Configuring
Windows 2000
Server
T
his chapter explores the many tools for configuring and
managing the system, managing users, and controlling
other aspects of Windows 2000.
The Microsoft Management
Console
In Windows NT, most management functions are scattered
through various utilities, some of which appear in the Control
Panel. Others are located in the Administrative Tools folder on
the Start menu. Still others are hidden in the deep recesses of
the file system, accessible only by Administrators with the time
to hunt them down. Each typically provides a unique UI and no
means of integrating tools together under a single interface.
One of the many changes in the Windows 2000 interface and
administrative structure over Windows NT is the switch to a
more homogenous approach to administrative utilities. While
many system and operating properties are still controlled
through the Control Panel, most administrative functions have
moved to the Microsoft Management Console, or MMC. The
MMC runs under Windows 2000, Windows NT, and Windows
9x. This section of the chapter examines the MMC and its
component tools.
You’ll find additional information about the MMC as well
as additional snap-ins at />management/mmc.
Tip
6
6
CHAPTER

✦✦✦✦
In This Chapter
Understanding
the Microsoft
Management
Console (MMC)
Working with
MMC Tools
Configuring Data
Sources (ODBC)
Exploring the Control
Panel Applets
✦✦✦✦
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 167
168
Part II ✦ Planning, Installation, and Configuration
Understanding the Function of the MMC
The MMC itself serves as a framework. Within that framework are various admin-
istrative tools called consoles. In particular, the MMC provides a unified interface
for administrative tools. This means that once you learn the structure of one tool,
the rest are going to follow suit (within limitations imposed by the differences
in function of the various tools). Figure 6-1 shows the MMC with the Computer
Management snap-in loaded (more on snap-ins shortly). As you’ll learn later
in this chapter, you use the Computer Management snap-in to configure most
aspects of a system’s hardware and software configuration.
Figure 6-1: The MMC serves as a framework for a wide variety
of administrative tools.
Perhaps more important than a unified interface is the fact that the MMC lets
you combine administrative tools to build your own console configuration,
which you can store by name on disk. The next time you need to work with it,

you run the MMC console from the Start menu or double-click its icon or shortcut.
For example, let’s say you want to put together a custom console for managing a
Windows 2000 Internet server. You can integrate the tools for managing DNS, DHCP,
and IIS all under one interface. This custom console gives you quick access to most
of the settings you need to configure on a regular basis for the server.
The MMC window consists of two panes. The left pane can contain two tabs:
Tree and Favorites. The Tree tab generally shows a hierarchical structure for the
object(s) being managed. When you use the Active Directory Users and Computers
console, for example, the tree shows the containers in the Active Directory (AD)
that pertain to users, groups, and computers. The Favorites tab lets you create
a list of frequently used items in the tree. The right pane is the details pane.
The details pane changes depending on the item you select in the tree. When
you select Services in the tree, for example, the details pane shows the list of
installed services.
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 168
169
Chapter 6 ✦ Configuring Windows 2000 Server
MMC provides two different modes: user mode and author mode. In user mode, you
work with existing consoles. Author mode lets you create new consoles or modify
existing ones. Figure 6-2 shows the Services console opened in user mode. Figure
6-3 shows the Services console opened in author mode. As indicated in the figures,
author mode offers access to commands and functions not available in user mode.
Figure 6-2: User mode restricts the actions a user can perform within
a console.
Figure 6-3: Author mode provides the ability to change console options
and add new snap-ins.
User mode actually offers three different options: full access, limited access with
multiple windows, and limited access with a single window. With full access, an
MMC user can access all the window management commands in MMC but can’t
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 169

170
Part II ✦ Planning, Installation, and Configuration
add or remove snap-ins or change console properties. The limited access options
limit changes to the window configuration of the console and use either a single
window or multiple windows depending on the mode. A console’s mode is stored
in the console and applies when you open the console. Console modes can be
change via the Options property sheet (click Console ➪ Options). Setting console
options is discussed later in the chapter.
The default mode in Windows 2000 is user mode— limited access, single window.
As mentioned earlier, you use author mode to author new consoles or modify existing
ones. In author mode, you can add and remove snap-ins, change window options, and
set options for the console.
Opening the MMC
You can open MMC consoles simply by selecting them from the Administrative
Tools folder in the Start menu or by double-clicking their icons in Explorer. You also
can start consoles using a command prompt. The format of the MMC command is:
MMC path\file.msc /a /s
The following list explains the options for MMC:
✦
Path\file.msc
: Replace
path
with the path to the console file specified by
file.msc
. You can use an absolute path or use the
%systemroot%
variable
to reference the local computer’s path to the Windows 2000 folder. Using
%systemroot%
is useful when you’re creating shortcuts to consoles for use

