Objective Answers Xax
A. Incorrect This command has the correct distinguished name syntax but is missing the computer keyword. B. Incorrect This command has the correct computer keyword but does not list the computer to be reset with the correct distinguished name syntax. C. Incorrect This command omits the computer keyword and fails to use the correct distinguished name syntax. D. Correct This command correctly uses the computer keyword and distinguished name syntax. A. Incorrect This action would be appropriate...
Controlling Printer Security
Windows Server 2003 allows you to control printer usage and administration by assigning permissions through the Security tab of the printer's Properties dialog box. You can assign permissions to control who can use a printer and who can administer the printer or documents processed by the printer. A typical printer Security tab of a printer's Properties dialog box is shown in Figure 8-5. General Sharing Ports Advanced Security Device Settings Group or user names J3 Administrators C0NT0S0...
Creating User Objects with Active Directory Users And Computers
You can create a user object with the Active Directory Users And Computers snap-in. Although you can create user objects in the root of the domain or any of the default containers, it is best to create a user in an organizational unit, so that you can fully leverage administrative delegation and Group Policy Objects GPOs . To create a user object, select the OU or container in which you want to create the object, click the Action menu, then choose New and choose User. You must be a member of...
Reinstating Inheritance
Inheritance can be reinstated in two ways from the child resource or from the parent folder. The results differ slightly. You might reinstate inheritance on a resource if you disallowed inheritance accidentally or if business requirements have changed. Simply reselect the Allow Inheritable Permissions option in the Advanced Security Settings dialog box. Inheritable permissions from the parent will now apply to the resource. All explicit permissions you assigned to the resource remain, however....
Auditing Printer Access
Printer access, like file and folder access, can be audited. You can specify which groups or users and which actions to audit for a particular printer. After enabling object access auditing policy, you can view resulting audit entries using Event Viewer. To configure auditing for a printer, open its Properties dialog box, click the Security tab, and then click Advanced. Click the Auditing tab and add entries for specific groups or users. For each security principal you add to the audit entry...
Password Policy
The domain password policies enable you to protect your network against password compromise by enforcing best-practice password management techniques. The policies are described in Table 3-5. Enforce Password History When this policy is enabled, Active Directory maintains a list of recently used passwords and will not allow a user to create a password that matches a password in that history. The result is that a user, when prompted to change his or her password, cannot use the same password...
Building a Customized MMC
You can combine one or more snap-ins to create customized MMCs, which you can then use to consolidate the tools you require for administration. 1. Click Start, and then select Run. 2. In the Open text box, type mmc and then click OK. A blank MMC will appear. 3. Select the File menu, and then select Add Remove Snap-In. The Add Remove Snap-In dialog box appears with the Standalone tab active. Note that no snap-ins are loaded. 4. Click Add to display the Add Stand-alone Snap-In dialog box. Locate...
Creating Computer Objects Using Active Directory Users and Computers
To create a computer object, or account, open Active Directory Users And Computers and select the container or OU in which you want to create the object. From the Action menu or the right-click shortcut menu, choose the New Computer command. The New Object-Computer dialog box appears, as illustrated in Figure 5-1. Figure 5-1 The New Object-Computer dialog box Figure 5-1 The New Object-Computer dialog box In the New Object-Computer dialog box, type the computer name. Other properties in this...
Objective Questions Lnk
1. You are the systems administrator responsible for several Windows Server 2003 systems at a medium-sized industrial plant. One of the servers is a file and print server. The server comprises three disks, one of which hosts the volume containing the operating system. The other two are configured as a striped set and host several file shares. Backups are written to a DAT drive on the server and backup tapes are stored off site. The backed-up data includes every file and folder on the striped...
Understanding the Windows Server Printer Model
Windows Server 2003, and previous versions of Windows, support two types of printers Locally attached printers Printers that are connected to a physical port on a print server, typically a universal serial bus USB or parallel port. Network-attached printers Printers connected to the network instead of to a physical port. A network-attached printer is a node on the network print servers can address the printer using a network protocol such as Transmission Control Protocol Internet Protocol TCP...
