Extending a Basic Volume
Even though you cannot use Disk Management to extend a basic volume, let's open it anyway so that we can see our volume as it gets extended. We will use diskpart.exe to actually do the extending. For this exercise we will be extending the primary partition F on Disk 2. 1. Open Computer Management by right-clicking My Computer and choosing Manage. 2. Expand Storage and click Disk Management. This will give you the window shown in Figure 2.37. Use this window to see the before and after of...
Understanding How EFS Works Under the Hood
Instead of using passwords that the user must remember each time he or she wants to access a file, EFS uses a system of keys based on public key technology.When a user encrypts a file on an EFS-enabled NTFS volume, several keys are created related to the file. First, if the user does not have a digital certificate suitable for EFS, one is automatically created by the system, which also generates a public key for the user based on the certificate. Next, a randomly generated key is created and...
Installing the Remote Desktops MMC SnapIn
To prepare the Remote Desktops MMC snap-in for use, you begin by opening a blank MMC console. Click Start Run and type MMC in the Open dialog box. In the MMC window that appears, click File Add Remove Snap-in. In the Add Remove Snap-in dialog box, click the Add button. Select Remote Desktops from the Available Standalone Snap-ins list in the Add Standalone Snap-in dialog box and click the Add button followed by the Close button. In the Add Remove Snap-in dialog box, click the OK button. Remote...
Enabling Auditing of Object Access
In addition to defining an audit policy as you learned to do in the exercises, you must enable auditing on each particular object for which you want to audit access. In this section, we will discuss how to enable auditing on objects, files, and folders. Objects include Registry keys, printers, files, folders, and so forth. Every Windows object has a security information object attached to it. It is referred as the security descriptor of the object. The security descriptor contains permission...
System Configuration Utility
The System Configuration Utility helps you diagnose services that are related to startup and that can cause issues. It is geared more towards system services as opposed to device drivers, but can be useful because some devices include services as well as more traditional device drivers. To access this tool, at the command prompt or Run option on the Start menu, type msconfig.exe and press Enter. After you open the tool, you will notice a variety of options that can be used to configure the...
Adding a New Connection
Now that you've created the new MMC, it's time to learn how to configure it to connect to Terminal Services on your servers. Begin by right-clicking the Remote Desktops node in the tree view on the left side of the utility. From the context menu that appears select Add new connection. This will open the Add New Connection window, as shown in Figure 6.9. Figure 6.9 The Add New Connection Dialog Box in the Remote Desktops MMC Snap-In Figure 6.9 The Add New Connection Dialog Box in the Remote...
Monitoring Performance 1
1. You need to query your memory trace file. The file is called test_log and it is stored in the root of the C drive.You are thinking of using the relog.exe command-line utility to extract the data to a .csv file called out.csv that also resides on the root of C drive.You are thinking of reading the log data in chunks of 10 records at a time.What will be your command-line instructions to execute this scenario A. relog.exe C test_log.blg -config Memory Available Bytes o C out.csv t 10 f csv B....
Troubleshooting Fragmentation Problems
Disk fragmentation is inevitable if you ever delete files, install programs, or otherwise use the computer for normal tasks. To optimize disk performance, you should defragment your disks as often as needed.This section covers some of the common problems that you might encounter related to disk fragmentation and the defragmentation process, including the following Computer is operating slowly. The Analysis and Defragmentation reports do not match the display. Volumes contain unmovable files....
Using the New Hardware Wizard
The New Hardware Wizard is used to install device drivers for non-PNP devices.You can also use the wizard to install drivers for any PNP device for which you did not have the suitable device driver at the time it was connected to the system.The latter scenario is actually handled by the Hardware Update Wizard, which is invoked from within the New Hardware Wizard. You need the following rights to use the New Hardware Wizard by default, members of the local Administrators group hold these...
Creating a Backup Plan 1
3. Members of the organization store files on a Windows Server 2003 computer. Each department has its own folder, with subfolders inside for each employee within that department. A complaint has been made about an employee having non-work-related files on the server that are considered offensive. Upon checking the contents of that person's folder, you find it to be true.You want to back up the entire contents of this folder, without affecting the backups that are performed daily. What will you...
