'; window.popUpWin.document.write(zhtm); window.popUpWin.document.close(); // Johnny Jackson 4/28/98 } //--> Windows 98 Professional Reference -- Ch 23 -- Windows 98 in Windows NT Domains


Windows 98 Professional Reference

Previous chapterNext chapterContents

- 23 -
Windows 98 in Windows NT Domains

Windows 98 machines can coexist comfortably in a Windows 98-only workgroup, sharing files and printers without the need for oversight from a server-based system. For bigger networks, however (say, larger than eight or nine PCs), and for more complicated networking situations, involving routers, roving users, shared workstations, and the like, the workgroup model has some limitations. One of the biggest limitations of a workgroup, other than its limited size, is that there is no common security database. The decentralized logon and resource security of a peer-to-peer network can become confusing, unmanageable, and, often, unreliable as users struggle to unravel who shared what with whom and from where?

The Windows NT domain model provides for more systematic and reliable management of network resources. In a Windows NT domain, a single computer (or a group of computers) called domain controllers maintain the security database for the whole network. When a user logs on from a client machine--in this case, a Windows 98 machine--the user's logon request passes from the client to the domain controller, where it is approved or disapproved depending on whether the user's credentials match the settings stored in the domain account database. Domain user accounts are independent of any particular client machine--a domain user named MATTIE can log on as MATTIE from any machine in the domain and still gain access to the same domain-based account.

The domain networking model is really the standard networking model for all but the simplest Microsoft networks. If you have 10 or more computers, or if you want a mo ' versatile and systematic approach to security and resource management, you'd better think about a Windows NT domain.

A domain requires at least one Windows NT Server system acting as a primary domain controller (PDC). The rest of the computers could, theoretically, all be some form of client machines, including Windows 98 clients. Depending on your network's size and level of traffic, you may want to add one or more additional Windows NT domain controllers (called Backup Domain Controllers--BDCs). A BDC is a good idea no matter how small your network is: When one domain controller is down, the other can continue to provide authentication. When you establish a domain, Windows 98 clients can use the domain accounts database (located on the domain controllers) for logon and resource security.

Windows NT Server is a more sophisticated operating system than Windows 98, and it comes with mor�sophisticated tools that expand and enhance the Microsoft networking environment. In addition to a common security, a Windows NT server network can provide enhanced services that aren't available in Windows 98. You'll learn about some of those services in the next section.

Configuring a Windows NT Server machine is, of course, the subject for a Windows NT Server book and not a Windows 98 book. This chapter won't attempt to fathom the intricacies of configuring a Windows NT Server system but will focus on setting up and using Windows 98 as a domain client.

What You Get with Windows NT Server

A Windows NT Server system provides the network with several important features that aren't available in Windows 98. You can configure Windows 98 to make use of these networking features. Some of the advanced networking features available to Windows 98 clients through Windows NT Server are as follows:

These features are discussed throughout this book. The domain client role is so important to Windows 98 that it spills into many aspects of configuration and management.

Configuring Windows 98 as a Domain Client

Chapter 21 discussed the steps for configuring networking in Windows 98. A Windows 98 domain client requires the same basic networking components as any other Windows 98 system. You must configure services, adapters, protocols, and protocol bindings. In particular, if you want your Windows 98 system to function as part of a domain, attend to the following steps:

1. In the Configuration tab of the Network Control Panel (see Figure 23.1), choose Client for Microsoft Networks as the Primary Network Logon.
Make sure Client for Microsoft Networks is installed as a network client. If it is not installed, click the Add button, choose Client from the component list and click Add. Then choose Microsoft from the Manufacturers list, select Client for Microsoft Networks, and click OK.

Figure 23.1

The Network Control Panel Configuration tab.

2. Once Client for Microsoft Networks is installed, double-click on it in the configuration tab (see Figure 23.1). You'll see the Client for Microsoft Networks Properties dialog box (see Figure 23.2).
3. In the Client for Microsoft Networks Properties dialog box (see Figure 23.2), check the box labeled Log on to Windows NT domain and enter the domain name in the space provided. Configure a logon option and click OK.

