WINDOWS 1002000 PROFESSIONAL RESOURCE KIT [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

WINDOWS 1002000 PROFESSIONAL RESOURCE KIT [Electronic resources] - نسخه متنی

Chris Aschauer

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Cover

Acknowledgments

Introduction

Document Conventions

Resource Kit Compact Disc

Resource Kit Support Policy

Part I: Overview

Chapter 1 -- Introducing Windows 2000 Professional

Quick Guide to Using Windows 2000 Professional

Overview

Deployment and Installation

Configuration and Management

Networking

Interoperability

Performance Monitoring

Troubleshooting

Accessibility

Where to Find More Information in this Book

Additional Resources

Chapter 2 -- Using Windows 2000 Professional with Windows 2000 Server

Quick Guide to Using Windows 2000 Professional with Windows 2000 Server

Centralized Deployment

Centralized Administration

Advanced Security

Robust Networking Infrastructure

Interoperability with Other Networks

Additional Resources

Part II: Deployment and Installation

Chapter 3 -- Deploying Windows 2000 Professional

Quick Guide to Deploying Windows 2000 Professional

Mapping Your Needs to Windows 2000 Professional

Planning Your Deployment

Determining a Preferred Client Configuration

Assessing Your Current Network Infrastructure

Determining a Client Connectivity Strategy

Determining Implementation Methods

Testing Your Deployment Plan

Conducting a Pilot

Preparing for the Rollout

Chapter 4 -- Installing Windows 2000 Professional

Quick Guide

What's New

Planning Your Installation

Running Setup

Post-Installation Tasks

Additional Resources

Chapter 5 -- Customizing and Automating Installations

Quick Guide to Customizing and Automating Installations

Overview of Customizing and Automating Installations

Step 1: Plan

Step 2: Prepare

Step 3: Customize

Step 4: Deploy

Additional Resources

Chapter 6 -- Setup and Startup

Quick Guide to Setup and Startup

Phases of Setup

Windows 2000 Professional Startup Process

Plug and Play Device Detection

Installing a Multiple-Boot Operating System

Installing Service Packs

Removing Windows 2000 Professional from Your Computer

Troubleshooting Windows 2000 Professional Setup

Part III: System Configuration and Management

Chapter 7 -- Introduction to Configuration and Management

Quick Guide to Workstation Configuration and Management

What's New

Managing Windows 2000 Professional in a Windows 2000 Server Environment

Managing Windows 2000 Professional in a Non-Windows 2000 Environment

Managing Users and Groups

Group Policy

Management Tools

Managing Windows 2000 Professional in a Multilanguage Environment

Making Windows 2000 Professional More Accessible

Chapter 8 -- Customizing the Desktop

Quick Guide to Customizing the Desktop

Overview of Desktop Customization and Configuration

Defining Desktop Administration Standards

Implementing Custom Desktops in a Windows 2000 Server Network

Implementing Custom Desktop Configurations in Non-Windows 2000 Server Networks

Using Group Policy Settings for Desktop Control

Desktop Shortcuts and Icons

Active Desktop and Wallpaper Settings

Start and Programs Menus

Customizing the Taskbar and Toolbars

Limiting Access to Display Options

Screen Saver Group Policy Settings

Restoring the Original Configuration

Choosing a New User Interface

Troubleshooting

Additional Resources

Chapter 9 -- Managing Files, Folders, and Search Methods

