Sunday, December 9, 2007

Installing and Configuring Microsoft Windows 2000 Server

Preparing to Install Windows 2000 Server

Before you can begin to install Windows 2000 Server, you must prepare for the installation by gathering information and making decisions about how you want to install the software. This lesson gives you the foundation you need to install Windows 2000 Server. It describes the tasks that you should complete before moving on to the installation.

Preparing for Installation

During installation, the Windows 2000 Setup program asks you to provide information about how to install and configure Windows 2000. You should gather all the necessary information. Good preparation helps you avoid problems during and after the installation.

Before you begin the Windows 2000 installation process, review the list of tasks outlined in the table below. Each task is discussed in greater detail in the sections that follow. Initially, you should complete only the first two tasks in this table—verifying that your computer meets the minimum hardware requirements and checking hardware compatibility. The remaining tasks are completed during the actual installation of Windows 2000 Server, which you will perform in the exercises later in this chapter. This table is meant only to prepare you for the installation so that you can install Windows 2000 Server without any unnecessary delays.

Task
Verify that your computer meets the minimum hardware requirements. For example, your hard disk should meet the minimum space requirements and preferably have a minimum of 2 gigabytes (GB) of free disk space.
Check all hardware (network adapters, video drivers, sound cards, CD-ROM drives, PC cards, and so on) for compatibility by checking the Windows 2000 Hardware Compatibility List (HCL).
Identify how you want to partition the hard disk drive on which you are going to install Windows 2000 Server.
Choose a file system that meets your requirements and provides the services you need. Choose NTFS unless you need to run more than one operating system on your computer.
Select a licensing mode. You can switch to per-seat from per-server mode after installation, but not to per-server from per-seat.
Choose the type of network group (workgroup or domain) your computer will join. If you are joining a domain, you need additional information such as the domain name and the computer account name created for you. With an administrator account and password in the domain, you can create a computer account in the domain.
Determine whether to perform a new installation or upgrade an existing version of Windows NT Server. Windows NT Workstation and Windows 9x cannot be upgraded to Windows 2000 Server.
Select an installation method: Setup boot disks, CD-ROM, or over-the-network.
Choose which components you need to install, such as Networking Services or Microsoft Indexing Service.

Working with Domain Name System (DNS)

When you create a Windows 2000 domain, the DNS service must be running and configured. If you are joining a domain, you must know the DNS name of the domain that your computer is joining. If DNS is not running, it is installed automatically when you create a domain controller or when you promote a server to a domain controller.

Recording Information

You should write down the following information: previous operating system (if any), name of the computer (if on a network), name of the workgroup or domain (if on a network), and the IP address (if there is no Dynamic Host Configuration Protocol [DHCP] server or an existing DHCP server will not be used for dynamic IP addressing).

Backing Up Files

Before you install Windows 2000 Server, you should back up the files that you want to preserve. You can back up files to a disk, a tape drive, or another computer on the network.

Uncompressing the Drive

Uncompress any DriveSpace or DoubleSpace volumes before installing Windows 2000. You should not install Windows 2000 on a compressed drive unless the drive was compressed with the NTFS compression utility. DriveSpace or DoubleSpace volumes are created in Windows 9x. Windows 9x cannot be upgraded to Windows 2000 Server but can coexist on the same computer running Windows 2000 Server.

Disabling Disk Mirroring

If you are installing a clean copy of Windows 2000 and you have Windows NT disk mirroring installed on your target computer, disable it before running Setup. You can re-enable disk mirroring after completing the installation. If you are upgrading to Windows 2000, you can leave Windows NT mirroring enabled during Setup.

Disconnecting UPS Devices

If you have UPS equipment connected to your target computer, disconnect the connecting serial cable before running Setup. Windows 2000 Setup attempts to automatically detect devices connected to serial ports, and UPS equipment can cause problems with the detection process.

Reviewing Applications

Before starting the Windows 2000 Server Setup program, be sure to read Readme.doc (in the root directory of the Windows 2000 Server installation CD-ROM) for information regarding applications that need to be disabled or removed before running Setup. You may need to remove virus-scanning software, third-party network services, or client software before running the Windows 2000 Server installation.

Checking the Boot Sector for Viruses

A boot sector virus will cause the installation of Windows 2000 to fail. To verify that the boot sector is not infected with a virus, run the Makedisk.bat file in the \Valueadd\3rdparty\CA_antiv directory on the Windows 2000 Server installation CD-ROM. The Makedisk.bat utility creates a diskette that is used to check the boot sector. After creating this diskette, boot the computer with the diskette inserted. This will run a boot sector virus check. After the utility has run, remove the diskette and proceed to the next preinstallation step.

Gathering Materials

Gather the following materials to prepare for the Windows 2000 installation:

Read any documentation pertaining to installing Windows 2000 for updated installation information. Review the pertinent .txt and .doc files located on the Windows 2000 Server installation CD-ROM.
Make sure you have all device driver disks and configuration settings for third-party hardware, including any third-party device driver disks and documentation.
Have the Windows 2000 Server installation CD-ROM or a network share with the Windows 2000 Server files available.
Format three 3.5-inch 1.44 MB floppy disks (if creating optional Setup Startup disks).

Minimum Hardware Requirements

You should be familiar with the minimum hardware requirements necessary to install and operate Windows 2000 Server so that you can determine whether your system meets these requirements. The minimum installation requirements for Windows 2000 are listed in the following table.

Component	Minimum requirement
Processor	32-bit Pentium 133 MHz.
Free hard disk space	One or more hard disks where %systemroot% (C:\WINNT by default) is located on a partition with at least 671 MB of free space (2 GB is recommended).
Memory	64 MB for networking with one to five client computers; 128 MB minimum is recommended for most network environments.
Display	VGA monitor capable of 640 x 480 (1024 x 768 recommended).
CD-ROM drive	12x or faster recommended; not required for network installations.
Additional drives	High-density 3.5-inch disk drive, unless your CD-ROM is bootable and supports starting the Setup program from a CD-ROM.
Optional components	Mouse or other pointing device. For network installation: a network adapter and an MS-DOS-based network operating system that permits connection to a server containing the Windows 2000 Setup files.

