2/x/00

File Sharing

 

share—anything you’re sharing(files etc)

SAMBA-indows filesharing (also SMB)

user limit

UNC universal naming convention (UNC path name--

 

to share: find the icon, rightclick, hit share.  share name-share it as  user limit-limits #people who can access it.  max allowed is default, can be 10 or basic max.  norm 10.  Permissions—samelike security.  (types: change—like write)    shares get a little “hand” symbol by their icon. 

shares have a different path...

standard is

C:\folder\file.ext

share is

\\Pc31\folder\file.ext

--this is a UNC pathname.  NetBias ennumerates UNC pathways.    you probably could integrate a workgroup into the unc, but it’s not common.

 

hidden shares—end with a $sign : \\pc31\C$,  \\Whsnt1\Ipc$.. basically administrative shares.

 

Mac sharing:  needs appletalk installed; you can’t use the standard file explorer.  you have to use something called “Winfile”, the old file viewing software for NT—to view the shares.:::in WinFile, go to MacFile... creates a volume you can share to from a mac... like in mac-mac sharing, you can choose from the different volumes on the partic computer.  so instead of the different drives, you get whatever volumes you have defined through macfile.  supposedly not a common situation int he working world; but used a great deal in educational facilities. 

 

also—you can create multiple shares for the same file; iow, the file is available under several names, with each having different access permissions depending on who you are.

 

 

 

 

 

askdavis.com—nate davis’ mission with the mormon church

 

1/20/00

 

extra notes:

UPS=uninterrupted power supply

apc is a company which does this stuff...

All Mac G3 crud(booklets, documentation... disks, backup etc) from machine in back in “Apple G3” notebook with mr jewel.

 

mutex: interprocess synchronization;; lets two processes talking to eachother.

 

is there an easy way to unlock several mac folders at once?

--yes.  see applescript “unlock” on disk...unlocks all folders&files within as well.

 

IV-windows security basics

security is key in winnt.  Your account represents you or a computer to the os.  when you logon, you get a “token” which lets you acces an object(see packet, plus more). 

two ways to get a token: log on.  also—a program can create one and use it to run another program...provided you have the right passwds and stuff; ie you can use an administrator token to operate a program for a period of time.

ACL-access control list—describes rules for an object.

user account—can be a person, service, etc.  to use one you must go through a computer...

computer account—tells the server it can be on the domain.

 

objects(in packet)—see for notes

properties:  security:

basic access permissions: (in packet, see for xtra notes)—

permissions: (acl editor) add:adds users, set type of permissions.  that list is shortened. >>under types, special file access, gives full acl listings.    >> replace permissions on existing files:  existing files are the only ones touched.  on subdirectories: goes to everything.

auditing:lets you see who accesses what.  add: add a user, pick the actions you want to log, and it tells you when that user does something(read/write/edit/etc)  can tell you if someone’s trying to hack your pword, fi.

owner: prevents someone from cicumventing security....chooses who has authority.

 

object namespace:  sim to winexplorer. (www.sysinternals.com)  objects, special security options, tells you whats going on behindthescenes, auditing...>>”physical memory”  lets you see if you can circumvent the execute permission by dropping something in physical memory and creating a process that says, load this ifle.  however, only admiins have access to physical memory.  prog called WinObj.

 

 

 

 

 

 

1/12/00

(review)

+administration etiquette

admins have a great deal of power... it is not appropriate to mess around with the server, for instance, while otherpeople are using the domain.  when you need to do something(like take the server down) give a callout, or send a message, etc:  time of next shutdown, how long it will be down, and another message when it is back up.

 

 

12/14/99(III)

A tour of WindowsNT

Logon/security: ( ctrl-alt-delete) lock workstation(like a password screensave); logout/shutdown/change password/task manager/etc

Admin tools(start menu):

User manager:

Create/edit accounts.

Groups(assign permissions to groups of users)(doubleclick to add people.  Primary groups: use Set to set.  Groups with a “world” is a domain group, w/out is just local.) 

New User: username(logon) fullname, description etc.  full/desc can be anything.  Checkboxes: user must change password at next logon(Good), else..

