Previous Page | Next Page

  1. Introduction
  2. Capabilities
  3. Structure
  4. The Registry
  5. System and Configuration Files
  6. Security
  7. Application Support
  8. Requirements
  9. Installation
  10. Unattended Installation
  11. Booting
  12. Filesystems
  13. Programs
  14. Control Panel
  15. Tool
  16. Commands
  17. Customization
  18. Environment Variables
  19. Printing
  20. Performance
  21. System Services
  22. Permissions
  23. Groups
  24. User Rights and Auditing
  25. User Profiles
  26. Policies
  27. Network Model
  28. Resource Access
  29. Network Browsing
  30. Protocol Support
  31. RAS
  32. Networking
  33. Backups
  34. Events
  35. Error Handling
  36. Diagnostic Tools
  37. Items to Memorize
  38. Terms
  39. Credits

Windows NT Tools

  • Backup Utility - Used to control files to be backed up and where they are saved. It will not perform volume recovery, but can backup all files and the registry.
  • Disk Administrator - Can enable RAID on the server version of NT. Used to make and format partitions. The Secure System Partition menu choice only allows administrators to use the system partition, when the choice is selected.
  • Event Viewer - Records events such as devices that did not start or services that failed.
  • Performance Monitor - The user can configure performance monitor to gather information about system performance. The program will display the performance on charts.
  • User Manager - Manages users and groups along with password policies.
  • Windows NT Diagnostics - Gives information from the registry relating to resources, memory use, environment variables, network statistics, and more.
  • Remote Access Administrator - Helps to manage the RAS client configuration.
  • Task Manager - Used to manage processes running on the system. To open right click on the taskbar and select "Task Manager".

Event Viewer

The event viewer allows viewing of three types of events

  • System - Logs system errors for drivers binding errors or service failures.
  • Security - Logs logon off and log on events and other security related events as set up in the event viewer. These are set up in the user manager.
  • Application - Processes an application action creates.

Each message has an event ID number. The maximum size of logs can be set, and overriding of log entries can be set depending on available disk space. System errors:

  • Information - A blue "i" represents this event. A significant event has occurred, but the event is not a critical event.
  • Warning - A Yellow exclamation point represents this event type. This is a caution indication a possible significant event which may or may not affect future operations.
  • Error - A red stop sign represents this event type. Indicates a problem that has caused a failure of service.

Security Log errors:

  • Success Audit - A Key symbol represents this event type. A successful audited security event occurred.
  • Failure Audit - A lock symbol represents this event type. A failed audited security event has occurred.

User Manager

User Manager is used to create user and group accounts and manage user rights, security auditing, and account policies. Functional user rights determine what programs the user can run or what system capabilities they have. The user manager manages the SAM (Security account manager) database which provides the following four menu options:

  1. User - Allows creation and modification of user and group accounts.
  2. Policies - Account policies, security auditing, and assignment of functional user rights are managed here.
  3. Options - Allows confirmation and save settings to be enabled or disabled, and allows display fonts to be set for User Manager.
  4. Help - Displays help files for User Manager.

This tool is entered by selecting start, programs, administration tools, and user manager. It has the following options under user properties:

  1. Groups
  2. Profile
  3. Dial-in

Additional user management options for the enterprise domain:

  1. Hours - Allows settings for the time of day specific users may log in.
  2. Logon To - Allows identification of computers that specific users may log in from. Up to eight computers can be identified by name.
  3. Account - Allows setting of account expiration date and the type of account. The type is global domain account or a user from an untrusted domain.

NT Server System Policy Editor

Manages user policies stored on the login server which are downloaded to the workstation when the user logs on. The user's ability to modify their environment options such as wallpaper may be controlled using the server system policy editor. Policies may be set by workstation name. The display of the last logged in user name may be disabled and adding legal notices on bootup may be performed using this tool.