Hardware Compatibility

Windows 2000 Setup automatically checks your hardware and software and reports any potential conflicts. However, to ensure a successful installation, you should make sure that your computer hardware is compatible with Windows 2000 Server before starting the setup process. To do this, verify that your hardware is on the HCL. The HCL is included on your Windows 2000 Server installation CD-ROM in the Support folder in Hcl.txt. The HCL lists each hardware model that has passed the Hardware Compatibility Tests (HCTs). The list also indicates which devices Windows 2000 Server supports. Testing is conducted by Windows Hardware Quality Labs (WHQL) and by some hardware vendors. Installing Windows 2000 Server on a computer that does not have hardware listed in the HCL might not be successful.

Installing Windows 2000 Server

Once you have performed all the necessary steps to prepare for a Windows 2000 Server installation, you are ready to begin the Windows 2000 Setup process. This lesson focuses on performing a new installation of Windows 2000 Server. It begins with a discussion of the various installation programs and then describes the phases of the installation process.

Windows 2000 Server Setup Programs

Regardless of which method you use to install Windows 2000 Server, you must execute either Winnt.exe or Winnt32.exe. You can use the Setup.exe program to launch Winnt.exe or Winnt32.exe, or you can execute Winnt32.exe or Winnt.exe directly. For a clean installation on a computer running MS-DOS or Windows 3.x, run Winnt.exe from the MS-DOS command line. For a clean installation from Windows 95, Windows 98, or Windows NT Workstation, run Winnt32.exe. For a clean installation or upgrade from Windows NT Server 3.51 or 4.0, run Winnt32.exe. Several switches can be used with Winnt.exe and Winnt32.exe to customize how Windows 2000 Server is installed on your computer.

Windows 2000 Setup Program

The Windows 2000 Setup program, Setup.exe, is located in the root directory of the Windows 2000 Server installation CD-ROM. When you execute Setup.exe, the Microsoft Windows 2000 CD screen appears. From there, you can choose to install Windows 2000 Server, install add-on components, browse the CD, or exit the Setup program. If you select the Install Windows 2000 option, the Winnt.exe or the Winnt32.exe program runs, depending on which operating system you are currently running.

If Autorun is enabled on your system, the Windows 2000 CD screen will appear when you insert the Windows 2000 Server installation CD-ROM into your CD-ROM drive. Autorun calls Setup.exe, which checks the operating system. If Setup determines that the computer is running Windows NT Server 3.51, Windows NT Server 4.0, or an earlier version of Windows 2000 Server, you are prompted either to upgrade or install Windows 2000. If a newer version of Windows 2000 Server is installed on the computer, Setup.exe will not allow the installation of Windows 2000 Server to continue.

Winnt.exe Setup Program

Winnt.exe is commonly used for over-the-network installations that use an MS-DOS network client. Winnt.exe performs the following steps:

Creates a $WIN_NT$.~BT temporary directory on the system partition and copies Setup boot files into this directory.
Creates a $WIN_NT$.~LS temporary directory and copies the Windows 2000 files from the server into this directory.
Prompts users to restart their systems. After the computer restarts, the boot menu appears and installation continues.

Winnt.exe installs Windows 2000 Server and can be executed from an MS-DOS or a Windows 16-bit operating system command prompt.

Winnt.exe Switches

You can use the following switches to modify the behavior of the Winnt.exe Setup program:

WINNT [/s[:sourcepath]] [/t[:tempdrive]] [/u[:answer_file]]
[/udf:id[,UDF_file]][/r:folder] [/rx:folder] [/e:command] [/a]

These switches are described in detail in the following table:

Switch	Description
/s[:sourcepath]	Specifies the source location of the Windows 2000 files. The location must be a full path of the form x:[path] or a valid UNC.
/t[:tempdrive]	Directs Setup to place temporary files on the specified drive and to install Windows 2000 on that drive. If you do not specify a location, Setup attempts to locate a drive for you.
/u[:answer file]	Performs an unattended Setup using an answer file (requires /s). The answer file provides answers to some or all of the prompts that the end user normally responds to during Setup.
/udf:id[,UDF_file]	Indicates an identifier (id) that Setup uses to specify how a Uniqueness Database File (UDF) modifies an answer file (see /u). The /udf parameter overrides values in the answer file, and the identifier determines which values in the UDF file are used. If no UDF_file is specified, Setup prompts you to insert a disk that contains the $Unique$.udb file.
/r[:folder]	Specifies an optional folder to be installed. The folder remains after Setup finishes.
/rx[:folder]	Specifies an optional folder to be copied. The folder is deleted after Setup finishes.
/e	Specifies a command to be executed at the end of GUI-mode Setup.
/a	Enables accessibility options.

Winnt32.exe Setup Program

Winnt32.exe is used to install Windows 2000 Server from an existing Windows 95, Windows 98, or Windows NT computer. It can be executed by double-clicking Winnt32.exe in the root of the source folder (such as \i386) on the Windows 2000 Server installation CD-ROM or in a network share location for over-the-network installations. You can also execute Winnt32.exe by using the run command from the Start Menu, which allows switches to be specified. In addition, the Winnt32 command can be run from a Windows 95, Windows 98, or Windows NT (all Windows 32-bit operating systems) command prompt.

If the Windows 2000 Server installation is initiated over the network, Winnt32.exe creates a $WIN_NT$.~LS temporary directory and copies the Windows 2000 Server files from the server into this directory. The temporary directory is created on the first partition that is large enough, unless otherwise specified by the /t switch. This is known as the Pre-Copy Phase.

WINNT32.EXE Switches

You can use the following switches to modify the behavior of the Winnt32.exe Setup program:

winnt32 [/s:sourcepath] [/tempdrive:drive_letter]
[/unattend[num]:
[answer_file]] [/copydir:folder_name]
[/copysource:folder_name]
[/cmd:command_line] [/debug[level]:[filename]]
[/udf:id[,UDF_file]]
[/syspart:drive_letter] [/checkupgradeonly] [/cmdcons]
[/m:folder_name]
[/makelocalsource] [/noreboot]

These switches are described in detail in the following table:

