NetBEUI is a protocol developed for LANs with 20-200 computers. However, while NetBEUI is a small, fast, and efficient protocol, it isn't routable and therefore is unsuitable for use in a WAN environment. NetBEUI provides compatibility with existing LANs that use the NetBEUI protocol. NetBEUI provides computers running Windows XP with the following capabilities:
- Connection-oriented and connectionless communication between computers
- Self-configuration and self-tuning
- Error protection
- Small memory overhead
User Accounts
Microsoft Windows XP provides three different types of user accounts: local user accounts, domain user accounts, and built-in user accounts. A local user account allows a user to log on to a specific computer to gain access to resources on that computer. A domain user account allows a user to log on to the domain to gain access to network resources. A built-in user account allows a user to perform administrative tasks or to gain access to local or network resources.
Local User Accounts
Local user accounts allow users to log on at and gain access to resources only on the computer where you create the local user account. When you create a local user account, Windows XP creates the account only in that computer's security database, which is called the local security database. Windows XP doesn't replicate local user account information to any other computer. After the local user account exists, the computer uses its local security database to authenticate the local user account, which allows the user to log on to that computer.
Domain User Accounts
Domain user accounts allow users to log on to the domain and gain access to resources anywhere on the network. The user provides his or her password and user name during the logon process. By using this information, Windows XP authenticates the user and then builds an access token that contains information about the user and security settings. The access token identifies the user to computers running Windows XP on which the user tries to gain access to resources. Windows XP provides the access token for the duration of the logon session.
Built-In User Accounts
Windows XP automatically creates accounts called built-in accounts. Two commonly used built-in accounts are Administrator and Guest.
Administrator
Use the built-in Administrator account to manage the overall computer. If your computer is part of a domain, use the built-in Administrator account to manage the domain configuration. Tasks done using the Administrator account include creating and modifying user accounts and groups, managing security policies, creating printers, and assigning permissions and rights to user accounts to gain access to resources.
If you are the administrator, you should create a user account that you use to perform non administrative tasks. Log on by using the Administrator account only when you perform administrative tasks.
Guest
Use the built-in Guest account to give occasional users the ability to log on and gain access to resources. For example, an employee who needs access to resources for a short time can use the Guest account.
User Profile
A user profile is a collection of folders and data that stores the user's current desktop environment and application settings, as well as personal data. A user profile also contains all of the network connections that are established when a user logs on to a computer, such as Start-menu items and mapped drives to network servers. User profiles maintain consistency for users in their desktop environments by providing each user the same desktop environment that he or she had the last time that he or she logged on to the computer.
Windows XP creates a user profile the first time that a user logs on at a computer. After the user logs on for the first time, Windows XP stores the user profile on that computer. This user profile is also known as a local user profile.
User profiles operate in the following manner:
- When a user logs on to a client computer running Windows XP, the user always receives his or her individual desktop settings and connections, regardless of how many users share the same client computer.
- The first time that a user logs on to a client computer running Windows XP, Windows XP creates a default user profile for the user and stores it in the system partition root\Documents and Settings\user_logon_name folder (typically C:\Documents and Settings\user_logon_name), where user_logon_name is the name the user enters when logging on to the system.
- A user profile contains the My Documents folder, which provides a place for users to store personal files. My Documents is the default location for the File Open and Save As commands. By default,
Windows XP creates a My Documents icon on the user's desktop. This makes it easier for users to locate their personal documents.
- A user can change his or her user profile by changing desktop settings. For example, a user makes a new network connection or adds a file to My Documents. Then, when the user logs off, Windows XP incorporates the changes into the user profile. The next time the user logs on, the new network connection and the file are present.
Logon Script
A logon script is a file you can create and assign to a user account to configure the user's working environment. For example, a login script can be used to establish network connections or start applications. Each time a user logs on, the assigned logon script is run.
Home Folder
In addition to the My Documents folder, Windows XP provides you with the means to create another location for users to store their personal documents. This additional location is the user's home folder. You can store a home folder on a client computer or in a shared folder on a file server. In fact, you can locate all users' home folders in a central location on a network server.
Storing all home folders on a file server provides the following advantages:
- Users can gain access to their home folders from any client computer on the network.
- The backing up and administration of user documents is centralized.
- The home folders are accessible from a client computer running any Microsoft operating system (including MS-DOS, Windows 95, Windows 98, and Windows 2000).
