Mcse Smart Certify Study Guide

8/7/2019 Mcse Smart Certify Study Guide

1/60

MCSE SmartCertify Study Notes70-210

70-210 Installing, Configuring, and Administering Microsoft Windows 2000 Professional

Microsoft Windows 2000 - Update: New Features and Architecture Features

Architecture Intro to Active DirectoryMicrosoft Windows 2000 - Installation and Administration: Installation

Windows 2000 Installation Advanced Installation options Preparing for upgrade Upgrading to Windows 2000

Microsoft Windows 2000 - Installation and Administration: Administration Basic administration Administrative tools Administrative strategies

Microsoft Windows 2000 - Installation and Administration: Users Creating users Creating multiple user accounts User profiles

Microsoft Windows 2000 - Installation and Administration: Groups and Terminal Services Groups Creating and administering groups Terminal Services

Microsoft Windows 2000 - Installation and Administration: Files and Folders Hard disk and file systems Shared folders NT File System Managing shared folders

Microsoft Windows 2000 - Installation and Administration: Advanced File and Folder Management Distribute file system Redirected and offline folders Web files and folders

Microsoft Windows 2000 - Installation and Administration: Hardware Configuration and Optimization Removable storage devices Display devices Input/Output devices Processors, profiles, and APM Optimizing and troubleshooting

Microsoft Windows 2000 - Installation and Administration: Storage and Printing Disk management Managing disk space Encrypting File System Configuring printers Printer management and security

Microsoft Windows 2000 - Installation and Administration: Events Introducing events Monitoring and analyzing events Auditing events

Microsoft Windows 2000 - Installation and Administration: Backup and Recovery Backing up and restoring Server recovery

Active Directory recoveryMicrosoft Windows 2000: Network Protocols and Remote Access Configuring protocols and services Configuring connections Remote access Remote access connections

Microsoft Windows 2000: Group Policy Introducing Group policy Group policy operation Managing users Account and security policies


2/60

Managing software-----------------------------------------------------------------

Microsoft Windows 1.0 in 1985 (1 st release) Could view multiple applications at one time GUI extension to MS-DOS

Windows 2.0 in 1987 Support for new 80286 Intel processors Support for expanded memory hardware

Windows 3.0 released in 1990 Supports Intel 80386 processors Provide graphical interface

Windows 3.11 released in 1992 Windows for Workgroups 3.11 Extended into the networking environment Contained built-in protocols and NIC drivers Allowed administrators to build networks without servers

Windows 95 released August 1995 Replaced Windows 3.x 16bit with 32-bit environment New GUI Support for PnP Improved network connectivity Messaging application programming interface (MAPI) Telephony application programming interface (TAPI)

Windows 98 released in 1998 Support for new hardware Improved Internet browsing Support for new System Management Tools (ie. Registry Checker)

Windows NT 3.1 released in 1993 Removed DOS from the OS; support for processors other than Intels 2-versioin (Win NT Workstation & Win NT Server) Building crucial networking components built into the privileged portion of the OS enhanced performance 6 million lines of code Designed to employ both binary and source-level compatibility to support MS-DOS , 16-bit Windows ,

OS/2 , LAN Manager , and POSIX -based applications Developers had five design goals:

o Portability: So that minimal recording was required to run on computers with different processors andconfigurations

o Extensibility: Means OS can adapt to hardware & software changeso

Reliability: To handle code and hardware errors effectivelyo Compatibilityo Performance

Windows NT 3.1 Advanced Server Allows admin to offer file and print sharing services to network users

Windows NT 3.5 and 3.51 released 1995 Introduced additions to the OS, including Memory optimization, and Support for the PowerPC family of microprocessors


3/60

IIS 1.0 Offered as standalone program that could be used as a free add-on with NT 3.51 servers to host websites

Windows NT 4.0 released 1996 Same GUI found in Win 95, borrowed from Win 3.1 No support for PnP 16 million lines of code LAN Manager improves network functionality Adds kernel-mode Graphical Device Interface ( GDI ) IIS 2.0 , Support for OpenGL , three-dimensional graphics standard

Windows NT 5.0 Beta released Introduced Active Directory Distribute File System (DFS)

Windows 2000 October 1998 Win NT 5.0 renamed to Windows 2000 Desing goals for Win 2k build on the base established by Win NT:

o Reliability:

o Availability:o Scalability:

Memory allocation/locking procedures (eliminates processor conflicts)Hierarchical storage managementPer-user disk quotas

o Reduced total cost of ownershipo Reduced, but centralized, administration

Kerberos v5 http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asp

IIS 5.0 Zero Administration for Windows (ZAW) : IntelliMirror

o Allows admins to determine a users desktop settings from admin computer o Gives users access to their data, settings, and applications from any workstationo Contains Remote Installation Services (RIS) allows admins to install OS across the network w/out

visiting each computer April 1999 Beta 3 of Windows 2000 Disk defragmenter Enhanced NTFS file FAT32 file system for compatibility w/ Win 95 OSR2 and later File system enhancements include disk quotas, encryption and Distributed file system DFS (NWLINK, IPX/SPX ), Apple ( AppleTalk) SNMP VPNs you can use either:

o Point-to-Point Tunnelling Protocol ( PPTP )o Layer Two Tunnelling Protocol ( L2TP )o Internet Protocol Security ( IPSec )

Greater Internet capability through IE 5.01, IIS 5, IPSec, IPP Search bar, History bar, AutoComplete, Automated Proxy, ICS NAT Microsoft Management Console ( MMC Active Directory
http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asphttp://www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asp


4/60

Greater # of wizards ,Windows 2000 Professionalo 32-bit OSo Supports up to 2 symmetric multiprocessorso 4 GB of RAMWindows 2000 Servero Win 2k Server OS introduced with first version of Win NT, called Windows NT 3.1 Advanced

Server o Designed for small to medium-sized businesso Uses UPS feature to ensure that data and apps are protected in the event of a power failureo Provides platform for sharing applications across a network o Supports four-way symmetric multiprocessingo 4GB of memoryo Host web sites and manage corporate intranets

(standard edition of win 2k server is designed for large businesses with intensive processing needs -- TRUE)Windows 2000 Advanced Servero Medium-sized and large businesseso 8-way SMPo 8GB of RAM with Intels Physical Address Extantion (PAE)o Network Load Balancing (NLB)o

Can distribute incoming IP traffic across a cluster of up to 32 nodeso Supports Cluster Service, offeringo 2-node failover support for failure of hardware or or critical software appso Designed to service database-intensive applicatioinsload-balancing: enable the deployment of applications built with COM+ components, across multipleapplication servers.

Network load balancing (NLB) enables you to cluster up to 32 servers running Windows 2000 AS,thereby ensuring an even distribution of incoming traffic and a single system image to clients;automatically reconfigures the cluster to send client requests to alternative servers.

Windows 2000 Datacenter Servero Supports 32-way SMP based on OEM implementation for o 64GB of physical memory, by default set to 16-way SMPo Network Load Balancing (NLB) across 32 nodeso Cluster Services supporting cascading fail-over among 4 nodeso Appcenter Server includes Component Load Balancing (CLB) clustering services, which provide

the capability to distribute an organizations middle-tier business logic usually implemented inCOM+ -across multiple servers.

o Combinationi of NLB, Cluster Services, and CLB provides scalable and highly available multi-teired solutions

Windows 2000 Appcenter Server

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Features Section:

The Zero Administration for Windows (ZAW) initiative is a group of OS technologies designed to help reduce the(TCO ) on Windows 2000 systems. Some technologies were present in Win NT 4, Win 95, and Win 98.http://www.microsoft.com/ntworkstation/downloads/Recommended/Featured/NTZAK.asp

The software installation and maintenance feature relies on the Active Directory , Group Policy , Windows Installer , and Add/Remove Programs .

