NT Server Enterprise MCP Self-Study Help
Certification
Galore
NT Server Enterprise MCP Self-Study Help
Study Help NT Server NT Server Enterprise Self-Study Books Preparation Guide Microsoft
Seminars Main NT Page Other Web Pages: |
What you need to know | Contributions
Did you just pass a test? Would you like to get paid to write about it? Click here to Find out more!Exam Specs:
Test Title: Implementing and Supporting Microsoft®
Windows NT® Server 4.0 in the Enterprise
Test Number: 70-68
Number of Questions: 51
Required Passing Score: 784/1000
Time Allotted to Take Exam: 90 minutes
Planning
Know the Microsoft model! There is a difference between what you may do in the real world and how the model works. For instance, in the Microsoft model, all users go into global groups, then global groups go into local groups.
Plan the implementation of a directory services architecture. Considerations include:
 | Select the appropriate domain model. Know all four domain
models (listed below), and which ones work best in what circumstances. Trust relationships
are BIG on this test. Domain Models:
|
To understand Trusts, think of this: I (Domain A) trust you (Domain B). That means you know my secrets (Domain B has access to Domain A accounts and resources). A two way Trust just means that we trust each other.
| Supporting a single logon account. One user, one login. |
| Allowing users to access resources in different domains |
Plan the disk drive configuration for various requirements. Requirements include choosing a fault-tolerance method. Choose a protocol for various situations.
Fault tolerances include:
| RAID 0 - Stripe Sets (No Fault Tolerance) fastest option. |
| RAID 1 - Disk Mirroring (Good Fault Tolerance but slower and more expensive). |
| RAID 5 - Stripe Sets With Parity (Good Fault Tolerance but must have minimum 3 hard drives and you lose the equivalent of one hard drive's space). |
Protocols include:
| TCP/IP |
| TCP/IP with DHCP and WINS |
| NWLink IPX/SPX Compatible Transport Protocol |
| Data Link Control (DLC) |
| AppleTalk |
Installation and Configuration
Install Windows NT Server to perform various server roles. Server roles include:
| Primary domain controller (PDC): There is only one PDC per domain. The PDC creates and keeps the Service Account Manager (SAM). It sends copies of the SAM to BDC's, and for updates to the SAM. If a PDC goes down, a BDC will handle login validation until the PDC comes back up.. |
| Backup domain controller (BDC): There can be multiple BDC's in a domain. BDC's keep a copy of the SAM, and give the PDC updates. A BDC can be upgraded to a PDC by promoting it in the Server Manager. A BDC will not automatically promote itself. |
| Member server: Member servers usually hold resources like programs and printer queues. Member servers cannot do domain login validation, and cannot be promoted to BDC's or PDC's without reinstalling NT. |
Configure protocols and protocol bindings. Protocols include:
| NetBEUI (Very fast, easy to configure, but not routable) |
| TCP/IP (Routable and very compatible with other systems) |
| TCP/IP with DHCP and WINS (Great for Internet/Intranet access, and makes admin. easier) |
| NWLink IPX/SPX Compatible Transport Protocol (To connect to NetWare systems) |
| DLC (For (old)JetDirect printers, and SNA servers) |
| AppleTalk (To connect to Apple servers and workstations) |
Configure Windows NT Server core services. Services include:
| Directory Replicator (Synchronizes directory structures across multiple servers) |
| Computer Browser (Maintains a list of all computers located on the physical network) |
Configure hard disks to meet various requirements. Requirements include:
| Providing redundancy (Fault tolerance) |
| Improving performance (Study Performance Monitor, learn best places to put boot and system partitions and the best spot (or spots, if configured across hard drives) for the cache) |
| Configure printers. Careful on this one! Know the Microsoft names. Tasks include: |
 | Adding and configuring a printer (Where do drivers go? Study about drivers for different Operating Systems, like NT 3.51 vs. NT 4.0) |
| Implementing a printer pool (Multiple printers using only one queue. How does this work?) |
| Setting print priorities (Setting groups or individuals for higher priority, setting certain printers for higher priority) |
Configure a Windows NT Server computer for various types of client computers. Client computer types include:
| Windows NT Workstation: NT Workstations need a computer account and user account on the server. |
| Windows® 95: Only needs a user account, no computer account needed. |
| Macintosh®: Services for Macintosh must be installed before any Macintosh clients can be configured. |
Managing Resources
Manage user and group accounts. Considerations include:
| Managing Windows NT user accounts: Two things need to be known to create a user account; the username and password. To duplicate an account, you need; username, password, and full name. |
| Managing Windows NT user rights: User rights
depend on the type of security implemented. Share level security is usually implemented in
workgroups where there is no server. Share level security is placed on resources and has
the following default security levels:
User level security is placed by user. The easiest way to implement User level security is to create users, give no specific security rights, then assign users to groups. Place appropriate security rights on the groups. |
| Managing Windows NT groups: Default groups are:
Local groups are limited to the domain in which they were created, while Global groups can go from domain to domain in a multi-domain environment. The Microsoft model says: Users go into Global groups, Global groups go into Local groups. | ||||||||||||||||||||||||||||||||||||
| Administering account policies: Using the System Policy Edtor. Place the default policy as: \WinNT\System32\Repl\Import\Scripts\ntconfig.pol. By default, this path is shared as Netlogon$. This will allow the policy to be sent to all BDC's during replication | ||||||||||||||||||||||||||||||||||||
| Auditing changes to the user account database: Only a member of the Administrators group can enable auditing for User and Group management. |
Create and manage policies and profiles for various situations. Policies and profiles include:
| Local user profiles: Are stored on the local machine. They do not follow the user if they move to different machines |
| Roaming user profiles: Are stored on the Server. The user gets the same profile every time they login to the domain. Roaming profiles can be put into a shared "profiles" directory, or the users home directory. You can change the profiles to Read Only by renaming the file NTUSER.DAT to NTUSER.MAN. |
| System policies: Allow you to add restrictions to users. You can lock down profiles, restrict modifications to users desktops, restrict hardware changes, and apply these restrictions to specific users or groups. |
Administer remote servers from various types of client computers. Client computer types include:
| Windows 95: Remote Administration Tools for Windows 95 include: User Manager for Domains, Server Manager, Event Viewer, and Explorer extensions which allow management of NTFS partitions. The tools are found on the NT server CD, under \CLIENTS\SRVTOOLS\WIN95. |
| Windows NT Workstation: has DHCP Manager, System Policy Editor, Remote Access Admin, Remote Boot Manager, Server Manager, User Manager for Domains, WINS Manager and extensions for managing Macintosh. The tools are found on the NT server CD, under \CLIENTS\SRVTOOLS\WINNT. These tools can be loaded on member servers also. |
Manage disk resources. Tasks include:
| Creating and sharing resources: Creating a share is as easy as right-clicking a resource and choosing "Share As". Remember all subdirectories default to the same share access as the parent directory. |
| Implementing permissions and security: |
| Establishing file auditing |
Connectivity
Configure Windows NT Server for interoperability with NetWare servers by using various tools. Tools include:
| Gateway Service for NetWare: Gateway Service for Netware provides a MS client system to access a Netware server by using the NT Server as a gateway. You need a group on the Netware server called NTGATEWAY. Add user accounts to the NTGATEWAY group of all the NT accounts you need to access the Netware server. |
| Migration Tool for NetWare: All user accounts and
groups are migrated to the NT domain by default. Passwords are not migrated. You have
option to set the new user passwords in the domain, though. You can choose: No Password,
Password is Username, Password is (a single password for all accounts), and User Must
Change Password. The migration tool can be configured for several options if duplicate user names or group names are found. They are: Log Error (adds to the file ERROR.LOG), Ignore (leaves the user name or group name already on the NT domain), Overwrite, or Add Prefix (makes the user name or group name different from the one already on the Domain). |
Install and configure multiprotocol routing to serve various functions. Functions include:
| Internet router: Can be installed by doing nothing more than having two nic cards in the server. Once that's done, just enable IP routing in the TCP/IP protocol configuration. It will not exchange RIP (Routing Information Protocol) routing packets unless RIP routing software is installed. |
| BOOTP/DHCP Relay Agent: Configured in TCP/IP properties. |
| IPX router: IPX Router is enabled throught NT Services (Control Panel, Networks, Services). After it's enabled, it can IPX packets. |
Install and configure Internet Information Server.
