This site is 100% ad supported. Please add an exception to adblock for this site.

70-270

Terms

undefined, object
copy deck
Differecnce between XP home and Pro?

(11 total)
1.Pro can join a domain
2. administrative "hidden" shares
3. encrypting file system
4. remote desktop
5.supports two cpu's
6. automated system recovery (ASR)
7. Remote installation services (RIS)
8. system prep utility (sysprep)
9. Internet information services (IIS)
10. group policies
11. supports dynamic discs
There are some other minor things, but these are the items you need to remember most
What are the minimum Hardware requirements to run XP Pro?
Intel Pentium 233MHZ, 64MB RAM, 650 MB free disk space, VGA monitor capable of 800*600, CD or DVD rom drive, standard keyboard and mouse.
What are the recommended hardware specs for a pc running XP Pro?
Intel Pentium 300Mhz or higher, 128MB RAM, 2GB free disk space, Super VGA display capable of 800*600 or higher, CD or DVD rom at least 12x speed, keboard and mouse.
What is the difference between FAT32 and NTFS?
NTFS has improved security, file encryption, file compression,and supports larger partition and file sizes. You can also set permissions on indiviudal files and folders, and use disk quotos.
what is the syntax for the winnt and winnt version of the setup file?
Winnt /u:answer_filename /udf: ID [,databse_filename] /s:\\file\i386

winnt32 /unatend:answer_filename /udf: ID [,databse_filename] /s:\\name and path\i386

Note that the major difference is to use u for winnt and unatend for winnt32.
What are the 5 interaction levels in the setup manager for unattended installs, and a brief decription of each?
Provide defaults - the answers in the answer file are deafults, but the user can change any answer.

Fully automated - Setup is fully automated, and the answer file must contain all info for a complete install.

Hide Pages - The user is not shown any answers, nor given the option to change them.

Read only - the user can view the pages during install, but cannot make changes.

