This section takes a look at hardware devices on a type-by-type basis. Note that to install, configure, or uninstall a device, you must be logged on as Administrator (or a member of the administrators group, of course). If an administrator has already loaded the drivers for a device, then you would not need administrative privileges to do these things.
One of the big changes in Windows 2000 is the support for Plug and Play. If you install a Plug and Play device, Windows will automatically assign resources to the device including IRQ numbers, DMA channels, I/O port addresses, and memory access ranges, and will ensure these are unique. However, with a non Plug and Play device, you may need to configure these settings manually, via Device Manager (found in the Computer Management tool and very similar to the Win98 tool). New devices can be added via Add/Remove Hardware in Control Panel, if the process isn’t started automatically by Windows 2000 when you plug in a device. The Add/Remove Hardware wizard will allow you to Add, Troubleshoot, Uninstall, or Unplug a device.
Once a device is installed in Windows 2000, the tool used to configure settings for that device is Device Manager. The tool allows you to view information about devices in a number of different ways. For example, you can view a device by type (CD-ROM, Monitor, etc), or by resource (IRQ, DMA, etc.), or by the bus that enumerated them.
Windows 2000 supports a variety of DVD drives from a variety of different vendors. These devices (as with all hardware) should appear on the Hardware Compatibility List (HCL) in order to guarantee support. DVD drives and their properties are configured from Device Manager under DVD/CD-ROM devices. If the device is not automatically configured via Plug and Play, you can use the Add / Remove Hardware wizard to manually install the device.
Windows 2000 also supports removable media, such as tape devices. Again, these should appear on the HCL and will be detected and configured automatically if Plug and Play compliant. If not, again use the Add / Remove Hardware wizard to install manually. Note that unlike NT 4, the Backup program in Windows 2000 supports backing up to different media such as disk, CDR/W, Zip drives, and so forth, with the ability to span media.
Another new feature in Windows 2000 is the ability to use disk quotas. Disk quotas allow an Administrator to be able to track how much disk space a particular user is using, and decide on an appropriate course of action. The important stuff about disk quotas:
- Can only be set up on NTFS partitions / volumes.
- Configured on a partition-by-partition basis. That is, you could have quotas configured on drive C, and not D, for example.
- Quotas do not use NTFS compression in calculations – space is calculated based on uncompressed size of files.
- Quotas report only the amount of disk space available to user to programs.
- Quotas can be used for track ing space usage and/or denying space usage to those who go over the configured limit
When quotas are configured, they are configured for everyone saving files to that volume. If you wanted to configure special settings for a given user or users on that volume, you could use a Quota Entry, which would specify settings for that particular user. Note that quota entries can only be configured for users, and not groups. As such, you couldn’t set up an entry for the entire Sales group. If you needed special settings for this group, each user would need to be configured individually. For this reason, it is recommended that you try and have all users will similar needs save their files to the same partition. That way, you can configure all quota settings at once, and avoid quota entries for all but special cases. This screen shot shows both the Quota tab for a partition, as well as a quota entry for a particular user.
Before getting into the bigger details, know that Windows 2000 supports the FAT, FAT32 and NTFS file systems. You can convert FAT or FAT32 to NTFS using the Convert.exe program. There is no utility provided to convert NTFS to either FAT or FAT32.
Disks Management is an area that has changed significantly from NT 4. First of all, there are now two types of hard disk storage configuration – Basic and Dynamic. The two differ in capabilities as well as terminology, so it is important to keep things straight. A Basic disk is the traditional disk type from NT 4 (as w ell as 95, 98, etc). A Basic disk is divided into partitions (3 primary + 1 extended containing logicals, or 4 primaries maximum), and can be accessed by other operating systems, using the information stored in the master boot record (MBR). In Windows 2000, a Basic disk can contain existing RAID 0, 1, or 5 sets created in NT 4 (or previous versions) as well as volumes sets. However, none of these can be newly created under Windows 2000 if you are using Basic disks – they may only exist if the system has been upgraded from NT (you can however repair a failed RAID set, even on a Basic disk).
