Professional Documents
Culture Documents
2273B
Managing and Maintaining a Microsoft
Windows Server 2003 Environment
Companion Content
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2005 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at
http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks
of the Microsoft group of companies. All other marks are property oftheir respective owners.
Module 0
Introduction
Contents:
Multimedia 2
0-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Multimedia
Media Type Title
Module 1
Introduction to Administering Accounts and Resources
Contents:
Question and Answer 2
Multimedia 4
Lab Answer Keys 5
1-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Only Windows Server 2003, Web Edition, does not support the installation of Active
Directory directory service.
The user has logged on to his local computer rather than to the domain. This enables him to
log on and use his computer locally but not to access network or shared resources that are
accessible to his domain account.
Answer: No, you must log the user off and log on as an administrator. Printers cannot be
installed using the Runas feature.
Introduction to Administering Accounts and Resources 1-3
c. That the operating system is Windows XP and that you have domain user rights.
d. That the operating system is Windows 2000 Professional and that you have domain
administrator rights.
Organizational unit structure deals with logical administration and is generally independent of
network topology and Active Directory replication.
1-4 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Multimedia
Media Type Title
Note This lab focuses on the concepts in this module and as a result
might not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-CL1
1-6 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Task 2 Create a custom MMC with a desktop shortcut that uses the
RUN as feature to launch Active Directory Users and
Computers
1. Click Start, click Run. In the Run dialog box, type MMC. Click OK.
2. In the Console1 window, click the File menu, and then click Add/Remove
Snap-in.
3. In the Add/Remove Snap-in dialog box, click Add.
4. In the Add Standalone Snap-in dialog box, select Active Directory
Users and Computers, and then click Add.
5. Click Close.
6. Click OK.
7. On the File menu, click Save As, and then save the console as
AD_Admin.msc in the My Documents folder.
8. Close the AD_Admin console.
9. Click Start and then click My Documents.
10. Right-click AD_Admin and then point to Send To. Click Desktop (create
shortcut).
11. Close the My Documents window.
12. Right-click AD_Admin, and then click Properties.
13. On the Shortcut tab, click Advanced.
14. Click Run with different credentials.
15. Click OK twice.
4. In the New Object . Organizational Unit dialog box, in the Name field,
type Marketing and then click OK.
5. Right-click the Marketing OU, point to New, and then click
Organizational Unit.
6. In the New Object-Organizational Unit dialog box, in the Name field,
type Western Region and then click OK.
7. Repeat steps 5 and 6 to create the organizational unit for the Eastern
Region.
8. Close all windows and log off DEN-CL1.
Module 2
Managing User and Computer Accounts
Contents:
Question and Answer 2
Multimedia 5
Lab Answer Keys 6
2-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment Student Materials
b. Change the password for the account, and give the new password to the new user.
c. Disable the old user account, rename the user account by using the replacement's name, and
configure the account to require a new password the next time the user logs on. Then, enable the
account when the replacement arrives.
d. Lock the old user account, rename the user account by using the replacement's name, and
configure the account to require a new password the next time the user logs on. Then, enable the
account when the replacement arrives.
Answer: Answer a is the best solution.
For security purposes, you should always create a new account for each new user.
a. Modify the Managed by property for the computer account of each server to display you as the
manager.
b. Modify the Location property for the computer account of each server to display the server's
location.
c. Modify the Managed by property for the computer account of each server to display the server's
address information.
Managing User and Computer Accounts 2-3
d. Modify the Location property for the computer account of each server to display the server's asset
information.
Answer: Answer b is correct.
and then run the search. After further research, you determine that most of the systems administrators are
searching for the same information. What can you do to accelerate the search process?
a. Specify multiple criteria in a custom search
Multimedia
Media Type Title
Note This lab focuses on the concepts in this module and as a result
might not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-SRV1
Managing User and Computer Accounts 2-7
and Groups.
5. In the Find Users, Contacts and Groups dialog box, click the Advanced
tab.
6. In the Field list, select User . Department.
7. Ensure that Starts with is the condition, and type Sales in the Value
field.
