Windows 2000 System Operation
Windows 2000 Operating Modes
Windows 2000 and Windows NT both provide two modes of operation from a security level which are:
- User mode - This mode does not have full system access or privileges, but is dependent on APIs to acquire system access. Runs with privileges to access its own memory area. User applications and environmental subsystems execute in this mode.
- Kernel Mode - Executive which runs in protected memory mode with full privileges of system access. Any process running in this mode is not restricted to any specific memory space.
The Executive Services provides kernel mode services for the following:
- All applications
- Win32 Subsystem
- Win16 Subsystem
- POSIX Subsystem
- OS/2 Subsystem
- DOS VDM Subsystem
The Executive Services is an interface between the user and kernel modes. It consists of the Monitors or managers listed below it in the table below.
|I/O Manager||Window Manager||Security Reference Monitor||Virtual Memory Manager||Object Manager||Plug and Play Manager||Power Manager||IPC Manager|
|Cache Manager||Graphics Device Drivers||Process Manager||Local Procedure Call (LPC) Facility|
|File System Drivers||Remote Procedure Call (RPC) Facility|
|Device Drivers||Micro Kernel|
Services in Windows 2000 that were in Windows NT
- I/O Manager manages all input and output for the operating system, including cache manager, file system drivers, hardware device drivers, and network device drivers.
- Win32K window manager and GDI - Functions from Win32k.sys for graphics support and communication with graphic devices. This includes the Graphics Device Interface (GDI) which enables graphics devices to communicate with NT or 2000.
- Security Reference Monitor is responsible for enforcing the access-validation and audit-generation policy as defined by the Security subsystem. This Monitor, also called the Security Subsystem supports Active Directory and the logon process in Windows 2000.
- Virtual Memory Manager maps virtual addresses in the user's address space to physical pages in the computer's memory.
- Object Manager monitors the creation and use of objects. It also manages the global name space where access to all local objects is controlled. This now includes some functions from the process manager in Windows NT.
- Hardware Device drivers - An interface between specific hardware devices and NT which interfaces to HAL
Services deleted or modified in Windows 2000 that were in Windows NT
- Process Manager creates and deletes processes and also tracks process objects and thread objects.
- Local Procedure Call Facility using a client/server relationship, provides a communications mechanism between the applications and the Environmental subsystem.
Services added or modified in Windows 2000 that were not in Windows NT
- Plug and Play Manager
- Power Manager
- IPC Manager - This includes the Local Procedure Call (LPC) facility that was included with Windows NT, and also adds a Remote Procedure Call (RPC) facility
- Microkernel - Schedules threads, handles interrupts, and talks to the HAL. It enhances the Windows NT Process Manager and handles some of its functions.
The Windows 2000 memory model is demand paged. That means that virtual memory may be stored on the hard drive, and memory is swapped between RAM and the hard drive as demand requires it. A 32 bit linear flat address space is used. Each application gets 4 Gb of virtual memory with one half reserved for kernel system data and the other half for application data.