Installing, Configuring, and Administering Windows 2000 Server
1. Eric is employed as the network administrator for a company called Med Scheme. Med Scheme has approximately 500 employees who work in customer locations. These employees need access to resources on the corporate network when they work in the field. Eric installs a second modem on the Windows 2000 Server computer and configures it to support Routing and Remote Access. However, remote users reporting that they cannot connect to the server via the new modem. Eric needs to determine the cause of the problem. What should he do? Answer: Use the Routing and Remote Access snap-in to determine whether the ports are operational for both modems. Explanation: Routing and remote access snap-in can be used to check the status of ports that are used by modems. Windows 2000 system configuration information is located in the registry. This simplifies the administration of a computer or network; however, an incorrectly edited registry can disable the operating system. Therefore, editing the registry is not recommended. The Net Config Server command is used to display or change settings for the Server service while the service is running and the Net Statistics command is used to display the statistics log for the local Workstation or Server service. Neither can be used to diagnose modem problems. 2. James is employed as the network administrator for a company called Axion Research. James installs and runs a third-party 32-bit application on a Windows 2000 Server computer. After a few days, the application is stops responding. James opens Task Manager and discovers that the CPU usage is at 100 percent. He closes the application but the CPU usage remains at 100 percent. There are no other applications running on the computer. James then decides to check the Processes page in Task Manager to confirm that the application's executable file is not longer running. James wants to return the CPU usage to its normal range. What should he do? Answer: Use Task Manager to end any related child processes. Explanation: When an application ends abnormally, there will be a possibility that it may leave "orphaned" child processes behind. These processes continue running although the application has been terminated. Task Manager can be used to end any orphaned child processes. Restarting the Server service or the Workstation service will not end the orphaned child processes. Neither would restarting explorer.exe. Furthermore, explorer.exe is an integral part of the Windows GUI. Ending it could cause Windows to become unstable and stop responding. 3. Trevor works as an administrator for a company called CTU Solutions. The IT Department at CTU Solutions installs Terminal Services on a Windows 2000 Domain Controller. They also install the 1
Terminal Services client on the users' client computers. The users, however, report that they cannot connect to the Terminal Server. When they attempt to connect to the Terminal Server they receive the error message: "The local policy of this system does not allow you to logon interactively." The Head of the IT Department instructs Trevor to rectify the problem. When Trevor attempt to log on to the Terminal Server as an administrator from a client computer, he discovers that he can log on successfully. He, however, wants the users to be able to log on to the Terminal Server. What should Trevor do? Answer: Grant the users the right to log on locally. Explanation: Due to the fact that the users in the scenario access the local Windows 2000 through a Terminal Services client, they must have the right to log on locally, not the right to log on as a service. Copying the users' profiles or their home folders to the Terminal Server would not enable them to log on the Terminal Server. 4. Simon is employed as the network administrator for a company called Sanlam International. Sanlam International has its headquarters located in Miami and a branch office located in Atlanta. Sanlam International's network consists of multiple domains within the LAN at the Miami office. The network at the Atlanta office is configured as another domain within the domain tree. Each domain contain of several Organizational Units (OUs). A 56-Kbps connection is used to connect the remote domain to the headquarters office LAN. The Sanlam International network is shown in the following exhibit: The remote location is running a Windows 2000 service pack 1 while the LAN is running the Windows 2000 service pack 3. A group policy must be configured for the remote locations for users to be able to repair problems regarding a service pack system file. Traffic also needs to be reduces on the LAN while the administration of the group policies needs to be eased. Simon, however, wants to retain the domain administrator's access to the group policy configuration. What should Simon do? Answer: Configure a group policy for salaries.sanlam.com domain. Configure a service pack software package for the group policy.
Explanation: Group policy for the remote location implies a remote policy for the salaries.sanlam.com domain. Therefore the best solution is to configure a GPO at domain level and not to every organizational unit in the salaries.sanlam.com domain. 5. Adam is the administrator of a Windows 2000 Server network for a real estate company called Dias Properties. The Dias Properties network contains four Windows 2000 Server computers named SRV1, SRV2, SRV3 and SRV4. Adam formats a separate partition and boot partition as NTFS on each of the four servers. Months later Adam shuts down SRV3 for maintenance purposes. When he restarts the server, Adam receives the error message: "NTLDR is missing. Press any key to restart". To resolve the problem, Adam must install a new NTLDR file on the server; however Adam does not want to lose any of the configuration settings made to SRV3. What should Adam do? 2
Answer: Start the computer using the Windows 2000 Server CD-ROM and choose to repair the installation. Select the Recovery Console and copy the NTLDR file on the CD-ROM to the root of the system volume. Explanation: Windows 2000 cannot start if the boot sector cannot find the NTLDR file. Possible causes of this problem can be the accidental moving, renaming, or deleting of the NTLDR file; the NTLDR file becoming corrupted, or the boot sector becoming corrupted. It is not necessary to reinstall Windows 2000 to resolve this problem as the Recovery Console can be used to restore the NTLDR file. Furthermore, reinstalling Windows 2000 would result in the loss of the current server configuration settings. 6. Colleen is the administrator at a publishing company called Praxis Press. The Praxis Press network contains a Remote Access Server and uses TCP/IP as its only network protocol. Some of the users report that when they connect to the Remote Access Server, they receive the following message: "IPX/SPX compatible CP reported error 733. The PPP control network protocol for the network is not available". When they allow the connection to continue they are only able to connect to services that use TCP/IP. Colleen wants to prevent this message from being displayed. What should she do?
Answer: Configure the client computer to use only TCP/IP for the connections to the Remote Access Server. Explanation: Since this is a TCP/IP network Colleen can remove the NWLink protocol. The NWLink protocol is required for connectivity to Novel NetWare which is not in use on the network 7. Carlos is the administrator for a company called Ulware Distributors. Ulware Distributors has one Windows 2000 domain and two Windows NT domains. The Windows 2000 domain has two Domain Controllers named DC01 and DC02. DC01 is configured to use the hisecdc security template. A trust relationship exists between the Windows 2000 domain and each of the Windo ws NT the domains. However, the Windows NT domains users report that they cannot access DC01. Carlos must ensure that Windows NT domain users can access resources on DC01. What should he do? Answer: Apply a less restrictive custom security template to DC01.