8. Click Add.
9. Click OK twice.
10. The query should display all the users in the Sales department.
Task 1 Use a saved query to locate all the Sales department users
and update their Office attribute
1. In Active Directory Users and Computers, expand the Saved Queries
folder, and then click the Find_Sales_Users query.
2. Select the first account in the list. Hold down the SHIFT key and click the
last account in the list to select the entire list.
3. Right-click the selected accounts, and then click Properties.
4. In the Properties On Multiple Objects dialog box, select the Office
check box, and then type Main Street in the Office field.
2-10 Managing and Maintaining a Microsoft Windows Server 2003 Environment Student Materials
Task 2 Use the imported query to locate all the Sales computer
accounts and modify their Description attribute
1. In Active Directory Users and Computers, expand the Saved Queries
folder, and then click the Find_Sales_Computers query.
2. In the Details pane, select all computer accounts by clicking the first
account in the list and then holding down and clicking the last account
in the list to select the entire list.
3. On the General tab in the Properties On Multiple Objects dialog box,
change the Description setting to Sales Department.
Module 3
Managing Groups
Contents:
Question and Answers 2
Multimedia 6
Lab Answer Keys 7
3-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
You have arranged to work with the administrator from the staff.hospital.msft domain to ensure that
the group strategy is correct. Which strategy should you choose?
a. Create a global group in the staff domain called Staff. Create a global group in the admin
domain called Clerks. Create a universal group and add the Staff and Clerks as members. Grant
permissions to the universal group.
b. Create a global group in the staff domain called Staff. Create a global group in the admin
domain called Clerks. Create a domain local group in the staff domain and add the Staff and
Clerks as members. Grant permissions to the domain local group.
c. Create a domain local group in the admin domain called admin. Add the clerk accounts to the
domain local group. Add the doctors and nurses accounts to the domain local group. Grant
permissions to the domain local group.
d. Create a universal group called admin. Add the clerk accounts to the universal group. Add the
doctors and nurses accounts to the universal group. Grant permissions to the universal group.
Creating a global group in each domain allows for more flexibility. By creating a domain local
group and granting permissions, you can easily add another global group to it at any time.
a. Contact
b. User
c. Computer
d. Global group
e. Domain local group
4. Open the Properties dialog box for Don Hall. Click the Member Of tab. What groups is Don Hall
a member of?
Answer: Domain Users, G Sales, G Sales Managers
5. In the Sales organizational unit, open the Properties dialog box for the G Sales group.
a. Click the Members tab. Who is in the G Sales group?
Answer: Jeff Hay, Don Hall, Kim Yoshida
b. Click the Member Of tab. What groups does G Sales belong to?
Answer: DL Sales Read
Global groups cannot be members of global groups outside their own domain but can be
members of a universal group.
d. Power Users
Answer a is correct, because the help desk personnel must be able to perform any operation
on the desktop computers.
Answer b is incorrect, because the HelpServicesGroup is used for Help applications such as
remote assistance and is maintained by the Help and Support service.
Answers c and d are incorrect, because Print Operators and Power Users do not have the
permissions or user rights to accomplish the stated goal.
Answers a, b, and c are best practices that apply to the choice between built-in or custom
groups.
Answer d is incorrect. Universal groups may be helpful for administration of large enterprise
networks. However, because there are also disadvantages to using universal groups, it is not a
best practice to create universal groups based on the organization's size. You should create
universal groups based on the function that the group will support.
Managing Groups 3-5
3. Open the Properties dialog box for the G Contoso Managers global group. Click the Members
tab. What groups are members?
Answer: The G Sales Managers and the G Graphics Managers.
4. Now click the Member Of tab. What groups is G Contoso Managers a member of?
Answer: G Contoso Managers is a member of the U Enterprise Managers universal group.
5. Close all windows and log off of DEN-DC1.
Multimedia
Media Type Title
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-SRV1
3-8 Managing and Maintaining a Microsoft Windows Server 2003 Environment
3. Click Add.
4. Add the G Marketing Managers group account.
5. Click OK twice.
6. Open the Properties dialog box for the DL Marketing Read-only
domain local group.
