Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Windows 2000 System Operation

Windows 2000 Operating Modes

Windows 2000 and Windows NT both provide two modes of operation from a security level which are:

  • User mode - This mode does not have full system access or privileges, but is dependent on APIs to acquire system access. Runs with privileges to access its own memory area. User applications and environmental subsystems execute in this mode.
  • Kernel Mode - Executive which runs in protected memory mode with full privileges of system access. Any process running in this mode is not restricted to any specific memory space.

Executive Services

The Executive Services provides kernel mode services for the following:

  • All applications
  • Win32 Subsystem
  • Win16 Subsystem
  • POSIX Subsystem
  • OS/2 Subsystem
  • DOS VDM Subsystem

The Executive Services is an interface between the user and kernel modes. It consists of the Monitors or managers listed below it in the table below.

Executive Services
I/O ManagerWindow ManagerSecurity Reference MonitorVirtual Memory ManagerObject ManagerPlug and Play ManagerPower ManagerIPC Manager
Cache ManagerGraphics Device DriversProcess ManagerLocal Procedure Call (LPC) Facility
File System DriversRemote Procedure Call (RPC) Facility
Device DriversMicro Kernel

Services in Windows 2000 that were in Windows NT

  • I/O Manager manages all input and output for the operating system, including cache manager, file system drivers, hardware device drivers, and network device drivers.
  • Win32K window manager and GDI - Functions from Win32k.sys for graphics support and communication with graphic devices. This includes the Graphics Device Interface (GDI) which enables graphics devices to communicate with NT or 2000.
  • Security Reference Monitor is responsible for enforcing the access-validation and audit-generation policy as defined by the Security subsystem. This Monitor, also called the Security Subsystem supports Active Directory and the logon process in Windows 2000.
  • Virtual Memory Manager maps virtual addresses in the user's address space to physical pages in the computer's memory.
  • Object Manager monitors the creation and use of objects. It also manages the global name space where access to all local objects is controlled. This now includes some functions from the process manager in Windows NT.
  • Hardware Device drivers - An interface between specific hardware devices and NT which interfaces to HAL

Services deleted or modified in Windows 2000 that were in Windows NT

  • Process Manager creates and deletes processes and also tracks process objects and thread objects.
  • Local Procedure Call Facility using a client/server relationship, provides a communications mechanism between the applications and the Environmental subsystem.

Services added or modified in Windows 2000 that were not in Windows NT

  • Plug and Play Manager
  • Power Manager
  • IPC Manager - This includes the Local Procedure Call (LPC) facility that was included with Windows NT, and also adds a Remote Procedure Call (RPC) facility
  • Microkernel - Schedules threads, handles interrupts, and talks to the HAL. It enhances the Windows NT Process Manager and handles some of its functions.

Memory Model

The Windows 2000 memory model is demand paged. That means that virtual memory may be stored on the hard drive, and memory is swapped between RAM and the hard drive as demand requires it. A 32 bit linear flat address space is used. Each application gets 4 Gb of virtual memory with one half reserved for kernel system data and the other half for application data.