Teach Yourself Windows NT Server 4 in 14 Daysby Peter T. Davis, Barry Lewis
There is a major move in the marketplace from Windows and OS/2 to Windows NT. As more and more people make the transition, they need a book that can get them up and running-quickly and easily. Using the proven elements of the best-selling Teach Yourself series, users will master everything they need to know to successfully develop and maintain a Windows NT Server.
- Shows network administrators how to back up and recover data, monitor and tune the performance of a Windows NT Server, and more
- Covers account management, communication protocols, gateways, security, NT Server clients and servers, tracking resources, and fine-tuning an NT 4 network
- CD-ROM includes author's source code and third-party software designed to work with Windows NT Server
- Publication date:
- Edition description:
- 1 ED
- Product dimensions:
- 7.37(w) x 9.09(h) x 2.16(d)
Read an Excerpt
[Figures are not included in this sample chapter]
Teach Yourself Windows NT Server 4 in 14 Days
- 3 -
Installing Windows NT Server on the File Server
Unlike some other network operating systems (NOS), NT 4.0 can be simple to install.
Like everything in life, however, there are plenty of caveats. NT is a big, complex
piece of software, but handled properly, it is downright wonderful to install.
Now you might be asking, "If it's so easy to install, does that mean I don't
need a Microsoft Certified Expert to help?" Well, as the song goes, the answer
depends on you (or something like that, anyway). If you follow the instructions outlined
in this chapter with particular zeal, you might never need additional assistance.
Miss a step or two, however, and get out the checkbook.
First Things First
NT is very, very particular about the hardware base it resides on. Under DOS,
it really didn't matter what hardware you ran as long as it was Intel based. Because
DOS is kind of dumb concerning hardware, it doesn't monitor it. Programs under DOS
just fail, often mysteriously, when there is a problem. You cannot afford to have
this happen in your LAN; therefore, you must ensure that the hardware you use is
fully prepared and compatible with NT Server.
Microsoft offers a number of ways for you to check your hardware configuration
before you load NT. It publishes a Hardware Compatibility List (HCL) that contains
every device that manufacturers have paid Microsoft to test and add to the list.
(Nice work if you can get it, isn't it? Create a NOS and have companies pay you to
tell us that their hardware will work on that NOS.) If you don't find particular
vendors on the list, don't despair! Call them and see whether they are NT compatible.
They might not have paid the Microsoft fee, or their software might be in the test
phase. You can find the HCL on the Internet at the following address:
NT runs on a number of different platforms, including Intel, MIPS, PowerPC, and
Alpha. Make sure you have the correct version of NT for your platform. Microsoft
recommends at least a 486-class processor to run NT. A Pentium--or better yet, a
Pentium Pro--is desirable.
In general, the memory rule to remember with NT is more is better. Although NT
Server runs in 12MB, if you actually want to do something, use at least 16MB. I (Barry)
run NT Server on my laptop with 24MB of RAM, and it runs well, but I don't really
make any true use of it. (I use it mostly for writing this book and doing seminars.)
Of course, as you add services such as RAS and SQL Server, the need for memory increases,
and 64MB or 128MB servers are more common.
NT has changed the architecture in version 4, and one impact of this is in the
video card needed for your monitor. The change moved video services into the kernel
mode and out of the user mode to speed up NT Workstation. When programs
running in user mode crash, they generally just impact themselves and not other programs
that might be running. Kernel-mode failures take down the entire server. Placing
the video drivers into the kernel means that vendors must carefully test their drivers
or risk severe impact to your server. You know how well video manufacturers handle
that, don't you?
Regardless, the drivers are there now, and that brings us to a new requirement
in NT. You must use a VGA video card on the server. Well, Microsoft strongly recommends
it, anyway. Those who are accustomed to throwing in some old driver (who uses the
server as a workstation anyway?) need to make sure Microsoft supports this requirement
before proceeding. Be sure that the card you choose is on the HCL. The NT VGA driver
is reputed to be one of the best in the business; we recommend using it. Installing
your own might bring you a lot of pain and hassle. To summarize, use a VGA card and
the NT driver. Do not use older cards or SVGA cards unless it's really necessary.
NT supports most types of hard drives, although its SCSI host adapter support
is very good and worth considering for several reasons. First, SCSI is faster than
EIDE, and second, disk mirroring and RAID need SCSI to work well.
Check the hard disk for errors. NT loads data to disk heavily in a process it
calls paging. This allows NT to use disk space as additional memory. When
NT recovers that paged data, it doesn't check to see whether what it saved is what
it gets in return. It expects the data to be reliable and safe. Make sure that your
disk drive is fully tested for errors before you begin to load NT.
A good CD-ROM drive is a must when installing NT Server. Unless you train a monkey
to flip disks for you (does that violate animal rights?), using the CD-ROM drive
simplifies installation immensely. Most machines come with a CD-ROM drive these days,
so this generally isn't a problem. If you are using an older machine, pick up a SCSI-II
drive. You'll never regret it.
The type of network interface card (NIC) you use is entirely up to you--as long
as it is listed in the HCL, that is. Whether you plan to use an Ethernet or Token
Ring network, make sure that you write down any settings you use when installing
the card. You might need them later when things go bump in the night. Test the card
before continuing with the NT installation.