Switch	Description
/s:sourcepath	Specifies the source location of the Windows 2000 files. To simultaneously copy files from multiple servers, specify multiple /s sources. If you use multiple /s switches, the first specified server must be available or Setup will fail.
/tempdrive:drive_letter	Directs Setup to place temporary files on the specified partition and to install Windows 2000 on that partition.
/Unattend or /u	Upgrades your previous version of Windows 2000 in unattended Setup mode. All user settings are taken from the previous installation, so no user intervention is required during Setup. Using the /unattend switch to automate Setup affirms that you have read and accepted the End-User License Agreement (EULA) for Windows 2000. Before using this switch to install Windows 2000 on behalf of an organization other than your own, you must confirm that the end user has received, read, and accepted the terms of the Windows 2000 EULA. OEMs may not specify this key on machines being sold to end users.
/unattend[num][:answer_file]	Performs a fresh installation in unattended Setup mode. The answer file provides Setup with your custom specifications. Num is the number of seconds between the time that Setup finishes copying the files and when it restarts your computer. You can use num on any computer running Windows NT or Windows 2000. The answer_file placeholder is the name of the answer file.
/copydir:folder_name	Creates an additional folder within the folder in which the Windows 2000 files are installed. For example, if the source folder contains a folder called Private_drivers that has modifications just for your site, you can type /copydir:Private_drivers to have Setup copy that folder to your installed Windows 2000 folder. So then the new folder location would be %systemroot%\Private_drivers. You can use /copydir to create as many additional folders as you want.
/copysource:folder_name	Creates a temporary additional folder within the folder in which the Windows 2000 files are installed. For example, if the source folder contains a folder called Private_drivers that has modifications just for your site, you can type /copysource:Private_drivers to have Setup copy that folder to your installed Windows 2000 folder and use its files during Setup. So then the temporary folder location would be %systemroot%\Private_drivers. Unlike the folders /copydir creates, /copysource folders are deleted after Setup completes.
/cmd:command_line	Instructs Setup to carry out a specific command before the final phase of Setup. This would occur after your computer has restarted twice and after Setup has collected the necessary configuration information, but before Setup is complete.
/debug[level][:filename]	Creates a debug log at the level specified, for example, /debug4:C:\ Win2000.log. The default log file is %systemroot%\Winnt32.log, with the debug level set to 2. The log levels are as follows: 0-severe errors, 1-errors, 2-warnings, 3-information, and 4-detailed information for debugging. Each level includes the levels below it.
/udf:id[,UDF_file]	Indicates an identifier (id) that Setup uses to specify how a Uniqueness Database File (UDF) modifies an answer file (see the /unattend entry). The UDF overrides values in the answer file, and the identifier determines which values in the UDF are used. For example, /udf:RAS_user, Our_company.udb overrides settings specified for the identifier RAS_user in the Our_company.udb file. If no UDF is specified, Setup prompts the user to insert a disk that contains the $Unique$.udb file.
/syspart:drive_letter	Specifies that you can copy Setup startup files to a hard disk, mark the disk as active, and then install the disk into another computer. When you start that computer, it automatically starts with the next phase of the Setup. You must always use the /tempdrive parameter with the /syspart parameter. The /syspart switch for Winnt32.exe runs only from a computer that already has Windows NT 3.51, Windows NT 4.0, or Windows 2000 installed on it. It cannot be run from Windows 9x.
/checkupgradeonly	Checks your computer for upgrade compatibility with Windows 2000. For Windows 95 or Windows 98 upgrades, Setup creates a report named Upgrade.txt in the Windows installation folder. For Windows NT 3.51 or 4.0 upgrades, it saves the report to the Winnt32.log in the installation folder.
/cmdcons	Adds a Recovery Console option to the operating system selection screen for repairing a failed installation. It is only used post-Setup.
/m:folder_name	Specifies that Setup copies replacement files from an alternate location. Instructs Setup to look in the alternate location first, and if files are present, use them instead of the files from the default location.
/makelocalsource	Instructs Setup to copy all installation source files to your local hard disk. Use /makelocalsource when installing from a CD to provide installation files when the CD is not available later in the installation.
/noreboot	Instructs Setup not to restart the computer after the file copy phase of winnt32 is completed so that you can execute another command.

The Installation Process

The Windows 2000 Server installation process includes three phases: the Pre-Copy Phase, Text mode, and GUI mode.

Pre-Copy Phase

During the Pre-Copy Phase, all of the files needed for the installation are copied to temporary directories on the local hard drive. When you use the Winnt.exe or Winnt32.exe command to initiate an installation over the network, all the files needed to complete the installation are copied over the network to a temporary directory named $WIN_NT$.~LS. Setup then continues, as it would if you were performing the installation from a local drive, moving on to the Text mode phase of the installation process and then to the GUI mode phase.

You can choose not to create the boot floppies by selecting the check box Copy All Setup Files From The Setup CD To The Hard Drive. The check box is under the Advanced Options button. When you select this option, a $WIN_NT$.~BT directory is created on the disk. This directory contains the files that would have been on the four boot floppies.

While the files are being copied into the $WIN_NT$.~LS directory, Windows 95, Windows 98, or Windows NT is still running. This means there is less down time during the upgrade.

Text Mode

In Text mode setup, Setup prompts you for information needed to complete the installation. After you accept the license agreement, you specify or create an installation partition and choose a file system. All files required for installation are copied from the temporary directory (or the CD-ROM) into the installation directory on the hard disk of the target computer.

Windows 2000 Server Licensing Agreement

The Windows 2000 Server Licensing Agreement takes up several pages. Use the Page Down key to move through the agreement, and then press F8 to agree. This appears before Text mode if you use Winnt32 or Autorun to start your setup.

Existing Installations

If Setup detects any existing Windows 2000 installations, it displays them in a list. You can select an installation and press R to repair it, or press Esc to continue.

Partitions

Setup displays all existing partitions and free space on the system. Using the Up and Down arrow keys you can select where you want to install Windows 2000 Server. At this point you can create and delete partitions. Press Enter to continue.

File Systems

Setup gives you the option of keeping the current file system intact or allows you to convert it to NTFS. If you do not want to change it, select the Leave Current File System Intact option, which is the default, and press Enter to continue.

Setup examines your hard disks and copies the files it needs for installation from the temporary directory to the installation directory. (Winnt is the default directory.)

GUI Mode

After completing the Text mode portion of Setup, the computer restarts and GUI mode begins. This phase allows you to select which optional components to install and allows you to select the administrator password.

GUI mode consists of three distinct stages:

Gathering Information About Your Computer
Installing Windows 2000 Server Networking
Completing Setup

Gathering Information About Your Computer

The Gathering Information About Your Computer stage is a series of dialog boxes that Windows 2000 uses to collect configuration information for setting up your system. During this stage, Windows 2000 security features are installed and devices are installed and configured.

Regional Settings

Windows 2000 displays the current (default) regional settings. You can add support for additional languages, change your location settings for the system, and configure the user account default settings as well.

Personalize Your Software

When configuring your system, you must enter the name that Windows 2000 Server is registered to. In addition, you can add the name of the organization, although this is optional.

