Tài liệu Configuring Windows 2000 Server doc

Use this command to open the DNS console in author mode: MMC %systemroot%\System32\dnsmgmt.msc /aYou can right-click an .msc file and choose Author from the context menu to openthe file

Configuring Windows 2000 Server

This chapter explores the many tools for configuring and

managing the system, managing users, and controllingother aspects of Windows 2000

The Microsoft Management Console

In Windows NT, most management functions are scatteredthrough various utilities, some of which appear in the ControlPanel Others are located in the Administrative Tools folder onthe Start menu Still others are hidden in the deep recesses ofthe file system, accessible only by Administrators with the time

to hunt them down Each typically provides a unique UI and nomeans of integrating tools together under a single interface

One of the many changes in the Windows 2000 interface andadministrative structure over Windows NT is the switch to amore homogenous approach to administrative utilities Whilemany system and operating properties are still controlledthrough the Control Panel, most administrative functions havemoved to the Microsoft Management Console, or MMC TheMMC runs under Windows 2000, Windows NT, and Windows

9x This section of the chapter examines the MMC and its

component tools

You’ll find additional information about the MMC as well

as additional snap-ins at http://www.microsoft.com/

✦ ✦ ✦ ✦

Understanding the Function of the MMC

The MMC itself serves as a framework Within that framework are various

admin-istrative tools called consoles In particular, the MMC provides a unified interface

for administrative tools This means that once you learn the structure of one tool,the rest are going to follow suit (within limitations imposed by the differences

in function of the various tools) Figure 6-1 shows the MMC with the ComputerManagement snap-in loaded (more on snap-ins shortly) As you’ll learn later

in this chapter, you use the Computer Management snap-in to configure mostaspects of a system’s hardware and software configuration

Figure 6-1: The MMC serves as a framework for a wide variety

of administrative tools

Perhaps more important than a unified interface is the fact that the MMC lets you combine administrative tools to build your own console configuration, which you can store by name on disk The next time you need to work with it, you run the MMC console from the Start menu or double-click its icon or shortcut.For example, let’s say you want to put together a custom console for managing aWindows 2000 Internet server You can integrate the tools for managing DNS, DHCP,and IIS all under one interface This custom console gives you quick access to most

of the settings you need to configure on a regular basis for the server

The MMC window consists of two panes The left pane can contain two tabs: Tree and Favorites The Tree tab generally shows a hierarchical structure for theobject(s) being managed When you use the Active Directory Users and Computersconsole, for example, the tree shows the containers in the Active Directory (AD)that pertain to users, groups, and computers The Favorites tab lets you create

a list of frequently used items in the tree The right pane is the details pane The details pane changes depending on the item you select in the tree When you select Services in the tree, for example, the details pane shows the list ofinstalled services

MMC provides two different modes: user mode and author mode In user mode, you

work with existing consoles Author mode lets you create new consoles or modifyexisting ones Figure 6-2 shows the Services console opened in user mode Figure6-3 shows the Services console opened in author mode As indicated in the figures,author mode offers access to commands and functions not available in user mode

Figure 6-2: User mode restricts the actions a user can perform within

a console

Figure 6-3: Author mode provides the ability to change console options

and add new snap-ins

User mode actually offers three different options: full access, limited access withmultiple windows, and limited access with a single window With full access, anMMC user can access all the window management commands in MMC but can’t

add or remove snap-ins or change console properties The limited access optionslimit changes to the window configuration of the console and use either a singlewindow or multiple windows depending on the mode A console’s mode is stored

in the console and applies when you open the console Console modes can bechange via the Options property sheet (click Console ➪ Options) Setting consoleoptions is discussed later in the chapter

The default mode in Windows 2000 is user mode — limited access, single window

As mentioned earlier, you use author mode to author new consoles or modify existingones In author mode, you can add and remove snap-ins, change window options, andset options for the console

Opening the MMC

You can open MMC consoles simply by selecting them from the AdministrativeTools folder in the Start menu or by double-clicking their icons in Explorer You alsocan start consoles using a command prompt The format of the MMC command is:

MMC path\file.msc /a /s

The following list explains the options for MMC:

✦Path\file.msc: Replace pathwith the path to the console file specified by

file.msc You can use an absolute path or use the %systemroot%variable

to reference the local computer’s path to the Windows 2000 folder Using

%systemroot%is useful when you’re creating shortcuts to consoles for use

on different systems (where the system root folder might be different)

✦/a: Use the /aswitch to enter author mode and enable changes to the console Opening an existing console with the /aswitch overrides its stored mode for the current session

✦/s: Use this switch to prevent display of the splash screen that normally

appears when the MMC starts on Windows NT or Windows 9x systems

This switch isn’t needed when running the MMC under Windows 2000

For example, let’s say you want to open the DNS console in author mode to add theDHCP snap-in to it Use this command to open the DNS console in author mode:

MMC %systemroot%\System32\dnsmgmt.msc /aYou can right-click an msc file and choose Author from the context menu to openthe file in author mode

After opening the DNS console, you add the DHCP console using the Add/RemoveSnap-In command in the Console menu Snap-ins are covered in the next section

Tip Note

If you prefer, you can simply open the MMC in author mode, then add both snap-insusing the Add/Remove Snap-In command in the Console menu

Windows 2000 provides several pre-configured consoles for performing variousadministrative tasks Most of these console files are stored in \systemroot\

System32and have mscfile extensions (for Microsoft Console) Windows 2000places several of these consoles in the Administrative Tools folder, which youaccess by clicking Start ➪ Programs ➪ Administrative Tools In essence, each

of the pre-configured consoles contains one or more snap-ins geared toward

a specific administrative task

In an apparent effort to simplify the Start menu, Microsoft only includes some ofthese consoles in the Administrative Tools folder However, you can open any con-sole by double-clicking its file When you do so, the MMC loads first and then opensthe console You also can open the MMC and add snap-ins to your own consoles

This gives you the ability to create a custom console containing whichever group(s)

of snap-ins you use most often or that are targeted for specific administrative tasks

Using Snap-Ins

While the MMC forms the framework for integrated administrative tools in

Windows 2000, the tools themselves are called snap-ins Each MMC snap-in

enables you to perform a specific administrative function or group of functions

For example, you use the DHCP snap-in to administer DHCP servers and scopes

The various MMC snap-ins serve the same function as individual administrativetools did in Windows NT For example, the Event Viewer snap-in takes the place

of the standalone Event Viewer tool (Figure 6-4) The Disk Management branch

of the Computer Management snap-in replaces Disk Administrator The ActiveDirectory Users and Computers snap-in takes the place of User Manager forDomains, and so on

Figure 6-4: Snap-ins perform specific administrative functions and replace

standalone tools such as Event Viewer

Tip

Snap-ins come in two flavors: standalone and extension Standalone snap-ins are usually called simply snap-ins Extension snap-ins are usually called simply exten- sions Snap-ins function by themselves and can be added individually to a console.

Extensions are associated with a snap-in and are added to a standalone snap-in orother extension on the console tree Extensions function within the framework ofthe standalone snap-in and operate on the objects targeted by the snap-in Forexample, the Services snap-in incorporates three extensions: Send ConsoleMessage, Service Dependencies, and SNMP Snap-in Extension

You can add snap-ins and extensions when you open a console in author mode

By default, all extensions associated with a snap-in are added when you add thesnap-in, but you can selectively disable extensions for a snap-in

To add a snap-in, open the MMC in author mode and choose Console ➪ Add/Remove Snap-In The Standalone page of the Add/Remove Snap-In property sheetshows the snap-ins currently loaded The Extensions tab lists extensions for thecurrently selected snap-in and allows you to add all extensions or selectivelyenable/disable specific extensions

In the Standalone page, click Add to add a new snap-in The Add Standalone Snap-Indialog box lists the available snap-ins Click the snap-in you want to add and clickAdd Depending on the snap-in, you might be prompted to select the focus for thesnap-in For example, when you add the Device Manager snap-in, you can selectbetween managing the local computer or managing another computer on the net-work Adding the IP Security Policy Management snap-in lets you choose betweenthe local computer, domain policy for the computer’s domain, domain policy foranother domain, or another computer

After you configure snap-ins and extensions the way you want them, save the console

so you can quickly open the same configuration later To do so, choose Console, Save,

or Save As, and specify a name for the console Windows 2000 by default will placethe new console in the Administrative Tools folder, which appears on the Start menuunder Programs, but you can specify a different location if desired

Taskpads

A taskpad is a page on which you can add views of the details pane and shortcuts tovarious functions inside and outside of a console These shortcuts can run commands,open folders, open a Web page, execute menu commands, and so on In essence,taskpads let you create a page of organized tasks to help you perform tasks quicklyrather than using the existing menu provided by the snap-in You can create multipletaskpads in a console, but the console must contain at least one snap-in Figure 6-5shows a taskpad for performing a variety of tasks in the DNS snap-in

A taskpad can contain a list from the details pane in either horizontal or verticalformat Horizontal works well for multiple column lists (many fields per item), and vertical works well for long lists (few fields per item) You also can configure

a taskpad to show no lists In addition to the list, the taskpad includes an icon for each task with either a pop-up description or text description of the task