You do this in a couple of ways. Perform the onboard diagnostic. Perform a loopback
test. If you have a network already set up, you might also try a live test. These
tests are usually found on the diagnostics disk that ships with your network card.
The first test verifies the card settings such as the IRQ and I/O address. The loopback
test sends a piece of data out and back to the card, verifying basic functioning.
You need a specific connector for this that you purchase at your local network dealer.
The network test does the same thing as the loopback, except by passing the data
through the network using another machine.
After you've verified all your hardware, you are ready to install NT. One last
message: Check the Hardware Compatibility List. We cannot stress this enough. If
all your equipment is listed, your install has a great chance of going so smoothly
that you'll be amazed.
Preparing for the Install
Now that you have all the hardware verified, you move to the next step. If you
are moving to NT 4.0 from another server, now is the time to back up your data. If
you are setting up a brand new server, there really isn't anything to do in the way
of data backup.
Use Another Machine for Backup
If you have the luxury of more than one server on your network, you might use
one of the other servers, provided it has sufficient disk storage. Do an XCOPY
/S command from the server you are upgrading to the other machine. After you
have NT 4.0 set up and running, do an XCOPY to get the data back.
Use a Tape Drive to Back Up
You can use a tape drive to back up all your data. There are some problems with
this approach, however. If you move from a DOS FAT-based file system server such
as Windows for Workgroups to the New Technology File System (NTFS), the files you
previously backed up become unavailable.
NOTE: To obtain the security features of NT Server, you must use the NTFS
file system. If you decide to stay with a FAT-based server for some business reason,
be sure to weigh the lack of security in the decision-making process. All file-level
controls in NT are dependent on the newer NTFS structure.
The reason for losing access to your data comes from the manner in which tape
backup devices work. When recovering files, most tape drives depend on the operating
system that was used to back up the files. Using a DOS-based backup program and running
it under NT to recover the files just won't work. In the book Mastering Windows
NT Server 4 (Network Press, 1996), the authors suggest that one sound method
consists of backing up to a FAT volume and initially setting up Windows NT Server
4 with a FAT volume. After it's set up, you restore the backups and then convert
the new NT volume to NTFS. This is a tried-and- true method of ensuring that your
data remains available to you after the conversion.
Backing Up and Then Converting FAT to NTFS
To convert to NTFS from your FAT volume, follow these steps:
1. Perform your DOS-based backup.
2. Install NT Server with a FAT volume. Do not format under NTFS!
3. Reboot the NT machine under DOS using a floppy.
4. Run your restore program.
5. Boot the server under NT and immediately run the conversion program:
CONVERT drive: /FS:NTFS
- 6. Run an NTFS-based backup program immediately to begin saving your files
under the new file system.
Finally, be sure to take the time (great amounts of it as necessary) to perform
these steps. After all, losing your data causes you a lot more pain than this initial
Final Thoughts Before Installation
Now you are almost ready to insert the CD-ROM. Before you do, think of these questions
and provide the answers: Do you know how you want to partition the hard drive?
Do you have all the hardware settings documented?
If you plan to use TCP/IP, what are all the protocol addresses?
What type of server do you want?
What kind of product license do you want to use? Thinking about these questions
and providing the answers before inserting that CD-ROM will make your install perform
as smoothly as a baby's bottom. (Not that babies' bottoms perform smoothly--oh, heck.
You know what we mean.)
As you remember from earlier, using the NTFS file system has its strengths; it
allows file-level security. It also has its weakness; you cannot use DOS-based, low-level
utilities to read or manipulate the drive. Additionally, you might have to create
it as a FAT system so you are able to recover old data from a backup. Determining
which direction you will take helps ensure that you stay on track and don't lose
As you go through your new machine setup, documenting all the settings for the
NIC, modem, sound card, and so on will make life a lot easier when conflicts occur.
Setting up TCP/IP requires a copious number of addresses: IP addresses, subnet masks,
default gateways, and DNS servers. Make sure you know them all before beginning.
That way, you will not get stuck in the middle of an install, unable to continue
without a particular address.
The type of server you want is a little more complicated. The NT install program
wants to know whether you plan on creating a standalone server, a primary domain
server, or a backup domain server. It won't let you complete the install without
Primary domain? Backup domain? What are these terms and what do they mean? An
NT Server is only one of three things:
- A primary domain controller in a new network
- A backup domain controller in an existing network
- A standalone server with no domain authorities
The decision to make your machine one of these types is not to be taken lightly
because after you've committed, you cannot change your mind without completely re-installing!
What's this domain thing? The word is used in many ways, but within the
Microsoft NT Server world, it means groups of NT machines that delegate security
tasks to one or more of their machines. They call these machines domain controllers.
Note that only NT servers can perform this function; you cannot add Windows 95 or
DOS machines to a domain because they remain clients. Within this collection of NT
machines, you designate one of them as the boss--the primary domain controller. This
machine then manages all user accounts, passwords, file accesses, and other security
features. It becomes a centralized security storage and management facility.
