account naming policies, 163-165
    naming schemes, 164-165
    rules for display names, 163-164
    rules for logon names, 164
account options, setting, 193
account policies
    Kerberos policies, 173-174
    lockout policies, 171-172
    password policies, 169-171
    setting, 166-168
    types of, 166
    viewing effective policies, 168
account restrictions, setting, 193
accounts, searching, 120-121
ACEs (access control entries), 138
Active Directory, 97-114
    administration tools for, 115-116
    auditing objects of, 306
    authorizing DHCP servers in, 389
    comparing with DNS domains, 103
Active Directory, continued
    comparing with NT domains, 5
    configuring, 5
    data store and, 110
    definition of, 3
    directory structure of, 109-110
    DNS and, 97-98, 427, 428
    domain forests and trees in, 99-100
    domains of, 99, 103
    global catalogs and, 110-112
    LDAP and, 113
    logical and physical structures of, 98
    object permissions in, 294
    operations master roles in, 113-114
    organizational units in, 100-101
    replication and, 112
    restoring, 329
    searching for users in, 189
    sites and subnets in, 102-103
    support tools for, 116-117
    Windows 2000 and, 104
    Windows 95/98 and, 107-109
Active Directory, administration of, 115-136
    accounts and shared resources, searching for, 120-121
    computer accounts, creating, 121-124
    computer accounts, managing, 121
    computer accounts, moving, 125
    computer accounts, resetting locked accounts, 124-125
    computer accounts, deleting, disabling, and enabling, 124
    computer accounts, viewing and editing, 124
    computers, joining to domain or workgroup, 126-131
    computers, managing, 125
    domain controllers, connecting to, 118-119
    domain controllers, installing and demoting, 131-132
    domain name master roles, viewing and transferring, 132-133
    domains, connecting to, 119
    domain-wide roles, viewing and transferring, 132
    global catalogs, configuring, 134
    organizational unit properties, viewing and editing, 135
    organizational units, creating, 134-135
    organizational units, moving, 136
    organizational units, renaming and deleting, 135
Active Directory, administration of, continued
    schema master roles, viewing and transferring, 134
    tools for, 115-118
Active Directory, using Windows NT with, 104-107
    mixed mode operations and, 105
    native mode operations and, 105-107
Active Directory Domains and Trusts, 100, 115
Active Directory Installation Wizard, 5
Active Directory-integrated primary, DNS server types, 429
Active Directory Users And Computers, 115, 117-131
    adding domain group accounts, 182-183
    adding domain user accounts, 177-179
    configuring group memberships, 184-185
    connecting to a domain, 119
    connecting to a domain controller, 118-119
    creating computer accounts, 122-124
    creating computer accounts on a workstation or server, 121-122
    creating user accounts, 163
    deleting, disabling, and enabling computer accounts, 124
    joining computers to domains or workgroups with existing connections, 126-128
    joining computers to domains or workgroups with new connections, 128-131
    managing computer accounts, 121
    managing computers, 125
    managing users, groups, computers and organizational units with, 101
    moving computer accounts, 125
    resetting locked computer accounts, 124-125
    searching for accounts and shared resources, 120-121
    starting, 117-118
    viewing advanced options, 119
    viewing and editing computer account properties, 124
active partition, hard disk drives, 221
Add Counters dialog box, 58-59
Add Printer Wizard, 363-370
    connecting to network printers, 369
    print device found, 363-365
Add Printer Wizard, continued
    print device not found, 365-368
Add/Remove Hardware utility, 9
Add/Remove Hardware Wizard
    installing/uninstalling hardware devices, 34-35
    managing hardware devices, 31
    troubleshooting hardware devices, 36
Add/Remove Programs utility, 9
address books, 189
address pools, 402
address records (A)
    adding, 439-440
administration. See network administration; system administration
administration, automating
    group policy management and, 69-83
    scheduling tasks and, 86-94
    user and computer script management, 83-86
Administrative shares, 287
administrative templates
    adding or removing, 82-83
    enabling, disabling and configuring, 82
    viewing, 80-81
Administrative Tools, 353
administrator account, 146
administrators group, 156-157
Advanced Server, configuring, 5
Advanced Tab, System utility, 24
    configuring virtual memory, 25-27
    creating, editing and deleting environment variables, 27-28
    setting application performance, 24-25
    setting recovery options, 30
    setting registry size, 27
    setting startup options, 29-30
    setting virtual memory, 25
alerts, 65-67
    adding with CNAME, 441
    Edit Alias dialog box and, 283
allocation unit size, 229
Apple Macintosh, creating shares on, 280
Application media pools, 336, 337
application performance, 24-25
application programming interface (API), NetBIOS, 407
    Computer Management console and, 20
    Task Manager and, 38-39
Application Server, configuring, 5
Archive attribute, backups and, 308
archives. See log archives
ARP utility, 13
AT utility, 13
    deleting tasks, 94
    scheduling tasks, 92-94
    viewing scheduled tasks, 93-94
auditing, 302-306
    auditing Active Directory objects, 306
    auditing files and folders, 304-305
    DHCP auditing, 390-392
    options for, 302-303
    printers and, 377
    setting auditing policies, 302-304
authentication protocols, 137-138
auto-loader tape systems, backup devices, 310-311

background processes, 37
backgrounds, adding to folders, 267-268
backup and recovery, 307-338
    backing up manually, 320-323
    backing up with Backup Wizard, 318-320
    Backup utility and, 312-318
    comparing differential and incremental backups, 309-310
    DHCP databases and, 405-406
    Emergency Repair disks and, 330-331, 332-333
    media pools and, 336-338
    planning for, 307-308
    recovering data manually, 326-328
    recovering data with Restore Wizard, 323-326
    Recovery Console and, 333-336
    remote systems and, 329
    restoring Active Directory, 329
    Safe Mode and, 331-332
    selecting devices and media for, 310-312
    setup boot disks and, 331
    types of backups, 308-309
    WINS database and, 424
backup devices
    auto-loader tape systems, 310-311
    digital audio tape (DAT) drives, 310
    disk drives, 311
    magnetic optical drives, 311
    removable desks, 311
    tape drives, 310
    tape jukeboxes, 311
backup directory, 405-406
Backup exclusions
    changing, 317-318
    creating, 316-317
    viewing and setting, 316
backup media, scheduling, 311-312
Backup utility, 312-318
    accessing, 312
    Backup Wizard and, 318-320
    extensions for special data types, 313-314
    general options of, 314-315
    key features of, 312-313
    Restore Wizard and, 323-326
    setting restore and backup options, 315-316
    viewing and setting exclusions, 316-318
Backup Wizard, steps in use of, 318-320
bad sectors, 235-237
basic disk configuration. See disk configuration, basic
b-node (broadcast node), 409
    editing for mirrored sets, 256
    updating, 229
boot disks
    creating, 330-331
    updating after adding partitions, 230-232
BOOTP (bootstrap protocol), 401
boot partitions, hard drives, 221
browsing, 358
built-in capabilities
    account capabilities and, 149-150
    user rights for groups in Active Directory, 153-154
    user rights for local groups, 154-155
built-in groups, 147
built-in local groups, 141
built-in user accounts, 145
burst-handling mode, WINS, 416