Info Iim
The Hardware Abstraction Layer HAL The Hardware Abstraction Layer HAL provides a generic interface for kernel-mode drivers and processes to interact with the underlying hardware. This is a modular component that can be interchanged depending on your hardware configuration. When you deploy Windows Server 2003, it is important to ensure that you use the proper hardware abstraction layer.There are several types of HALs that ship with Windows Server 2003 Advanced Configuration and Power Interface...
Assigning User Rights
In this exercise, you will go through the steps necessary to assign the capability to log on to a terminal server to an Active Directory group. You have just set up a new Windows Server 2003 computer and configured it to run as a terminal server. Now the employees in the Sales department want to be able to access the terminal server when they are on the road. 1. Open Start Programs Administrative Tools Domain Security Policy. 2. Expand the Local Policies object in the left pane. 3. Select the...
Creating an Extended Partition
1. Right-click the unallocated space on the disk on which you want to create an extended partition. 2. Click New partition on the pop-up menu. This will start the New Partition Wizard as shown in Figure 2.19. Figure 2.19 Creating an Extended Partition with the New Partition Wizard Figure 2.19 Creating an Extended Partition with the New Partition Wizard 4. On the Select Partition Type window Figure 2.20 , select Extended partition. 5. Click Next to continue. You will now be prompted to specify...
Using dsgetexe
dsget.exe is used to see the properties of objects in Active Directory. It shows selected attributes of computers, contacts, groups, organizational units, servers, or users.You input objects into dsget.exe and it outputs a list of properties for those objects. dsget.exe supports the following commands dsget computer Displays properties of computers in the directory. dsget contact Displays properties of contacts in the directory. dsget subnet Displays properties of subnets in the directory....
Using Groups in a Single Domain
You have a network file share to which you want to configure access for 20 user accounts. You could manually configure the share permissions to enable each of the 20 user accounts to have the required access. However, if later you need to configure the permissions on a second network file share for the same 20 user accounts, you would need to perform the manual permissions assignment again for all 20 users. The easier, more accurate, and more secure way to assign the permissions you need is to...
Improved File and Print Services
Practically every organization uses file and print services, as sharing files and printers was the original reason for networking computers together. Microsoft has improved the tools used to manage your file system by making the tools run faster than before this allows users to get their jobs done in less time and requires less downtime for your servers.The Distributed File System DFS and the File Replication Service FRS have also been enhanced for Windows Server 2003, and Microsoft has made...
History of Directory Services
The first directories were paper directories like the telephone book or TV guides. Some of the first electronic directories were DNS and WHOIS. Later, application directory services appeared in e-mail products such as Microsoft Exchange, Novell GroupWise, Lotus cc Mail, and in online directory services functioning as electronic phonebooks such as Four11, Switchboard, and BigFoot. It might be difficult to think of an electronic telephone book as a directory service, but it does match our...
The Programs Tab
By default, when you connect to a Terminal Services session, you will receive a Windows 2003 desktop.The selections on this tab enable you to receive only a specified application instead. If Terminal Services is being used to provide only a single application for each user, this setting can increase security by ensuring that users do not receive a full desktop upon connection. This will prevent them from performing tasks on the server other than running the specified application. If the check...
Introduction Mpf
Regardless of how hard administrators work to protect their networks and systems from disaster, sometimes the worst occurs. Servers are subject to hardware failure due to age, overuse, or defects, data loss from hack attacks, and even natural disasters such as fire or flood that can destroy both the data and the systems themselves. Planning for disaster is an important part of every network administrator's job. Windows Server 2003 includes tools to help you prepare for a serious system failure...
Using New CommandLine Utilities Rbo
9. A user is attempting to use the cipher.exe command-line tool to make changes to the encryption settings on a folder but keeps getting errors related to incorrect parameters. When the user asks you about the errors, you suspect that he might be using an older version of cipher that does not support the command-line parameter he is trying to use. How would you find this older version of cipher for the user A. Have the user open a command prompt on his PC and type where cipher at the command...
iiswebvbs
The insweb.vbs utility is used to create and manage Web sites in IIS 6.0.This utility is stored at System Root system 32 directory. iisweb.vbs comes with six main switches. The main switches are listed in Table 8.2.The first argument for iisweb.vbs is one of these main switches. The rest of the arguments are further information to perform the task. The common syntax is Iisweb switch parameters to switch Table 8.2 Switches Available in Iisweb.vbs To check whether the Web site sites are The...