on different systems (where the system root folder might be different).
✦
/a
: Use the
/a
switch to enter author mode and enable changes to the
console. Opening an existing console with the
/a
switch overrides its
stored mode for the current session.
✦
/s
: Use this switch to prevent display of the splash screen that normally
appears when the MMC starts on Windows NT or Windows 9x systems.
This switch isn’t needed when running the MMC under Windows 2000.
For example, let’s say you want to open the DNS console in author mode to add the
DHCP snap-in to it. Use this command to open the DNS console in author mode:
MMC %systemroot%\System32\dnsmgmt.msc /a
You can right-click an .msc file and choose Author from the context menu to open
the file in author mode.
After opening the DNS console, you add the DHCP console using the Add/Remove
Snap-In command in the Console menu. Snap-ins are covered in the next section.
Tip
Note
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 170
171
Chapter 6 ✦ Configuring Windows 2000 Server
If you prefer, you can simply open the MMC in author mode, then add both snap-ins
using the Add/Remove Snap-In command in the Console menu.
Windows 2000 provides several pre-configured consoles for performing various

administrative tasks. Most of these console files are stored in
\systemroot\
System32
and have
.msc
file extensions (for Microsoft Console). Windows 2000
places several of these consoles in the Administrative Tools folder, which you
access by clicking Start ➪ Programs➪ Administrative Tools. In essence, each
of the pre-configured consoles contains one or more snap-ins geared toward
a specific administrative task.
In an apparent effort to simplify the Start menu, Microsoft only includes some of
these consoles in the Administrative Tools folder. However, you can open any con-
sole by double-clicking its file. When you do so, the MMC loads first and then opens
the console. You also can open the MMC and add snap-ins to your own consoles.
This gives you the ability to create a custom console containing whichever group(s)
of snap-ins you use most often or that are targeted for specific administrative tasks.
Using Snap-Ins
While the MMC forms the framework for integrated administrative tools in
Windows 2000, the tools themselves are called snap-ins. Each MMC snap-in
enables you to perform a specific administrative function or group of functions.
For example, you use the DHCP snap-in to administer DHCP servers and scopes.
The various MMC snap-ins serve the same function as individual administrative
tools did in Windows NT. For example, the Event Viewer snap-in takes the place
of the standalone Event Viewer tool (Figure 6-4). The Disk Management branch
of the Computer Management snap-in replaces Disk Administrator. The Active
Directory Users and Computers snap-in takes the place of User Manager for
Domains, and so on.
Figure 6-4: Snap-ins perform specific administrative functions and replace
standalone tools such as Event Viewer.
Tip

4667-8 ch06.f.qc 5/15/00 1:58 PM Page 171
172
Part II ✦ Planning, Installation, and Configuration
Snap-ins come in two flavors: standalone and extension. Standalone snap-ins are
usually called simply snap-ins. Extension snap-ins are usually called simply exten-
sions. Snap-ins function by themselves and can be added individually to a console.
Extensions are associated with a snap-in and are added to a standalone snap-in or
other extension on the console tree. Extensions function within the framework of
the standalone snap-in and operate on the objects targeted by the snap-in. For
example, the Services snap-in incorporates three extensions: Send Console
Message, Service Dependencies, and SNMP Snap-in Extension.
You can add snap-ins and extensions when you open a console in author mode.
By default, all extensions associated with a snap-in are added when you add the
snap-in, but you can selectively disable extensions for a snap-in.
To add a snap-in, open the MMC in author mode and choose Console ➪ Add/
Remove Snap-In. The Standalone page of the Add/Remove Snap-In property sheet
shows the snap-ins currently loaded. The Extensions tab lists extensions for the
currently selected snap-in and allows you to add all extensions or selectively
enable/disable specific extensions.
In the Standalone page, click Add to add a new snap-in. The Add Standalone Snap-In
dialog box lists the available snap-ins. Click the snap-in you want to add and click
Add. Depending on the snap-in, you might be prompted to select the focus for the
snap-in. For example, when you add the Device Manager snap-in, you can select
between managing the local computer or managing another computer on the net-
work. Adding the IP Security Policy Management snap-in lets you choose between
the local computer, domain policy for the computer’s domain, domain policy for
another domain, or another computer.
After you configure snap-ins and extensions the way you want them, save the console
so you can quickly open the same configuration later. To do so, choose Console, Save,
or Save As, and specify a name for the console. Windows 2000 by default will place

the new console in the Administrative Tools folder, which appears on the Start menu
under Programs, but you can specify a different location if desired.
Taskpads
A taskpad is a page on which you can add views of the details pane and shortcuts to
various functions inside and outside of a console. These shortcuts can run commands,
open folders, open a Web page, execute menu commands, and so on. In essence,
taskpads let you create a page of organized tasks to help you perform tasks quickly
rather than using the existing menu provided by the snap-in. You can create multiple
taskpads in a console, but the console must contain at least one snap-in. Figure 6-5
shows a taskpad for performing a variety of tasks in the DNS snap-in.
A taskpad can contain a list from the details pane in either horizontal or vertical
format. Horizontal works well for multiple column lists (many fields per item),
and vertical works well for long lists (few fields per item). You also can configure
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 172
173
Chapter 6 ✦ Configuring Windows 2000 Server
a taskpad to show no lists. In addition to the list, the taskpad includes an icon
for each task with either a pop-up description or text description of the task.
You simply click a task’s icon to execute the task.
Figure 6-5: Taskpads let you create tasks for performing specific actions, such
as these DNS-related tasks.
Creating a taskpad
To create a taskpad, right-click the object in the tree that you want to be the
focus of the taskpad, then choose New Taskpad View. MMC starts a wizard to
help you create the taskpad. In the first page of the wizard (Figure 6-6), you
define the appearance of the taskpad. As you make selections, the wizard
shows the results to help you determine the effect of your choices.
In the second page of the wizard, you specify the items to which the taskpad
applies. The following list summarizes the options:
✦ Selected tree item: This option applies the taskpad only to the selected item in

