NT Server Study

Certification Galore > MCSE > NT Server
Microsoft NT Server MCP Self-Study Help

Did you just pass a test? Would you like to get paid to write about it? Click here to Find out more!

Exam Specs:
Test Title: Implementing and Supporting Microsoft® Windows NT® Server 4.0
Test Number: 70-67
Number of Questions: 55
Required Passing Score: 764/1000
Time Allotted to Take Exam: 90 minutes

Planning
Plan the disk drive configuration for various requirements. Requirements include:

Choosing a file system. Know the differences between FAT and NTFS Partitions. Which has better security, why.

Choosing a fault-tolerance method. Know what fault-tolerances NT supports. Which is the best, what are the differences between them.
Fault tolerances include:

	RAID 0 - Stripe Sets (No Fault Tolerance) fastest option.
	RAID 1 - Disk Mirroring (Good Fault Tolerance but slower and more expensive).
	RAID 5 - Stripe Sets With Parity (Good Fault Tolerance but must have minimum 3 hard drives and you lose the equivalent of one hard drive's space).

Choose a protocol for various situations. Protocols include:

	TCP/IP
	NWLink IPX/SPX Compatible Transport
	NetBEUI
	Determine which is the best protocol to use in different situations. Remember NetBEUI is not routable. Why would you want to use NWLink IPX/SPX on an NT server?

Installation and Configuration

Install Windows NT Server on Intel-based platforms.

Install Windows NT Server to perform various server roles. Server roles include:

	Primary domain controller.
	Backup domain controller. How do you upgrade a BDC to a PDC if the PDC goes out?
	Member server. How do you upgrade a member server to a BDC or PDC?

Install Windows NT Server by using various methods. Installation methods include:

	CD-ROM
	Over-the-network
	Network Client Administrator
	Express versus custom

Configure protocols and protocol bindings. Protocols include:

	TCP/IP (Routable and very compatible with other systems)
	NWLink IPX/SPX Compatible Transport Protocol (To connect to NetWare systems)
	NetBEUI (Very fast, easy to configure, but not routable)

Configure network adapters. Considerations include:

	Changing IRQ, IObase, and memory addresses
	Configuring multiple adapters

Configure Windows NT Server core services. Services include:

	Directory Replicator (Synchronizes directory structures across multiple servers)
	License Manager
	Other services

Configure peripherals and devices. Peripherals and devices include:

	Communication devices
	SCSI devices
	Tape device drivers
	UPS devices and UPS service
	Mouse drivers, display drivers, and keyboard drivers

Configure hard disks to meet various requirements. Requirements include:

	Allocating disk space capacity
	Providing redundancy
	Improving performance
	Providing security
	Formatting

Configure printers. Tasks include:

	Adding and configuring a printer
	Implementing a printer pool
	Setting print priorities

Configure a Windows NT Server computer for various types of client computers. Client computer types include:

	Windows NT Workstation
	Microsoft Windows® 95
	Microsoft MS-DOS®-based

Managing Resources

Manage user and group accounts. Considerations include:

Managing Windows NT user accounts: Two things need to be known to create a user account; the username and password. To duplicate an account, you need; username, password, and full name.

Managing Windows NT user rights: User rights depend on the type of security implemented. Share level security is usually implemented in workgroups where there is no server. Share level security is placed on resources and has the following default security levels:

No Access	User has no access to any files or resources. No Access overrides all other security levels
Read Access	User can execute program files, display attributes, and open files. User cannot modify, delete, or add anything.
Change Access	User can do everything that Read Access can do, plus user can add, create, modify, delete and change attributes of files.
Full Control Access	All attributes of Read Access and Change Access plus user can take ownership of files and folders. User can change file access rights. This security level is the default for the Everyone group.

User level security is placed by user. The easiest way to implement User level security is to create users, give no specific security rights, then assign users to groups. Place appropriate security rights on the groups.

Managing Windows NT groups:
Default groups are:

Group Name	Local / Global	Description
Account Operators	Local	Manages user and group accounts. Can reset passwords, add and remove users. Only found on Domain Controllers.
Administrators	Local	Full rights to the local server.
Backup Operators	Local	Manages backing up and resoration of the server (PDC, BDC or member server). Backup Operator can only run backup and restore functions from the local computer. Found on all NT servers.
Domain Admins	Global	Administrators for the entire domain.
Domain Guests	Global	Limited access to different areas of the domain.
Domain Users	Global	Should include every person that needs rights throughout the domain.
Guests	Local	Limited access to the local server.
Print Operators	Local	Administration of domain printers.
Replicators	Local	Performs file and directory replication. Found on all NT servers.
Server Operators	Local	Administration of local domain servers.
Users	Local	All users in the local domain.

