Barry Shilmover Founder/CIO (CGO)
-
Upload
sammy17 -
Category
Technology
-
view
591 -
download
0
Transcript of Barry Shilmover Founder/CIO (CGO)
Barry Shilmover
Founder/CIO (CGO)
Sonic Mobility Inc.
70-215: Windows 2000 Server
Agenda
What to Expect Microsoft’s new testing innovations The Exam:
Installing Windows 2000 Working with Resources Hardware Devices and Drivers System Performance, Reliability, and Availability Windows 2000 and Storage Networking Security
Sidebar – KB Articles
“Q” number are mentioned throughout this presentation
All are found on the Microsoft TechNet site They are the letter “Q” followed by a six digit
code. For example, Q123456 The URL for the above example would be:
http://support.microsoft.com/support/kb/articles/Q123/4/56.ASP
What to Expect…
Some exam detail 120 Minutes 62 Questions Passing Score: 660
Preparation Guide: http://www.microsoft.com/trainingandservices/exa
ms/examasearch.asp?PageID=70-215
Testing Innovations
Multiple choice Select-and-place exam questions Case study-based exam questions Simulations Computer adaptive testing
Multiple Choice
Um… yah…
Select-and-Place Exam Questions
Also known as Drag-and-Drop questions… A Scenario is given and you must drag the
answers to the right locations on the diagram
Case Study-Based Exam Questions
A case study is introduced at the beginning and a number of questions are asked based on the information provided
This is NOT a memory test… The case study is always available
Simulations
As the name states… a simulation Some tips:
Read the question… only give them what they want If information is not provided about a setting, assume
the default settings Close all windows within the simulation Check your spelling
Not currently on the exam
Computer Adaptive Testing
You start with an easy to moderate question If you answer it correctly, you will get a more difficult
question If you answer it incorrectly, you will get a less difficult
question
This process is repeated until the testing engine has determined your ability
Main difference between CAT and Traditional is that you cannot navigate questions in a CAT exam
Not used in this exam.
The Exam…
Installing Windows 2000
Attended Installation Unattended installation Upgrading from Windows NT 4.0 Service Packs and hotfixes When an installation fails
Windows 2000 – BI
Before Installation Check the Windows 2000 Hardware
Compatibility List (HCL) http://www.microsoft.com/hcl/default.asp
Or run WINNT32.exe /checkupgradeonly
Attended Installation
The four setup stages:1. Setup Program (text)
2. Setup Wizard (graphical)
3. Windows Networking Installation
4. Setup Completion Types of installation:
From the CD-ROM From the Network
From the CD
Boot from the CD Or make boot floppies
MAKEBOOT (16-bit) or MAKEBT32 (32-bit) Generate 4 startup disks TechNet article Q197063
From the Network
Copy i386 directory to a server Share the i386 directory Create a boot floppy for the server (so that it
can connect to the network) Map a drive to the network share Run the setup
Unattended Installation
All questions are answered ahead of time These are stored in an answer file Answer files are created via:
A text editor Or the Setup Manager Wizard (SMW)
Unattended Installs and User Interaction
The five levels:1. Provide Defaults
User simply accepts the default or makes changes2. Fully Automated
No user interaction3. Hide Pages
Only pages for which information was not provided is shown4. Read Only
As #3, but shows all information in read-only5. GUI Attended
Second stage of setup is automated. Rest is manual
The Setup Manager Wizard
A GUI-based answer file creation utility Found in the Windows 2000 Resource Kit
Deployment Tools section
The Setup Manager Wizard
DEMOSetupmgr.exe
SysPrep
Tool used for “ghosting” of systems Reverses the unique settings of a system
(such as the name and SID) Is found in the DEPLOY.CAB file on the
Windows 2000 Professional CD-ROM (in the \support\tools folder)
Upgrading from Windows NT 4.0
Upgrade path:
Operating System Upgrade Path
Windows 3.1
Windows 95/98
Windows Me
Windows NT Workstation 3.51/4.0
Windows NT Server 3.51/4.0
Windows NT Server 4.0 Terminal Server
Windows NT Server 4.0 Enterprise Edition
Windows NT 3.51 with Citrix
Service Packs and Hotfixes
Windows 2000 now supports slipstreaming Service Packs Service Pack is added directly to the distribution
share UPDATE.EXE /slip
All installation performed from the distribution share will now have the Service Pack applied
When an Installation Fails…
Never happens… right?