Quick Guide to Files, Folders, and Search Methods

What's New

Windows 2000 Server Network Advantages

Working with Files and Folders

Customizing Folders

Using Offline Files and Folders

Searching for Files, Folders, and Network Resources

Troubleshooting

Additional Resources

Chapter 10 -- Mobile Computing

Mobile Computing Quick Guide

What's New

Setting Up a Portable Computer

Configuring Offline Files for Portable Computers

Configuring Power Management

Managing Hardware on Portable Computers

Security Considerations for Portable Computers

Folder Redirection and Configuring Roaming User Profiles

Hardware Issues Related to Portable Computers

Chapter 11 -- Multimedia

Quick Guide to Multimedia

What's New

Optimizing Workstations for Multimedia

Using Multimedia Effectively

Troubleshooting Multimedia

Additional Resources

Chapter 12 -- Telephony and Conferencing

Quick Guide to Telephony and Conferencing

Overview of Telephony and Conferencing

Configuring Telephony and Conferencing

Troubleshooting

Additional Resources

Chapter 13 -- Security

Quick Guide to Security

What's New

Planning for Security

User Authentication

Security Groups, User Rights, and Permissions

Security Policy

Security Templates

Remote Access

Internet Protocol Security

Encrypting File System

Public Key Technology

Protecting User Data on Portable Computers

Additional Resources

Chapter 14 -- Printing

Quick Guide to Printing

What's New

Finding Printers

Installing Printers

Configuring Printers

Creating and Sending Print Jobs

Monitoring and Managing Print Jobs

Printer Pooling

Printing Concepts

Troubleshooting Printing Problems

Additional Resources

Chapter 15 -- Scanners and Cameras

Quick Guide to Scanners and Cameras

What's New

Installing Scanners and Cameras

Configuring Scanners and Cameras

Scanner and Camera Concepts

Troubleshooting

Chapter 16 -- Fonts

Quick Guide to Fonts

What's New

Installing Fonts

Managing Installed Fonts

Character Set Types

Supported Code Pages

Troubleshooting Font Problems

Chapter 17 -- File Systems

Quick Guide to File Systems

Overview of Windows 2000 File Systems

File System Comparisons

FAT

NTFS

Compact Disc File System

Universal Disk Format

Using Long File Names

File System Tools

Chapter 18 -- Removable Storage and Backup

Quick Guide to Removable Storage

Overview of Removable Storage

Administering Removable Storage

Troubleshooting Removable Storage

Overview of Backups

Establishing a Backup Plan

Backing Up System State Data

Using the Backup Tool

Chapter 19 -- Device Management

Quick Guide to Device Management

What's New

Device Tree

Plug and Play

Device Installation

Configuring Device Settings

Troubleshooting Device Management

Additional Resources

Chapter 20 -- Power Management

Quick Guide to Power Management

Overview of Power Management

Power Management Features

Understanding the Advanced Configuration and Power Interface

Using the Power Management Interface

Troubleshooting Power Management

Additional Resources

Part IV: Network Configuration and Management

Chapter 21 -- Local and Remote Network Connections

Quick Guide to Local and Remote Network Connections

Overview of Local and Remote Network Connections

Creating, Configuring, and Monitoring Connections

Remote Network Security

Group Policies for Network and Dial-up Connections

Internet Connection Sharing

Internet Connection Sharing Scenario: Connecting Your Branch Office's Intranet to the Internet