the tree. Using the DNS snap-in as an example, creating a taskpad for Forward
Lookup Zones and using this option will cause the taskpad to appear only
when you click Forward Lookup Zones. It will not appear if you click Reverse
Lookup Zones.
✦ All tree items that are the same type as the selected tree item: This option
applies the taskpad to all objects in the tree that are the same type as the
selected object. Using the previous DNS example, choosing this option will
cause the taskpad to display when you click either Forward Lookup Zones
or Reverse Lookup Zones.
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 173
174
Part II ✦ Planning, Installation, and Configuration
Figure 6-6: The first wizard page helps you configure the
way the taskpad appears.
✦ Change default display to this taskpad view for these tree items: Select this
option to have the MMC automatically switch to taskpad view when the user
clicks the object in the tree associated with the taskpad. Deselect the option
to have the MMC default to the normal view instead.
The third page of the wizard prompts you for a taskpad view name and description.
The name appears at the top of the taskpad and on the tab at the bottom of the
taskpad. The description appears at the top of the taskpad under the taskpad name.
On the final page of the wizard, you can click Finish to create the taskpad. The Start
New Task wizard option, if selected, causes the Start New Task wizard to execute
when you click Finish. This wizard, described in the next section, helps you create
tasks for the taskpad.
Creating tasks
After you create a taskpad, you’ll naturally want to create tasks to go on it. Select
the Start New Task wizard option if you are in the process of creating the taskpad.
Or, right-click the node in the tree that is associated with the taskpad, choose Edit
Taskpad View, click the Tasks tab, then click New.

The first functional page of the wizard prompts you to select the type of task to
add. These include the following:
✦ Menu command: Choose this option to execute a menu command. In the sub-
sequent wizard page, you specify the source for the command and the com-
mand itself. The available commands fall within the context of the selected
source. Select an object, then select the desired command.
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 174
175
Chapter 6 ✦ Configuring Windows 2000 Server
✦ Shell command: Choose this option to start a program, execute a script,
open a Web object, execute a shortcut, or perform any other task you can
execute from a command line. The wizard prompts you for the command,
optional command-line parameters or switches, startup folder, and window
state (minimized, normal, maximized).
✦ Navigation: Choose this option to add an icon for an existing item listed in
Favorites. See the section, “Favorites,” later in this chapter to learn how to
add to the Favorites list.
The wizard also prompts you for a task name, description, and icon to associate
with each task, and gives you the option at completion of running the wizard again
to create another task.
Modifying a taskpad
You can modify an existing taskpad to add or remove tasks or change taskpad
view options. Right-click (in the tree) the object associated with the taskpad,
then choose Edit Taskpad View. MMC displays a property sheet for the taskpad.
The General page shows the same properties you specified when you created
the taskpad, such as list type, list size, and so on. Change options as desired.
The Tasks page (Figure 6-7) lists existing tasks and lets you create new ones.
New starts the New Task wizard. Remove deletes the selected task. Modify lets
you change the task name, description, and icon for the task, but not modify the
task itself. To modify the task, remove the task and recreate it. You also can use

the up and down arrows to change the order of tasks in the list, which changes
their order of appearance on the taskpad.
Figure 6-7: Use the Tasks page to
add, remove, and modify tasks.
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 175
176
Part II ✦ Planning, Installation, and Configuration
Favorites
The Favorites list in the left pane of the MMC lets you access often-used objects in
a console with a single click. The Favorites list appears when you open a console
in author mode or if the Favorites list contains any items. The tab doesn’t show up
in the left pane when the console is opened in user mode or if the Favorites list is
blank. It is useful for quickly accessing objects that are buried deep in the tree. You
also can use Favorites to simplify the view of the tree for inexperienced users.
To add an item to Favorites, click the object in the tree to which you want to cre-
ate the shortcut, then choose Favorites ➪ Add to Favorites. Specify a name for the
shortcut and the folder in which you want it created. Click New Folder to create a
new folder for the shortcut.
You can use the Organize Favorites dialog box to create folders, move items from
one folder to another, and rename or delete items. Choose Favorites ➪ Organize
Favorites to open the Organize Favorites dialog box.
Other Add-In Tools
Snap-ins are just one of the objects you can add to an MMC console. Other objects
include ActiveX controls, links to Web pages, folders, taskpad views, and tasks. The
previous section explained taskpad views and tasks. The following list summarizes
the additional items:
✦ ActiveX controls: You can add ActiveX controls to a console as the details/
results view (right pane) for the selected node of the tree. The System
Monitor Control that displays system performance status in Performance
Monitor is an example of an ActiveX control. Choose Console➪ Add/Remove