User profiles: profiles default stored on each individual comp, can be set to be stored on remote server.  Profile Folder is loc on WinNT folder, has every profile ever logged to that comp.   Home Directory: Connect (H) to ((UNC names: sets a folder on remote server to the home directory.  Use “%USERNAME%” to substitue the user name into the path…useful.

Hours: tells you when you can logon.  If you’re logged on when your time expires, kicks you off.

Logon To: sets which comps a user can logon to.  Specify the name of the computer.

Account:  sets the timeframe of allowed use(ie dad’s account problem).  Global: domain.  Local: for a specific computer.

Dialin: remote access.

Menu:Policies:

account policy: max passowrd age(you need to change your passwd every somanydays)  min pass age(you can’t use a new pass for somanydays)  Min pass length(duh, >6 prob-best), pass uniqueness(makes you set new passowrds to a New word, keeps a paswd history), acct lockout(prevents someone from hacking your account.  After somany failed attemps, the acct is locked out for a certain time.

User rights:  add user to domain, etc.  list of all available rights, when selected tells who has them.  Advanced user rights checkbox.

Audit: security

Trust relationships: <later> ((is this in user or server manager?))

Event viewer:  view system event log.  All programs can read/write to it, but only Special programs can erase besides event viewer. Three types of logs.  System:hardware failures.  Security: audits.  Application: program failures.  Dblclik gives details.  Log level(size restrictions) is editable under log settings.

Disk administrator: like Fdisk; lets you view/manage/edit partitions.  can’t convert formats, but pretty much anything else(create, delete, rearrange, format.  but doesn’t let you set sizes.—(create-?))  lets you play around before you make any permanent changes(click/hold menu: commit changes).  Assigns drive letters(or none, for editing)(click/hold menu).  Careful—if you change drive letters while programs are running, weird things can happen.    Also lets you save your disk configuration to disk.

Server Manager:  shows which comps n the domain, which are connected up/responsive.  Menus::computer(edit info on the comps, desc, folder sharing, services[stop/start...], send message[goes to all logged in computers],synchronize domain[transmits new editions/changes to the domain to all comps on the domain]) macfile(access to files etc)

services::(control panel) run when the comp is started, even before anyone is logged on.  can be started on auto or manual. usu for backgroud functions(email etc)

Ctrl-alt-delete: security

ctrl-shft-esc: task manager(force-exit programs.)  Process—technical name for an application.  Applications show up on tray. An interactive process, in a word.() Processes give you %CPU times.  To forcequit, pick the app tab and end task.  To completely kill it, pick it from the process tab… the Real way to kill a program.  From the task manager, you can set priority of programs.<-realtime gives the program All of the CPU time…  Performance tells you what’s happening in your computer. 

Page fault: when a program accesses virtual memory and isn’t supposed to.

Programs::Admintools:: Backup

transfers files from disk to a tape.  lets you pick specific folders to back up. Restore lets you view what you’ve got on a tape.  Requires a tape drive.

Start menu:g roup icons: programs: above line, private to you.  below line, shows to everyone.

 

 

On an infinite loop, mac and win3.1—loops gets 100% of the cpu time, can’t shut it down.  On NT, doesn’t happen… CPU %s remain constant. 

 

 

useful websites:

·         <<most/all can be accessed from www.microsoft.com>>

 

 

12/7/99(II)

Installation

486 sx 33Mhz minimum processor aka “486 33sx” ::

>16MB ram… prob at least 24…the >, the better

125MB diskspace req after installation –127 with 2MB swap file

VGA graphics adapter

 

-you Need to know whats in your computer before you setup NT…

HCL: hardware compatiblity list.  Tells you what NT has drivers for and works with.  Available in text and online at microsoft. 

NT takes about 1hr –1.5hrs to setup, longer for servers.

 

**if you’ve opportunity to install workstation, take it…good practice

…somewhere in our house is a copy of winNT, perhaps install on virtual Pc? Or else…

 

ways to start setup:

bootable cd(autoloads mass storage device drivers)

3-disk installation(lets you load drivers yourself)(more likely to be supported by the BIOS)

WINNT.EXE (intended to boot up DOS)

WINNT32.EXE (intended for windows)

-both the WINNT copy the cd/disks to the hd

Steps:

Enter setup on boot

Tell it to boot off cd:: bios features : boot order to a,c or c,a…tells it which drive to look at first, cd or disk respectively

Save and exit setup, insert disks, boot and hope.