Local groups are limited to the domain in which they were created, while Global groups can go from domain to domain in a multi-domain environment. The Microsoft model says: Users go into Global groups, Global groups go into Local groups.

Administering account policies: Using the System Policy Edtor. Place the default policy as: \WinNT\System32\Repl\Import\Scripts\ntconfig.pol. By default, this path is shared as Netlogon$. This will allow the policy to be sent to all BDC's during replication

Auditing changes to the user account database: Only a member of the Administrators group can enable auditing for User and Group management.

Create and manage policies and profiles for various situations. Policies and profiles include:

	Local user profiles
	Roaming user profiles
	System policies

Administer remote servers from various types of client computers. Client computer types include:

	Windows 95: Remote Administration Tools for Windows 95 include: User Manager for Domains, Server Manager, Event Viewer, and Explorer extensions which allow management of NTFS partitions. The tools are found on the NT server CD, under \CLIENTS\SRVTOOLS\WIN95.
	Windows NT Workstation: has DHCP Manager, System Policy Editor, Remote Access Admin, Remote Boot Manager, Server Manager, User Manager for Domains, WINS Manager and extensions for managing Macintosh. The tools are found on the NT server CD, under \CLIENTS\SRVTOOLS\WINNT. These tools can be loaded on member servers also.

Manage disk resources. Tasks include:

	Copying and moving files between file systems
	Creating and sharing resources: Creating a share is as easy as right-clicking a resource and choosing "Share As". Remember all subdirectories default to the same share access as the parent directory.
	Implementing permissions and security
	Establishing file auditing

Connectivity

Configure Windows NT Server for interoperability with NetWare servers by using various tools. Tools include:

Gateway Service for NetWare: Gateway Service for Netware provides a MS client system to access a Netware server by using the NT Server as a gateway. You need a group on the Netware server called NTGATEWAY. Add user accounts to the NTGATEWAY group of all the NT accounts you need to access the Netware server.

Migration Tool for NetWare: All user accounts and groups are migrated to the NT domain by default. Passwords are not migrated. You have the option to set the new user passwords in the domain, though. You can choose: No Password, Password is Username, Password is (a single password for all accounts), and User Must Change Password.
The migration tool can be configured for several options if duplicate user names or group names are found. They are: Log Error (adds to the file ERROR.LOG), Ignore (leaves the user name or group name already on the NT domain), Overwrite, or Add Prefix (makes the user name or group name different from the one already on the Domain).

Install and configure Remote Access Service (RAS). Configuration options include:

	Configuring RAS communications: RAS uses NetBEUI as the default network protocol. You can also use TCP/IP and IPX/SPX, however. TCP/IP will need to be used if you are using programs that utilize the Windows Sockets (Winsock) interface over the RAS services.
	Configuring RAS protocols: RAS is capable of using the following connection protocols: SLIP - Has less overhead than PPP, but cannot automatically assign an IP address, and only uses TCP/IP. PPP - Can automatically assign IP addresses, supports encryption and other protocols besides TCP/IP. RAS - Used by Windows 3.x and Windows NT 3.x clients.
	Configuring RAS security settings:

Allow any authentication including clear text	This will allow RAS to use a number of password authentication protocols including Password Authentication Protocol (PAP) which uses a plain-text password authentication. This option is useful if you support third-party RAS clients.
Require encrypted authentication	Supports any authentication used by RAS except PAP.
Require Microsoft encrypted authentication	Only makes use of Microsoft's CHAP (Challenge Handshake Authentication Protocol). All Microsoft operating systems use MS-CHAP by default.
Require data encryption	Enables the encryption of all data sent to and from the RAS server.

Configuring Dial-Up Networking clients

Monitoring and Optimization

Monitor performance of various functions by using Performance Monitor. Functions include:

	Processor: Use %Processor time. The amount of time the processor is in use. Short peaks of 100% are okay, but a steady reading of 80% or over could prompt you to upgrade the processor.
	Memory: Use Pages/sec. The amount of virtual memory available. If it's less than 4MB, add RAM. Available bytes. The amount of virtual memory available. If it's less than 4MB, add RAM.
	Disk: Use %Disk Time Counter. The amount of time the hard disk is in use. A steady reading of 90% could mean time to upgrade the disk or controller, or add a disk or controller. *Must run DISKPERF -Y to enable disk performance counters.
	Network

Identify performance bottlenecks.