Snap-In, select ActiveX Control from the list, and then click Add. The MMC
provides a wizard to help you embed ActiveX controls, prompting you for
additional information when necessary.
✦ Links to Web pages: You can add links to URLs in a console, which can be any
URL viewable within a browser (Web site, ftp site, and so on).
✦ Folders: Insert folders as containers in the console to contain other objects.
You can use folders as a means of organizing tools in a console.
Would you like to add a local or network folder to a console? Just use the Link to
Web page object and point it to the folder instead of an Internet URL.
Customizing MMC to Suit Your Needs
Like most applications, you can customize the MMC to suit your needs or preferences.
First, you can configure the settings for a console when you author it to determine
the way it displays in subsequent sessions. For example, you might want to configure
Tip
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 176
177
Chapter 6 ✦ Configuring Windows 2000 Server
a console for user mode — limited access, single window, to limit the actions the users
can perform with the console. To configure a console, first open the console in author
mode. Choose Console, Options to open the Options dialog box for the console
(Figure 6-8). Specify settings and then save the console. The changes will take
effect the next time the console is opened.
Figure 6-8: Use the Options
dialog box to configure the
console for future sessions.
The following list explains the available options:
✦ Change Icon: Click to change the icon associated with the .
msc
file. You’ll find
several icons in

systemroot\system32\Shell32.dll
.
✦ Console mode: Choose the mode in which you want the console to open for
the next session. Choose between author mode and one of the three user
modes discussed previously.
✦ Enable context menus on taskpads in this console: Select this option to
enable context menus in taskpads. If deselected, right-clicking a taskpad
object will have no effect (no context menu is displayed).
✦ Do not save changes to the console: Select this option to prevent the user
from saving changes to the console, in effect, write-protecting it.
✦ Allow the user to customize views: Select this option to allow users to add
windows focused on items in the console. Deselect to prevent users from
adding windows.
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 177
178
Part II ✦ Planning, Installation, and Configuration
You also can control view options within the MMC. To do so, choose View➪
Customize to access the Customize View dialog box (Figure 6-9). The options
in the Customize View dialog box are self-explanatory.
Figure 6-9: Use Customize View to set
view properties in the MMC.
Control Panel versus MMC
Even though the MMC now serves as the focal point for many of the administration
tasks you’ll perform on a regular basis, the Control Panel hasn’t gone away. The
Control Panel is alive and well and contains several objects for configuring the sys-
tem’s hardware and operating configuration. The tools provided for the MMC do
not take the place of the Control Panel objects or vice-versa. However, you will find
some of the MMC tools in the Administrative Tools folder in the Control Panel.
The Control Panel in Windows 2000 works much like the Control Panels in Windows
NT and Windows 9x. In fact, many of the objects are the same or similar. Latter

sections of this chapter explore the Control Panel objects. The following section
examines the core set of MMC tools for managing a Windows 2000 system.
MMC Tools
As explained previously, Windows 2000 contains several pre-defined consoles for
managing a variety of tasks both on local computers and across the network. The
following sections provide an overview of these tools.
Component Services
The primary function of the Component Services console (Figure 6-10) is to provide
management tools for COM+ applications. COM+ provides a structure for developing
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 178
179
Chapter 6 ✦ Configuring Windows 2000 Server
distributed applications (client/server applications). The Component Services console
lets you configure a system for Component Services, configure initial service settings,
install and configure COM+ applications, and monitor and tune components.
Configuring COM+ applications goes hand-in-hand with COM+ application devel-
opment. For that reason, this book doesn’t provide detailed coverage of COM+
configuration.
The three primary branches of the Component Services node under each computer
are as follows:
✦ COM+ Applications: Use this branch to configure Component and Role
properties and settings for the COM+ IMDB Proxy Connection Manager, IMDB
Utilities, QC Dead Letter Queue Listener, Utilities, and System Application.
✦ Distributed Transaction Coordinator: Use this branch to view the DTC
transaction list and monitor transaction statistics.
✦ IMDB Data Sources: Use this branch to add or delete IMDB data sources and
set properties of existing data sources.
You’ll notice that the Component Services console that is provided with Windows
2000 includes nodes for the Event Viewer and Services. These are also available as
separate consoles. See the sections, “Event Viewer,” and, “Services,” later in this