Groups
A group is a collection of user accounts. Groups simplify administration by allowing you to assign permissions and rights to a group of users rather than having to assign permissions to each individual user account. Permissions control what users can do with a resource, such as a folder, file, or printer. When you assign permissions, you give users the capability to gain access to a resource, and you define the type of access that they have. For example, if several users need to read the same file, you would add their user accounts to a group. Then you would give the group permission to read the file. Rights allow users to perform system tasks, such as changing the time on a computer, backing up or restoring files, or logging on locally.
When adding members to a group, remember that users can be members of multiple groups. A group contains a list of members, with references to the
actual user account. Therefore, users can be members of more than one group.
Built-In Local Groups
All stand-alone servers, member servers, and computers running Windows XP Professional have built-in local groups. Built-in local groups give rights to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system resources. Windows XP places the built-in local groups into the Groups folder in Computer Management.
Device Manager
Device Manager is one of the snap-ins located under System Tools in Computer Management. Device Manager provides you with a graphical view of the hardware installed on your computer and helps you manage and troubleshoot it. You use Device Manager to disable, uninstall, and update device drivers.
Windows Backup
Windows XP provides the Windows XP Backup And Recovery Tools, which includes the Backup Wizard, a tool that allows you to easily back up and restore data. To launch Backup, on the Start menu, point to Programs, point to Accessories, point to System Tools, and then click Backup; or, on the Start menu, click Run, type ntbackup and then click OK. You can use Backup to back up data manually or to schedule unattended backup jobs regularly. You can back up data to a file or to a tape. Files can be stored on hard disks, removable disks (such as Iomega Zip and Jaz drives), and recordable compact discs and optical drives.
To successfully back up and restore data on a computer running Windows XP, you must have the appropriate permissions and user rights, as described in the following list:
- All users can back up their own files and folders. They can also back up files for which they have the Read, Read & Execute, Modify, or Full Control permission.
- All users can restore files and folders for which they have the Write, Modify, or Full Control permission.
- Members of the Administrators and Backup Operators groups can back up and restore all files (regardless of the assigned permissions). By default, members of these groups have the Backup Files and Directories, and the Restore Files and Directories user rights.
Configuring Power Schemes
Power schemes allow you to configure Windows XP to turn off the power to your monitor and your hard disk, which conserves energy when you aren't using your computer temporarily. To configure power schemes, you use the Power Options program in Control Panel. Your hardware must support powering off the monitor and hard disk for you to be able to configure power schemes.
Using Hibernate Mode
When your computer hibernates, it saves the current system state to your hard disk, and then your computer shuts down. When you restart the computer after it has been hibernating, it will return to its previous state. Restarting to the previous state includes automatically restarting any programs that were running when it went into Hibernate mode, and it will even restore any network connections that were active at the time. To configure your computer to use Hibernate mode, you use the Power Options program in Control Panel. Select the Hibernate tab in the Power Options Properties dialog box, and then select the Enable Hibernate Support check box.
Configuring Advanced Power Management
Windows XP supports the APM 1.2 specification. Using APM helps reduce the power consumption of your system. To configure your computer to use APM, you use the Power Options program in Control Panel. Select the APM tab in the Power Options Properties dialog box, and then select the Enable Advanced Power Management Support check box. You must be logged on as a member of the Administrators group to configure APM.
Securing an XP computer
- Upgrade to Windows XP SP1
- Use Internet Connection Firewall (ICF) in Windows XP
- Configure automatic updates
- Install and regularly update antivirus software
- Set privacy controls in Internet Explorer 6
- Use strong passwords and lock your computer
Possible password flaw discovered in Windows XP
Using the Windows 2000 CD, anonymous users can apparently boot up a computer with the Windows XP OS and call up the troubleshooting program Windows 2000 Recovery Console. Using the program's system recovery routine, the unauthorized user can then work under the guise of a Windows XP Administrator, effectively rendering any passwords useless.
FEATURES OF WINDOWS
NT SERVER 4.0
Windows NT Server 4.0
When the Windows NT development team was formed in 1989, it had a clear mission: to design and build a personal computer operating system that would meet the current and future operating system needs of the PC platform. To meet this objective, the design team identified the following market requirements:
- To provide easy portability to other 32-bit architectures.
- To provide scalability and multiprocessing support.
- To support distributed computing, allowing multiple computers to share
resources.
