Certification Galore > MCSE > NT Server
Microsoft NT Server MCP Self-Study Help

Study Help
NT Server
NT Server Enterprise
Self-Study Books

Preparation Guide
NT Server
NT Server Enterprise

Microsoft Seminars
Links & Practice Tests

Contributors Wanted!

Main NT Page
Main MCSE Page

Back to Certification Galore

Other Web Pages:
Windows 98 Tips & Tricks
Troubleshooting Microsoft Windows

What you need to know | Contributions

Did you just pass a test? Would you like to get paid to write about it? Click here to Find out more!

What you need to know:

Exam Specs:
Test Title: Implementing and Supporting Microsoft� Windows NT� Server 4.0
Test Number: 70-67
Number of Questions: 55
Required Passing Score: 764/1000
Time Allotted to Take Exam: 90 minutes

Plan the disk drive configuration for various requirements. Requirements include:

bulletChoosing a file system. Know the differences between FAT and NTFS Partitions. Which has better security, why.
bulletChoosing a fault-tolerance method. Know what fault-tolerances NT supports. Which is the best, what are the differences between them.
Fault tolerances include:
bulletRAID 0 - Stripe Sets (No Fault Tolerance) fastest option.
bulletRAID 1 - Disk Mirroring (Good Fault Tolerance but slower and more expensive).
bulletRAID 5 - Stripe Sets With Parity (Good Fault Tolerance but must have minimum 3 hard drives and you lose the equivalent of one hard drive's space).

Choose a protocol for various situations. Protocols include:

bulletNWLink IPX/SPX Compatible Transport
bulletDetermine which is the best protocol to use in different situations. Remember NetBEUI is not routable. Why would you want to use NWLink IPX/SPX on an NT server?

Installation and Configuration

Install Windows NT Server on Intel-based platforms.

Install Windows NT Server to perform various server roles. Server roles include:

bulletPrimary domain controller.
bulletBackup domain controller. How do you upgrade a BDC to a PDC if the PDC goes out?
bulletMember server. How do you upgrade a member server to a BDC or PDC?

Install Windows NT Server by using various methods. Installation methods include:

bulletNetwork Client Administrator
bulletExpress versus custom

Configure protocols and protocol bindings. Protocols include:

bulletTCP/IP (Routable and very compatible with other systems)
bulletNWLink IPX/SPX Compatible Transport Protocol (To connect to NetWare systems)
bulletNetBEUI (Very fast, easy to configure, but not routable)

Configure network adapters. Considerations include:

bulletChanging IRQ, IObase, and memory addresses
bulletConfiguring multiple adapters

Configure Windows NT Server core services. Services include:

bulletDirectory Replicator (Synchronizes directory structures across multiple servers)
bulletLicense Manager
bulletOther services

Configure peripherals and devices. Peripherals and devices include:

bulletCommunication devices
bulletSCSI devices
bulletTape device drivers
bulletUPS devices and UPS service
bulletMouse drivers, display drivers, and keyboard drivers

Configure hard disks to meet various requirements. Requirements include:

bulletAllocating disk space capacity
bulletProviding redundancy
bulletImproving performance
bulletProviding security

Configure printers. Tasks include:

bulletAdding and configuring a printer
bulletImplementing a printer pool
bulletSetting print priorities

Configure a Windows NT Server computer for various types of client computers. Client computer types include:

bulletWindows NT Workstation
bulletMicrosoft Windows� 95
bulletMicrosoft MS-DOS�-based

Managing Resources

Manage user and group accounts. Considerations include:

bulletManaging Windows NT user accounts: Two things need to be known to create a user account; the username and password. To duplicate an account, you need; username, password, and full name.
bulletManaging Windows NT user rights: User rights depend on the type of security implemented. Share level security is usually implemented in workgroups where there is no server. Share level security is placed on resources and has the following default security levels:
No Access User has no access to any files or resources. No Access overrides all other security levels
Read Access User can execute program files, display attributes, and open files. User cannot modify, delete, or add anything.
Change Access User can do everything that Read Access can do, plus user can add, create, modify, delete and change attributes of  files.
Full Control Access All attributes of Read Access and Change Access plus user can take ownership of files and folders. User can change file access rights.
This security level is the default for the Everyone group.

User level security is placed by user. The easiest way to implement User level security is to create users, give no specific security rights, then assign users to groups. Place appropriate security rights on the groups.

bulletManaging Windows NT groups
Default groups are:
Group Name

Local / Global

Account Operators Local Manages user and group accounts. Can reset passwords, add and remove users. Only found on Domain Controllers.
Administrators Local Full rights to the local server.
Backup Operators Local Manages backing up and resoration of the server (PDC,  BDC or member server). Backup Operator can only run backup and restore functions from the local computer. Found on all NT servers.
Domain Admins Global Administrators for the entire domain.
Domain Guests Global Limited access to different areas of the domain.
Domain Users Global Should include every person that needs rights throughout the domain.
Guests Local Limited access to the local server.
Print Operators Local Administration of domain printers.
Replicators Local Performs file and directory replication. Found on all NT servers.
Server Operators Local Administration of local domain servers.
Users Local All users in the local domain.