Troubleshooting

Chapter 22 -- TCP/IP in Windows 2000 Professional

TCP/IP Configuration Quick Guide

Overview of Windows 2000 TCP/IP

Install TCP/IP

Configure IP Address Assignment

Configure TCP/IP Name Resolution

Configure Multihoming

Configure Local IP Routing Table

Configure Internet Connection Sharing

Configure IP Security and Filtering

Configure Quality of Service

Perform TCP/IP Troubleshooting

Additional Resources

Chapter 23 -- Windows 2000 Professional on Microsoft Networks

Quick Guide to Windows 2000 Professional on Microsoft Networks

Overview of Microsoft Networking

Configure Transport Protocols

Join Network Environment

Confirm Group Membership

Troubleshooting Microsoft Networking

Part V: Network Interoperability

Chapter 24 -- Interoperability with NetWare

Quick Guide to NetWare Interoperability

Overview of Windows 2000 Professional and NetWare Connectivity

Client Service and Gateway Service

Configuring Client Service for NetWare

Accessing NetWare Resources

NetWare Administration Through Windows 2000 Professional

Windows 2000 Professional and NetWare Security

NWLink

Troubleshooting Windows 2000 Professional and NetWare Connectivity

Chapter 25 -- Interoperability with UNIX

Quick Guide to UNIX Interoperability

Overview of Windows 2000 Professional and UNIX Connectivity

Planning and Installing Services for UNIX on Windows 2000 Professional

Configuring Services for UNIX on Windows 2000 Professional

Tools

Troubleshooting

Chapter 26 -- Interoperability with IBM Host Systems

Quick Guide to Interoperability with IBM Host Systems

Overview of Interoperability with IBM Host Systems

DLC Protocol

SNA Server Client and Components

Network Management Integration

Windows 2000 Professional and IBM Host Security

Troubleshooting

Part VI: Performance Monitoring

Chapter 27 -- Overview of Performance Monitoring

Quick Guide to Monitoring Performance

Performance Monitoring Concepts

Monitoring Tools

Starting Your Monitoring Routine

Analyzing Monitoring Results

Investigating Bottlenecks

Troubleshooting Problems with Performance Tools

Monitoring Remote Computers

Monitoring Legacy Applications

Integrating the System Monitor Control into Office and Other Applications

Chapter 28 -- Evaluating Memory and Cache Usage

Quick Guide to Monitoring Memory

Overview of Memory Monitoring

Determining the Amount of Installed Memory

Understanding Memory and the File System Cache

Establishing a Baseline for Memory

Investigating Memory Problems

Resolving Memory and Cache Bottlenecks

Additional Resources

Chapter 29 -- Analyzing Processor Activity

Quick Guide to Monitoring Processors

Overview of Processor Monitoring and Analysis

Establishing a Baseline for Processor Performance

Recognizing a Processor Bottleneck

Processes in a Bottleneck

Threads in a Bottleneck

Advanced Topic: Changing Thread Priority to Improve Performance

Eliminating a Processor Bottleneck

Additional Resources

Chapter 30 -- Examining and Tuning Disk Performance

Quick Guide to Monitoring Disks

Disk Monitoring Concepts

Configuring the Disk and File System for Performance

Working with Disk Counters

Establishing a Baseline for Disk Usage

Investigating Disk Performance Problems

Resolving Disk Bottlenecks

Evaluating Cache and Disk Usage by Applications

Part VII: Troubleshooting

Chapter 31 -- Troubleshooting Tools and Strategies

Quick Guide to Troubleshooting

General Troubleshooting Strategy

Startup and Recovery Tools

Maintenance and Update Tools

System File and Driver Tools

Applications Tools

Networking Tools

Troubleshooting Procedures

Chapter 32 -- Disk Concepts and Troubleshooting

Quick Guide to Disk Concepts

Basic and Dynamic Disks

Disk Sectors Critical to Startup

Troubleshooting Disk Problems

Additional Resources

Chapter 33 -- Windows 2000 Stop Messages

System Messages

Stop Messages

Troubleshooting Stop Messages

Hardware Malfunction Messages

Additional Resources

Appendix A -- Accessibility for People with Disabilities

Quick Guide to Accessibility for People with Disabilities

Overview of Accessibility in Windows 2000 Professional

Customizing Computers for Accessibility

Setting Accessibility Options by Type of Disability

Configuring Accessibility Features

Adding Third-Party Products and Services

Additional Resources

Appendix B -- Sample Answer Files for Windows 2000 Professional Setup

Answer File Format

Answer File Keys and Values

Sample Answer Files

Additional Resources

Appendix C -- Hardware Support

Overview of Hardware Support

Universal Serial Bus

IEEE 1394

Supporting Other Buses

New and Enhanced Hardware Support

Troubleshooting Hardware Support Components

Additional Resources

Glossary

3

5

8

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W
توضیحات
افزودن یادداشت جدید







User Authentication


Windows 2000 Professional supports user authentication, which authenticates a user's identity. A user's authentication is the basis for granting access to network resources. Within this authentication model, the security system provides two types of authentication:


    Interactive logon, by which users confirm their identification to their local computer or network account. When using Windows 2000 Professional in a Windows 2000 Server environment, the network account is an Active Directory account.