- To support the application programming interfaces (APIs) required by
POSIX.
- To provide U.S. government Class 2 (C2) security features, and to
provide a path to Class B1 and beyond.
The Design Goals
Based on market requirements and Microsoft’s development strategy, the original Microsoft NT design team established the a set of prioritized goals. Note that from the outset, the priority design objectives of Windows NT were robustness and extensibility:
-
Robustness. The operating system must actively protect itself from internal malfunction and external damage (whether accidental or deliberate), and must respond predictably to software and hardware errors. The system must be straightforward in its architecture and coding practices, and interfaces and behavior must be well-specified.
-
Extensibility and maintainability. Windows NT must be designed with the future in mind. It must grow to meet the future needs of original equipment manufacturers (OEMs) and of Microsoft. And the system must be designed for maintainability—it must accommodate changes and additions to the API sets it supports and the APIs should not employ flags or other devices that drastically alter their functionality.
-
Portability. The system architecture must be able to function on a number of platforms with minimal re-coding.
-
Performance. Algorithms and data structures that lead to a high level of performance and that provide the flexibility needed to achieve our other goals must be incorporated into the design.
-
POSIX compliance and government certifiable C2 security. The POSIX standard calls for operating system vendors to implement UNIX-style interfaces so that applications can be moved easily from
one system to another. U.S. government security guidelines specify certain protections such as auditing capabilities, access detection, per-user resource quotas, and resource protection. Inclusion of these features would allow Windows NT to be used in government operations.
Windows NT Features
Windows NT offers a number of features.
User Interface
Windows NT 4.0 uses the same interface as Windows® 95. Windows NT tools are designed for the management and configuration of common services like DNS and DHCP. They do so by wrapping these enterprise-standard protocols into easy-to-use management applications. These management applications can manage any server in the enterprise from a single desktop. Authentication data is not carried in the clear (as it usually is in a telnet session).
Safety
Windows NT tools offer an interface that allows exploration without compromising safety. Because few of the tools require or support manual editing of configuration files, and since the comprehensive object security of Windows NT allows fine-grained access control, administrators are protected against most casual mistakes.
It's also worth noting that Windows NT allows fine-grained control over permissions and privileges; for example, an account that's in the Backup Operators group has all the necessary permissions to read any file on the file system, without granting full administrative access for other functions. This stands in contrast to the all-powerful root account used for low-level administrative tasks by almost all UNIX implementations. In addition, the Windows NT File System (NTFS) supports a broader range of access controls on files and directories than the normal UNIX read/write/execute permission bits. These file permissions can be audited using the standard Windows NT access-control auditing functions.
Standardization
Windows NT is often dismissed as a "proprietary" operating system because it is only available from a single vendor, unlike UNIX (which is no longer available in its original AT&T form). Windows NT offers a consistent set of services, application interfaces, APIs, and management tools on both Intel x86 and Digital Alpha CPUs on a variety of hardware, ranging from laptops and desktop workstations to multiprocessing, clusterable servers. Developers can write to a single set of unified APIs and have their code run on machines anywhere in this range, from Pentium laptops to large multiprocessor servers.
Contrast this with the state of the UNIX world, where proprietary hardware is the norm and ISVs must be aware of, and careful with, the API and configuration differences between different versions of UNIX. This diversity also causes problems for data center and desktop managers who must build tools to monitor and manage UNIX configurations that can differ radically--especially since access to source code for tools and applications is normally required to move from one variant to another. For example, a custom management tool built to use kernel parameters exported by Solaris 2.5 won't work on AIX or HP-UX and may not work under Solaris 2.6. This problem promises to worsen with the advent of the IA-64 ("Merced") processor and the variety of UNIX flavors expected to be retargeted to it.
Windows NT also follows Internet protocol standards, as shown in the table below. Microsoft has committed to supporting these protocols to maximize the interoperability of Windows NT with UNIX and other systems.
Managing Desktop Configurations
The thrust of managing desktop configurations is to reduce or eliminate the support overhead required for maintaining individual workstations' software and operating system installations. This is a primary requirement of desktop support managers, since support overhead quickly grows as the number of users increase.