When an Installation Fails
Run the setup program in debug mode: WINNT32.EXE /debug[level]
Level 1 = regular errors Level 2 = warnings Level 3 = all messages
Check the HCL Check Network (including DNS!)
Working with Resources
Network Services Printers Files, Folders, and Shares
Distributed File System (DFS) Security
Web Sites
Network Services
FrontPage 2000 Server Extensions FTP Server NNTP Server SMTP Server Telnet Server Web Server WINS/DNS/DHCP DHCP-Relay
Printers
Has not changed much from Windows NT Supported Clients:
Windows Macintosh
Using File and Print Services for Macintosh Novell
Using Client Service for NetWare/NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
Unix Using Services for Unix 2.0
Printers – Continued…
Print Pooling The ability to group two or more identical printer together.
They appear as one logical printer to the clients Print Priority
The ability to set different logical printers, each with different priorities (from 1, lowest and default, to 99)
Remember to set security. (Everyone: Full Control) Internet Printing
New Feature! Allows for accessing the printers via a web browser http://servername/printers
Printer – Continued…
Windows 2000 automatically downloads and installs drivers for Windows 2000, Windows NT3.51/4.0, and Windows 95/98/Me
Most common way to fixed a stalled printer spooler? Kick it!
Be aware of how to set permissions, printer and print server properties
Files, Folders, and Shares
Windows 2000 now supports FAT32 natively Use FAT and FAT32 for dual boot with other
operating systems
Files, Folders, and Shares, cont. New version of NTFS
Known as NTFSv5 or Windows 2000 NTFS Now supports:
Disk Compression Encryption Disk Quotas Reparse Points Volume Mount Points SID Searching
If NTFSv4 is installed on the system, it will automatically be upgraded to NTFSv5 Therefore, Windows NT systems need SP4 or higher
Files, Folders, and Shares, cont.
NTFS partitions can now be Defragmented Command-line program for modifying NTFS
permissions: cacls.exe
Copying/Moving files is the same as with Windows NT Copying within a partition – permissions are inherited Moving within a partition – permissions are retained Moving between partitions – permissions are inherited
Distributed File System
A Definition:
Distributed file system (Dfs) allows administrators to make network-wide resources appear as though they exist in a single location on the network
An Example
Without DFS:
Domain
Server1
Documents
Corp
Server2
Users
Server3
Home
With DFS:
Domain
Corp
Documents
Home
Users
Distributed File System - Standalone
Setup: Administrative Tools | Distributed File System Select Create a standalone DFS root
Limitations: No fault-tolerance Only single-level hierarchy is available
Distributed File System – Domain-based
Setup: Administrative Tools | Distributed File System Select Create a domain DFS root
Features: All configuration is stored in and replicated by
Active Directory Fault-tolerant through replicas No limit on hierarchy levels (sort of)
Web Sites
Virtual Servers: The ability to host a number of web sites on the
same physical box Three setup methods:
IP Address Host Header Port number
Web Sites – Continued…
Virtual Directory A directory that appears under the root directory
of the web site A virtual Directory can be:
A directory on the local machine A shared folder on a network server Another web site (ie http://www.somedomain.com)
Tip: Refrain from using spaces in the name of the virtual directory. Older browsers can’t interpret the spaces
Web Sites - Security
Authentication Methods for web sites Allow anonymous Basic authentication Integrated Windows Authentication Digest authentication SSL Client Certificate
Windows 2000 finally supports Plug and Pray
Hardware Devices and Drivers
Hardware Devices and Drivers
Windows 2000 finally supports Plug and Play All Hardware information is now behind My
Computer Add/Remove Hardware control panel to
launch the Hardware Wizard System Information snap-in displays read-
only information about installed hardware Device Manager configures hardware
Driver Signing
A new feature in Windows 2000 that allows you to ensure that the drivers you are installing have been tested and passed the Windows Hardware Quality Lab (WHQL) test
Q224404 for more information
Some Utilities… Driver Verifier Manager