    Network authentication, by which Windows 2000 confirms the user's identification to any network service that the user is attempting to access. To provide this type of authentication, the Windows 2000 security system includes three different authentication mechanisms: Kerberos v5, smart cards, and NTLM for compatibility with other versions of Windows.


Interactive Logon


Interactive logon confirms the user's identification to either a domain account or a local computer. This process differs, depending on the type of user account:


    With a domain account, a user logs on to the network with a password or smart card, using single sign-on credentials stored in Active Directory. By logging on with a domain account, an authorized user can access resources in the domain and any trusting domains. If a password is used to log on to a domain account, Windows 2000 uses Kerberos v5 for authentication. If a smart card is used, Windows 2000 uses Kerberos v5 authentication with certificates, unless the server is not a Windows 2000 server.

    With a local computer account, a user logs on to a local computer using credentials stored in Security Account Manager (SAM), which is the local security account database. Any workstation or member server can store local user accounts, but those accounts can only be used for access to that local computer.


Windows 2000 uses a user principal name (UPN) to identify users for interactive logon. UPNs serve the same purpose as user names and are formatted as username@domain.

If Logon domain does not appear in the dialog box provided at logon, and you want to log on to a Windows 2000 domain, you can type your user name and the Windows 2000 domain name in two ways:


    Your user principal name prefix (your user name) and your user principal name suffix (your Windows 2000 domain name), joined by the "at" sign (@). For example, user@sales.westcoast.microsoft.com.

    Your Windows 2000 domain name and your user name, separated by the backslash () character. For example, salesuser.


Note that the suffix in the first example is a fully-qualified DNS domain name. Your administrator might have created an alternative suffix to simplify the logon process. For example, creating a user principal name suffix of "microsoft" allows the same user to log on using the much simpler user@microsoft.com.

Smart Cards


Interactive logon can be configured to require smart card authentication for greater security.

Smart cards are credit card-sized plastic cards that contain integrated circuit chips. Smart cards are used to store users' certificates and private keys, enabling easy transport of these credentials. Smart cards can perform sophisticated public key cryptography operations, such as digital signing and key exchange.

You can deploy smart cards and smart card readers to provide stronger user authentication and security for a range of security solutions, including logging on over a network, secure Web communication, and secure e-mail.

Smart cards provide tamper-resistant authentication through onboard private key storage and processing. The private key is used in turn to provide other forms of security related to digital signatures and encryption.

For detailed procedures on implementing smart cards, see Windows 2000 Server Help.

Network Authentication


Network authentication confirms the user's identification to any network service that the user is attempting to access. To provide this type of authentication, the Windows 2000 security system supports many different authentication mechanisms, including smart cards, Kerberos v5, and NTLM for compatibility with Windows NT 4.0.

Domain account users do not see network authentication because Windows 2000 provides single sign-on support, automatically handling network authentication requests after a user has authenticated himself or herself and has been granted credentials. On the other hand, users of a local computer account must provide credentials (such as a public key certificate or a user name and password) every time they access a network resource.

Kerberos v5 Authentication


Kerberos v5 is the primary security protocol for authentication within a domain. The Kerberos v5 protocol verifies both the identity of the user and network services. This dual verification is known as mutual authentication.

The Kerberos v5 authentication mechanism issues a ticket-granting ticket (TGT) thatis used to get service tickets (STs) thatprovide access to network services. These tickets contain encrypted data, including an encryption password that confirms the user's identity to the requested service. Except for entering an initial password or smart card credentials, the authentication process is transparent to the user. The general Kerberos Authentication process includes the following processes:


    The user on a client system, using a password or a smart card, authenticates to the Key Distribution Center (KDC). The KDC runs on each domain controller as part of Active Directory.

    The KDC issues a special ticket-granting ticket to the client. The client system uses this TGT to access the ticket-granting service (TGS), which is part of the Kerberos v5 authentication mechanism on the domain controller. The ticket-granting service then issues a service ticket to the client.

    The client presents this service ticket to the requested network service. The service ticket proves both the user's identity to the service and the service's identity to the user.


For more information about how Kerberos v5 provides authentication, see the Windows 2000 Server Resource Kit.