Explanation: The two high security templates, hisecws and hisecdc, define security settings for Windows 2000 network communications. These security templates can be used by Windows 2000 computers on a Windows 2000 network that is running in native mode. It is thus not possible to use hisecdc in mixed mode. Native mode however does not permit communication with Windows NT, Windows 98 or Windows 95 hosts. Therefore the only solution is to apply a less restrictive custom security template on DC01. 8. Erica is employed as the network administrator for a company called Siltex Inc. The Siltex Inc has a Windows 2000 domain that includes approximately 50 Windows 2000 Server computers. All the 3
Windows 2000 Server computers are contained in an Organizational Unit (OU) named Servers. Erica notices that each Windows 2000 Server computer has local security auditing enabled but is configured to audit different events. Erica wants to standardize the events that are audited and wants to ensure that auditing remains standardized even if the audit policy changes. What should Erica do? Answer: Configure a Group Policy Object (GPO) and apply it to the Servers OU. Explanation: Auditing on a group of computers can be standardized by creating a Group Policy Object (GPO) that is configured with the appropriate security setting, and linking the GPO to the OU. The audit settings configured in the GPO would be applied to all the computers in the OU. Although it would be possible to create a local GPO for each server, and to configure the GPO to with the same audit settings, it would require less administrative effort to configure one GPO at OU level. 9. Younis is the IT manager for a company called Edcon. Edcon has a Windows 2000 network that includes 2 Domain Controllers, two DNS servers and two DHCP servers. Younis wants to delegate backup and restore tasks of all servers to an administrator named Anil. He, however, does not want to allow Anil to shut down any servers or uninstall any driver files. What should Younis do? Answer: Grant Anil the User rights to backup and restore files on all computers in the domain.
Explanation: Read Only permissions would not permit Anil to perform backup and restore duties. Adding Anil to the Backup Operators group would grant him the rights to backup and restore file but would also grant him the right to shut down Windows 2000 computers. Younis should thus specifically grant Anil the rights to backup and restore files. This will give Richard minimal rights required to perform the task. Adding Anil to the Domain Admins group would grant him administrative rights to the domain. This would allow Anil to perform any administrative task within the domain, including shutting down computers. 10. Ulrich is the network administrator for Unistar. He is in the process of configuring a new Windows 2000 Server computer. The computer contains five identical physical disks. He must ensure that all disk volumes are fault tolerant but also wants to minimize disk access time and maximize the available storage. Due to budget constraints, Ulrich will implement a Windows 2000 software RAID. What should Ulrich do? Answer: Configure the system volume as a mirrored volume and the other volumes as RAID-5 volumes.
Explanation: Windows 2000 Server supports two software implementations of RAID: mirrored volumes (RAID-1) and striped volumes with parity (RAID-5). A mirrored volume uses the Windows 2000 Server fault tolerance driver (Ftdisk.sys) to simultaneously write the same data to a volume on 4
each of two physical disks. This ensures the survival of data in the event that one member of the mirrored volume fails. A mirrored volume thus requires two identical hard drives. In a RAID-5 volume, Windows 2000 achieves fault tolerance by adding a parity-information stripe to each disk partition in the volume. If a single disk fails, Windows 2000 can use the data and parity information on the remaining disks to reconstruct the data that was on the failed disk. A mirrored volume can contain any partition, including the boot or system partition; however, both disks in a mirrored volume must be dynamic disks. However, mirrored volumes only use 50 percent of the disk space. RAID-5 volumes require a minimum of three drives. A software-level RAID-5 volume cannot contain the boot or system partition. In this scenario, Ulrich has five identical volumes. As a software-level RAID-5 volume cannot contain the boot or system partition, Ulrich would need to use a mirrored volume for the system partition to ensure its fault tolerance. This would require two of the disk. He should then configure the remaining three disks as a RAID-5 volume and use the RAID-5 volume for the data volume as this would maximize the usage of the disk space on the remaining disks while ensuring their fault tolerance. Ulrich should not implement a striped volume (RAID-0). A striped volume combines free space from up to 32 hard disks into one logical volume. Windows 2000 optimizes performance by adding data to all disks in a striped volume at the same rate. However, if any one disk in a striped volume fails, the data in the entire volume is lost. Therefore a striped volume is not fault tolerant 11. Paul is a network administrator for a company called Axis Inc. The Axis Inc network consists of a single domain that contains several Windows 2000 Domain Controllers. Paul is instructed to create a schedule to backup all the registry files of the Servers and Windows 2000 Active Directory Services Databases automatically. Paul uses the Windows 2000 Server backup application to make sure that all files are backed up. Paul must ensure that the backup process does not affect the accessibility and production during normal hours of operation. Paul wants to implement a backup configuration that requires the minimal amount of time to implement. What should Paul do? Answer: Configure each Domain Controller to back up their own System State data at 2:00 AM to a local shared folder. Configure one Domain Controller to back up that shared folder to removable media at 3:00 A.M.
Explanation: The System State includes, amongst others, the Registry; COM+ Class Registration database; the Boot files, including the system files; the Certificate Services database; Active Directory directory service; the SYSVOL directory; and the Cluster service information. Thus, by backing up the System State data of each Domain Controller, the registry files and the Active Directory database of each server will be backed up. Paul cannot use Rdisk. Rdisk was used in Windows NT 4.0 to create an emergency repair disk and is not included in Windows 2000.