caching values, 454
canonical name records (CNAME)
    adding aliases with, 441
    definition of, 439
cascading style sheets (CSS), 266
CD-ROM drive properties, 274
Change permissions, 284
Check Disk utility (CHKDSK.EXE)
    checking drives for errors and bad sectors, 235-237
Check Disk utility, continued
    running from command line, 236
    running interactively, 237
    syntax for, 236
child domains
    creating, 436-438
    definition of, 98, 427
child objects, 296
CHKDSK.EXE. See Check Disk utility
Cipher utility (CIPHER.EXE), 241
CNAME (canonical name) records
    adding aliases with, 441
    definition of, 439
command-line utilities, 8, 13-14
comments, adding to folders, 267-268
Compact utility (COMPACT.EXE), 239-240
    backups and, 319
    NTFS file systems and, 230
compression utilities. See Compact utility; Expand utility
computer accounts
    creating, 121-124
    deleting, disabling, and enabling, 124
    group accounts and, 160-161
    managing, 121
    moving, 125
    resetting locked accounts, 124-125
    viewing and editing, 124
computer group policies, 71
Computer Management console
    accessing, 16
    connecting to other computers with, 17
    exporting information lists with, 18
    logging DNS activity with, 450
    managing DNS servers with, 431
    managing local and remote DHCP servers with, 388-389
    managing WINS server with, 411
    network administration with, 15
    sending console messages with, 17-18
    services and applications tools of, 20
    session management with, 289-293
    sharing local and remote folders using, 279-281
    starting and stopping DNS server with, 436
    storage tools of, 19-20
    system tools of, 19
    joining to domain or workgroup, 126-131
    managing, 125
computer startup/shutdown scripts, 83-85
    IP addresses, 344-348
    network adapters, 342
    printer drivers, 372-373
    printers, 371-379
    WINS resolution, 350-352
configuration data, data store, 110, 112
Configure Your Server utility, 5
console messages, 17-18
contact information
    fields of, 187-188
    setting for user accounts, 187-189
contiguous naming structure, 99
Control Panel utilities, 9-10
Convert utility (CONVERT.EXE), 230, 234-235
    syntax for, 234-235
    use of, 235
copy backups, 308
Copy command, 271-272
counter logs, 60-63
    alerts and, 65-67
    definition of, 56
    Performance Monitor and, 57-59
CPU. See system performance
Create Partition Wizard, 227-228
Create Shared Folder Wizard, 279
Create Volume Wizard, 248
CryptoPAK, 240
CSS (cascading style sheets), 266
Cut command, 272-273