Task Manager

Three tabs:

  • Applications - Displays applications running on the computer with their status.
  • Processes - Displays kernel and user mode processes. The display of 16 bit tasks may be turned on or off by selecting "Show 16 bit tasks" from the Options menu. If you right click on a process, you can have a selection of modifying its priority or ending it. Default information listed for the process includes:
    • name
    • PID number
    • % CPU use
    • CPU time
    • Memory usage
    Optional information modified by selecting "View" and "Select columns" includes:
    • Memory Usage Delta
    • Peak Memory Usage
    • Page Faults - Number of requests for virtual memory from the hard drive.
    • User Objects
    • Page Faults Delta
    • Virtual Memory Size
    • Paged pool - Number of bytes that can be sent to the paged file
    • Non paged pool - The bytes that must stay in memory.
    • Base priority - Values are normal ,low, or high.
    • Handle Count
    • thread Count
    • GDI Objects
  • Performance - Presents a summary of CPU and RAM use on the system along with information about handles, threads, and kernel memory.

Diagnostic Utility

This utility displays information from the registry about your computer. It includes the following tabs:

  • Version - Displays NT version and build along with the registered user.
  • System - Motherboard information, BIOS date and manufacturer, HAL, and microprocessor type.
  • Display - Video BIOS date, Video card type and settings, video memory, the chip type and the vendor.
  • Drives - A list of volumes grouped by type including CD-ROM, network drives, floppy and hard drive. The free space, sector and cluster size can be viewed here.
  • Memory - Shows available memory and how much the kernel is using and page file.
  • Services - Shows available services and their status. There are two buttons which are "services" and "device". The services button is used to view software services and the devices button is used to view device driver status associated with hardware.
  • Resources - Shows hardware status by selecting one of six buttons to view the resources. The buttons are IRQ, I/O Port, DMA, Memory, and Devices.
  • Environment - Displays environment variables for the system and user.
  • Network - Displays information about the computers network configuration such as the domain name, user access level, current user and more.

Performance Monitor

Performance Monitor is used to create system performance baselines and monitoring variation from the baseline to perform system troubleshooting. System Monitor is started by selecting "Start", "Programs", "Administrative Tools", and "Performance Monitor". Objects to monitor:

  • Processor
    • %Processor Time - Must be 80% or more to be a bottleneck. Spikes to 100% is normal.
    • %User Time - The percent of processor time used for user applications.
    • %Privileged Time - The percentage of time that is used in kernel mode (operating system) activities.
    • Interrupts/Sec - The number of interrupt requests from hardware devices. Should be 100 to 1000 with spikes to 2000.
  • Process - The percent of processor time and amount of RAM each process instance uses can be tracked.
  • System
    • Processor Queue Length - A sustained value over 2 indicates the processor is a bottleneck. You must also monitor a thread counter, to monitor the processor queue length.
    • %Total User Time
    • %Total Interrupt Time
    • %Total Privileged Time
    • Total interrupts/sec
  • Disk - Disk counters which are not enabled by default (enabling them reduces disk performance), must be enabled to monitor physical or logical disk performance. The command line command "diskperf-y" enables them and "diskperf-n" disables them. The diskperf command followed by the "\\computername" string is used to specify a remote computer to monitor. The computer must be restarted for these changes to be effective.
    • Physical Disk - Tracks overall disk activity and helps to tell if one disk is being used more than another.
    • Logical Disk - Activity on specific partitions is tracked along with activity on network drives and stripe sets.
    Each disk counter has 4 counters:
    • Avg. Disk sec/Transfer - The average time for disk I/O to complete. Used with the Memory objectís Pages/sec counter you can determine if paging is excessive.
    • %Disk Time - Amount of processor time spent servicing disk requests.
    • Average Disk Bytes/Transfer - Smaller transfers can bog down your system.
    • Disk Bytes/sec - The bytes of data per second transferred during disk operations.
    • Disk Queue Length - Shows the amount of data waiting to be sent to the hard drive. This should normally be less than 2.
  • Memory
    • Commit Limit - The number of bytes that can be committed to or written to the pagefile without the pagefile growing. The smaller this number is, the more likely it will become for the page file to grow.
    • Pages/Sec - The number of requested pages per second that were not in RAM and had to be read from disk. This value should stay below 5. If the percent of disk I/O used by paging becomes more than 10%, more RAM should be installed.

Performance monitor can be used to create a monitor log file against which later system performance comparisons may be made. One way to print Performance Monitor charts is to, press "Print Screen" to save a chart to the system clipboard, then paste it into a Word document and print it.