The Active Directory is a distributed , partitioned , and replicated service that stores objects representing network resources such as computers, users, servers, groups, folders, and printers.

Simplifies Management
http://www.microsoft.com/ntworkstation/downloads/Recommended/Featured/NTZAK.asphttp://www.microsoft.com/ntworkstation/downloads/Recommended/Featured/NTZAK.asp


5/60

Strengthens SecurityExtends InteroperabilityMacro-level managementMulti-master replicationBuilt in support for Kerberos , public key infrastructure (PKI) and lightweight directory

access protocol (LDAP) over secure sockets layer (SSL)

Works with IntelliMirror management technologies to install assigned applications automatically and give usersthe ability to access their own desktops regardless of the workstation they use in the network.

Active Directory Explanation: http://www.microsoft.com/windows2000/server/evaluation/features/dirlist.asp Active Directory Glossary:http://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/glossary.asp

Active Directory Services:http://www.microsoft.com/mspress/books/sampchap/3173.asp

Active Directory Architecture:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ad/windows2000/deploy/projplan/adarch.asp

Applications are able to save their own and user configuration details using the Active Directory Service Interfaces(ADSIs). This enables the collective modification of user profiles and client software and resources.

Active Directory Domains: Each domain includes at least one domain controller (PDC) Each domain consists of a logical grouping servers and resources Domains constitute the basic units of replication and security for Win 2k networks All the objects in the Active Directory are arranged in hierarchical domains; which constitute the basic units

of replication and security Modification to one controller is passed on to all the others within the same domain DNS required to locate Active Directory in DC Responsible for identifying existing RIS servers and client computers on the network. RIS needs to be located on a Windows 2000 server that has access to the Active Directory.

Group Policy Snap-in: replacement on the System Policy Editor (Win NT 4, Win 95, and Win 98); allows admins tomanage software installation, Registry based policies , folder redirection , scripts , and security settings .

needs to be added through MMC installation Group Plicy Objects (GPOs) store Group Policy settings: sites, domains, and OUs GP can be applied to any container in the Active Directory, unlike Win NT 4 extends the application of policies to containers other than domains

Windows Installer: Consists of an operating system-resident install service, a standardized format for componentmanagement, and a management API. Consists of one or more Windows Installer features and comes with a package

file containing a Product Code that identifies and describes it.--Package file (.MSI file): Replaces the INF , LST , and STF files in previous versions of Microsoft Office.--Windows Installer feature is usually a self-contained group of components, each of which consists of a number of files, Registry keys, and resources that form a logical grouping.

Message Queuing Services & Component Services: Provide simple interfaces through which application objects can be configured and distributed among systems. Component Services replaces the former Transaction Services .

Remote Operating System (OS) Installation and IntelliMirror are ZAW features that provide enhanced change andconfiguration management.

Remote OS Install: Remote OS Installation relies on network boot technology and server-based distribution softwareto install Windows 2000 remotely on client computers, and then IntelliMirror allows administrators to manage user data , software , and settings by means of policies . Employs (RIS), Active Directory, (DNS), (DHCP).

Remote Installation Service (RIS):
http://www.microsoft.com/windows2000/server/evaluation/features/dirlist.asphttp://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/glossary.asphttp://www.microsoft.com/mspress/books/sampchap/3173.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ad/windows2000/deploy/projplan/adarch.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ad/windows2000/deploy/projplan/adarch.asphttp://www.microsoft.com/windows2000/server/evaluation/features/dirlist.asphttp://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/glossary.asphttp://www.microsoft.com/mspress/books/sampchap/3173.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ad/windows2000/deploy/projplan/adarch.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ad/windows2000/deploy/projplan/adarch.asp


6/60

1. RIS makes it possible for a client with a Pre-Boot eXecution (PXE) boot ROM to be installed from thenetwork without using a floppy disk.

2. When a client device boots from the PXE boot ROM , it contacts and requests IP configuration informationfrom a DHCP server on the network.

3. The client makes an LDAP query to the PDC to locate an RIS server.4. Client uses the Remote Boot Protocol to contact RIS server and begins to download the bootstrap image

from the server (files transmitted using TFTP )

To make use of remote installation: Create a distribution point in the Active Directory with the RIS Setup Wizard

Entails storing configuration details and source files on a server that has enough space to support multipleinstallation images from where they can be distributed to clients.

Automatic Setup: is the default option of the Client Inst. Wizard and draws exclusively upon RIS info provided by the administrator. Allows templates be be created to offer users simplified setup.

Custom Setup: Offers more choices like allowing the specification of alternative client names, but it needsthe input of an administrator at the clients computer during installation.

Restart a Previous Attempt Option: Useful in cases where setup failed, because answers to questions aresaved during the first setup attempt and the setup routine will therefore not ask the questions again during thesecond attempt.

Maintenance and Troubleshooting: Enables the admin or user to access tools and programs that are notincorporated in the setup routine.

Directory Services Manager MMC snap- in: Manages the RIS server, you can specify variousconfiguration settings such as OS installation choices or the automatic client computer naming format.

Active Directory Users and Computers snap-in: Active Directoy stores RIS info as objects that can be managed w/the Active Directory Users and Computers MMC snap-in.Client Installation Wizard: Simplified version of Win 2k setup procedures; allows user to provide info that will assistyou in directing the installation process. Admins can specify which set of choices the CI Wizard needs to present tousers by selecting one of the following policy settings :

Automatic Setup Custom Setup Restart a Previous Attempt Maintenance and Troubleshooting

Windows 2000 New Features and Architecture:IntelliMirror: provides follow-me functionalityWin. Manag. Instr. (WMI): Provides a standard model for the management of dataRemote OS Installation: Install Windows 2000 Pro remotely on client computersDirectory management snap-in: Manage security groupsManagement Logic Layer: standard manag. tools and value-added manag. solutionsClient Installation Wizard: provides a simplified version of Win 2k setup proceduresWindows Installer format: Defines apps: products, features, and componentsGroup Policy: Publishing and assigning of applications; assign apps to a group or user; apps assigned or published tousers will roam with users.

IntelliMirror: Win 2k change and configuration management technology that allows admins to move away from asituation, prevalent in Win NT and Win 98, where user roles need to be mapped to specific computers.

Admins can now allow users to roam between computers while allowing them to maintain full access totheir data, applications, and customized environments, whether they work online or offline.

Follow-me Functionality: Stores user info in specified locations on servers and on local hard drives. Makessure info in online and offline folders is synchronized.

To install, configure, maintain, and repair user applications, IntelliMirror employs Group Policy, ActiveDirectory, Windows Installer, and Add/Remove Programs.

Centralizes application deployment and maintenance by means of the Group Policy and Active Directory. Just-in-time installation: not visible to user, to ensure that apps only become fully installed when they are

needed. Each time user opens an app, the Windows Installer verifies that an app has all the required files


7/60

before allowing it to run. If needed Windows Installer will recover missing files from the distribution pointand install these.