7. Click the Members tab.
8. Click Add.
9. Add the G Marketing Users group account.
10. Click OK twice.
2. To prepare for the next module, start the DEN-DC1 virtual computer.
Managing Access to Resources 4-1
Module 4
Managing Access to Resources
Contents:
Question and Answers 2
Multimedia 6
Lab Answer Keys 7
4-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
When you interactively log on to this server as a member of the Users group, you still can create and
delete files in this shared folder. Why can you do more than should be allowed with only the Read
permission?
a. The account you used is also a member of the Administrators group.
b. The account you used has been delegated authority to access shared folders.
c. The server is not a member of the Active Directory directory service domain.
d. Shared folder permissions are not applied to interactive logons.
Question: What steps must you take to ensure that the Sales group has only Read permission for
File2? Choose all that apply.
a. Remove Modify permission from the Users group for Folder1.
Answer b is correct, because Change permission allows a user to view the file attributes.
Answer c is incorrect, because Change permission does not allow a user to change the file
attributes.
Answer d is incorrect, because Change permission does not allow a user to delete a file.
4. Click Select to locate the user or group that you want to test.
5. Type LegalManager, and then click OK.
What NTFS permissions does the LegalManager account have?
Answer: Read, Write, Create, and Delete.
6. Test the LegalUser account.
What NTFS permissions does the LegalUser account have?
Answer: Read, Write, and Create, but not Delete.
7. Test the Authenticated Users group.
What NTFS permissions does the Authenticated Users group have?
Answer: None.
8. Close all open windows and log off.
Multimedia
Media Type Title
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-SRV1
DEN-CL1
4-8 Managing and Maintaining a Microsoft Windows Server 2003 Environment
7. Click OK twice.
8. On the Security tab, click Add.
9. Select Authenticated Users, and leave the default permission Read
and Execute.
10. Click Add, and then select the DL Research change group.
11. Grant the DL Research change group account Modify permission.
12. In Windows Explorer, right-click the Price List folder, and then open
the Sharing and Security Properties dialog box.
13. On the Security tab, click Advanced.
14. Clear the Allow inheritable permissions from the parent to
propagate to this object and all child objects check box to prevent
permission inheritance, and then remove all permissions.
15. Click Add.
16. Select the Administrator account.
17. Grant the Administrator account Full Control.
18. Click OK twice.
19. On the Security tab, click Add.
20. Select Authenticated Users and leave the default permission Read
and Execute.
21. Click Add, and then select the DL Sales Modify group.
22. Grant the DL Sales Managers group Modify permission.
3. Right-click the C:\Price List folder and then click Sharing and
Security.
4. On the Sharing tab, click Caching.
5. Select All files and programs that users open from the share will
be automatically available offline.
6. Click OK twice.
Module 5
Managing Access to Objects in Organizational Units
Contents:
Question and Answers 2
Lab Answer Keys 6
5-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answer a is true, because explicit permissions are maintained when an object moves between
organizational units.
Answer b is true, because inherited permissions may change based on the target
organizational unit.
Answer c is false, because inherited permissions do not change based on the source
organizational unit.
Answer d is false, because permissions are based on the explicit permissions on the object or
the implicit permissions on the target organizational unit.
Answer e is true, because moving objects between containers has no effect on the permissions
assigned to the containers.
5. Examine the new security settings for the Test organizational unit.
6. Document the new security settings.
Managing Access to Objects in Organizational Units 5-3
Account Operators X
Administrators
Authenticated Users X
Domain Admins X
Enterprise Admins
Enterprise Domain X
Controllers
Pre-Windows 2000
Compatible Access
Print Operators X
System X
What are the minimum permissions required by each group? Choose all that apply.
a. Create, Delete User accounts
b. Modify User accounts
c. Full Control
d. Read All Properties
Answer c is incorrect, because Full Control permission is a higher level of permission than the
scenario requires.
Answer d is incorrect, because the Read All Properties permission does not give the groups a
high enough level of access to accomplish the stated goals.
3. Right-click the Sales organizational unit, and then create a new user with the following:
4. First name: Test
5. Last name: 2
9. Log off.
10. Log on to DEN-CL1 as Judy with the password of Pa$$w0rd.
11. Click Start, Run, and then type Dsa.msc in the text box.
12. Create a new computer account named Computer1 in the Sales organizational unit.
This will succeed because Judy Lew was granted authority to perform that custom task.