Licensing Mode

You must select the Per Server or Per Seat licensing method. If you select Per Server, you must enter the number of Per Server licenses.

Computer Name and Administrator Password

You must enter a computer name (NetBIOS name of up to 15 characters) when you install Windows 2000. Note that the autogenerated name is 15 characters long. The name you enter must be different from other computer, workgroup, or domain names on the network. A default computer name is displayed. You can access the default name or type in a computer name.

You can also enter an Administrator password for the local Administrator user account. This password can be up to 127 characters long, or it can be left blank.

Optional Component Manager

The Optional Component Manager allows you to add or remove additional components during and after installation. For details about each of these components, see "Lesson 1: Preparing to Install Windows 2000 Server."

Date and Time Settings

During the installation process, you must select the appropriate time zone and adjust the date and time settings, if necessary, including automatic adjustments for daylight savings time.

Installing Windows 2000 Server Networking

When Setup completes the Gathering Information About Your Computer stage, it returns to the Windows 2000 Setup screen. Setup then examines the computer to detect installed network adapters. This can take several minutes.

Networking Settings

The Windows 2000 networking setup begins with a dialog box offering a choice between Typical settings (default) or Custom settings. Typical settings configure the system with the all the defaults: Client for Microsoft Networks, File and Print Sharing for Microsoft Networks, and Internet Protocol (TCP/IP) configured as a DHCP client.

Custom settings allows the configuration of the following three items:

Clients The default client is Client For Microsoft Networks. You can add Gateway (and Client) Services for NetWare.
Services The default service is File and Printer Sharing for Microsoft Networks. You can add SAP Agent and QoS Packet Scheduler. You can modify the settings for File and Printer Sharing for Microsoft Networks by highlighting the service and clicking Properties. This allows you to optimize server service settings and provide server service compatibility for LAN Manager 2.x clients.
Protocols The default protocol is Internet Protocol (TCP/IP). You can add additional protocols, including NWLink IPX/SPX, NetBEUI, DLC, AppleTalk, Network Monitor Driver, and others. You can also modify the settings for a protocol (if applicable) by highlighting the protocol and clicking Properties.

Completing Setup

The Completing Setup stage performs the following actions and requires no user interaction. The following table provides an overview of the tasks performed by Setup during this stage.

Task	Description
Copying files	Setup copies any remaining files necessary to the installation directory such as accessories and bitmaps.
Configuring the computer	Setup creates your start menu, program groups, sets up the print spooler, printers, services, the administrator account, fonts, the Pagefile, and the registration of many dynamic-link libraries (DLLs).
Saving the configuration	Setup saves your configuration to the registry, creates the repair directory, and resets the Boot.ini.
Removing temporary files	Setup removes the temporary files and directories created and used during installation, such as the $WIN_NT$.~LS directory, and also compacts the system hives in the registry.

Routing and Remote Access Service

Introduction to the Routing and Remote Access Service

Multiprotocol routing support for the Windows NT family of operating systems began with Windows NT 3.51 Service Pack 2, which included components for the Routing Information Protocol (RIP) for IP, RIP for IPX, and the Service Advertising Protocol (SAP) for IPX. Windows NT 4.0 also includes these components. In June 1996, Microsoft released RRAS for Windows NT 4.0, a component that replaced the Windows NT 4.0 remote access service, RIP for IP, RIP for IPX, and SAP for IPX services with a single integrated service providing both remote access and multiprotocol routing. This lesson focuses on how RRAS is implemented in Windows 2000. It discusses installation and configuration, as well authentication and authorization.

Windows 2000 Routing and Remote Access Service

RRAS for Windows 2000 Server continues the evolution of multiprotocol routing and remote access services for the Microsoft Windows platform. When RRAS was implemented in Windows NT 4.0, it added support for the following features:

RIP version 2 for IP (RIP for IP version 1 is still supported).
Open Shortest Path First (OSPF) routing protocol for IP
Demand-dial routing (routing over persistent or on-demand WAN links such as analog phone lines)
Internet Control Message Protocol (ICMP) router discovery
Remote Authentication Dial-In User Service (RADIUS) client to benefit from the services provided by a RADIUS server
RADIUS server for providing centralized authentication, authorization, accounting, and remote access policy to dial-up and VPN remote access clients (included with the Windows NT 4.0 Option Pack)
IP and IPX packet filtering for protocol-level security
A graphical user interface (GUI) administrative program called Routing and RAS Admin and a command-line utility called Routemon

Combining Routing and Remote Access

Before RRAS was implemented in Windows NT, the routing services and remote access services worked separately. However, the two services have been combined because of the Point-to-Point Protocol (PPP), which is the protocol suite that is commonly used to negotiate point-to-point connections for remote access clients. PPP provides link parameter negotiation, the exchange of authentication credentials, and network layer protocol negotiation. For example, when you dial an Internet service provider (ISP) via PPP, you agree to the size of the packets you are sending and how they are framed (link negotiation), you log on by using a user name and password (authentication), and you obtain an IP address (network layer negotiation).

Demand-dial routing connections also use PPP to provide the same kinds of services as remote access connections (link negotiation, authentication, and network layer negotiation). Therefore, the integration of routing (which includes demand-dial routing) and remote access is done to leverage the PPP client/server infrastructure available for the remote access components.

The PPP infrastructure of Windows 2000 Server includes support for the following types of access:

Dial-up remote access (over dial-up equipment such as analog telephone lines, and ISDN) as either the client or server
VPN remote access as either the client or server
On-demand or persistent dial-up demand-dial routing (over dial-up equipment such as analog telephone lines, and ISDN) as either the calling router or the answering router
On-demand or persistent VPN demand-dial routing as either the calling router or the answering router

Features of the Routing and Remote Access Service

RRAS for Windows 2000 includes a wide variety of features that support unicast and multicast IP routing, IPX routing, AppleTalk routing, remote access, and VPN support

IP Multicast Support

Windows 2000 supports the sending, receiving, and forwarding of IP multicast traffic. Multicast traffic is sent to a single host but is processed by multiple hosts who listen for this type of traffic destined for a single host. This is commonly used for delivering real-time data to multiple users, such as when delivering a distributed media presentation. The IP multicast components of RRAS allow you to send and receive IP multicast traffic from remote access clients and multicast-enabled portions of the Internet or a private intranet.