You simply click a task’s icon to execute the task

Figure 6-5: Taskpads let you create tasks for performing specific actions, such

as these DNS-related tasks

Creating a taskpad

To create a taskpad, right-click the object in the tree that you want to be the focus of the taskpad, then choose New Taskpad View MMC starts a wizard to help you create the taskpad In the first page of the wizard (Figure 6-6), you define the appearance of the taskpad As you make selections, the wizard shows the results to help you determine the effect of your choices

In the second page of the wizard, you specify the items to which the taskpadapplies The following list summarizes the options:

✦ Selected tree item: This option applies the taskpad only to the selected item in

the tree Using the DNS snap-in as an example, creating a taskpad for ForwardLookup Zones and using this option will cause the taskpad to appear only when you click Forward Lookup Zones It will not appear if you click ReverseLookup Zones

✦ All tree items that are the same type as the selected tree item: This option

applies the taskpad to all objects in the tree that are the same type as theselected object Using the previous DNS example, choosing this option willcause the taskpad to display when you click either Forward Lookup Zones

or Reverse Lookup Zones

Figure 6-6: The first wizard page helps you configure the

way the taskpad appears

✦ Change default display to this taskpad view for these tree items: Select this

option to have the MMC automatically switch to taskpad view when the userclicks the object in the tree associated with the taskpad Deselect the option

to have the MMC default to the normal view instead

The third page of the wizard prompts you for a taskpad view name and description.The name appears at the top of the taskpad and on the tab at the bottom of thetaskpad The description appears at the top of the taskpad under the taskpad name

On the final page of the wizard, you can click Finish to create the taskpad The StartNew Task wizard option, if selected, causes the Start New Task wizard to executewhen you click Finish This wizard, described in the next section, helps you createtasks for the taskpad

✦ Menu command: Choose this option to execute a menu command In the

sub-sequent wizard page, you specify the source for the command and the mand itself The available commands fall within the context of the selectedsource Select an object, then select the desired command

com-✦ Shell command: Choose this option to start a program, execute a script,

open a Web object, execute a shortcut, or perform any other task you can execute from a command line The wizard prompts you for the command,optional command-line parameters or switches, startup folder, and windowstate (minimized, normal, maximized)

✦ Navigation: Choose this option to add an icon for an existing item listed in

Favorites See the section, “Favorites,” later in this chapter to learn how toadd to the Favorites list

The wizard also prompts you for a task name, description, and icon to associatewith each task, and gives you the option at completion of running the wizard again

to create another task

Modifying a taskpad

You can modify an existing taskpad to add or remove tasks or change taskpad view options Right-click (in the tree) the object associated with the taskpad, then choose Edit Taskpad View MMC displays a property sheet for the taskpad

The General page shows the same properties you specified when you created the taskpad, such as list type, list size, and so on Change options as desired

The Tasks page (Figure 6-7) lists existing tasks and lets you create new ones

New starts the New Task wizard Remove deletes the selected task Modify lets you change the task name, description, and icon for the task, but not modify thetask itself To modify the task, remove the task and recreate it You also can use the up and down arrows to change the order of tasks in the list, which changestheir order of appearance on the taskpad

Figure 6-7: Use the Tasks page to

add, remove, and modify tasks

The Favorites list in the left pane of the MMC lets you access often-used objects in

a console with a single click The Favorites list appears when you open a console

in author mode or if the Favorites list contains any items The tab doesn’t show up

in the left pane when the console is opened in user mode or if the Favorites list isblank It is useful for quickly accessing objects that are buried deep in the tree Youalso can use Favorites to simplify the view of the tree for inexperienced users

To add an item to Favorites, click the object in the tree to which you want to ate the shortcut, then choose Favorites ➪ Add to Favorites Specify a name for theshortcut and the folder in which you want it created Click New Folder to create anew folder for the shortcut

cre-You can use the Organize Favorites dialog box to create folders, move items fromone folder to another, and rename or delete items Choose Favorites ➪ OrganizeFavorites to open the Organize Favorites dialog box

Other Add-In Tools

Snap-ins are just one of the objects you can add to an MMC console Other objectsinclude ActiveX controls, links to Web pages, folders, taskpad views, and tasks Theprevious section explained taskpad views and tasks The following list summarizesthe additional items:

✦ ActiveX controls: You can add ActiveX controls to a console as the details/

results view (right pane) for the selected node of the tree The SystemMonitor Control that displays system performance status in PerformanceMonitor is an example of an ActiveX control Choose Console ➪ Add/RemoveSnap-In, select ActiveX Control from the list, and then click Add The MMCprovides a wizard to help you embed ActiveX controls, prompting you foradditional information when necessary

✦ Links to Web pages: You can add links to URLs in a console, which can be any

URL viewable within a browser (Web site, ftp site, and so on)

✦ Folders: Insert folders as containers in the console to contain other objects.