Figure 23.2

The Client for Microsoft Networks Properties dialog box.

4. If you want the Windows 98 client to share resources on the domain, click the button labeled File and Print Sharing (in the Configuration tab of the Network Control Panel) and choose to share files and/or printers.
5. Make sure the adapter that will access the Windows NT domain is properly installed and configured (see Chapter 21).
6. Click the Access Control tab in the Network dialog box (see Figure 23.3). If you want to use the domain user and group lists to control access to shared resources on the Windows 98 machine, select the button labeled User-level access control and enter the name of the domain in the box labeled Obtain list of users and groups from. Click OK.

Figure 23.3

The Network Control Panel Access Control tab.

7. Restart your computer if necessary.

NOTE: As you learned in Chapter 21, you can enable user-level access control in the Access Control tab (refer to Figure 23.3) without configuring Windows 98 as a domain client. In that case, the Windows 98 machine would obtain a user list from a Windows NT or NetWare system but would not log on through the domain. You'll learn more about domain logon in the next section.

Once you log on to the Windows NT domain, you'll have access to domain resources through your domain user account and the group accounts associated with your user account. You'll be able to share drives, directories, and printers on the network and assign permissions to domain users and groups for those shared resources (see Chapter 21).

Windows 98 in Windows NT Domains

In a Windows NT domain, the domain controller(s) becomes a central point for managing user accounts. Through Windows NT Server's User Manager for Domains utility, you can configure any of the following features for a user account:

Although a full discussion of Windows NT configuration belongs in another book, the preceding items are important facets of Windows 98 domain configuration and deserve mention here.

Home Directories

Each user in a Windows NT domain can have a home directory. A home directory is a central default location for users' files and user configuration information (see Figure 23.4). In the case of a Windows 98 machine, the home directory is also the home for a roaming or mandatory user profile that will be accessible to users no matter where they log on. (See Chapter 8 for more on user profiles.)

The user's home directory becomes the default starting point for File Open and Save As commands, and it also appears as a starting point from the command prompt. The home directory can be a local directory on the user's PC, but it can also reside on a network share, such as on the domain controller or another network server. If the home directory resides on a network share, it can follow the user, much as a roaming user profile follows the user. A user who moves to a different workstation can still have easy, convenient access to any files stored on the home directory (see Figure 23.5).

A home directory scheme also provides a convenient and simple method for performing backups and providing fault tolerance for user files. A series of home directories--each bearing the name of the user--can be stored together on a fault tolerant drive or on a drive that is subject to a rigid and regular backup regimen.

To specify a home directory in Windows NT Server's User Manager for Domains, follow these steps:

1. Double-click a user account in the User Manager for Domains main window to open the User Properties dialog box.
2. In the User Properties dialog box, click the Profiles button.
3. In the User Environment Profiles dialog box (see Figure 23.6), specify a home directory for the user account.

Figure 23.4

Each user in a Windows NT domain can have a home directory located on a server.


NOTE: that a Windows 95/98 client cannot use the User Profile path setting in the User Environment Profiles dialog box. For Windows 98 clients, a mandatory or roaming user profile should be located in the home directory. See Chapter 8.

User Profiles

A user profile is a bundle of user-specific configuration information. See Chapter 8 for a complete discussion of user profiles in Windows 98. In a domain environment, the user's domain user account can include a reference to a network-based user profile that will follow the user to whatever workstation she uses to log on. A user in the engineering department, for instance, can log on to a machine in the accounting department and still see the desktop settings and user preferences she sees from her home workstation.

Figure 23.5

A user moving to another workstation can still easily access files stored on the home directory.

Figure 23.6

Windows NT's User Manager for Domains User Environment Profile dialog box.

Group Memberships

In a domain-based security environment, resource permissions are typically assigned to user accounts through group memberships. Windows 98 (as you learned in Chapter 21) does not provide native support for user and group permissions, but it can acquire a user-level permissions list from a domain or from a Windows NT Workstation or NetWare server machine.