You can install IIS during the initial installation of NT or any time after. During installation, you are asked where you want default files for web pages, FTP sites, and Gopher sites. You can also define which ODBC drivers you want. After installation, there are a host of items you can (or may have to) configure.
Install and configure Internet services. Services include:
| World Wide Web: From the Internet Service Manager, you can install and configure WWW services. Choose an anonymous login, TCP Port , connection timeout, maximum connections, and logging from there. |
| DNS: Is used to resolve a Domain host name to an IP address |
| Intranet: Use IIS to set up an Intranet |
Install and configure Remote Access Service (RAS). Configuration options include:
| Configuring RAS communications: RAS uses NetBEUI as the default network protocol. You can also use TCP/IP and IPX/SPX, however. TCP/IP will need to be used if you are using programs that utilize the Windows Sockets (Winsock) interface over the RAS services. | ||||||||
| Configuring RAS protocols: RAS is capable of
using the following connection protocols: SLIP - Has less overhead than PPP, but cannot automatically assign an IP address, and only uses TCP/IP. PPP - Can automatically assign IP addresses, supports encryption and other protocols besides TCP/IP. RAS - Used by Windows 3.x and Windows NT 3.x clients. | ||||||||
| Configuring RAS security settings:
|
Monitoring and Optimization
Establish a baseline for measuring system performance. Tasks include creating a database of measurement data.
Use Performance Monitor to establish a baseline. At minimum, you should log:
| Pages/sec | Tracks excessive paging. Should not be over 20. To lover: Add RAM |
| Available bytes | The amount of virtual memory available. If it's less than 4MB, add RAM |
| Commited bytes | The amount of memory in use by applications. |
| %Processor time | The amount of time the processor is in use. Short peaks of 100% are okay, but a steady reading of 80% or over could prompt you to upgrade the processor. |
| %Disk Time Counter | The amount of time the hard disk is in use. A steady
reading of 90% could mean time to upgrade the disk or controller, or add a disk or
controller. *Must run DISKPERF -Y to enable disk performance counters |
Monitor performance of various functions by using Performance Monitor. Functions include:
| Processor |
| Memory |
| Disk |
| Network |
Monitor network traffic by using Network Monitor. Tasks include:
| Collecting data |
| Presenting data |
| Filtering data |
Identify performance bottlenecks.
Use Performance Monitor to establish a baseline, then log performance during peak usage over a period of time. For instance, let's say work starts at 8:30. Log performance from 8:30 to 8:40 every two or three days for several weeks. Find other peak usage times, and log them too. Careful, though, the log grows large quickly.
Optimize performance for various results. Results include:
| Controlling network traffic | ||||||||
| Controlling server load The server properties menu allows you to allocate memory dependant on the optimization you want. Options are:
|
Troubleshooting
Choose the appropriate course of action to take to resolve installation failures.
Setup switches:
| /B | Boot files installed to hard drive instead of floppy disks. Takes 4-5MB. |
| /C | Doesn't check for free space when creating boot disks. |
| /F | Don't verify files on boot disks. Speeds up installation, but loses reliability. Only used with WINNT. |
| /I | Tells setup to use a specific setup file (default is DOSNET.INF). You can create your own. |
| /O | Only creates a set of boot floppies. Only used with WINNT. |
| /OX | When installing from CD-ROM or network connection and you want to build a set of boot floppies. |
| /S | Specifies source file location. Must be used when installing from any drive other than current default drive. Multiple locations can speed up installation. |
| /T | Specifies the location of the temp directory. |
Choose the appropriate course of action to take to resolve boot failures.
