Microsoft has their own version of printing terminology that you must be familiar with. To quickly revisit the important details:
- A Printer is considered ‘software’ or the interface between the OS and a print device. It has properties which can be configured, such as available times and output port information
- A Print Server is the physical system where individual printers are installed, and where jobs are spooled and queued.
- A Print Device is the physical box that spits out the paper. Simple!
- A Printer Port is the interface that a particular print job is directed to. This could be a local port (like LPT1) or an IP address (for a network-attached device)
- A Print Queue is logically where the jobs directed to a printer wait their turn.
- A Print Spooler is the service that receives, stores, schedules, processes, and ultimately distributes the jobs to the Print Device.
Setting up Printers in Windows 2000 is still accomplished via the Add Printer Wizard. When you start this wizard, you are asked whether you want to add a local or network printer. Note that what it is actually asking is whether you wish to connect to an existing printer (network), or install a whole new printer (local). You are also given the choice of having a local printer detected by Plug and Play, or selecting it manually. If you choose Local printer, things are pretty straightforward. You simply pick the port (this can be local like LPT1 or remote, like an IP address, for example), driver, and so forth, and then share it if you want it made available over the network.
These wizard options are different than in NT 4. The first allows you to search for a Printer in Active Directory based on things like its name, location, model or other more detailed capabilities (like whether it can print color) and advanced attributes. The second option expects either a UNC path or for you to browse for a printer. The last option allows you to connect to a Web Printer, using a URL (more on this in a bit). You can still use a net use command to connect to printers from the command prompt, as in NT 4.
I’m not going to bore you with a great deal of information about shared folders, because most of it remains the same as in NT 4.0. However, the important stuff you need to know:
Hidden administrative shares still exist, such as C$, D$, Admin$, and so forth. Only someone with administrator-level privileges can use these.
Share permissions have changed. They now follow the same Allow / Deny format as NTFS permissions, and are limited to Full Control, Change, and Read. The effect of these is cumulative, so if you were given Read and Change, your effective share permission would be Change. A denied permission always overrides one that has been allowed.
In the same manner as NT 4, when both shared folder and NTFS permissions are used, your effective permission becomes the more restrictive of the two.
Connecting to a shared folder can still be done in all the familiar ways, including mapping a drive, connecting to a UNC path, or browsing the network. A couple of quick notes here:
It is not called Network Neighborhood anymore – now My Network Places. Most of the changes here are cosmetic, but you can also use the tool to browse Active Directory.
One new option is the Add Network Place wizard. This wizard will allow you to create a shortcut within My Network Places to things like Web Folders, FTP sites and internal servers, while providing for things like a saved username for external resources.
Offline Files is a new feature in Windows 2000 that allows client machines to cache files and then work with those files offline. Although conceptually similar to My Briefcase, Offline Files goes a step beyond by handling synchronization (via Synchronization Manager) and version checking automatically. Before looking at how a user interacts with Offline Files, it is important to understand how they are configured. Since these files must first be accessible over the network, the folder in which the files exist must be shared. You also enable caching properties via the Caching button on the Shared folder tab. For a folder shared off Windows 2000, three settings are available:
- Manual Caching for Documents: This is the default setting, and documents will only be cached if the client explicitly chooses to make the folder or files within it available offline.
- Automatic Caching for Documents: This option will automatically cache any files opened from the shared folder onto the client machine. By default, up to 10% of the drive can be used for these ‘temporarily’ cached documents, though this setting can be changed. Note that files follow a ‘longest unused, first out’ rule as the cache fills.
- Automatic Caching for Programs: This option client-side caches applications that have been configured to run over the network, making them available offline.
If you wish to disable caching of a folder, simply clear the ‘Allow caching of files in this shared folder‘ checkbox.
If a folder has been set for Automatic Caching for documents, the files opened will be automatically cached as opened without user interaction, and can be accessed using the original path (for example a mapped drive letter or UNC path) even while offline. If the user wishes to make a folder available offline, they can accomplish this by browsing to the folder, and then right-clicking on the appropriate file or folder and choosing ‘Make Available Offline’. The user opens these files either by browsing to the original path (as mentioned before) or via a shortcut folder called Offline Files that can be placed on the desktop (via the Offline files Wizard, which will run the first time a user chooses to make a file or folder available offline). Note that the files are actually cached into a special folder under %systemroot% called CSC. If you can’t find the folder, that’s because it’s marked both System and Hidden, and you must choose to show protected operating system files as well as hidden files. You will not be able to open files directly from CSC, and should not make any changes in this folder.
Some important last words on Offline Files:
- Files shared from any SMB-based OS can be made available offline (including Win95 and NT 4, for example).
- You can control when synchronization happens. Options include at logon/logoff, when the computer is idle, at scheduled times, or when initiated manually.
