MCSE Core Required Exams in a Nutshell

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Exam 70-290: Managing and Maintaining a Microsoft Windows Server 2003 Environment is designed to cover the skills necessary to perform most day-to-day administration tasks. Before you begin studying for this exam, you should have extensive hands-on experience with general Windows Server 2003 administration, including management of disks, hardware devices, shared folders, and printers. You should also have a detailed understanding of configuring local, roaming, and mandatory user profiles; managing users, computers, and groups; and working with filesystem permissions and changing file ownership.

Troubleshooting and monitoring are major parts of the exam. Many troubleshooting skills are tested, including the ability to solve user and computer account issues, user authentication problems, and remote access issues. You'll need to be able to monitor server hardware using Device Manager and Control Panel utilities, and the Hardware Troubleshooting wizard. You'll also need to demonstrate skill with regard to monitoring system and application performance, server optimization, and disaster recovery.

The exam covers some not-so-routine tasks as well. For example, you'll need to be able to manage software site licensing and software update infrastructure. You'll also need to be able to resolve Terminal Services security and Terminal Services client access issues. In many large enterprises, these tasks are handled by dedicated help desk staff rather than by individual administrators.

Some of the most common problem areas for people taking the exam have to do with:

Automation: Microsoft really wants administrators to do more with the command line. You are expected to know key command-line tools as thoroughly as you know key GUI tools.
Optimization: The ability to optimize server and application performance is a skill that's best learned through real-world practice. You need a strong understanding of the performance objects used in optimization and how to use them to resolve bottlenecks.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Manage basic disks and dynamic disks.
Monitor server hardware. Tools might include Device Manager, the Hardware Troubleshooting Wizard, and appropriate Control Panel items.
Optimize server disk performance.
- — Implement a RAID solution.
- — Defragment volumes and partitions.
Install and configure server hardware devices.
- — Configure driver signing options.
- — Configure resource settings for a device.
- — Configure device properties and settings.

See "Managing and Maintaining Physical and Logical Devices" on page 12.

Manage local, roaming, and mandatory user profiles.
Create and manage computer accounts in an Active Directory environment.
Create and manage groups. ^X
- — Identify and modify the scope of a group. ^X
- — Find domain groups in which a user is a member. ^X

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This chapter provides a study guide for Exam 70-290:Managing and Maintaining a Microsoft Windows Server 2003 Environment. Sections within the chapter are organized according to the exam objective they cover. Each section identifies the related exam objective, provides an overview of why the objective is important, and then discusses the key details you should know to both succeed on the test and master the objective in the real world.

The major topics covered on Exam 70-290 are:

Managing and Maintaining Physical and Logical Devices: Designed to test your knowledge of standard disk configurations involving both basic disks and dynamic disks. Also covers hardware devices and monitoring hardware devices.
Managing Users, Computers, and Groups: Designed to test your knowledge of the many types of accounts used on Windows networks, including user accounts, computer accounts and group accounts. Also covers user authentication and user profiles.
Managing and Maintaining Access to Network Resources: Designed to test your knowledge of access permissions and shared folders. Also covers Terminal Services security and client access.
Managing and Maintaining a Server Environment: Designed to test your knowledge of general administration, it is very much a catch-all objective for routine administration tasks. Also covers Internet Information Services (IIS) management and security.
Managing and Implementing Disaster Recovery: Designed to test your knowledge of both disaster preparedness and disaster recovery procedures. Also covers shadow copies.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The essential administration tools every administrator must master are:

AdminPak
Support Tools
Microsoft Management Console (MMC)
Remote Desktop for Administration
Remote Assistance

The administrative tools available on your system depends on its configuration. As services are added to a system, the tools needed to manage those services are installed. If you manage systems remotely, these same tools might not be available. To ensure you have a consistent tool set, you should install the Windows Server 2003 Administration Tools (AdminPak) on systems you use for administration by completing the following steps:

After you log on to the system using an account with administrator privileges, insert the Windows Server 2003 CD-ROM into the CD-ROM drive.
When the Autorun screen appears, click Perform Additional Tasks, and then click Browse This CD to start Windows Explorer.
Double-click I386, and then double-click Adminpak.msi to install the complete set of Windows Server 2003 management tools.