Opens the setup program…similar to win3.1

Do what it tells you to. 

(( cancels setup on most any computer.))

On boot, watch screen… data line tells you processor, what kind of memoy you’ve got, etc.

Next: setup screen: reg, repair …

Next: detects mass storage device; auto or manual. Use manual if you have recent scsi devices, or if you’ve done auto and it didn’t work. On auto, don’t hit F3 to cancel.  If both auto and manual don’t recognize one of your drivers, reboot(perhaps of 3disk?) and hit F6.

Next: shows liscence agreement

Next: if you want to fresh or upgrade

Check list to see if it matches your computer

Check/create partitions(the less MB, the more efficient…)

Format partitions: choose NTFS(security, better individ features) unless: When your sys crashes/ you need to access file system.  FAT allows you to go in and fix the computer w/out reinstallation.  NTFS autochecks the disk when it crashes; sometimes the autocheck can take >1month.  Can convert from FAT to NTFS, but not vice versa w/out special sofware(“Partition Manager”)

--setup can’t format NTSF drives.  You have to partition the drive <2 gig, then format as NTFS.  Setup will format as FAT and convert.

Chose where files will be installed (\WINNT is default…okay)

Do Not do an exhautive examination of the hard drive.  It takes a long time…weeks

Next: copying files. Don’t cancel.

Next:graphical mode setup:::

Name /Organization :: Woodinville High School/Northshore School District

CD Key: on back of cd case, orange sticker.  Universal cd key is 000 1111111(algorithm:first three can be anything, last have to add up to be divisible by seven)

Liscensing modes: as many per server liscenses as you have computers connecting to it.  (we set to 9999 for edu purposes..not exactly legal)

Computer Name: (if a server, normally include server in the name…else can be anything)

Server Type: Don’t Screw Up.  Select which type…PDC, BCD, standalone server.  You don’t use standalone often, unless cross-platform networks.  Normally, primary.  Backup requires the network to already be in existance.  Server type is Not goodly changeable… makes the comp unreliable in NT4 unless you reinstall.  Can change from backup to primary, but not back.

Admin Account: good:>6 characters, alphanumeric and mixed caps.  Bad: <6 char, your name, “password,” family name, profanity…   in NT, passwords are case-sensitive, <14 chars long.

::windows

Emergency Repair disk: Yes.  if no, when you reinstall, data lost.  Takes a while though.  Can be created at any time.

Select Components: ::everything…any of/all

Next:

Networking:  ::wired to it…  can be wired, remote access, or both.

Install Web Server: can or no, we did for fun… includes gopher… more later

Network Adapters: search for alternate adapters…if fails, you have to select an adapter from a list… if it doesn’t show, put in disk and select path.  If you don’t get this…bad

Network protocol:  ::we did all, just because.  Can select from list.

Network Services:  ((later)) program that runs in the background and provides a service… print servers, etc…   ::everything, because.  DHCP:Dynamic host configuration protocol…384.923.496.44 …services to macintosh emulates appletalk.  Start with DNS DHCP and Info Server 2.0

Next: actual installation.  Buncha dialog boxes from any setup programs that need to run.   <TCP/IP box: don’t use DHCP on a server.> aviod DHCP adresses: 127.0.0.1<loopback adress, connects to itself     192.168.0x<private range,can’t be accesed on internet  10. x< private  range 72ish<private range

Asks for ip address, subnet mask ((later))

Don’t use older name revolution protocol… etc

Appletalk zones are ok for none…

Network binding:  sets order chosen for different protocols.  Can leave it alone

Next: try to start the network.  Hope.  If you’re doing a BDC, you have to provide a user account.  “add workstations to domain” admin account can do it, none else.

IIS>internet info server. If installed, you have to specify some stuff.

Error with gohper service is nothing to sorry about.. have to configure DNS to get it to work.  “(gopher is from theUniversity which invented it)”

Time Zone, date, display(can’t change anything until you restart), copy rest of files… let it do its thing.

Once you’re done installing, restart.

:

other notes: 

to rename your computer, the most reliable way is to reinstall the operating system.  It’s Not a good idea to rename servers; computers connected to it will be a Little lost.

The “add workstations to domain” property of a user/passwd allows them to set up a BDC.