Lesson Review Vkf
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the Questions and Answers section at the end of this chapter. 1. You're setting up a Web site in IIS on Server01. The site's Internet domain name is adatum.com, and the site's home directory is C Web Adatum. Which URL should Internet users use to access files in the...
Redirecting Print Jobs
If a printer is malfunctioning, you can send documents in the queue for that printer to another printer connected to a local port on the computer or attached to the network. This is called redirecting print jobs. It allows users to continue sending jobs to the logical printer and prevents users with documents in the queue from having to resubmit the jobs. To redirect a printer, open the printer's Properties dialog box and click the Ports tab. Select an existing port or add a port. The check box...
Ql Ame
Table 4-1 summarizes the use of Windows Server 2003 domain groups as security principals group type security . Table 4-1 Security Group Scope and Membership Group Scope Members Can Include Group Can Be a Member of Windows 2000 native or Windows Server 2003 domain functional level domain Domain Local Computer accounts, users, global groups, Domain local groups in the same and universal groups from any domain domain. in the forest or any trusted domain. Domain local groups from the same domain....
Info Ser
Caution If your computer is on a network, check with the network administrator before assigning a name to your computer. 21. In the Administrator Password text box and the Confirm Password text box, type a complex password for the Administrator account one that others cannot easily guess . Remember this password because you will be logging on as Administrator to perform most hands-on exercises. Important In a manual installation, Windows Server 2003 will not let you progress to subsequent steps...
Managing and Implementing Disaster Recovery
Disasters will occur. Disks will fail, files will be lost, and power supplies will fuse with a puff of smoke, a few sparks, and an acrid smell. Systems administrators should not wait for a disaster to occur before deciding on a course of action. Before disaster strikes, administrators should have planned and put in place the procedures that will restore system functionality as soon as possible. The first step in protecting data stored on Windows Server 2003 systems is to ensure that it is...
Performing Disk Management Tasks from the Command Prompt
Windows Server 2003 provides command-line alternatives for disk management, including the following Chkdsk Scan a disk for errors and, optionally, attempt to correct those errors. Convert Convert a volume from FAT or FAT32 to NTFS. Fsutil Perform a variety of tasks related to managing FAT, FAT32, or NTFS volumes. Mountvol Manages mounted volumes and reparse points. See Also See the Windows Help And Support Center for details about the roles and syntax of each command. But the granddaddy of disk...
Objective Questions Uph
1. You are logged onto a server that is running slowly through Telnet. You want to generate a list of processes run by all users that are consuming more than 5 MB of memory. Which of the following methods can you use to do this A. Issue the mem program command. B. Use the Task Manager and sort by memory usage. C. Issue the tasklist fi memusage gt 5120 command. D. Use MSINFO32 and sort by memory usage. 2. You are the administrator of a Windows Server 2003 SP1 computer that is a member of the...
Granting the User Right to Log On Locally
The user's ability to log on to a system is also subject to the system's user rights assignment security policy that allows local, or interactive, logon. By default, the local Users group, which includes Domain Users, is allowed the right to log on locally to all member servers and workstations but not to domain controllers. Therefore, users should be able to log on to any member server or workstation in the domain. If this default has been modified, a user might not have the right to log on...
Lesson Understanding Disk Storage Options
Before you tackle the installation of a disk drive and the configuration of that drive, you must understand several important storage concepts. This lesson will introduce you to the concepts, technologies, features, and terminology related to disk storage in Windows Server 2003. You will learn about differences between basic and dynamic disk storage types and the variety of logical volumes they support. After this lesson, you will be able to Understand disk-storage concepts and terminology...
Creating a Computer Account with Netdom
The Netdom command is available as a component of the Support Tools, installable from the Support Tools directory of the Windows Server 2003 CD. The command is also available on the Windows XP and Windows 2000 CDs. Use the version that is appropriate for the platform. Netdom allows you to perform numerous domain account and security tasks from the command line. To create a computer account in a domain, type the following command netdom add ComputerName domain DomainName userd User PasswordD...