You can use folders as a means of organizing tools in a console

Would you like to add a local or network folder to a console? Just use the Link toWeb page object and point it to the folder instead of an Internet URL

Customizing MMC to Suit Your Needs

Like most applications, you can customize the MMC to suit your needs or preferences.First, you can configure the settings for a console when you author it to determine the way it displays in subsequent sessions For example, you might want to configure

Tip

a console for user mode — limited access, single window, to limit the actions the userscan perform with the console To configure a console, first open the console in authormode Choose Console, Options to open the Options dialog box for the console(Figure 6-8) Specify settings and then save the console The changes will take effect the next time the console is opened.

Figure 6-8: Use the Options

dialog box to configure theconsole for future sessions

The following list explains the available options:

✦ Change Icon: Click to change the icon associated with the mscfile You’ll findseveral icons in systemroot\system32\Shell32.dll

✦ Console mode: Choose the mode in which you want the console to open for

the next session Choose between author mode and one of the three usermodes discussed previously

✦ Enable context menus on taskpads in this console: Select this option to

enable context menus in taskpads If deselected, right-clicking a taskpadobject will have no effect (no context menu is displayed)

✦ Do not save changes to the console: Select this option to prevent the user

from saving changes to the console, in effect, write-protecting it

✦ Allow the user to customize views: Select this option to allow users to add

windows focused on items in the console Deselect to prevent users fromadding windows

You also can control view options within the MMC To do so, choose View ➪Customize to access the Customize View dialog box (Figure 6-9) The options

in the Customize View dialog box are self-explanatory

Figure 6-9: Use Customize View to set

view properties in the MMC

Control Panel versus MMC

Even though the MMC now serves as the focal point for many of the administrationtasks you’ll perform on a regular basis, the Control Panel hasn’t gone away TheControl Panel is alive and well and contains several objects for configuring the sys-tem’s hardware and operating configuration The tools provided for the MMC donot take the place of the Control Panel objects or vice-versa However, you will findsome of the MMC tools in the Administrative Tools folder in the Control Panel.The Control Panel in Windows 2000 works much like the Control Panels in Windows

NT and Windows 9x In fact, many of the objects are the same or similar Latter

sections of this chapter explore the Control Panel objects The following sectionexamines the core set of MMC tools for managing a Windows 2000 system

MMC Tools

As explained previously, Windows 2000 contains several pre-defined consoles formanaging a variety of tasks both on local computers and across the network Thefollowing sections provide an overview of these tools

Component Services

The primary function of the Component Services console (Figure 6-10) is to providemanagement tools for COM+ applications COM+ provides a structure for developing

distributed applications (client/server applications) The Component Services consolelets you configure a system for Component Services, configure initial service settings,install and configure COM+ applications, and monitor and tune components.

Configuring COM+ applications goes hand-in-hand with COM+ application opment For that reason, this book doesn’t provide detailed coverage of COM+

devel-configuration

The three primary branches of the Component Services node under each computerare as follows:

✦ COM+ Applications: Use this branch to configure Component and Role

properties and settings for the COM+ IMDB Proxy Connection Manager, IMDBUtilities, QC Dead Letter Queue Listener, Utilities, and System Application

✦ Distributed Transaction Coordinator: Use this branch to view the DTC

transaction list and monitor transaction statistics

✦ IMDB Data Sources: Use this branch to add or delete IMDB data sources and

set properties of existing data sources

You’ll notice that the Component Services console that is provided with Windows

2000 includes nodes for the Event Viewer and Services These are also available asseparate consoles See the sections, “Event Viewer,” and, “Services,” later in thischapter for more details

Figure 6-10: Use Component Services to configure COM+ applications

as well as general Windows 2000 services

Note Note

Computer Management

The Computer Management console (Figure 6-11) provides tools for managing several aspects of a system Right-click My Computer and choose Manage, or click Start ➪ Programs ➪ Administrative Tools ➪ Computer Management to open the Computer Management console Computer Management is composed of threeprimary branches: System Tools, Storage, and Services and Applications SystemTools provides extensions for viewing information about the system, configuringdevices, viewing event logs, and so on Storage provides tools for managing physi-cal and logical drives and removable storage Services and Applications lets youconfigure telephony, Windows Management Instrumentation (WMI), services, and the Indexing Service Other applications can appear under this branch as well, depending on the system’s configuration

You can use Computer Management to manage either the local computer or

a remote computer Right-click the Computer Management node and chooseConnect to another computer to manage a remote system The tasks you can perform are usually the same whether locally or remotely, but some tasks can only be performed within the context of the local system This chapter assumes you’re using Computer Management to manage the local system

Figure 6-11: Computer Management integrates several snap-ins to

help you manage a system, its storage devices, and services

This section covers the snap-in extensions provided in the Computer ment console However, many of these extensions can be used individuallywithin their own consoles For example, you can open Services.msc to config-ure services rather than using the Services node in Computer Management Look