12. Colin is a network administrator for a company called Lexis Ltd. The Lexis Ltd network consists of a single domain. The client computers and the server computers on the network are domain members. Colin must configure the client computers, local servers, and domain user accounts to have an expiration policy of 60 days. What should he do? Answer: Created a Group Policy Object (GPO) that is configured to enforce a maximum password age of 60 days. Link this GPO to the domain. Explanation: A GPO has to be created. The appropriate account policy in this GPO must be configured and linked to the GPO of the domain and not the OUs as account polices cannot be applied at the OU level. All accounts in the domain will then be affected when the GPO is linked to the domain. 13. Nelson is the administrator for a company called Siltek Traders. The Siltek Traders network contains a Windows 2000 Server computer named SRV11 that does not belong to a domain. SRV11 is used by the research department. Research Department employees use the local Guests user account to access SRV11. However, Siltek Traders wants to implement a new security policy that states that employees should not use the local Guest user account to log on to any of the company's computers. Nelson disables the Guest account on SRV11 and creates local user accounts for research department employees. A week later, Nelson discovers that the Guest account was used to access SRV11. He disables the account again. Nelson must ensure that the Guest account cannot be used to log on to SRV11. What should he do? Answer: Set the Accounts: Guest Account Status policy to Disabled in the Local Security Policy on SRV11. Explanation: Nelson must prevent the Guest account from being enabled for use by the nonadministrators. He can be achieved by using a Local Security Policy that disables the Guest account. He cannot do this by appending the $ to the account name. Only resources, such as folders and printers, can be hidden by appending a $ sign to their name. The same does not apply to account names. Nelson should not remove all other user accounts except his own as this will affect everyone else except himself. He only wants to prevent the Guest account from being used to gain access to the computer, not the other user accounts. Nelson also does not want to audit the logons on the computer. He wants to prevent the Guest account from being used. 14. Emile is the administrator for a company called RJL Engineers. RJL Engineers has a Windows 2000 Server network in which each department has an Organizational Unit (OU). Emile creates a custom security template to ensure that the highest level of security is achieved for the Human Resources (HR) department. The HR department uses local accounts for day to day operations. Emile wants apply account policy settings to all computers in the HR department's OU. What should he do? Answer: Create an OU named HR Computers in the HR department's OU. 6
Create a Group Policy Object (GPO) in the HR Computers OU and then import the GPO.
Explanation: Emile should cluster selected computers in a separate OU, configure a GPO with the appropriate settings and then link the GPO to the HR department's OU. He should not apply the GPO at the domain level as it would then affect all domain users and not just the users in the HR department. Neither can Emile use POLEDIT as it is a Windows NT 4.0 utility that is not supported in Windows 2000. 15. Bernadette is the network administrator for a company called Axion Traders. Axion Traders has a Windows 2000 network that consists of 10 Windows 2000 Server computers and 100 Windows 2000 Professional computers. Axion Traders wants to deploy an update to the accounting application is currently used on the Windows 2000 Professional computers. Bernadette wants to ensure that the update is installed automatically when users connect to the domain. What should she do? Answer: Create a Microsoft Windows Installer package for the application update and apply the package to the Local Computer Policy on all of the computers. Explanation: If Bernadette wants to automate the installation of an update to an application throughout a Windows 2000 network, she should apply Windows installer packages to a Group Policy rather than to all the local computer policies as the latter would require considerable administrative effort. She cannot use a distributed file system as it is used to organize network folders, not to deploy updates of applications. Similarly, RIS is used to deploy Windows 2000 Professional, not to deploy updates of applications. 16. Alice is the administrator for a publishing company called NJR Publishers. NJR Publishers has a routed Windows 2000 network that currently includes 20 Windows 2000 Server computers. The routers are not RFC 1542-compliant. Alice wants to create a new routed segment. She wants install a new Windows 2000 Server computer as the first computer on that segment. The existing DHCP server is configured with a scope that is valid for the new routed segment. During the installation process, Alice specifies that the new server should obtain its IP address from the existing DHCP server. After installation she opens the My Network Places but the new sever is the only visible computer. Alice opens a command prompt window on the new server and runs the ipconfig command and discovers that the new server's assigned IP address is 169.254.1.200 with a 16-bit subnet mask and no default gateway address. Alice needs to solve the problem so that she can access other computers on the routed network. Answer: Add a DHCP Relay Agent computer to the new routed segment. Explanation: Network traffic is allowed to pass across a routed network from a DHCP server if the routers is BOOTP enabled or if it is RFC 1542-compliant. If a client or server cannot receive an IP address from DHCP it is assigned one by APIPA. However there are ways to solve this problem. Alice could configure all routers to route BOOTP broadcast frames. This would require her to replace the routers with RFC 1542 compliant routers. Alternatively, Alice can install a DHCP relay on every remote network segment. 7
17. Alex is the administrator for a company called BackData. BackData has a Windows NT 4.0 network. Alex upgrades one of the Windows NT Server 4.0 computers named SRV4 to Windows 2000 Server. SRV4 has two hard disks. The system and boot partitions are located on two primary partitions on Disk0. Both partitions are mirrored on Disk1. Months later Disk1 fails and it is replaced with a spare disk. Alex uses Disk Management to repair the mirror set but the Repair Volume option is not available. Alex must repair the mirror set. What should he do? Answer: Delete all volumes on Disk1. Change Disk1 back to a basic disk and repair the fault-tolerant volumes on Disk0. Break the mirror set and convert Disk0 to a dynamic disk, then create a mirror on Disk1. Explanation: Windows 2000 can support basic mirrors but not repair them. Thus the Repair Volume option is not available. Alex has the option to recreate a mirror by deleting the volumes on Disk1 and converting it to a basic volume and then repair the fault tolerant volumes on Disk0. Or he can create a dynamic mirror by breaking the mirror set and converting Disk0 to a dynamic disk and creating a mirror on Disk1. 18. Sharon is the administrator for a software company called Metcom Solutions. The programmers at Metcom Solutions store their work in a shared folder on one of the Windows 2000 member server computers named SRV05. SRV05 is configured with a single 36-GB drive that contains the operating system files. The drive also contains the shared folder. Sharon wants to prevent employees from using more than 2-GB of space in the shared folder. What should she do? answer : Set the default disk quota to a 2 GB limit. Enable disk quotas on the volume. Select the Deny Disk Space for Users Exceeding Quota Limit check box.
Explanation: To set up Disk Quota Sharon must first enable Disk Quotas. To do this she should open Windows Explorer and right-click on the volume, select Properties, select the Quota tab, and select the Enable quota management check box. She must then set default quota limit and select the deny disk space to users exceeding quota limit check box. Finally she must configure quotas for each user as Disk Quotas cannot be applied to user groups. Sharon should not upgrade the disk to a dynamic disk as disk quotas are only supported on NTFS volumes, not dynamic disks. 19. Andrea is the administrator for an Airline called Civair. The Civair network has a Windows 2000 Server computer that hosts many web sites that have logging enabled. A third-party reporting utility is used to analyze the log files produces by the web sites. Data fro m 7:00 P.M to midnight of each night is included in the log file of the next day. Andrea wants the data from 7:00 P.M to midnight of each night to be included in the correct days log file. What should she do? Answer: Change the Log Rollover property in the web site logging properties.