Troubleshooting Disk Quotas
Disk quotas are a great feature. However, they can lead to trouble if they are improperly configured or not managed properly.This section covers some of the more common issues that appear when using disk quotas. Issues such as the following The Quota tab is not there. Deleting a Quota entry gives you another window. A user gets an Insufficient Disk Space message when adding files to a volume. Disk quotas are set via the quotas tab on the properties of a volume. If the tab does not appear Figure...
Creating a Backup Plan
A backup enables data and system files on a computer to be archived to another location on the hard disk or to other media.You can compare backups to making a photocopy of an original document, which creates a duplicate that can be stored safely in case the original is destroyed. As with a photocopy, a backup of data is a duplicate of the original data on a computer at the time the backup was taken. Unlike a photocopy, however, the quality of the backup data is equal to the quality of the...
The Domain Concept
The dictionary definition of domain is a territory over which rule or control is exercised. In other words, a domain is a control boundary.You can control objects within a domain together, as if they were one. In Microsoft computing terminology, a domain is a logical group of computers with a common database of accounts. All of these accounts are managed and secured together in a central location on the domain controller . Domains provide centralized authentication and centralized account...
Creating a System Recovery Plan 1
8. The master boot record on the boot partition of your Windows Server 2003 computer has become damaged. When the computer tries to start, it fails before displaying the multi-boot menu that enables you to choose which operating system to start, preventing you from accessing utilities that are available after Windows Server 2003 starts. How will you fix the problem A. Restore the master boot record from an Automated System Recovery set. B. At startup, press the F8 key to access the startup...
Info Lfp
3. In the right details pane, select and double-click the option for which you want to define audit policy. For this exercise, select the Audit object access option. The Audit object access Properties dialog box appears see Figure 9.20 . Here you can choose to enable success and or failure audits by checking the option box es . Figure 9.20 Enable Success or Failure Audit Options Figure 9.20 Enable Success or Failure Audit Options 4. Click OK or Apply button. Now you can enable auditing on...
Using the Member Of Tab
The Member Of tab, shown in Figure 4.23, manages the groups of which the selected user is a member. By using the Add and Remove buttons, you can add and remove this user from groups. If you are using Apple clients or POSIX-compliant applications, you can use this tab to set the primary group as required. If a user account is a member of only one group, that group is automatically configured as the primary group as shown in Figure 4.23. If a user account is a member of multiple groups, click the...
Using dsmodexe
dsmod.exe modifies attributes of objects in Active Directory. dsmod.exe can modify computers, contacts, groups, servers, organization units, users, quotas, and partitions. dsmod.exe supports the following commands dsmod computer Modifies attributes of one or more computers in the directory. ddsmod contact Modifies attributes of one or more contacts in the directory. dsmod group Modifies attributes of one or more groups in the directory. dsmod server Modifies attributes of one or more servers in...
Managing and Troubleshooting Terminal Services
4.4.2 Manage a server by Using Terminal Services remote administration mode. 3.2.1 Diagnose and resolve issues related to Terminal Services security. 4.4.1 Manage a server by using Remote Assistance. 3.2 Troubleshoot Terminal Services. 3.2.2 Diagnose and resolve issues related to client access to Terminal Services. 0 Exam Objectives Frequently Asked Questions
Troubleshooting Terminal Services 1
0 Licensing error messages can occur because the Terminal Server cannot contact the license server or because the client's license has become corrupt. 0 If clipboard mapping fails between the client and server, the client may have become corrupted and should be removed and reinstalled. However, you don't have full clipboard functionality between the local computer and the terminal session.You can cut and paste data, but not files and folders. 0 Using a password-protected screen saver can cause...