The AdminPak tools can be accessed from the command line and from the Administrative Tools menu.

In addition to the AdminPak, you'll want to install the Windows Server 2003 Support Tools on systems you use for administration. The Windows Server 2003 Support Tools extend the core set of administration tools to include additional useful utilities and commands that can be used for administration.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Server systems have both physical and logical devices. Physical devices include all hardware devices connected to or configured within the server system, and include sound cards, video cards, memory, system bus, disk controllers, and physical disks. Logical devices are used to abstract the physical components of hardware devices and represent them in a way that is more manageable. The primary logical devices you'll work with are logical volumes, which are the basic unit of disk storage that you can configure and manage.

Hardware devices installed on a computer communicate with Windows Server 2003 using software device drivers. For a hardware device driver to work properly, the appropriate device driver variant must be installed, the resource settings for the device must be configured appropriately, and the device properties must be set correctly. In most cases, hardware manufacturers will provide a device driver for the hardware device. Windows Server 2003 includes an extensive library of device drivers.

Section 2.2.1.1: Understanding Plug-and-Play and Non-Plug-and-Play devices

Two basic types of hardware drivers are used on Windows systems:

Plug-and-Play (PnP)
Non-Plug-and-Play (Non-PnP)

Most Windows-compatible devices support PnP. PnP allows Windows to detect and install a hardware device automatically either from the library of device drivers maintained by Windows or from a manufacturer-supplied device driver. If a device is detected and there is no device driver, Windows will prompt you to specify the location of the device driver.

In most cases, non-PnP devices are not detected automatically after installation and must be manually installed using the Add Hardware Wizard, which is accessible in the Control Panel and from the Hardware tab of the System utility.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Windows computers can be organized into the following:

Domains: Active Directory is used to provide directory services for computers and resources, such as users, computers, and groups. They are all represented as objects that are stored in the directory on domain controllers. The primary tool for working with users, computers, and groups in domains is Active Directory Users And Computers.
Workgroups: Each local computer stores details on users and groups in the Security Accounts Manager (SAM) database. The primary tool for working with local users and local groups in workgroups is the Local Users And Groups snap-in, which is installed by default in the Local Users And Groups console (lusrmgr.msc) and in the Computer Management console (compmgmt.msc).

Managing domain accounts for users, computers, and accounts is a key part of most administrator's job and an important part of the 70-290 exam. Knowing troubleshooting techniques for accounts is also essential.

Exams 70-290, 70-291, 70-293, and 70-294 (and by association Exams 70-292 and 70-296) all expect you to have familiarity with Active Directory. Exam 70-294 (70-296 for those upgrading their certification) is where the detailed knowledge of Active Directory is tested. If you are unfamiliar with the concepts of domains, domain trees, domain forests, and how objects are stored within Active Directory, you should review the introductory materials provided at the beginning of the Exam 70-294 study guide in this book before continuing.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Network files and folders are one of the primary resources administrators have to manage and maintain. Files are shared over the network by configuring shared folders. Access to shared folders is managed using share permissions and filesystem permissions. While share permissions provide the top-level access controls to the files and folders being shared, filesystem permissions ultimately determine who has access to what. The two levels of permissions for shared folders can be thought of as a double set of security doors. Share permissions open the outer security doors so that specific groups of users can access a particular shared folder. Filesystem permissions determine access to the inner security doors on individual files and folders within the shared folder.

Users access files stored on Windows servers using shared folders. There are two general types of shares: standard and web. Standard shares are used to access folders over a network. Web shares are used to access folders over the Internet.

