The Workstation and Server services are used for file and print sharing. Both use NetBIOS over TCP/IP to communicate with each other; however, they are not NetBIOS programs. They are written to talk directly to NetBT over the TDI interface. Being direct TDI clients, they are high performance and not subject to limitations of the NetBIOS interface, such as the 254 session limit. The Server Message Block (SMB) protocol is used to send commands and responses between clients and servers. Public SMB specifications are available from ftp.microsoft.com.
When a user logs on to a Windows NT domain, the following sequence of events occurs:
1. If the computer is WINS-enabled, a name query for the NetBIOS <domain>[1C] name is sent to the WINS server.
2. The WINS server responds with a list of up to 25 IP addresses corresponding to domain controllers for the specified domain name. One of the IP addresses in the list will always be the Primary Domain Controller.
3. A \MAILSLOT\NET\NTLOGON request is broadcast on the local subnet. If a response to the local subnet broadcast is received, then the logon process contacts the responding domain controller to attempt a logon.
4. Otherwise, the logon process sends a directed datagram to each of the addresses returned in the list from the WINS server, and attempts to log on to the first domain controller to respond.
5. All domain controllers register this <domain>[1C] name on the network, typically with the WINS database. All password information is encrypted before being transmitted on the network.
When a workstation attempts to connect to a shared resource on the network, the resource is "called" by its NetBIOS name. The name-to -IP-address resolution is done in the manner illustrated in the NetBIOS Name Resolution Flowchart (Figures 6.5 through 6.7) in the section "NetBIOS Interface" earlier in this chapter.
Once the IP address of the target host is known, a standard TCP/IP connection is set up, and a NetBIOS session is established over that connection. The user is authenticated using encrypted passwords, and then client/server messages are exchanged using the SMB protocol. The workstation and server use sophisticated caching mechanisms to reduce network traffic and provide high performance. When WINS is used, there is no reliance on IP broadcasts, with the single exception of ARPs.
The Windows NT Workstation and Windows NT Server services were designed with many optimizations to minimize network traffic and maximize throughput. The network redirector works closely with the Windows NT Cache Manager to provide read-ahead caching, write-behind caching, and search caching. Various file locking schemes, such as opportunistic locking and local file lock optimization, help to reduce network traffic. The SMB protocol which is used supports compound commands and responses, such as LockAndRead and WriteAndUnlock.