GUI attended - the user answers all questions asked during the install.
What are the three ways to do an unattended install?
Remote Installation Services (RIS)
Answer files
System prep (sysprep.exe)
What are the four requirements to use RIS?
1) DHCP
2) DNS
3) Active Directoy enabled domain environment
4) a seperate ntfs partition that does not hold any of the server's system or boot files.
Why would a client pc get a message "PXE boot server not found" when trying to install XP remotely?
Because you must authorize the RIS server in active directory to prevent unauthorized servers from being added to the network. To do this open a command prompt and type risetup -check.
Exam alerts....
1) Copy the admin profile before imaging if u have installed apps with desktop shortcuts.
2)
What are the names of some of the various answer files?
RIS created ristndrd.sif when you run riprep.
You can also create remboot.sif for use with ris.
winnt.sif is used if installing from a cd-rom, and sysprep.inf is used if using sysprep to install xp.
Why would you use sysprep over ris?
When the network does not meet ris requirements. Such as not being part of a domain, having static ip addresses on clients, no dhcpo server, or on a nt4.0 domain which ris will not work on.
What 5 conditions are not remcommended in the use of sysprep?
1) you cannot upgrade pc's running earlier versions of windows to xp
2) Do not use a production environment pc as the reference pc.
3) all pc's must have the same HAL
4) do not use if the client pc has an OEM image
5) do not use if the default user profile has been overwritten.
Name as many of the 10 switches you can use with sysprep as possible.
factory, audit, reseal, clean, quiet, nosidgen, pnp, reboot, noreboot, forceshutdown.
What versions of Windows can be upgraded directly to XP, and what is the upgrade path for other os's.
Windows 98, ME, NT 4.0 WS, and Win 200 Pro can be upgraded directly. Win 3.1 and 95 must first be upgraded to 98, Win NT 3.x WS must first be upgraded to NT 4.0. Any Win NT server OS, along with non windows OS's cannot be upgraded and a clean install must be performed.
How do you check hardware and software compatibility?
Run d:\i386\winnt32 /checkupgradeonly from a command line. Also, can check the windows cataolg and/or the HCL on the MS website.
Name several tasks that should be performed on the client pc prior to running the upgrade?
Check for an updated BIOS, Scan for viruses, upgrade any software to make it compatible with xp, uncompress any partitions using drivespace or doublespace, and remove any volume or stripe sets if on nt 4.0, and/or convert disks to dynamic disks if using win 2000.
How do you uninstall an upgrade, and under what OS's and conditions can u uninstall.
use the add/remove programs applet.
Uninstall is available only if upgraded from Win 98 or ME, and the drive must not have been converted to NTFS during the install. Do not convert to NTFS if it is likely the OS will need to be uninstalled.
What is USMT, what files does it contain, what does it collect, how does it work, etc.
The User State Migration Tool is used for transferring settings and files on a large number of pc's in a corporate environment. It consists of two exe files, scanstate, and loadstate. Scanstate is run on the source computer to collect data to be migrated, and tranfer to a shared folder on the server. Loadstate is run on the destiniation pc to place the data on that pc. By default, it migrates, my documents, my pics, desktop, favorites, and cookies. It also transfers settings from IE, Outlook and OE, dial-up connections, phone and modem settings, screen savers, fonts, and a whole host of similar settings. These settings are collected in various files - migapp.inf, miguser.inf, migsys.inf, and sysfiles.inf.
What's the easiest way to deploy SP2 in the upgrade to XP?
Splistream SP2 into the install. The two key commands are xpsp2 -x to get the sp2 files onto the HD from the cd, and update -integrate:e:\\<xpsp2> (folder name can vary) to splistream sp2 into the xp install files.
What are some common install problems for XP pro?
1) BIOS is not compatible
2) Hardware is not compatible
3) Not enough space on the hard drive. Need 1.5 GB to install.
4) Incorrect or incompatible device drivers
5) The pc cannot connect to the network because the name or ip address conflicts with another pc.
Name 9 ip utilities to troubleshoot network connectivity and a brief description of the function.
1) Ping - uses an echo command to establish whether packets can be routed at the network layer.
2) FTP - uploads/downloads files over a network. Works at the application layer.
3) telnet - establishes a character based session with a telnet server. works via the session layer.
4) lpr - executes a print job accross the network.
5) ipconfig - shows the ip config of a network adapter.
6) nslookup - checks dns entries
7) netstat - displays tcp/ip connections and protocol stats.
8) nbtstat - resolves netbios names to ipaddresses.
9) tracert - shows all of the hops a packet takes to reach its destination.
What's the n ame of the file created when you choose boot log from Windows startup menu?
ntbtlog.txt
Name the switches used in winnt.exe, along with a brief description?
(7)
1) /a - accessibility options
2) /r:folder - copies the specified folder and saves it on the newly installed pc.
3) /rx:folder - same as folder except deletes the folder when setup is complete.
4) /s:sourcepath - tells winnt where the source files for xp are located.
5) /t:tempdrive - tells winnt on which drive to install xp
6) /u:unattend.txt - uses the unattend.txt file to perform an unattended install.
7) /udef:id,UDF_FILE - tells winnt to use the specified id to look in the udf file for specific modifications tat are applicable to to the unattend.txt file.
Name the switches used in winnt32.exe, along with a brief description? (17)
1) /checkupgradeonly - determines whether the pc can be upgraded and places the results in the upgrade.txt file (win98,me) or ntcompat.txt(nt4.0,win 2000)which can be found in the %systemroot% folder.
2)/cmd:command - executes a command that setup runs after the pc reboots.
3) /cmdcons - copies the files necessary for the pc to run the recovery console
4) /copydir:folder - makes a new folder within the %systemroot% folder onm the new installed pc.
5) /copysource:folder - copies a new folder within the %systemroot%, and then deletes it after setup is complete.
6) /debug[level][:filename] - creates a debug log at the level you specify, 0 thru 4. 0 is most severe.
7) /dudisable - stops dynamic updates
8) /dushare:pathname - specifis a path to the dynamic update files on the server.
9) /duprepare:pathname - prepares a network share to be used for dynamic updates.
10)/m:folder - tells setup to use newer drivers in the specified folder instead of the default
11) /makelocalsource - copies all the setup files to the local HD to complete the install.
12) /noreboot - tells setup not to reboot after copying the setup files.
13) /s:sourcepath - tells setup where to find the source files for setup.
14) /syspart:driveletter - tells setup to create and mark active a sys partition and to copy setup startup files to that partition.
15) /tempdrive:driveletter - tells winnt32 on which drive to install and where to place temp files.
16) /unattend :[number]:[answerfile] -specifies the answer file for the unattended install.
17) /udf:id,udf_file - Tells winnt32 to use the specified id to look in the udf file for specific modifications that are applicable to to the answer file.
What log files are created during install? Include the file created if an error occurs during install. (7)
1) setuperr.log if an error occurs
2) comsetup.log - reports the installation of com+ components
3) setupapi.log - records data each time an inf file is called and implemented.
4) netsetup.log - reports the results of the pc to connect to a network or domain.
5) setup.log - provides info for the recovery console
6) scesetup.log - logs the security settings for the pc
7) winnt32.log - contains the debug info during setup
Name some advantages and one major disadvantage of NTFS over FAT32 or 16?
NTFS provides efficient use of disk space, provides native file-level security, native file compression, supports disk quotas and native file encryption, and enables partitions up to 2TB in size.
The major disadvantage is you cannot dual boot with another older OS.
Name the scenerios in which compressed files retain compression after being moved or copied.
1)copied files always inherit the new folder's compression state.
2) a file moved within the same volume retains its compression state.
3) if moved from one volume to another, it inherits the new folders state.
4) compressed files moved OR copied to any fat16 or fat 32 volume lose compression under all circumstances.
What is the syntax to convert an existing FAT volume to NTFS?
convert c: /fs:ntfs /v (/v is for verbose mode to see the progression and is optional)
What are the 6 NTFS permissions with a short explanation of each?
1) Full control - grants full access to a file of folder's contents.
2) modify - grants read, write, modify and delete rights. can also "see" permissions of a file or folder.
3) read & execute - can execute an app (exe) or open a file and read it.
4) list folder contents - (folder only) grants rights to open a folder, read its attributes nad permissions, and list the files and folders with it. Cannot execute and files at all.
5) Read - can list the files and folders, read its attibutes and permissions. Cannot run exe files.
6) write - can save changes to a file, create new one and change attributes.
Exam alert - How would you stop subfolder and files from inhereting rights of the parent folder you just created?
Click the "this folder only" option when you establish special permissions for the parent folder.
How are NTFS file permissions handled when a person is a member of more than one group that has access to a file?
NTFS permissions are cumulative. Be aware that Deny permissions overrule allow permission, but explicit permissions always override inherited permissions.
Under what conditions does a file moved or copied keep or inherit NTFS file permissions when moved or copied?
File or folder retains it's original permissions when:
moving a file/folder to another location on the same volume.
File or folder inherits it's permissions from the new parent folder when:
moving a file to another volume, or copying a file anywhere.
What is the max number of connections per share that IIS can handle?
10
What is the difference between NTFS and share permissions?
Share permissions are the permissions you set for a folder when you share that folder. The share permissions determine the type of access others have to the shared folder across the network. There are three types of share permissions: Full Control, Change, and Read. NTFS permissions determine the action users can take for a folder or file both across the network and locally. They can be set for groups or individually. The most restrictive permission applies when share and NTFS permissions conflict. NTFS permissions are cumulative. IF there is no conflict the least restrictive access wins. If a user can access a file locally, but not on the network, a likely problem is a conflict.
what are the 5 default administrative shares?
1)c$ - for each hd volume, generated automatically
2)ADMIN$ - share for the %systemroot% folder.
3)IPC$ - share used by apps and objects for interprocess communication.
4)Print$ - contains printer drivers for local printers
5)FAX$ - used by fax clients for sending faxes.
What are the three share permissions?
Full Control, Change, and read. They apply to the shared folder and not individual contents.
What does priority do in the advanced section of printer properties?
It defaults to 1, but if the number is raised higher, the print jobs executed via that printer will have a higher priority. The higher the number, the higher the priority, up to 99.
What are the three printer permissions?
Print - Enables uses to print, and control settings for their documents only.
Manage documents - enables users to control ALL documents, not only their own.
Manage Printers - includes "manage Documents" privalege. In addition, users can manage the printer - ie set a seperator page, pause, resume, and even delete the printer.
What groups are assigned which print permissions by default?
Admin and Power users group is assigned all 3 permissions, the everyone group has the print permission and creator owner has manage documents permission.
What is a mount point, and it's purpose.
You can mount a volume to overcome the 24 letter limatation on drive letters, add space to a volume by using mounting a volume to an empty folder on another volume, and/or use it to reduce the number of drive letters that users need to contend with. Important: the volume with the empty folder needs to be NTFS.
Exam alert - What needs to be known about disk quota's and compression?
When figuring disk space, windows figures it on uncompressed file size, so if a user runs out, and he has compressed files, this may be why.
How do you use disk quotas from a command prompt?
USe fsutil.exe to configure disk quotas from a command line.
Exam alert - What are two good things to know about offline files?
1) must disable fast user switching
2) the user needs to have at least modify permission on the drive holding the local cache. Synchronization will not occur without it.
Name the three options for configuring cached (offline) files?
1) Automatic caching of documents - makes every file in the share available for caching by a remote user. As soon as a user opens the file from the share, it replaces any older versions of the file.
2) Automatic caching of programs and documents - Designed for readon-only or exe programs. caches files to the user only when first opened in the shared folder. After that, the cached file is opened and used instead of the one on the network, even when connected.
3) Manual caching of documents - user must indicate the files to be made available for caching. Default setting.
Name the types of dynamic volumes?
Boot - Contains the Windows files.
System - Contains ntdetect, ntldr, and boot.ini
Simple - A single region or multiple regions of free space on a single disk.
Spanned - Two or more regions of free space on 2-32 disks linked into a single volume.
Striped - AKA Raid 0 -- Free space on two or more disks, and data is interleaved accross the discs.
Mirrored - AKA Raid 1 - Two discs. Data is mirrored on each. Fault tolerant.
Raid 5 - Data is interleaved equally accross all discs equally, aka striping with parity. Fault tolerant.
What are the advantages and disadvantages of Dynamic discs?
Advantages - Can change config of the discs on the fly, no need to restart windows. Can create data redundancy.
Disadvantages - Cannot be read by any other OS, so dual booting is out.
Laptops, and removable drives can not use dynamic discs.
How can you use msconfig to force 640*480 resolution with 16 colors?
add the /basevideo parameter to the boot.ini file in msconfig. Good for troubleshooting video.
Exam alert - If a Win XP pc has problems with the video driver, what 2 things can you do?
Use the Windows 2000 driver if the install is upgraded from 2000.