Section 2.4.1.1: Configuring access to shared folders

When a user needs to access shared files and folders over the network, he uses standard shared folders. All shared folders have a folder path and a share name. The folder path sets the local file path to the shared folder. The share name sets the name of the shared folder. For example, the user might want to share the folder C:\userdata as UserDirs.

All shared folders have a specific set of permissions. Share permissions grant access directly to users by account name or according to their membership in a particular group, and are applied only when a folder is accessed remotely.

One of three levels of share permissions can be granted to a user or group:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Managing and maintaining a server environment encompasses many aspects of administration. Because server performance can degrade over time, you need to:

Routinely monitor events in Event Viewer
Periodically monitor and optimize system performance
Periodically monitor and optimize servers for application performance

Beyond the essential monitoring that may be required for maintenance, you'll also need to manage the essential infrastructure, including any web servers, print queues, software licensing, and software updates. By closely watching essential services, queues, and infrastructure, you ensure that the server environment continues to operate as expected.

Windows Server 2003 includes a set of logfiles that are used to record system events of various types. If you suspect a system has a problem, the event logs should be the first place you look to diagnose the problem.

Section 2.5.1.1: Understanding the event logs

All Windows Server 2003 systems have three general purpose logs:

Application: Contains events logged by Windows applications and printers configured on the system.
Security: Contains events related to security auditing. Only the events configured for tracking are logged. Accessible only to administrators by default. Grant others as necessary.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Every organization should have a comprehensive disaster recovery plan with regular system backups as an essential part of that plan. The goal of disaster recovery planning should be to help you recover systems and data in a timely manner in a way that meets the organizational needs and expectations. Without proper disaster planning, you will not be able to recovery data and systems if disaster strikes.

Every organization's disaster recovery plan will be slightly different. At a minimum, the plan should focus on:

Using backups to protect against data loss
Using shadow copies to protect against data loss
Recovering from server hardware failure
Recovering from operating system failure

Before you try to recovery a system from backup or using ASR, you should try other recovery techniques. Start by repairing or replacing failed hardware. If you are using software RAID, use the techniques discussed earlier in this chapter in "Implementing RAID Solutions" to restore RAID-1 or RAID-5 configurations. In the case of a improper configuration or invalid driver, you may be able to recover the system from hardware failure by following the techniques discussed previously in "Troubleshooting Hardware Devices." If you find that Last Known Good Configuration and Safe Mode startup do not work, you can attempt to recover the system using the Recovery Console. When these other recovery techniques fail, you can attempt to use an ASR disk or perform a complete recovery of the system from backup.

The Backup utility supports five backup types:

Normal

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The material in this chapter is designed to help you prepare and practice for Exam 70-290. The chapter is organized into four sections:

Preparing for Exam 70-290: This section provides an overview of the types of questions on the exam. This is useful for helping you understand how the actual exam works.
Exam 70-290 Suggested Exercises: This section provides a numbered list of exercises that you can follow to gain experience in the exam's subject areas. This is useful for helping to ensure you have hands-on experience with all areas of the exam.
Exam 70-290 Highlighters Index: This section compiles the facts within the exam's subject areas that you are most likely to need another look at—in other words, the areas of study that you might have highlighted while reading the Study Guide. This is useful as a final review before the exam.
Exam 70-290 Practice Questions: This section includes a comprehensive set of practice questions to assess your knowledge of the exam. The questions are similar in format to the exam. After you've reviewed the Study Guide, performed the Suggested Exercises, and studied the Highlighters Index, read the questions and see if you can answer them correctly.

Before you take Exam 70-290, review the exam overview, perform the suggested exercises, and go through the practice questions provided. Many online sites provide practice tests for the exam. Duplicating the depth and scope of these practice exams in a printed book isn't possible. Visit Microsoft's Certification site for pointers to online practice tests (

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Exam 70-290 is a computer-generated exam. The exam is timed, and the amount of time remaining on the exam is displayed by an onscreen timer clock. Most questions on the exam are multiple choice. Multiple choice questions are either:

Multiple-choice, single answer: A radio button allows you to select a single answer only.
Multiple-choice, multiple answer: A checkbox allows you to select multiple answers. Usually the number of correct answers is indicated in the question itself.

