A working knowledge of NT begins with an
understanding of the architecture and mapping it to your business scenario. An NT-based
computer operates in either a workgroup or a domain. A workgroup is a logical grouping of
computers and users for browsing purposes. As part of a workgroup, a Windows' NT-based
computer has its own directory database. Like a workgroup, a domain is a logical grouping
of computers and users. However, in a domain, all computers share a central directory
database that stores security and user account information for the domain. One or more NT
Server domain controllers manage the directory database.
For maximizing the benefits of deploying NT
in an organization, one needs to understand how to manage domains.
Although small organizations can store user
accounts and resources in a single domain, large organizations typically establish
multiple domains. With multiple domains, accounts are usually stored in one domain and
resources in another domain or domains. NT Server's Directory Services provides security
across multiple domains through trust relationships. A trust relationship is a link that
combines two domains into one administrative unit that can authorize access to resources
on both domains.
The single-domain model is an appropriate
choice for organizations that require both centralized management of user accounts and
ease of administration. Any user who is a member of the Domain Administrators group can
administer all network servers and domain accounts on the PDC. A network can use the
single-domain model if it has enough number of users and groups to ensure good performance
(generally up to 26,000). The exact number of users and groups depends on the number of
servers in the domain and the hardware of the servers.
When the network does need to be split into
domains, but still has a small enough number of users and gro-ups, the master domain model
might be the best choice. This model gives you both centralized administration and the
benefits of multiple domains. With this model, one domain-the master domain- acts as the
central administrative unit for user and group accounts. All other domains on the network
trust this domain, which means they recognize the users and global groups defined there.
It's logical to have the MIS department administer the master domain.
Managing NT Domains
color="#000000" size="3"> Through the domain structure, NT Server Directory Services, provides several services like single-user logon, centralized network administration, and universal access to resources. Although NT Server Directory Services are invisible to you, they respond when you use Server commands to manage the user and group accounts in your domain.
color="#000000" size="3">A domain is a logical grouping of network servers and other Within a domain, domain controllers manage all aspects |
In the multiple master domain model, there
are two or more single-master domains. Like the single-master domain model, the master
domains serve as account domains, with every user and computer account created and
maintained on one of these master domains. A company's MIS group can centrally manage
these master domains. Like in the single-master domain model, the other domains on the
network are called resource domains; they don't store or manage user accounts but do
provide resources such as shared file servers and printers to the network.
User And Group Accounts
Administrators typically group users according to the types and degrees of network access
their jobs' require. By using group accounts, administrators can grant rights and
permissions to multiple users at the same time. A global group consists of several user
accounts from one domain that are grouped together under one group account name. A global
group can contain user accounts from only a single domain-the domain where the global
group was created. 'Global' indicates that the group can be granted rights and permissions
to use resources in multiple (global) domains. A local group consists of user accounts and
global groups from one or more domains, grouped together under one account name. Users and
global groups from outside the local domain can be added to the local group only if they
belong to a trusted domain.
User Work Environments
On computers running NT Workstation or NT Server, user profiles automatically create and
maintain the desktop settings for each user's work environment on the local computer. A
user profile is created for each user when the user logs on to a computer for the first
time. The profile contains configuration preferences and options for each user-a snapshot
of a user's desktop environment.
File Systems And Security
Security begins with passwords for user accounts and is extended by the rights and
permissions granted to users to interact with network resources.With NTFS, you can use
permissions to protect individual files, and can apply this protection for local access as
well as for access over the network.
Keeping shared resources current is a
helpful task performed by NT Server Directory Replicator service. If you have a set of
files that you want to be distributed to a large number of users, you can set up and
maintain identical directory trees on multiple servers and workstations, and split the
load between several computers. Configure one server to act as an export server. Place the
master copies of the files here. Configure the other computers to act as import computers.
Only one copy of each file needs to be maintained, yet every computer that participates
has an available, identical copy of that set of files. Each export server maintains a list
of computers to which subdirectories are exported, and each import computer maintains a
list of computers from which subdirectories are imported.
Print Servers
NT supports remote printing. When NT and Win95 clients connect to a correctly configured
NT print server, the printer driver is automatically installed on the client computer. If
you install a newer printer driver on the server, NT clients automatically download the
newer driver. Non-NT clients (such as MS DOS and Windows 3.X) can access NT printers by
redirecting their output ports to the appropriate \\server\ sharename. Users on any client
computer can print to network-attached TCP/IP print devices or to print devices that are
physically attached to most Unix computers. To enable this on your network, at least one
Windows NT computer must have the TCP/IP protocol and the Microsoft TCP/IP printing
service installed.
To set up a print server that allows Microsoft network clients to print to a print device
shared by Novell NetWare, install Windows NT Gateway Services for NetWare (GSNW) on the
print server. Both NT Workstation and NT Server computers can also print to AppleTalk
print devices and AppleShare print servers.
Data Protection
NT includes the Backup program-a graphical tool that enables you to use a tape drive to
back up and restore important files on either NTFS or FAT partitions. You can use the
Backup program to back up any computer to which you can connect remotely.
Fault tolerance is the ability of a system
to continue functioning even when a part of the system fails. Normally, the expression
fault tolerance is used to describe disk subsystems, but it can also apply to other parts
of the system or the entire system. Fully fault-tolerant systems use redundant disk
controllers and power supplies as well as fault-tolerant disk subsystems. RAID strategies
can be implemented using hardware or software solutions. In NT Server, this can be
performed in the software.
SUKHVINDER SINGH
GULATI
is Managing Consultant,
Microsoft Consulting
Services (India).