You can create an Emergency Repair disk (if you didn't
during setup) by running RDISK.EXE. Use the /S option to back up user accounts and file
security.
You must boot using the NT installation disks to use the Emergency Repair disk.
Emergency Repair can inspect the Registry files and restore them to the set on the ERD
(important to keep the ERD up to date), inspect the startup environment, verify system
files and inspect the boot sector.
Manually create a boot disk by formatting a diskette from the NT system (NOT DOS or Win95) and adding the files BOOT.INI, NTBOOTDD.SYS (for SCSI devices), NTDETECT.COM and NTLDR.
Using VGA startup tells NT to add the /SOS switch to the BOOT.INI file. This will display driver names while they are being loaded. You can do this yourself by adding /SOS as the last line in the [Operating Systems] section of BOOT.INI.
Choose the appropriate course of action to take to resolve configuration errors. Tasks include:
| Backing up and restoring the registry (Use the ERD) |
| Editing the registry |
Choose the appropriate course of action to take to resolve printer problems.
"Print Device" is the physical printer.
"Printer" is the icon in Control Panel.
"Print Pool" is a setup of two or more identical printers. The print server can
be set to print to the first available print device.
"Availability" sets the time frame the printer will accept print jobs.
"Priority" specifies which virtual printer should print to the print device
first. The range is from 1 (lowest) to 99 (highest).
Stop and restart spooler service to activate a stalled printer.
You need the IP address and printer name to print to a TCP/IP printer.
DLC needs to be installed to print to (older) HP print servers.
AppleTalk needs to be installed to print to Apple printers.
Each operating system needs it's own print drivers. Different drivers are needed by Win95, Win3.X, NT 3.5X, and NT 4. These drivers can be automatically downloaded by installing them on the print server (except Win 3.X. These have to be installed manually). Win95 will initially automatically download the drivers, but will not check for updated drivers. NT 3 and 4 workstations will automatically download any updated drivers that are on the server.
Choose the appropriate course of action to take to resolve RAS problems.
Choose the appropriate course of action to take to resolve connectivity problems.
Choose the appropriate course of action to take to resolve resource access and permission problems.
Choose the appropriate course of action to take to resolve fault-tolerance failures. Fault-tolerance methods include:
| Tape backup: (Assuming hard disk failure) Install new hard disk, install NT (if the disk had a boot or system partition on it), and restore from tape. |
| Mirroring: Install new hard disk and run Disk Administrator to break the mirror set (from the Fault Tolerance menu) then re-establish the mirror. |
| Stripe set with parity: Install new hard disk and run Disk Administrator. Choose the Regenerate option. This assumes ONE hard disk went bad. You may have to restore off tape if more than one went bad. |
Perform advanced problem resolution. Tasks include:
| Diagnosing and interpreting a blue screen: Use VGA Mode at startup, choose Last Known Good Configuration or the ERD. |
| Configuring a memory dump: Available from the
Startup/Shutdown tab of the System applet. The options are: Write the error even to the
System log, send an Administrative alert, write a dump file, automatically reboot. Memory dump files are written to {winroot}/Memory.dmp. Use DUMPEXAM.EXE to view the file (for non-testing purposes, this file contains mostly hex code and error messages that even most MS technicians are confused over). |
| Using the Event Log service: Event logs are created automatically. Use Event Viewer (Start, Programs, Admistrative Tools) to view Event logs. |
Email Address:
Real Name: Justin West
Comments: Passed #70-068 the other day. The Exam Cram
books are excellent! I used it to refresh me right before the test, big help!
I like the way you laid this out, just like the MS model. Makes it easy to find
information.
Copyright © 1998-2000 Intra-Designs except where noted
http://www.windowsgalore.com/cert/