chapter for more details.
Figure 6-10: Use Component Services to configure COM+ applications
as well as general Windows 2000 services.
Note
Note
4667-8 ch06.f.qc 5/15/00 1:58 PM Page 179
180
Part II ✦ Planning, Installation, and Configuration
Computer Management
The Computer Management console (Figure 6-11) provides tools for managing
several aspects of a system. Right-click My Computer and choose Manage, or
click Start ➪ Programs➪ Administrative Tools ➪ Computer Management to open
the Computer Management console. Computer Management is composed of three
primary branches: System Tools, Storage, and Services and Applications. System
Tools provides extensions for viewing information about the system, configuring
devices, viewing event logs, and so on. Storage provides tools for managing physi-
cal and logical drives and removable storage. Services and Applications lets you
configure telephony, Windows Management Instrumentation (WMI), services,
and the Indexing Service. Other applications can appear under this branch as
well, depending on the system’s configuration.
You can use Computer Management to manage either the local computer or
a remote computer. Right-click the Computer Management node and choose
Connect to another computer to manage a remote system. The tasks you can
perform are usually the same whether locally or remotely, but some tasks
can only be performed within the context of the local system. This chapter
assumes you’re using Computer Management to manage the local system.
Figure 6-11: Computer Management integrates several snap-ins to
help you manage a system, its storage devices, and services.
This section covers the snap-in extensions provided in the Computer Manage-
ment console. However, many of these extensions can be used individually

within their own consoles. For example, you can open Services.msc to config-
ure services rather than using the Services node in Computer Management. Look
in systemroot\System32 for available snap-ins (.msc file extension).
Tip
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 180
181
Chapter 6 ✦ Configuring Windows 2000 Server
Event Viewer
The Event Viewer snap-in takes the place of the standalone Event Viewer applica-
tion in Windows NT. Use Event Viewer to view events in the Application, Security,
and System logs, as well as to configure log behavior (size, rollover, and so on).
See the section, “Event Viewer,” later in this chapter for more information.
System Information
System Information provides a place for you to browse information about the
system’s configuration. Note that System Information only displays information
about the system — it doesn’t let you configure settings.
The following list summarizes the branches in System Information:
✦ System Summary: This branch shows general information about the system
including OS name and version, system name, BIOS version, physical and
virtual memory, and so on.
✦ Hardware Resources: This branch provides information about resource
allocation for DMA, IRQ, I/O base addresses, memory, and so on.
✦ Components: This branch lists resources for individual components such as
the display, modem, network, USB, and so on.
✦ Software Environment: Use this branch to view information about driver status,
environment variables, network connections, scheduled tasks, and so on.
✦ Internet Explorer 5: This branch displays information about Internet Explorer
5 including general information, file versions, cache contents and statistics,
certificates, and so on.
Perhaps the most useful aspect of the System Information branch is that you can

extract the information to a text file or system information file. The text file can be
opened in any text editor, incorporated into a report document, embedded in an
e-mail message, and so on. The system information file (
.nfo
file) uses a propri-
etary file format that can be read and displayed by the System Information snap-in
extension. Saving a system’s configuration to disk in
.nfo
format lets you take a
“snapshot” of the system to use as a baseline for comparing later changes or simply
as a record of the system’s settings. The benefit of saving the configuration to a
.nfo
file rather than a text file is that you can view it in a hierarchical structure
within the snap-in. The benefit of using a text file is that you can incorporate the
data in other documents.
To save a
.nfo
file, right-click any node of the System Information branch and
choose Save As System Information File. Specify a file name and click OK. System
Information saves the entire branch regardless of where you clicked it (it could take
a while for the file to be generated). To view a
.nfo
file, simply double-click the file
(Figure 6-12).
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 181
182
Part II ✦ Planning, Installation, and Configuration
Figure 6-12: You can view a saved .nfo file within the System Information snap-in
extension by double-clicking the .nfo file.
When you save data to a text file instead of a

.nfo
file, you can save only a particu-
lar sub-branch, if desired. You can save an individual System Information branch
to a text file using one of two methods. First, you can right-click the branch and
choose Save As Text File. After you specify a file name, System Information saves
the contents of the branch as a tab-delimited file. The node from which you save
the file determines the amount of data in it. For example, right-click System
Information and choose Save As Text File to save the entire System Information
branch to a tab-delimited file. As with the
.nfo
file, saving the entire branch can
take a while depending on the speed of your system.
The second method of saving the information to a text file offers one other benefit:
You can choose the file delimiting method. Right-click the level from which you
want to generate the report file and choose Export List. Specify a file name and
from the Save as type drop-down list choose between tab-delimited and comma-
delimited, then click Save. To save a single item from the details list, select the
option Save Only Selected Rows in the Save As dialog box.
Unfortunately, System Information lets you select only a single item, so there is no
way to select and save a range of information. You’ll have to save the whole
branch and then edit the file to eliminate the unwanted data.
Note
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 182
183
Chapter 6 ✦ Configuring Windows 2000 Server
You also can print a report of a given branch. To do so, right-click the branch and
choose Print.
System Information provides a search feature that you can use to locate specific
information about hardware or settings in the System Information branch. This
is particularly useful since System Information contains a lot of information.

