Tech Version

Installation of Win2000 Professional

    Installing Win2000 Professional can be a fairly straight-forward procedure. However you do have to keep in mind certain requirements. Listed below are the minimum and recommended requirements for installing Win2000, followed by some guidance on how to perform the installation.

    We would recommend installing Win2000 on machines without existing operating systems, so that the OS is completely clean. However Win2000 can be successfully installed on machines with existing Win95/98 and WinNT4 installations. In these cases, it will be best to run the setup from within the existing operating system directly from the CD.

Table of Contents:


MS Minimum Requirement

 ETS Minimum Requirements

ETS Recommended Requirements


Installation Instructions: How to Begin

    Before you Begin:

    Installing Win2000 on a system is fairly straight-forward, however there are some things to be aware of.


    A) Installing Fresh: (NOTE: Any existing data on the system will be lost)

                Start the computer, and enter the computer BIOS by pressing F1, F2, or Del (which key to press varies from computer to computer -- most computers will mention which key to press during boot up, if yours doesn't check with the computer manuals or the manufacturer).

                In the BIOS, find the section that allows you to select which device is first checked when the computer is booted up. Change it so that it will boot with the CD-ROM. If the CD-ROM is not available as an option, select the A: Drive instead.

                Reboot the computer with the Win2000 CD-ROM (or boot disks if cd-rom is unbootable), and press space when it prompts "Press any key to boot from cd-rom". 

                If an existing Operating System is found, do not select the Upgrading option.

                When you reach the section asking which partition to install on, delete all the existing partitions and create a new partition -- select at least 4000 (MB) for the size of the new partition. Select the option to Format as NTFS. 

                Let the installation continue from there. It will reboot a couple of times, depending on the computer hardware. Follow the prompts until it asks you to create the Administrators password. Give it a password that is long and complicated, yet that you can remember. For more information, see the Passwords section. 

                It will ask you to provide a hostname for the PC. You can keep the random hostname suggested, or type one in yourself. NOTE: Hostnames have to be unique on a network -- you should contact ETS for a hostname for your computer to ensure that your computer does not interrupt the functions of other computers on the network (unless its your home PC and not connected to the College network). For workgroup, either leave it at Workgroup, or change it to EAS if you intend to participate on the College network.

                When asked if you want to have different accounts and passwords per user or not, choose the option to have different accounts and passwords (Users must enter a user name and password to use this computer ). Again see the Passwords section for more information on the difference.

                When asked to select the Time Zone, enter the correct time and select Arizona for the Time Zone.

                Let the installation continue until it is finished and allows you to logon to the computer for the first time. At this point, Win2000 is installed on your system. You can go back into BIOS to set the computer to boot first from the Hard Drive at this point.


    B) Upgrading existing Operating System

                Pros: Most existing software on the system continues to work without needing to be reinstalled. Preserves existing data files.

                Cons: Not a clean install; sometimes problems within existing OS can migrate to the Win2000 environment. Not all software will necessarily continue to work in Win2000.

                Before you start, find and write down the following information: Your IP address and Hostname if on a network; your Display Card, Modem, Sound Card, and Ethernet Card. It is advisable to visit the homepage of your hardware manufacturers for all of the above to verify that drivers for Win2000 exist.

                Before upgrading, it is advised to remove software that you know will not work in Win2000. In particular, remove any disk utility software (eg, Norton Utilities) and anti-virus software.

                To upgrade your system, start the Win2000 setup from the cd within your current OS (Win95/98, WinNT4). To do so, insert the Win2000 cd, and wait for it to prompt for upgrade.

                If you are never prompted, use Windows Explorer to open your cd-rom, and run the Setup.exe program.

                It will ask whether you want to install fresh, or upgrade your current OS. Select to upgrade your current OS. It will run through a check of your system to verify that the hardware and software is compatible. It will eventually provide you with a report that you can save or print -- if the items listed in the report are important to you, you would want to contact their manufacturer (website or phone) to verify that upgrades are available for them before you go ahead with your upgrade. Remove software that the list says are incompatible before continuing with the installation.

                Once you decide to go ahead with the upgrade, let the installation continue from there. It will reboot a couple of times, depending on computer hardware. Follow the prompts until it asks you to give create the Administrators password. Give it a password that is long and complicated, yet that you can remember. For more information, see the Passwords section. 

                It will ask you to provide a hostname for the PC. You can keep the random hostname suggested, or type one in yourself. NOTE: Hostnames have to be unique on a network -- you should contact ETS for a hostname for your computer to ensure that your computer does not interrupt the functions of other computers on the network (unless its your home PC and not connected to the College network). For workgroup, either leave it at Workgroup, or change it to EAS if you intend to participate on the College network.