Explanation: The steps that Andrea must follow are as follows:- From the Administrative tools folder, open the Internet Services Manager console. - Then right-click on the Web site. - Then select the following Properties, Web Site and then properties again. - Then enable the Use local time for file naming and rollover option.
20. Ashley is the administrator for a small manufacturing company called Ulware Industries. The Ulware Industries network contains a Windows NT 4.0 Terminal Server computer which currently has a Service Pack 3 (SP3) installed. The server has one hard disk that is divided into two partitions. The first partition is formatted as FAT and contains the system files. The second partition is formatted as NTFS and contains the user data and application data. The server needs to be upgraded to Windows 2000 Server. However, Ashley wants to ensure that no data is lost during the upgrade and that the process will take place with as few steps as possible. What should he do? Answer: Install a Windows NT 4.0 Service Pack 4 (SP4) or later on the server. Convert the system partition to NTFS. Use a Windows 2000 Server CD to start the server and select the upgrade option in setup
Explanation: It is not necessary to install a standard NT Server 4.0 server to ensure that no application data or user data is lost during the upgrade. Instead, Andrea should first upgrade the file system on the Terminal Server to NTFS. She should then apply Windows NT Service Pack 4 (SP4) on the computer and start the installation process from within the Windows NT 4.0 SP4 operating system and select to upgrade the operating system. 21. Edgar is the administrator for a company called Anstek Consulting. Anstek Consulting has a Windows 2000 network. Approximately half of the 75 employees at Anstek Consulting work from home. The company wants to ensure that employees can connect to the corporate network when they work from home. Edgar installs a new Windows 2000 member server named SRV04 on the network. Routing and Remote Access is enabled on SRV04. SRV04 is configured to use a modem bank to accept incoming dial-up connections. Edgar must also restrict the access to the network to users who can access the network at speeds greater than 64 Kbps and must ensure that the users connect by using mutual authentication. What should Edgar do? Answer: Specify IDSL as the dial-in media. Configure the authentication provider to a Windows Authentication and configure support for MS-CHAP version 2. Explanation: An Internet transfer speed of at least 64 kbps implies an IDSL line while Async refers to a modem with a maximum speed of 56 Kbps. Edgar should therefore specify IDSL as the dial in media type. This will ensure that only users with at least a 64 kbps connection will be able to dial into the network. Edgar should probably have to use Windows Authentication rather than RADIUS Authentication as this scenario makes no mention of a RADIUS server. He should also configure support for MC-CHAP v2 as Mutual authentication, in the context of RAS, is possible through either MS CHAP v2 or PPP with EAP-TLS 9
22. Silvia is the administrator for an insurance company called Spilhaus Investments. The network at Spilhaus Investments includes five Windows 2000 Server computers named SRV01, SRV02, SRV03, SRV04 and SRV05. Employees at Spilhaus Investments use Windows 98, Windows 2000 Professional, and Macintosh as client computers. TCP/IP is used as the only network protocol. Silvia creates several shared folders on SRV05. The company's financial data will be stored in these shared folders. Macintosh users complain that they cannot access the shared folders. Silvia must ensure that all client computers are able to access the shared folders. What should she do? Answer: Install the Apple Talk network protocol on SRV05. Install the Apple Talk network protocol on the Macintosh computers
Explanation: Macintosh clients require the Apple Talk protocol, not the SAP protocol, in order to be integrated in a Windows 2000 network. AppleTalk must be configured on both the client side and the Windows 2000 Server 23. Yvette is the administrator for a small retail company called West End Traders. The West End Traders network has a single Windows 2000 Server computer named SRV1. SRV1 currently has a single 10 GB hard disk which is running out of disk space. Yvette adds two new hard disks to SRV1 and configures both disks as basic disks. On each of the new disks, Yvette creates a single NTFS partition that uses all of the disk space on that disk. The new partitions are assigned dive letters D and E. Yvette shares Drive D as ShareData and Drive E as SalesData. She assigns the default share permissions to both shares. Yvette wants to create a number of folders in the root of Drive D which would be used to store network user files. She does not want users to create extra folders in the root of Drive D, but wants to allow them to create subfolders under the folders that have been created. What should Yvette do? Answer: Create the folders in the root of Drive D. Then configure the permissions on these folders to prevent permission inheritance and modify the permissions on the root of Drive D to prevent users from creating folders on the root. Explanation: When Yvette shares a drive the NTFS permissions allow Full Access to everyone. Yvette needs to restrict the right to create more folders on root of the drive, and then she has to prevent this restriction from being applied to the existing folders. To achieve this, Yvette should configure the permissions on the existing folders to prevent permission inheritance and modify the permissions on the root of Drive D to prevent users from creating folders on the root 24. Alice is the network administrator for a company called Rectron. The Rectron network contains four Windows 2000 Server computers named SRV01, SRV02, SRV03 and SRV04. SRV04 is connected to a laser printer named LASER01 and an ink jet color printer named INKJET01. Both LASER01 and INKJET01 are shared on the network. The managers at Rectron use LASER01 while the other employees use INKJET01. At times the manager in the sales department instructs his secretary to print reports to LASER01. However, other employees are sending unauthorized print jobs to LASER01. Alice must identify which users are printing to LASER01 without permission. What should she do? Answer: Enable audit logging for object access and configure auditing on LASER01. 10
Explanation: To be able to identify which users are printing to LASER01 without permission, Alice needs audit the access and usage of the printer. A printer is a network object therefore Alice should audit for object access. When she audits for object access, Alice must specify which object or objects should be configured for auditing. In this scenario she should configure LASER01 for auditing. Alice cannot use the printer's spool directory to identify which users are printing to LASER01 as the spool directory only holds print jobs. She also cannot use System Monitor or Event Viewer to identify which users are printing to LASER01. System Monitor is used to monitor system performance while the Event Viewer is used to view the security log. Printer access is not logged to the security log 25. Scott is the domain administrator for Belhar Ltd. The structure for the Belhar Ltd domain and Organizational Unit (OU) is shown in the exhibit: Recently unauthorized users have been deleting files from some of the file servers. Scott wants to identify which users are responsible for deleting the files from the file server. He wants to log all successful and failed attempts to delete the files from all the file servers. What should Scott do? Answer: Set audit permissions on all file and print server computers. Enable group policy auditing on the File and Print Servers OU.