Follow these steps to perform a search in System Information:
1. Click the level at which you want to search.
2. Choose Action ➪ Find and enter your search text in Find What.
3.Choose between the following options:
• Check Restrict Search to Selected Category to search only the currently
selected category. Uncheck this to search all categories.
• Check Search Categories Only to search only the console (left) pane and
not the results (right) pane for the specified text. Uncheck this to search
the results pane as well.
4. Click Find Next to begin the search.
Performance Logs and Alerts
The Performance Logs and Alerts branch of the Computer Management snap-in pro-
vides a tool for setting up performance monitoring. You can configure counter logs,
trace logs, and alerts. This branch is useful only for viewing or modifying settings —
it doesn’t enable you to actually execute any performance monitoring. Instead, you
need to use the Performance MMC snap-in. See Chapter 20 for detailed information
on configuring performance logs and alerts, and monitoring system performance.
Shared Folders
The Shared Folders branch of the Computer Management snap-in lets you view and
manage shared folders, connections, and open files. It takes the place of features
formerly found in the Windows NT Server Manager. The Shares node lets you view
shares on the selected computer. In addition, you can double-click a share to view
and modify its properties and share permissions. See Chapter 20 for information on
publishing folders in the Active Directory.
You can create and manage shared folders through the Explorer interface. The
advantage to using Shared Folders instead is that you can see all shares on the sys-
tem at a glance.
Tip
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 183
184

Part II ✦ Planning, Installation, and Configuration
You’ll notice that a system includes a handful of shares by default, most of which
are hidden shares (suffixed with a
$
sign). These shares include the following:
✦
drive$
: Windows 2000 shares the root of each drive as a hidden share for
administrative purposes. You can connect to the share using the UNC path
\\server\drive$
, where server is the computer name and drive is the drive
letter, such as
\\appsrv\d$
. Members of the Administrators and Backup
Operators groups can connect to administrative shares on Windows 2000
Professional systems. Members of the Server Operators group can connect
to administrative shares on Windows 2000 Server systems, as well as
Administrators and Backup Operators.
✦
ADMIN$
: This administrative share points to the
systemroot
folder on
the system (typically,
\WINNT
) and is used by the system during remote
administration.
✦
IPC$
: The

IPC$
share is used to share named pipes and is used during remote
administration and when viewing a computer’s shares.
✦
PRINT$
: This share enables remote printer administration and points by
default to
systemroot\System32\spool\drivers
.
✦
NETLOGON
: This share is used to support user logon, typically for storing
user logon scripts and profiles. There is no pre-defined
NETLOGON
share
for Windows 2000 Professional computers, but such a system will look
by default in the
systemroot\System32\Repl\Import\Scripts
folder
of the local computer when the user logs on locally in a workgroup for
profiles and scripts. In Windows 2000 domains, the
NETLOGON
share
points to
sysvol\domain\Scripts
on the domain controller(s).
✦
FAX$
: This share is present when the fax service is installed and shared. It
serves to cache files and cover pages.

For a complete discussion of sharing and security, offline folder access, and related
topics, see Chapter 22.
The Sessions node lets you view a list of users currently connected to the system.
You can disconnect a user by right-clicking the user and choosing Close Session.
Disconnecting a user could result in lost data for the user, so you might want to
broadcast a console message to the user first. To do so, right-click any branch
of Shared Folders and choose All Tasks, Send Console Message.
When you are viewing sessions for a remote computer, your connection appears
as an open-named pipe and can’t be closed.
The Open Files branch lets you view files opened by remote users. Right-click
an individual file and choose Close Open File to close the file. Or, right-click
the Open Files node and choose Disconnect All Open Files to close all files.
As when disconnecting users, closing files could result in a loss of data, so
try to broadcast a console message to the user first.
Tip
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 184
185
Chapter 6 ✦ Configuring Windows 2000 Server
Device Manager
The Device Manager is a new feature in Windows 2000, its closest Windows NT
cousin being the Devices object in the Windows NT Control Panel. Windows 9x
users and administrators will find the Device Manager a familiar and welcome sight.
Device Manager provides a unified interface for viewing and managing devices and
their resources (DMA, memory, IRQ, and so on). Device Manager displays devices
using a branch structure. Expand a device branch to view the devices in the branch.
No special icon beside a device indicates the device is functioning properly. A yellow
exclamation icon indicates a potential problem with the device, such as a resource
conflict. A red X indicates the device is disconnected, disabled, or not in use in the
current hardware profile.
Device Manager is the primary tool you use for configuring a system’s hardware.