Manage-in systemroot\System32 for available snap-Manage-ins (.msc file extension)

Tip

Event Viewer

The Event Viewer snap-in takes the place of the standalone Event Viewer tion in Windows NT Use Event Viewer to view events in the Application, Security,and System logs, as well as to configure log behavior (size, rollover, and so on)

applica-See the section, “Event Viewer,” later in this chapter for more information

System Information

System Information provides a place for you to browse information about the system’s configuration Note that System Information only displays informationabout the system — it doesn’t let you configure settings

The following list summarizes the branches in System Information:

✦ System Summary: This branch shows general information about the system

including OS name and version, system name, BIOS version, physical and virtual memory, and so on

✦ Hardware Resources: This branch provides information about resource

allocation for DMA, IRQ, I/O base addresses, memory, and so on

✦ Components: This branch lists resources for individual components such as

the display, modem, network, USB, and so on

✦ Software Environment: Use this branch to view information about driver status,

environment variables, network connections, scheduled tasks, and so on

✦ Internet Explorer 5: This branch displays information about Internet Explorer

5 including general information, file versions, cache contents and statistics,certificates, and so on

Perhaps the most useful aspect of the System Information branch is that you canextract the information to a text file or system information file The text file can beopened in any text editor, incorporated into a report document, embedded in ane-mail message, and so on The system information file (.nfofile) uses a propri-etary file format that can be read and displayed by the System Information snap-inextension Saving a system’s configuration to disk in nfoformat lets you take a

“snapshot” of the system to use as a baseline for comparing later changes or simply

as a record of the system’s settings The benefit of saving the configuration to a

.nfofile rather than a text file is that you can view it in a hierarchical structurewithin the snap-in The benefit of using a text file is that you can incorporate thedata in other documents

To save a nfofile, right-click any node of the System Information branch andchoose Save As System Information File Specify a file name and click OK SystemInformation saves the entire branch regardless of where you clicked it (it could take

a while for the file to be generated) To view a nfofile, simply double-click the file(Figure 6-12)

Figure 6-12: You can view a saved nfo file within the System Information snap-in

extension by double-clicking the nfo file

When you save data to a text file instead of a nfofile, you can save only a lar sub-branch, if desired You can save an individual System Information branch

particu-to a text file using one of two methods First, you can right-click the branch andchoose Save As Text File After you specify a file name, System Information savesthe contents of the branch as a tab-delimited file The node from which you savethe file determines the amount of data in it For example, right-click SystemInformation and choose Save As Text File to save the entire System Informationbranch to a tab-delimited file As with the nfofile, saving the entire branch cantake a while depending on the speed of your system

The second method of saving the information to a text file offers one other benefit:You can choose the file delimiting method Right-click the level from which youwant to generate the report file and choose Export List Specify a file name andfrom the Save as type drop-down list choose between tab-delimited and comma-delimited, then click Save To save a single item from the details list, select theoption Save Only Selected Rows in the Save As dialog box

Unfortunately, System Information lets you select only a single item, so there is noway to select and save a range of information You’ll have to save the wholebranch and then edit the file to eliminate the unwanted data

Note

You also can print a report of a given branch To do so, right-click the branch andchoose Print.

System Information provides a search feature that you can use to locate specificinformation about hardware or settings in the System Information branch This

is particularly useful since System Information contains a lot of information

Follow these steps to perform a search in System Information:

1 Click the level at which you want to search.

2 Choose Action ➪ Find and enter your search text in Find What.

3.Choose between the following options:

• Check Restrict Search to Selected Category to search only the currentlyselected category Uncheck this to search all categories

• Check Search Categories Only to search only the console (left) pane andnot the results (right) pane for the specified text Uncheck this to searchthe results pane as well

4 Click Find Next to begin the search.

Performance Logs and Alerts

The Performance Logs and Alerts branch of the Computer Management snap-in vides a tool for setting up performance monitoring You can configure counter logs,trace logs, and alerts This branch is useful only for viewing or modifying settings —

pro-it doesn’t enable you to actually execute any performance monpro-itoring Instead, youneed to use the Performance MMC snap-in See Chapter 20 for detailed information

on configuring performance logs and alerts, and monitoring system performance

Shared Folders

The Shared Folders branch of the Computer Management snap-in lets you view andmanage shared folders, connections, and open files It takes the place of featuresformerly found in the Windows NT Server Manager The Shares node lets you viewshares on the selected computer In addition, you can double-click a share to viewand modify its properties and share permissions See Chapter 20 for information onpublishing folders in the Active Directory