Explanation: In this scenario Scott has to enable the auditing of the appropriate event using group policies on the file servers. As the file servers belong to the File and Print Servers OU, the group policy should be applied to the OU. Scott must then set the specific audit permission on each server computer. The Hisecws.inf template is a security template used to configure a high level of security on client computers. It is not used to configure logging. 26. Richard is the administrator for a medium sized manufacturing company called Maxtech Incorporated. Maxtech Incorporated has a Windows 2000 network that was recently upgraded from a Windows NT 4.0 network. However, three Windows NT Server 4.0 computers remain on the network. These computers are named NTSRV06, NTSRV07 and NTSRV08. Richard wants to upgrade NTSRV06 to Windows 2000 Server. NTSRV06 currently has two hard disks, both of which are formatted with the FAT file system. Richard starts the Windows 2000 Server setup programme by booting NTSRV06 from the Windows 2000 Server installation CD. However, when he does this, he receives the following message: "You chose to install Windows 2000 on a partition that contains another operating system. Installing Windows 2000 on this partition might cause the operating system to function improperly". Richard must perform the upgrade of NTSRV06. What should he do? Answer: Restart the computer and run Winnt32.exe from within the Windows NT Server 4.0 operating system.
Explanation: To upgrade an earlier version of Windows Server, Richard would have to use winnt32.exe. He should launch winnt32.exe from within the existing operating system. He does not need to convert the system partition to NTFS as Windows 2000 can be installed or upgraded on a disk or partition that is formatted with the FAT file system. The Advanced Configuration and Power Interface is used for power management and does not affect the installation or upgrade process. Richard thus does not need to disable ACPI in order to upgrade the operating system. Richard should also not start the computer by using Windows 2000 setup floppy disks as the setup floppy disks operate in DOS mode and would use winnt.exe to install Windows 2000. However, winnt.exe can be used only to perform a clean installation of Windows 2000. It cannot be used to upgrade the operating system 27. Edward is the administrator for a company called Lanstec Systems. The network at Lanstec Systems includes a Windows 2000 Server computer named FILESRV1 that acts as a file server. FILESRV1 contains four hard disks that are configured as a stripe set with parity. The IT manager instructs Edward to convert the stripe set on FILESRV1 to a dynamic RAID-5 volume. Edward converts the strip set successfully, however, users report that the access on FILESRV1 via the disk is slower than on previous occasions. Edward uses Disk Management to determine the status of the RAID-5 volume. He discovers that the status of the third disk in the array is missing. Edward must recover the RAID-5 volume. What should he do first? Answer: Ensure that the third disk has power and that it is attached to the server. Then use Disk Manager to reactivate the disk Explanation: Edward should first check that the disk has power and that it is attached to the server. If the disk is properly attached to the server and has power, he should try to reactivate the disk. Only when the attempt to reactivate the disk fails should he replace the disk. 28. Sheila is the administrator for a small company called Proline. Sheila installs a Windows 2000 Server computer named SRV1 on the Proline network. SRV1 has a single 32-GB hard disk on which Sheila creates two partitions. The partitions are assigned the drive letters C and D. Drive C is a 10-GB partition that contains the system files while Drive D is a 20-GB partition that will be used to store shared files and folders. Both partitions are formatted with the FAT32 file system. Once SRV1 is properly installed, Sheila places a number of files and folders on Drive D. Several months later, users report that SRV1 does not retrieve the files from the shared folders at the speed it did previously. The number of users who access SRV1 remained fixed and the size of the files remained fairly constant. Sheila must restore the performance of SRV1 to the level it was at previously. What should she do? Answer: Defragment Drive D
Explanation: When files on a server become fragmented, access to the files becomes sluggish as bits of the file are scattered across the hard disk or logical drive. When this occurs the disk has to be defragmented. Defragmentation can be performed on any hard disk, logical drive, partition or volume, regardless of whether it has been formatted with the NTFS or FAT file system, or whether the disk is basic or dynamic. It is thus not necessary to convert the disk to NTFS of to a dynamic 12
disk. Furthermore, converting the disk to NTFS or to a dynamic disk will not improve file access on the disk as the files will still be fragmented. Moving the paging file to the partition that contains the shared folder would decrease overall system performance as the paging file is frequently written to 29. Alistair is the network administrator for a medium sized manufacturing company called Remax Automation. Remax Automation has a Windows 2000 network consists of a single domain that contains 50 Windows 2000 Server computers, 150 Windows NT Workstation 4.0 computers and 100 Windows 2000 Professional computers. The 50 Windows 2000 Server computers have just been upgraded from Windows NT Server 4.0. Alistair implements a Group Policy Object (GPO) that is configured to prevent users from accessing registry editing tools. He applies this GPO to each Organizational Unit (OU) in the domain. Later he discovers that users of the Windows NT Workstation 4.0 computers are still able to access the registry editing tools. Alistair must ensure that the users of Windows NT Workstation computers are not able to access the registry editing tools. What should he do? Answer: Create a System Policy for the Windows NT Workstation 4.0 users on a Windows 2000 Domain Controller and configure the policy to restrict the default users accessing registry editing tools. Explanation: A Group Policy is the new feature that is introduced with Windows 2000. Therefore down-level clients like Windows NT 4.0, Windows 98, and Windows 95 cannot use Group Policies. Windows NT 4.0 clients are configured through System Policies instead. The System Policy should be placed on a Windows 2000 Domain Controller rather than the user's home folder as it would require less administrative effort to maintain System Policies that are placed on Domain Controllers 30. Theodore is the administrator for a small company called Fujitsen. Fujitsen has a Windows 2000 domain that contains three Windows 2000 Server computers and 25 Windows 2000 Professional computers. Fujitsen has three departments, the Sales Department, the Marketing Department and the Finance Department. Users and computers in each department are organized into separate Organizational Units (OUs). Theodore is configuring a security policy for users in the Finance Department OU. He needs to configure a Group Policy so that future changes to the Group Policy will be applied within 15 minutes to any computer that is logon to the network What should Theodore do? answer: The group policy refresh interval for computers should be enabled and configured. Explanation: This Group Policy refresh interval, and not the background refresh setting or the asynchronous group policy application setting, specifies how frequently Group Policy for computers is updated while in use. Thus, by specifying the refresh interval Theodore would ensure that the policy is applied within the set time period after a user logs on to the network. The policy should be applied to all computers, not just to Domain Controllers 31. Joseph is the administrator for a company called Educon. Educon has its headquarters located in Miami and branch offices in Atlanta and New Orleans. It has a Windows 2000 network. Joseph installs a new Windows 2000 Server computer named SRV09 at headquarters. He wants to configure SRV09 as a Routing and Remote Access server for the branch offices. However, during 13