In fact, you cannot have a domain without specifying one server as a primary domain
controller. Only one machine can be the primary, although all your servers can be
After you create a domain, you add other servers to it and designate them as backup
domain controllers. These are machines that share the workload by verifying user
authentication (login) requests.
Finally, you add NT servers as, well, as servers. These are machines that provide
services to clients but require login and authentication before allowing any access.
What? Does this mean the other servers don't require login and authentication? Of
course they do. What is different is how the machines act and what a user needs to
accomplish in order to use the services on these servers.
In a domain, NT decided that users might not want to log onto each and every server
they encounter before getting access to files and services--hence, the centralized
approach of a primary domain controller. This machine controls all user logins and
authentication. With this approach, a user needs to log onto the network only once,
and each time he needs the services of a different server, NT manages the login--a
single sign-on with one user account name and one password. Cool! The backup machines
are used to help out and manage the workload. They get all their data from the primary
domain controller, which replicates its security database onto each backup domain
controller at regular intervals.
If you are creating a new domain, you want to make the first server you add the
primary domain. Additional servers become backup domain controllers as needed. The
size of your network determines how many of your servers become backups or ordinary
servers. Typically, you need only one backup domain controller for every 2000 users.
(NT does not allow creation of a backup domain controller unless a primary already
exists, so create the primary first.)
Finally, during this phase of the install, NT creates an Administrator account
for you. This account has authority over all servers in the domain in a primary domain
controller, so do not forget the password! If you do, you must re-install the server.
When you set up a backup domain, NT again asks for an administrative account and
password. This time, however, you must use the primary domain controller's Administrator
account. (Remember, the primary controls all the servers in the domain.) If you set
up a server without domain responsibility, you create an account that is used only
for that server.
The install also wants you to tell it whether you are joining a domain or a workgroup.
All domains contain a workgroup, and any computer can join this workgroup--not just
NT machines. The basic difference is in the view of the network you end up having,
depending on which you join. Workgroup access needs separate logins for each machine;
they cannot use the primary machine's login. Joining the domain means you need set
up each user only once.
Chapter 9, "Understanding Domains," discusses domain management in more
Finally, the type of server license you use is determined by a complex, arcane
algorithm created by Microsoft to make life as difficult as possible. Okay, we're
kidding. Don't tell Mr. Gates, please.
Microsoft allows two types of client licenses for its NT Server software, per
seat and per server. What's a client license? After buying the server
software, you need to license each person who uses that server. This license is figurative.
It doesn't actually do anything; it merely allows you to use the server.
It is easier to understand if you consider the per seat as a per-person approach.
You must decide which approach you'll use before you install the product because
the installation asks for your decision and does not continue until you enter your
choice. After you decide, it allows you to change your mind only once without re-installing
A per-seat approach to licensing means you need to buy a license from Microsoft
for each user. If you have 100 users who will log in and use the domain, you need
100 licenses. Each of these users can access all your NT servers using this license.
It gets complicated to decide depending on how many users will access the domain
at any one time. For example, if your organization employs temporary workers, how
many licenses do you buy? In a fluid employee situation, you can easily have licenses
but no people to use them.
The per-server license works differently. It suggests that one person access the
server at a time. Buy 100 per-server licenses, and you can have 100 people on the
domain at any one time. In a shift worker situation, you could buy enough licenses
for any one shift because each shift never (theoretically) signs on at the same time.
In the per-seat approach, you need enough licenses for all the workers, regardless
of shift. You buy additional licenses for each server you add. Generally, if you
have two or more servers, the per-server option is the way to go.
Outfitted with this information, you are ready to continue and start installing
Installing the NT Server Program
You have two ways to start the installation program. Either way works just fine.
If you have only floppies--save yourself! Buy a CD-ROM drive before continuing.
- 1. Use the WINNT or WINNT32 program on your CD-ROM.
2. Insert the CD-ROM and the first startup floppy and reboot.
The following sections discuss these methods.
NOTE: If you are installing on an existing machine, consider running a virus
protection program before you begin. To be really efficient, run it on brand-new
machines as well, because you can never tell nowadays. The NT install process gets
really annoyed if it finds a virus, and it does not allow the install to conclude
Using the WINNT or WINNT32 Program
The CD-ROM that Microsoft supplies with NT Server comes complete with several
versions of NT. Intel users will choose the folder called I386 whereas RISC-based
machines will use a different directory.
You install NT from the CD-ROM, from a network drive, or from a hard disk on the
local machine. To do either of the latter, copy the appropriate directory, such as
I386, onto the desired location and run the WINNT or WINNT32 command
from there. You use the WINNT command if you're installing from DOS or Windows,
and you use the WINNT32 command if you are upgrading from an older version
of NT. On a Windows 95 machine, the installation CD-ROM automatically starts after
you insert the CD-ROM. Finally, use the /b and /s switches following
the WINNT or WINNT32 command to install solely from the CD-ROM.
Using the Floppies and CD-ROM
Using the floppies and CD-ROM is only slightly different in execution. Insert
the floppy called "Setup Boot Disk" into drive A and reboot your machine.