While Windows 2000 Server install IIS by default on a clean installation, Window s 2000 Professional only installs IIS (now called Internet Information Services in Professional as well) if Peer Web Services was previously installed on the machine (meaning an upgrade from 95, 98 or NT running PWS). However, if it was not installed by default, you can add it by using the Windows Components Wizard via Add/Remove Programs in Control Panel (incidentally, this is now where all Windows components are added, different from NT 4). Of course, you will need TCP/IP installed on the system prior to installing IIS. The tool to manage IIS is still called Internet Services Management (ISM), and is still an MMC snap-in. Installing IIS will create a directory called Inetpub, under which you will find the associated storage directories for the given services.Examples of the services installed include a default Website (wwwroot), default FTP site (ftproot), and virtual SMTP server (mailroot). Components can be included or excluded as you see fit. You can also control the properties of each and create new virtual sites as you would in IIS. To control Master properties, or those that will be inherited by all sites, go to the properties of the computername in ISM, and choose to edit a service (like WWW Service).
Microsoft has their own version of printing terminology that you must be familiar with. To quickly revisit the important details:
- A Printer is considered ‘software’ or the interface between the OS and a print device. It has properties which can be configured, such as available times and output port information
- A Print Server is the physical system where individual printers are installed, and where jobs are spooled and queued.
- A Print Device is the physical box that spits out the paper. Simple!
- A Printer Port is the interface that a particular print job is directed to. This could be a local port (like LPT1) or an IP address (for a network-attached device)
- A Print Queue is logically where the jobs directed to a printer wait their turn.
- A Print Spooler is the service that receives, stores, schedules, processes, and ultimately distributes the jobs to the Print Device.
Setting up Printers in Windows 2000 is still accomplished via the Add Printer Wizard. When you start this wizard, you are asked whether you want to add a local or network printer. Note that what it is actually asking is whether you wish to connect to an existing printer (network), or install a whole new printer (local). You are also given the choice of having a local printer detected by Plug and Play, or selecting it manually. If you choose Local printer, things are pretty straightforward. You simply pick the port (this can be local like LPT1 or remote, like an IP address, for example), driver, and so forth, and then share it if you want it made available over the network.
These wizard options are different than in NT 4. The first allows you to search for a Printer in Active Directory based on things like its name, location, model or other more detailed capabilities (like whether it can print color) and advanced attributes. The second option expects either a UNC path or for you to browse for a printer. The last option allows you to connect to a Web Printer, using a URL (more on this in a bit). You can still use a net use command to connect to printers from the command prompt, as in NT 4.
I’m not going to bore you with a great deal of information about shared folders, because most of it remains the same as in NT 4.0. However, the important stuff you need to know:
Hidden administrative shares still exist, such as C$, D$, Admin$, and so forth. Only someone with administrator-level privileges can use these.
Share permissions have changed. They now follow the same Allow / Deny format as NTFS permissions, and are limited to Full Control, Change, and Read. The effect of these is cumulative, so if you were given Read and Change, your effective share permission would be Change. A denied permission always overrides one that has been allowed.
In the same manner as NT 4, when both shared folder and NTFS permissions are used, your effective permission becomes the more restrictive of the two.
Connecting to a shared folder can still be done in all the familiar ways, including mapping a drive, connecting to a UNC path, or browsing the network. A couple of quick notes here:
It is not called Network Neighborhood anymore – now My Network Places. Most of the changes here are cosmetic, but you can also use the tool to browse Active Directory.
One new option is the Add Network Place wizard. This wizard will allow you to create a shortcut within My Network Places to things like Web Folders, FTP sites and internal servers, while providing for things like a saved username for external resources.
Offline Files is a new feature in Windows 2000 that allows client machines to cache files and then work with those files offline. Although conceptually similar to My Briefcase, Offline Files goes a step beyond by handling synchronization (via Synchronization Manager) and version checking automatically. Before looking at how a user interacts with Offline Files, it is important to understand how they are configured. Since these files must first be accessible over the network, the folder in which the files exist must be shared. You also enable caching properties via the Caching button on the Shared folder tab. For a folder shared off Windows 2000, three settings are available:
- Manual Caching for Documents: This is the default setting, and documents will only be cached if the client explicitly chooses to make the folder or files within it available offline.
- Automatic Caching for Documents: This option will automatically cache any files opened from the shared folder onto the client machine. By default, up to 10% of the drive can be used for these ‘temporarily’ cached documents, though this setting can be changed. Note that files follow a ‘longest unused, first out’ rule as the cache fills.
- Automatic Caching for Programs: This option client-side caches applications that have been configured to run over the network, making them available offline.
If you wish to disable caching of a folder, simply clear the ‘Allow caching of files in this shared folder‘ checkbox.