NTLM


The NTLM protocol was the default for network authentication in Windows NT 4.0 and is based on a challenge response mechanism for client authentication. It is retained in Windows 2000 for compatibility with earlier client and server versions of Windows. NTLM is also used to authenticate logons to stand-alone computers with Windows 2000.

Computers with Microsoft® Windows® 3.11, Windows 95, Windows 98, or Windows NT 4.0 will use the NTLM protocol for network authentication in Windows 2000 domains. Computers running Windows 2000 will use NTLM when authenticating to servers with Windows NT 4.0 and when accessing resources in Windows NT domain.

By default, Windows 2000 is installed in a mixed-mode network configuration, meaning a network configuration that uses any combination of Windows NT 4.0 and Windows 2000 computers. A Windows 2000 workstation or client manages the NTLM credentials entered at system logon on the client side to use when the client connects to Windows NT 4.0 servers using NTLM authentication. Support for NTLM credentials in the Windows 2000 security is the same as for Windows NT 4.0 for compatibility.

As examples, the following configurations would use NTLM as the authentication mechanism:


    A Windows 2000 Professional client authenticating to a Windows NT 4.0 domain controller.

    A Microsoft® Windows NT® Workstation 4.0 client authenticating to a Windows 2000 domain controller.

    A Windows NT Workstation 4.0 client authenticating to a Windows NT 4.0 domain controller.

    Users in a Windows NT 4.0 domain authenticating to a Windows 2000 domain.


In addition, NTLM is the authentication protocol for computers that are not participating in a domain, such as stand-alone servers and workgroups.

The NTLM authentication package in Windows 2000 supports three methods of challenge/response authentication:


    LAN Manager (LM). This is the least secure form of challenge/response authentication. It is available so that computers running Windows 2000 Professional can connect in share level security mode to file shares on computers running Microsoft® Windows® for Workgroups, Windows 95, or Windows 98.

    NTLM version 1. This is more secure than LM challenge/response authentication. It is available so that clients running Windows 2000 Professional can connect to servers in a Windows NT domain that has at least one domain controller that is running Windows NT 4.0 Service Pack 3 or earlier.

    NTLM version 2. This is the most secure form of challenge/response authentication. It is used when clients running Windows 2000 Professional connect to servers in a Windows NT domain where all domain controllers have been upgraded to Windows NT 4.0 Service Pack 4 or later. It is also used when clients running Windows 2000 connect to servers running Windows NT in a Windows 2000 domain.


By default, all three challenge/response mechanisms are enabled. You can disable authentication using weaker variants by setting the LAN Manager authentication level security option in local security policy for the computer.

For more information about configuring the LAN Manager authentication level, see Group Policy Reference on the Microsoft® Windows 2000 Professional Resource Kit companion CD or the Windows 2000 Server Resource Kit.

Remote Access Logon Process


Windows 2000 supports several authentication protocols such as MS-CHAP, CHAP, and SPAP for dial-in access. Windows 2000 can be configured to support Extensible Authentication Protocol (EAP) if you want to use security devices to authenticate remote access users in conjunction with other security devices such as smart cards and certificates. EAP-transport layer security (TLS) allows users remote access by authenticating their identities using a combination of authentication vectors. When remote access users attempt to log on to a server that is using EAP-TLS, they are prompted to insert their smart card and enter their PIN during network logon authentication. If the user's PIN and smart card credentials are valid, the user is logged on and granted rights for the appropriate network user account. For more information about EAP-TLS, see "Internet Authentication Service" in the Microsoft® Windows® 2000 Server Resource Kit Internetworking Guide.

The remote access logon process depends primarily on server configuration to enable logon. Windows 2000 Server includes Routing and Remote Access Services which can authenticate remote access network users. Routing and Remote Access supports smart card logon authentication using the EAP-TLS extension of the Point-to-Point Protocol (PPP).

For information about adding a smart card reader to your Windows 2000 Professional computer, see Windows 2000 Professional online documentation.

For more information about Routing and Remote Access, see "Remote Access" later in this chapter.

/ 335