IPX Support

The Windows 2000 Server Router is a fully functional IPX router supporting RIP for IPX, the primary routing protocol used in IPX internetworks; Novell NetWare SAP for IPX, a protocol for the collection and distribution of service names and addresses; and NetBIOS over IPX broadcast forwarding.

Remote Access

Windows 2000 remote access technology allows remote clients to connect to corporate networks or the Internet. This lesson provides an overview of remote access and discusses dial-up remote access connections, remote access security, and managing remote access. This lesson focuses on the Remote Access Service part of RRAS. Hereafter, the acronym RAS will be used to refer to the Remote Access Service component of RRAS

Overview of Remote Access

In Windows 2000 RAS, remote access clients are either connected to only the remote access server's resources (point-to-point remote access connectivity), or they are connected to the RAS server's resources and the resources in the network to which the remote access server is attached (point-to-LAN remote access connectivity). The latter type of connection type allows remote access clients to access resources as if they were physically attached to the network.

A Windows 2000 remote access server provides two remote access connection methods:

Dial-up remote access With dial-up remote access, a remote access client uses the telecommunications infrastructure to create a temporary physical circuit or a virtual circuit to a port on a remote access server. Once the physical or virtual circuit is created, the rest of the connection parameters can be negotiated.
VPN remote access With virtual private network remote access, a VPN client uses an IP internetwork to create a virtual point-to-point connection with a RAS server acting as the VPN server. Once the virtual point-to-point connection is created, the rest of the connection parameters can be negotiated.

Remote Access Client

Windows 2000, Windows NT 3.5 or later, Windows 98, Windows 95, Windows for Workgroups, MS-DOS, and Microsoft LAN Manager remote access clients can all connect to a Windows 2000 remote access server. Almost any third-party Point-to-Point Protocol (PPP) remote access clients—including UNIX and Apple Macintosh clients—can connect to a Windows 2000 remote access server.

The Microsoft remote access client is also capable of dialing into a Serial Line Interface Protocol (SLIP) server. SLIP is a legacy dial-in protocol that does not provide the security, performance, or reliability of PPP. A Windows 2000 RAS server does not support SLIP dial-up (dial-in) connections.

Remote Access Service Server

The Windows 2000 remote access server accepts dial-up connections and forwards packets between remote access clients and the network to which the remote access server is attached.

Dial-Up Equipment and WAN Infrastructure

The physical or logical connection between the remote access server and the remote access client is facilitated by dial-up equipment installed at the remote access client, the remote access server, and the telecommunications infrastructure. The nature of the dial-up equipment and telecommunications infrastructure varies depending on the type of connection being made.

Public Switched Telephone Network

The Public Switched Telephone Network (PSTN), also known as Plain Old Telephone Service (POTS), is the analog telephone system designed to carry the minimal frequencies to distinguish human voices. Because the PSTN was not designed for data transmissions, there are limits to the maximum bit rate that a PSTN connection can support. Dial-up equipment consists of an analog modem for the remote access client and the remote access server. For large organizations, the remote access server is attached to a modem bank containing up to hundreds of modems. With analog modems at both the remote access server and the remote access client, the maximum bit rate supported by PSTN connections is 33,600 bits per second, or 33.6 kilobits per second (Kbps).

Monitoring and Optimization

Disk Monitoring and Optimization

Windows 2000 includes several tools that you can use to diagnose disk problems, improve performance, and compress data, such as Check Disk, the Disk Defragmenter snap-in, data compression, and disk quotas. This lesson discusses each of these tools and shows how the tools are used. Lesson 2 explores disk monitoring in the context of system performance monitoring.

Check Disk

The Check Disk tool, also referred to as the Error-checking tool, allows you to check for file system errors and bad sectors on your hard disk. To use Check Disk, open the Properties dialog box for the specific disk you want to check. You can open the Properties dialog box from Windows Explorer or from My Computer. On the Tools tab, click Check Now to open the Check Disk dialog box and select the appropriate options

Disk Defragmenter Snap-In

Windows 2000 saves files and folders in the first available space on a hard disk and not necessarily in an area of contiguous space. This leads to file and folder fragmentation. When your hard disk contains a lot of fragmented files and folders, your computer takes longer to gain access to them because it requires several additional reads to collect the various pieces. Creating new files and folders also takes longer because the available free space on the hard disk is scattered. Your computer must save a new file or folder in various locations on the hard disk.

Defragmenting Disks

The process of finding and consolidating fragmented files and folders is called defragmenting. The Disk Defragmenter snap-in is used to locate fragmented files and folders and then defragment them. It does this by moving the pieces of each file or folder to one location so that each file or folder occupies a single area of contiguous space on the hard disk. Consequently, your system can gain access to and save files and folders more efficiently. By consolidating files and folders, the Disk Defragmenter snap-in also consolidates free space, making it less likely that new files will be fragmented. Disk Defragmenter defragments FAT16, FAT32, and NTFS volumes.

The upper portion of the window lists the volumes you can analyze and defragment. The middle portion is a graphic representation of how fragmented the selected volume is. The lower portion is a dynamic representation of the volume that is continuously updated during defragmentation. The display colors indicate the condition of the volume.

Red indicates fragmented files.
Dark blue indicates contiguous (nonfragmented) files.
White indicates free space on the volume.
Green indicates system files, which Disk Defragmenter cannot move.

By comparing the Analysis display band to the Defragmentation display band during defragmentation and at its conclusion, you can quickly see the improvement in the volume.

To analyze or defragment a volume, you can choose one of the options described in the following table.

Option	Description
Analyze	Click this button to analyze the disk for fragmentation. After the analysis, the Analysis display band provides a graphical representation of how fragmented the volume is.
Defragment	Click this button to defragment the disk. After defragmentation, the Defragmentation display band provides a graphical representation of the defragmented volume.

Using Disk Defragmenter Effectively

The following list provides guidelines for using the Disk Defragmenter snap-in.

Run Disk Defragmenter when the computer will receive the least usage. During defragmentation, data is moved around on the hard disk. The defragmentation process is CPU intensive and will adversely affect access time to other disk-based resources.
Recommend users defragment their local hard disks at least once a month to prevent accumulation of fragmented files.
Analyze the target volume before you install large applications, and then defragment the volume if necessary. Installations are completed more quickly when the target medium has adequate contiguous free space. Additionally, gaining access to the application after it is installed is faster.
When you delete a large number of files or folders, your hard disk might become excessively fragmented, so be sure to analyze it afterwards. Generally, you should defragment hard disks on busy file servers more often than those on single-user client computers.
Consider using a disk defragmentation utility that allows you to perform a regularly scheduled network-wide defragmentation from a central location. Executive Software created the manual Disk Defragmenter included with Windows 2000 and manufactures an automated, more feature-rich version of this utility as a separate product called Diskeeper.