If a folder has been set for Automatic Caching for documents, the files opened will be automatically cached as opened without user interaction, and can be accessed using the original path (for example a mapped drive letter or UNC path) even while offline. If the user wishes to make a folder available offline, they can accomplish this by browsing to the folder, and then right-clicking on the appropriate file or folder and choosing ‘Make Available Offline’. The user opens these files either by browsing to the original path (as mentioned before) or via a shortcut folder called Offline Files that can be placed on the desktop (via the Offline files Wizard, which will run the first time a user chooses to make a file or folder available offline). Note that the files are actually cached into a special folder under %systemroot% called CSC. If you can’t find the folder, that’s because it’s marked both System and Hidden, and you must choose to show protected operating system files as well as hidden files. You will not be able to open files directly from CSC, and should not make any changes in this folder.
Some important last words on Offline Files:
- Files shared from any SMB-based OS can be made available offline (including Win95 and NT 4, for example).
- You can control when synchronization happens. Options include at logon/logoff, when the computer is idle, at scheduled times, or when initiated manually.
- The synchronization process will check to see whether the online version of a file that you edited while offline has changed since the last synchronization (for example, if someone edited a file after you made it available offline). If a conflict exists, you would be prompted as to whether your version, the network version, or both versions (with one renamed) should be kept. If no conflict exists because the online version hasn’t changed, it will simply be overwritten by your newer version.
- Offline files is enabled by default on Windows 2000 Professional. The client settings f or offline files (such as whether they can be used) are controlled via Tools – Folder Options – Offline Files from Windows Explorer.
File and folder auditing and the concept of file ownership still also exist when (and only when) we use the NTFS file system. This is important to consider, especially because you may have trouble finding where things get set up in Windows 2000. To begin, ownership and auditing settings are found behind the Advanced button on the security tab of the properties of a file or folder on an NTFS volume.
Audit settings for a particular file or folder are controlled from the Auditing tab of that resource. This only controls what elements of this resource you wish to audit, similar to NT 4. Auditing, however, is not enabled by default of a Windows 2000 Professional system, so if you wish to audit files and folders, you must first create an Audit Policy. In W2K Pro, this is now done via the Local Security Settings console (which can also be accessed from within the Group Policy tool).
The concept of ownership remains very similar to that of Windows NT 4. It is now controlled from the Owner tab of the advanced security settings of a file or folder. Simply, the person who creates a file is the owner, and can always change permissions on that file. However, anyone with Full Control or the advanced permission Take Ownership can take ownership of a file or folder. The exception to this rule is a person with administrator-level privileges, who can always take ownership, even if they have no NTFS permissions to a file or folder. Ownership can still only be taken and not given.
In Windows 2000 Professional, users and groups are created using the Computer Management tool’s Users and Groups extension. By default, W2K Pro still only includes two user accounts by default, Administrator and Guest. Similar to NT 4, the Guest account is disabled by default. Both accounts can be renamed, though neither can be deleted. A number of built-in groups also exist by default, some of which allow you to control membership (local groups), and some of which control membership automatically (system groups). The table below outlines the built-in groups you will find, but of course you can still create your own local groups.
Built-in Local Groups:
Built-in System Groups:
Although NTFS still provides the secure file system you’re familiar with from Windows NT 4.0, there are a number of changes in terms of both functionality and configuration. The version of NTFS supplied in Windows 2000 is NTFS 5, as opposed to the NT’s version, which was version 4. (Unless you have NT 4.0 SP4 or higher, in which case it also uses NTFS 5). The new version of NTFS in Windows 2000 supports both new and old features including:
- The ability to encrypt files and folders that reside on an NTFS partition using EFS, the Encrypting File System.
- The ability to compress files and folders.
- The ability to set file and folder security permissions via access control lists.
- The ability of an administrator or user with the appropriate permissions to take ownership of files and folders.
- The ability to audit access to files and folders.
Setting file or folder encryption and compression is easy. Both are implemented as attributes, similar to the System, Read-only, Hidden, and Archive attributes that you are probably already familiar with. Both encryption and compression are set via the Advanced button on General tab of the properties of the file.
Note that although it appears as though you could choose both, encryption and compression are mutually exclusive, so you can only choose one of the two. As far as EFS encryption is concerned, only the person who encrypted a file can open it, with one exception. Windows 2000 includes a special role, set via group policy, called a Recovery Agent. A recovery agent can open an EFS encrypted file, which serves as a backup should the user leave the company or similar. By default, the only recovery agent is the Administrator of the domain (on a non-domain computer, it is the local administrator), though it can be changed to another trusted user or users.