Info Wpr
Hj File Action View Window Help -Iff I x -Hl, Computet Management Local El le System Tools l-lfH Event Viewei 1 Shared Folders ffl S Local Useis and Groups m-M Peifoimance Logs and Alerts Device Manager S toi age l - Sr Flemovable Storage Volume Layout Type File System Status Capacity Free Space X Free Fa Overhead HI Simple Dynamic NTFS Healthy System 3.99 QB 1.89 GB 47 No 0 . Melt D Partition Basic CDFS Healthy 382MB OMB 0X No ffi Disk Management H Services and Applications
Type
The Recovery Console is not a regular command prompt, so many of the commands listed in the table can only be used in the Recovery Console. Because the Recovery Console is used to recover the system when it cannot start properly, you cannot start Recovery Console after Windows Server 2003 has started. It can only be run prior to loading Windows from the multi-boot menu or from the installation CD. 1. Insert the Windows Server 2003 installation CD into the CD-ROM of your server. 2. From the...
Physical vs Logical Disks
You must be able to distinguish between a physical disk and a logical disk. Physical refers to the actual, tangible hard disk itself. A physical disk is a piece of hardware, which can be organized into logical disks. A physical disk by itself is of no use to Windows. It is not until you format the physical disk and create a logical disk that it becomes a resource that is accessible from within Windows. Logical disks enable you to customize your physical disks to best fit your needs. Depending...
Using the Environment Tab
The Environment tab, shown in Figure 4.17, configures the Terminal Services startup environment.You can configure a user's properties so that a specified program is launched every time the user logs onto a Terminal Server. To do so, check the box next to Start the following program at logon and enter the program filename and the working directory for the file. The Environment tab also enables you to configure how clients' local devices are handled when they log onto Terminal Services.You can...
The Environment Tab 1
As with the Sessions tab, the settings on the Environment tab in the user's properties are identical to several settings we've already seen in the Terminal Services Configuration tool. As with the Sessions tab, when overridden at the connection level or by Group Policy, the settings on this tab are ignored. However, by default they are the effective settings. The top section of the tab contains the Start the following program at logon check box, which is not selected by default.When selected,...
New Active Directory Features
Windows Server 2003 enhances the management of Active Directory. There are more AD management tools now and the tools are easier than ever to use. Microsoft has made it painless to deploy Active Directory in Windows Server 2003. The migration tools have been greatly improved to make way for seamless migrations. In the corporate world where mergers and acquisitions are common, things change all the time. It is not uncommon for a company to change its name two or three times in one year, which is...
Using dsmodexe group
dsmod group modifies the attributes of groups in Active Directory. dsmod group uses the following syntax. All syntax and switches are explained in Table 4.13. dsmod group lt GroupDN gt -samid lt SAMName gt -desc lt Description gt -secgrp yes no -scope l g u -addmbr -rmmbr -chmbr lt Member gt -s lt Server gt -d lt Domain gt -u lt UserName gt -p lt Password gt -c -q -uc -uco -uci Table 4.13 Understanding dsmod group Syntax -desc lt Description gt -secgrp yes no Required. DNs of one or more groups...
Understanding and Using Access Permissions 1
0 Both NTFS and share permissions are cumulative. If a user belongs to more than one group, and two or more of these groups are assigned permissions on a file or folder, the user's effective permissions NTFS or share on the file or folder is the sum of all the groups' permissions. 0 Deny permissions override Allow permission, regardless of which group has the Allow permission assigned. 0 When determining the effective permissions on a file or folder access through a share, the more restrictive...
Optimizing Servers for Application Performance
3. You are investigating the slow responses of your network's file server.This file server accommodates all the business data templates that are shared by 200 internal and external employees.The machine has multiple network adapters to communicate to internal and external resources.The machine has 1GB of RAM.The page file size is 1.2GB at the moment. The page file size seems to be increasing and getting larger after a reboot. It starts at 800MB and climbs higher.What could be the cause of this...
Creating a New Tree
1. Select Start Run and type dcpromo in the Open field. 2. Click OK to start the Active Directory Installation Wizard, as shown previously in Figure 4.78. 4. You are warned in the dialog box shown previously in Figure 4.79 that Windows 95 and Windows NT 4.0 machines not running at least Service Pack 4 will not be able to log on to a domain controller running Windows Server 2003. Click Next to accept the warning and continue. 5. Select the type of domain controller to create, as shown previously...