A group is a collection of users with common rights and permissions. The concept of a group greatly simplifies the assignment of resource permissions. For instance, all users in the Accounting department may need access to the same spreadsheets and the same printer. Rather than individually configuring access to each of these resources for every user, the network administrator can simply assign access to a group called the Accounting group and make sure that each user who needs these resources is a member of the Accounting group.

When a Windows 98 user logs on to the domain, she gains access to all network resources that have been assigned to the user's account either explicitly or through group memberships.

Logon Hours

In Windows NT Server's User Manager for Domains, you can define the exact times during which you'll allow a user to log on to the network. You can specify the times of the day and the days of the week in which you'll allow a particular user to access the network (see Figure 23.7).

Figure 23.7

Windows NT's User Manager for Domains lets you schedule the user's access to the network.

Logon Workstations

In the User Manager for Domains Logon Workstations dialog box (see Figure 23.8), you can designate specific workstations to which you'll allow a particular user to log on.

Figure 23.8

Windows NT's User Manager for Domains lets you designate a Logon Workstation.

A major feature of NT domain security is that it is designed to be independent of a particular client machine. (Typically, a user can log on from any workstation that participates in domain security.) The Logon Workstations feature lets you restrict that freedom.

Managing Windows 98 from the Domain

On larger networks, system management becomes more of a problem and efficient system management becomes more of a priority. The best strategy is for the network administrator to do as much as possible from a single desktop, rather than wandering around the office troubleshooting each troubled workstation locally.

A tool provided with Windows 98, Net Watcher, lets you manage shares on a remote Windows 98 machine. To use Net Watcher, you must enable remote adminstration on the computer you want to administer.

Microsoft provides several other tools that make it easier to manage and troubleshoot Windows NT domains. These tools include:

You can remotely administer a Windows 98 machine from a Windows NT Server system using any of these tools. To administer a Windows 98 system using these tools, you must enable remote administration and also install the Microsoft Remote Registry service.

When you configure Windows 98 for user-level access control (described earlier in this chapter), Windows 98 automatically enables remote administration for members of the Domain Administrators group. Domain administrators can, therefore, manage connections and shares on a Windows 98 machine configured for user-level security. To manually enable remote administration, or to add other users to the list of those who can perform remote administration tasks, start the Passwords control panel and select the Remote Administration tab (see Figure 23.9) Check the checkbox to enable or disable remote administration for this PC. To add another user or group to the remote access permission list, click on the Add button.

To use tools such as Registry Editor, System Policy Editor, or SMS Network Monitor for remote administration, you must install the Microsoft Remote Registry Service. To install the Remote Registry Service:

1. Start the Network Control.
2. In the Configuration tab, click the Add button.
3. In the Select Component Type dialog box, choose Service.
4. In the Select Network Service dialog box, click the Have Disk button.
5. Insert the Windows 98 CD in the CD-ROM drive and browse to the Admin\Nettools\remotreg directory. Windows 98 will select the file regsrv.inf. If the Admin\Nettools\remotreg directory isn't present on the disk, search for the remotreg directory or the regsrv.inf file.

Once the Remote Registry service is installed, remote users will be able to manage the Windows 98 machine.

Figure 23.9

The Passwords Control Panel Remote Administration tab.

Managing the Domain from Windows 98

Microsoft also makes some of Windows NT's domain management tools available for Windows 98 machines. If these server tools are installed on the Windows 98 machine, a network administrator can perform a large amount of the domain management from Windows 98.

This package of domain management tools is available through Windows NT Server's Network Client Administrator tool. Through Network Client Administrator, you can make these tools available for a Windows 98 machine to download and install. This package of Server tools includes the following:

To install the server tools, start Windows NT's Network Client Administrator, select Copy Client-based Network Administration Tools, and then follow the instructions. See Windows NT Server help.

Conclusion

This chapter describes how to configure Windows 98 as a Windows NT domain client. The chapter also summarizes some of the features that make a domain different from a small Windows 98 workgroup and described some tools for managing Windows 98 from the network and managing the network from Windows 98.

Previous chapterNext chapterContents

Copyright, Macmillan Computer Publishing. All rights reserved.