Correct Answers A Tor
A. Correct This is the only method of limiting which users or groups can perform a restoration of a particular backup set. B. Incorrect This functionality does not exist from the Restore And Manage Media tab. C. Incorrect Access can be restricted to the Administrators group by following the procedure outlined in answer A. D. Incorrect This will not change the right of the Backup Operators group to restore backup sets, but will prevent them from backing up files and folders. E. Incorrect This...
Page Lesson Review Pam
1. You are installing a new 200-GB disk drive. You want to divide the disk into five logical volumes for the operating system, applications, user home directories, shared data, and a software distribution point. The drive space should be distributed equally among the five logical volumes. You also want to leave 50 GB as unallocated space for future extension of a logical volume. Considering basic and dynamic disks and the types of logical volumes they support, what are your configuration...
Lesson Review Yio
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the Questions and Answers section at the end of this chapter. 1. You are installing a new 200-GB disk drive. You want to divide the disk into five logical volumes for the operating system, applications, user home directories, shared data, and a software distribution...
Objective Questions Syz
1. Rooslan is the senior systems administrator at a medium-sized organization. His office is located at the company headquarters in Melbourne, Australia. He has just received a telephone call from Alex, who is responsible for maintaining a server at one of the organization's branch sites in Auckland, New Zealand. The two sites are connected by means of an ISDN BRI line. Alex is about to modify some registry settings on one of the servers in Auckland and wants Rooslan to watch him remotely so...
Objective Questions Qpp
1. Rooslan is the systems administrator of a medium-sized academic department at the local university. He is currently responsible for five Windows Server 2003 systems. One of these systems is used as the departmental file share with undergraduate, postgraduate, academic, and administrative staff all using the server to share files. The file server is configured with two disks. The first disk is separated into two volumes, one of which is 10 GB and hosts the operating system, the second of...
Correct Answers C Pdz
A. Incorrect Although this will display some basic memory information, it displays only memory available to MS-DOS. B. Incorrect Task Manager is a graphical user interface GUI utility and you cannot run it within Telnet. C. Correct Tasklist is a command-line utility that can display information about processes run by all users of a computer. The fi memusage gt 5120 part of the command instructs Tasklist to display only those processes that have a memory usage greater than 5120 KB. D. Incorrect...
Disabling Enabling Renaming and Deleting User Objects
Personnel changes might require you to disable, enable, or rename a user object. The process for doing so is similar for each action. Select the user and, from the Action menu, choose the appropriate command, as follows Disabling And Enabling A User When a user does not require access to the network for an extended period of time, you should disable the account. Reenable the account when the user needs to log on once again. Note that only one of the commands to Disable or Enable will appear on...
Task Manager Overview
Task Manager is an important Windows application that you can use to display information about the computer's current performance levels as well as manage the programs and processes running on the system. You can open Task Manager by right-clicking an open area of the taskbar and then selecting Task Manager from the context menu or by pressing Ctrl Alt Del and then clicking the Task Manager button. The Windows Task Manager dialog box contains five tabs by default Applications, Processes,...
Exercise Create User Objects
1. Log on to Server01 as an administrator. 2. Open Active Directory Users And Computers. 3. Create an OU called Employees and then select the Employees OU. 4. Create a user account with the following information, ensuring that you use a strong password User Logon Name Pre-Windows 2000 dholme Tip A new feature of Windows Server 2003 is that drag-and-drop operations are supported in several MMC snap-ins, including Active Directory Users And Computers. You can move objects between OUs by dragging...
Page Lesson Review
1. How is Remote Assistance like Remote Desktop For Administration How is it different Remote Assistance allows for remote control of a computer as if the user were physically at the console, as does a connection to a Terminal Server through Remote Desktop For Administration. Remote Desktop For Administration is controlled solely by the directory of accounts, either local or domain, that is configured for the Terminal Server connections on that computer. Remote Assistance requires a handshake...
