MCSE Windows 2000 Server Personal Study Guide -- 70215

Min - 133MHz CPU, 256MB RAM (absolute min is 128MB) and 2GB hard disk with 1GB free

• System partition - active partition

• Boot partition - win2k installed partition

DOS, win3.x, win9x, NT 3.51 with Citrix installed can't upgrade to win2k.

• Boot from CDROM

• Boot from floppy disk

• Boot from 32bit, and run I386\winnt32.exe

winnt32 /cmd:command /copydir:folder /copysource:folder /s:path /tempdrive:drive /unattend:[num]:[file] /udf:id,file /cmdcons /debug level:file /syspart:drive /checkupgradeonly

• Boot from 16bit, and run winnt.exe, before that, run SMARTDRV

winnt /a /e:command /i:inf_file /r:folder /rx:folder /s:path /t:drive /u:file /udf:file

Hard disk is formatted to FAT32 if larger than 2GB, otherwise it is FAT.

License mode:

• Per Server - any seat to one server

• Per Seat - any seat to any server

BOOTDISK\MAKEBOOT.exe or MAKEB32.exe to make 4 floppy boot disks

Setup Manager Wizard

• SUPPORT\TOOLS\Deploy.cab

• extract setupmgr.exe, setupmgx.dll, deptool.chm

• Product to install

o Windows 2000 Unattended Install

o Sysprep Install

o Remote Installation Services

• Platform

o Win2k Pro

o Win2k Server

• User Interacetion Level

o Provide Defaults

o Fully Automatted

o Hide Pages

o Read Only

o GUI Attended

• You can set as many as 99 times to auto logon as admin

• In Additional Setting, you can set Telephony, Regional Setting, Language, Browser and Shell Settings, Installation Folder, Install Printers, Run Once.

• In Distribution Folder, you can specify the shared folder, Mass Storage Drivers, HAL, Addtion Commands, OEM Banding, Additional Files or Folders

• UNATTEND.TXT

Sysprep

• SUPPORT\TOOLS\Deploy.cab

• extract sysprep.exe, setupcl.exe, deptool.exe to SYSPREP

• sysprep remove SID

• sysprep to create sysprep.inf as answer file to make whole installation automatic

• sysprep

o -nosidgen doesn't regenerate SID

o -reboot reboot not shutdown

o -pnp detect pnp, don't use

o -quite

Slipstreaming

• W2KSP3 -x to extract SP

• C:\W2kSP3\I386\UPDATE -s:C:\W2kFILES

• udpate

o -u unattended

o -f forces other apps close

o -n no uninstall

o -O force OEM overwrite

o -z no reboot

o -q quite mode

o -s slipstreaming

Prior to NetWare 5, IPX/SPX is used; MS developed this suite called NWLink. After 5, Netware can use TCP/IP. Auto configure can only detect and config one frame type, multiple frame type, you need manual configure.

GSNW service allow Win2k to access NetWare server, windows client can use TCP/IP via GSNW using NWLink. If Windows client need regular access to NW, CSNW can be installed. On NW, create user account in NTGATEWAY group, and grand resource access to NTGATEWAY group.

To interact with Mac, you need install AppletTalk, File Server for Machintosh, Print Server for Machintosh.

To interact with Unix, you need install Print Services for Unix and Windows Serviecs for Unix.

Print Permission

• Print

• Manage docs

• Manage printers

Win2k support CDFS, UFS, FAT and NTFS

Distributed File System - DFS

• one Dfs root per server, follow Dfs link to other shares

• On standalone Dfs root, you must use the same name as the share. On domain Dfs root, you can change Dfs root name. Domain Dfs root will can be replicated, so it is fault tolerance.

File Replication Service - FRS

• To manage Dfs root replication, FRS uses the same structure as Knowledge Consistentcy Checker KCC defined AD file replication.

• Among DC, FRS generates a replication ring topology. FRS sync SYSVOL by checking version files to keep every DC up-to-date.

• MS recommend 512K bandwidth

• Intra-site replication happens per 5mins, not compressed, event triggered

• Inter-site replication happens per 3hrs, compressed, not triggered. Urgent replication if only user account is lockout, change in Local Security Authority and relative id master role owner.