Data Compression

Data compression enables you to compress files and folders on NTFS volumes. Compressed files and folders occupy less space on an NTFS-formatted volume, which enables you to store more data. The compression state for each file and folder on an NTFS volume is set to either compressed or uncompressed.

Using Compressed Files and Folders

Compressed files can be read by and written to any Windows-based or MS-DOS-based application without first being uncompressed by another program. When an application, such as Microsoft Word for Windows, or an operating system command, such as copy, requests access to a compressed file, NTFS automatically uncompresses the file before making it available. When you close or explicitly save a file, NTFS compresses it again.

NTFS allocates disk space based on the uncompressed file size. If you copy a compressed file to an NTFS volume with enough space for the compressed file, but not enough space for the uncompressed file, you will get an error message stating there is not enough disk space for the file. The file will not be copied to the volume.

Compressing Files and Folders

You can set the compression state of folders and files in Windows Explorer or by using the compact command-line utility. For information on compact utility syntax, go to a command prompt and type compact /?.

To compress a file or folder, open the Properties dialog box for the specific file or folder. On the General tab, click Advanced. In the Advanced Attributes dialog box, select the Compress Contents To Save Disk Space check box, as shown in Figure 13.3. Note that NTFS encryption and compression are mutually exclusive. If you choose the Encrypt Contents To Secure Data check box, you cannot compress that folder or file.

Copying and Moving Compressed Files and Folders

There are rules that determine whether the compression state of files and folders is retained when you copy or move them within and between NTFS and FAT volumes. The following sections describe how Windows 2000 treats the compression state of a file or folder when you copy or move a compressed file or folder within or between NTFS volumes or between NTFS and FAT volumes.

Copying a File Within an NTFS Volume

When you copy a file within an NTFS volume, the file inherits the compression state of the target folder. For example, if you copy a compressed file to an uncompressed folder, the file is automatically uncompressed.

Moving a File or Folder Within an NTFS Volume

When you move a file or folder within an NTFS volume, the file or folder retains its original compression state. For example, if you move a compressed file to an uncompressed folder, the file remains compressed.

Copying a File or Folder Between NTFS Volumes

When you copy a file or folder between NTFS volumes, the file or folder inherits the compression state of the target folder.

Moving a File or Folder Between NTFS Volumes

When you move a file or folder between NTFS volumes, the file or folder inherits the compression state of the target folder. Because Windows 2000 treats a move as a copy and then a delete, the files inherit the compression state of the target folder.

Moving or Copying a File or Folder to a FAT Volume

Windows 2000 supports compression for NTFS files only. Because of this, when you move or copy a compressed NTFS file or folder to a FAT volume, Windows 2000 automatically uncompresses the file or folder.

Moving or Copying a Compressed File or Folder to a Floppy Disk

When you move or copy a compressed NTFS file or folder to a floppy disk, Windows 2000 automatically uncompresses the file or folder.

Simple Network Management Protocol Service

To meet the challenges of designing an effective network management platform for heterogeneous TCP/IP-based networks, the Simple Network Management Protocol (SNMP) was defined in 1988 and approved as an Internet standard in 1990 by the Internet Activities Board (IAB). SNMP allows you to monitor and communicate status information from SNMP agents to a network management station (NMS). This lesson provides the background and conceptual material necessary to understand and implement SNMP within the context of Windows 2000.

Overview of SNMP

SNMP is a network management standard widely used with TCP/IP networks and, more recently, with Internetwork Packet Exchange (IPX) networks. SNMP provides a method of managing network nodes (servers, workstations, routers, bridges, and hubs) from a centrally located NMS.

Performance Console

Windows 2000 provides two utilities for monitoring resource usage on your computer: the System Monitor snap-in and the Performance Logs And Alerts snap-in, both of which are pre-installed on the Performance console. The System Monitor snap-in allows you to track resource use and network throughput. The Performance Logs And Alerts snap-in allows you to collect performance data from local or remote computers.

System Monitor Snap-In

In Windows 2000, Performance Monitor has been replaced by System Monitor. With System Monitor, you can measure the performance of your own computer or other computers on a network. System Monitor allows you to perform the following tasks:

Collect and view real-time performance data on a local computer or from remote computers
View data collected either currently or previously in a counter log
Present data in a printable graph, histogram, or report view
Incorporate System Monitor functionality into Microsoft Word or other applications in the Microsoft Office suite by means of Automation
Create HTML pages from performance views
Create reusable monitoring configurations that can be installed on other computers that use MMC

With System Monitor, you can collect and view extensive data about the usage of hardware resources and the activity of system services on computers you administer. You can define the data you want the graph to collect in the following ways:

Type of data To select the data to be collected, you can specify one or more counter instances of performance monitor objects. Some objects (such as the memory object) provide system resource counters; others provide counters on the operation of applications (for example, system services or Microsoft BackOffice applications).
Source of data System Monitor can collect data from your local computer or from other computers on the network where you have permission. (By default, administrative permission is required.) In addition, you can include real-time data or data collected previously and saved in counter logs.
Sampling parameters System Monitor supports manual, on-demand sampling or automatic sampling based on the time interval you specify. When viewing logged data, you can also choose starting and stopping times so that you can view data spanning a specific time range.

Microsoft Windows 2000 Application Servers

Exploring Microsoft Internet Information Services 5.0 Features

Windows 2000 Server includes an updated version of IIS (version 5.0). IIS runs as an enterprise service within Windows 2000 and uses other services provided by Windows 2000, such as security and Active Directory services. IIS 5.0 improves the Web server's reliability, performance, management, security, and application services. Many of these improvements result from the way IIS 5.0 incorporates new operating system features in Windows 2000. This lesson provides an overview of IIS 5.0 and explains how to install IIS and configure a Web environment.

Introduction to Microsoft IIS 5.0

While IIS 4.0 focused on security, administration, programmability, and support for Internet standards, IIS 5.0 builds on these capabilities to deliver the type of Web sites required in an increasingly intranet- and Internet-centric business environment. In particular, IIS 5.0 has been improved in the following four areas: reliability and performance, management, security, and application environment.