A command-line tool for troubleshooting driver problems verifier.exe (Q224404)
Windows Report Tool A tool for taking a “snapshot” of the system hardware/software winrep.exe (Q188104)
System File Checker A utility for verifying protected files and their version number sfc.exe (Q222471)
Windows Signature Verification A tool for checking the signatures of signed drivers sigverif.exe (Q185828)
System Performance, Reliability, and Availability
As with Windows NT, performance objects are important for the exam
Unlike Windows NT, physical disk counters are now enabled by default To enable logical disk and volumes you need to
run the diskperf –yv command The Performance Monitor (in Windows NT) is
now called the Performance Console
Alerts and Logs
Three types of logs: Trace
Monitors information based on events. All information is recorded
Counter These logs record information about specified objects
and counters Alert
Similar to a trace log except that information is not logged, it simply reacts to an event
Processes Processes are viewed through the Windows Task
Manager Accessible through Ctrl+Alt+Delete and Task Manager Shortcut: Ctrl+Shift+Esc
Each process has a priority assigned to it between 0 (lowest) and 31 (highest). Most common priorities: Low – 4 Normal – 8 High – 13 Realtime – 24
Priorities can be changed through the Task Manager (not recommended)
Disk Performance
Both mirrored and spanned volumes will degrade system performance.
Striped disks offer the greatest performance. Microsoft has finally admitted that NTFS
partitions get fragmented. Defragment regularly.
Spread the pagefile across multiple hard drives, but take them off the system and boot disks (see Q197379).
System State and User Data
System State Data: Contains the Registry, System startup files, and COM+
class registrations. May contain:
Active Directory services and the Sysvol directory (on an AD Domain Controller)
Resource Registry Checkpoints and Quorum Resource recover log (on a Windows 2000 Cluster)
Certificate Services database (on a Certificate Server) Improve performance on an Active Directory domain
controller by moving the system state data off the system/boot volume.
System State and User Data Recovery
Emergency Repair Disk No more RDISK.exe. ERDs are now created
through the backup program. No longer a “repair” disk. Is now a boot disk for
accessing repair tools stored on the CD (Q216337).
The ERD contains the following files: autoexec.nt, config.nt, and setup.log.
Emergency Repair Disk
Safe Mode
Safe mode is actually several modes: Enable Boot Logging Enable VGA Mode Last Known Good Configuration Recovery Console Directory Services Restore Mode Debugging Mode Boot Normally
Enter safe mode by pressing F8 during startup.
Recovery Console Gives you the ability to boot Windows 2000 to
a “DOS prompt”. Similar to ERDCommander 2000 from
Sysinternals.com. Limited functionality:
You can copy from removable media to the hard drive, but not the other way.
Windows Backup
A “watered down” version of Veritas Software’s BackupExec.
A major improvement to that monstrosity backup program in Windows NT. Better interface Can backup and restore to removable media,
hard drive, or share.
Windows 2000 and Storage
Windows 2000 has two disk types: Basic Disks Dynamic Disks
Basic Disks
Similar to Windows NT Contains Primary Partitions, Extended
Partitions, and Logical Drives Used for dual-boot systems with non-
Windows 2000 systems
Dynamic Disks
New to Windows 2000 Contains volumes Can be resized without a system reboot Can be converted back to Basic Disks
(assuming no volumes exist) Can be exported/imported
Basic and Dynamic Disks compared
Partition Extended Partition Logical drive Mirror Set Volume Set Stripe Set Stripe Set with Parity
Volume Volume Simple Volume Mirrored Volume Spanned Volume Stripped Volume RAID-5 Volume
Storage - New Features
Data Compression Any file or folder on an NTFS folder can be
compressed/uncompressed. Can be performed through My Computer or
Windows Explorer
Storage - New Features
Disk Quotas Quotas can only be set on the volume, not on
individual folders (Q183322). Disabled by default. Tips:
While you cannot assign quotas to groups, you can choose multiple users.
Do not choose the “Deny disk space to users exceeding quota limit” option on the disk storing Windows 2000.