List Folder Contents is same as Read & Execute, but former one only applies to folder

Share permission

• read

• change

• full control

Admin and Server Operators can share folder in Win2k server in domain. Admin and Power Users can share folder in Win2k server in workgroup.

WebDAV – Web Distributed Authoring and Versioning.

IIS auth methods

• Anonymous access – anymore

• Basic Auth

• Digest Auth

• Integrated Windows auth – doesn’t work behind proxy

IIS security permission

• Script Source Access – run ASP

• Read

• Write

• Directory browsing, hidden subdir or not

IIS 5.0

• socket spooling

• process throttling and bandwidth throttling

• allow web applications to be launched outside IIS server process

• allow restart IIS services without restarting server

You can manage IIS server from IIS MMC snap-in or from web. From web, you can NOT start/stop IIS itself, but can start/stop each site

Individual site management is assigned to Operators group, it can’t change IIS and server itself.

Driver signing includes creating a catalog file CAT (hash, vendor certificate, MS signature, version, name), and .inf to show the relationship between CAT and driver files

Unsigned drivers

• ignore

• warn

• block

You can change it from GPO or Control Panel. In Control Panel, remember to check Apply setting as system default. Limited user can only change it to more restrict level.

Driver	Hardware
PnP	PnP	OK
PnP	Not PnP	OK
Not PnP	PnP	Manual config
Not PnP	Not PnP	Manual config

Icon with red x – disabled

Icon with yellow – device not configured correctly or driver missing

Yellow ? with red x – disabled due to resource conflict

Ctrl+Shrift+Esc to launch Task Manager

Process Priority 0-31

• Realtime – 24

• High – 13

• AboveNormal – 9

• Normal – 8

• BelowNormal – 7

• Low – 4

Performance -- System Monitor

• Computer

• Performance object

• Counter

• Instance

Performance – Performance Logs and Alerts

• Performance Logs

o Counter logs or Trace Logs

o Can be saved as CSV, TSV, Binary, Binary Circular File.

• Performance Alters

o Log an entry in application even log

o Send a network message to

o Start performance data log

o Run this program

Counters

• Memory: Pages Input/sec 2

• Memory: Cache Faults/sec

• Memory: Page Faults/sec 200 for low-end, 600 for high-end systems

• Memory: Available Bytes 4MB

• Paging File: % Usage Peak 100%

• PhysicalDisk: Avg. Disk Queue Length 2

• PhysicalDisk: % Disk Time

• PhysicalDisk: Avg. Disk sec/Transfer

• to enable LogicalDisk, use diskperf –y

• Processor: % Processor Time 80%

• Processor: % Total Processor Time 80%

• System: Processor Queue Length 2

• Network Interface: Bytes Total/sec

• Network Interface: Output Queue Length 2

• Network Interface: Current Bandwidth

• Network Interface: Packets/sec

Win2K can only backup/restore System State on the server where backup media is hosted.

Restore System State data by using Directory Services Restore Mode

• AD

• SYSVOL

• Registry

• COM+

• boot files

• In authoritative mode, you can restore partially to avoid overwrite other new information

• ntdsutil

• authoritative restore

• restore subtree “CN=xx,OU=yy,DC=zz”

Emergency Repair disk – ERD

• save basic system files to floppy

• save partition boot sector to floppy

• save setup env to floppy

• save registry at %systemroot%\Repair\Regback

• Manual repair

o Inspect setup env

o Verify system files

o Inspect boot sector

• Fast repair

Disk Management diskmgmt.msc

Volume Health Status

• Online – dynamic

• Online (errors) – dynamic

• Offline – dynamic

• Foreign – dynamic

• Unreachable – problem

• Unrecognized

• No Media – removable media

Dynamic disk only contains dynamic volume, doesn’t have partitions and logical drives.

• Simple

• Mirrored

• Spanned

• Stripped

• RAID-5

• no support on removable media and laptop

• sector size must be smaller than 512B

• free 1MB at the end of each volume

cleanmgr /d x

chkdsk [volume[path[filename]]]

dfrg.msc

You can compress and EFS at the same time.