Also, can use the /basevideo parameter in the boot.ini file.
Exam Alert - In order for ACPI to work, what must the computer have?
The HAL must be ACPI compliant.
Exam alert - How can you use run as to install a driver when not logged in as Admin?
From a command line, type runas /user:Administrator "mmc%windir%\system32\devmgmt.msc", and then provide the Admin password when prompted.
Exam alert - How do you use a URL to connect to a printer.
http://printserver/printername
What are the three types of items in performance console?
Objects - a specific hardware or software item to be monitored.

Counters - one of a series of statistical measurements associated with the object.

Instances a single item of multiple occurences. Ex - dual cpu's. Each CPU can be monitored, each is it's own instance.
Exam Alert - What button should you click to learn more about the function of each performance counter?
Use the explain button.
How do you view log data created by setting up a log using the "permormance logs and alerts snap-in?
Open system monitor, and select view log data from the taskbar at the top of the details pane.
How do you create an alert for system performance?
Select performance logs and alerts in the console tree of the performance snap-in. Right click a blank area in the details pane, and select new alert settings.
What are the most important memory counters?
1)Pages/sec - > 20 = ram shortage
2) available bytes - amount of memory available. < 4MB indicates shortage of memory.
3) commited bytes - if amount > amount of physical ram, may need more ram
4) pool nonpaged bytes - if value keeps increasing, check for app with memory leak
5) page faults/sec - a high value indicates a lot of paging activity. add ram.
What are the most important counters for the CPU?
1) % processor time - the percentage of time the cpu is esecuting meaningful actions. Anything > 85% indicates a possible bottleneck. Start by adding more RAM, then go to faster or second CPU.
2) interrupts/sec - rate of requests from i/o devices that interrupt cpu activity. a large increase in the number of interrupts without a cooresponding increase in system activity may indicate a hardware issue.
What are the most important counters for the phyisical hard drives?
1) % disk time - a value > 50% suggests a disk bottleneck. Go to faster disk/controller, or add more ram.
2) avg disk queue length - value > 2 follow advice above.
3) average disk sec/transfer - value > 0.3 may indiacte that the disk controller is retrying the disk continually due to write failures.
What are the most important counters for the logical hard drives?
1) % disk time - value > 90% may indicate a problem execpt when using RAID. Compare to processor\%.
2) average disk bytes/transfer - valuies < 20kb indicate an app accessing a disk inefficeintly.
3) current disk queue length - value > 2 indicates disk bottleneck. may need to add another disk.
4) disk transfers/sec - calue > 50 indicates possible bottleneck.
5) % free space - value < 15% means to add more disk space
How can you modify an applications priority level?
1) From task magr - proecesses tab, right-click, and choose set priority.
2) from command prompt - start /option exe_name (option = one of the priorities such as high)
What are the application priority levels?
Realtime, high, aboveNnormal, normal, belowNormal, low