Disk Failures
Know the ARC paths in BOOT.INI (Q119467 and Q113977). multi() scsi() disk() rdisk() parition()*
*lowest value=1
Networking
Virtual Private Networks Network Protocols Network Services Remote Access Terminal Services
Virtual Private Networks Remote Access Service (RAS) in Windows NT is now Routing and
Remote Access (RRAS). Two supported protocols: Point to Point Tunneling Protocol (PPTP) and
Layer Two Tunneling Protocol (L2TP).
Feature PPTP L2TP
Header compression
Tunnel Authentication
Built-in Encryption
Transmit over UDP, ATM, X.25, and Frame Relay.
TCP/IP
Most used protocol today. DHCP is used to dynamically assign TCP/IP
addresses DNS is used to resolve TCP/IP addresses and
names (and the reverse). WINS is used to resolve NetBIOS names to TCP/IP
addresses. Subnet mask is used to distinguish between the
network and host IDs of the TCP/IP address. Default gateway is used to identify the host which
communicates outside the network
TCP/IP - Continued...
Windows 2000 will automatically assign an address (169.254.x.y and 255.255.0.0)
Troubleshooting: ipconfig (Q223413) netstat nbtstat tracert route ping
Remote Access
RRAS supports multilink (Q223171, Q233151, Q244071).
Like RAS, it supports callback (called Callback Security.
Terminal Services
Terminal Services includes: TS Client Creator TS Configuration TS Licensing TS Manager
Uses Remote Desktop Protocol (RDP) and RDP-TCP (RDP over TCP/IP).
TS - Continued...
It is recommended that you install applications through the Add/Remove Program control panel.
If installing manually, put TS into install mode: change user /install
To turn off: change user /execute
Clients include Windows 3.11, Windows 95/98/Me, Windows NT, Windows 2000, Internet Explorer. Install TSAC for access through Internet Explorer.
Security
Encrypted File System Policies Auditing Local Accounts Account Policy The Security Configuration Tool Set
Encrypted Files System (EFS)
Any file on an NTFSv5 volume can be encrypted. The process is transparent to the user. A Recovery Agent is used to recover encrypted file
with a lost key. Default encryption is 56-bit. North Americans can
upgrade to 128-bit. The efsinfo.exe utility (Resource Kit) can give you
info on encrypted files (Q243026). Does graphically or using the Cipher.exe command.
Policies
Similar to System Policy Editor in Windows NT.
Group Policy MMC snap-in (gpedit.msc). Settings can be stored in AD. Settings can be exported/imported using .INF files
Auditing
Disabled by default. Enabled via Start | Administrative Tools |
Local Security Policy.
Local Accounts/Account Policy
Local Accounts Usernames cannot be longer than 20 characters. They cannot contain: “ / \ [ ] : ; | = , + * ? < > Passwords can be up to 128 characters in length
(Microsoft recommends 8). Account Policy
Password policy (default): Enforce password history = 0 days Maximum password age = 42 days Minimum password age = 0 days
Account Policy - Continued...
Minimum password length = 0 characters Passwords must meet complexity requirements =
disabled Store password using reversible encryption for all
users in the domain = disabled Account Lockout Policy (default)
Account lockout duration = not defined Account lockout threshold = 0 invalid login
attempts/disabled Reset account lockout after = not defined
The Security Configuration Tool Set
The Security Configuration and Analysis snap-in is normally used to troubleshoot security.
Security database (mysecuresv.mdb) is compared to the template.
Command-line based version: secedit.exe.
Additional Resources Exam Preparation Guide
http://www.microsoft.com/trainingandservices/exams/examasearch.asp?PageID=70-215
Windows 2000 Server and Professional Resource Kits Course 2151: Microsoft Windows 2000 Network and Operating
System Essentials http://www.microsoft.com/trainingandservices/syllabi/syllasearch.asp?PageID=2151Afinal&coursenumber=2151
Course 2152: Implementing Microsoft Windows 2000 Professional and Server http://www.microsoft.com/trainingandservices/syllabi/syllasearch.asp?PageID=2152Bfinal&coursenumber=2152
Questions?