Not all the NT software is on these floppies, only the bare minimum needed to start
up the install program. The first thing NT install does is run a machine configuration
program called NTDETECT.COM that determines what kind of hardware and software you
have on the system. A message from the program tells you that it is inspecting your
TIP: If NTDETECT.COM hangs and doesn't appear to want to continue with the
setup, reboot the machine under DOS and run the debug version. This version tells
you everything it does (in painful detail, so don't use it indiscriminately) and
allows you to see where the problem lies. Follow these steps:
1. Rename the existing NTDETECT.COM or copy it to a safe location.
- 2. Copy the file called NTDETECT.CHK from the CD-ROM. (It's located in
a directory called support/debug/i386/ntdetect.chk.)
3. Rename this file to NTDETECT.COM and execute the program.
4. Remember to replace everything at the finish so you don't run the debug
version later inadvertently.
Next, you see a blue screen and the words "Windows NT Setup" as the
install continues. After NT asks for the second floppy, a few messages appear that
indicate that NT config data, fonts, PCMCIA (or PC card as it's now known), and other
items are being loaded. Finally, the NT kernel loads and tells you the version and
build number and sets up the "Welcome to Setup" message with options to
continue, repair, or exit. Because this is a fresh install, you ignore the repair
option. You use that option to fix NT when things go wrong. That option is discussed
more in the section called "Creating the Emergency Repair Disk."
Replying to the prompt by pressing Enter (to continue) and loading disk 3 continues
Windows NT Setup
Now that setup is underway, NT continues finding out what hardware is on your
system. If you followed the earlier instructions when setting up the machine for
this installation, this phase will probably surprise you as it continues with few,
if any, problems.
If you are upgrading from another version of NT, you see a message indicating
that the install realizes you are upgrading an older version and providing you with
two options. Your response to this option is important. The two options are To upgrade,
press Enter. To cancel upgrade and install a fresh copy, press N. Choosing the latter
response removes all prior directory share and user account information in the SAM
(Security Account Manager) database, forcing you to start all over. (We'll tell you
all about the SAM database on Day 4 and Day 5, when we discuss security and the Registry.)
This might be okay if you decide that the old version needs cleaning up anyway. If
your previous version was well used and you do not want to re-enter all your users,
choose the upgrade option. The upgrade option keeps the existing SAM database, preserving
all your user account data.
To gain up-to-date information and details concerning special considerations such
as upgrading from beta versions of NT, read the setup.txt file in your specific installation
When you pass this step, NT Setup tells you what it believes you have on the system.
This includes the following components:
- The type of PC
- Video card
By now, you should be getting accurate information. The only interesting part
here concerns the video driver. You notice that the NT Setup program wants to set
your video card to VGA mode. This might be disconcerting if you know that you have
super VGA capabilities on your card.
NT does this for a very good reason. The good people at Microsoft figured that
if they let administrators pick a video card, they might mess it up and pick the
wrong one, making the install unable to boot. Knowing that current VGA drivers work
on almost every card available today, they decided that using this mode helps ensure
a smooth install. You change the mode later after NT is set up. Finally, to make
sure you can always boot NT regardless of whether you mess up a video card change,
the NT Setup program includes an option in the OS Picker called NT4 [VGA Mode].
No matter what you do, you can always use this command to load NT because changes
you make to video card drivers modify the other command line, the default startup
command, always leaving you with the NT4 [VGA Mode] command to fall back
Now that you have progressed smoothly, NT Setup wants to know what disk partition
you want to install NT on. It starts by showing you the available partitions. If
you have only one, choose that partition and press Enter. If you have multiple disk
partitions, select the specific partition NT will reside on and press Enter.
The setup program gives you a number of options concerning this partition, and
it is at this stage of the setup that you decide whether to use a FAT-based file
system or move to NT's NTFS file system.
If you are dual-booting NT, make sure you do not choose to format or convert the
existing partition to NTFS, or your Windows, NT, or other operating system will be
FAT or NTFS?
Which system should you use? It depends. Take a look at some of the considerations.
First, unless there is a compelling reason, you should use NTFS. Why? NT security
is largely dependent on the newer NTFS file system. Using a FAT-based partition leaves
your server vulnerable to unauthorized access and low-level, DOS-based utilities.
If you maintain old DOS-based programs or files, this is a reason to stay with
the FAT-based system. Perhaps you might maintain a small FAT-based partition for
this reason. You probably do not need the entire system to be FAT based. Having a
FAT-based partition also leaves some of the DOS-based utilities available for use
in case you have server problems. This leaves that partition vulnerable but ensures
that your server files and programs are protected with available NTFS security options.
TIP: Until recently, moving to NTFS prevented you from booting from a DOS
floppy and reading the hard disk. This is no longer the case because several tools
are available on the Internet that allow you to read an NTFS file after booting from
a DOS floppy. Try this site for further information:
Using NTFS offers the ultimate protection for your server. Among these benefits
are sorted directories, access permissions for each file and directory, faster access,
file names of up to 254 characters (if that doesn't move you from a DOS, FAT-based
system, nothing will!), and improved space utilization.