Realtime is the highest. Use extreme caution as this can hang the computer. Normal is the default for all processes.
What are the different backup levels using ntbackup?
Normal or full - Backs up all selected files.
Differential - backs up all files change since the last full.
incremental - backs up all files since the last incremental or full backup.
Daily - backs up all files changed on the day the backup is done.
Copy - backs up all selected files. does not remove the archive bit. useful for creating an extra backup.
**XP restores data backed up from Win 2000/XP/server 2003 only!
When can you not use last known good?
After a user logs in and finds a problem, as that resets the last known good. IE - the problem must be found prior to login.
Name some of the commands that can be used in recovery console?
Most of the basic dos commands, plus -
diskpart - disk mgmnt
enable - enables device driver
expand - extract compress file
fixboot - write new partition boot sector to the sytem partition.
fixmbr - repairs the mbr
listsvc - lists services and drivers.
Remember you can use type "help" to bring up a list of commands.
What is ASR, when would you use it, and what disadvantages does it have.
Automated System Recovery. Use only when last known good, safe mode TS, system restore, and recovery console have failed. Creates a backup of root files. Backs up only those files needed to restore the pc to operational. Does not back up all files!
Disadvantages are that it does not backup user data or apps, and during restore it formats the system partition, so all user data and apps are lost. May also interfere with data on other volumes. Cannot use ASR to restore from a network share.
What is the disadvantage of backing up compressed data using ntbackup (Windows Backup?)
Exam Alert!

You cannot restore compressed data!!!!
Only backup non compressed data.
Name the 6 profile types?
1) Roaming - user who login to different pc's on the network.
2) mandatory - admin enforces settings. Any changes made by user are not stored.
3)local - first login on to pc
4) temporary - if an error keeps a profile from loading, a temp profile is created. no changes are saved.
5) all users, files and folders - all users get this one. combines with the indivdual profile
6 - default user - on first login, a default profile is used as a template to create the new one for the user.
What settings can you transfer with files and settings transfer wizard, and what's the dos name?
dos name = migwiz.exe

OE, dial-up connectiosn, IE, display options, folder options, taskbar config options, my docs, my pics, and favorites.
How do you create a mandatory profile, and how do you make changes to one.
Create the profile using the same way as a roaming profile, which saves as ntuser.dat. Rename that file to ntuser.man.

To make a change, change the ext back to .dat, make any changes, log off to save the changes, and rename it again to .man.
How do you repair an msi package installation?
Use Msiexec to repair them.
What are the three ways to distrubite an msi packaged piece of software to users?
Publish to users - enables users to install the app thru add/remove programs, or if they attempt to open a file extension associated with the app.
Assign a package to users - automatically provides the app in the start mene of any pc that user logs into. when they click that icon, it installs. Also, if they attempt to open a file extension associated with the app.
Assign a package to computers - the app is installed automatically upon computer startup.
What are the the most important Msiexec parameters?
/i - Use this format to install the product.
/f [p|o|e|d|c|a|u|m|s|v] <package> or <product code> Installing with the /f option will repair or reinstall missing or corrupted files.
From above - * p reinstalls a file if it is missing
* o reinstalls a file if it is missing or if an older version of the file is present on the user's system
* e reinstalls a file if it is missing or if an equivalent or older version of the file is present on the user's system
* c reinstalls a file if it is missing or if the stored checksum of the installed file does not match the new file's value
* a forces a reinstall of all files
* u or m rewrite all required user registry entries
* s overwrites any existing shortcuts
* v runs your application from the source and re-caches the local installation package.
/a <package> The /a option allows users with administrator privileges to install a product onto the network.
/x <package> or <product code> The /x option uninstalls a product.
/j [u|m] <package> Building with the /j <package> option advertises the components of your application on the end user's computer.
/p <patch package> Building with the /p option applies a patch to an installed setup package.
What are ZAP files?
Zap files are used by group policy to install apps that are not native windows installer files.
a zap file is created with a text editor and ends in a .zap extension.
What is a network bridge?
Used when two NIC's are in a computer, each connected to different network segments. Allows you to connect the segments. Right click the connection, and choose bridge connections. Important - you cannot create a bridge that includes a connection using windows firewall, or ICS.
What is APIPA?
Automatic Private Internet Protocol Addressing - Allows a pc to act as a mini dhcp server,assigning itself an ip address, and making sure it does not conflict with any other pcs. Only used on very small networks. Alsways starts with 169.254, and is an indication that DHCP is not working on that pc.
Name the ip classes, with ranges, number of networks, and number of hosts for each one?
Class A - 1-126, 126 networks, 16+ million hosts.
Class B - 128-191, 16,382 networks, and 65,534 hosts.
Class C - 192-223, 2+ million network, and 255 hosts.
Less important -
Class D - 224-239, Multicasting
Class E - 240-254- future use
Loopback - 127
Private IP Class A - 10, reserved for a private network
Private ip class B - 172, reserved for a private network
Private ip class C - 192, reserved for a private network.
What is the formula for calculating how many networks vs. hosts in a subnet mask address, if using subnetting or supernetting?
2n - 2 (n equals number of bits)

Example is 255.255.128.0, which = 11111111.11111111.11100000.00000000

This is a class b using subnetting.

So, the formula to figure # of networks is to look at how many masked bits there are (3) using 2n - 2 or in this case 2*2*2 which is 8 -2 =6

So this config gives us 6 networks.

To find the number of hosts, we look at the unmasked bits.