Reliability and Performance

IIS 5.0 performs better and is more reliable than previous versions of the product for a number of reasons. Internally, the speed of the IIS 5.0 engine has been increased through coding refinements. The new Reliable Restart feature lets system administrators quickly restart the server. Beyond these inherent capabilities, this version introduces features you can use to improve the speed and reliability of Web sites.

One of the more significant improvements in IIS 5.0 is the addition of application protection through support for pooled, out-of-process applications. To better control resource consumption, new throttling features (based on the new job object feature of Windows 2000) make it easier for administrators to allocate the amount of CPU bandwidth available to processes, as well as the amount of network bandwidth available to sites. In addition, the new Socket Pooling feature allows multiple sites sharing a port also to share a set of sockets.

Application Protection

Most operating systems view a process as a unit of work in a system. Services and applications are processes that run in memory areas allocated by the operating system to each process. In IIS 5.0, application protection refers to the way in which the operating system guards each application process from other processes in memory. In earlier versions of IIS, all Internet Server API (ISAPI) applications (including ASP technology) shared the resources and memory of the IIS server process. Although this provided fast performance, unstable components could cause the IIS server to hang or crash, which made it more difficult to develop and debug new components. In addition, in-process components could not be unloaded unless the server was restarted—which meant that modifying existing components would affect all sites that shared the same IIS server, whether they were directly affected by the upgrade or not.

As a first step toward addressing these issues, IIS 4.0 allowed applications to run either in the same IIS server process (Inetinfo.exe) or out-of-process, that is in a process separate from the IIS server process. The DLLHost.exe acts as a surrogate application to the IIS server process to manage each out-of-process application. Out-of-process applications are run separately from one another which is memory intensive and less efficient than running in-process. In IIS 5.0, there is a third option: applications can be run in a pooled process separate from the IIS server process. This approach allows related applications to be run together without adversely affecting the IIS server process. These three options provide varying levels of protection, each of which impacts performance. Greater isolation comes at the cost of slower performance.

Reliable Restart

In the event of a system failure, it's clearly important to be able to get IIS back to an operational state as quickly as possible. In the past, rebooting was an acceptable, although not optimal, way to restart IIS. To reliably restart IIS, an administrator needed to start up four separate services after every stoppage, and was required to have specialized knowledge, such as which services to start and in what order. To avoid this, Windows 2000 includes IIS Reliable Restart, which is a faster, easier, more flexible one-step restart process.

Socket Pooling

IIS 5.0 increases performance by adding the ability to optimize access to your Web site. A socket is a protocol identifier for a particular node on a network. The socket consists of a node address and a port number, which identifies the service. For example, port 80 on an Internet node represents the World Wide Web HTTP service on a Web server.

In IIS 4.0, each Web site is bound to a different IP address, which means that each site has its own socket that is not shared with sites bound to other IP addresses. Each sockets is created when the site starts, and consumes significant non-paged memory (RAM). This memory consumption limits the number of sites bound to IP addresses that can be created on a single machine.

For IIS 5.0, this process has been modified so that sites bound to different IP addresses but sharing the same port number can now share the same set of sockets. The end result is that more sites can be bound to an IP address on the same machine than in IIS 4.0. In IIS 5.0, these shared sockets are used flexibly among all of the started sites, thus reducing resource consumption.

Multisite Hosting

To improve the scalability of IIS, Windows 2000 Server supports the ability to host multiple Web sites on a single server. This can save the time and money required within a company that wants to host different sites for different departments, or for an ISP hosting multiple sites for different customers.

The key to hosting multiple sites on a single server is the ability to distinguish between them. This can be done in several ways, each using the Web site's identification. Each Web site has a unique, three-part identity it uses to receive and to respond to requests: a port number, an IP address, and a host header name. With IIS 5.0, companies can host multiple Web sites on a single server by using one of three techniques: assigning different ports, assigning different IP addresses, or assigning different host header names. Each Web site can share two out of three unique characteristics and still be identified as a unique site.

Process Throttling

If you run multiple Web sites that primarily use HTML pages on one computer, or if you have other applications running on the same computer as your Web server, you can limit how much processor time a Web site's applications are permitted to use. This can help ensure that processor time is available to other Web sites or applications unrelated to IIS.

Bandwidth Throttling

If the network or Internet connection used by your Web server is also used by other services such as e-mail or news, you may want to limit the bandwidth used by your Web server in order to free up bandwidth for other services. Bandwidth Throttling is an improved feature in IIS 5.0 that allows administrators to regulate the amount of server bandwidth each site uses by throttling the available bandwidth for the net card. For example, this allows an ISP to guarantee a predetermined amount of bandwidth to each site.

Management

While IIS 4.0 introduced a significant number of new technologies, a core design goal for IIS 5.0 was to make the Web server easier for managers to use. For example, some administrators found IIS 4.0 difficult to install. With IIS 5.0, the installation process is built right into Windows 2000 Server Setup. In addition, to make it easier to configure security settings, there are three new security wizards. This release also includes improved command-line administration scripts as well as additional built-in management scripts.

Setup and Upgrade Integration

The setup process for IIS 5.0 is integrated with Windows 2000 Server setup, and IIS 5.0 installs by default as a windows component of Windows 2000 Server. In the Windows Components wizard, it is listed as Internet Information Services (IIS). During operating system setup, a wizard helps you either to install a new copy of IIS 5.0 or to upgrade an older version.

IIS creates a default Web site, an Administration Web site, and a Default SMTP Virtual Server when you install Windows 2000 Server. You can add or remove IIS or select additional components, such as the Network News Transfer Protocol (NNTP) Service, by using the Add/Remove Programs application in Control Panel. Then from Add/Remove Programs, start the Windows Components wizard, and click the Details button of the Internet Information Services (IIS) component.

Delegated Administration

To help distribute the workload of administrative tasks, administrators can add administration accounts to the Operators group. Members of the Operators group have limited administration privileges on Web sites. For example, an ISP that hosts sites for a number of different companies can assign delegates from each company as the operators for each company's Web site. Operators can administer properties that affect only their respective sites. They do not have access to properties that affect IIS, the Windows server computer hosting IIS, or the network. This lets an IT or ISP administrator who hosts multiple Web sites on a single server delegate the day-to-day management of the Web site without giving up total administrative control.

Process Accounting

Process Accounting (sometimes referred to as CPU Usage Logging, CPU Accounting, or Job Object Accounting) is a new feature in IIS 5.0 that lets administrators monitor and log how Web sites use CPU resources on the server. Processes Accounting adds fields to the W3C Extended log file to record information about how Web sites use CPU resources on the server. ISPs can use this information to determine which sites are using disproportionately high CPU resources or that may have malfunctioning scripts or Common Gateway Interface (CGI) processes. IT managers can use this information to charge back the cost of hosting a Web site or application to the appropriate division within a company or to determine how to adjust process throttling to control resource utilization.