After you decide, the setup program asks you what directory you want to install
the files in. Use the default of \winnt or create your own if you have a corporate
naming standard. After checking your hard disks for corruption, NT Setup copies more
files and finally (after about 10-15 minutes using the CD-ROM) asks you to reboot
After your computer reboots and finishes running the NTDETECT program (we told
you to replace the debug version), you get a short message indicating that you can
return to the "Last Known Good Menu." NTDETECT and this message appear
each time you boot NT. You cannot make use of the message at this time because there
isn't a previous menu, but in the future, it allows you to recover from some of your
Because it's Microsoft, the first thing you now see is the End User Licensing
Agreement. If you are in the habit of ignoring these, don't. You cannot continue
without pressing Yes. The next thing you see is a list of several installation options:
If you are new to NT, choose Typical. Otherwise, choose the appropriate setting.
You can read more about each setting in your installation manual if you need to.
NT next asks you to personalize your copy by entering your name and company name.
I suggest leaving your name blank, unless you really want the recognition in perpetuity.
Use the correct product number because if you leave it blank or create a random number,
you cannot communicate with any other server using the identical number. Press Continue
when you are finished and again to verify.
Now you need to enter what type of licensing option you are using, per seat or
per server. The per-seat option is considered per user, whereas per server means
each person must have a license for each server they connect and log onto. Specify
the proper number of licenses you own in the box provided, or printer and file services,
among others, will not start.
WARNING: You use the Licensing icon in the Control Panel to change from per
server to per seat only once before needing to re-install. You cannot legally change
from per seat at all without re-installing.
Now you need to specify what type of server you are creating. Remember that we
discussed the pros and cons of each type earlier. Now you must decide. If this is
the first server on the network, it must be set up as a primary domain controller.
If not, you need to choose between backup and just plain server. Create one backup
and consider whether the remaining servers need to be additional backup machines
or ordinary servers. Remember to carefully account for any administrator passwords
you create. Not only must you guard against unauthorized persons discovering the
password, but you also must guard against losing or forgetting the password. They
cannot be re-created on primary domain controllers and servers without re-installing
Creating the Emergency Repair Disk
What is an emergency repair disk and why do you need one? Recall earlier during
the installation that the system asked about your next step. One of the options provided
is to perform an emergency repair. This is where you use the emergency repair disk.
This disk provides NT with just enough information to bring up your system based
on the last time you updated this disk.
When something goes wrong, you first attempt to recover using the "Last Known
Good" option provided when NT first loads. This option supplies you with the
last time NT started successfully and at least one user signed on. If this fails
to recover, you use the emergency repair disk.
The emergency repair disk stores the critical system configuration files needed
to recover NT. The first time you run the disk, it creates the system with a Guest
and Administrator account only. All your user data is lost. (We tell you how to update
the disk a little later in this chapter.) To use the disk, run the WINNT program,
insert the disk when requested, and reply R for repair when asked. It then asks for
your setup disks; follow the instructions presented to finalize the repair and reboot
TIP: If you cannot find your repair disk or didn't create one despite our
warning, NT 4.0 helps by keeping a version of it in your main NT directory in a subdirectory
called repair. You can just copy this to a floppy or point the repair process to
Because it is unlikely that you'll want to restore your NT system back to the
original setup parameters (after you use NT for a while), you need to update this
repair disk regularly. To do this, run the program called RDISK.EXE, which is in
the system32 directory, and follow the instructions until it finishes.
An undocumented feature of this program is its capability to also back up the
SAM for you using the /s switch while creating a new emergency repair disk.
Figure 3.1 shows the command for creating a new repair disk and including a copy
of your Security Account Manager (SAM) database.
Figure 3.1. Running RDISK to back up the SAM.
One thing you need to be aware of is that over time, your Registry might become
too large to be created on a disk. RDISK actually updates the directory called \winnt\repair
(assuming you installed NT in the winnt directory).
Following this process helps ensure that the final option, re-installing NT, is
rarely needed. You find more detailed information on backup and recovery techniques
in Chapters 21, "File Backup and Recovery," and 22, "Configuring Fault-Tolerant
How often do you run the RDISK program? We recommend that you run it each time
you make major changes to your system, such as adding a multitude of users or programs.
You can also run it at least on a monthly or weekly basis, depending on the amount
of change to your system. This way, the next time you need to repair NT, your Registry
and SAM will be up-to-date, and you will not need to re-enter too much information.
As you continue the setup program, you encounter the section that requires you
to tell NT what software components to install. These include items such as Microsoft
Messaging and Remote Access Services. Include those you need and follow the instructions
as presented. Don't worry about it if you are unsure of what you want to use. You
can add them later.
The NT installation then moves to the next phase, installing networking components.
The NT installation moves into the network phase by asking how you will connect.
If you are setting up NT to be a domain controller, you need to be connected to a
network. An NT domain controller, whether primary or backup, cannot be created in
Install informs you that Windows NT needs to know how this computer should participate
in a network.
The install process shows you the following message and asks for your input: Do
not connect this computer to a network at this time.
This computer will participate on a network
- Wired to the network
- Remote access to the network
Reply by selecting "This computer will participate in a network--Wired to
the network" to cause the NT installation to continue. After you reply, you
are asked whether you want to install Microsoft Internet Server (IIS). For these
purposes, reply no at this time. You will review the install and setup of IIS in
several days when you review Chapter 26, "Using NT with the Internet Information
Setup now asks you to select and install your network card. NT 4.0 does a very
good job of finding and auto-detecting your card, especially if you use only approved
hardware. If not, you might find out now why it is a good idea when NT cannot automatically
find and configure your network card.