the installation of the bank of modems that are to be used for dial up purposes, the wrong driver was installed. Joseph tries to remove the modems by using the phone and modem option in the control panel. However after every attempt the computer locks up. Joseph needs to install the correct driver as fast as possible. He restarts SRV09. What should Joseph do next? Answer: Use the Add/Remove Hardware Wizard to uninstall the modem and then restart SRV09. Explanation: Prior to uninstalling a Plug and Play device, Joseph must use either the Add/Remove Hardware wizard or Device Manager to notify a Windows 2000 that he wants to remove the device. Once he has notified Windows 2000 that the device is to be removed, the drivers for the device will not be loaded when he starts the computer. In Windows 2000, system configuration information is located in the registry. This simplifies the administration of a computer or network; however, an incorrectly edited registry can disable the operating system. It is therefore not recommended that we edit the registry 32. Sarah is the administrator for a company called Espen Industries. Espen Industries has its headquarters located in Cleveland and branch offices in Cincinnati, Pittsburgh and Philadelphia. Espen Industries has a Windows 2000 domain named espen.local. Sarah organizes the various offices into separate Organizational Units (OUs) as shown in the exhibit. Sarah configures the Local Security Options and other settings for the Default Domain Policy Object. She the enables a local security option policy to display a logon message each time a user attempts to log on to the domain. Bernadette, an administrator of the Pennsylvania OU wants to configure a different logon message for the Pittsburgh OU without changing the other Local Security Options. What should Bernadette do? Answer: Create a new Group Policy Object (GPO) in the Pittsburgh OU with the appropriate logon message. Enable policy inheritance for the new GPO. Explanation: In this scenario, a GPO that includes local security option is linked to the domain. The administrator of the Pennsylvania OU wants a different logon message for the Pennsylvania OU. A new GPO should thus be created and linked to the Pennsylvania OU and not the Pittsburgh OU. This GPO should be configured with the appropriate logon message. No further action is necessary as the OU GPO will override the Domain GPO. The new GPO should not be configured to block policy inheritance as no configuration from the Domain GPO would then be applied to the Pennsylvania OU 33. Martin is the administrator for a medium sized manufacturing company called Dynachem Industries. As Dynachem Industries is in the process of expanding its Windows 2000 network, Martin has been instructed to install 12 new Windows 2000 Server computers. Martin wants to create an Answer File and a Uniqueness Database File to automate the installation of Windows 2000 Server computers. He also wants to install the Recovery Console on each of the computers. What should Martin do? Answer: Specify the /cmdcons parameter switch with the winnt32.exe command.
Explanation: The Recovery Console can either be installed on an existing Windows 2000 computer by running winnt32.exe with the /cmdcons parameter switch from within the Windows 2000 operating system; or it can be installed as part of the installation of Windows 2000. If Windows 2000 is to be installed by means of an automated Answer File, the winnt32.exe /cmdcons command can be included in the cmdlines.txt file in a distribution point or it can be included it in the GUIRunOnce section of the Answer File. The /cmdcons parameter switch however cannot be specified with winnt.exe as winnt.exe does not support the /cmdcons parameter switch. Instead, winnt.exe supports a /e parameter switch with the cmdcons option. This specifies that the cmdcons command should be executed at the end of the Windows 2000 Installation Setup's GUI mode. The Recovery Console cannot be specified in the Components section of an answer file or in a Uniqueness Database File 34. James is the administrator for a medium sized company called Axion Importers. The company purchased a new computer and instructs James to install Windows 2000 Server on it. James successfully boots the computer from the Windows 2000 Server Installation CD. However, when he tries to start the installation process, he receives an error message and the installation fails. James needs to install Windows 2000 Server on the computer as soon as possible. What should he do? Answer: Restart the computer from the Windows 2000 Server Installation CD and, when prompted, provide a Hardware Abstraction Layer (HAL) file supplied by the computer manufacturer.
Explanation: If the computer's CD-ROM or BIOS does not support booting from a CD-ROM, then James can start the installation process by using either the Windows 2000 Setup floppy disks or a bootable MS-DOS or Windows 9x floppy disk to boot the system, load the CD-ROM driver and then start the Windows 2000 Server installation process. However, in this scenario, James was able to start the computer from the Windows 2000 Server Installation CD. It is therefore not necessary to start the computer from a bootable floppy disk. In this scenario, however, James was not able to initiate the installation program. The most likely explanation for this failure is that the computer has specialized hardware that requires a proprietary Hardware Abstraction Layer (HAL) file. If the computer's manufacturer has supplied a floppy disk with the HAL file, then James should press F5 at the beginning of the installation process, insert the floppy disk in the floppy disk drive and follow the on-screen instructions to install the HAL file. Formatting the hard drive with the NTFS file system would not solve the problem as the hard drive does not need to be formatted before the installation is performed, it can be formatted during the installation process 35. Angela is hired as the network administrator for a new company called Beka & Co. Beka & Co does not have a network infrastructure currently. They purchase 8 new computers. All the computers support booting from the CD-ROM and all their hardware devices are on the hardware compatible list. Angela is instructed to install Windows 2000 Server on the computers. Angela automates the installation of Windows 2000 Server computers by creating an Answer File and a Uniqueness Database File. Angela, however only has one Windows 2000 Server Installation CD. She must thus perform the installation one at a time, but once the installation starts, Angela 15
wants it to proceed automatically without any user intervention. What must she do? Answer: Create a MS-DOS bootable floppy disk that contains a driver for the CD-ROM drive, the Answer File and the Uniqueness Database File. Boot the computer from the floppy disk, load the CDROM driver and to start the installation from the Windows 2000 Server Installation CD.