Local groups are limited to the domain in which they were created, while Global groups can go from domain to domain in a multi-domain environment. The Microsoft model says: Users go into Global  groups, Global groups go into Local groups.

bulletAdministering account policies: Using the System Policy Edtor. Place the default policy as: \WinNT\System32\Repl\Import\Scripts\ntconfig.pol. By default, this path is shared as Netlogon$. This will allow the policy to be sent to all BDC's during replication
bulletAuditing changes to the user account database: Only a member of the Administrators group can enable auditing for User and Group management.

Create and manage policies and profiles for various situations. Policies and profiles include:

bulletLocal user profiles
bulletRoaming user profiles
bulletSystem policies

Administer remote servers from various types of client computers. Client computer types include:

bulletWindows 95: Remote Administration Tools for Windows 95 include: User Manager for Domains, Server Manager, Event Viewer, and Explorer extensions which allow management of NTFS partitions. The tools are found on the NT server CD, under \CLIENTS\SRVTOOLS\WIN95.
bulletWindows NT Workstation:  has DHCP Manager, System Policy Editor, Remote Access Admin, Remote Boot Manager, Server Manager, User Manager for Domains, WINS Manager and extensions for managing Macintosh. The tools are found on the NT server CD, under \CLIENTS\SRVTOOLS\WINNT. These tools can be loaded on member servers also.

Manage disk resources. Tasks include:

bulletCopying and moving files between file systems
bulletCreating and sharing resources: Creating a share is as easy as right-clicking a resource and choosing "Share As". Remember all subdirectories default to the same share access as the parent directory.
bulletImplementing permissions and security
bulletEstablishing file auditing


Configure Windows NT Server for interoperability with NetWare servers by using various tools. Tools include:

bulletGateway Service for NetWare: Gateway Service for Netware provides a MS client system to access a Netware server by using the NT Server as a gateway. You need a group on the Netware server called NTGATEWAY. Add user accounts to the NTGATEWAY group of all the NT accounts you need to access the Netware server.
bulletMigration Tool for NetWare: All user accounts and groups are migrated to the NT domain by default. Passwords are not migrated. You have the option to set the new user passwords in the domain, though. You can choose: No Password, Password is Username, Password is (a single password for all accounts), and User Must Change Password.
The migration tool can be configured for several options if duplicate user names or group names are found. They are: Log Error (adds to the file ERROR.LOG), Ignore (leaves the user name or group name already on the NT domain), Overwrite, or Add Prefix (makes the user name or group name different from the one already on the Domain).

Install and configure Remote Access Service (RAS). Configuration options include:

bulletConfiguring RAS communications: RAS uses NetBEUI as the default network protocol. You can also use TCP/IP and IPX/SPX, however. TCP/IP will need to be used if you are using programs that utilize the Windows Sockets (Winsock) interface over the RAS services.
bulletConfiguring RAS protocols: RAS is capable of using the following connection protocols:
SLIP - Has less overhead than PPP, but cannot automatically assign an IP address, and only uses TCP/IP.
PPP - Can automatically assign IP addresses, supports encryption and other protocols besides TCP/IP.
RAS - Used by Windows 3.x and Windows NT 3.x clients.
bulletConfiguring RAS security settings:
Allow any authentication including clear text This will allow RAS to use a number of password authentication protocols including Password Authentication Protocol (PAP) which uses a plain-text password authentication. This option is useful if you support third-party RAS clients.
Require encrypted authentication Supports any authentication used by RAS except PAP.
Require Microsoft encrypted authentication Only makes use of Microsoft's CHAP (Challenge Handshake Authentication Protocol). All Microsoft operating systems use MS-CHAP by default.
Require data encryption Enables the encryption of all data sent to and from the RAS server.

Configuring Dial-Up Networking clients

Monitoring and Optimization

Monitor performance of various functions by using Performance Monitor. Functions include:

bulletProcessor: Use %Processor time. The amount of time the processor is in use. Short peaks of 100% are okay, but a steady reading of 80% or over could prompt you to upgrade the processor.
bulletMemory: Use Pages/sec. The amount of virtual memory available. If it's less than 4MB, add RAM.
                     Available bytes. The amount of virtual memory available. If it's less than 4MB, add RAM.
bulletDisk: Use %Disk Time Counter. The amount of time the hard disk is in use. A steady reading of 90% could mean time to upgrade the disk or controller, or add a disk or controller.
*Must run DISKPERF -Y to enable disk performance counters.