Typically, the test environment will have Previous/Next and Mark For Review options. You can navigate through the test using the Previous/Next buttons. You can click the Mark For Review checkbox to flag a question for later review.

Other formats for questions are used as well, including:

List prioritization: Pick the choices that answer the question and arrange the list in a specified order. Lists initially appear on the right side, and you have to click << ADD to add them in the correct order to the list on the left side. For example, you might have to list system recovery steps in priority order.
Hot area: Indicate the correct answer by clicking one or more areas of the screen or dialog box provided with the question. For example, you might see a list of users in Active Directory Users And Computers and have to click on the account or accounts that are disabled.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Exam 70-290 expects you to know how to manage and maintain a Windows Server 2003 environment. You'll need plenty of previous hands-on experience to pass the exam. You'll need to review the study guide closely—especially any areas with which you are unfamiliar. This section provides a numbered list of exercises that you can follow to gain experience in the exam's subject areas. Performing the exercises will be useful for helping to ensure you have hands-on experience with all areas of the exam.

Although you can study for the exam using Windows Server 2003 on a single computer, I recommend setting up a test network with at least two computers: a server running Windows Server 2003 acting as a domain controller and a workstation running Windows XP Professional from which you perform most administration. Some of the exercises in this section require two computers on a network.

In addition to performing the exercises below, you should also have experience using each of the Windows Server 2003 administrative tools described in the Study Guide.

Configure a server so that it can be remotely managed using Remote Desktop.
Open the Remote Desktop Connection client, and then click Options.
Establish a remote session with the computer from a workstation or another server.

Configure a server so that it can send Remote Assistance requests.
While logged on to the server, ask for remote assistance.
Accept the remote assistance request on another computer.
Access the remote server and give assistance.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Here I've attempted to compile the facts within the exam's subject areas that you are most likely to need another look at—in other words, the areas of study that you might have highlighted while reading the Study Guide. The title of each highlighted element corresponds to the heading title in the Exam 70-290 Study Guide. In this way, if you have a question about a highlight, you can refer back to the corresponding section in the study guide.

For the most part, the entries under a heading are organized as term lists with a Windows Server 2003 feature, component, or administration tool as the term and the key details for this feature, component, or administration tool listed next. Here are examples:

AdminPak

Only tools needed to manage installed components and services are installed by default.
Install AdminPak to ensure you have a consistent tool set.
Installed from I386\AdminPak.msi on the Windows Server 2003 CD.

Support Tools

Extend the core set of administration tools.
Include additional useful utilities and commands.
Installed from Support\Tools\Suptools.msi on the Windows Server 2003 CD.

In this example, the highlights are for AdminPak and Support Tools. The entries under the listed term summarize key information that you should know about AdminPak and Support Tools—and are possibly the same details you might have highlighted as part of your exam prep. Since I've done the highlighting for you though, you don't need to get out your highlighting markers or mark up the pages (unless of course you really want to).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Which of the following are valid modes for MMC?
1. Edit
2. Author
3. Normal
4. User
Answers B and D are correct. Author mode allows you to create and make changes to consoles. User mode allows you to access consoles and use their features.
What is the default TCP port for remote administration using Remote Desktop for Administration?
1. Port 80
2. Port 8080
3. Port 369
4. Port 3389
Answer D is correct. If the computer is running a firewall, TCP port 3389 must be opened to allow remote access.
How many simultaneous connections are possible using Terminal Services in Remote Desktop for Administration mode?
1. 2 concurrent
2. 2 but not simultaneously
3. 4 concurrent
4. 4 but not simultaneously
Answer A is correct. Each server configured with Remote Desktop for Administration can have up to two concurrent connections.
Sarah's computer is running Windows Server 2003. Sarah, a junior administrator, frequently has difficulty performing administration tasks. Ed, as the administrator spends several hours a week helping to resolve Sarah's issues. Rather than going to Sarah's workspace to resolve problems, Ed should:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Exam 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure is designed to cover the skills necessary to manage the internal and external networking needs of a medium to large organization. Although you certainly do not need to be Cisco certified—i.e., a CCNA or CCNE—to pass this exam, a strong understanding of network architecture and TCP/IP networking is essential to your success. Consider these areas as the essential background details that, although not specifically tested, will make or break your exam.