Explanation: Windows 2000 provides several deployment tools that can be used to install Windows 2000 on multiple computers. One method is using an Answer file and a Uniqueness Database File 36. Terri is the administrator for a company called Creda Incorporated. Creda Incorporated has its headquarters located in Los Angeles and branch offices located in Phoenix, Albuquerque, San Francisco and Salt Lake City. Creda Incorporated has a Windows 2000 network. None of its branch offices are directly connected to headquarters but communicate with the network at headquarters via the internet. The company purchases 12 identical computer systems and instructs Terri to install three of computers in each of the four branch offices. The computers are to be configured as Windows 2000 file servers. All 12 computers will have the same applications installed on them. The administrators of the various branch offices will provide the appropriate user and network-specific data. Terri must perform the installations as quickly as possible. What should she do? Answer: Use the Sysprep tool to preinstall Windows 2000 on the 10 computers. Explanation: The Sysprep tool can be used to prepare an existing installation of Windows 2000 on a master computer for a Mini-Setup. The necessary applications can be installed on a sample computer. Terri can then run Sysprep to prepare an image of the hard disk contents that mus t be used on the target computers. The system disk can be duplicated and thereafter installed on the target computers via the sample computer 37. Theodore is the administrator for a small company called First Distribution. First Distribution has a Windows NT 4.0 domain that contains a PDC and various BDCs on a single network sector. Theodore wants to upgrade one of the BDCs to Windows 2000. He also wants to create a root domain in a new Active Directory forest. All user accounts, group memberships and associated access permissions would be migrated to the new domain. What should Theodore do before proceeding with the upgrade? Answer: Promote the BDC to a PDC Explanation: Theodore can perform a clean installation of Windows 2000 Server on any computer that meets the minimum hardware requirements for Windows 2000. However, to be able to move user accounts, group memberships and permissions to Windows 2000, Theodore would have to upgrade the existing Windows NT domain. The first computer that he should upgrade is a PDC of that domain. In this scenario, Theodore wants to first upgrade a BDC. He should therefore promote the BDC to a PDC before he can proceed with the upgrade
38. Pierre is the administrator for a small company called Sanlam. The company's CEO uses a computer that is configured to dual-boot between Windows NT Workstation 4.0 and Windows 98. Pierre wants to upgrade the computer from Windows NT Workstation 4.0 to Windows 2000 Professional but does not want to affect the Windows 98 operating system that is installed on the computer. What should Pierre do? Answer: Boot the computer to Windows NT Workstation 4.0. Then run the Winnt32.exe command on the Windows 2000 CD from within the Windows NT environment. Explanation: To upgrade Windows NT Workstation 4.0 to Windows 2000 Professional, Pierre should run the Winnt32.exe command from within the Windows NT installation. Should Pierre boot the computer from the Windows 2000 CD or from a Setup floppy disk, he would have the choice of performing a clean installation or repair a damaged installation. He would not have the option to perform an upgrade 39. Ben is the administrator for a company called ICAP Solutions. The ICAP Solutions network contains a printer device that is attached to a UNIX print server with the IP address 192.168.166.32. The name of the print queue is PrintHP. The UNIX computer uses the Line Printer Daemon (LPD) service to allow patrons to print to the printer by using the LPR protocol. Ben wants all Windows 2000 users on the network to print to that print device. He thus installs Print Services for UNIX on one of the Windows 2000 Server computers. What should Ben do next? Answer: Install a local printer on a new LPR port. Specify the IP address of the server providing LPD as 220.127.116.11 and the name of the print queue on the server as PrintHP. Explanation: UNIX computers run the LPD service. These services accept print jobs from print clients that use the LPR utility to connect to LPD. When Ben installs these print services on a Windows 2000 Server computer it can operate as a print server to provide Microsoft- based client computers with access to UNIX-based print devices. After installation of the local printer on the windows server he should specify that the printer is using the new LPD port. On the LPR port that he creates, he must state the IP address of the LPD server as 192.168.0.10 and print queue as PrintHP 40. Carl is the administrator for a company called Zontrix. Zontrix has a heterogeneous network that consists of three Windows 2000 Server computers, ten UNIX computers and 100 Windows 2000 Professional computers. A printing device is attached to one of the UNIX computers. Carl wants to enable all the Windows 2000 Professional client computers to print to that device. He wants to accomplish the job in the most efficient and economical manner. What should Carl do? answer : Install Print Services for UNIX on a Windows 2000 Server print server. Install an LPR port on a Windows 2000 Server print server
Explanation: To enable Windows 2000 users to print to the printing device on a UNIX print server, Carl must install a printer for the print device on a Windows 2000 Server print server and share the printer. On the Windows 2000 Server print server he will have to install Print Services for UNIX. He must install a LPR-compliant port the appropriate printer on the LPR port and then share the printer 41. Alfred is the administrator for a company called Lantech Ltd. Lantech Ltd has Windows 2000 network that contains five print devices. The company purchases two new print devices that are to be used only by the company's executives. Alfred installs and configures printers for the new print devices. Each printer is installed on a separate print server and controls a separate print device. Both of the new printers belong to the same Windows 2000 domain and site. Alfred must monitor the use the new print devices to ensure that only the company's executives print to the new print devices. What should he do? Answer: Move the print servers into the same organizational unit and enable auditing of object access in a Group Policy for the organizational unit. Explanation: To be able to keep track of the printer usage, Alfred must enable auditing in the Properties page of every printer and enable auditing of object access in a security policy that applies to every print server. He can then specify which users' access he wants to audit and what events he wants recorded in the security log on the print server. The best way to enable auditing of object access in an applicable policy is to place the new print servers into an existing or newly created OU, then create a Group Policy for the OU and enable auditing in that Group Policy 42. Lionel is an administrator for a company called IC Projects. IC Projects has purchased a new print device that is to be used by company executives only. The executives will print confidential documents on the new print device. Lionel installs the print device in a secure location. He then installs the printer on a Windows 2000 print server. Lionel assigns the appropriate permissions and enables auditing of successful and failed attempts to print and to manage documents for the Everyone group. He tests the printer and discovers that the security log on the print server does not contain any entries related to access to the printer. What is the most likely reason why the audit event records do not appear in the local security log? Answer: The auditing has not been enabled in the appropriate Group Policy. Explanation: To make sure that the access to the printer is audited and the corresponding events recorded, Lionel must turn on auditing on the Security tab of the printer's Properties Page. He must also remember to enable auditing in the appropriate Group Policy 43. Ben is the administrator for a company called ICAP Solutions. The ICAP Solutions has a Windows 2000 Server computer named SRV09. SRV09 is equipped with a SCSI hard disk on which the system and boot partitions are located. The SCSI adapter is not on the Windows 2000 HCL. Ben is using the driver that has been supplied by the manufacturer. He finds a latest driver for the SCSI adapter on the manufacturer's Web site and downloads it. Ben installs the driver for the SCSI adapter on SRV09. However, he reboots the computer he receives a stop screen with a message that