If your card is not automatically detected, you might find it by manually reviewing
the choices provided. If it is not there, rerun setup and choose the "Do not
detect" option and use the NT driver software supplied with your card. Software?
With the card? Now, you are really in deep. Take our advice. If you cannot find an
NT driver for your card, save yourself oodles of trouble and go buy a new card that
is on the approved list. You won't regret it! To really play it safe, many Microsoft
administrators use the Intel EtherExpress 16 LAN card. You probably won't go wrong
by following the trend.
Now that your card is set up, you need to tell the install the IRQ, I/O, and RAM
addresses your card uses. Because you wrote those down when you installed the card,
just insert them now. Next, you need to tell the install process what protocols you
are using. The install automatically assumes you want NetBEUI and IPX/SPX. Unless
you plan on using Novell with this server, de-select IPX/SPX. NetBEUI, on the other
hand, is necessary, so continue the install using that option.
Setup then asks whether you want to install services. It installs the RPC configuration
and NetBIOS interface by default. You can install a whole pile of other services,
but we suggest you bring up a fairly light version first to become used to NT. Add
services later as you become more accustomed to the product.
NOTE: Some of the services you can add include Internet Information Server
Gateway Services for Novell DNS and DHCP Servers Remote Access Service (RAS) TCP/IP
The NT Setup continues and installs those services selected. This might take a
while, depending on how many services you select. Remember, though, for the purposes
of this book, don't go hog wild and add everything; it will just be confusing.
If you are installing in an already designed domain, setup wants some more information
about the role of security on your machine. Recall that you decided earlier what
type of machine to install--domain, backup, or standalone server. Now the setup program
wants you tell it more. Why it doesn't do this when asking earlier is beyond us.
You need to tell NT whether this machine is joining a workgroup or domain. (Remember,
if this is your only server in a new domain, you won't see this message.) This is
because all NT servers and workstations must be granted access to join a domain;
they cannot just add themselves.
NT Server is a very secure system and needs to validate all other machines in
the network with one caveat: They are validated only if they are NT servers or NT
workstations. A DOS, Windows, or OS/2 machine is not validated. As long as you have
a valid account and password, you can use these machines on the network. Within NT,
however, there is a fair amount of internal security that provides for a more robust
security environment if your network consists only of NT machines. If you are adding
a new NT machine to an existing domain, you need to use Server Manager and tell the
existing machine to expect to hear from a new one.
Chapters 9, "Understanding Domains," and 10, "Understanding Security,"
tell you how to add a new NT machine to your domain and provide additional security
Finally, initial setup is nearly complete. NT provides you with an opportunity
to modify the video screen setup. Remember my earlier advice about using the VGA
driver that comes with NT. However, if you really want prettier colors, set them
up now in the screens provided. Make sure you test your choices before continuing
because it saves you headaches later. If you really mess it up, remember that NT
knew you might do this and gave you the VGA driver default option to use when you
boot the system, which allows you to recover.
The NT Setup program will reboot (possibly more than once depending on the options
selected earlier, such as using the NTFS conversion program), and you have the basic
operating system up and running. You now see a desktop that looks as shown in Figure
Figure 3.2. The NT Server desktop.
Does this mean you're finished? Well, yes and no. Use the present system for the
next couple of chapters and get a feel for what NT 4.0 looks like and see how similar
it is to the Windows 95 interface. You might decide later to add additional printers
or some application programs to see how they run.
Migrating from Other Systems
If you are currently using another product such as Windows, NetWare, or Windows
95, there a few issues you want to review prior to your install of NT 4.0.
Dual boot means retaining an existing operating system such as Windows 95 and
choosing which system to use at boot time. Most people do not use this system because
NT is rather expensive for occasional users. However, there are times when you might
choose such an option. For example, I installed NT Server in dual boot mode on my
laptop. This allows me the option of using my existing system for consulting work
while retaining the capability to boot NT Server for client seminars and, of course,
for writing this book.
The good news with NT 4.0 is that it automatically installs itself in dual boot
mode if it finds another system on the install drive. This applies to DOS, Windows
95, and older versions of NT.
When you boot your system after installing NT in addition to another operating
system, you see a message like this:
- 1. Windows NT Server Version 4.0
2. Windows NT Server Version 4.0 [VGA Mode]
3. Microsoft Windows
4. Using default version in 30 seconds
The boot process will automatically bring up NT after a default time period of
30 seconds if you do nothing. Otherwise, you select the system you plan to use and
continue with the boot process.
The only major caveat to dual booting concerns the hard drive and security. Some
of you might be under the illusion that NT security is so strong, physical control
over the server is unnecessary. Get this straight right now: If anyone has physical
access to your server, you do not have any security! The chapters on security discuss
this in more detail, but it's important enough to mention here. Regardless of whether
you use a FAT-based or NTFS-based file system, if someone gets access to the server,
he can break any level of file security used by the operating system and can gain
access to your data. The only way you change this is by using an encryption tool
to fully encrypt your data files. There are several new tools available that allow
a person to read an NTFS file system using a DOS boot disk, so access to the NT operating
system is no longer necessary (or providing security) to have access to the data
residing on the server hard drive.