daily backups, 309
daily tasks, scheduling, 90
DAT (digital audio tape) drives, backup devices, 310
data administration, 211
data backup and recovery. See backup and recovery
database corruption, backups and, 307
Data Encryption Standard (DES), 200
Data Encryption Standard, expanded (DESX), 240
data sharing, 277-306. See also shares
    auditing system resources and, 302-306
    connecting to network drives, 293-294
    file and folder permissions and, 297-301
    managing existing shares, 287-293
data sharing, continued
    managing share permissions, 284-287
    object management and, 294-297
    sharing folders on local and remote systems, 277-283
data store
    Active Directory and, 110
    definition of, 5
    types of data in, 110, 112
Date/Time utility, 10
defragmenting disks, 237-238
DES (Data Encryption Standard), 200
DESX (Data Encryption Standard, expanded), 240
Device Manager
    Computer Management system tools and, 19
    installing/uninstalling device drivers with, 32-34
    viewing and managing hardware devices with, 31-32
devices. See hardware devices
DHCP auditing
    enabling/disabling, 391
    log location and, 391
    log usage and, 391-392
    overview of, 391
DHCP console
    binding multihomed servers to IP address, 389-390
    configuring DHCP server with, 387
    configuring IP addressing with, 386-387
    managing scopes with, 400-402
    setting scope options on, 399-400
    updating DHCP statistics with, 390
DHCP databases, backup and recovery, 405-406
DHCP Server Properties dialog box, 390
dial-in privileges, 197-199
differential backups
    comparing with incremental backups, 309-310
    definition of, 308
digital audio tape (DAT) drives, backup devices, 310
    compressing, 239
    decrypting, 241
    deleting, 273
    encrypting, 240-241
    expanding, 240
    renaming, 273
    selecting, 271
Directory Service Client Setup Wizard, 109
directory structure, Active Directory, 109-110
disaster recovery plan, 329-336
    creating Emergency Repair disk, 330-331
    creating setup boot disks, 330-331
    recovering system with Emergency Repair disk, 332-333
    starting system in Safe Mode, 331-332
    working with Recovery Console, 333-336
discontiguous naming structure, 99
disk configuration, basic
    definition of, 220
    marking active partition for, 221
    rescanning disks and, 224
    types of drive sections for, 221
    upgrading to dynamic disk configuration, 222
disk configuration, dynamic
    changing to basic configuration, 223
    definition of, 220
    marking active partition for, 221
    moving to new system, 224
    reactivating, 223
    rescanning disks and, 224
    types of drive sections for, 221
Disk Defragmenter, 19, 237-238
disk drives, backup devices, 311
Disk List view, 217
Disk Management, 19, 215-220
    color coding partitions and, 226
    configuring drives with, 215-216
    creating mirrored set in, 253-253
    creating partitions and logical drives with, 226-229
    creating striped set with parity in, 255
    Disk List view of, 217
    drive properties information and, 218
    Graphical view of, 217
    managing existing partitions and drives with, 232-241
    managing volumes and volume sets with, 244-249
    partitioning drives with, 225
    Rescan Disk and, 224
    understanding drive status with, 219-220
    Volume List view of, 217
disk mirroring. See RAID 1: disk mirroring
disks. See hard drives
disk striping. See RAID 0: disk striping
disk striping with parity. See RAID 5: disk striping with parity
display names
    definition of, 163
    rules for, 163-164
Display utility, 10
distribution groups, 141. See also group accounts
DLL files, 266
DNS client, configuring, 348-350
DNS console
    adding remote servers, 435
    configuring full DNS integration with NetBIOS scopes, 455
    controlling access to servers outside organization, 448-450
    creating child domains, 436-438
    deleting domains or subnets, 436-438
    enabling/disabling dynamic updates, 447-448
    logging DNS activity, 450
    managing DNS servers, 431
    modifying SOA records, 444-446
    monitoring DNS server, 450-452
    notifying secondary servers of zone changes, 446-447
    removing servers, 435
    restricting zone transfers, 447
    setting caching and time-out values, 454
    setting zone type, 447
    starting and stopping DNS servers, 436
DNS host names, PING testing, 358
DNS records, 438-444
    adding address and pointer records, 439-441
    adding aliases with CNAME records, 441
    adding mail exchange servers, 442-443
    adding name server records, 443-444
    commonly used records, 439
    viewing and updating, 443-444
DNS registration, 350
DNS resolution, 348-350
    basic settings, 349
    DNS server addresses and, 349
    DNS suffixes and, 349-350
    registering connections and, 350
DNS servers
    access control and, 448-450
    adding remote servers, 435
    creating child domains, 436-438
    creating forwarding-only servers, 450
DNS servers, continued
    creating forwarding servers, 450
    creating non-forwarding servers, 449
    deleting domains or subnets, 436-438
    enabling/disabling IP address for, 448
    installing, 429-430
    managing configuration of, 448-450
    removing servers, 435
    starting and stopping servers, 436
    types of, 429
docked and undocked profiles, configuring, 23-24
document printing
    checking document properties, 382
    defaults for, 377
    pausing, resuming and restarting, 381
    removing documents and canceling print jobs, 381
    scheduling documents, 382
    setting priority of documents, 382
domain controllers
    Active Directory and, 5
    configuring Windows 2000 as, 4
    connecting to, 118-119
    installing and demoting, 131-132
domain data, 110, 112
domain forests, 99-100
domain local groups
    definition of, 141
    when to use, 143
domain name master roles
    operations master roles, 113
    viewing and transferring, 132-133
Domain Name System (DNS), 427-455. See also under DNS entries
    Active Directory and, 97-98
    comparing WINS with, 408
    configuring primary DNS server, 430-432
    configuring reverse lookups, 433-434
    configuring secondary DNS server, 432-433
    enabling on networks, 428-429
    installing DNS servers, 429-430
    integrating with Active Directory, 428
    integrating with DHCP, 392
    integrating with WINS, 452-455
    logging DNS activity, 450
    managing DNS configuration and security, 448-450
    managing DNS records, 438-444
    managing DNS servers, 434-438
    monitoring DNS servers, 450-452
    overview of, 427
Domain Name System (DNS), continued
    TCP/IP and, 383
    updating zone properties and SOA records, 444-448
    Active Directory domains and, 99
    connecting to, 119
    deleting, 436-438
    DNS organization and, 427
    managing, 434-435
    managing policies of, 72-75
domain trees
    Active Directory and, 99-100
    contiguous and discontiguous naming structures and, 99-100
domain user accounts. See also user accounts
    copying, 207-208
    creating, 177-180
    definition of, 139
DOS, accessing long file names, 262-263
drive letters, assigning, 225-226, 233
drive paths
    adding/removing, 232-233
    assigning, 226
drive properties, 274
drivers, installing/uninstalling, 32-34
drivers, printers, 372-373
    configuring for network clients, 372-373
    troubleshooting, 359-360
    updating, 372
drives. See hard drives
dynamic disk configuration. See disk configuration, dynamic
Dynamic Host Configuration Protocol (DHCP), 383-406. See also under DHCP entries
    auditing and troubleshooting, 391-392
    authorizing servers in Active Directory, 389
    backing up and restoring database, 405-406
    binding multihomed servers to IP address, 389-390
    checking IP addresses with IPCONFIG, 384-385
    configuring DHCP servers, 389-392
    connecting to remote servers, 386-387
    DHCP client and, 383-386
    DHCP console and, 386-387
    DHCP servers and, 386
Dynamic Host Configuration Protocol (DHCP), continued
    DNS integration and, 392, 427
    dynamic IP addressing with, 343, 346-347
    exclusion ranges and, 402-403
    installing components, 386-392
    IP addresses and, 383-384, 392-393
    leases/reservations and, 403-405
    managing scopes and, 385-386, 394-402
    name resolution methods, 409
    saving and storing DHCP configuration, 394
    starting and stopping DHCP servers, 388-389
    updating DHCP statistics, 390
    viewing scope statistics, 402
dynamic IP addresses
    configuring, 346-347
    DHCP and, 343, 383-384
dynamic updates, DNS, 447-448

Edit Alias dialog box, 283
Emergency Repair disk
    creating, 330-331
    recovering system with, 332-333
    decrypting files and directories, 241
    DES, 200
    DESX, 240
    encrypting directories and files, 240-241
environmental variables
    creating, editing and deleting, 27-28
    fields of, 190
    most commonly used, 191
    setting, 190-191
errors. See troubleshooting
event logs, 50-55
    accessing and using, 50-51
    archiving, 54-55
    clearing, 53
    setting options for, 52-53
Event Viewer
    accessing security log and, 302
    Computer Management system tools and, 19
    displaying log events with, 51
exchange server data, 313
exclusion ranges, 402-403
Expand utility (EXPAND.EXE), 240
Explorer Bar, 263-264
extended partitions, 225

Fast Repair option, Emergency Repair disk, 333
FAT file systems, 259-260
    comparing FAT 16 and FAT 32, 260
    converting FAT and FAT32 to NTFS, 230, 234-235
    versions of, 259
FAT volumes, 284
file name truncation rule, 262-263
    auditing, 304-305
    closing all files, 292
    closing open files, 292
    compressing, 239
    copying, 271-272
    decrypting, 241
    deleting, 273
    displaying hidden and compressed files, 266
    encrypting, 240-241
    examining properties of, 274-276
    expanding, 240
    exploring, 263-266
    FAT and, 259-260
    moving, 272-273
    naming, 261-263
    NTFS and, 260-261
    object ownership and, 295-296
    Open Files node and, 291-292
    pasting, 272
    renaming, 273
    selecting, 271
    setting permissions, 300-301
    special permissions and, 298-299
    stopping sharing of, 292-293
    understanding file permissions, 297
    Windows 2000 permissions and, 298
File Server, configuring, 5
file systems
    definition of, 229
    FAT, 230, 259-260
    FAT 32, 230, 259-260
    local and remote, 213
    NTFS, 230, 260-261
File Transfer Protocol (FTP), 14, 347
floppy disks
    copying, 270
    examining properties of, 274
    formatting, 270
Folder Options utility, 10
    adding backgrounds and comments to, 267-269
    auditing, 306
    copying, 271-272
    creating, 273
    customizing views, 266-270
    enabling Web content for, 267
    examining properties of, 274-276
    folder templates and, 266
    multiple folders and, 270
folders, sharing, 277-283
    creating additional shares, 281-282
    creating shared folders, 279-281
    creating Web shares, 282-283
    setting permissions, 300-301
    special permissions and, 299
    stopping sharing of, 292-293
    viewing existing shares, 278
    Windows 2000 permissions and, 298
foreground processes, 37
formatting partitions, 229-230
forwarding DNS server, 450
forwarding-only DNS server, 429, 450
forward lookup zones. See also zones
    DNS servers and, 430
    managing domains and subnets through, 434-435
    name resolution and, 433
    updating, 444
Free media pools, 336
    allocation/deallocation of Free media, 338
    preparing media for use in, 337
FTP (File Transfer Protocol), 13, 347
Full Control permissions, 284
full integration, DNS, 428, 455

