Personal tools
You are here: Home Services Library Manuals Administrator Use Library Server Windows 2000 Server Setup Notes
 

Windows 2000 Server Setup Notes

This document records the setup of Windows 2000 on  the library's main server.

See also: Main Server page | Server system log | Server Administration Page

On February 2, 2001 Nate Borson, Craig Wilson, and Kathy Leary completely re-vamped the library server as follows:

Increased server storage by adding a 60GB EIDE hard drive (Quantum Fireball Plus AS, quantum p/n QMP60000AS-A) drive and setting it to be the master.

  • Set the existing 9GB IDE hard drive to be a slave (was set to single drive).
  • Left the new drive at the factory default cable select setting.

We are doing a clean new install, not an upgrade. Booted from Win2K server CD. Had a glitch where the computer would not come on unless we removed the power cord and put it back in again.

Created new partition taking all space on the new drive, formatted as NTFS file system. Setup copied files and re-started the computer.

Setup continued. Accepted all defaults except as noted below.

Regional Settings: Customized keyboard layout to add Dvorak.

Name: Kathy Leary. Organization: Gustavus Public Library.

Licensing Mode: Per seat.

Computer Name: www

Administrator Password: Same as original 1998 setup

Components: Added FTP, removed SMTP, Added Connection Manager Components, Network Monitoring tools, DNS, DHCP, Simple TCP/IP services, WINS, Remote Installation Services, Terminal Services, Terminal Services Licensing.

Terminal Services Setup: Application server mode because we intend to have multiple clients. Permissions compatible with Windows 2000 users (may not be able to run many legacy applications).

Network Settings: Balanced memory usage for server usage. Set IP settings 199.165.71.87 and 199.165.71.100 (for GCA virtual server), Subnet mask 255.255.255.0. Router 199.165.71.65. Set WINS server to be address of this machine. Set DNS servers to be this machine, then 137.229.10.39. Disabled LMHOSTS lookup.

Workgroup or computer domain: Yes, make this computer a member of domain gustavus. No existing domain controller; proceed for now.

Initial Setup Complete. Booted into Windows 2000 server and logged on as administrator.

Remote Installation Services Setup.  Can't run because there's no domain controller. Postponed this step as we may not even use RIS.

Active Directory Setup wizard. Domain controller for new domain. Create a new domain tree. Create new forest. DNS Name for new domain (and forest): gustavus.lib.ak.us (NetBios name: Gustavus). Installed DNS on this computer. Chose permissions compatible only with Windows 2000 servers. Default locations for AD database and sysvol folder (on F:\winnt). Domain controller is assigned to sige "Default-First-Site-Name." Restarted computer.

Changed display to 1024x768 with large fonts. Postponed re-starting.

Active Directory - Manage user accounts and group settings. Created new user Nate. Here are some notes about setting up new users:

  • Specify profile settings - user profile path: \\www\profiles\%username% home directory - connect h: to \\www\home\%username% Logon script: default.bat.
  • Do not specify anything in Terminal Services profile. That way, terminal services use the same settings  as what was specified in the profile tab.

Downloaded W2K driver for LinkSys print server from their web site. Configured the three ports and set up the color printer and the lexmark the same way they were before (see the printing page). Having the same problems with the Lexmark printing gibberish that we were before.

Ran disk administrator. When we installed Windows 2000 it left drives C and D assigned to the old system and data partitions on the old hard disk. The new system partition on the new drive got drive letter F! We changed the drive letter assigned to the old system volume to T: (temp) but couldn't change the drive letter assigned to the system volume so we're stuck with non-standard drive letter F: for the system volume. We did change the CD- ROM drive letter to "R."

Copied the FTP and WWW folders from old data to f:\ (had problems with home folder had to take ownership of many individual folders and change permissions in order to copy them).

Shared f:\documents and settings as profiles$.

Configured Internet Information Server. Properties for default web site - description Gustavus Public Library. Set performance tuning to optimize for fewer than 10,000 hits/day. Home directory: f:\www. Enabled write and directory browsing as well as the default read access. Documents: index.htm, index.html, index.shtm in addition to (and in preference to) the existing default documents. Directory Security: Enabled basic authentication and specified the Gustavus domain. Server Extensions: Built-in version control, performance tuned for >1000 pages, set options for how mail is sent -- addresses of webmaster and administrator@gustavus.lib.ak.us - Clicked OK and chose not to apply permissions to the child nodes with different permissions (printers, iissamples, stuff like that). Later disabled default documents in the group, home, and public folders. Created GCA web site and added default documents and configured server extensions.

Installed MDaemon mail server. Re-started the computer, stopped the mail server service. Renamed the MDAEMON folder and copied the old MDAEMON folder from the old c: drive. Edited mdaemon.ini to change all references to c: to f: then re-started the mail server. Edited each user account's mailbox to refer to the f: drive. May still need to edit the catalog somehow to get the right drive letter in there but we don't generally use this feature. See note below about the mistake I made here.

