Although Windows 2000 is similar to Windows NT and offers many of the same tools and utilities, such as Task Manager and Event Viewer, Windows 2000 is a much more robust operating system that offers many new useful utilities, tools, and newly designed wizards. In this section, we focus on the Windows 2000 tools and utilities you are most likely to be tested on in the current A+ Operating Systems Technologies exam.
The Device Manager was discussed in detail in Chapter 24. As you may recall, Device Manager is available in Windows 9x, Windows Me, and Windows XP, but not with Windows NT. It is a useful utility that is a welcomed feature with Windows 2000.
Device Manager lists all the hardware devices that are attached to a system and ensures that the devices are operating properly. You can troubleshoot devices, view device resources, and update drivers for specific devices by double-clicking on a device listed in the Device Manager utility and selecting the appropriate option.
To access Device Manager in Windows 2000 Professional, navigate to Control Panel > System > Hardware > Device Manager, or Control Panel > Administrative Tools > Computer Management > Device Manager.
Windows 2000 offers Driver Signing options that allow you to prevent or block users from installing software and device drivers that are not digitally signed or approved by Microsoft. This is a very useful feature that can save administrators and technicians from having to reconfigure systems that have been corrupted by unsigned or unapproved software or driver installations. To navigate to and block the installation of unassigned drivers, select Start > Settings > Control Panel > System > Hardware > Driver Signing. The Driver Signing Options window appears (Figure 26.2). By default, the option to warn users when an unsigned driver or file is installed is selected. Choose the option to block the installation of unsigned files, and select OK.
Figure 26.2: The Driver Signing Options window.
There are many ways to access administrative programs and carry out administrative tasks in Windows 2000. You can use individual utilities and programs, create your own administrative console with Microsoft Management Console and snap-in programs, or use preconfigured tools, such as Computer Management, to carry out many administrative duties from one central location. The Microsoft Management Console will be discussed in more detail later in the chapter.
On the Windows 2000 Control Panel is the Administrative Tools folder. This folder contains many useful tools that were present with Windows NT 4.0, such as Performance Monitor, Event Viewer, Services, and Local Security Policy. This folder also contains an icon for a very useful administrative tool known as Computer Management. Computer Management is a prepackaged group of administrative programs, otherwise known as snap-ins, which can be administered from one central location. As shown in Figure 26.3, Computer Management provides quick access to system resources and tools such as Device Manager, Event Viewer, System Information, and Local Users and Groups. You can also manage disks and logical drives, and run Disk Defragmenter from the Storage section of the Computer Management tree. You can quickly access the Computer Management window by right-clicking on the My Computer Desktop icon and selecting Manage.
The Local Users and Groups snap-in (see Figure 26.3) is the Windows 2000 Professional replacement for the User Manager, which was available with Windows NT 4.0 Workstation. Using this tool, you can add and remove users, make new local groups, add users to groups, assign user profiles (profiles are discussed later in this chapter), set passwords, and disable or unlock user accounts.
Figure 26.3: The computer Management window
Windows 2000 Professional comes with built-in accounts for Administrator and Guest. The built-in groups available with Windows 2000 Professional are Administrator, Power Users, Backup Operators, Replicator, Users, and Guests. Each of these groups has built-in, pre-assigned permissions that allow user accounts assigned to a particular group to have special rights. The most powerful group is the Administrator group. Administrators have the privileges to carry out all tasks. Power Users have some administrative privileges and can install legacy applications. Backup Operators can backup and restore files and folders. The Replicator group is used for replicating directories. The Users group has very basic privileges. All users of the system are automatically added to the Users group.
The Guest group is similar to the Users group and has very limited rights to the system.
The Backup utility has been revamped and included with Windows 2000. The newly designed Backup utility provides useful backup and restore wizards that can be used to design a backup or restoration job for files on a local machine or over the network.
As displayed in Figure 26.4, the Backup utility also offers the ability to create an ERD (Emergency Repair Disk).
Figure 26.4: The Windows 2000 Backup utility.