Windows NT features more extensive desktop-oriented command and control than does UNIX. Windows NT has three considerable advantages over UNIX that fall into three areas: policy-based management, software distribution, and user profile and settings management
System policies
Administrators use system policies to reduce the need for desktop support on user and lab machines. Some, but not all, individual users are capable of administering their own Windows NT-based machines, so policies are used to help provide a consistent environment for users who would otherwise require frequent helpdesk support. Policies are used to control which applications may be run on lab cluster machines, as well as what types of changes may be made to their desktop environments. This protection frees desktop support staff from having to continually restore the lab machines to their proper configuration--saving their support time and budget for more critical needs.
User Profile and Settings Distribution
As users work, they customize and change their environment (within the limits set by group, user, or system policies.) Many of these changes are persistent in Windows NT; for example, when a user selects a printer, that printer may be marked as the system default printer from that point on, and that default will persist until the user explicitly changes it. These changes may affect the way the user's workspace looks, through changes in desktop settings, or they may go deeper, changing which network resources are automatically mounted, where the user's files are stored, and so on.
The complete group of settings specific to a single user is called that user's profile. While policies control what settings apply to a user's machine, profiles contain the environment choices the user makes. These choices may be limited to the desktop environment, or they may include application-specific settings like web browser bookmarks and network configurations.
Profiles are stored in the Registry of the local machine. Windows NT supports two types of profiles: roaming profiles, which are downloaded to a workstation or server when a user logs on, and mandatory profiles, which are roaming profiles whose contents may not be changed by users. Roaming profiles allow user settings to appear on any machine a user logs onto, with no action required on the user's part. Mandatory profiles do not save changes made by users, so environments stay consistent between logons.
Distribution of profiles and policies is automatic; in addition, administrators may configure logon scripts that run when a user logs on. Scripts can use the native Windows NT-based scripting language or other languages like Perl and VBScript; they are automatically downloaded from the domain controller and run after the user's credentials are verified. These scripts are usually used to connect to network shares, run programs at startup, and take other actions that may be needed to set up the user's environment completely.
UNIX typically implements all of these features with shell scripts which execute when users log on. There's no default central location to store profiles and policies; administrators have to create their own solutions, normally by placing common script elements in a shared directory and putting customized logon scripts in each user's home directory. UNIX file system permissions are used to keep users from changing their settings.
Managing Performance
Performance management normally starts with the gathering of a data baseline that indicates what system performance "normally" looks like. Once a baseline has been established, it can be used to evaluate future performance and estimate future capacity needs.
Windows NT is designed to expose a great deal of performance data. The Windows NT kernel and services export detailed information about processor, memory, disk, and network usage. Add-on services, including SNMP, Netscape's FastTrack and Enterprise web servers, and BackOffice components, may add their own application-specific data to what's available. This data can be collected using the Windows NT Performance Monitor, a single application that can simultaneously collect performance data from any number of network machines, then display it as a graph, format it as a tabular report, or log it for later analysis.
Because Performance Monitor support is integrated throughout Windows NT, administrators can gather a variety of performance data from many machines at once and use the collected data both for instantaneous and long-term monitoring.
Most UNIX variants include some type of kernel-level instrumentation, along with rudimentary tools for monitoring CPU, disk, and memory usage. These tools are generally not as flexible as the Windows NT Performance Monitor: they usually can monitor only one machine at a time, may be limited to text-only displays, lack archiving capability, and can't be expanded to monitor additional components.
A widespread misconception in the UNIX community is that the Windows NT kernel is not configurable. UNIX kernels tend to have many configurable parameters that can be fine-tuned for specific applications. However, tuning these parameters is an inexact science, and choosing suboptimal values for them results in degraded performance. By contrast, the Windows NT kernel is largely self-tuning. The virtual memory, thread scheduling, and I/O subsystems all dynamically adjust their resource usage and priority to maximize throughput. The difference between these two approaches is evident when benchmarking the two operating systems. The UNIX approach is to tweak kernel parameters for maximum advantage in the benchmark, even if those tweaks hurt real-world performance. The Windows NT approach is to let the kernel tune itself for whatever load is placed on it.
Instantaneous Performance Monitoring
Instantaneous monitoring gathers real-time or near-real-time health and status data for critical services and servers. This allows quick identification of anomalies from a consolidated display showing data from many machines at once. Administrators may display any mix of parameters from any number of servers.
Instantaneous monitoring also allows administrators to quickly take "snapshots" of network and server performance for comparison purposes; it is easy to compare current and past performance by combining a real-time graph with a simultaneous graph of previously logged data.
