Advertisment

Planning And Deploying An NT Network

author-image
DQI Bureau
New Update

A working knowledge of NT begins with an

understanding of the architecture and mapping it to your business scenario. An NT-based

computer operates in either a workgroup or a domain. A workgroup is a logical grouping of

computers and users for browsing purposes. As part of a workgroup, a Windows' NT-based

computer has its own directory database. Like a workgroup, a domain is a logical grouping

of computers and users. However, in a domain, all computers share a central directory

database that stores security and user account information for the domain. One or more NT

Server domain controllers manage the directory database.

Advertisment

For maximizing the benefits of deploying NT

in an organization, one needs to understand how to manage domains.

Although small organizations can store user

accounts and resources in a single domain, large organizations typically establish

multiple domains. With multiple domains, accounts are usually stored in one domain and

resources in another domain or domains. NT Server's Directory Services provides security

across multiple domains through trust relationships. A trust relationship is a link that

combines two domains into one administrative unit that can authorize access to resources

on both domains.

The single-domain model is an appropriate

choice for organizations that require both centralized management of user accounts and

ease of administration. Any user who is a member of the Domain Administrators group can

administer all network servers and domain accounts on the PDC. A network can use the

single-domain model if it has enough number of users and groups to ensure good performance

(generally up to 26,000). The exact number of users and groups depends on the number of

servers in the domain and the hardware of the servers.

Advertisment

When the network does need to be split into

domains, but still has a small enough number of users and gro-ups, the master domain model

might be the best choice. This model gives you both centralized administration and the

benefits of multiple domains. With this model, one domain-the master domain- acts as the

central administrative unit for user and group accounts. All other domains on the network

trust this domain, which means they recognize the users and global groups defined there.

It's logical to have the MIS department administer the master domain.

Managing NT Domains color="#000000" size="3">



Through the domain structure, NT Server Directory Services, provides several services like
single-user logon, centralized network administration, and universal access to resources.

Although NT Server Directory Services are invisible to you, they respond when you use

Server commands to manage the user and group accounts in your domain.

color="#000000" size="3">A domain is a logical grouping of network servers and other

computers that share common security and user account information. Within domains,

administrators create one user account for each user. Users then log on to the domain, not

to the individual servers in the domain. The directory database (also referred to as

Security Accounts Manager (SAM) database) stores all security and user account information

for a domain.

Within a domain, domain controllers manage all aspects

of user-domain interactions. Domain controllers are computers running NT Server that share

one directory database to store security and user account information for the entire

domain; they comprise a single administrative unit. The Primary Domain Controller (PDC)

tracks changes made to domain accounts. A Backup Domain Controller (BDC) maintains a copy

of the directory database. This copy is synchronized periodically and automatically with

the PDC. BDCs also authenticate user logons, and a BDC can be promoted to function as the

PDC. Multiple BDCs can exist in a domain.


In the multiple master domain model, there

are two or more single-master domains. Like the single-master domain model, the master

domains serve as account domains, with every user and computer account created and

maintained on one of these master domains. A company's MIS group can centrally manage

these master domains. Like in the single-master domain model, the other domains on the

network are called resource domains; they don't store or manage user accounts but do

provide resources such as shared file servers and printers to the network.

Advertisment

User And Group Accounts



Administrators typically group users according to the types and degrees of network access
their jobs' require. By using group accounts, administrators can grant rights and

permissions to multiple users at the same time. A global group consists of several user

accounts from one domain that are grouped together under one group account name. A global

group can contain user accounts from only a single domain-the domain where the global

group was created. 'Global' indicates that the group can be granted rights and permissions

to use resources in multiple (global) domains. A local group consists of user accounts and

global groups from one or more domains, grouped together under one account name. Users and

global groups from outside the local domain can be added to the local group only if they

belong to a trusted domain.

User Work Environments



On computers running NT Workstation or NT Server, user profiles automatically create and
maintain the desktop settings for each user's work environment on the local computer. A

user profile is created for each user when the user logs on to a computer for the first

time. The profile contains configuration preferences and options for each user-a snapshot

of a user's desktop environment.

File Systems And Security



Security begins with passwords for user accounts and is extended by the rights and
permissions granted to users to interact with network resources.With NTFS, you can use

permissions to protect individual files, and can apply this protection for local access as

well as for access over the network.

Advertisment

Keeping shared resources current is a

helpful task performed by NT Server Directory Replicator service. If you have a set of

files that you want to be distributed to a large number of users, you can set up and

maintain identical directory trees on multiple servers and workstations, and split the

load between several computers. Configure one server to act as an export server. Place the

master copies of the files here. Configure the other computers to act as import computers.

Only one copy of each file needs to be maintained, yet every computer that participates

has an available, identical copy of that set of files. Each export server maintains a list

of computers to which subdirectories are exported, and each import computer maintains a

list of computers from which subdirectories are imported.

Print Servers



NT supports remote printing. When NT and Win95 clients connect to a correctly configured
NT print server, the printer driver is automatically installed on the client computer. If

you install a newer printer driver on the server, NT clients automatically download the

newer driver. Non-NT clients (such as MS DOS and Windows 3.X) can access NT printers by

redirecting their output ports to the appropriate \\server\ sharename. Users on any client

computer can print to network-attached TCP/IP print devices or to print devices that are

physically attached to most Unix computers. To enable this on your network, at least one

Windows NT computer must have the TCP/IP protocol and the Microsoft TCP/IP printing

service installed.



To set up a print server that allows Microsoft network clients to print to a print device
shared by Novell NetWare, install Windows NT Gateway Services for NetWare (GSNW) on the

print server. Both NT Workstation and NT Server computers can also print to AppleTalk

print devices and AppleShare print servers.

Data Protection



NT includes the Backup program-a graphical tool that enables you to use a tape drive to
back up and restore important files on either NTFS or FAT partitions. You can use the

Backup program to back up any computer to which you can connect remotely.

Fault tolerance is the ability of a system

to continue functioning even when a part of the system fails. Normally, the expression

fault tolerance is used to describe disk subsystems, but it can also apply to other parts

of the system or the entire system. Fully fault-tolerant systems use redundant disk

controllers and power supplies as well as fault-tolerant disk subsystems. RAID strategies

can be implemented using hardware or software solutions. In NT Server, this can be

performed in the software.

SUKHVINDER SINGH

GULATI



is Managing Consultant,



Microsoft Consulting


Services (India).

Advertisment