There are 13 unmasked bits. So that means 2*2*2*2*2*2*2*2*2*2*2*2*2 (2 to the 13th power) which = 8192 hosts.
What is the difference between subnetting and supernetting?
Subnetting adds 1's aka masked bits to the end of the address to create more networks than the class allows, and supernetting adds 0's, aka unmasked bits to add more hosts than the class allows.
What are the basic 4 steps to DHCP?
1) Client boots up and broadcasts a DHCPDiscover packet.
2) Server responds w/ DHCPOffer packet, w/ the ip address, and related items.
3) Client replies with a DHCPRequest packet as a broadcast, reuesting verification that it is ok to use that address.
4) Server responds with a DHCPACK ackonledgement packet, and the client begins using the address.
Exam Alert - Watch for DHCP troubleshooting, involving DHCP servers on different subnets than the client.
Usually this is because the router is not set to forward UDP broadcast packets. They must be configured to do this when the client is seperated from the dhcp server.
What are the troubleshooting utilities for tcp/ip?
ARP - resolves ip address to MAC address.
Event Viewer - Look in system event log for tcp/ip issues.
Finger - queries the pc about the services and users that are running on it. Finger service must be running on the client.
FTP and TFTP - Trivial File transfer protocol uses UDP. FTP uses TCP. Useful to try and see if these protocols are funtioning accross a router.
IPconfig - displays info about ip addresses.
NBTStat - used only if running Netbios over tcp/ip. checks the status of netbios name resolution to IP addresses.
Netstat - for Checking the current statuis of the pc's ip connections.
NSLookup - Name server lookup. Communicates with a DNS server. Interactive mode opens a sessions with dns server, non-interactive mode asks for a piece of info and receives it.
Ping - Packet internet grouper. Sends an echo packet at the network layer to see if an ip address is found.
List the 7 TCP/IP troubleshooting steps?
1) Verifiy the hardware is functioning
2) Run ipconfig to verify ip address, and related items
3) ping loopback address to see if tcp/ip stack is working.
4) Ping the pc's own ip address to eliminate a duplicate ip address.
5) Ping the default gateway address, which tells you if data can travel on the current network segment.
6) Ping a host on another network segment.
7) FTP and TFTP a file from a server not on your network to test TCP and UDP.
What are the standard protocols for DUN?
PPP - Point-to-point protocol
SLIP - Serial Line Internet Protocol - older protocol created for unix, but can support tcp/ip.
PPTP - Point-to-point tunneling protocol. Used for VPN
L2TP -Layer 2 Tunneling Protocol. Newer protocol also used for VPN.
Name the 7 remote access authentication protocols?

(RAS server dial-up)
1) CHAP - Challenge handshake authentication protocol - one way authentication from server.
2) EAP - Extensible authentication protocol. Not used to provide it's own security, enables enhanced interoberiblity and effiency of authentication process.
3) MS-CHAP - same as #1 except Microsoft. One-way authentaction. Must be all windows network.
4) MS-CHAPv2 - same as #3 except there is mutual two way authentication. client and server must also be all MS.
5) PAP - Password Autnetication Protocol - Clear-Text one-way authentication. Least secure.
6) SPAP - Shiva Password Autnetication Protocol. Reversible encryption. One way authentication.
7) Smart Cards - Certificate based two way authentication.

Remeber, Samrt Cards, and MS-CHAPv2 are two-way.
Exam Alert - may get a question on certificate authentication, and the relationship between trusted sources and certificates.
Remeber to import the servers certificate into the clients trusted publishers list.
How does PPTP and L2TP work?
They encapsulate the data inside the tcp/ip packets that are sent to the vpn server. The vpn server then stips the encapsultating headers and footers, and then transmits the data to the appropriate network servers.
What's the most important thing to check for when setting up ICS?
Make sure no computer is using an ip address of 192.168.0.1 because the network adapter on the ICS pc is automatically assigned that address when ICS is configured.
ICS almost acts like a router/dhcp server.
How do you connect to a file on the network using a web browser?
How about a printer?
File - File://server/share/folder/file

Printer - http://printerserver/printers (displays a list of printers that are being shared.

http://printserver/printername
Opens the printer page for a specific printer.
How do you install IIS?
From add/remove programs, add/remove windows components.
How do you test to see if IIS is functioning locally?
Open IE, and type http://mycomputer (name of your pc)
Troubleshoot the following IIS errors -
1) Cannot find server or unknown host.
2) The page cannot be displayed.
3) Under constuction
4) Request timed out
1) Cannot find server or unknown host.
2) The page cannot be displayed.
3) Under constuction
4) Request timed out

1) run the ping command form the client and attempt to ping the server. IF that works ping the server name. Next, open computer management, go to services node, and view whether the world wide web service is started.
2) Run ping from the client to server. Next, open computer management, go to services and applications, then IIS. Right click all tasks. Restart IIS.
3) confirm the website is in the correct location. run inetmgr, go to the iis snap-in, go to defualt website, right-click, go to properties, and make sure the default location matches.
4) worlkd wide web service is not responding. Ping the computer, and use tracert to ensure the path to the pc is working. Verifiy that the world wide web publisher service is installed and running on the iis server.
Where do you go to enable Remote desktop connection?
System applet, remote tab > Select allow users to connect remotely to this computer.
What is the standard listening port for remote desktop, and how can you increase security?
The standard port is 3389. You can change this port so that users have to manually put the port number in to connect. To do this naviage to HKlocalmachine\system\currentcontrolset\control\terminalserver\winstatisons\rdp -tcp \portnumber key.
The client connects by putting in the ip address, colon, then port number.
So if you change the port number to 4233, you would use 192.134.24.242:4233
If a person is on SP2 with windows firewall, what must they do to allow remote assistance or remote desktop?
Click the exceptions tab, and select remote assistance and remote desktop if that is being used.