Both Windows NT and UNIX offer tools to instantly see the current set of running processes and their memory and CPU usage. Unlike UNIX, the Windows NT Task Manager integrates these functions into a tool. Some UNIX vendors also offer add-on tools, which provide a dynamic graphical view of performance data.
Building a baseline of performance data is an important part of network and data center management. The baseline shows what performance is like under some load conditions; if it's collected well, the data can be used as a yardstick for measuring the impact of configuration changes or for capacity planning.
Windows NT tools make long-term monitoring easy. Performance Monitor can record any of its measurements to a log file, which can later be played back in real time. This allows comparison of two sets of log files, or a log file and actual data, both of which are valuable for pinpointing performance problems.
Logged data can also be exported as an ASCII file and imported into a spreadsheet or database for later analysis. This permits statistical and trend analysis of resource usage across an arbitrarily long timeline so data center and network managers can closely track changes in demand and correlate them with changes in the network or server configurations.
Archiving monitoring data under UNIX requires custom tools to gather the desired data (assuming the kernel or application vendor has made it available) and log it to a file or database.
HiWAAY Information Services, a large regional ISP in the southeastern US, uses Windows NT and multiprocessor Intergraph servers to provide Usenet news and web service to its customers. The competitive nature of their business makes it critical to continually monitor ongoing performance and get early notice of problems--hopefully before customers report them.
HiWAAY and Intergraph generated a baseline performance profile using the Windows NT Performance Monitor. This profile shows the system's normal performance with a typical load of Usenet news and Web traffic. Once
complete, the performance data were archived for future comparison. As the volume of Usenet news increases (as it has steadily over the last six years), HiWAAY can use the archived data as a basis for extrapolating future capacity needs. By doing so, they can predict their hardware needs based on hard data, not guesswork.
In addition to long-term performance monitoring, the HiWAAY administrators use Performance Monitor to watch the "heartbeat" of each system. Each server has a custom Performance Monitor workspace saved that monitors important resources and counters on that machine. By watching the workspace graphs, administrators can immediately spot problems in the same way a cardiologist can read an EKG.
Managing Events
Event management entails monitoring the health and status of enterprise systems, usually in real time, alerting administrators to problems, and consolidating the monitoring data in a single place for ease of administration. The monitoring may watch individual servers or network components, or it may focus on application services like e-mail, transaction processing, or web service.
There are two separate subtasks involved in event management: exception monitoring watches for conditions that fall outside of a predefined range of conditions. For example, the standard "low disk space" warning that Windows NT provides when free space falls below a user-configurable percentage of the total is an exception-monitoring feature. Notification is the process by which administrators or other automated systems are notified that some condition has gone out of bounds. This might involve sending e-mail to a support desk, paging an on-call administrator, or adding an entry to the system's event log.
Predictive event management is an essential goal for Windows NT; instead of reacting to failures, these services intend to report potential errors and failures before they happen so that corrective action may be taken. For example, a predictive exception-monitoring tool might notice the increasing frequency of disk write errors on a particular disk and notify the system manager that the disk is likely to fail in the near future. The specifics of prediction will necessarily vary from site to site. WBEM provides a general mechanism that allows any application or service to supply the raw data needed for prediction. In addition, many customers choose to instrument their servers with remote server monitoring hardware (as detailed in the white paper Comparing Windows NT and UNIX Remote Management). These servers can then provide SNMP management information to enterprise management products like HP OpenView.
Exception Monitoring
Administrators want to know when something unusual happens-the sooner the better. Exceptions are usually generated when the amount of a system resource, like free disk space, falls below a preset threshold or when a monitored device reports a failure or anomaly. Exceptions may be advisory ("this disk is down to 25 percent free space") or critical ("the drive at SCSI ID 3 just went offline"); the response to any exception will depend on its severity.
There are several potential sources of exception data. The Windows NT Event Log records notifications from applications, drivers, and system services and the log can be used as the basis for generating exceptions. The fact that Windows NT records device status and error information in the system event log is not well known outside the community using Windows NT, leading some UNIX administrators to claim that there's no vehicle for recording such information.
SNMP managers can generate exceptions when they receive traps from their managed devices, and BackOffice components like Microsoft Exchange and SQL Server can trigger exceptions when service-specific events occur (e.g. a remote mail server doesn't respond to messages in a predefined interval.) The Windows NT Performance Monitor supports an Alert view. In this view, the designated parameters are continually monitored and exception messages are generated when any parameter goes out of limits. Administrators can also use WSH or any other supported scripting mechanism to write flexible scripts which monitor the system and send exception messages when needed.