For the hard drive, the caveat concerns the space and type of file system you
use in a dual boot scenario. For DOS or Windows, you need to remain FAT based, leaving
you without the advantages of the NTFS file system. NTFS provides greater speed and
more effective use of the space than FAT based file systems. Unless there is a real
business need, you might want to remove the older system from your server and fully
convert to NT instead.
Migrating from NetWare
In case you currently use Novell's NetWare and decide to change from that environment
to NT Server 4.0, Appendix C, "Migrating to NT from Novell," details the
necessary steps. You can also find information about using NetWare and NT together
in the same network in Appendix C.
Migrating Applications from Windows
The good news is that moving from a DOS-based or Windows 95 system to NT Server
poses no real problems. The bad news is you have to re-install your applications.
NT provides an install that recognizes other systems, allowing you to dual boot these
systems, but does not let you use the applications you might already have loaded
that are NT compatible.
A number of programs just will not work, including most system-level utilities
such as data recovery programs like Undelete and fax programs that aren't specifically
designed for Windows 95 or NT. Other programs such as Norton Utilities or Rescue
Data Recovery Software will not operate unless you purchase a specific NT version.
Some software will operate under NT if you choose the executable and double-click
it under Explorer. We tried this on some shareware packages that are made for Windows
95, and they ran just fine. After determining that the program runs, add the icon
to the desktop or to the Start menu under Programs. Strangely enough, Microsoft Office
seems to rely too heavily on the Registry and needs to be re-installed. You'd think
that its own software...
Finally, you can try to copy the application's .INI files to your main NT directory
and see whether that helps before resorting to a full re-install.
Migrating from NT 3.51
Microsoft does a good job handling a migration from NT 3.51. During install, the
NT 4.0 Setup program detects the older version and allows you to choose between updating
it to the new version (effectively removing 3.51 from your system) or adding the
new version in a separate directory and setting up a dual boot mode automatically.
If you are upgrading a server that is widely used and has been extensively modified
to include numerous user accounts, choose the upgrade option. NT 4.0 keeps all the
data from your SAM and includes it in the new version, enabling your users to access
the system without needing to be re-created.
If you are updating a test system or a system you'd rather start from scratch,
choosing the Refresh option wipes out all prior NT information from the SAM and leaves
you with a disabled Guest account and one Administrator account. You then add all
your users and their access levels as needed by your organization.
Licensing Those Users
You've installed a few services and added a number of clients. Everyone seems
happy getting used to the new Windows 95 look and feel and using the services. Did
you license all those users? You want to remain legal, don't you?
Microsoft provides a tool called License Manager to manage adding and removing
users and services. You find it in the Administrative Tools group (see Figure 3.3).
Figure 3.3. License Manager.
This tool provides a number of neat methods and processes for managing your licenses.
It includes an area that allows you to update a small database with all the software
licenses you've purchased. You need to manually add this information, but using it
will save you time and hassle later as you find a need for the information.
In addition, License Manager shows you the products for your domain or network,
depending on your selection. This section shows you which products are licensed and
which are not and whether each product is at its license limit. You add and delete
per-seat licenses using this section of License Manager.
A server browser gives you access to the license information of other servers
that are available to you. In this section, you add or delete per-seat and per-server
licenses, allowing you to perform all your license maintenance from a central location.
Task 3.1. Modifying the number of licenses in use on NT Server.
Step 1: Description
This task enables you to modify the number of licenses in use on NT Server. You
should perform this each time you add or remove licensed users or software.
Step 2: Action
- 1. Log in using the Administrator account.
2. Under the Start menu, find the submenu called License Manager. Your
screen looks as shown in Figure 3.4.
Figure 3.4. Finding License Manager.
- 3. Click License Manager to start the program. You see a screen like the
one shown earlier in Figure 3.3.
4. Click the Purchase History tab, and you see a list of all the products
you entered in to the database. It is empty at this time because you have not entered
any information. As you install products, it's a good idea to update this section
because it makes managing all the product licenses a lot easier.
5. Click Clients (Per Seat) to see your license information. If you used
the per-server option during the install, click that instead. You see the number
of licenses you are allowed on the server. Keep this up-to-date according to your
license agreement with Microsoft.
6. Click the Help file to obtain detailed information on how to use License
Manager. This Help file is extensive and answers most of your questions. When you
are finished, click License|Exit to leave the program.
Step 3: Review
In this task you learned to manage your software licenses by using Microsoft's
License Manager tool. By updating this information regularly, you can enhance your
ability to quickly ascertain what products you have and how they are licensed.
As you have progressed through this chapter, you might have encountered various
problems and difficulties. Here are some of the more common ones: System freeze-ups--When
encountering a system freeze while installing NT 4.0, remember that this chapter
warns you to stick to regulation equipment. Verify that all the hardware in use is
on the Microsoft Hardware Compatibility List (HCL). Remember that NT is fanatical
about proper IRQ and I/O settings and will have a huge hissy fit if these settings
are incorrect. Use the debug version of NTDETECT to find the general area where NT
is failing and correct the problem. Also, don't forget to run an anti-virus program
before starting because virus infections often result in system freeze-ups.