gateways, assigning, 347-348
General Tab, System utility, 20-21
global catalogs
    Active Directory and, 110-112
    configuring, 134
global groups
    definition of, 141
    when to use, 143
graphical administrative tools
    list of, 11-13
    overview of, 8
    system configuration and, 13
Graphical view, Disk Management, 217
graphs, system performance, 41
group accounts, 140-144
    administrators group and, 156-157
    built-in capabilities for groups, 153-155
    built-in groups and, 147
    computers group and, 160-161
    creating, 181-184
    creating global groups, 182-183
    creating local groups and assigning members, 183-184
    deleting, 208
    implicit groups and, 148-149, 161-162
    managing individual membership, 184-185
    managing multiple memberships, 185
    operators group and, 157-158
    predefined groups and, 147-148
    renaming user and group accounts, 206-207
    scope of, 141-144
    setting primary group for users and computers, 185
    SIDs and, 142-143
    types of, 141
    users group and, 159-160
group policies
    applying to a new location, 74-75
    blocking, overriding and disabling, 74
    creating and editing, 72-73
    deleting, 75
    location of, 73
    TCP/IP installation and, 341
    understanding, 70
    user and computer policy settings and, 71
Group Policy console
    nodes and subnodes of, 76-77
    Security Options node of, 196
group policy management, 70-83
    administrative templates and, 80-83
    applying multiple policies and, 70
    Group Policy console and, 76-77
    managing local group policies, 71-72
    managing site, domain, and unit policies, 72-75
    special folders and, 77-80
    timing of application and, 71
    understanding group policies, 70
group privileges, 362
guest account, predefined user accounts, 146-147

hard drives, 213-241
    assigning drive letters and paths to, 232-233
    basic and dynamic configurations of, 220-225
    changing/deleting volume labels, 233
    checking for errors and bad sectors, 235-237
    compressing, 239-240
    configuring, 213
    converting a volume to NTFS, 234-235
    defragmenting, 237-238
    deleting, 234
    encrypting, 240-241
    examining properties of, 274
    installing and checking for new drives, 218-219
    partitions and, 225-232
    physical drives and, 214-215
    preparing for use, 215-218
    understanding status of, 219-220
hardware devices, 31-36
    device drivers for, 32-34
    installing and uninstalling, 35
    troubleshooting, 36
    viewing and managing, 31-32
hardware failures, backups and, 307
hardware profiles, configuring, 23
Hardware Tab, System utility, 22-24
    configuring docked and undocked profiles, 23
    configuring hardware profiles, 23
Hardware Troubleshooter
    managing hardware devices with, 31
    troubleshooting hardware devices with, 36
Hidden shares, 287
h-node (hybrid node), 409
home directories, 192-193
HOSTS file, 409
hot swapping drives, 218-219
Hypertext Markup Language (HTML), 266, 268-269

icons, Windows Explorer, 265
IDE drives, 215
implicit groups, 148-149, 161-162
Import media pools, 336
incremental backups
    comparing with differential backups, 309-310
    definition of, 308-309
information lists, exporting, 18
Infrastructure master roles, 114, 132
    network adapters, 342
    networking components, 352-353
    optional networking components, 353-355
    printers, 361-371
    Recovery Console, 333-334
    TCP/IP, 342-343
Integrated Service Digital Network (ISDN), 356
IntelliMirror, 3
interactive processes, 37
Internet Information Services, Web shares and, 282-283
IP addresses
    avoiding addressing conflicts, 392-393
    checking assignments with IPCONFIG, 384-385
    dynamic IP addresses and, 343, 346-347, 383-384
    enabling/disabling for DNS servers, 448
    multiple IP addresses and, 347-348
    PING testing, 358
    static IP addresses and, 343-344, 344-346
    WINS and, 408
IP autoconfiguration, 384
    addresses and leases and, 404
    command-line utilities and, 14
    IP address assignments and, 384-385
ISDN (Integrated Service Digital Network), 356

Kerberos policies, 173-174
    Enforced User Logon Restrictions, 173
    Maximum Lifetime, 173
    Maximum Tolerance, 174
Kerberos V 5
    authentication protocols and, 137
    preauthentication and, 200

LAN connections, 345, 347
Layer 2 Tunneling Protocol (L2TP), 356
LDAP (Lightweight Directory Access Protocol), 113
lease period, WINS, 414
    backup and recovery of database information on, 405-406
    compared with reservations, 385
    definition of, 383
    deleting, 405
    duration of, 397
    reconciling, 403
    releasing, 404
leases, WINS, 413-415
    extinction interval, 414-415
    extinction timeout, 414-415
    renewal interval, 414-415
    verification interval, 415
libraries, media pools and, 336
Licensing utility, 10
Lightweight Directory Access Protocol (LDAP), 113
    name resolution methods and, 409
    name resolution with, 408
    NetBIOS names and, 351-352
local file systems, 213
local group policies, managing, 71-72
local groups, 141. See also group accounts
Local Policies node, Group Policy, 174
local print devices, 361. See also printers
local profiles
    changing other profile types to, 206
    creating, 201
    definition of, 200
    deleting and assigning new ones, 205
    managing with system utility, 202-203
LocalSystem accounts, 145
local user accounts. See also user accounts
    creating, 180-181
    definition of, 139
Local Users And Groups
    adding local group accounts with, 183-184
    adding local user accounts with, 180-181
    administering user accounts, 163
    Computer Management system tools and, 19
log archives
    creating, 54-55
log archives, continued
    formats for, 54
    viewing, 55
logical drives
    creating, 226-229
    examining properties of, 274
Logical Drives, Computer Management storage tools, 19
logon hours, 194-196
    configuring, 194-195
    enforcing, 195-196
logon names
    definition of, 163
    rules for, 164
    user accounts and, 139-140
logon problems, troubleshooting, 210
logon rights
    account capabilities and, 149
    user and group rights, 152-153
logon scripts, 191-192
logon workstations, 196-197
logs. See also event logs
    counter logs, 60-63
    DHCP logs, changing use, 391-392
    DHCP logs, keys controlling, 392
    DHCP logs, location of, 391
    DNS activity and, 450
    performance logs, 59-64
    printer events and, 379
    security logs, 302
    trace logs, 63-64
lookups, 452. See also forward lookup zones; reverse lookup zones