Exception monitoring in UNIX is almost totally ad hoc. Administrators can write scripts to do almost any imaginable kind of monitoring, but there's very little built-in support for this monitoring, so the burden is squarely on the system manager. Scripts are often not portable among variants of UNIX, and third-party applications usually require the purchase of their own proprietary monitoring components.
Notification
Notification is the process of getting exception event messages to designated recipients. These messages can travel a variety of paths: alphanumeric pagers, e-mail, and on-screen alerts are the three most common. The Windows NT Resource Kit includes tools for sending exception alerts via e-mail from a command line or script; these tools can be used with the built-in exception capacity of the event log and Performance Monitor. Alphanumeric paging messages can be sent using freeware or commercial third-party tools that dial into a paging service and upload the message.
In addition, BackOffice components and many third-party applications include their own notification mechanisms; for example, Microsoft Exchange Server can send e-mail, display onscreen alerts, or route exceptions to an external
application. These capabilities are in addition to, not a replacement for, the standard system notification paths.
Both UNIX and Windows NT support a variety of third-party notification products. These products usually combine exception monitoring with flexible rule sets that determine who gets which notification messages.
Using Event Monitoring
A network services and consulting firm provides dial-up Internet access for government customers who, for security reasons, cannot have dedicated local access. The company also depends on its servers running Windows NT and UNIX for its own internal network, including file and print services, the company's web page, and its sales database.
The network administrator and data center managers each carry a SkyTel two-way pager. The UNIX systems run custom-written shell scripts that monitor various conditions and send mail to the pager's address when a significant event occurs. For example, the daily backup script will send a success message to the administrators' regular mail accounts but sends failure messages directly to the on-call administrator's pager.
The Windows NT-based systems use pager notification through Performance Monitor and Exchange Administrator. Both of these programs allow an external program to be launched when a monitored parameter goes out of limits; exception messages are routed to the pagers by a small command-line mail-sending tool. The Windows NT-based servers also use ksh shell scripts (using the Interix UNIX-compatibility toolkit) to monitor some of the same conditions as the UNIX servers; for example, the Windows NT backup script is largely identical to the UNIX script.
The notification system allows the company's administrators to receive continual updates of ongoing processes like backups, as well as instant notification of problems with the network or servers. In many cases, problems can be resolved before the customer encounters them.
Network Protocols
Microsoft® Windows NT® Server version 4.0 has support for the Transmission Control Protocol/Internet Protocol (TCP/IP) suite both as a protocol and a set of services for connectivity and management of IP inter-networks. Knowledge of the basic concepts of TCP/IP is an absolute requirement for the proper understanding of the configuration, deployment, and troubleshooting of IP-based Windows NT intranets. This paper seeks to develop a foundation of TCP/IP knowledge.
This paper is intended for network engineers and support professionals who are already familiar with basic networking concepts.
Windows Internet Name Service (WINS)
WINS provides a distributed database for registering and querying dynamic NetBIOS names to IP address mapping in a routed network environment. It is the best choice for NetBIOS name resolution in such a routed network because it is designed to solve the problems that occur with name resolution in complex Internetworks.
The LMHOSTS file addressed only one disadvantage of broadcast based systems--it allowed resolution of names across routers. Since the system itself was still broadcast-based, the problems of broadcast traffic and load on local nodes were not solved. RFCs 1001 and 1002 address these problems. They define a protocol that allows name registration and resolution through unicast datagrams to NetBIOS Name Servers (NBNS). Because unicast datagrams are used, the system inherently works across routers. This eliminates the need for an LMHOSTS file, restoring the dynamic nature of NetBIOS name resolution. This, in turn, allows the system to work seamlessly with DHCP. For example, when dynamic addressing through DHCP results in new IP addresses for computers that move between subnets, the changes are automatically updated in the WINS database. Neither the user nor the network administrator needs to make manual accommodations for name resolution in such a case.
The WINS protocol is based on and is compatible with the protocols defined for NBNS in RFCs 1001 and 1002, so it is interoperable with other implementations of these RFCs. Another RFC-compliant implementation of the client can talk to the WINS server, and similarly, a Microsoft TCP/IP client can talk to other implementations of the NBNS server. However, because the WINS server-to-server replication protocol is not specified in the standard, the WINS server will not interoperate with other implementations of a NetBIOS Name Server. Data will not be replicated between the WINS server and the non-WINS NBNS. Therefore the WINS system as a whole will not converge, and name resolution will not be guaranteed.
