Exam Profile: MCSA/MCSE: Managing and Maintaining a Microsoft Windows Server 2003 Environment (70-290)
These exam objectives are reprinted with permission from Microsoft. Please check the Microsoft website to get the most up-to-date information.
This exam is broken up into five different categories. We will look at what you have to know in each category to pass the exam.
Managing and Maintaining Physical and Logical Devices
- There are several command-line
utilities with which you should
be familiar. You should actually
take some time and run these
utilities from a command line
in order to better understand
- Driverquery can be used to print a list of devices.
- Winmsd allows you to pull up the System Information utility.
- Dsadd, Dsmod, Dsget, Dsrm, Dsmove, Dsquery, Gpresult, Whoami
- Device Manager allows you to manage devices on a local computer. If you are using Device Manager on a remote computer, it will be in read-only mode.
- The four Driver Recovery Tools are: Driver Rollback, Last Known Good Configuration, Safe Mode and Recovery Console.
- A Hardware RAID appears as single disk.
- A basic disk contains basic volumes, such as primary partitions, extended partitions, and logical drives. Basic disks can be converted to dynamic, but not vice versa without erasing data.
- A dynamic disk contains dynamic volumes, such as simple volumes, spanned volumes, striped volumes, mirrored volumes, and RAID-5 volumes. It is not supported for removable media or laptops.
- Logical drives are logical volumes on basic disks.
- RAID-0 is disk striping without parity. You must have at least two physical disks. RAID-1 is disk mirroring, which requires two physical disks and makes identical copies of single volume. RAID-0 is the cheapest and fastest form of RAID, but offers no redundancy. RAID-1 is the most expensive form of RAID.
- RAID-5 is disk striping with parity and requires between 3 and 32 disks. You cannot boot from RAID-5.
- RAID-5 is faster than RAID-1, but RAID-0 is the fastest.
- Disk defragmenter optimizes performance by putting data in a contiguous block.
- Disk defragmenter is used if volume is fragmented more than 10%. You need 15% of volume capacity for full defragmenting; otherwise volume will be partially defragmented.
- NTFS is the default file system on dynamic disks.
- Quotas are supported only on NTFS volumes.
- Disk Quotas can be implemented per-volume and per-user only.
- Hardware fault-tolerance provides faster I/O and hot swapping but is more expensive.
- If you move a file or folder to another volume, compression is lost, encryption is kept and NTFS rights are lost.
Managing Users, Computers, and Groups
- To create a user or computer object in Active Directory, you must have administrative privileges. The logon name is required and must be unique in the Domain.
- Account Logon events need to be monitored on each domain controller.
- A profile is created for each user that logs onto a computer.
- Profiles allow multiple users to be able to login to a computer and keep their work separate.
- Administrators can make changes to the built-in All Users profile to ensure that all users get the change.
- A mandatory profile is created by renaming Ntuser.dat to Ntuser.man.
- The Everyone group by default does not contain Anonymous Logon identity.
- To create or change a computer object in AD you must be a member of the Administrators or Account Operators groups.
- If you make a command-line change in AD, you must refresh (F5) the Management Console to see the change.
- There are two types of groups: Security and Distribution.
- Distribution groups only have one function and that is to create email distribution lists.
- Security groups are used to manage user and computer access to shared resources and to filter Group Policy settings.
- The best way to organize permissions is to assign them to a local group, then place global groups in the local group.
- Built-in groups are Administrators, Server Operators, Account Operators, Print Operators, Backup Operators, Guests, Replicator, Power Users, Users.
- A user must log in again before changes to Group membership take effect.
Managing and Maintaining Access to Resources
- Remote Assistance uses port 3389.
- The Instant Messenger Service uses port 1863.
- Permissions are assigned files or folders and rights are assigned to users or groups.
- Hidden share ends with $. Built-in administrative shares are also hidden by default (i.e. \\servername\c$)
- A user’s access to a file or folder is the most restrictive set of permissions between share permissions and NTFS permissions. So if a user’s permissions to a share is Read and the NTFS permissions are Full Control, their effective permission will be Read.
- Share permissions apply only when a folder is accessed remotely.
- Share permissions are lost when a folder is renamed or moved.
- NTFS permissions do replicate, are included in backup and restore, and can be configured remotely with Windows Explorer.
- Deny or No Access permissions take precedence over allow permissions.
- A change to Permissions take effect immediately.
- HTTP uses port 80 and FTP port 21.
- Permissions of a Web folder are the more restrictive of NTFS and IIS permissions.
- Encrypted file or folder cannot be moved or copied to another computer.
Managing and Maintaining a Server Environment
- A print server provides several advantages: single queue for logical printer, error messages visible on all clients, administrative tasks are centralized, users can go back to their jobs while printing, and clients automatically download appropriate printer driver when they first connect to the shared printer.
- Printer permissions are: Print, Manage Documents, Manage Printers, Special Permissions. By default, Print permission is assigned to the Everyone group.
- The spooler folder should be on a partition other than the system or boot partition for a high volume print server.
- Be familiar with software site licensing.
- You can view licenses using AD Sites and Services.
- Event Viewer records events in the Application, System, or Security logs.
- You manage a server remotely using Remote Assistance or Terminal Services.
- Know how to monitor a server environment for application performance.
Managing and Implementing Disaster Recovery
- Know how to perform system recovery for a server to include: Implement Automated System Recovery (ASR), Restore data from shadow copy volumes, Back up files and System State data to media, Configure security for backup operations,
- Be able to verify the successful completion of backup jobs, manage backup storage media.
- Recover from server hardware failure.
- Types of backup are Incremental, Differential and Full.
- You have to be a member of the Administrators or Backup Operators group to backup data.
- Backups can be scheduled daily, weekly, monthly, once, at system startup, at logon, when idle.
- You cannot backup individual components of the System State nor can you back it up remotely.