You can create and manage shared folders through the Explorer interface Theadvantage to using Shared Folders instead is that you can see all shares on the sys-tem at a glance

Tip

You’ll notice that a system includes a handful of shares by default, most of whichare hidden shares (suffixed with a $sign) These shares include the following:

✦drive$: Windows 2000 shares the root of each drive as a hidden share foradministrative purposes You can connect to the share using the UNC path

\\server\drive$, where server is the computer name and drive is the drive

letter, such as \\appsrv\d$ Members of the Administrators and BackupOperators groups can connect to administrative shares on Windows 2000Professional systems Members of the Server Operators group can connect

to administrative shares on Windows 2000 Server systems, as well asAdministrators and Backup Operators

✦ADMIN$: This administrative share points to the systemrootfolder on the system (typically, \WINNT) and is used by the system during remoteadministration

✦IPC$: The IPC$share is used to share named pipes and is used during remoteadministration and when viewing a computer’s shares

✦PRINT$: This share enables remote printer administration and points bydefault to systemroot\System32\spool\drivers

✦NETLOGON: This share is used to support user logon, typically for storing user logon scripts and profiles There is no pre-defined NETLOGONshare for Windows 2000 Professional computers, but such a system will look

by default in the systemroot\System32\Repl\Import\Scriptsfolder

of the local computer when the user logs on locally in a workgroup for profiles and scripts In Windows 2000 domains, the NETLOGONshare points to sysvol\domain\Scriptson the domain controller(s)

✦FAX$: This share is present when the fax service is installed and shared Itserves to cache files and cover pages

For a complete discussion of sharing and security, offline folder access, and relatedtopics, see Chapter 22

The Sessions node lets you view a list of users currently connected to the system.You can disconnect a user by right-clicking the user and choosing Close Session.Disconnecting a user could result in lost data for the user, so you might want tobroadcast a console message to the user first To do so, right-click any branch

of Shared Folders and choose All Tasks, Send Console Message

When you are viewing sessions for a remote computer, your connection appears

as an open-named pipe and can’t be closed

The Open Files branch lets you view files opened by remote users Right-click

an individual file and choose Close Open File to close the file Or, right-click the Open Files node and choose Disconnect All Open Files to close all files

As when disconnecting users, closing files could result in a loss of data, so try to broadcast a console message to the user first

Tip

Device Manager

The Device Manager is a new feature in Windows 2000, its closest Windows NT

cousin being the Devices object in the Windows NT Control Panel Windows 9x

users and administrators will find the Device Manager a familiar and welcome sight

Device Manager provides a unified interface for viewing and managing devices andtheir resources (DMA, memory, IRQ, and so on) Device Manager displays devicesusing a branch structure Expand a device branch to view the devices in the branch

No special icon beside a device indicates the device is functioning properly A yellowexclamation icon indicates a potential problem with the device, such as a resourceconflict A red X indicates the device is disconnected, disabled, or not in use in thecurrent hardware profile

Device Manager is the primary tool you use for configuring a system’s hardware

To view or manage a device, locate it in the details pane and double-click the device(or right-click and choose Properties) to display the device’s property sheet Thecontents of the property vary according to the device type Figure 6-13 shows a typical property sheet for a network adapter

Figure 6-13: Use a device’s property sheet to view

and configure settings such as resource usage

The General page, shown in Figure 6-13, provides general information about a device,such as device type, manufacturer, and so on Use the Device usage drop-down list to

enable or disable the device Click Troubleshooter if you’re having problems with thedevice and want to use a wizard to help troubleshoot the connection.

It isn’t practical to cover all the settings for all possible types of devices in thischapter The following sections explain tasks common to most devices: changingdrivers and modifying resource assignments

Driver changes

The Driver property page lets you view details about, uninstall, and update adevice’s driver Click Driver Details to view a list of the files that comprise thedevice’s driver This list is useful for checking file or driver version to make sureyou’re using a specific version of the driver Use Uninstall if you want to remove the selected device’s driver

The Update Driver button opens the Upgrade Device Driver wizard Use the wizard

to install an updated driver for the device The wizard gives you the option of ing your system’s floppy and CD-ROM drives, other specific location (local or remoteshare), or the Microsoft Windows Update Web site Just follow the prompts to com-plete the update In some cases, changing drivers requires a system restart

search-Resource assignment

Because it supports Plug-and-Play (PnP), Windows 2000 can assign device resourcessuch as DMA, IRQ, I/O base address, and UMA memory allocation automatically Insome cases, particularly with legacy devices (those not supporting PnP), you’ll have

to configure resource allocation manually To do so, open a device’s property sheetand click the Resources tab If the Resources page doesn’t provide any resources

to change, click Set Configuration Manually to switch the page to manual propertyconfiguration (Figure 6-14)