Set up Office 2000.

Installed Netscape Communicator 4.76, then ran netcom40.cmd as described in http://www.microsoft.com/technet/win2000/tsapp.asp . Set rootdrive=W: (If I understand right, this gets mapped to the user's profile, as opposed to the user's home folder - see the explanation at the above web page.) When each user logs on for the first time, they will have to set up their Netscape user profile. The path to the profile should be h:\netscape for everyone. Set it up for administrator and patron to start with. Haven't yet tested simultaneous use by different terminal sessions logged on with the same name.

Created Resource-Access groups and User Groups and assigned file permissions to the Resource-Access Groups. Please see the Access Control document for details on this procedure.

Granted user right "log on locally" in Domain Controller Security Policy to new Resource-Access group TerminalServices so that librarians, patrons and other regular users can use Terminal Services (was getting error message local policy of system does not permit you to logon interactively." It didn't help to change the local policy because it was overriden by the domain policy.

Shared group, home, and public folders.

Tweaked some permissions and shortcuts in home\menu and home\all documents. Shared home\menu out as \\www\menu in preparation for group policies. Made sure that Communicator and LaserCat were working again on the Windows 95 workstations.

Installed Retrospect Backup. Made immediate full backup of all volumes.

Had difficulty getting another instance of MDaemon running for the GCA mail server until I read the knowledge base article How to install multiple instances... where it emphasizes not to set MDaemon to run as service during setup. After both are set up, then go to each instance and set it to run as service. I also had to change the RunAsService= line from Yes to No in the mdaemon.ini files copied from the previous installation.

Installed WinFax Lite. It behaves oddly under Windows 2000 with Terminal Services. Different users see different faxes even though everything is stored in the same folder. 

Removed WinFax Lite. Set the Microsoft Fax service to start automatically. Used the Fax Service Management to set to auto-receive. Set incoming faxes to be saved in f:\www\group\library\Faxes\Received folder. Sent faxes go in the ...\sent folder. Put shortcuts to the faxes folder on the librarians' menu, on Kathy's desktop, and in the documents and settings\all users\my faxes folder. Set Xerox to manual receive. Control the fax service by going to start-programs-accessories-communications-fax. View faxes by going to group\library\faxes. Send faxes by printing to the "fax" printer.

Fixed permissions on the home\profiles folder so that users can create new folders. When a folder is created, the system automatically sets the permissions so only the user and system have full control.

Used the following command to set the time service:
net time /setsntp:ntp.tcp-udp.net
(found list of public servers at http://www.eecis.udel.edu/~mills/ntp/clock2.htm 

Downloaded and installed PERL. Created virtual directory for mailman and set default document to be the main script. Changed permissions for CGI-BIN to add execute permission so that the navigation gizmo would work.

Shared out f:\www as \\www\www. Determined that access via web folders is controlled by NTFS permissions. One does not (and should not) be an operator of the web site in order to be an author. Logging on with web folders seems to require write permissions... 

Started Index service. Added catalog f:\www. Excluded f:\www\cgi-bin. Stopped indexing the system catalog.

Renamed default site to "Gustavus-Library." Created "default" group policy linked to this site. Disabled computer settings since everything in the policy is per-user. Set default document location to \\www\documents. Set My Pictures to be in \\www\home\%username%\my pictures. Re-directed Start menu to \\www\menu. Excluded directories from roaming profile. Set the Internet Explorer start page. Tested the setup and it seems to be working correctly.

Made the patron user profile mandatory simply by renaming ntuser.dat to ntuser.man. This makes it so that changes the patron user makes to his/her settings are not kept.

Reviewed permissions on the server's system volume. Changed the MDaemon folders so that administrators have full control and System has modify (the MDaemon services log on using the system account).

Created new \\www\home\MenuNew folder and made the shortcuts work for W2K machines. Changed the group policy to redirect the start menu to \\www\home\MenuNew. Tested the shortcuts logged in to terminal server as patron.

Moved certain still-used files from OldData\Apps to F:\Apps and shared the latter out as \\www\apps. The files I kept include the LaserCat data, USMarc program and data files, and system folder that includes downloads, drivers, and the Lasercat program. Also re-shared apps\lasercat as \\www\lasercat.

Used disk administration to remove partitions on the old hard disk (previously oldsys and olddata, drives T and S or something), then create one primary partition on the entire drive, and instead of assigning it a drive letter as its own, set it to be accessed from f:\drive2.

Installed Publisher, Photodraw, and the MS Office server extensions and created shortcuts in the public use menu.

At this time, initial setup of the server is complete (5/9/01). For additional tasks performed, see the server log.

Interested in history? See the original server setup notes and the old server log in the Computer Archives.

Document Actions