Microsoft Internet Information Server (IIS)
Microsoft Internet Information Server (IIS) is integrated with the Microsoft Windows NT Server operating system to provide a Web server for organizations.
Integrated Security
The security architecture of Windows NT Server is used across all system components, with authentication tied to controlled access to all system resources. IIS integrates into the Windows NT security model and operating system services such as the file system and directory. Because IIS uses the
Windows NT Server user database, administrators do not need to create separate user accounts on every Web server, and intranet users need only to log on to their network once. IIS automatically uses the same file and group permissions as the existing file, print, and application servers.
Some Web servers install their own security implementations on top of the operating system, creating additional overhead and potential security exposure due to lack of integration and synchronization. Windows NT Server is secure by design. Files and system objects can only be accessed with the proper permissions. User and group accounts are managed by a globally unique identification. When accounts are deleted, all access permissions and group memberships are deleted. So even if a new account is created using a previous user name, none of the permissions are inherited.
Manageability
Permissions to control access files and directories can be set graphically, because IIS uses the same Windows NT Server Access Control Lists (ACLs) as all other Windows services, such as file sharing or Microsoft SQL ServerTM permissions. Permissions for the Web server are not separate from other file services, so the same files can be securely accessed over other protocols, such as FTP, CIFS/SMB, or NFS without duplicating administration.
Administrators do not need to maintain multiple sets of user databases, and all of the services for literally hundreds of intranet servers can be managed from a single graphical tool.
IIS produces standard Web server access logs to analyze usage. Integration with Windows NT Server also means IIS can take advantage of system auditing for more secure monitoring of resource use. For example, failed attempts to access a secure file can be recorded in the Windows NT Event Log, and audited with the same tools used for managing existing servers.
As businesses of all sizes come to depend on software and computers for managing more of their business processes both inside and outside the corporate LAN, security is rapidly becoming the top concern of many CIOs and IT professionals. Microsoft has the most active security program in the industry, and regularly delivers Service Packs, Security Rollup Packages, and security patches to help customers maintain the security of their systems. This Web page contains the information you need to stay on top of the latest security updates for Windows NT Server 4.0.
If you're using Windows NT, you may want to consider upgrading your operating system to Windows 2000, which includes features that significantly improve security. You'll find links at the bottom of this page to information describing these security features, as well as guides for using them to customize operating system security to fit your specific needs.
Security
The most important thing you can do to maintain a secure system is to stay current with security patches. The following are the current updates for Windows NT Server, Terminal Server Edition, and Internet Information Services (IIS).
If you have already installed any of these patches, you do not need to reinstall them. However, if you add a component to your Windows NT Server environment, you should always reinstall Windows NT Service Packs and Security Rollup Packages to ensure that your systems are fully protected.
Conclusion
The report tries to bring out the differences that are to be considered while developing an operating system for a home based client and a server. Windows XP is taken as an example for home based client and Windows NT Server is taken as an example for a server operating system in this report. The various features of Windows XP is explained in detail in the first part of the report and the security and multiple client support features of Windows NT Server is given in the second part of the report. The report gives a wide information about the two operating systems for a beginner.
Reference
1. Windows XP Professional MCSE Study System by Alan R Carter, Sybex
Publications 2002.
2. Windows NT Server 4.0 MCSE Study System by Lisa Donald and James
Chellis, BPB Publications 1999.
3. www.microsoft.com/ntserver/default.asp
4. www.ntfaq.com
5.www.pwcglobal.com/extweb/manissue.nsf/DocID/
6. www.pentainfoway.com/ntserver.htm
7. www.mfginfo.com/htm/website.htm
8.www.dealtime.com/xPFMicrosoft_Windows_NT_Server_Enterprise_Edition
9. www.bvrpusa.com/products/itcommander/ features.asp?sessionid=none
10. www.microsoft.com/windowsxp/pro/howtobuy/choosing2.asp
11. www.windowsxpuser.com/ -
12. www.windowsxpuser.com/ -
13. www.windowsxp.devx.com/default.asp
14. www.utexas.edu/computer/xp/system_tools.html
15. www.msdnaa.net/interchange/Preview.asp?PeerID=1019