To view or manage a device, locate it in the details pane and double-click the device
(or right-click and choose Properties) to display the device’s property sheet. The
contents of the property vary according to the device type. Figure 6-13 shows a
typical property sheet for a network adapter.
Figure 6-13: Use a device’s property sheet to view
and configure settings such as resource usage.
The General page, shown in Figure 6-13, provides general information about a device,
such as device type, manufacturer, and so on. Use the Device usage drop-down list to
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 185
186
Part II ✦ Planning, Installation, and Configuration
enable or disable the device. Click Troubleshooter if you’re having problems with the
device and want to use a wizard to help troubleshoot the connection.
It isn’t practical to cover all the settings for all possible types of devices in this
chapter. The following sections explain tasks common to most devices: changing
drivers and modifying resource assignments.
Driver changes
The Driver property page lets you view details about, uninstall, and update a
device’s driver. Click Driver Details to view a list of the files that comprise the
device’s driver. This list is useful for checking file or driver version to make sure
you’re using a specific version of the driver. Use Uninstall if you want to remove
the selected device’s driver.
The Update Driver button opens the Upgrade Device Driver wizard. Use the wizard
to install an updated driver for the device. The wizard gives you the option of search-
ing your system’s floppy and CD-ROM drives, other specific location (local or remote
share), or the Microsoft Windows Update Web site. Just follow the prompts to com-
plete the update. In some cases, changing drivers requires a system restart.
Resource assignment
Because it supports Plug-and-Play (PnP), Windows 2000 can assign device resources
such as DMA, IRQ, I/O base address, and UMA memory allocation automatically. In

some cases, particularly with legacy devices (those not supporting PnP), you’ll have
to configure resource allocation manually. To do so, open a device’s property sheet
and click the Resources tab. If the Resources page doesn’t provide any resources
to change, click Set Configuration Manually to switch the page to manual property
configuration (Figure 6-14).
In most cases, Windows 2000 provides multiple, pre-defined configurations for
devices, such as a combination of a specific IRQ and I/O range. Deselect the Use
automatic settings option, then select a different configuration set from the
Setting based on the drop-down list. To modify individual settings, first click in
the Resource settings list the resource you want to change, then click Change
Setting. Specify the desired setting in the resulting dialog box and click OK.
Local Users and Groups
The Local Users and Groups branch of the Computer Management snap-in lets you
create and manage local user accounts and groups on Windows 2000 Professional
computers and member servers. This branch is disabled on a domain controller,
since you use the Active Directory Users and Computers snap-in to create user
accounts and groups in the Active Directory.
Users and groups are covered in detail in Chapter 10.
Cross-
Reference
Note
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 186
187
Chapter 6 ✦ Configuring Windows 2000 Server
Figure 6-14: Set a device’s resource utilization through
its Resources property page.
If you’re familiar with creating user accounts and groups under Windows NT,
you’ll have no problem using Local Users and Groups to create accounts. If not,
see Chapter 10 for a detailed description of how to create accounts and groups.
The primary difference between creating local accounts and groups and the same

objects in the Active Directory is that the Active Directory provides for additional
account and group properties. In addition, creating accounts and groups requires
an understanding of permissions, rights, group policy, and user profiles, all of
which are explained in Chapter 10.
Disk Management
The Disk Management node is the place to go to manage physical disks and vol-
umes. Disk Management takes the place of the Windows NT Disk Administrator, and
an important distinction is that unlike the Disk Administrator, Disk Management
performs most tasks immediately. In Disk Administrator, you must commit changes
for most tasks (such as creating or deleting a partition). If you’re an experienced
Windows NT administrator, keep this important point in mind when making storage
changes with Disk Management.
Some of the tasks you can perform with Disk Management include managing
partitions, converting basic disks to dynamic disks, creating volumes (basic,
spanned, striped, mirrored, RAID-5), creating and deleting physical volumes,
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 187
188
Part II ✦ Planning, Installation, and Configuration
formatting disks, and so on. For a complete discussion of storage devices
and management (including the Disk Management node), see Chapter 16.
Disk Defragmenter
As a disk is used over time, the data on the disk is scattered into noncontiguous
clusters, becoming fragmented. Disk performance is greatest when data is not frag-
mented, as it takes less time to read the data (since the drive heads don’t have to
move as much to reassemble the data). The Disk Defragmenter node in Computer
Management lets you analyze a disk for fragmentation and defragment the disk. See
Chapter 21 for a discussion of Disk Defragmenter and other options for improving
disk performance.
Logical Drives
The Logical Drives node displays information such as capacity, space used, and free

space about logical drives in the system. You also can set volume label for a volume.
For NTFS volumes, you can use the Security tab to apply NTFS object permissions to
the volume. See Chapter 22 for a discussion of permissions, rights, and assigning
object permissions.
Removable Storage
The Removable Storage node provides a tool for configuring and managing remov-
able storage devices and media. You use Removable Storage to track media such
as tapes and optical disks and their hardware devices (jukeboxes, tape changers,
and so on). Removable storage is a technology subset of Hierarchical Storage
Management (HSM) and Remote Storage Services (RSS). These new technologies
provide a means for automatic data archival and retrieval of archived data.
The Removable Storage node lets you create and manage media pools, insert and
eject media, mount and dismount media, view media and library status, inventory
libraries, and assign permissions for security on media and libraries.
Telephony
The Telephony node provides a centralized tool for managing telephony properties
for the selected computer, including configuring telephony providers and assigning
user permission for various providers.
WMI Control
The WMI Control node in Computer Management provides tools for configuring and
managing Windows Management Instrumentation (WMI) on a computer. WMI works
in conjunction with the Web-Based Enterprise Management initiative to provide a
means of collecting data about computers and their component devices both locally
and remotely. WMI functions at the device-driver level, providing event notification
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 188
189
Chapter 6 ✦ Configuring Windows 2000 Server
from drivers and enabling WMI to collect data for analysis and management pur-
poses. WMI is a key component in enterprise management. The WMI Control node
provides a means for configuring general settings, logging, backup and restore of