Also konw that it uses port 3389.
What are two important requirements to know if you want to use EFS?
The drive must be NTFS, and no file can be encrypted and compressed at the same time.
What are the 7 rules for managing EFS on a network?
1) USe NTFS
2) Keep a copy of each users certificate and private key on floppy or cd.
3) remove the user's private key from the pc except when actually using it.
4) Have each user encrypt their own my docs folder.
5) Use two recovery agent user accounts for each OU (if domainn) Assign the recovery agent certifiticates to these accounts.
6) archive all recovery agent user account info, recovery certificates, and private keys.
7) EFS takes more CPU overhead. PLan for more CPU power.
How do you export an encryption certificate?
Go to start > MMC > file > add/remove snap-in > Add> certifiicates > My user account option > Finish > Close > OK > Personal Node, select certificate > Action menu > all tasks > export > next > select personal information exchange-PKCS #12 > next > select path > next > finsh

The main thing to know is this is done via the certificates snap-in in the MMC (Microsoft MAnagement Console)
How does a file become encrpyted?
A pair of keys is genereated, one public, one private. These keys work both ways - to encrypt and to unlock?
What does a recovery agent do in regards to EFS?
These are user accounts authorized to unlock encrypted files. Baiscally this account gets a copy of the key pair. If you lose the key pair, and there is no recovery agent, the data is permenently lost.
What three kinds of certificates can be used for EFS?
Third-Party issued,
CA-issued
self-signed
What are the three certificate template types for EFS?
Administrator -
Basic EFS -
User -
Basic is is used for EFS only.
The other two can be used for other things.
Under what cicumstances is a self-signed EFS certificate generated?
If the user is part of a workgroup (ie not domain) then the user simply encrypts the file to generate the certificate. Also, if a CA certificate cannot be renewed, a self-signed is generated. Self signed certificated are good for 100 years, so they do not need to be renewed.
How can you back up IE certificates?
Using IE, Tools > Internet options > Content > certificates > export.
What are the two ways to encrypt a file?
1) Use the cipher command line utility

2) change the advanced attributes of a file or folder
what are the 11 switches you can use with Cipher?
/e - Encrpyts the files within the current folder.
/a - Encrpyts the indivudual file listed.
/d - Decrypts the files within the current folder.
/s - Decrpyts the contents of the current folder/subfolders.
/i - Enforecs encrpytion on current folder regardless of errors.
/f - Forces encryption upon already encrypted files.
/k - generates a new encrytion key for the current user account.
/u - Updates the keys for all encrypted files that are using an old key.
/n - used with u to generate a list of files that need to be updated.
/r - generates a new data receovery agent.
/w - removes trace data that remains after encrypting existing files.

First four and r are most imporantant.
What are some common EFS problems and solutions?
Q.
1. Lost or damaged encryption certificate for a user?
2. Data Recovery agent key is not backed up?
3.Check boxes are unavailable for encrpyt and compress?
4. You are not allowed
1.Log on as recovery agent and decrypt the file.
2. Use the export certificate wizard to backup the data recovery agent key.
3. This is not an NTFS drive. Use Convert /fs:ntfs.
4. You do not have write access to the file.
5. Your profile is not available on pc#2. Implement roaming profiles.
6. not a nerror. The user misunderstood how EFS affects a user while working. Check the file attrubutes.
7. The user does not have the correct efs certificate and does not have a private key to use. If the key is expired, the certificate is acrived.
8. The user moved it to an FAT32 partition.
9. The virus scanner cannot scan files encrypted by other users.
10. The computer is not trusted for delegation.
What are 6 tools for configuring security on a XP Pro pc?
1. Local security policy - in administrative tools
2. Group policy editor -mmc snap-in used for domains.
3. computer management - in Admin tools. interface to manage users, groups, and shared folders.
4. Security templates - MMC snap-in capable of creating text-based templates that include standard security settigns.
5. Security confiruration and analysis - MMC snap-in scrutinzes security settings based on the security template used.
6. Secedit.exe - command line utility enables security configuration from a dos prompt.
How do you use secedit.exe?

What are the four switches?
A security template is saved as an inf file. This file is importaed into a database as a .sdb file. The switches are /analyze, /configure, /export, and /validate.
The syntax to apply the security settings to overwrite exsisting settings is:
secedit /configure /db <path>\\database.sdb
Do local security settings override GPO domain settings?
No. GPO settings override local security settings.
Exam alert - What happens when a permission is denied to a group or user, if the same permission is explictily granted?
The Deny persmission overrides all others and the user will not be allowed access.
What is a command line utility to troubleshoot user rights on the local pc?
whoami

From the support\tools on the cd. Displays all groups, even the built-in groups.
What are the 6 default local groups in xp pro?
Administrators - unrestricted access to everything.
Backup operators - access to run windows backup.
guests - limited to only explicitly granted rights.
power users - create/modify local user accounts, and can share resources.
Remote desktop users - limited to accessing trhe pc via remote desktop connection
Users - all newly created users get this. Limited to basic pc use, personal files and folders, and explicitly granted rights. --- If having a compatibility issue with NT 4.0, you can relax the restrictions on this account by applying the compatws.inf security template.
What are the built-in special groups in xp pro?
Anonymous login - No default access rights. for accounts that xp cannot authenticate locally.
Authenticate users - No default access rights.All users with local accounts get this.
Creator owner - given to admin group. full control over resources created or taken over by a admin.
Dialup - user who have connected to the pc with a dial-up connection. no specific rights.
Everyone - full control is the default permission on ntfs volumes.
interactive and network have no specific rights, and are unimportant.
Name the 7 audit policies for the local pc?
Audit account management - for when an attempt is made to do anything with a user or group.
Audit login events - triggers when logging on, off, or connect to network.
Audit object access - triggers when attempting to access files, folders, prionters, etc.
Audit policy change - triggers when a local policy is configured.
Audit privalege use - triggers when a system privalge is used, such as the clock.
Audit process tracking - triggers when a program or process is started.
Audit system events - triggers when someone shuts down, or performs other system actions.
Exam alert - Can audit policies be used on any XP pro pc? If not, what circumstance would keep audit policies from working?
The hard drive must be formatted as NTFS for audit to work.
Where do you create .net passports?
In the control panel > user accounts applet only!
Exam alert - If a policy conflicts with a user right (by virtue of a user being a member of a group), what happens?
The policy setting wins in this scenerio.
What are the two basic parts to the authentication process?
Credentials, and validation.
Credentials = a drivers license
validation = your picture id on the license
Why does xp cache login credentials?
It generates faster logins, and you can use a single login for external systems.
What is a big problem with using cached credentials, especially in a domain?
Changes that been made to user accounts are not applied immediately at login. Instead a change is marked for the next login, or the one after that. So, a user may still have access to a resource they should not, even after a change was made. Huge security issue.
What are the three ways to fix the system so cached credentials do not cause security issues because rights have not been updated?
1) Force the pc to contact the network at login
2) Disable credential caching
3) Use credential manager to update the user's credentials.
To do #1, set a group policy "always wait for the network at computer startup and logon policy".
For #2 (disable) configure group policy to "number of previous logons to cache" to 0 instead of 10.
For #3, (manager) go to control panel > user accounts > manage my network passwords. Click any item you wish and edit it.
How could you force a user to login to the domain when the password is being typed into a screensaver?
Use a group policy "require domain controller authentication to unlock workstation".
When creating an answer file to be used during an install from the cd-rom, what needs to happen to the answer file?
Copy the unattend.txt file to floppy disk, and rename it winnt.sif.
There are two things that can be used to ensure RIS will work with a particular workstation. Only one is needed on each install. Name both.
You must either user the remote boot floppy generator (rfbg.exe) to create a floppy, or have a NIC with the Pre-Boot eXecution Environment (PXE).
What is the name of the standard answer file created by RIS, and the one created after using setup manager.
1) Ristndrd.sif