Allows users to specify that applications be cached automatically Allows the client to create local copies of the applications Allows users to open an app without accessing a network copy Auto or Manual caching of documents to achieve mirrored user data Manual Caching: Users are able to decide which files need to be cached locally.

Technologies needed for management of user data and settings through ZAW : Active Directory Group Policy Roaming user profiles Offline folders Synchronization Manager Disk Quotas

Roaming Settings:1) Administrative settings2) User set tingsThese include: Personal address books, lock-downs preventing writes to system folders, and control panel items

Synchronization Manager: When a user is working online and saves a file to My Documents: The file is first savedto the network folder and then synchronized with the local folder. Opposite occurs if user is working offline, whenonline state is returned, synchronization with the network folder takes place automatically.

Document invocation: Refers to the automatic installation of a published application following a users attempt toaccess a file that requires the published application to run.

Disk Quotas: Configure quotas per volume and assign them to individual users or groups by using Windows Explorer .Disk space is charged against user accounts on the basis of file ownership.quota threshold: once reached, prevents users from creating more data, or notifies user, and also an event is added tothe Event Log.

Question: IntelliMirror functionality is fully dependent on the Group Policy and Active Directory.Answer: False

Windows 2000 Management Services layers:

Common services layer: Management logic Presentation

Common services layer: management services; low-level OS services including the Active Directory, eventnotification, (COM+), and (WMI).

Event Notification: Enables admins to track system, application, and security events and to pass them on to other users and services.

COM+: Low-level service that provides an open architecture for cross-platform development.

WMI: Provides a standard model for the management of data regardless of source. WBEM-compliant means of accessing and sharing management info in an enterprise network; provides a rich and consistent model of Win 2k

operation, configuration, and status; offers a COM API that provides a single point of access to management info, arich query language, and a flexible architecture that allows vendors to extend the model by writing WMI providers.Provides for the following components:

Win32 Windows Driver Model (WDM) Event logs Registry Performance counter Active Directory Windows Installer


8/60

Simple Network Management Protocol (SNMP)Drivers that can make use of WMI include SCSI class drivers and NDIS network adapter class drivers. WMI-enabled drivers can record info regarding device failure, error statistics, and performance counters.

Managed Object Format (MOF): WMI-enabled drivers employ this to record info about device failure, error statistics, and performance counters. This file defines attributes for entities in managed environments.

Web-Based Enterprise Management (WBEM): An industry initiative that establishes management infrastructurestandards and provides a way to combine info from various hardware and software management systems.

Windows Driver Model (WDM): Drivers support WMI interfaces but the drivers must be

specially written to benefit from WMI. WDM is a strategy for making driver development

simpler. WDM provides a common set of services for developers to create drivers that are

compatible across Windows operating systems for certain device classes. A WDM driver can be

source-code-compatible for Windows XP, Windows 2000, Windows Me, and Windows 98.

Writing one driver for multiple platforms means that developers can create and manage a

single source-code base rather than writing a separate driver for each platform, and this

reduces the amount of code that must be tested and debugged.

http://www.microsoft.com/whdc/hwdev/driver/WDM/default.mspx

Common Services

Management Logic Layer:

Presentation Layer: MS MMC framework, XML, and SGML developed by W3C

XML : improves on HTML links by allowing links that reference multiple documents, and guarantees that structureddata is uniformly independent of platforms, apps, and vendors and that it can be transmitted via Web-based protocols.

MMC: Program that hosts snap-in management apps for administrative tasks. create, open, and save admin tools in the form of MMC consoles MMC console consists of at least one snap-in MMC console consists of a hierarchical console tree MMC consoles are stored as files with . msc extensions and any new settings are preserved even if you open

the consoles on a different computer

Automation: Employs the Windows Scripting Host and all COM controls that present automation interfaces for theexecution of management tasks. It enables an admin to define scripted actions based on WMI events and COM events.

Distributed Security Services: need for simplified domain management, delegation of account administration, andintegration of Internet security technology with Windows security.

Active Directory Replication: Account updates can be made at any PDC. Each PDC has its own master replica of the Active Directory and the update and synchronization of the different replicas take place automatically. Tree-widetransitive trust simplifies the admin of trust relationships between domains. This allows users with accounts specifiedin one domain to be authenticated by another domains servers.-- Explicit one-way trust relationships to Win NT 4 domains and two-way transitive trust relationships between Win

2k domains.-- allows you to delegate to the level of OUs admin rights concerned with the creation and management of accounts.--domain user accounts are copied to all domain controllers within the same domain.--Local user accounts are created only in the local security base of the users computer --Domain user accounts created in an Active Directory (OU) on a DC and copied to other DCs within the samedomain; access tokens that stores a users info and security settings.--Security groups: Stored in Active Directory; managed by the Directory Management snap-in. Each group isassigned a security identifier (SID) that identifies the group and its permissions.--Only shared folder permissions for FAT volumes. In Win 2k you can combine shared folder permissions and NTFS

permissions using an NTFS volume.--the most restrictive permissions will overrule other permissions .
http://www.microsoft.com/whdc/hwdev/driver/WDM/default.mspxhttp://www.microsoft.com/whdc/hwdev/driver/WDM/default.mspx


9/60

Windows 2000 Authentication: Through Kerberos Version 5 and Transport Layer Security (TLS) for distributedsecurity protocols. client authentication SSL 3.0 and Transport Layer Security (TLS), that map user credentials aspublic-key certificates to Win NT accounts; passwords , smart cards .-- signed ActiveX controls and IE Java Classes

Kereros: faster server authentication, transitive trust relationships for inter-domain authentication, and the delegation

of authentication for multi-tier client/server application architectures. Defines the interaction between clients and anetwork Authentication Service called the Key Distribution Center (KDC).

Key Distribution Center (KDC): Implemented on each DC and Windows 2000 domains function as Kerberosrealms.

Microsoft Certificate Server: Allows companies to assign X.509 version 3 certificates to employees. Comprisesmodules for public-key certificates - certificate authorities (CAs) , and CryptoAPI for certificate management.

Publick-key certificates: authenticate external users w/out Win 2k accounts and map them to Windows accounts.

Private/public key pairs managed by users through interface dialogs and tools.

Personal Information Exchange: Industry-standard protocol to transmit personal security details that are storedsecurely on disk.

Windows Security dialog box: Hit control-alt-delete from windows. View user logon info Change Password Lock workstation Log off Shutdown Access Task Manager

Security Configuration Editor: security configurations for groups and clients.

IP Security PolicyAccount Policies: Used to configure Kerberos policies, password policies, and account lockout policies.Local Policies: Used to configure user rights assignment, auditing, and security options.

Public Key Policies: Used to configure domain roots, encrypted data recovery agents, and trusted certificateauthorities.

System Services: Allow you to specify startup and security settings for computer services.

Registry: Used to configure security on Registry keysFile System: Used to configure file path security

Encrypting File System (EFS): resides in the kernel and supplies core file-encryption technology for storing NTFSfiles encrypted on disk.

Uses public-key encryption based on the Windows CryptoAPI architecture. performs encryption and decryption transparently by identifying the encrypted file and finding the particular

users certificate and private key.http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp

Fibers: New kind of processing unit, which are lighter than threads. Enable Win 2000 Server to achieve higher scalability.