Creating a Preconfigured User Profile
You can create a customized user profile to provide a planned, preconfigured desktop and software environment. This is helpful to achieve the following Provide a productive work environment with easy access to needed network resources and applications Remove access to unnecessary resources and applications Simplify help desk troubleshooting by enforcing a more straightforward and consistent desktop No special tools are required to create a preconfigured user profile. Simply log on to a system...
Ql Anu
Select the Enable Quota Management check box. If you want to deny users who have exceeded their limit of the ability to write additional files to the volume, select Deny Disk Space To Users Exceeding Quota Limit. If this box is not selected, users can continue to write to the volume. Exam Tip Quotas are supported only on NTFS volumes. Tip Most documentation suggests opening the properties of the volume from Explorer by right-clicking a drive and choosing Properties. Unfortunately, that process...
System State
Microsoft Windows 2000 and Windows Server 2003 introduced the concept of System State to the backup process. System State data contains critical elements of a system's configuration including The COM Class Registration Database The boot files, which include boot.ini, ntdetect.com, ntldr, bootsect.dos, and ntbootdd.sys System files that are protected by the Windows File Protection service In addition, the following are included in the System State when the corresponding services have been...
Approving Updates
Update management includes identifying, evaluating, and approving updates. You perform each of these tasks using the Updates page of the WSUS administration site. From the WSUS home page, click the Updates link in the top navigation bar. The Updates page, shown in Figure 9-4, appears. Figure 9-4 Updates administration page Figure 9-4 Updates administration page The list view in the top frame of the Updates page displays a subset of update metadata, including the update's title, classification,...
Schedule Backup Jobs
Backup jobs are best run at a time when there is minimal use of the server that is to be backed up. This tends to be at times in the middle of the night rather than during the normal hours that a systems administrator is in the office. Rather than having to come back to work each night at 2 00 A.M., or having to wake up to initiate an early morning Terminal Services connection, the Windows Server 2003 Backup Utility allows the scheduling of backup jobs. A wide variety of scheduling options is...
Managing and Maintaining a Server Environment
Managing a Microsoft Windows Server 2003 system requires an awareness of what is occurring on the system. The best place to find this information is in the event logs. The three main event logs that are on a Windows Server 2003 system are the System, Security, and Application logs. Event log views can be filtered so that only information in which the administrator is interested is displayed. Another part of server management is ensuring that relevant updates are downloaded and applied to the...
Using System Monitor and Performance Logs and Alerts
The System Monitor and Performance Logs And Alerts snap-ins, both of which are included in the Performance MMC, allow you to observe real-time performance of printers, log metrics for later analysis, or set alert levels and actions. System Monitor and Performance Logs And Alerts are discussed in detail in Chapter 12, Monitoring Microsoft Windows Server 2003. To add a counter to System Monitor, right-click the graph area and choose Add Counters. Select the performance object in this case Print...
Configuring System Monitor
With System Monitor, you can collect and view data by configuring counters that report hardware, application, and service activity for any computer on your network. Three configurations must be made for the data you wish to collect. Type of data You can specify one or more counter instances of performance monitor objects for which you want data to be reported. Source of data Either local or remote computer data can be collected by a counter. You must be a local administrator or a member of the...
Computers and Groups
Users need access to resources on the network to do their daily work but should not have access to unauthorized data. This access is gained by logging on to a computer that has access to the domain and then being acknowledged as a member of assigned groups in the domain. Permissions to resources can be set only for users, groups, and computers that are recognized by the domain. Creation of these user, group, and computer accounts can be done manually through tools provided in the Microsoft...
Configuring Audit Settings
To specify the actions you wish to monitor and track, you must configure audit settings in the file's or folder's Advanced Security Settings dialog box. The Auditing tab, shown in Figure 6-12, looks strikingly similar to the Permissions tab before it. Instead of adding permissions entries, however, you add auditing entries. Figure 6-12 Auditing tab of the Advanced Security Settings dialog box Figure 6-12 Auditing tab of the Advanced Security Settings dialog box Click Add to select the user,...