The exam itself focuses on measuring your Microsoft networking skills. You need to know how to configure and troubleshoot TCP/IP addressing. You need to know DHCP and DNS in extensive detail. With DHCP, the ability to configure and manage leases, relays, reservations, and scopes are all part of the core skills measured. You'll also need to be able to diagnose and resolve issues related to incorrect configurations of TCP/IP, DHCP, and Automatic Private IP Addressing (APIPA). With DNS, everything from installation to configuration, management, and monitoring is covered. You'll need to know how to configure zones, forwarding, and server options, and be able to use monitoring to troubleshoot DNS issues.

Other areas of the exam cover network security, routing, and remote access. Both basic and advanced skills are tested, including IP connectivity, remote access management, TCP/IP routing, and IP security (IPSec).

Some of the most common problem areas for people taking the exam have to do with:

Network security: Requires creating and working with security templates as well as monitoring security compliance. You need to have very good knowledge of how Security Configuration Management is used and what happens when security templates are applied.
Network protocol security

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Configure TCP/IP addressing on a server computer.
Manage Dynamic Host Configuration Protocol (DHCP).
- — Manage DHCP clients and leases.
- — Manage DHCP Relay Agent.
- — Manage DHCP databases.
- — Manage DHCP scope options.
- — Manage reservations and reserved clients.
Troubleshoot TCP/IP addressing.
- — Diagnose and resolve issues related to Automatic Private IP Addressing (APIPA).
- — Diagnose and resolve issues related to incorrect TCP/IP configuration.
Troubleshoot DHCP.
- — Diagnose and resolve issues related to DHCP authorization.
- — Verify DHCP reservation configuration.
- — Examine the system event log and DHCP server audit logfiles to find related events.
- — Diagnose and resolve issues related to configuration of DHCP server and scope options.
- — Verify that the DHCP Relay Agent is working correctly.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This chapter provides a study guide for Exam 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure. Sections within the chapter are organized according to the exam objective they cover. Each section identifies the related exam objective, provides an overview of why the objective is important, and then discusses the key details you should know about the objective to both succeed on the test and master the objective in the real world.

The major topics covered on Exam 70-291 are:

Implementing, Managing, and Maintaining IP Addressing: Designed to test your knowledge of static, automatic private, and dynamic IP addressing. Also covers configuration and management of Dynamic Host Configuration Protocol (DHCP).
Installing, Configuring, and Managing DHCP: Designed to test your knowledge of configuring and managing DHCP servers.
Implementing, Managing, and Maintaining Name Resolution: Designed to test your knowledge of name resolution using Domain Name System (DNS).
Implementing, Managing, and Maintaining Network Security: Designed to test your knowledge of network security. Focuses on using security templates and network protocol security monitoring.
Implementing, Managing, and Maintaining Routing and Remote Access: Designed to test your knowledge of remote access, remote access authentication, and TCP/IP routing. Also covers secure access between private networks.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

For computers to communicate on a network, they must be configured with a communications protocol. Transmission Control Protocol/Internet Protocol (TCP/IP) is the primary communications protocol used by networked Windows computers. TCP/IP is a protocol suite, consisting of two separate protocols:

TCP: A connection-oriented protocol for end-to-end communications.
IP: An internetworking protocol for routing packets over a network.