Job Object API: Allows an app to manage and control dependent system resources, thereby preventing the app fromdecreasing system scalability. It can establish time limits, control process priorities, and limit memory usage by agroup of related processes. Win 2k Server extends the process model by using job objects which can be named,shared, and secured that enable you to manage several processes together as a single unit.

Intelligent I/O Architecture (I2O): Designed to reduce the load on system CPUs and to eliminate I/O bottlenecks. Itachieves this by letting special I/O processors (IOPs) deal with interrupt handling, buffering, and data transfer.
http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asphttp://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp


10/60

NTFS Offers: Distributed link tracking Per-user disk quotas Removal of drive letter restrictions Redundant storage to store data and to effect recovery Ability to recover from errors in critical disk sectors

Kernel memory write protectionTasks no longer needing a reboot:

Enlarging page file size Adding a new page file Enlarging NTFS partition size Adding or removing network protocols Installation of SQL Server 7 Configuration of Plug and Play devices

Recovery Console:Kernel Mode: Only dump option shortens the period needed to collect a memory dump on systems that have largememory configurations.Automatic System Recovery: Allows admins to retrieve destroyed systems automatically be employing info stored

on floppy disk and a complete system tape backup.

Chkdsk: Three times faster in Win 2k than Win NT 4. Automatically launched during system startup if file systemcorruption is discovered.

Structured exception handlingException: An unexpected event caused by hardware or software- that occurs during the execution of a program.When an exception occurs, the program is halted and the system attempts to find an exception handler to handle theerror.

Modularity: Win 2k OS is modular, meaning it is divided into separate systems that interact independently. Eachsystem interacts with others through an API and each system can be removed and replaced with another withoutaffecting the others.----------------------------------------------------------------------------------------------------------------device objectA kernel-mode object, defined by the I/O Manager, that represents a physical, logical, or virtual device.HID Human Interface DevicesINF fileA file that provides the operating system with information required to install and configure a device.IRP I/O Request Packet. A data structure used to send I/O requests between the operating system and device drivers.kernel modeThe Windows kernel manages the most basic functions of the operating system, such as sharing the processor betweendifferent blocks of executing code. Kernel mode allows full, unprotected access to the system. A driver or threadrunning in kernel mode has access to system memory and hardware.NDIS Network Driver Interface SpecificationWHQL Windows Hardware Quality Labs

------------------------------------------------------------------------------------------------------------------------------------------------------------------ArchitectureComponents of Windows 2000 Modular OS:Kernel mode architectural layer, or User mode architectural layer

Environmental Subsystem:POSIX SubSys ---- Win32 subsys ---- OS/2 subsys ---->< Integral SubsysUser mode Kernel mode Executive ServicesGraphMan -- WinMan SecRefMon PwrMan MemMan IPCMan IPCMan ProcMan IOMan Filesystems


11/60

Object ManagerDevice Drivers ---- MicrokernelHardware abstraction layer (HAL)

The Kernel mode layer: Executive Upper layer managers

Device drivers Hardware Abstraction Layer (HAL) microkernel

Executive Services:I/O Manager:User mode:Cache Manager: Process Manager: Interprocess Communication (IPC) Manager: Local Procedure Call (LPC) and Remote Procedure Call (RPC) facilities.The LPC facility manages communication between servers and clients on the same system and the RPC facilitymanages communication between servers and clients on different systems.

Virtual Memory Manager (VMM): manages virtual memory and paging. And the Security Reference Monitor

controls security policies.

Window Manager and Graphical Device Interface (GDI) : which are combined in the Win32k.sys device driver,control the display system.

Plug and Play Manager : a component of the Executive, directs bus drivers to configure installed devices and devicedrivers.

Unlike Win 95, Win 2k does not require an (APM) BIOS or a Plug and Play BIOS.Advanced Configuration and Power Interface (ACPI) specification defines the BIOS support and system boardimplementation for Plug and PlayWDM drivers are source-compatible across Win 98 and Win 2k but they are not binary-compatible.

A microkernel manages the microprocessor and coordinates both the Executive's activities and all I/O functions.A microkernel is an operating system design that makes use of modules to implement the basic features of the kernel.It is configurable.

The User mode provides the user and application environment.

Environment subsystems enable Windows 2000 to run applications produced for different operating systems.

The Windows 2000 32-bit Windows-based (Win32) subsystem runs Win32 applications as well as applications basedon the following operating systems: Microsoft MS-DOS Win16

The POSIX subsystem provides an environment in which POSIX-based applications can run.

And the OS/2 subsystem provides an environment for 16-bit, character-mode OS/2 applications.

-------------------------

Windows 2000 Advanced Server and Datacenter Server offer an Enterprise Memory Architecture (EMA) which willgreatly benefit large application servers.

Among the computer systems that are ready to benefit from this are the Pentium Xeon chips.Windows 2000 Advanced Server supports up to 8GB of physical memory on Intel-based systems.

Windows 2000 Datacenter Server supports up to 64GB on Intel-based systems.


12/60

Applications running on Windows 2000 Datacenter will need to be written specifically to take advantage of the VeryLarge Memory (VLM) APIs.

Merely adding another 4GB or more of physical memory will not necessarily enable applications to benefit from VLMAPIs.Windows 2000 includes, as one of its operating system features, the Scatter/Gather I/O technology that was previouslyincorporated into the Windows NT service pack to enhance SQL Server performance.

An asymmetric processing system is limited to the execution of process on the microprocessor to which it wasoriginally assigned. This makes it slower, because unoccupied processors cannot assist in executing the process.

SMP system can run application and operating system processes on any microprocessor that becomes available.This decreases processing time as all processors are being utilized.

A thread is that part of a process that is executing and includes an identifier assigned by the system a Kernel-mode stack a User-mode stack register contents of the microprocessor's state storage space for subsystems and libraries

A program includes

code and data at least one thread a memory address space system resources

Windows 2000 components with the function it performs:IPC Manager: Manages communications between servers and clientsServer service: Enables a Win 2k OS to offer network resourcesVMM: Performs paging processesWin32 subsystem: Runs MS-DOS based appsSMP system: Runs processes on any available microprocessor HAL: Eliminates the need for two versions of the ExecutiveI/O Manager: Contains Win 2k file systemDevice driver: Translates driver calls into manipulation of hardware------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Active Directory: is the Windows 2000 directory service.This directory model makes use of the Internet DNS namespace for object naming. (ie. accounting.domain.com)The Active Directory supports Lightweight Directory Access Protocol (LDAP) versions 2 and 3 and HyperTextTransfer Protocol (HTTP).The Active Directory supports the RFC 822 naming convention for Internet e-mail addresses, for [email protected] . It also supports the HTTP Uniform Resource Locators (URLs) convention for web browsing.It also supports the LDAP URL and it supports a draft to RFC 1779 to specify network servers and objects.LDAP is the Internet standard for directory access.HTTP is the standard protocol for displaying pages on the World Wide Web.The Active Directory uses the Uniform Naming Convention (UNC) to refer to shared volumes, printers, and files on aWindows 2000 Server network.A Windows 2000 UNC may include domain names as part of its name, for example\\interswift.com\sales\results\quarterly.xls.

Directory objects: May include users, groups, computers, printers, shared folders, and containers such as domains andOUs.