To find this program, load your NT CD-ROM and look in the directory called \support
for the program NTDETECT.CHK. Copy this program and rename it (after carefully renaming
the original so you don't override it) to the .EXE extension onto the original setup
Boot cannot find NTLDR. Please insert another disk.--NT will never
load without the loader program NTLDR, and it must find it in the root directory.
On some larger systems with FAT-based hard drives, the root directory can fill, causing
NT to be unable to find the loader program. This is because FAT-based file systems
can have only 512 files in the root directory. Remove some files and start the install
again. Cannot read drive a:--During the install, you cannot read
one of the floppy disks. This error can result from many causes such as spilling
your drink all over it first or accidentally sitting it on the magnet in your office.
Seriously, sometimes the disk is unreadable, so what do you do? Insert the CD-ROM
and run the WINNT32 program. Other causes include a hardware error or problem with
the actual drive. If you followed the earlier install criteria and checked all your
hardware before starting, you might be able to eliminate this as a cause. Otherwise,
correct the problem and begin the install again. Don't forget that you can add the
/b and /s switches after the WINNT or WINNT32
commands to eliminate the need for a floppy and run solely from the CD-ROM.
In this chapter, you learned the following points:
- Avoid installation problems by carefully following the Hardware Compatibility
- The best protection is proactive. Making backups of important data before beginning
is essential to your well-being and peace of mind.
- Licensing your software on a per-server or per-seat method is critical to understand
because you are offered only one chance to change before needing to re-install NT.
- You choose which type of hard disk format to use during install, either FAT-based
or NTFS. Using a FAT-based system allows you to dual boot your machine but is less
efficient than NTFS. You must use NTFS if you plan to use file- and directory- level
To wrap up the day, you can review terms and tasks from the chapter, and see the
answers to some commonly asked questions.
boot--The process of starting up your computer by loading the operating
DNS (Domain Name Server)--A method of allocating a recognizable name for
the IP address, letting you use something like www.microsoft.com rather
than 220.127.116.11 to find a Web page.
FAT (File Allocation Table)--The particular style of tracking the location
of each disk file on a DOS-based machine.
HCL (Microsoft's Hardware Compatibility List)--This is a list of all hardware
that is certified to run with NT. You can find the list on the Internet at the following
I/O (Input/Output)--The process of transferring data between the computer's
memory and its keyboard, printer, disks, and other devices.
kernel--Windows NT services run in two modes, kernel and user. Kernel mode
is the inner guts of NT and provides system stability through its minimalist approach.
In version 3.51 and earlier, the kernel was very robust and added to the strength
of NT because little was placed in there that might impact the system in a negative
fashion. In 4.0, more has been added to this layer, such as the video card drivers,
resulting in the possibility that NT will not remain as stable as prior versions.
Time will tell.
NTFS (New Technology File System)--The file system used by NT. It is more
efficient than FAT-based systems and allows for file- and directory-level security.
partition--Specifying which sections of a hard drive that another operating
system can use. Also used to break up a large disk into several smaller logical
server--A network computer that provides services to client computers.
Can also be called a gateway server, mail server, database server, and file server.
TCP/IP (Transmission Control Protocol/Internet Protocol)--A collection
of software that allows connectivity between LANs and WANs. workstation--Another
name for the computer that performs local processing and acts as a client on a network.
With the information provided in this chapter, you installed NT Server and learned
the pitfalls to avoid during installation. In most of the chapter you learned to
install NT Server. You also learned how to carry out the following task:
- Modify the number of licenses in use on NT Server
- Q What do I need before starting the install?
A You can use any equipment you like to run NT, but if you do not want
a million headaches, start by using the HCL and buying equipment that is on the list.
Clones might save you money initially, but if they do not work with NT, you have
a major problem. In addition, getting up-to-date NT drivers can be next to impossible.
Q How can I find out what NTDETECT is actually doing?
A NTDETECT determines the hardware in use on your machine. If a conflict
occurs, the program might just stop running, leaving you puzzled. You find out all
the steps that this program is taking by using the debug version. We outline exactly
how to do this in the section titled "Using the Floppies and CD-ROM."
Q What can I do to help ensure an easy install?
A Use approved equipment. Test all components before trying to install
NT Server. In this manner, you can be more assured that a problem lies with the install
and not with some hardware malfunction. Write down all relevant information such
as all I/O and IRQ settings of PC cards (formerly known as PCMCIA), sound cards,
and so on.
Think carefully about the following queries and decide on the answers. Make sure
you decide how you intend to license your software. Will you use a per-server or
per-seat approach? Is the machine being added to an existing domain? If so, will
it be a backup controller or ordinary server? Doing some homework prior to laying
your hands on the software helps ensure that your install is relatively painless.
Q Should I use a FAT-based or NTFS file system?
A If you plan on using NT as your primary server with no other operating
system, using NTFS provides sound, effective security and more efficient use of disk
space. Use a FAT-based system if you need to boot different operating systems or
have application needs that depend on FAT-based files.
© Copyright, Macmillan Computer Publishing. All rights reserved.