Security Mechanisms

IIS 5.0 uses five basic security mechanisms: authentication, certificates, access control, encryption, and auditing.

Authentication

Authentication allows you to confirm the identity of anyone requesting access to your Web sites. IIS supports the following types of authentication for HTTP and FTP services:

Anonymous FTP and HTTP authentication
Basic FTP and HTTP authentication
Anonymous FTP and HTTP authentication
Digest authentication for Windows 2000 Domains and browsers supporting this HTTP 1.1 authentication method
Integrated Windows authentication (HTTP only)

Certificates

To complete the authentication process, you need a mechanism for verifying user identities. Certificates are digital identification documents that allow both servers and clients to authenticate each other. They are required for the server and client's browser to set up an SSL connection over which encrypted information can be sent. Server certificates usually contain information about your company and the organization that issued the certificate. Client certificates usually contain identifying information about the user and the organization that issued the certificate.

Access Control

After verifying the identity of a user, you'll want to control their access to resources on your server. IIS 5.0 uses two layers of access control: Web permissions and NTFS permissions. Web permissions apply to all HTTP clients and define access to server resources. NTFS permissions define what level of access individual user accounts have to folders and files on the server.

Encryption

Once you've controlled access to information, you need to protect that information as it passes over the Internet. You can let users exchange private information, such as credit card numbers or phone numbers, with your server in a secure way by using encryption. Encryption scrambles the information before it is sent, and decryption unscrambles it after it is received. The foundation for this encryption is the SSL 3.0 protocol and the emerging TLS 1.0 protocol, which provides a secure way of establishing an encrypted communication link with users. SSL confirms the authenticity of your Web site and, optionally, the identity of users accessing restricted Web sites.

Administering a Web Environment

When IIS is installed, a default Web site is created, allowing you to quickly and easily implement a Web environment. However, you can modify that Web environment to meet your specific needs. In addition, you can implement WebDAV, which allows you to share documents over the Internet or an intranet. This lesson covers several aspects of administering a Web environment: Web site management, FTP site management, and WebDAV publishing. Administering Web and FTP sites is very similar and, as a result, are discussed together. This is followed by a discussion of WebDAV publishing.

Administering Web and FTP Sites

Originally, each domain name, such as www.microsoft.com, represented an individual computer. With IIS 5.0, multiple Web sites or FTP sites can be hosted simultaneously on a single computer running Windows 2000 Server. Each Web site can host one or more domain names. Because each site mimics the appearance of an individual computer, sites are sometimes referred to as virtual servers.

Web Sites and FTP Sites

Whether your system is on an intranet or the Internet, you can create multiple Web sites and FTP sites on a single computer running Windows 2000 in one of three ways:

Append port numbers to the IP address
Use multiple IP addresses, each having its own network adapter card
Assign multiple domain names and IP addresses to one network adapter card by using host header names

The example in Figure 14.13 illustrates an intranet scenario where the system administrator has installed Windows 2000 Server with IIS on the company's server, resulting in one default Web site: http://CompanyServer. The system administrator then creates two additional Web sites, one for each of two departments: marketing and human resources.

Operators Group

Operators are a special group of users who have limited administrative privileges on individual Web sites. Members of the Operators group can administer properties that affect only their respective sites. They do not have access to properties that affect IIS, the Windows server computer hosting IIS, or the network.

For example, an ISP who hosts sites for a number of different companies can assign delegates from each company as the operators for each company's Web site. This method of distributed server administration has the following advantages:

Each member of the Operators group can act as the site administrator and can change or reconfigure the Web site as necessary. For example, the operator can set Web site access permissions, enable logging, change the default document or footer, set content expiration, and enable content ratings features.
The Web site operator is not permitted to change the identification of Web sites, configure the anonymous user name or password, throttle bandwidth, create virtual directories or change their paths, or change application isolation.
Because members of the Operators group have more limited privileges than Web site administrators, they are unable to remotely browse the file system and therefore cannot set properties on directories and files, unless a UNC path is used.

Administering Sites Remotely

Because it may not always be convenient to perform administrative tasks on the computer running IIS, two remote administration options are available. If you are connecting to your server over the Internet or through a proxy server, you can use the browser-based Internet Services Manager (HTML) to change properties on your site. If you are on an intranet, you can use either the Internet Services Manager (HTML) or the Internet Information Services snap-in. Although Internet Services Manager (HTML) offers many of the same features as the snap-in, property changes that require coordination with Windows utilities, such as certificate mapping, cannot be made with Internet Services Manager (HTML).

Configuring and Running Telnet Services

In Windows 2000, Telnet provides user support for the Telnet protocol, a part of the TCP/IP suite. Telnet is a remote access protocol that you can use to log on to a remote computer, network device, or private TCP/IP network. Telnet Server and Telnet Client work together to allow users to communicate with a remote computer. In Windows 2000, Telnet Server is installed as a service, simply named Telnet. The Telnet service allows users of a Telnet client to log on to the computer running the Telnet service and run character-mode applications on that computer. The Telnet service acts as a gateway through which computers running the Telnet client can communicate with each other. The Telnet client allows users to connect to a remote computer and interact with that computer through a terminal window.

Telnet Service

Windows 2000 Telnet Service allows users of a Telnet client to connect to the computer running the Telnet service and use command-line commands on the computer as if they were sitting in front of it. Telnet clients can connect to a server, log on to that server, and run character-mode applications. The Telnet service also acts as a gateway for Telnet clients to communicate with each other. A computer running the Telnet service can support a maximum of 63 Telnet client computers at any given time.

Telnet Server Connection Licensing

Two Telnet service connection licenses are provided with each installation of Windows 2000 Server. This limits Telnet service to two connecting Telnet clients at a time. If you need additional licenses, use Telnet services from the Windows Services for UNIX add-on pack.

Telnet Authentication

You can use your local Windows 2000 user name and password or domain account information to access the Telnet server. The security scheme is integrated into Windows 2000 security. If you do not use the NT LAN Manager (NTLM) authentication option, the user name and password are sent to the Telnet server as plain text.

If you are using NTLM authentication, the client uses the Windows 2000 security context for authentication and the user is not prompted for a user name and password. The user name and password are encrypted.