This means that you organize directory objects in logical groups on the network instead of using the folders and filesof the physical structure.
mailto:[email protected]:[email protected]:[email protected]


13/60

The physical structure of the directory is invisible to the user, who identifies an object by its logical name rather thanits network location.The physical structure of the Active Directory consists of sites and domain controllers.A Site: consists of one or more IP subnets connected by high-speed access links. Sites usually have similar boundariesto a LAN.The physical structure of your directory is used to manage network traffic and to determine where users log on andwhere directory replication occurs.

Windows 2000 uses the physical structure of the directory to determine the most reliable and efficient links betweendomain controllers and the schedules for replication and logon.

Logical Structure: The logical structure of the Active Directory contains domains organizational units trees forests

The Active Directory domain a security boundary that forms the central unit of network control The computers within a domain share a common directory database having its own set of security policies,

and they have security relationships with other domains.

Access control lists (ACLs) in each domain contain the permissions for all the objects in the domain. This includesthe users who have access to domain objects and the type of access they are allowed, for example read-only access.

Domain controller: is a Windows 2000 server that stores directory data and manages user logon and authentication procedures and directory searches.

Domain Modes : In a Windows 2000 network, there are 2 domain modes - mixed mode and native mode.

Mixed mode is the default domain mode and allows for some domain controllers on the network to be runningWindows NT 4.0. You can run your servers in this mode indefinitely.

Once all the domain controllers on the network are running Windows 2000, you can convert your network tonative mode.

The client computers on the network do not need to run Windows 2000 for the native mode to be employed. Until your network is in native mode, directory functions such as group nesting, and some security functions

in the Active Directory will not be able to function properly. Once you have converted your network from mixed mode to native mode, you cannot convert it back tomixed mode.

Domains: Consist of network objects and their related attributes.Organizational units (OUs) : are container objects that contain other OUs and network objects.Network objects may include user accounts, user groups, or network computers.OUs form a logical hierarchy based on the structure of the organization in which the network is deployed.

Domain structures are independent of each other so each domain can implement its own OU hierarchy according to itsown rules.Different domains may also contain OUs with the same name.

You may want to create more than one domain on your network if it contains a large number of objects your network contains multiple Internet domain names

your network spans more than one organization you want to decentralize your network you want to extend data replication on the network

--When there are a number of domains on a network, all of which share a contiguous namespace, they are referred to asa tree.--When you add a domain to an existing tree, you need to add it as a child of an existing (parent) domain.--The name of the child is added to the name of the parent to give the child domain a unique DNS name.--The first domain on a network is referred to as the root domain and all subsequent domains are added to the root as

branches, which form the directory tree.


14/60

A forest: A group of trees that do not share a contiguous namespace.For example, interswift.com and brocadero.com domain trees do not share a contiguous namespace but when the

brocadero.com tree is joined to the interswift.com tree, a forest is created.But they do share the same configuration, schema, and global catalog.

The schema : summarizes the structure of the Active Directory, including all the object classes and their attributes.It is stored in the global catalog, which is a central repository that stores the attributes of network objects most often

used in searches.

There are two types of trust relationship that can be formed between domains in Windows 2000: one-way, nontransitive trusts two-way, transitive trusts

In a one-way, nontransitive trust relationship the Interswift.com domain, for example, may trust the Brocadero.comdomain.But Interswift.com does not automatically trust other domains that are trusted by Brocadero.com.One-way, nontransitive trust relationships are available in Windows 2000 to accommodate the Windows NT network structure. So if you want to create one-way trust relationships between Active Directory domains, you can do so.

In a two-way, transitive trust relationship , Interswift.com trusts any domain that is trusted by Brocadero.com because it trusts Brocadero.com.Two-way, transitive relationships are the default trust between Windows 2000 domains.

A two-way trust does not automatically grant users in the indirect trust relationship permissions to access your domain.You need to grant permissions to users and groups from a domain outside of the direct trust relationship in order for them to be able to access your domain.

The Active Directory is a namespace .This means that it is an area in which a name can be interpreted as a particular object or set of characteristics.A namespace is a bounded area in which a name can be resolved.

The Active Directory uses Domain Name System (DNS) to name and locate domains on the network.And it uses Dynamic DNS (DDNS) on its servers so that clients can register directly with a server and the server candynamically update its DNS table to include these clients.The use of DDNS makes the use of any other naming service, for example WINS, unnecessary in an exclusivelyWindows 2000 environment.

There are two types of Namespace in the Active Directory contiguous namespaces and disjointed namespaces.

Contiguous Namespace , for example an Active Directory tree, objects share a common root domain.Disjointed Namespace , for example an Active Directory forest, means that objects in a different Active Directory treesdo not share a common root. It includes the domain name for the object as well as the directory path to the object.

The Active Directory uses the following naming conventions : distinguished names relative distinguished names globally unique identifiers user principal names

A distinguished name (DN) is unique to a particular object and is used to identify the object itself.It includes the domain name for the object as well as the directory path to the object.

For example, the user AnnaH located in the Users sub-OU of the Sales Parent OU in the HQ child domain of theInterSwift parent domain would have the following distinguished name:/O=Internet/DC=com/DC=InterSwift/DC=HQ/CN=Users/CN=AnnaH

In this example the abbreviations represent the Organization (O), the Domain Component (DC) Common Names (CN) or objects

If a DN is unknown or has changed, you can use the relative distinguished name (RDN) to find an object.The RDN is a part of the DN that does not change because it is a unique attribute of the object itself.


15/60

For example, the RDN of the user object AnnaH is AnnaH and cannot change, even if the object is moved to another OU.You may not create duplicate RDNs in the same OU but you can have the same RDN in two different OUs because theobject has different DNs in the two OUs.

A globally unique identifier (GUID) is a 128-bit number that is assigned to an object when it is created.The GUID does not change, even when you rename or move the object.

The GUID can therefore be used to find an object when its DN has changed.

The user principal name (UPN) is a shortened version of a user's DN.

It includes the DNS name for the user account object and the user account name, for example [email protected] Principal Names (UPNs) should be unique within a domain.---------

Domain Controllers:multimaster replication .

The ring structure ensures that there are two paths to every controller.

http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?

link_id=3712&type=2

END OF:MS WINDOWS 2000 UPDATE: NEW FEATURES AND ARCHITECTURE----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

BEGINMicrosoft Windows 2000 - Installation and Administration: Installation


Windows 2000 Professional:Pentium 133MHz CPU64MB of RAM2GB HD w/ 650MB of free space.VGA Monitor

Win 2k Server:Pentium 133MHzMin 128RAM, 2GB HD w/ 1GB free.VGA monitor

*A network installation requires an extra 100-200MB of free disk space.MS recommends that you add 2MB of disk space for each MB of RAM in computer

NT File System (NTFS): Security at file and folder level File encryption Disk quotas Disk compression

File Allocation Table (FAT): Less secure; permissions only applied at share level Diff. transactional recovery support Doesnt offer EFS or compression
http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=3712&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=3712&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=3712&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=3712&type=2


16/60

Should only be used for a dual boot system (MS recommends not dual booting a server)

Client access license (CAL): Required for each client accessing server and network server.

Licensing modes: per seat or per server Per seat licensing: You need a separate CAL for each client that accesses the Windows 2000 Server.


17/60

Per server licensing : CALs are assigned directly to the server based on the number of expected client connections.

Workgroup: Security and administration are decentralized in a workgroup because each computer maintains its ownlist of users and security settings.