Note | Windows 2000 does not offer the ability to create an ERD using the Windows NT 4.0 utility RDISK.EXE. |
You can use the Windows 2000 Backup utility to backup information from one file system type and restore the information to another file system type. For example, you can backup files located on an NTFS partition and restore the files to a FAT32 partition, but you must keep in mind that NTFS and FAT32 are not compatible file systems. If you restore to FAT32 from NTFS, you will retain long file names and file attributes, but you will lose file properties such as compression, encryption, and permission values.
As discussed in Chapter 25, Windows NT 4.0 uses the Disk Administrator tool to manage hard disks and logical drives. Windows 2000 has a similar tool called Disk Management, which offers the ability to manage hard disks, logical drives, and dynamic disks (discussed in the next section).
To access the Windows 2000 Disk Management tool, open Control Panel > Administrative Tools > Computer Management > Storage > Disk Management. The Disk Management tool gathers information about local physical drives and displays information similar to that shown in Figure 26.3.
With the Disk Management tool, you can change the drive letter and path for a disk or logical drive, format a drive, delete a logical drive, delete a partition, or mark a partition as active.
Similar to Disk Administrator in Windows NT 4.0, Windows 2000 Disk Management provides support for RAID levels 0, 1, and 5, which include striped volumes, mirrored volumes, and disk striping with parity. You should note that RAID levels 1 and 5 are only available in the Server versions of Windows NT 4.0 and Windows 2000. As you may recall, RAID levels were described in detail in Chapter 25.
The Disk Manager tool also supports simple and spanned volumes. Simple volumes are constructed from space on one physical disk drive. Spanned volumes are made up of areas of disk space located on different physical disks, which are combined to form one logical drive space.
Windows 2000 supports two disk storage types known as basic and dynamic disks. A basic disk is one that has been configured or ‘partitioned’ with the traditional techniques we are familiar with from our previous studies of DOS, Windows 9x, and Windows NT. A basic disk can be configured to have four primary partitions or three primary partitions and an extended partition. By default, a basic disk is created when Windows 2000 is installed. After installation, you can convert a basic disk to a dynamic disk using Disk Manager by right-clicking the basic disk displayed in Disk Manager and selecting Upgrade to Dynamic Disk. To convert a dynamic disk back to a basic disk, remove all volumes from the dynamic disk, right-click on the dynamic disk in Disk Manager, and select Revert to Basic Disk.
You should leave a hard disk configured as basic if you wish to access its data from DOS or Windows 9x.
Dynamic disks are areas of space on a single disk, or areas combined from multiple disks, created and organized using volume techniques to organize areas instead of traditional partitioning techniques. Disks that have been configured with DOS or Windows 9x cannot access dynamic disks. Dynamic disks can be created and managed using Disk Manager. You can create five types of dynamic disks: simple, mirrored, spanned, striped, and RAID level 5 volumes.
Disk quotas can be implemented in Windows 2000 to track and control the amount of disk space used by a particular user or disk volume. To enable quota management, right-click on the disk from Windows Explorer or My Computer, select Properties, choose the Quota tab, and choose the appropriate options to suit your administrative needs. Disk quotas can be used only for volumes configured with NTFS.
With disk quotas, an administrator can do the following:
Limit the amount of disk space used by a user and create an event log message if this limit has been met.
Create an event log message if a user or volume has met a warning level set for the amount of disk space specified.
If your Windows 2000 system is configured with the NTFS file system, you can take advantage of compression and encryption. Compression allows the size of files and folders to be reduced so they do not use as much disk space as they would if they were uncompressed. To compress or uncompress a file or folder in Windows 2000, simply right-click on a file or folder from within Windows Explorer and select Properties. From the General tab, click the Advanced button. The Advanced Attributes window appears (Figure 26.5). From this window you can compress a file or a folder in the Compress or Encrypt attributes section.
Note | If files are compressed, they will be displayed in a different color in Windows Explorer. The default color for compressed files and folders is blue. |
Files and folders created on NTFS partitions can be encrypted. Encryption is a feature of EFS that allows you to secure volumes, files, and folders. You can set the encryption attribute for a file or folder to secure its contents from the Compress or Encrypt attributes section (see Figure 26.5). To decrypt a file or folder, you must be the creator of the file or folder, or be an Encrypted Data Recovery Agent (EDRA). EDRAs are discussed in the following section.
Figure 26.5: Setting compression and encryption attributes.