2) remboot.sif
Can you perform an upgrade install using Sysprep or RIS?
No, clean install only.
What conditions must exist in order to uninsall XP Pro and revert to the earlier OS?
1) Must not be NTFS, has to be fat.

2) Can only uninstall when upgraded from Win 98 or ME.
What must be enabled on the host pc if sharing a printer via the web?
IIS must be installed to share printers via the web.
In what two situations would dynamic disks not be supported?
1) Laptops do not support dynamic disks

2) Dynamic disks cannot be read by other operating systems in a dual-boot configuration.
Which Hal files do and do not support ACPI and Dual CPU's?
Do NOT support ACPI or dual cpu's:
Hal.dll
halapic.dll
halmps.dll

Supports ACPI on one cpu:
halacpi.dll

Supports ACPI and dual CPU's:
halaacpi.dll
halmacpi.dll
Which users can backup and/or restore files using ntbackup?
Backup and restore any folders/files - Admins, and Backup operators.

All users can back up and restore their own files.

User that has read permission on a file can backup that file.

User that has write permission on a file can restore it.
What is the sequence of application of GPO settings?

(7)
1. Win NT 4 system policies found in ntconfig.pol
2. local policies
3. site group policies
4. domain group policies
5. OU group policies
6. child OU group policies
What are the Arc path parameters that can be used in boot.ini?
Multi(x) - use for all non-scsi disks, or scsi with BIOS enabled. x = number of controller
scsi(x) - use with scsi with BIOS disabled.
Disk(x) - Use onle with scsi. Defines what disk the OS resides on.
rdisk(x) defines what disk the OS resides on. (usually 0)
partition(x) - specifies what partition the os resides on
example:
Multi(0)disk(0)rdisk(0)partition(1)
What user right must be assigned to the user account used to preform a remote install? (RIS)
They must have the log on as a batch job right.
What are thae three types of environment variables, and what is the order of precedence.
1) Autoexec.bat
2) System environment variable
3) User environment variable

The order of importance is 1,2,3. 3 will override 1 and 2.
In order for Windows XP pro to use smart cards, what must be done?
Enable the smart card service using rhe services snap-in in computer mgmnt.
What utility can you use to verify whether there are any unsigned drivers on the computer?
Run sigverif.exe from a run or command prompt.

Writed the result to a log file name segverif.txt in systemroot folder...
What is the max number of characters for a user name? Password?

What is the minimum password length recommended?
1) user name = 20 characters
2) PW = 128 max

3) PW should be at least 8 characters long.
Exam alert - If the security tab for a file/folder is not available, what is likely the issue?
Simple file sharing. This must be disabled for the security tab to be available and working.
What is simple file sharing, and how is it enabled/disabled?
SFS is a simplified way to share files. It is not available if on a domain. When using SFS, users only have one choice to make, share a folder or not. If shared, it is available to all network users, and the user cannot assign shared folder permissions.

It is enabled or disabled by clicking tools > folder options, and looking for "use simple file sharing"
Can you share files?
No, you can only share a folder, but NTFS permissions can be applied to folders and/or files.
What users can share a folder?
Admins, power users, and users assigned the "create permanent shared objects" user right can share folders.
What are some important things to know about shared folders?
1. Applies to folders only
2. Only applies to network users, not locally logged in users (ntfs permissions apply in that case)
3. Shared folders are the only way to secure resources on a FAT volume, as NTFS will not be available
4. the default shared permission is read, so everyone will automatically have access to that folder/files UNLESS NTFS permissions are also used.
How can you increase security on a shared folder.
Go to the permissions button, remove the everyone group and assign permissions only to the appropriate users and groups. Remember, by default the everyone group gets read permissions.
What can you do if you have different groups that you need to assign different share permissions to?
Share the folder multiple times, and give it a different share name, then grant the rights needed to each group.
Explain how to determine effective permissions for a file when using both share and NTFS permissions?
First find the effective NTFS permissions (remember these are cumaltive)
next, fine the effective share permissions.

the more restrictive of the two applies.
What permission must you have to compress a file or folder?
Write permission.
How do you redirect documents to another printer if the one you choose is not working?
Click add port, and in the port name box, enter the UNC path to the new printer.
Important - you can only redirect ALL documents not one. Also the new printer must use the same printer driver.
Who can take ownership of a printer?
Any user having the "manage printers" permission, including anyone with Admin or power users group rights.
How do you take ownership of a printer?
Go to properties, security, advanced, and on the owner tab, click your name.
What is the name of the sererator page that includes the name, date and time that the document was printed?
Sysprint.sep, and it is included with XP pro. It is found in the system32 directory.
Domain names (dns not windows domain) can be up to _____ characters long, and the total length of a FQDN cannot exceed ________ characters.
63

255
What is the root level domain name signified by?
A . (period)
What is a namespace?
At its simplests a namespace is a structure (usually database) is which all objects are named similarily but are still uniquely identified.
T or F

Adapters that have Windows Firewall or ICS enabled cannot be included in a network bridge?
True
What 6 things happen when you choose to repair a connection?
1) attempted to renew the lease (= to renew command)
2) flushes the ARP cache = to arp -d command
3) reloads the netbios name cache = to nbtstat -r command.
4) flushes DNS cache = to flushdns
5) registers the pc's DNS name = to ipconfig /registerdns
6) restarts IEEE 802.1x authentication.
What are the two types of wireless networks and the differences?
IBSS - Independent Basic service set aka Ad-Hoc network. Ad-Hoc do not use an Access point, and stations talk to one another directly.