                When asked if you want to have different accounts and passwords per user or not, choose the option to have different accounts and passwords (Users must enter a user name and password to use this computer ). Again see the Passwords section for more information on the difference.

                When asked to select the Time Zone, enter the correct time and select Arizona for the Time Zone.

                Let the installation continue until it is finished and allows you to logon to the computer for the first time. At this point, Win2000 is installed on your system.


    C) Installing Win2000, while keeping the existing OS.

                This option requires you have free space on the hard drive in a second partition. If that is the case, you can follow the same steps as in section A) above, only instead of deleting all the existing partitions, you select a partition separate from the C drive partition. We don't advise for two operating systems to be installed on the same partition.


Installation Instructions: Security Settings

                After installation is complete, there are many settings that would be advisable on Win2000 systems. Apply them as shown here.

Joining EAS Domain (Ethernet Card, and PC on Campus)

                If your system is to participate on the EAS Domain, you will need to call ETS to get your machine joined in the EAS Domain; when you do this, someone from ETS will check your machine and verify these settings. Joining the EAS Domain is not recommended for Home PCs -- accessing the EAS Domain as a workgroup works better from home.

 The following Networking settings are recommended whether the machine is in the EAS Domain or not. To access these settings, Right-Click on My Network Places, select Properties. Then Right-Click Local Area Connection, select Properties, and select TCI/IP Properties.

For an IP address, you can use either ETS’s DHCP or get an IP Address from ETS. Obviously, the machine needs to be given a unique hostname either way.

Once ready to join the domain, Right-Click on My Computer, Network Identification, Properties, and Click on Domain, and type in EAS. It will prompt you for a userid and password. As long as the machine’s hostname has been prejoined in the Domain, use your own EAS userid (form: EAS\userid) and password and it should be allowed to join.

Local Users and Groups

Right-Click on My Computer, select Manage.

The settings needed are separated below according to whether the machine is in the EAS Domain or not.

Normal Changes:

     Administrator Shuffle: Go to the Local Security Policy console (described in the next section), and under the Local Policies, Security Options, use the ‘Rename administrator account’ policy to rename the built-in Administrator account to "WHISKERS".

      Next, through the Local Users and Groups console, create a new account named Administrator, with a complicated password, Disable the account, and make sure it is not a member of any groups. Copy the Description from "WHISKERS" to Administrator, and remove it from "WHISKERS". Give "WHISKERS" a long and complicated password.

      Guest Account: Ensure that the Guest Account is disabled. By default it is.

      NetAccess Group: Create a group called NetAccess, and in the Local Security Policy console, under Local Policy, User Rights Assignment, add NetAccess group to the ‘Access this computer from the network’ policy. If the user wants to access shares on the computer from the network, or grant access to others access from the network, add the specific users in the NetAccess group.

After Joining EAS Domain (Ethernet Card, PC on Campus):

      Add WS Admin Access: Make the department specific WS Admin group a member of the Administrator group. EG, for a computer in CBME, add the EAS group  CBME WS-Admins to the Administrator Group on the Local Users and Groups console.

      Remove Domain Users: Remove Domain Users from the Users group. Ensure there is no Domain Guests in the Guest group. Ensure that Domain Admins IS in the Administrators group.

      Add Backup Operators: In the Backup Operators group, add the Backup Operators group from the EAS Domain.

      Add User’s Domain Account: Add the appropriate end-user’s EAS Domain account to the User group. In some cases (e.g., labs), it will be more appropriate to add an EAS group (EG, adding the EEPwr-G group to the Users group for computers in the EE Power Lab).

Local Security Policy

Many important policies can be set through the Local Security Policy, available under the Administrative Tools folder in the Control Panel. The following are recommended as ETS guidelines.

Account Policy, Password Policy:

      Enforce Password History: 0
      Maximum Password Age: 0
     
Minimum Password Age: 0
     
Minimum Password Length: 6 (though 8 is better)
     
Password must meet complexity requirement: Disabled (though if user convinced, Enabled is better)

 Account Policy, Account Lockout Policy:

      Account Lockout Duration: 40 minutes
     
Account Lockout Threshold: 4 invalid logon attempts
     
Reset Account Lockout Counter after: 35 minutes

Local Policies, Audit Policy:

      Set all to Audit Failure.
     