Questions and Answers
1. Which of the following locations are not allowed to be used for a backup of a Windows Server 2003 system d. Shared folder on a remote server g. Tape drive on a remote server The correct answers are b, e, and g. 2. You are to back up a Microsoft Windows Server 2003 file server every evening. You perform a manual, normal backup. You will then schedule a backup job to run every evening for the next two weeks. Which backup type will complete the fastest 3. You are to back up a Windows Server...
Page Lesson Review Lqa
1. You enable the password complexity policy for your domain. Describe the requirements for passwords and when those requirements will take effect. The password must not be based on the user's account name must contain at least six characters, with at least one character from three of the four categories uppercase, lowercase, Arabic numerals, and nonalphanumeric characters. The requirements will take effect immediately for all new accounts. Existing accounts will be affected when they next...
Requirement
The first requirement involves modifying password and account lockout settings. 1. What should be modified to achieve Requirement 1 a. The domain controller security template Hisecdc.inf c. The Default Domain Controller policy d. The domain controller security template Setup Security.inf 2. To configure account lockout so that users must contact the Help Desk to unlock their accounts, which policy should be specified a. Account lockout duration 999 b. Account lockout threshold 999 d. Account...
Navigating the MMC
An empty MMC is shown in Figure 2-1. Note that the console has a name and that there is a Console Root. This Console Root will contain any snap-ins that you choose to include. There are no items to show in this view, Each console includes a console tree, console menu and toolbars, and the details pane. The contents of these will vary, depending on the design and features of the snap-in you use. Figure 2-2 shows a populated MMC with two snap-ins loaded. Figure 2-2 A populated MMC Using the MMC...
Managing User Sessions and Open Files
Occasionally, a server must be taken offline for maintenance, backups must be run, or other tasks must be performed that require users to be disconnected and any open files to be closed and unlocked. Each of these scenarios will use the Shared Folders snap-in. The Sessions node of the Shared Folders snap-in allows you to monitor the number of users connected to a particular server and, if necessary, to disconnect the user. The Open Files node enumerates a list of all open files and file locks...
Event Log Retention Settings
On the General tab of each log's Properties dialog box shown in Figure 12-1 , you can specify the maximum size of the log and its behavior when the log reaches its maximum size. The available log retention options are as follows C W 1N DO'WS System32 conFig Sec Event. Evt Monday. November 25. 2DD2 9 38 56 AM Maximum log size 512 Kl When maximum log size is reached Ovefwrite events as needed C Ovefwrite events older than p C Do not ovefwrite events clear log manually Maximum log size 512 Kl When...
LoadBalancing Terminal Servers
In previous implementations of Terminal Services, it was difficult to load-balance terminal servers. Windows Server 2003 Enterprise and Datacenter Editions introduce the ability to create server clusters, which are logical groupings of terminal servers. When a user connects to the cluster, the user is directed to one server. If the user's session is disconnected and the user attempts to reconnect, the terminal server receiving the connection will check with the Session Directory to identify...
Exercise Configure the Server for Remote Desktop
In this exercise, you will enable Remote Desktop connections, change the number of simultaneous connections allowed to the server, and configure the disconnection settings for the connection. 1. Log on to Server01 as Administrator. 2. Open the System properties from Control Panel. 3. On the Remote tab, enable Remote Desktop. Close System Properties. 4. Open the Terminal Services Configuration console from the Administrative Tools folder. 5. On the tscc Terminal Services Configuration...
The Access Control List Editor
As in earlier versions of Windows, security can be configured for files and folders on any NTFS volume by right-clicking the resource and choosing Properties or Sharing And Security then clicking the Security tab. The interface that appears has many aliases it has been called the Permissions dialog box, the Security Settings dialog box, the Security tab, or the Access Control List editor ACL editor . Whatever you call it, it looks the same. An example can be seen on the Security tab of the Docs...
Recognizing Computer Account Problems
Computer accounts and the secure relationships between computers and their domain are robust. However, certain scenarios might arise in which a computer is no longer able to authenticate with the domain. Examples of such scenarios include After reinstalling the operating system on a workstation, the workstation is unable to authenticate even though the technician used the same computer name. Because the new installation generated a new SID and the new computer does not know the computer account...