- The synchronization process will check to see whether the online version of a file that you edited while offline has changed since the last synchronization (for example, if someone edited a file after you made it available offline). If a conflict exists, you would be prompted as to whether your version, the network version, or both versions (with one renamed) should be kept. If no conflict exists because the online version hasn’t changed, it will simply be overwritten by your newer version.
- Offline files is enabled by default on Windows 2000 Professional. The client settings f or offline files (such as whether they can be used) are controlled via Tools – Folder Options – Offline Files from Windows Explorer.
File and folder auditing and the concept of file ownership still also exist when (and only when) we use the NTFS file system. This is important to consider, especially because you may have trouble finding where things get set up in Windows 2000. To begin, ownership and auditing settings are found behind the Advanced button on the security tab of the properties of a file or folder on an NTFS volume.
Audit settings for a particular file or folder are controlled from the Auditing tab of that resource. This only controls what elements of this resource you wish to audit, similar to NT 4. Auditing, however, is not enabled by default of a Windows 2000 Professional system, so if you wish to audit files and folders, you must first create an Audit Policy. In W2K Pro, this is now done via the Local Security Settings console (which can also be accessed from within the Group Policy tool).
The concept of ownership remains very similar to that of Windows NT 4. It is now controlled from the Owner tab of the advanced security settings of a file or folder. Simply, the person who creates a file is the owner, and can always change permissions on that file. However, anyone with Full Control or the advanced permission Take Ownership can take ownership of a file or folder. The exception to this rule is a person with administrator-level privileges, who can always take ownership, even if they have no NTFS permissions to a file or folder. Ownership can still only be taken and not given.
In Windows 2000 Professional, users and groups are created using the Computer Management tool’s Users and Groups extension. By default, W2K Pro still only includes two user accounts by default, Administrator and Guest. Similar to NT 4, the Guest account is disabled by default. Both accounts can be renamed, though neither can be deleted. A number of built-in groups also exist by default, some of which allow you to control membership (local groups), and some of which control membership automatically (system groups). The table below outlines the built-in groups you will find, but of course you can still create your own local groups.
Built-in Local Groups:
Built-in System Groups:
Although NTFS still provides the secure file system you’re familiar with from Windows NT 4.0, there are a number of changes in terms of both functionality and configuration. The version of NTFS supplied in Windows 2000 is NTFS 5, as opposed to the NT’s version, which was version 4. (Unless you have NT 4.0 SP4 or higher, in which case it also uses NTFS 5). The new version of NTFS in Windows 2000 supports both new and old features including:
- The ability to encrypt files and folders that reside on an NTFS partition using EFS, the Encrypting File System.
- The ability to compress files and folders.
- The ability to set file and folder security permissions via access control lists.
- The ability of an administrator or user with the appropriate permissions to take ownership of files and folders.
- The ability to audit access to files and folders.
Setting file or folder encryption and compression is easy. Both are implemented as attributes, similar to the System, Read-only, Hidden, and Archive attributes that you are probably already familiar with. Both encryption and compression are set via the Advanced button on General tab of the properties of the file.
Note that although it appears as though you could choose both, encryption and compression are mutually exclusive, so you can only choose one of the two. As far as EFS encryption is concerned, only the person who encrypted a file can open it, with one exception. Windows 2000 includes a special role, set via group policy, called a Recovery Agent. A recovery agent can open an EFS encrypted file, which serves as a backup should the user leave the company or similar. By default, the only recovery agent is the Administrator of the domain (on a non-domain computer, it is the local administrator), though it can be changed to another trusted user or users.
The first topic that we’re going to take a look at is the Installing Windows 2000 Professional. I know this immediately appears to be a ‘skip this’ topic, but installation options in Windows 2000 have changed significantly, and it is something you’ll need to know for the exam. The items we’ll cover in this article include:
- Meeting Upgrade / Hardware Requirements
- Standard Installation Options
- Imaging Windows 2000 Professional
- Unattended Installations
- Remote Installation Services
- Deploying Service Packs
Meeting Upgrade / Hardware Requirements
The following operating systems can be upgraded to Windows 2000 Professional:
- Windows 95 (all versions and OSRs)
- Windows 98 (all versions and OSRs)
- Windows NT 3.51 and 4 (with or without any service pack)
The following are the minimum hardware requirements:
- P133 Processor
- 32 MB RAM (64 MB recommended)
- 2GB hard disk with at least 650 MB free space.
- Standard Installation Options
Windows 2000 Professional still allows you to do plain-vanilla installations. That means we can install from the setup disks, CD-ROM, or off the network. Important stuff you should know:
- There are now 4 setup disks instead of 3. These are no longer created using winnt32 /ox. The CD now includes a Bootdisk directory, where you can find both makeboot.exe and makebt32.exe to create the 4 disks.
- If your system BIOS supports booting from CD, you still don’t need the disks.
- Installing over the network still only requires that the i386 directory be shared from a distribution point. Note that if starting an installation from a system running 95, 98, (as well as NT or W2K) or higher we now use Winnt32.exe. Winnt.exe with DOS, older Windows or no OS.