Set all to Audit Success, excepting Audit Object Access, Audit Privilege Use, and Audit Process Tracking.

 Local Policies, User Rights Assessment:

      Access this computer from the network:

            Change the system time:

            Log on locally:

            Shut down the system:

 Local Policies, Security Options:

      Rename Administrator Account: "WHISKERS"

 

Misc. Settings

First of all a tip: Go to Start-Settings-Taskbar and Start Menu; from here you can choose to display Administrative Tools in that Start Menu, instead of having to go to the Control Panel. It is profile specific. You can also set a few other interesting options here. You can also choose to turn off Personalized Menus, in case you don’t like the automatic hiding of Start Menu items depending on usage.

Recycle Bin:

      Right Click "Recycle Bin"- Select "Properties".
     
Set it to 1-2% in size, depending on Hard Drive space. 10% is very wasteful.

Startup and Recovery:

      Right Click "My Computer" Select-"Properties", Select "Advanced", Select "Startup" and Select "Recovery".
      Set Display list of operating systems to 5 seconds. Uncheck Automatically reboot. Ensure Write an event to the system log is checked.

 Virtual Memory:

      Right Click "My Computer"- Select "Properties", Select "Advanced", Select "Performance Options", Select "Change".
     
Set 1.5 to 2 times RAM for virtual memory size. Ensure Maximum Registry Size is fairly above the Current Registry Size (e.g. twice as high).

 Event Viewer:

      Right Click "My Computer"-Select "Manage", Select "Event Viewer".  Right click on each type of log (Application, Security, System), and go to their properties. Change each to Overwrite events as needed.
      Change their Maximum log size to 4096, 8192, and 4096 KB respectively.

 

Creating Emergency Repair Disks

It is always advisable to create an Emergency Repair Disk in NT4/Win2000. A good idea is to create one before making drastic changes to the system, like installing new hardware or applying a Service Pack. It is also a good idea to create one for a good stable system in case in the future there are any problems.

To create an Emergency Repair Disk for Win2000, go to Start-Programs-Accessories-System Tools-Backup. In Backup, click on Tools, Create an Emergency Repair Disk. Make sure to update the locally stored repair information while you are at it.

Passwords

    It is advised that passwords are not words that can be used to describe you or your interests; that the password cannot be found in dictionaries; that they are at least 8 characters in length; that they are made up of combinations of upper and lower case letters, numbers, and symbols; and that they are changed often. Obviously you should not give out your password to anyone.

    To change a password, press CTRL-ALT-DEL, and select the Change Password option. Enter the userid you want to change the password for. The Domain field should hold the name of the 'domain' the userid belongs to - thus if its a EAS account, then the Domain field should have EAS in it, if it is a local account on the machine, then the Domain field should have the computer's hostname in it.

Latest Patches/Updates

    Internet Explorer:

It is a good idea to update Internet Explorer to at least IE5.01 SP2. It is even better to upgrade it to IE5.5 SP1. To learn how to upgrade it, check the WindowsUpdate section below

To check the version of IE on a machine, click on Help-About (while in IE 5)… Basically, the builds correspond to the versions as follows:wpe60.jpg (22885 bytes)

5.00.2920                                        IE 5 preinstalled in Win2000

5.00.3103                                       IE5.01 SP1

5.50.4134                                       IE5.5

So if your build is below 4134, upgrade them.

    WindowsUpdate:

In IE5, click on Tools-Windows Update. This takes you to Microsoft’s website that contains updates to the OS. It auto detects which security patches, etc, you have, and gives you the option of selecting them for updating the system. When working on a Win2000 machine, always check there for the latest updates, and install the Critical Updates.

You can also get updates to IE5, Compatibility Updates (which mostly affect games), and the High Encryption Pack from there. Future Service Packs may also be available for download over there. To install any of them, simply click the checkboxes next to them, and select the download button. The patches will install themselves.

High Encryption Pack:

Install the 128-bit High Encryption Pack. It is available in CD media from Cecilia/Helpdesk, and at the WindowsUpdate site.

Service Pack 2:

Service Pack 2, containing mostly bug fixes, has been released for Win2000. To read more about it, check out:

http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/default.asp

It would be a good idea to apply Service Pack 2 on Win2000 machines if they do not already have it. It should be available on ETS Servers soon, as well as WindowsUpdate and MS Win2000 website.

To check if a machine already has SP2, while in Windows Explorer, click Help, About… It should mention Service Pack 1 after the build number. You can also Right-Click My Computer and select Properties, and it will mention Service Pack as in the picture shown here.


From ASU