Domain is a grouping of networked computers that share a centralized administrative model via a replicated directorydatabase.

makeboot.exe from the \makeboot folder on the Windows 2000 installation CD-ROM.

winnt.exe if the target computer is running MS-DOS or Windows 3.x.And you run winnt32.exe if the target computer is running Windows 95/98 or NT 4.0 workstation.The winnt.exe command and its parameters for automated installation are shown hereC:\>winnt [/S[:sourcepath]][/T[:tempdrive]][/U[:answer_file]][/R[x]:folder][/E:command]

http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14091&type=2--------------------------------------------------------------------------------------------------------BEGINMicrosoft Windows 2000 - Installation and Administration: Installation


System Preparation (Sysprep) Tool allows you to perform multiple clean installations of Windows 2000 across anetwork.allows you to preconfigure the operating system on a master computer's hard disk and then clone this configuration to anumber of other computers.

The Sysprep Tool prepares a system disk image to be copied to another system by run sysprep.exe on a pre-configured Windows 2000 computer restart the computer and run a third-party disk image copying tool to create the image

Cloning , also known as disk duplication , refers to the process of duplicating an image from a computer and copying itto multiple computers.

Cloning is carried out by a third-party disk duplication tool.

Sysprep.inf To limit user intervention, you can create a sysprep.inf answer file that automatically answers thequestions for the user during mini-setup.

Sysprep can be run also from the Tools folder in the Windows 2000 Resource Kit.The Resource Kit is installed by running the command:\support\reskit\deploy\setup.exe

Setupcl runs when the master computer - or any hard drive duplicated from the master computer - starts.Once you have copied the image onto a client machine, the Sysprep Tool allows the mini Setup Wizard to runinteractively with the user.

Screen 3 of 15 shows how to use Sysprep Tool with screen shotUnder c:\Sysprep_Update\Tools\Double-click on sysprep.exeOnce copied the master computers HD (ie. proclient.gho image), you copy the image into a network shared foler or onto a compact disc. Boot the target computer using a network boot disk or the CD you have created. And you cancopy the disk image onto the target computer using the disk image copying software.


18/60

use the Setup Manager to create or import universal disk format (UDF ) files that you use to apply unique desktopsettings.use the Setup Manager to include components like device drivers.

sysdiff.exe in conjunction with the Setup Manager to install applications on remote machines at the same time as aremote Windows 2000 installation.Sysdiff is a substitute for cloning that operates without Sysprep.

Sysdiff doesnt require identical hardware configurations on the master and target computers..

To run the Setup Manager :setupmgr.exeOn the Product to install page of the wizard you indicate the type of answer file:

o Windows 2000 Unattended Installation: To create a text file that enables setup to run unattended, youselect this radio button

o Sysprep Install option: generates an INF file that is saved onto your computers system disk and allows thefile to use Sysprep to prepare the disk for duplication

o Remote Installation Services: Option creates a SIF file instead of a text file.* administration tools on the Win 2000 installation CD to enable the SIF file

Create a new distribution folder:C:\win2000dist

Share as:\\NTSERVER1\config1

Select the default mass storage driversSelect extra files to be copiedSetup manager Choose a location and name for the answer file to save:Copy the files from cd, or Copy the files from this locationThe Setup Manager Wizard successfully completed, creating the following files:C:\win2000dist\unattend.txtC:\win2000dist\unattend.udf C:\win2000dist\unattend.bat--Remote Installation Services (RIS)install Windows 2000 Professional on multiple network workstations using Pre-Boot Execution Environment (PXE)remote boot technology and server-based distribution software.

Computer that are PC98-compliant contain a PXE Remote Boot ROM. PC98 is an annual guide for hardwaredevelopers, co-authored by MS and Intel and including contributions from other hardware manufacturers.

The client computer requires one of the following: Net PC specification Network adapter with a Pre-Boot Execution Environment (PXE) supported network adapter card and a remote installation boot disk

create a boot installation disk by running the Win 2k Remote Boot Disk Generator , rbfg.exe , from the\remoteinstall\admin\i386 folder on the RIS server

A RIS server is a DC or a member server in a Windows 2000 domain that acts as the source of a remote clientinstallation.

provides the network installation of Windows 2000 Professional or a preconfigured Remote Installation Preparation(RIPrep) desktop image.RIPrep is a disk cloning utility used with RIS; it doesnt require identical hardware configurations in the master computer and client computers.

The recommended specifications for RIS server : Pentium I/II 200 MHz and between 128MB and 4GB of RAM,recommended minimum of 256MB.

Before you can use RIS on your network, you need to configure the following network services:
http://smb//NTSERVER1/config1http://smb//NTSERVER1/config1


19/60

DNS Server DHCP Server Active Directory

Bootstrap imageOnce RIS is installed, the following services are activated: Boot Information Negotiations Layer ( BINL )

Trivial File Transfer Protocol Daemon ( TFTPD ) Single Instance Store ( SIS )

BINL listens for client network service requests and ensures that the client computer is registered in the ActiveDirectory and that it receives the correct files from the RIS server.TFTPD enables the RIS server to download the files needed for remote installation - Startrom.com or OSChoo ser.SIS drivers scan the RIS volume for duplicate files and store them in a separate location to reduce the amount of disk space used by RIPrep images on the RIS volume.

Automatic Setup policy setting uses only the information provided by the administrator and allows you to createtemplates for simplified setup procedures.Custom Setup allows, for example, the specification of alternative client names but still requires the input of anadministrator at the client computer during installation.Restart Startup setting saves answers to questions during setup and reuses these answers during a second attempt if setup fails.

Steps if you have RIS on a server on your network and now want to install Windows 2000 Pro from a remoteclient machine:Boot the clinet using a PXE NIC or a remote boot floppy disk To create a remote boot floppy :Double-click on rbfg.exe in i386 folder Images win2000.proOr,You can also run it, from a folder called reminst conataing a version of Windows 2000 client that was copied, usingRIS, from another client computer on network.Rmote Boot Disk Generator:

Rbcfg boot disk: The procedure is not MS-DOS based. Instead it simulates the PXE boot ROM with all the necessarynetwork adapters on the disk. (only works with supported NICs)BINL service needs to be started on the server:

Boot Information Negotiation Layer Then the computer reboots, and starts The Client Installation Wizard Prompted to enter the username and password that you have authorized to configure RIS(you need to authorize users to configure RIS using the RIS servers properties dialog box in its Active Directory Usersand Computers MMC before you try to perform a remote installation)Select the customized client install you createdServices console.

Scenario:Suppose you generated a remote installation disk image using the Sysprep Tool.But you run setup on a client computer, and discover that command settings are not being processed during anunattended installation.To solve, you may need to adjust the syntax of the system information ( SIF ) file.What may be wrong with the SIF file?A: It may not contain the path to the oem directory.