In most cases, Windows 2000 provides multiple, pre-defined configurations fordevices, such as a combination of a specific IRQ and I/O range Deselect the Useautomatic settings option, then select a different configuration set from theSetting based on the drop-down list To modify individual settings, first click inthe Resource settings list the resource you want to change, then click ChangeSetting Specify the desired setting in the resulting dialog box and click OK

Local Users and Groups

The Local Users and Groups branch of the Computer Management snap-in lets youcreate and manage local user accounts and groups on Windows 2000 Professionalcomputers and member servers This branch is disabled on a domain controller,since you use the Active Directory Users and Computers snap-in to create useraccounts and groups in the Active Directory

Users and groups are covered in detail in Chapter 10

Cross-Reference

Note

Figure 6-14: Set a device’s resource utilization through

its Resources property page

If you’re familiar with creating user accounts and groups under Windows NT, you’ll have no problem using Local Users and Groups to create accounts If not, see Chapter 10 for a detailed description of how to create accounts and groups

The primary difference between creating local accounts and groups and the sameobjects in the Active Directory is that the Active Directory provides for additionalaccount and group properties In addition, creating accounts and groups requires

an understanding of permissions, rights, group policy, and user profiles, all ofwhich are explained in Chapter 10

Some of the tasks you can perform with Disk Management include managing partitions, converting basic disks to dynamic disks, creating volumes (basic,spanned, striped, mirrored, RAID-5), creating and deleting physical volumes,

formatting disks, and so on For a complete discussion of storage devices and management (including the Disk Management node), see Chapter 16.

Disk Defragmenter

As a disk is used over time, the data on the disk is scattered into noncontiguous

clusters, becoming fragmented Disk performance is greatest when data is not

frag-mented, as it takes less time to read the data (since the drive heads don’t have tomove as much to reassemble the data) The Disk Defragmenter node in ComputerManagement lets you analyze a disk for fragmentation and defragment the disk SeeChapter 21 for a discussion of Disk Defragmenter and other options for improvingdisk performance

Logical Drives

The Logical Drives node displays information such as capacity, space used, and freespace about logical drives in the system You also can set volume label for a volume.For NTFS volumes, you can use the Security tab to apply NTFS object permissions tothe volume See Chapter 22 for a discussion of permissions, rights, and assigningobject permissions

The Removable Storage node lets you create and manage media pools, insert andeject media, mount and dismount media, view media and library status, inventorylibraries, and assign permissions for security on media and libraries

Telephony

The Telephony node provides a centralized tool for managing telephony propertiesfor the selected computer, including configuring telephony providers and assigninguser permission for various providers

from drivers and enabling WMI to collect data for analysis and management poses WMI is a key component in enterprise management The WMI Control nodeprovides a means for configuring general settings, logging, backup and restore of the WMI repository, and security to control WMI access.

pur-Services

In Windows 2000, services are applications that perform specific functions such as

networking, logon, print spooling, remote access, and so on within the operatingsystem You can think of services as operating system-oriented applications thatfunction by themselves or in concert with other services or user applications toperform specific tasks or provide certain features within the OS Device drivers, for example, function as services Both Windows 2000 Professional and Serverinclude several standard services by default, and many third-party applicationsfunction as or include their own services A background virus scrubber is a goodexample of a possible third-party service

Windows NT administrators will remember the Services object in the Control Panelthat enables you to configure, start, stop, and pause services In Windows 2000, the Services node in the Computer Management snap-in takes over that function(Figure 6-15) Services lists the installed services on the target system, and whenDetail view is selected, displays description, status, startup type, and account theservice uses to log on

Figure 6-15: Use Services to configure, start, stop, and pause services, as well

as view service dependencies

Starting and stopping services

A running service processes requests and generally performs the task it wasdesigned to accomplish Stopping a service terminates the service and removes

it from memory Starting a service initializes and activates the service so it can perform its task or function For example, the DNS Client, when running functions

as a DNS resolver, processes requests for name to address mapping in the DNSnamespace If you stop the DNS Client service, it is no longer available to processDNS queries

Like Windows NT, Windows 2000 supports three startup modes for services:

✦ Automatic: The service starts automatically at system startup.

✦ Manual: The service can be started by a user or a dependent service The

service does not start automatically at system startup unless a dependent service is set for automatic startup (therefore causing the service to start)

✦ Disabled: The service cannot be started by the system, a user, or dependent

service

You set a service’s startup mode through the General page of the service’s ties Open the Services node in the Computer Management MMC snap-in (or openthe Services.msc console in systemroot\System32) and double-click the service.Figure 6-16 shows the General property page for a typical service From the Startuptype drop-down list, choose the desired startup mode and click Apply or OK

proper-Figure 6-16: Use the General

page to configure servicestartup, control the service(start/stop), and set generalproperties

The General tab also lets you start, stop, pause, or resume a service Starting andstopping were explained previously Pausing a service causes it to suspend opera-tion but doesn’t remove the service from memory Resume a paused service tohave it continue functioning Open a service’s General property page, then clickStart, Stop, Pause, or Resume, as appropriate.