Use Performance Monitor to establish a baseline, then log performance during peak usage over a period of time. For instance, let's say work starts at 8:30. Log performance from 8:30 to 8:40 every two or three days for several weeks. Find other peak usage times, and log them too. Careful, though, the log grows large quickly.

Troubleshooting

Choose the appropriate course of action to take to resolve installation failures.

Setup switches:

/B	Boot files installed to hard drive instead of floppy disks. Takes 4-5MB.
/C	Doesn't check for free space when creating boot disks.
/F	Don't verify files on boot disks. Speeds up installation, but loses reliability. Only used with WINNT.
/I	Tells setup to use a specific setup file (default is DOSNET.INF). You can create your own.
/O	Only creates a set of boot floppies. Only used with WINNT.
/OX	When installing from CD-ROM or network connection and you want to build a set of boot floppies.
/S	Specifies source file location. Must be used when installing from any drive other than current default drive. Multiple locations can speed up installation.
/T	Specifies the location of the temp directory.

Choose the appropriate course of action to take to resolve boot failures.

You can create an Emergency Repair disk (if you didn't during setup) by running RDISK.EXE. Use the /S option to back up user accounts and file security.
You must boot using the NT installation disks to use the Emergency Repair disk.
Emergency Repair can inspect the Registry files and restore them to the set on the ERD (important to keep the ERD up to date), inspect the startup environment, verify system files and inspect the boot sector.

Manually create a boot disk by formatting a diskette from the NT system (NOT DOS or Win95) and adding the files BOOT.INI, NTBOOTDD.SYS (for SCSI devices), NTDETECT.COM and NTLDR.

Using VGA startup tells NT to add the /SOS switch to the BOOT.INI file. This will display driver names while they are being loaded. You can do this yourself by adding /SOS as the last line in the [Operating Systems] section of BOOT.INI.

Choose the appropriate course of action to take to resolve configuration errors.

Choose the appropriate course of action to take to resolve printer problems.

Choose the appropriate course of action to take to resolve RAS problems.

Choose the appropriate course of action to take to resolve connectivity problems.

Choose the appropriate course of action to take to resolve resource access problems and permission problems.

Choose the appropriate course of action to take to resolve fault-tolerance failures. Fault-tolerance methods include:

Tape backup: (Assuming hard disk failure) Install new hard disk, install NT (if the disk had a boot or system partition on it), and restore from tape.

Mirroring: Install new hard disk and run Disk Administrator to break the mirror set (from the Fault Tolerance menu) then re-establish the mirror.

Stripe set with parity: Install new hard disk and run Disk Administrator. Choose the Regenerate option. This assumes ONE hard disk went bad. You may have to restore off tape if more than one went bad.

Disk duplexing: Edit BOOT.INI and, in the [boot loader] section, point the "default=" line to the ARC (Advanced Risc Computing) name of the duplexed. drive.
The line will look like: default=multi(x)<OR>scsi(x)disk(x)rdisk(x)partition(x)\WINNT\
ARC naming conventions are:

multi(x)	Either a SCIS controller with the BIOS enabled, or non-SCSI controller. x= number of controller. The first controller will have the number 0 (numbered ordinally).
scsi(x)	SCSI controller with the BIOS disabled. x= number of controller. The first controller will have the number 0 (numbered ordinally).
disk(x)	The SCSI disk the OS resides on. disk(x) is ignored (it's defaulted to 0) when the line begins with multi. disk(x) will be the number (starting at 0) of the hard disk when the line begins with scsi..
rdisk(x)	The (non SCSI) disk the OS resides on. rdisk(x) is ignored (it's defaulted to 0) when the line begins with scsi. rdisk(x) will be the number (starting at 0) of the hard disk when the line begins with multi..
partition(x)	The partition number the OS resides on. x=cardinal number of partition (starting at 1).

Contributions:

RCRXXXXX@aol.com
Brian Unkenholz
Passed the MCP test in November!!!! I used Transcender Exams it seemed that it helped me with the way Microsoft asked you the questions, I also used the brain Dumps only for the questions (not the answers)...... remember that. I also bought some test study books by New Riders called Test Prep for MCSE.

jimsimpsoncpa@uswest.net
Jim Simpson
I just passed the NT Server exam (067). The exam stressed:
- NW connectivity using GSNW and the difference between CSNW & GSNW. No questions on other OSs.
- Several questions on PDCs and BDCs, especially promotion.
- Know fault tolerance schemes.
- Account restrictions among folders and shares.
- Default groups, especially backup operators.
- RAS connectivity, protocols, and troubleshooting.
- SNMP, Performance Monitor, and Network Monitor.
Hope this helps to focus your studies,
Jim

I hope this helped you some on getting your certification. Good Luck!!!!!