Compression

• Move uncompressed -> uncompressed

• Move compressed -> compressed

• Copy -> depend on target folder compressed or not

• Copy FAT to NTFS -> depend on target folder compressed or not

• Copy NTFS to FAT -> compression status lost

Disk Quotas

• NTFS 5.0

• volume level

• actual size not compressed size

• you can only see free size based on quota

• not apply to users access Win2k from NT 4.0

• quota setting only apply to new users automatically

To fix failed mirror volume, you need remove mirror, and recreate mirror. If the first disk failed contains system or boot partition, you need create boot.ini on a floppy disk point to secondary disk.

To fix RAID-5 volume, you need repair volume asap.

Private IP

• 10.0.0.0-10.255.255.255

• 172.16.0.0-172.31.255.255

• 192.168.0.0-192.168.255.255

Auto Private IP Addressing – APIPA 169.254.0.0-169.254.255.255

Win2K AD need DNS. Win2K DNS support integrating DNS database with AD, which can be replicated.

Every DHCP server must be configured with at least one scope.

• Scope Name

• IP Address Range

• Add Exclusions

• Lease Duration

• WINS address

• DNS address

• Gateway address

• Time serve address

• Win2K DHCP support RIS

ICS is configured on the interface connected to Internet. You can configure to Enable On-demand Dialing, configure what apps or services and incoming/outgoing ports. It can then be used as a NAT gateway. The ICS server is 192.168.0.1, and will issue IP 192.168.0.2-192.168.0.254

The default ICS allow access web.

Routing and Remote Access Service – RRAS

It provides multi-protocol router and remote access, including VPN, RIP v1/v2, OSPF, IGMP, AppleTalk. RRAS can act as

• Internet Connection server

• Remote Access server

• VPN server

• Network router

• Manually configured server

RADIUS – Remote Auth Dial-in User Service

Default remote access policy is allow users who have dial-in permission enabled in their account settings.

VPN Tunneling

• PPTP

• L2TP – IPSec

Terminal Services

• Terminal Server

o Terminal Services Config

o Terminal Services Manager

• Terminal Services Client

o Remote Admin Mode – 2 concurrent connection, no licensing

o Application Mode – Terminal Service Client Access License

o %systemroot%\system32\clients\tsclient\

o 90days grace period for testing

o Win2K can connect without License

o Other OS need License

• Remote Desktop Protocol

LMHOSTS is used for NetBIOS to IP mapping

adminpak.msi

Active Directory Users and Computers

• Builtin

• Computers

• DC

• ForeignSecurityPrincipals

• Users

• LostAndFound - hidden

• System – hidden

Local Admin

• can be renamed

• cannot be deleted

• cannot be lockout

• cannot be disabled

Local Guest

• can be renamed

• cannot be deleted

• can be lockout

• can be disabled

• doesn’t save config between login

Local Group

• Admin – Domain Admin in

• Backup Ops

• Guests – Domain Guests in

• Power Users – same as Users group in NT4

• Users – Domain Users in

• Replicator – don’t add user to this groups

Local group is located only at local, can contain Domain groups, can’t be member of another group either local or domain.

Build-in System Groups

• Anonymous Logon

• Authenticated Users

• Creator Owners

• Dialup

• Everyone

• Interactive

• Network

System Policies

• poledit.exe

• replaced by Group Policy

• still need to manage Win9x, ME, NT workstation and standalone Win2k

• Templates

o Inetres.adm -IE

o System.adm – Win2k

o Common.adm – Win9x and NT

o Windows.adm – Win9x

o Winnt.adm – NT

• ntconfig.pol

• config.pol

Group Policies

• LSDUO – the last one take precedence if conflicts

• Local, Site, Domain, OU

• gpedit.msc

• Local Policy can have only one.

o no software installation

o no folder redirection

o applies to all users

o user config applies at logon

o computer config applies at startup

o 90 min refresh interval

• Account Policies

o Password Policy

o Account Lockout Policy

• Local Policies

o Audit Policy

o User Rights Assignment

o Security Options

Security Templates

• Basic

• Compatible

• Secure

• Highly Secure

Data Recovery Agent can decrypt EFS files.

cipher