magnetic optical drives, backup devices, 311
mail exchange (MX) records
    adding, 442-443
    definition of, 439
mandatory profiles
    creating, 202
    definition of, 201
Manual Repair option, Emergency Repair disk, 333
Map Network Drive feature, 213, 289
mapping, WINS database, 422
media pools
    allocating Free media, 338
    changing media types, 338
    creating, 337
    deleting, 338
    moving media, 337
media pools, continued
    preparing media for use in, 337
    types of, 336
member servers, 4
mirrored sets
    BOOT.INI file and, 256
    breaking, 255
    removing, 257
    resynchronizing and repairing, 256
m-node (modified node), 409
monitoring, DNS server, 450-452
monitoring system resources, 37-67
    event logging and, 50-55
    server performance and, 55-67
    system services and, 42-49
    Task Manager and, 38-42
monthly tasks, scheduling, 91
MS-DOS, accessing long file names, 262-263
multicast scopes, 385, 398-399
multimaster replication model, 4-5
multiple folders, setting views for, 270
multiple IP addresses and gateways, configuring, 347-348
MX (mail exchange) records
    adding, 442-443
    definition of, 439

name registration, WINS, 408, 413-415
name release, WINS, 408
name renewal, WINS, 408
name resolution. See Domain Name System (DNS); Windows Internet Naming Service (WINS)
name resolution, LMHOSTS file, 408
    abbreviating long file names, 262
    accessing long file names under
MS-DOS, 262-263     naming schemes and, 164-165
    rules for display names, 163-164
    rules for logon names, 164
    rules for truncation of, 262-263
    Windows 2000 conventions for, 261-262
name server (NS) records
    adding, 443-444
    definition of, 439
natural disasters, backups and, 307
NBT (NetBIOS over TCP/IP), 407
NBTSTAT, command-line utilities, 14
NET, command-line utilities, 14
NetBEUI (NetBIOS Enhanced User Interface), 407
NetBIOS. See Network Basic Input/Output System (NetBIOS)
NetBIOS Enhanced User Interface (NetBEUI), 407
NetBIOS over TCP/IP (NBT), 407
NET command-line utilities, 407
net tools, 14
network adapters, installing and configuring, 342
network administration, 15-36
    Computer Management console and, 15-20
    DHCP. See Dynamic Host Configuration Protocol (DHCP)
    DNS. See Domain Name System (DNS)
    hardware devices and, 31-36
    networking printing and. See network printers and print services
    System utility and, 20-30
    TCP/IP. See TCP/IP networking
    WINS and. See Windows Internet Naming Service (WINS)
Network And Dial-Up Connections
    Control Panel utilities and, 10
    dynamic IP addresses and, 346
    installing TCP/IP protocol with, 342-343
    managing network connections with, 343, 356-358
Network Basic Input/Output System (NetBIOS)
    PING testing NetBIOS names, 358
    resolving names and, 351-352
    transmitting WINS queries over, 408
    WINS and, 407
    WINS/DNS integration and, 455
network connections
    available options, 356
    creating, 356-357
    deleting, 357
    enabling/disabling, 356
    modifying/duplicating, 358
network drives
    disconnecting from, 294
network drives, continued
    mapping, 293-294
    properties of, 274
    sharing resources on, 293
Network Identification Tab, System utility, 21-22
networking components
    installing/uninstalling, 352-353
    list of available components, 352-353
networking components, optional
    installing/uninstalling, 353-355
    list of available optional components, 354-355
Networking Server, configuring, 5
network print devices, 361-362. See also printers
network print services, 359-382
    configuring printers, 371-379
    configuring print servers, 377-379
    installing print devices, 361-371
    managing print jobs, 380-382
    troubleshooting printer problems, 359-361
New Delegation Wizard, 437
New Multicast Scope Wizard, 398
New reservation dialog box, 404
New Scope Wizard, 395-396
New Superscope Wizard, 394-395
New Zone Wizard, 432
No Access permissions, 284
non-forwarding DNS servers, 449
normal domains. See parent domains
normal/full backups, 308
normal scopes, 385, 395-398
Novell Netware, creating shares on, 280
NS (name server) records
    adding, 443-444
    definition of, 439
NSLOOKUP, command-line utilities, 14
NT. See Windows NT
NT file system (NTFS), 260-261
    Apple Macintosh and Novell Netware shares on, 279
    comparing NTFS 4.0 and NTFS 5.0, 261
    compression in, 230
    conversion of, 230
    converting FAT to, 234-235
    enabling printing on, 378-379
    versions of, 260
NTFS volumes
    access control to files and folders, 277
    auditing, 304
    extending, 249
NTFS volumes, continued
    setting file and folder permissions, 294
    using file and folder permissions, 284
NT LAN Manager (NTLM), 138

object inheritance, 296-297
object management
    object inheritance and, 296-297
    object ownership and transfer, 295-296
    object types and management tools, 294-295
object managers, 294-295
object ownership, 295-296
one-time only tasks, scheduling, 92
Open Files node, 291-292
open resources, managing, 291-292
operations master roles
    Active Directory and, 113-114
    definition of, 104
    domain name master roles and, 132-133
    schema master roles and, 134
operators group, 157-158
options, Backup utility
    Backup Log options, 316
    Backup Type options, 316
    general, 314-315
    Restore options, 315-316
organizational unit properties, viewing and editing, 136
organizational units
    Active Directory and, 100-101
    creating, 135
    renaming and deleting, 136