The SIF file may not contain the name of the directory from which it is meant to extract preinstallation information -the oem directory, by default.To correct this problem, you change the directory information in the file in the way shown here.\\RemoteInstall\Setup\applicable_language\Images\applicable_name\$oem$

http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14096&type=2

--------------------------------------------------------------
http://smb//RemoteInstall/Setup/applicable_language/Images/applicable_name/$oem$http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14096&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14096&type=2http://smb//RemoteInstall/Setup/applicable_language/Images/applicable_name/$oem$http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14096&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14096&type=2


20/60

------------------------------------------BEGIN QuestionsMicrosoft Windows 2000 - Installation and Administration: Installation


Dynamic Host Configuration Protocol (DHCP) Point to Point Tunneling Protocol (PPTP) Internet Protocol Helper Application Programming Interface (IPHAPI) Telephony Application Programming Interface (TAPI)And it contains patches for various operating systems such as Windowshttp://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14097&type=2

Emergency Repair Disk (ERD).System Soft Card WizardTnsc001 D:\Winnt40\Sp6a\I386\Sp6ai386

MS SQL Server Service Pack 2For MS SQL Server 7.0And MS Data Engine (MSDE) 1.0

The Security Configuration Manager (SCM) available in the security configuration tool set in Service Pack 4 andlater; allows for more flexible centralized network security administration; can group and automate configuration tasksand it can help you to analyze security parameters for deviations from their baseline configuration.

SCM includes an updated Access Control List (ACL) editor that is similar to the ACL editor included in Windows2000.

streamlining the directory service,.AGLP (Accounts, Global Groups, Local Groups, Permissions) group strategy for consolidating groups.

http://weblinks.smartforce.com/courseware/links.asp?course=msw01se&link=11

Other disk image copying tools include:PowerQuest.comSymantec.comMicrohouse.comAltiris.com

Post-installation scripts can be used to automate configuration settings not covered in the disk copy process.These configuration settings are dependent on the organizational setup.http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14099&type=2

Windows 2000 operating system before the migration.


Scenario:You need to update Win NT 4.0 domain with 95/98 clients to Win 2k Domain?

Streamline directory services Remove non-critical protocols Install SP 4 or later Plan subnets Backup user info from Win 95/98 workstations
http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14097&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14097&type=2http://weblinks.smartforce.com/courseware/links.asp?course=msw01se&link=11http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14099&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14099&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14100&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14100&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14097&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14097&type=2http://weblinks.smartforce.com/courseware/links.asp?course=msw01se&link=11http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14099&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14099&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14100&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14100&type=2


21/60

Check hardware compatibility Setup roaming user profiles Convert to DNS naming convenstions

END STUDY SECTIONMicrosoft Windows 2000 - Installation and Administration: Installation


--------------------------------------------------------------------------------------------------------BEGIN STUDY SECTIONMicrosoft Windows 2000 - Installation and Administration: Installation


Win 2000 Compatibility Tool: generates a compatibility report that identifies hardware/software conflict. TheWindows 2000 Compatibility Tool generates a compatibility report that identifies whether or not there are anyhardware or software compatibility problems.To generate a HW/SW compatibility report,run x:\I386\Chkupgrd.bat where x represents the CD-ROM drive.This runs the initial portion of the Setup program and checks the system for Windows 2000 compatibility issues.Identifies the modifications you need to perform to ensure that the system is ready for upgrade. The text filedocumenting the compatibility check - compat.txt - can be stored on the system volume.

Windows 95, 98, and Windows Workstation NT 3.51, or higher, can be upgraded directly to Windows 2000.To auto start Windows update from CD-ROM, type:Start run: x:\i286\winnt32

The following MS and third-party tools assist in the reorganization of domains: NETDOM, ClonePrincipal, the Active Directory Migration Tool (ADMT), Entevos DirectMigrate, or Fastlanes DMSuite.


Scenario: Let's say that you are upgrading an NT 4.0 PDC to Windows 2000 and putting it into an existing Windows2000 domain tree as a child domain.You can choose between using a Windows 2000 Server CD for the upgrade or running Winnt32.exe from a sharednetwork folder containing the installation files.In this case you choose to use the CD.During the final reboot, the Setup program automatically logs on as the Administrator.And the Active Directory Installation Wizard opens.You can continue configuring the server environment at this point or postpone running the wizard.The Active Directory Installation Wizard completes the upgrade to Windows 2000 Server.It also installs the Active Directory service on your domain controller.

Scenario: Suppose you have upgraded from NT 4.0 to Windows 2000 and you need to place the upgraded PDC into anexisting domain tree as a child domain.The existing domain tree is the interswift.com domain, which is located in New York.Your updated child domain is Marketing, which is located in Chicago.Select the option (radio button) that allows you to add the server to an existing tree:

Create a new child domain in an existing domain tree(if you want the new domain to be a child of an existing domain select this option. For example you couldcreate a new domain named headquarters.example.microsoft.com as a child domain of the domainexample.microsoft.com.


22/60

Specify the full DNS name of the parent domain (ie. interswift.com)Then enter the name of the child domain (ie. marketing)Complete DNS name of new domain:

marketing.interswift.comSpecify a NetBIOS domain name (ie. MARKETING)On the Database and Log Locations page, you specify the location of the Active Directory database and the databaselog.

Microsoft recommends that you store the database and log on separate hard disks in order to optimize performance andrecoverability.You decide to store the database in the locations shown and you click Next.

You specify where the system volume (Sysvol) folder is to be stored.You type the location you have chosen and you click Next.The system volume folder must be stored on an NTFS 5.0 volume.On the Permissions page, specify the level of access allowed to information on the domain. Select the option thatallows you to restrict access to programs that run on Windows 2000 servers.Once Active Directory is installed, the server reboots and the Configure Your Server screen is displayed. You candowngrade a domain controller to a member server or configure it as a file, print, or web server.

Static Disk vs. Dynamic Disk:

After upgrading a server , you should perform the following tasks: verify that the Active Directory was successfully installed install administrative tools change domains from mixed mode to native mode

To verify that a user is authenticated in the Active Directory, you log on in a domain and select Start - Search - For People.

Windows 2000 Professional administrator tools:\i386\AdminPak.msi file on Win 2k Server CD-ROM

The Active Directory Migration Tool (ADMT) is a tool to assist network administrators with migration fromWindows NT to the Windows 2000 Active Directory service.


Objects that can be migrated using the Migration Tool include computer accounts user accounts security enabled groups


Start Programs Administrative Tools Active Directory Migration Tool

In order to add a security ID (SID) history, you enter a username and password that has administrative rights in theInterSwift domain and then you click Next to continue.Options you can specify for user in migration process:

If user rights should be updated If accounts should be renamed If associated user groups should also be migrated

Conflicting account: you can choose to prefix the migrating account with some letters (ie. MK), and click next. Youcan view log when completed.

The Reporting Wizard helps you to create reports about migration operations you have carried out.

END STUDY SECTION
http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=38548&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=38548&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14102&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14102&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=38548&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=38548&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14102&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14102&type=2


23/60

Microsoft Windows 2000 - Installation and Administration: Installation Windows 2000 Installation Advanced Installation options Preparing for upgrade Upgrading to Windows 2000

--------------------------------------------------------------------------------------------------------BEGIN STUDY SECTIONMicrosoft Windows 2000 - Installation and Administration: Administration

Basic administration Administrative tools Administrative strategies


The hardware components of a network include servers and workstations other peripherals, such as scanners and printers cabling modems routers and hubs


My Network Places:Provides a view of the network resources available to the logged on user: Add Network Place

o Add shared folderso Web folderso FTP sites as network places

Entire Network o Microsoft Windows Network Icon: View available domains and computerso Directory Icon: Access objects in the Active Directory

Computers Near Meo View the computers in your workgroup or domain

Folders button: displays directory structure of computer History: To locate files that you have used previouslySearch: Use to search for files, folders, computers users printers and Internet locations

Language - InternationalInput local indicator: Allows you to enable other language fonts that have been installed.The input locale changes the keyboard layout or input method depending on the language that you choose to insert.You can set individual applications to use different inpu locales.http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14995&type=2

Accessibility:

Microsoft Magnifier: Uses a portion of the screen to magnify the area in which the cursor or mouse pointer is located.Ability to save the accessibility settings in a separate file.