You also can start and stop services from a console prompt using the NET START andNET STOP commands along with the service’s name, which you’ll find on its Generalproperty page in the Service name field For example, use the command NET STARTALERTER to start the Alerter service Use NET STOP ALERTER to stop it

NET START and NET STOP are very useful for controlling services remotely If thetelnet service is running on the remote computer, you can telnet to the computerand use NET START and NET STOP to start and stop services on the remote system

Setting General service properties

Other settings on a service’s General property page control how the service islisted in the details pane and how it starts up Use the Display name field to specifythe name that will appear under the Name field for the service in the details pane

Specify the service’s description in the Description field Use the Start parametersfield to specify optional switches or parameters to determine how the servicestarts These are just like command-line switches for a console command

Configuring service logon

The Log On property page for a service controls how the service logs on and thehardware profiles in which the service is used Most services log on using theSystem account, although in some cases you’ll want to specify a different accountfor a service to use Some types of administrative services often use their ownaccounts because they require administrative privileges So, you’d create anaccount specifically for the service and either make it a member of the Admin-istrators group or give it the equivalent permissions, subject to its specific needs

Avoid using the Administrator account itself for a service to log on When youchange the Administrator password (which you should do often if you use thisaccount), you will also have to reconfigure each service that used the Administratoraccount to change the password in the service’s properties Using a special accountfor those services instead lets you change the Administrator account passwordwithout affecting any services Check out Chapters 10 and 11 where we spend a lot

of effort to hide the Administrator account and discontinue its use

The Log On property page contains the following controls:

✦ Local System account: Select to have the service log on using the local

System account

✦ Allow service to interact with desktop: Select to allow the service to provide

a UI for the currently logged-on user to interact with the service This settinghas no effect if the service isn’t designed to provide a UI

Tip Tip

✦ This account: Select and specify an account in the associated text box (or

browse through the account list) to have the service log on with an accountother than the local System account

✦ Password/Confirm Password: Enter and confirm the password for the

account specified in This account

✦ Enable/Disable: Select a hardware profile from the list of profiles and click

Enable to enable the service in that profile or Disable to disable the service

in the profile

Configuring service recovery

Another behavior you can configure for services is what happens when the servicefails You can configure the service to restart, execute a file, or reboot the computer

In addition, you can configure a fail counter to track how many times the service has failed You set a service’s recover options through its Recovery property page(Figure 6-17)

Figure 6-17: Configure

service recovery option

to specify what actions the service should takewhen it fails

The Recovery page contains the following options:

✦ First failure/Second failure/Subsequent failures: With these three

drop-down lists, select the action (or no action) to take on the specified failure You can choose to take no action, restart the service, execute a file, or reboot the computer

✦ Reset fail count after: Specify the number of days after which to reset the fail

counter to zero

✦ Restart service after: Specify the number of minutes that will pass between

service failure and restart Increase from the default of one minute if the system needs more time to stabilize after the service fails

✦ Run file: Use this group of commands to identify a program or script that

will execute when the service fails For example, you might create a script that broadcasts a message with the fail count and other information to the Administrators group Use the Append fail count option to append the current fail count to the end of the command line (passing the fail count to the command for internal processing)

✦ Restart Computer Options: Click this button to specify the number of minutes

to wait before restarting the computer and an optional message to broadcast

on the network prior to restart (such as a reboot warning to your users)

Viewing dependencies

You can use the Dependencies page to view other services on which the selectedservice depends as well as services that are dependent on the selected service

This property page displays information only and doesn’t allow you to configure

or modify dependencies The page is self-explanatory

Indexing Service

The Indexing Service uses document filters to read and create a catalog of

docu-ments on a system, and enables a quick text-based search through the catalog for documents that meet the search criteria The document filter extracts informa-tion from the document and passes it to the Indexing Service for inclusion in thecatalog You can search using the Search command in the Start menu, the Query the Catalog node of Indexing Service in Computer Management, or a Web page

You can search based on a variety of criteria including document name, author,contents, and so on You might, for example, use the Indexing Service to build

a catalog of internal documents or catalog your organization’s Web site(s) TheIndexing Service will index the following document types:

✦ HTML

✦ Text

✦ Microsoft Office 95 or later

✦ Internet Mail and News

✦ Other documents supported by an appropriate document filter (such as athird-party filter)

Indexing Service is useful even on a workstation to index user documents andspeed up searching for specific documents or groups of documents

Tip