parent domains, 98, 427
parent objects, 296
partial integration, DNS, 428
partitions, 225-231
    assigning drive letters to, 225-226
    assigning drive paths to, 226
    color coding, 226
    creating partitions and logical drives, 226-229
    deleting, 234
    formatting, 229-230
    types of, 225
    updating boot disk and, 230-232
password policies
    Enforce Password History, 169-170
password policies, continued
    Maximum Password Age, 170
    Minimum Password Age, 170
    Minimum Password Length, 170
    Passwords Must Meet Complexity Requirements, 171
    Store Password Using Reversible Encryption, 171
    changing and resetting, 208-209
    configuring policies for, 169-171
    secure passwords and, 165
    setting account security options and, 199
    user accounts and, 140
Paste command, 272-273
PCL (Printer Control Language), 373
PCL.SEP, separator pages, 373
PDC (Primary Domain Controller) emulator, 114, 132
performance logs, 59-64
    counter logs and, 60-63
    creating and managing, 59-60
    replaying, 64-65
    trace logs and, 63-64
    types of, 59
Performance Logs and Alerts, Computer Management system tools, 19
Performance Monitor
    choosing counters and, 57-59
    using, 56-57
performance objects, 57
permissions. See also share permissions
    file and folder permissions, setting, 300-301
    file and folder permissions, understanding, 297
    printer permissions, 376
    special permissions, 298-299
    Windows 2000 permissions, 298-299
physical drives
    IDE drives and, 215
    SCSI drives and, 214
    checking addresses with, 344
    command-line utilities and, 14
    testing TCP/IP configuration with, 358
Plug and Play, 35
p-node (point-to-point node), 409
pointer records (PTR)
    adding, 439-441
pointer records (PTR), continued
    definition of, 439
Point To Point Tunneling Protocol (PPTP), 356
    adding or removing templates for, 82-83
    auditing, 302-304
    enabling, disabling and configuring, 82
    viewing, 80-81
PostScript, 373
PPTP (Point To Point Tunneling Protocol), 356
predefined groups, 147-148
predefined user accounts, 145-147
    administrator account, 146
    guest account, 146-147
primary DNS server, configuring, 430-432
Primary Domain Controller (PDC) emulator, 114, 132
primary groups, setting, 185
primary partitions, 225
primary servers, DNS server types, 429, 446-447
print device mode, 373
Printer Control Language (PCL), 373
printer ports, configuring, 373-374
printers, configuring, 371-379
    adding comments and location information, 371-372
    changing printer port, 373-374
    configuring printer drivers, 372-373
    configuring printer properties, 371
    enabling auditing, 377
    scheduling and prioritizing print jobs, 374-375
    setting access permissions for, 376
    setting document defaults, 377
    setting printer sharing and, 375
    setting separator pages, 373
printers, installing, 361-371
    connecting to network printers, 369-370
    installing local print devices, 368
    installing print devices on print servers, 362-367
    spooling problems and, 370-371
    using local and network print devices, 361-362
printers, troubleshooting, 359-361
printer sharing, configuring, 375
Printers utility, 10
print jobs, managing, 380-382
    checking document properties, 382
print jobs, managing, continued
    emptying print queue, 381
    pausing, resuming and restarting document printing, 381
    removing documents and canceling print jobs, 381
    scheduling documents, 382
    setting document priority, 382
    using print management window, 380
print management window, 380
print monitor, 360
print queue, 360, 381
print router (WINSPOOL.EXE), 360
print servers, configuring, 5, 377-379
    configuring global settings, 377
    enabling NTFS printing, 378-379
    logging printer events, 379
    managing high volume printing, 379
    print job completion and notification, 379
    viewing and creating printer forms, 377-378
print servers, definition of, 362
print spooling, 370-371, 374-375
private network addresses, 344
    account capabilities and, 149
    users/groups and, 150-152
    administering, 39-40
    in the background, 37
    in the foreground, 37
    interactive, 37
profiles. See user profiles, managing
    examining drive properties, 274
    examining file and folder properties, 274-276
public certificates, 140
pull partners
    creating, 420
    definition of, 417
pull replication parameters, 418-419
push partners
    creating, 420
    definition of, 417
push replication parameters, 417-418

RAID 0: disk striping, 251-252
RAID 1: disk mirroring, 252-254
    creating mirrored set in, 252-254
    mirroring existing volumes, 254
RAID 5: disk striping with parity, 254-255
Read permissions, 284
records. See DNS records
Recovery Console, 333-336
    commands of, 334-335
    deleting, 335-336
    installing as part of startup, 333-334
    starting, 334
recovery options, setting, 30
redundant array of independent disks (RAID), 213, 250-258
    breaking a mirrored set, 255
    implementing on Windows 2000 servers, 251-255
    implementing RAID 0: disk striping, 251-252
    implementing RAID 1: disk mirroring, 252-254
    implementing RAID 5: disk striping with parity, 254-255
    improving performance and fault tolerance with, 250-251
    levels supported, 243
    managing, 255-258
    regenerating a stripe set with parity, 257-258
    removing a mirrored set, 257
    repairing a mirrored system volume, 256-257
    repairing a stripe set without parity, 257-258
    resynchronizing and repairing mirrored sets, 256
    backing up and restoring, 330-331
    setting size of, 27
Registry Editor, 406
Relative ID (RID) masters, 113, 132
relay agents, configuring, 386
remote access, 197-199
remote storage data, 314
remote systems
    accessing, 213
    backing up and restoring data on, 329
remote tasks, scheduling, 93
removable disks
    backup devices and, 311
    examining properties of, 274
    formatting, 270
Removable Storage
    Computer Management storage tools and, 19
    managing media pools with, 336
Removable Storage, continued
    managing tapes and removable disks with, 319, 321
removable storage data, 313
Rename command, 273
renewal interval, 408
    Active Directory and, 112
    WINS and, 112
replication partners
    changing settings of, 420
    updating, 420-421
    WINS database and, 417
Rescan Disk, 224
Reservation Options, DHCP console, 400
    backup and recovery of information in, 405-406
    compared with leases, 385
    deleting, 405
    modifying reservation properties, 404-405
    reconciling, 403
    releasing, 404
    reserving DHCP addresses, 403-404
restore. See backup and recovery
Restore Wizard, 323-326
reverse lookup zones. See also zones
    configuring, 433-434
    DNS and, 430, 452-454
    managing domains and subnets through, 434-435
    updating, 444
right-clicking, application's pop-up menus, 39
roaming profiles, 200, 201-202, 206
roles. See operations master roles
root domains, 97, 427
ROUTE, command-line utilities, 14
routers, DHCP configuration of, 383
Routing and Remote Access Server (RRAS), 386