the WMI repository, and security to control WMI access.
Services
In Windows 2000, services are applications that perform specific functions such as
networking, logon, print spooling, remote access, and so on within the operating
system. You can think of services as operating system-oriented applications that
function by themselves or in concert with other services or user applications to
perform specific tasks or provide certain features within the OS. Device drivers,
for example, function as services. Both Windows 2000 Professional and Server
include several standard services by default, and many third-party applications
function as or include their own services. A background virus scrubber is a good
example of a possible third-party service.
Windows NT administrators will remember the Services object in the Control Panel
that enables you to configure, start, stop, and pause services. In Windows 2000,
the Services node in the Computer Management snap-in takes over that function
(Figure 6-15). Services lists the installed services on the target system, and when
Detail view is selected, displays description, status, startup type, and account the
service uses to log on.
Figure 6-15: Use Services to configure, start, stop, and pause services, as well
as view service dependencies.
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 189
190
Part II ✦ Planning, Installation, and Configuration
Starting and stopping services
A running service processes requests and generally performs the task it was
designed to accomplish. Stopping a service terminates the service and removes
it from memory. Starting a service initializes and activates the service so it can
perform its task or function. For example, the DNS Client, when running functions
as a DNS resolver, processes requests for name to address mapping in the DNS
namespace. If you stop the DNS Client service, it is no longer available to process
DNS queries.

Like Windows NT, Windows 2000 supports three startup modes for services:
✦ Automatic: The service starts automatically at system startup.
✦ Manual: The service can be started by a user or a dependent service. The
service does not start automatically at system startup unless a dependent
service is set for automatic startup (therefore causing the service to start).
✦ Disabled: The service cannot be started by the system, a user, or dependent
service.
You set a service’s startup mode through the General page of the service’s proper-
ties. Open the Services node in the Computer Management MMC snap-in (or open
the Services.msc console in
systemroot\System32
) and double-click the service.
Figure 6-16 shows the General property page for a typical service. From the Startup
type drop-down list, choose the desired startup mode and click Apply or OK.
Figure 6-16: Use the General
page to configure service
startup, control the service
(start/stop), and set general
properties.
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 190
191
Chapter 6 ✦ Configuring Windows 2000 Server
The General tab also lets you start, stop, pause, or resume a service. Starting and
stopping were explained previously. Pausing a service causes it to suspend opera-
tion but doesn’t remove the service from memory. Resume a paused service to
have it continue functioning. Open a service’s General property page, then click
Start, Stop, Pause, or Resume, as appropriate.
You also can start and stop services from a console prompt using the NET START and
NET STOP commands along with the service’s name, which you’ll find on its General
property page in the Service name field. For example, use the command NET START

ALERTER to start the Alerter service. Use NET STOP ALERTER to stop it.
NET START and NET STOP are very useful for controlling services remotely. If the
telnet service is running on the remote computer, you can telnet to the computer
and use NET START and NET STOP to start and stop services on the remote system.
Setting General service properties
Other settings on a service’s General property page control how the service is
listed in the details pane and how it starts up. Use the Display name field to specify
the name that will appear under the Name field for the service in the details pane.
Specify the service’s description in the Description field. Use the Start parameters
field to specify optional switches or parameters to determine how the service
starts. These are just like command-line switches for a console command.
Configuring service logon
The Log On property page for a service controls how the service logs on and the
hardware profiles in which the service is used. Most services log on using the
System account, although in some cases you’ll want to specify a different account
for a service to use. Some types of administrative services often use their own
accounts because they require administrative privileges. So, you’d create an
account specifically for the service and either make it a member of the Admin-
istrators group or give it the equivalent permissions, subject to its specific needs.
Avoid using the Administrator account itself for a service to log on. When you
change the Administrator password (which you should do often if you use this
account), you will also have to reconfigure each service that used the Administrator
account to change the password in the service’s properties. Using a special account
for those services instead lets you change the Administrator account password
without affecting any services. Check out Chapters 10 and 11 where we spend a lot
of effort to hide the Administrator account and discontinue its use.
The Log On property page contains the following controls:
✦ Local System account: Select to have the service log on using the local
System account.
✦ Allow service to interact with desktop: Select to allow the service to provide

a UI for the currently logged-on user to interact with the service. This setting
has no effect if the service isn’t designed to provide a UI.
Tip
Tip
4667-8 ch06.f.qc 5/15/00 1:59 PM Page 191