NT allows dual-booting.  Consumer windows does not…likes to overwrite NTs bootloader(unavoidable w/out special software).  Thrfre, always install consumer windows first, then NT.

Repair installations won’t fix setup problems.               Standalone servers are not part of a domain.           Mass storage devices are ones which store a great deal of data, excluding non-scsi floppy(zip and other device drives are also considered floppy drives, not just your standard 3.5)               

 

 

 

 

--Note: installing NT can take 1.5-2 hours…whereas macs take 20-30 mins…. ; ) ….the first time he tried to install, it crashed…had to reinstall at options. NT server taks awhile to logon, no real reason why.

 

12/<10/99(I)

WinNT: the basics

-designed to be a business OS…security, reliability.

-32 bit OS.  (--Win3.1 was a 16 bit--) … but not really.  NT is “faked” 32 bit

-designed to run for long periods w/o intervention

-designed to restrict access privileges

--code base hasn’t changed since the first build…

-3 versions: (“additions”) Workstation Server (desktop OS, most common)

                                NT Server (managed security, assigns IP addresses, file server.  Typically not a user/interactive server)(opposite processor divisions: background programs get more processor time), supports 4 processors

                                Enterprise Server (heavy-duty hits, website servers, etc)(database servers)

-2 kinds networking:

10base2 (Small networks –4-5 comps, daisy chains … comps wired to each other, not to a hub), supports 8 processors

10baseT (10 mega bits/second)(what we use, looks like phone line connections, central hub)

hub vs switch: hub(10mbit pool of speed.  Shared by each who connects… the more people on a hub, the slower the connection)(less expensive, best for small network), switch (guarantees 10mbits of speed for each user… doesn’t slow with use)(more expensive, best for big network)

Termination: tells the network where its end is.  BNC in a 10baseT.  Can use resistors as well.

-NT domain: grouping computers.  Lets you group little parts of a network.

    Servers: 

Primary domain controllers (keeps things in synch, responsible for everything)

 Secondary/backup domain controllers. (takes control if primary goes down)

                --authoritative   --one controller is authoritative -like primary, for instance- or both are, when in synch with each other.

                Basic domain tasks: promotion/demotions-> promote, brings to primary.  Demote, brings to backup.  DON’T demote primary… cause then you don’t have one.  When you promote a backup the primary automatically demotes.

=kernel-the part of the OS controlling the processor directive…past scheduling, device drivers,low-level.  Gatekeeper between you and the hardware.

=boot loader-program that loads the OS  on startup.

=virtual memory-hardisk space used when there’s not enough real memory.

=page file—where virtual memory is stored.  Not savable to a floppy (2MB min)

=FAT-file allocation table-basic file system, been around forever, 8.3 filenames(8char), only filesystem that consumer windows supports.

=NTFS-NT File system-customized system specifically for NT, lets you assign permissions to a file, lets you audit, encryption, individual file stuffs, file-level compression(allows you to compress an individual file…blue folders), file-level base security( one of the only file systems certified by the government to do this), hard linking(?)(“my letter to bob is the same as my letter to bill”…lets two files point to the same data; when you modify file 1, file 2 is modified; the data isn’t deleted until all the linked files are gone.),journal-keeping(all successful changes are stored in a journal, usefull if you’re halfway saving and crash) ßv4 v5àmount-point(“if C:\ Is full, you’d normally get a d:\ drive.  Mount-point lets you create a folder on C:\ that stores data on D:\.  Usefull if you need more than 26 drives.), file-level encryption.

=SCSI-small computer systems interface- (ide-integrated drive device electronics-windows, slow, only allows 4 devices),SCSI lets you have 40(?) devices, very fast, 6-8 times faster than IDE, most current devices run on SCSI

=TCP/IP-trasmission control protocol/internet protocol – computer id over internet, also in networks.  Lets you move data over a wide array of computers.  You know whether something is received or not recieved

=net BEUI-  like TCP/IP(sortof), useable on only a small LAN network, home-networks, non-routeable.

=IPX-internetwork packet exchange-not routeable, very old, LAN

==backup domain controlle(BDC) not authoritative until primary domain controller(PDC) is inactive…or is always authoritative(linked w/ PDC, in sync)

=authoritative –comp can tell who you are…NT servers can be authoritative.