Utility manager: Allows you to adjust desktop settings without using the Accessibility Wizard.

Accessibility menu:o Magnifier
http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14992&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14992&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14993&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14993&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14995&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14995&type=2http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14992&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14992&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14993&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14993&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14995&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14995&type=2


24/60

o Narrator : Provides text to speech translation for those who are visually impaired. Allows the user tocustomize how screen contents are read.

o On-Screen Keyboard

options for visually impaired users: StickyKeys to enable multiple keystrokes using one key FilterKeys to adjust the response of the keyboard ToggleKeys to emit sounds when certain keys are pressed MouseKeys to enable the keyboard to act as a mouse SerialKeys to allow for alternative input devices

SoundSentry provides visual warnings for system sounds.ShowSounds which enables programs to show captions for program speech and sound.http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14996&type=2

When logging on, users provide their names and case-sensitive passwords.The username may be the standard name, LisaJ, or the UPN name, [email protected] who employ their UPN names need not supply a domain to which they want to connect because the UPN definestheir location in the Active Directory.

Ctrl+Alt+Delete key combination:displays the Windows Security dialog box:

o Lock computer o Log off o Shut downo Change passwordso Task manager o Cancelo name of the user who is logged on to the computer.

Standby mode : Useful for battery-power computers. Windows removes the power from devices such as monitors andhard disks to conserve energy.

Restarting: Closes all applications removes polices profiles and scripts and unload the OS.

END STUDY SECTIONMicrosoft Windows 2000 - Installation and Administration: Administration




The MMC has no management functionality of its own, but it provides a consistent interface for managementapplications known as MMC snap-ins.

Microsoft's design goal for the MMC: hosts the main administrative tools for clients and servers is task oriented relies on delegation integrates different tools

The two types of snap-in are standalone snap-ins , called snap-ins
http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14996&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14996&type=2http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14996&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14996&type=2http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/


25/60

extension snap-ins , called extensions

The functionality of snap-ins is enhanced by extensions.For example, the Event Viewer and Device Manager extensions provide increased functionality to the Computer Management snap-in.

http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?

link_id=14997&type=2

The MMC can be used in User mode to work with snap-ins Author mode to create consoles or modify existing ones

Console Tree User mode :full access users have access to the entire Console Tree and allow them to open snap-ins in new windows.limited access/multiple window users have full access to only part of the Console Treelimited access/single window users view a single window in the Console Tree.

Console Tree Author mode , you have full access to the Console Tree can add or remove snap-ins can save new consoles.

On a domain controller, the most commonly used tools are typically Active Directory Users and Computers Computer Management DFS manager DNS manager Services

The Distributed File System (Dfs) enables you to group several storage areas on the network so that they appear asone location and file system to the user.The Dfs manager allows you to create file trees and manage users' access to them.


log file associated with a scheduled task.Notify Me of Missed Tasks option from the Advanced menu..




Basic administration

Administrative tools Administrative strategies .

You use group policy to control computer services on the network control users' desktop environments determine users' permissions on the network determine the applications and tools available to users allow users to access data from anywhere on the network
http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14997&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14997&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14998&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14998&type=2http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14997&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14997&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14998&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14998&type=2http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/http://launchmenu%28%2705525400199155237%27%2C%275525%27%2C%2740019915%27%2C%272%27%2C%2710115258%27%2C%276097632%27%2C%271%27%2C%270%27%2C%27123%27%2C%275467349%27%29/


26/60

Any group policy applied to an Active Directory container is applied to all objects within the container.

Offline files cache network data to the local machines so that users can access the data when they are disconnectedfrom the network.You can publish resources, such as printers and shared folders, at a central location on the network so that users cangain access to them from anywhere on the network.

Windows 2000 uses the Distributed File System (Dfs)http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14999&type=2

You can delegate administrative control in the Active Directory by assigning permissions to administrators to modify specific OUs modify specific object attributes in an OU perform a specific task in all the OUs in a domain

(DACLs ) - to control access to Active Directory objects.A DACL contains the permissions and the level of access granted to users for an object.Each entry in a DACL is called an access control entry (ACE)..All resources in Windows 2000 have DACLs for files and folders on NTFS volumes Active Directory objects

printer objects


A taskpad is a simplified interface that contains one or more tasks that are shortcuts to commands or administrativetasks in an MMC snap-in; create easy-to-use customized tools for users who perform a limited number of administrative tasks.http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15001&type=2

access token contains the users SID and universal, global, and domain local group memberships. It determines whichresources the user may access on the network.You can activate the Secondary Logon service on your computer by selecting Run as from a shortcut menu using the runas command from the DOS prompt

You can include the runas command in a batch file to run an application automatically with a particular user accountlogon.create a shortcut that uses the runas command.run applications automatically at logon; do this if you often need to run a single applicatoion with specific set of

privileges.

--Suppose you want to create a shortcut to the Secondary Logon service so that you can use it to access an application.To do this, you right-click the application you want to access, for example Licensing.And you select Properties.On the Shortcut tabbed page you select the Run as different user checkbox.Then you click OK.

To execute the run as command, you right-click Licensing and you select Run as from the shortcut menu.In some cases you may have to hold down the Shift key while right-clicking the applicaton.

In the DOS window you type the command shown.

The variables you can use with the runas command are /profile /env /netonly /user
http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14999&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14999&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15000&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15000&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15001&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15001&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14999&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=14999&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15000&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15000&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15001&type=2http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15001&type=2


27/60

program

The variable /profile is used to add user profiles, while /env specifies that the current environment must be used insteadof the user's environment.The /netonly variable is used when the specified credentials pertain only to remote access.The variable /user specifies the username, and program is a command line for executables.The user name should be represented in the form USER@DOMAIN or DOMAIN\USER

C:\> runas /user:[email protected] mmc diskmgmt.msc Enter password for [email protected]: XXXX Attempting to start mmc diskmgmt.msc as user [email protected]...

The Disk Management MMC now appears.http://www.smartforce.com/learning_community/applications/course_resources/login_course_resources.asp?link_id=15002&type=2



--------------------------------------------------------------------------------------------------------BEGIN STUDY SECTIONMicrosoft Windows 2000 - Installation and Administration: Users

Creating users Creating multiple user accounts User profiles

User principal name (UPN) : combination of the user logon name and a domain name. By default, the UPN suffix isthe DNS name of the domain in which you are creating the account. [email protected]

User cannot change password option: Ensures only Admins and members of the Account Operators group can changethe users password.

http://weblinks.smartforce.com/courseware/links.asp?course=msw12se&link=1

* User names not case sensitive, but windows 2000 preserve case for reference.* User logon names can be no longer than 20 characters: [email protected]* Reserved special characters: / \ [ ] : ; | = , + * ? < >* Pre-Windows 2000 logon name : used for pre-Windows 2000 comptuers: ZOETRONICS\userlogonname* Passwords : between 8 and 128 characters, lowercase, uppercaser, letters, numbers, and valid symbols. Valids

Mcse Smart Certify Study Guide

Documents

Transcript of Mcse Smart Certify Study Guide