Basic Service Set (BSS) AKA Infrastructure wireless network - Uses an AP, usually with router.

Ad-hoc is only used on very small networks generally.
Name 4 ways to increase security on a wireless network?
1) filter mac addresses
2) Disable SSID broadcasting
3 and 4 - use WEP or prefably WPA
What makes WPA stronger then WEP
WPA (Wi-Fi protect access) uses stronger data encryption using a tempopral key integrity check (tkip) and a stronger IV with keys that are not reused for longer periods of time. It also requires 802.1x authentication to ensure that only authrozed users or computers are allowed to connect. 802.1x authnentician is optional in wep.
What is the name and default storage location of the windows firewall log?
It is called pfirewall.log and is stored in the %systemroot% folder.
T or F

Security logging is enabled by default for Windows Firewall?
False
How do you enabled Firewall logging?
Open the Firewall, Click Advanced, in the security logging section, click settings, and place checks in one or both options.
What are the two options for Windows Firewall logging?
1) Log dropped packets

2) Log successful connections
How do you access the log file from within the Windows Firewall?
From Firewall - Click Advanced tab in the security logging section, click settings. Click Save as, find pfirewall.txt, right click, and open.
What are ICMP exceptions used for in the Windows Firewall?
By default, Windows blocks all ICMP requests (ping, tracert, pathping, etc) If you click advanced, and settings in the ICMP section, you can override these and allow ICMP requests.
T or F

Administrators and Power USers can enable/disable Windows Firewall?
False

Only Admins.
What has to take place with Windows Firewall in order to share files and printers?
You must enable the file and printer sharing exception.
IF you are running a service such as a web server, FTP server, etc., that network users connect to and they are unable, what is a possible cause?
You have not created the proper exceptions in the Windows Firewall.
T or F

Windows Firewall blocks Remote Assistance and Remote Desktop traffic by default.
True.

An exception must be created for each one.
What are the 5 security templates?
1. Setup security.inf
2. compatws.inf
3. securews.inf
4. hisecws.inf
5. rootsec.inf
What security template could you use to set security levels back to its default settings?
Use Setup Security.inf
When combining multiple group policies, what is the order of precedence?
Local, Site, Domain, Organizational Unit in that order.
What is RSoP?
Resultant set of policy tool. Shows you the policies applied to the object and the order in which they are applied.
Runs in either planning mode or logging mode. Logging for determining existing structire, planning lets you query the existing GPO's for all policy settings that you can apply.
What is GPresult.exe?
group policy result tool. Command line tool similar to RSoP. Shows the policies in effect on the pc.
Name the 5 types of events you can audit.
1. Accessing files or folders
2. logging on and off
3. shutting down a computer
4. starting a computer
5. changing user accounts and groups.
What are the two basic events you can track with audit policy?
Success or failure of events.
How would you audit a printer?
Audit "object access" and then go to security > advanced in printer properties. In the auditing tab, select the users/groups you want to track.
T/F

To audit a folder/file, the only thing you have to do is select the users in the auditing tab in advanced portion of the file?
False

Make sure to also audit "object access".
What groups do you have to belong to in order to monitor network resources?
Admins or power users.
T/F

You cannot monitor resources on remote pc's?
False. Use the Shared folders snap-in in MMC, and choose a remote pc.
What is the max number of connections to a shared folder?
10
T/F

You cannot use computer management to disconnect a single user from one file?
True

You can disconnect all users from a single file, or all files, but not individuals.
How could you share a folder on a remote computer?
Use the shared folder snap-in in MMC.
T/F

When a service is disabled, click restart service to manually start the service.
False

If a service is disabled via msconfig, you cannot start the service manually. For services you don't want to run, choose manual for service type.
name the possible actions to take when a service fails to start, and where is that action selected?
1) Take no action
2) restart the service
3) run a program
4) restart the computer

All of these are done by right clicking the service > properties > recovery tab.
What are the three XP logs?
Application log - programmer presets which events to record.

Security log - based on audited events

System log - XP errors warnings, etc. preset by MS.
Name the 5 types of events you will see in event viewer for system, application, or security logs?
1)error - red X - significant problem
2) warning - yellow ! - not currently detreimental to system, but could indicate future problem
3) information - Blue "i" - means a successful operation has occured
4) Audit Success - key icon - successful audit item
5) Audit failure- Lock
What are the 4 options for what happens when triggering an alert in performance monitor?
1) Log an entry in the application event log (default)
2) Send a network message to a user
3) Start a performance log
4) run a program
Name some of the major counters in system monitor, and what you should watch for in terms of high values.
1. % processor time. > 80%
2. % interrupt time. High time could indicate hardware issue
3. % DPC time - software interrupts
4. processor queue length. > 2 = problem
5. pages /sec > 20
6. available bytes. unallocated memory
7. paging file % usage and % usage peak
8. cache copy read hits % < 70% might need more memory
9. % free space (disk space
10. physical disk % disk time > 50% bad. might need faster disk
11. avg disk queue length - > 2 bad
T or F

Windows backup (ntbackup) backs up to hard drives, any network location, or optical media.
False

It will not back up directly to optical media, but you can copy to a hard drive, and then copy to optical media.

Deck Info

191

permalink