Disk Administrator

To start disk administrator, select "Start", "Programs", "Administrative Tools", and "disk Administrator". Can not convert FAT to NTFS partitions. Must use the CONVERT.EXE to do that. Menu Selections:

  • Partition - Used to create and delete partitions
  • Tools - Assign drive letters ro specific partitions.
  • View
  • Options
  • Help

To create a partition do the following:

  1. Create
  2. Commit - Will need to run RDISK.EXE to update emergency repair disk.
  3. Format

To create a volume set:

  1. Click on an area of free space
  2. Hold control space and click on the next area of free space.

Network Monitor Utility for NT Server

Captures and analyzes traffic on the network. Percent of network utilization, frames sent and received per second, along with the amount of broadcasts and multicasts that occur per second can be monitored.

Peer Web services Tools

  • Internet Services Manager - Manages starting, stopping and configuration of internet services.
  • Key Manager - Configures peer web services security.
  • Peer Web Services Install - Allows the addition or removal of peer web services software.

TCP/IP protocol is required for support of peer web services. Peer web services data is stored in the InetPub directory in the following directories depending on the purpose of the data.

  • wwwroot - For web pages
  • ftproot - For FTP files
  • gophroot - For Gopher information.

Windows NT Diagnostics (WinMSD)

This utility displays information from the registry about your computer. It includes the following tabs:

  • Version - Displays NT version and build along with the registered user.
  • System - Motherboard information, BIOS date and manufacturer, HAL, and microprocessor type.
  • Display - Video BIOS date, Video card type and settings, video memory, the chip type and the vendor.
  • Drives - A list of volumes grouped by type including CD-ROM, network drives, floppy and hard drive. The free space, sector and cluster size can be viewed here.
  • Memory - Shows available memory and how much the kernel is using along with the page file.
  • Services - Shows available services and their status. There are two buttons which are "services" and "device". The services button is used to view software services and the devices button is used to view device driver status associated with hardware.
  • Resources - Shows hardware status by selecting one of six buttons to view the resources. The buttons are IRQ, I/O Port, DMA, Memory, and Devices.
  • Environment - Displays environment variables for the system and user.
  • Network - Displays information about the computers network configuration such as the domain name, user access level, current user and more.

Dr. Watson

Invoking DR Watson starts a GUI setup utility for logging application failures and saving data relating to the failures. It allows:

  • A dumpfile name to be set up.
  • A selected wave file to be played when an application error is detected.
  • Options selected using checkboxes are:
    • Dump Symbol Table
    • Dump All Thread Contents
    • Append To Existing Log File
    • Visual Notification
    • Sound Notification
    • Create Crash Dump File

Other Tools

  • Regedit32.exe - Used to edit the system registry. Can select an HKEY and back it up to a file. Can search for both keys and values in the registry.
  • Regedit.exe - Cannot be used to search the registry for application references. Cannot search for keys in the registry, but can search for values.
  • Regback.exe - Used to restore the registry.
  • repair.exe
  • WinMSD - Windows NT Diagnostic tool.
  • Program Manager - Provides windows NT Setup Tools.
  • SCSI tool in the /SUPPORT/SCSI directory of the install CD. Enter the directory and type makedisk to make floppys which allow you to boot from use the tool.

Command Line Tools

  • WINNT40\SYSTEM32\CONVERT.EXE - Will convert FAT partitions to NTFS partitions with the command "convert D: /FS:NTFS".
  • CACLS - Can be used to change permissions on several files at one time by modifying the access control list (ACL). Command Line options:
    • /T - Change permissions for files specified in the current directory and all its subdirectories.
    • /E - Edit the ACL without replacing it.
    • /C - Ignore errors when replacing ACLs. (Continue)
    • /G - Specified access rights are to be granted (C-change, or R-read, or F-full control)
    • /R - Used with the /E option it is used to revoke access rights to users.
    • /P - Replace user access rights(N-none, C, R, F)
    • /D - Deny access
  • RDISK.EXE - Used to update emergency repair with new system information.
  • COMPACT.EXE- Used as a command line tool to compress a file. The command "COMPACT /?" will show command options.