Safe Mode, 331-332
    options of, 332
    starting system in, 331
scavenging, WINS databases, 422
Scheduled Tasks folder, 87
Schedule Jobs tab, Backup utility, 313
Scheduled Tasks utility, 10
scheduling print jobs, 374-375
scheduling tasks. See tasks, scheduling
schema data, 110, 112
schema master roles
    overview of, 113
    viewing and transferring, 134
scope, groups
    effect on group capabilities, 142
    types of, 141
    when to use, 143-144
scope options, 399-400
scopes, 385-386
    activating/deactivating, 401
    configuring multiple scopes, 401-402
    definition of, 385
    enabling BOOTP support for, 401
    leases/reservations and, 403-405
    modifying, 400-401
    multicast scopes and, 398-399
    normal scopes and, 395-398
    removing, 401
    scope options and, 399-400
    setting/deleting exclusion ranges, 402-403
    superscopes and, 394-395
    types of, 385-386
    viewing scope statistics, 402
    WINS/DNS integration and, 455
    computer startup/shutdown scripts, 83-85
    creating templates and, 266
    user log on/off scripts, 85-86
SCSI drives, 214
secondary DNS server
    configuring, 432-433
    zone change notifications to, 446-447
secondary server, DNS server types, 429
Secure Socket Layer/Transport Layer Security (SSL/TLS), 138
security. See auditing; permissions; share permissions
security groups, 141. See also group accounts
security identifiers (SIDs)
    group accounts and, 142-143
    renaming accounts and, 206-207
    user accounts and, 140
security log, 302
security model, Windows 2000, 137-138
security options, user accounts, 199-200
Security tab, configuring permissions with, 300
separator pages, configuring, 373
Server Options, DHCP console, 399
Server Properties dialog box, 448
    add-ons configuration and, 5-6
    monitoring performance of, 55-59
    print servers and, 377-379
service logon, configuring, 47-48
service recovery, configuring, 48-49
services, 42-49
    accessing, 42
    Computer Management console and, 20, 43
    configuring service logon, 47-48
    configuring service recovery, 48-49
    configuring service startup, 46-47
    list of common services, 44-45
    starting, stopping and pausing, 46
Services, Computer Management system tools, 19
services and applications tools, Computer Management console, 20
Services view, Computer Management console, 43
sessions, 289-293
    ending all sessions, 290-291
    ending individual sessions, 290-291
    managing open resources, 291-292
    stopping file and folder sharing, 292-293
    viewing, 289-290
Shared Folders, Computer Management system tools, 19
shared resources, searching, 120-121
share permissions, 284-287
    available options, 284
    configuring, 285-286
    modifying existing permissions, 287
    removing permissions, 287
    viewing, 284-285
Share Properties dialog box, 287
shares, 287-293
    access control with, 277
    connecting to special shares, 288-289
    creating additional shares, 281-282
    creating shared folders, 279-281
    creating Web shares, 282-283
    managing open resources, 291-292
    managing sessions and shares, 290-291
    stopping sharing of files and folders, 292-293
    understanding special shares, 287-288
shares, continued
    viewing existing shares, 278
    viewing sessions, 289-290
SIDs (security identifiers)
    group accounts and, 142-143
    renaming accounts and, 206-207
    user accounts and, 140
Simple Mail Transfer Protocol (SMTP), 347
simple volume
    definition of, 243
    extending, 249
site policies, managing, 72-75
sites, Active Directory and, 102-103
SMTP (Simple Mail Transfer Protocol), 347
spanned volume
    definition of, 243
    extending, 249
special folders, 77-80
    redirecting based on group membership, 78-80
    redirecting to single location, 77-78
    removing redirection, 80
    types of, 77
special identities. See implicit groups
special shares, 287-289
    connecting to, 288-289
    used by Windows 2000, 288
spool folder, 378-379
spooling problems, 360, 370-371
SSL/TLS (Socket Layer/Transport Layer Security), 138
stand-alone servers, 4
start of authority records (SOA)
    definition of, 439
    fields of, 444-446
    modifying, 444-446
startup options, setting, 29-30
startup/shutdown scripts, 83-85
static IP addresses
    configuring, 344-346
    manual configuration of, 343-344
    PING testing and, 344
    steps in assigning, 344-346
    WINS and, 407
storage tools, Computer Management console, 19-20
stripe sets, 251
    creating stripe sets with parity, 255
    regenerating a stripe set with parity, 257-258
    repairing a stripe set without parity, 257
subdomains. See child domains
    Active Directory and, 102-103
    configuring for TCP/IP networks, 383
    deleting, 436-438
    logical IP networks and, 347
    managing, 434-435
superscopes, 386, 394-395
    activating/deactivating, 395
    adding scopes to, 394-395
    creating, 394
    deleting, 395
    removing scopes from, 395
Support Tools
    installing, 6-7
    using, 7-8
system administration
    add-on components and services, 5-6
    command-line utilities for, 13-14
    Control Panel utilities for, 9-11
    domain controller and member servers and, 4-5
    frequently used tools for, 9
    GUI-based administrative tools for, 11-13
    monitoring, 37-67
    net tools for, 14
    operating system versions and, 3-4
    Resource Kit Support Tools for, 6-8
    service packs and hot fixes and, 8
system environment variables.
See environmental variables System Information, Computer Management system tools, 19
system media pools, 336
system partition, 221
system performance, 40-42
    customizing and updating graphs of, 41-42
    default graphs for, 41
system services. See services
system state data, 313
system tools, Computer Management console, 19
System utility, 10
    Advanced Tab of, 24
    controlling system settings and properties with, 15
    General Tab of, 20-21
    Hardware Tab of, 22-24
    Network Identification Tab of, 21-22
    User Profiles Tab, 24

tape drives, backup devices, 310
tape jukeboxes, backup devices, 311
Task Manager
    accessing, 38
    administering applications with, 38-39
    administering processes with, 39-40
    viewing system performance with, 40-42
    daily tasks, 90
    monthly tasks, 91
    one-time only tasks, 92
    weekly tasks, 90
tasks, scheduling, 86-94
    preparation for, 87
    Task Scheduler and, 87-92
    utilities for, 86-87
    AT utility and, 92-94
Task Scheduler Wizard, 87-92
    accessing Scheduled Tasks folder and, 87
    creating tasks, 88-92
    scheduling backups, 312
    viewing and managing existing tasks, 88
TCP/IP networking, 341-358
    DHCP and, 383
    DNS and, 348-350, 427
    dynamic IP addresses and, 346-347
    installing, 342-343
    multiple IP addresses and, 347-348
    NetBIOS and, 408
    network adapters and, 342
    network connections, creating, 356-357
    network connections, deleting, 357
    network connections, enabling/disabling, 356
    network connections, modifying and duplicating, 358
    networking components, installing/uninstalling, 352-353
    networking components, optional, 353-355
    static IP addresses and, 344-346
    testing configuration of, 358
    WINS and, 350-352, 407
    adding or removing, 82-83
    enabling, disabling and configuring, 82
    folder templates and, 266-267
    viewing, 80-81
Terminal Services, 3
time-out values, 454
toolbars, Windows Explorer, 263-264
top-level domains, 427
trace logs, 63-64
TRACERT, command-line utilities, 14
Transmission Control Protocol/Internet Protocol (TCP/IP). See TCP/IP networking
    checking a drive for errors and bad sectors, 235-237
    DHCP, 391-392
    DNS, 452
    hardware devices, 31, 36
    logon problems, 210
    printer problems, 359-361
    WINS, 411-412

unicast addresses, 393
unit policies, managing, 72-75
universal groups
    definition of, 141-142
    when to use, 143
Unrecognized media pools, 336
user accounts, 139-140
    account capabilities and, 149-150
    built-in accounts and, 145
    logon names, passwords, and public certificates, 139-140
    logon rights and, 152-153
    predefined accounts and, 145-147
    privileges and, 150-152
    searching for users and, 189
    SIDs and, 140
    types of, 139
user accounts, creating, 163-185
    account naming policies and, 163-165
    configuring account lockout policies, 171-172
    configuring account policies, 168
    configuring Kerberos policies, 173-174
    configuring password policies, 169-171
    configuring user rights policies, 174-177
    creating domain user accounts, 177-180
    creating global groups, 182-183
    creating local groups, 183-184, 183-184
user accounts, creating, continued
    creating local user accounts, 180-181
    handling global group membership, 184-185
    password and account policies and, 165-168
user accounts, managing, 187-210
    assigning home directories, 192-193
    changing account information, 207
    changing and resetting passwords, 208-209
    configuring user environment settings, 190
    copying domain user accounts, 207
    creating local profiles, 201
    creating mandatory profiles, 202
    creating roaming profiles, 201-222
    deleting user and group accounts, 207
    enabling user accounts, 209
    managing local profiles, 202-206
    managing logon hours, 194-196
    managing user profiles, 200
    renaming user and group accounts, 206-207
    searching for users and creating address book entries, 189
    setting account options and restrictions, 193
    setting account security options, 199-200
    setting contact information for, 187-189
    setting dial-in privileges, 197-199
    setting permitted logon workstations, 196-197
    setting system environment variables, 190-191
    troubleshooting logon problems, 210
    updating, 206
    using logon scripts for, 191-192
user and computer script management, 83-86
    assigning logon/logoff scripts, 85-86
    assigning startup/shutdown scripts, 83-85
    types of scripts, 83
user environment settings, configuring, 190-200
user group policies, 71
user groups, 159-160
user logon/log off scripts, 85-86
user profiles, managing, 200-206
user profiles, managing, continued
    changing profile types, 205
    copying existing profiles to new accounts, 203-204
    copying or restoring profiles, 204-205
    creating local profiles, 201
    creating mandatory profiles, 202
    creating profiles manually, 203
    creating roaming profiles, 201-202
    deleting profiles or assigning new ones, 205
    system utility and, 202-203
User Profiles Tab, System utility, 24
user rights policies, 174-177
    assigning with Local Policies node, 174
    configuring globally, 175-176
    configuring locally, 176-177
    command-line, 8
    task scheduling and, 86-87