Identify performance bottlenecks.

Use Performance Monitor to establish a baseline, then log performance during peak usage over a period of time. For instance, let's say work starts at 8:30. Log performance from 8:30 to 8:40 every two or three days for several weeks. Find other peak usage times, and log them too. Careful, though, the log grows large quickly.


Choose the appropriate course of action to take to resolve installation failures.

Setup switches:

/B Boot files installed to hard drive instead of floppy disks. Takes 4-5MB.
/C Doesn't check for free space when creating boot disks.
/F Don't verify files on boot disks. Speeds up installation, but loses reliability. Only used with WINNT.
/I Tells setup to use a specific setup file (default is DOSNET.INF). You can create your own.
/O Only creates a set of boot floppies. Only used with WINNT.
/OX When installing from CD-ROM or network connection and you want to build a set of boot floppies.
/S Specifies source file location. Must be used when installing from any drive other than current default drive. Multiple locations can speed up installation.
/T Specifies the location of the temp directory.

Choose the appropriate course of action to take to resolve boot failures.

You can create an Emergency Repair disk (if you didn't during setup) by running RDISK.EXE. Use the /S option to back up user accounts and file security.
You must boot using the NT installation disks to use the Emergency Repair disk.
Emergency Repair can inspect the Registry files and restore them to the set on the ERD (important to keep the ERD up to date), inspect the startup environment, verify system files and inspect the boot sector.

Manually create a boot disk by formatting a diskette from the NT system (NOT DOS or Win95) and adding the files BOOT.INI, NTBOOTDD.SYS (for SCSI devices), NTDETECT.COM and NTLDR.

Using VGA startup tells NT to add the /SOS switch to the BOOT.INI file. This will display driver names while they are being loaded. You can do this yourself by adding /SOS as the last line in the [Operating Systems] section of BOOT.INI.

Choose the appropriate course of action to take to resolve configuration errors.

Choose the appropriate course of action to take to resolve printer problems.

Choose the appropriate course of action to take to resolve RAS problems.

Choose the appropriate course of action to take to resolve connectivity problems.

Choose the appropriate course of action to take to resolve resource access problems and permission problems.

Choose the appropriate course of action to take to resolve fault-tolerance failures. Fault-tolerance methods include:

bulletTape backup: (Assuming hard disk failure) Install new hard disk, install NT (if the disk had a boot or system partition on it), and restore from tape.
bulletMirroring: Install new hard disk and run Disk Administrator to break the mirror set (from the Fault Tolerance menu) then re-establish the mirror.
bulletStripe set with parity: Install new hard disk and run Disk Administrator. Choose the Regenerate option. This assumes ONE hard disk went bad. You may have to restore off tape if more than one went bad.
bulletDisk duplexing: Edit BOOT.INI and, in the [boot loader] section, point the "default=" line to the ARC (Advanced Risc Computing) name of the duplexed. drive.
The line will look like: default=multi(x)<OR>scsi(x)disk(x)rdisk(x)partition(x)\WINNT\
ARC naming conventions are:
multi(x) Either a SCIS controller with the BIOS enabled, or non-SCSI controller.
x= number of controller. The first controller will have the number 0 (numbered ordinally).
scsi(x) SCSI controller with the BIOS disabled.
x= number of controller. The first controller will have the number 0 (numbered ordinally).
disk(x) The SCSI disk the OS resides on.
disk(x) is ignored (it's defaulted to 0) when the line begins with multi. disk(x) will be the number (starting at 0) of the hard disk when the line begins with scsi..
rdisk(x) The (non SCSI) disk the OS resides on.
rdisk(x) is ignored (it's defaulted to 0) when the line begins with scsi. rdisk(x) will be the number (starting at 0) of the hard disk when the line begins with multi..
partition(x) The partition number the OS resides on.
x=cardinal number of partition (starting at 1).


Brian Unkenholz
Passed the MCP test in November!!!! I used Transcender Exams it seemed that it helped me with the way Microsoft asked you the questions, I also used the brain Dumps only for the questions (not the answers)...... remember that. I also bought some test study books by New Riders called Test Prep for MCSE.

Jim Simpson
I just passed the NT Server exam (067). The exam stressed:
- NW connectivity using GSNW and the difference between CSNW & GSNW. No questions on other OSs.
- Several questions on PDCs and BDCs, especially promotion.
- Know fault tolerance schemes.
- Account restrictions among folders and shares.
- Default groups, especially backup operators.
- RAS connectivity, protocols, and troubleshooting.
- SNMP, Performance Monitor, and Network Monitor.
Hope this helps to focus your studies,

I hope this helped you some on getting your certification. Good Luck!!!!!

Copyright � 1998-2000 Intra-Designs except where noted. All rights reserved.