Objective Cuz
The Account options section of the Account tab has the following options User must change password at next logon This forces a user to change his or her password the next time the user logs on. This is used when someone forgets the password and must have it reset. It resets it to something easy, and the user has to change it upon first logon. This ensures that only the user knows his or her password. This is also the default when you initially create the account, so the user can set a new...
Introduction Wpr
The network administrator's daily tasks can be made easier or more difficult by the number and quality of administrative tools available to perform those tasks. In Windows Server 2003, Microsoft has provided administrators with a wealth of graphical and command-line utilities for carrying out their job duties. The Administrative Tools menu is the place to start it's there you'll find predefined management consoles for configuring and managing most of Server 2003's services and components,...
The Terminal Server Role
Despite the fact that the exam objectives focus on using Terminal Services for remote administration, the original purpose of the service was to enable Windows servers to be used in a thin client environment without expensive third-party software such as Citrix MetaFrame. The development of Microsoft's Terminal Services involved the creation of several components that worked together, including a special presentation layer protocol called the Remote Desktop Protocol RDP and a core architectural...
Managing Printers and Print Queues 1
8. One of your users frequently submits a very large print job prompting complaints from other users whose print jobs are delayed because of the large job.The server also handles requests for other print queues.You decide to try changing the default priority of the queue that is causing the complaints.What would be the benefit of changing the priority from the default of 1 to A. To make print jobs appear faster. B. To make print jobs from the queue appear before those in other queues. C. To...
Defining Custom Shutdown Reasons
Predefined planned and unplanned reasons are available to choose from the list box on the Shutdown Event Tracker screen please refer to Figure 9.34 .You can also define custom shutdown reasons to use at shutdown times. This could be handy to narrow your system-specific limitations. Use the registry to define these additional reasons. The steps to add more custom reasons for the Shutdown Event Tracker are shown in Exercise 9.10. 1. Open the Registry Editor. Click Start Run and type regedit. 2....
Determining to which Groups a User Belongs
Determining group membership can be accomplished through the GUI by using ADUC or from the command line by using dsget.exe.There are two ways to find this information in ADUC From the properties of a user account as shown in Figure 4.51 From the properties of a group account as shown in Figure 4.52 Figure 4.51 Finding Group Membership Via a User's Properties Figure 4.51 Finding Group Membership Via a User's Properties To determine what groups a user belongs to from the command line, use the...
Using the Published Certificates Tab
The Published Certificates tab, shown in Figure 4.22, manages X.509 certificates for the selected user account.You can use this tab to view the details of the user's certificates.You can also use it to add, remove, and copy certificates. Certificates can be added from the certificate store or from a file. Figure 4.22 Understanding a User's Published Certificates Tab Figure 4.22 Understanding a User's Published Certificates Tab
Partitions vs Volumes
Both partitions and volumes enable us to divide one physical disk into sections so that each section appears as a separate disk. Each section is individually formatted different sections can be formatted in different file systems and can have its own drive letter. Basic disks contain partitions. Partitions cannot be configured to span disks and therefore cannot provide any fault tolerance. Dynamic disks contain volumes.Volumes can span disks and can provide fault tolerance. Fault tolerance...
Troubleshooting IIS 1
9. Your Web server is running ASP.NET applications on IIS 6.0. An incorrect configuration setting has caused you to reinstall IIS 6.0 on this machine.You have used the Control Panel Add Remove Programs method to uninstall and reinstall IIS 6.0.Then you tried to load up your ASP.NET pages. Unfortunately, all ASP.NET pages are displayed as text.What could be the solution to this problem A. You need to reregister ASP.NET. B. You need to reformat the drive as NTFS and reinstall Windows Server 2003...
Using the ADUC MMC SnapIn to Create and Manage Groups
This section discusses using ADUC to create and manage groups. Exercise 4.02 covers creating groups. It is important to know how to create groups. However, for the test, you also need to know how to manage groups. This section walks you through all the tabs of an Active Directory group account with screenshots and explanations. 1. Open Active Directory Users and Computers Start Programs Administrative Tools Active Directory Users and Computers . 2. Right-click the domain or OU where you want to...