states that the boot device is inaccessible. Ben needs to resolve the problem. What should he do first? Answer: Reboot the system and specify Last Known Good Configuration. Explanation: There are times when installing what appears to be the correct driver for a hardware device causes the device to stop running. When a new driver prevents the computer from booting, the first step that Ben should do is to specify Last Known Good Configuration from the Windows 2000 Advanced Options Menu. This appears automatically when he attempts to reboot the system after a system failure 44. Carl is the administrator for a company called Zontrix. He installs a new SCSI controller to support additional hard disk drives on a Windows 2000 computer. The SCSI controller is not listed in the Windows 2000 HCL. Carl installs the SCSI controller and reboots the computer. Windows 2000, however, does not automatically detect the new device. Carl needs to install the driver for the new SCSI controller and make the device functional. What should he do? Answer: Use the Add/Remove Hardware wizard to add the new device Explanation: If the new SCSI controller was PnP-compliant, Windows 2000 would automatically detect it and install the appropriate drivers for it. If the device is not on the Windows 2000 HCL or if Windows 2000 cannot recognize the device, the Add/Remove Hardware wizard should be used 45. Carlo is the administrator for a new company called Kaplan Incorporated. Approximately 100 employees at Kaplan Incorporated work form remote locations. These employees currently connect to the corporate network via the internet. Carlo thus sets up a Windows 2000 Server computer named SRV03 for remote dial-in access. He installs two legacy modems on the computer but notices that both modems are not working. Carlo opens the Properties pages in Device Manager and notices that both modems are configured to use IRQ 4. Carlo then checks the computers hardware configuration for an unused IRQ and notices that IRQ 5 is available. He now wants to resolve the problem. What should Carlo do? Answer: Reset the jumpers on the modems to configure it to use IRQ5.
Explanation: Windows 2000 complies with the Plug and Play (PnP) standard that supports automatic resource allocation for PnP-compliant hardware devices. Non-PnP devices, such as legacy devices, should be configured manually to use specific system resources. The configuration is usually done by setting jumpers on the card or by running a special MS-DOS-based setup program that are supply with the device 46. Angelo is the administrator for a company called Saxon Investments. He accidentally deletes a Registry key while editing the Registry on a Windows 2000 computer. The computer no w freezes before the logon screen appears. Angelo wants to start the computer but wants to lose as little as possible of the configuration changes that were made to the computer. The most recent System State data backup was performed a week ago. What should Angelo do? 19
Answer: Specify Last Known Good Configuration when the computer reboots. Explanation: Angelo can select Last Known Good Configuration from the Windows 2000 advanced options menu when Registry changes prevent the computer from starting. When the System State Data is backed up the Registry is backed up to %systemroot%\Repair\Regback folder 47. Alexander is the administrator for a company called MNR Solutions. MNR Solutions has its headquarters located in Anchorage and a branch office located in Fairbanks. The company's network consists of two Windows 2000 domains. One domain is in headquarters and the other is in the branch office. At night all Domain Controllers are backed up locally by using Windows 2000 Backup. The backups are then copied to tape. After completion the tapes are physically moved to headquarters. The hard disk on a Domain Controller in the branch office fails. Alexander replaces the failed hard disk and must now recover the failed Domain Controller as quickly as possible and with the least amount of administrative effort. What should Alexander do? Answer: Deliver the tape with the appropriate backup from headquarters to that in the branch office. Explanation: After replacing the failed hard disk on the damaged Domain Controller in the branch office, Alexander should install Windows 2000 Server. During installation of the operating system the backup tape is transported to the branch office. The backup tape then used to completely restore the information on the hard disk. The backup tape will restore the Domain Controller in the branch office to its former condition 48. Anthony is the administrator for a company called Sentrasure Investments. Sentrasure Investments has a Windows 2000 file server that hosts home directories of several hundred users. The files are extensively written to and deleted on the computer's hard disk. This results in frequent and excessive fragmentation. Anthony is instructed to perform the defragmentation prematurely. He needs to determine whether he should run the defragmentation utility on the computer's hard disk. What command should Anthony use? Answer: Analyze in Disk Defragmenter. Explanation: To determine whether he should run defragmentation without actually starting the defragmentation process, Anthony should click Analyze in Disk Defragmenter 49. Allen is the administrator for a company called Glomail. Glomail has a network that contains a Windows 2000 Server computer named SRV05 that is used as a file server. SRV05 has two physical hard disks. The operating system is installed on one disk and the users' home directories on the other disk. Users do not maintain their files properly; their home folders become filled with old unused documents. The Outlook personal folder files are not compressed regularly. Because of this Allen had to upgrade the second disk to a larger one. He now wants to ensure that the new disk does not get filled with old unused documents. What should Allen do? Answer: Enable quotas on the disk where the users' home directories reside.
Explanation: Allen must implement quotas on the volume on which the users' home directories reside. That is if the company authorizes him to implement the disk quotas. An advance notice is issued to the users and then Allen can truncate those home directories that exceed the quota limit that he is going to implement 50. Basil is the administrator for a company called Aztec Merchandise. A Windows 2000 Server computer is being set up to be used to run a custom scientific application. This application will perform high-volume calculations and will require huge amounts of disk space for storing the temporary files. Basil has four 50-GB physical disks for storing the temporary files. He wants to configure the disks for maximum disk storage while ensuring the best performance. What should Basil do? Answer: Implement a striped volume. Explanation: Only a spanned volume and a striped volume use all of the available space on multiple disks. A spanned volume consists of multiple simple volumes that are located on one or more disks. A striped volume can be created on two or more physical disks by using pieces of unallocated space of identical size across all disks