As mentioned at the beginning of this section, the Local Security Policy icon can be accessed from the Administrative Tools folder located in the Windows 2000 Control Panel. Policies are used in Windows 2000 to enforce certain rules and restrictions on user accounts in order to protect the integrity of the operating system and to provide administrators with the ability to audit important events.
If you open the Local Security Policy icon, you will see that you can make policy and settings changes for the following policies:
Account Policies: You can use the Account Policies section to create and apply a Password Policy and an Account Lockout Policy. This allows you to apply policies that force the implementation of such items as minimum or maximum password age, password length, and account lockout after so many failed password attempts.
Local Policies: These policies include an Audit Policy, User Rights Assignment, and Security Options. This is where you enable the auditing of events, such as File and Object Access and System events in Windows 2000. You can also make changes to the rights that users and groups have on the local machine from this area.
Public Key Policies: This policy is part of the Windows 2000 EFS that allows the recovery of lost data by designated Recovery Agents. In this area, administrators can create and add EDRAs, which can be used to unlock or decrypt encrypted files and folders that have been encrypted by other users.
Windows 2000 offers a new feature called Microsoft Management Console (MMC). The MMC is used to provide a personalized central location for administration through the installation of snap-ins. Snap-ins are applications that represent the various utilities and tools available in Windows 2000, such as the Disk Defragmenter, Device Manager, Computer Policies, Event Viewer, Services, and Certificates, just to name a few. To navigate to and personalize your own Management Console, select Start > Run and enter “MMC” in the Open line. Click OK. A somewhat empty-looking Management Console appears. To add or remove snap-in programs, select Console from the menu options bar. Next, select Add/Remove Snap-in, and from the Stand Alone tab, select Add. A list of available stand-alone snap-in programs is presented. Simply choose the programs you wish to design your own console.
Like Windows NT 4.0, the Windows 2000 Registry holds system configuration and environmental settings that can be directly edited with utilities such as REGEDIT.EXE and REGEDT32.EXE. To edit the Windows 2000 Registry directly using either of these utilities, select Start > Run and enter either “REGEDIT” or “REGEDT32” on the Open line, and select OK. The REGEDIT utility is an easy tool to use if you need to locate a specific Registry Key. The REGEDT32 utility is more useful for editing specific Registry Keys.
Note | Normal users should never have the ability to directly edit the Registry. |
The System Configuration utility, known as MSCONFIG.EXE in Windows 9x, is also available in Windows 2000. It provides a graphical display of important system information, such as hardware resources, components, software, and Internet Explorer settings and information. One of the most useful features of the System Configuration utility is the System Summary. The System Summary gives detailed information about the system, including the installed operating system, system name, BIOS version, time zone, total physical memory, physical memory available, and many other important system values.
The System Configuration utility also gives you the ability to quickly launch programs, such as Disk Cleanup, Dr. Watson, Hardware Wizard, and the Windows Backup utility.
To access the System Configuration Utility in Windows 2000, select Start > Programs > Accessories > System Tools > System Information, or select Start > Run, enter “WINMSD” at the Open line, and press Enter. The System Summary appears by default. If you wish to launch any of the other tools, such as Disk Cleanup, from the menu bar, select Tools > Windows > Disk Cleanup or any of the other programs listed.
In the Windows 2000 Control Panel, you will notice an icon for Power Options. From within Power Options you can configure power schemes that are designed to help reduce the amount of power consumed by devices attached to your system. The built-in power schemes available from the drop-down menu in the Power Options Properties/Power Schemes window are these:
Home/Office Desk
Portable Laptop
Presentation
Always On
Minimal Power Management
Max Battery
You can change the default power settings for each of the power schemes displayed by selecting the appropriate power scheme and changing the settings listed in the “Settings for” section, below the Power Schemes section. The three built-in options that can be changed are Turn off monitor, Turn off hard disks, and System standby.
Windows 2000 Server offers a directory service known as Active Directory. Active Directory provides a hierarchical view of network objects and provides a central location from which all resources on a network can be managed. With Active Directory, administrators can easily view and make changes to user IDs, permissions, rights, computer systems, printers, and any other objects listed in Active Directory. It is not likely that you will encounter many questions about Active Directory on the A+ exam, for it is a Windows 2000 server component that is so robust it could, in fact, have its very own exam.