During installation of Windows XP Professional or Windows Server 2003 computers, TCP/IP is automatically configured if the operating system detects a network adapter.

The default configuration for both Windows XP Professional and Windows Server 2003 computers is to automatically obtain an IP address from a DHCP server. IP addresses automatically obtained from a DHCP server are referred to as dynamically assigned IP addresses , or simply, dynamic IP addresses . Two other types of IP addresses are used:

Static IP addresses: Addresses manually assigned to computers. Although some types of servers, including DHCP servers, require static, IP addressing most other servers can use either static or dynamic IP addressing.
Automatic private IP addresses (APIPA): Addresses used when a computer is configured for DHCP but no DHCP server is available. APIPA is also used when a DHCP IP address expires and cannot be renewed.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Dynamic Host Configuration Protocol (DHCP) is an essential network infrastructure component. By default, Windows XP Professional and Windows Server 2003 computers use DHCP to obtain their network settings for TCP/IP and DNS. Through DHCP, you can manage the assignment of:

IP addresses
Subnet masks
Defaults gateways
Preferred and alternate DNS servers
WINS servers
Extended TCP/IP options

Not only does dynamic configuration of IP addressing and other network settings free administrators from having to perform manual configurations on each computer in the organization, it also makes long-term management of these computers easier by centralizing and automating network configuration management. Using DHCP, you can update the network configuration of any dynamically configured computer simply by making the appropriate setting changes on your organization's DHCP servers. In contrast, with manual configuration, you must change the network configuration settings on each individual machine.

DHCP is a client/server technology. Any computer configured to dynamically obtain its network configuration settings is considered to be a DHCP client. A computer that provides DHCP services to a client is referred to as a DHCP server. DHCP servers assign IP addresses to clients for a specific period of time known as the lease duration. The default lease duration is eight days. Clients with active leases must renew their leases periodically.

For clients that might need to have permanent leases, you can create a reservation on a lease by specifying the IP address to reserve and the MAC address of the computer that will hold the reserved IP address. Thereafter, the client with the specified MAC address will use the IP address designated in the reservation.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

When you install a computer, you assign the computer a name, which is used as the computer's NetBIOS name and as the computer's DNS hostname. On Windows NT 4.0 networks, WINS is used to resolve NetBIOS names. On networks running Windows 2000 and later computers, DNS is used to resolve DNS hostnames. With DNS, computers are grouped by name with domains. Domains establish a hierarchical naming structure so a computer's place within the domain structure can be determined.

In a standard configuration, a computer's fully qualified domain name (FQDN) is its hostname combined with the related domain name. For example, the FQDN for the computer FileServer81 in the WilliamStanek.com domain is FileServer81.WilliamStanek.com.

Since domain structure is hierarchical, domains can have subdomains. For example, the WilliamStanek.com domain might have Tech and Eng subdomains. The computer Workstation82 in the Tech domain would have a FQDN of Workstation82.Tech.WilliamStanek.com. The computer TestServer21 in the Eng domain would have a FQDN of TestServer21.Eng.WilliamStanek.com.

DNS uses client/server architecture. Any computer that uses DNS for name resolution is a DNS client. A computer that provides DNS name resolution services to a client is referred to as a DNS server. For name resolution to work properly, both DNS clients and DNS servers must be configured appropriately.

When the network is not fully configured for DNS name resolution, you might need NetBIOS name resolution. NetBIOS is also required for some applications such as the Computer Browser service. NetBIOS is enabled by default in Windows Server 2003.