version ID, WINS, 415-416, 422-424
virtual memory
    configuring, 25-27
    setting, 25
volume label
    changing or deleting, 233
    definition of, 229
Volume List view, Disk Management, 217
volumes and volume sets
    creating, 245-248
    definition of, 243
    deleting, 248
    extending a simple or spanned volume, 249
    managing, 249
    overview of, 244-245
VPNs, network connections and, 356

Web content, enabling, 267
Web/Media Server, configuring, 5
Web shares, creating, 282-283
weekly tasks, scheduling, 90
Windows 2000
    comparing replication model with Windows NT, 4-5
    list of common services, 44-45
    special shares used by, 288
    using Active Directory with, 104
Windows 2000 Advanced Server, 4
Windows 2000 Datacenter Server, 4
Windows 2000 Professional, 3-4, 104
Windows 2000 security model, 137-138
    access controls and, 138
    authentication protocols and, 137-138
Windows 2000 Server, 4, 104
Windows 95/98, 107-109
    accessing network as an Active Directory client, 107-108
    accessing network through Windows NT domain, 107-108
    installing Active Directory clients, 108-109
Windows Explorer
    copying and pasting, 272
    copying by dragging, 271-272
    copying floppy disks, 270
    copying to locations that are not displayed, 272
    creating folders, 273
    customizing folder views, 266-270
    cutting and pasting, 272-273
    deleting files and directories, 273
    displaying hidden and compressed files, 266
    examining drive properties, 274
    examining file and folder properties, 274-276
    formatting floppy disks and removable disks, 270
    icons of, 265
    renaming files and directories, 273
    selecting files and directories, 271
    sharing local folders, 279
    views and toolbars of, 263-265
Windows Internet Naming Service (WINS), 407-425. See also entries under WINS
    burst handling of name registration and, 416
    configuring WINS clients and servers, 408-409
    configuring WINS database replication, 417-421
    configuring WINS lookups in DNS, 452-454
    configuring WINS servers, 412-413
    DHCP and, 383
    DNS integration and, 427, 452-455
    installation of, 407
    logging events in, 415
    managing name registration, renewal and release, 413-415
    managing WINS database, 422-425
    name resolution methods of, 409
Windows Internet Naming Service (WINS), continued
    overview of, 408
    saving and restoring WINS configuration, 416-417
    setting caching and time-out values, 454
    setting version ID, 415-416
    starting and stopping WINS server, 411
    updating WINS statistics, 413
    viewing WINS server statistics, 411-412
    WINS console and, 410-412
Windows NT
    comparing replication model with Windows 2000, 4-5
    using Active Directory with, 104-107
Windows Optional Networking Components Wizard, 353
Windows Scripting Host, 3
WINS. See Windows Internet Naming Service (WINS)
WINS console, 410-412
    adding WINS server to, 410-411
    changing version IDs, 415-416
    configuring replication, 417-421
    examining WINS database mappings, 422
    overview of, 410
    setting burst handling threshold, 416
    stopping and starting WINS server, 411
    updating WINS statistics, 413
    viewing server statistics, 411-412
WINS database
    backing up and restoring, 424
    cleaning and scavenging, 422
    clearing out and starting fresh, 425
    examining database mappings, 422
    verifying consistency, 422-424
WINS database replication
    assigning general parameters, 417
    assigning pull replication parameters, 418-419
    assigning push replication parameters, 417-418
    changing replication type and partner settings, 420
    creating push and pull partners, 420
    triggering, 420-421
WINS resolution, 350-352
    resolving NetBIOS names with, 351-352
    steps in configuration of, 350-352
WINS server
    adding to WINS console, 410-411
WINS server, continued
    configuring, 412-413
    starting and stopping, 411
    statistics for, 411-412
    Active Directory Installation Wizard, 5
    Add Printer Wizard, 363-370
    Add/Remove Hardware Wizard, 31, 34-35, 36
    administrative, 8
    Backup Wizard, 318-320
    Create Partition Wizard, 227-228
    Create Shared Folder Wizard, 279
    Create Volume Wizard, 248
    Directory Service Client Setup Wizard, 109
    New Delegation Wizard, 437
    New Multicast Scope Wizard, 398-399
wizards, continued
    New Scope Wizard, 395-396
    New Superscope Wizard, 394-395
    New Zone Wizard, 432
    Restore Wizard, 323-326
    Task Scheduler Wizard, 87-92
    Windows Optional Networking Components Wizard, 353
workstations, 196-197

zones. See also forward lookup zones; reverse lookup zones
    creating child domains within, 436-438
    notification of changes and, 446-447
    restricting zone transfers and, 447
    setting zone type, 447
    updating zone properties, 444

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 5 Customer Reviews
  • Anonymous

    Posted May 19, 2004



    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted January 13, 2002


    Of all the books I've bought for Windows 2000, this book is the one I always use. It provides quick answers. Which is important because its saves me time! And its easy to carry around with me.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted January 4, 2002

    Should be on everyones desk!

    After all the Windows 2000 books I've bought and read, this is the only one that I use regularly. I've found that it answers my questions and is easy to use. I think anyone that is serious about Windows 2000 should buy this book.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted February 26, 2002

    A constant companion!

    I don't know what I'd do without this book! It is the only Windows 2000 book that I reference nowadays and its the one that always answers my questions. Definitely a good guide/resource for admins/developers that work with Windows 2000. I highly recommend this book -- its my favorite!

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted November 26, 2001


    I'm not a Windows guru! I use windows in development and I've found this book has been incredibly helpful in getting me through any problem I was experiencing setting up my test environment. The IT guy pointed me to this book as he uses it to manage the network.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 5 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)