For clients to use DNS, the client must have an appropriate computer name and a properly configured primary DNS suffix. The computer name serves as the computer's hostname. The computer's primary DNS suffix determines the domain to which it is assigned for name resolution purposes. DNS clients can dynamically update their own records and also cache query responses. The DNS Client service, also known as Resolver, is enabled by default on Windows Server 2003 and Windows XP computers.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Network security is critically important to ensure the integrity and continuing operations of your organization's network. Administrators must follow standard administration procedures to ensure that network security is properly implemented, managed, and maintained. This means implementing security baseline settings on new servers, auditing security settings as appropriate, and allowing access to resources only where such access is required. As part of maintaining network security, administrators must also be proactive in monitoring network protocol security and troubleshoot problems as they occur.

The way computers and users are authenticated on the network and authorized to access resources depends on the network security you've configured. Although authentication and authorization have a similar goal to restrict access to a network, they are used in different ways.

Authentication is used to prove user and computer identities. On networks with computers running Windows 2000 or later, the primary authentication protocol is Kerberos. Previous versions of Windows use NTLM for authentication, which can be configured for use in authentication on Windows 2000 or later networks as well.

Authorization is used to control access to resources. Authenticated users and computers will have different levels of authority, depending primarily on the groups of which they are members and the permissions they've been specifically assigned. Both Kerberos and NTLM are used for authorization.

Other aspects network security, including data integrity and confidentiality, are dependent on the secure communications and storage techniques implemented on the network. IP Security (IPSec) can be used to secure communications using encryption. Encryption can also be used to securely store data.

For nonrepudiation, when you need to determine exactly who sent and received a message, you can use Kerberos and IPSec.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Local area networks (LANs), wide area networks (WANs), dial-up connections, and virtual private networks (VPNs) all have increasing roles in the connected workplace, which means routing and remote access are an increasingly significant area of responsibility for today's administrators. Administrators are expected to know which of the myriad of routing and remote access options available to use when a need arises, and they are expected to know how to manage and maintain the implemented technologies.

Using the Routing And Remote Access Service (RRAS), Windows Server 2003 can be configured as a multipurpose remote access server and IP router for connecting LANs to LANs, LANs to WANs, dial-up to LANs, and VPNs to LANs. The key advantages of using Windows Server 2003 in this role are that it allows easier management, support, and network integration as compared to hardware routers. Ease of management, support, and integration come primarily from the fact that administrators implement access controls and permission rules using standard Windows security and group policies.

In the role as remote access server, a RRAS server can be configured for:

Remote access over wireless, dial-up, or VPN, which enables computers to connect to the server using a dial-up or VPN connection.
Network Address Translation (NAT), which allows internal computers to access the Internet using a public IP address from an assigned address pool.
VPN and NAT, which allows remote clients to connect to the server through the Internet, and local clients to connect to the Internet using a public IP address from an assigned address pool.
Secure connections between two private networks, which can be used to connect the network on which the server is located to a remote network.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

In the Exam 70-290 Study Guide and throughout this study guide, I've discussed techniques for maintaining network infrastructure. Rather than repeat what's already been discussed, I'll give you specific pointers you can use to extend the earlier discussions and to ensure that you understand the skills required to maintain a network infrastructure.

Windows Server 2003 includes several tools for monitoring network traffic. Some of the most basic of these tools are often the most effective:

Using Task Manager's Networking tab, you can determine the current utilization of each network adapter installed on a server.
Using System Monitor in the Performance console, you can view current networking activity using the Network Interface performance object. Each adapter instance can be tracked separately.
Using Performance Logging, you can track networking activity over a period of time to determine performance bottlenecks.

With System Monitor and Performance Logging, you'll find the following counters of the Network Interface object useful in troubleshooting:

Packet Outbound Discarded: Tracks the number of outbound packets discarded even though they did not contain errors. Packets may have been discarded to free buffer space.
Packet Outbound Errors: Tracks the number of outbound packets that could not be transmitted because of errors.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|

Table of Contents

Section 2.2.1.1: Understanding Plug-and-Play and Non-Plug-and-Play devices

Section 2.4.1.1: Configuring access to shared folders

Section 2.5.1.1: Understanding the event logs