13. Try to perform tasks on user objects.
What other permission does Judy Lew have in the Sales organizational unit?
Answer: None. Judy Lew was granted authority over only computer objects in the Sales
organizational unit.
14. Close all windows and then log off of DEN-CL1 and DEN-DC1.
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-CL1
Managing Access to Objects in Organizational Units 5-7
7. On the Tasks to Delegate page, notice how the list of common tasks
relates to the delegwiz.ini file.
What is the first common task on the list?
Create, delete and manage user accounts.
8. Cancel the Delegation of Control Wizard.
9. Open the D:\2274\Labfiles\Admin_Tools \delegwiz.ini file in
Notepad.
10. Compare the modified file with the original.
What new task has been added to the list of templates?
Unlock Locked User Accounts.
What permission is being granted by the template?
Read and Write permission on the LockoutTime attribute of the
User class object.
11. Close Notepad without saving the files.
10. Ensure that the Start New Task wizard check box is selected, and then
click Finish.
11. On the Welcome to the New Task Wizard page, click Next.
12. On the Command Type page, click Next to accept the default Menu
command selection.
13. On the Shortcut Menu Command page, select Tree Item Task in the
Command source drop-down list.
5-10 Managing and Maintaining a Microsoft Windows Server 2003 Environment
22. Clear the Allow the user to customize views check box.
23. Save the custom taskpad in the D:\2274\Labfiles\Admin_Tools folder as
Legal.msc.
virtual computers.
Implementing Group Policy 6-1
Module 6
Implementing Group Policy
Contents:
Question and Answers 2
Multimedia 4
Lab Answer Keys 5
6-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Although answer a would work, it is not recommended. Answer c would not work because a
server that is not a domain member cannot be in an organizational unit. Answer d would only
allow you to set the computer security settings, not the user configuration.
The Enabled setting is always set at the link associated with the GPO.
7. In the New GPO dialog box, type Remove Search and click OK.
Answers a and c are incorrect because enabling the GPO link or copying it to the child
organizational unit will not guarantee that it will be applied. Answer d is incorrect because
you cannot block GPOs selectively.
Multimedia
Media Type Title
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-CL1
6-6 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Task 2 Create and link a GPO to the Sales OU and the Graphics OU
that prohibits access to Control Panel
1. Right-click the Sales OU.
Implementing Group Policy 6-7
2. Click Block Inheritance to remove the check mark. This will disable
inheritance blocking for the Sales OU.
3. Create and link a GPO to the Sales OU called Remove Control Panel.
4. Right-click the Remove Control Panel policy and then click Edit.
5. Expand User Configuration, Administrative Templates, Control
Panel folder, locate and Enable the Prohibit access to the Control
Panel setting.
6. Right-click the Graphics OU and click Link an Existing GPO.
7. In the Select GPO dialog box, click the Remove Control Panel GPO,
and click OK.
Domain Admins and check the box to Deny the Apply Group Policy
permission.
7. Click OK and click Yes after reading the Security warning message.
8. Log off and then log on again to DEN-CL1 as Administrator.
9. Click the Start menu. The Run command should be on the Start menu.
4. Click Advanced.
5. In the Remove Control Panel Security Settings dialog box, click Add.
6. Enter G Sales Managers and click OK.
7. Deny the Apply Group Policy permission to G Sales Managers.
8. Close all windows and log off
9. Log on as Don@contoso.msft.
10. Click the Start menu. Ensure that Control Panel appears and the Run
command does not appear on the Start menu.
11. Close all windows and log off.
Module 7
Managing the User Environment by Using Group Policy
Contents:
Question and Answers 2
Lab Answer Keys 6
7-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answers c and d are incorrect, because you cannot configure the location of computers and
inventory-installed software by using Group Policy.
Answer b is correct, because when you use cross-domain GPO assignments, the performance
of GPOs is impeded.
Answer c is incorrect, because Block Policy inheritance and Enabled do not affect
performance.
Answer d is incorrect, because policy filtering only affects performance when unnecessary
Group Policy settings are applied to users or computers.
Managing the User Environment by Using Group Policy 7-3
Answer: Answer c is correct. The computer accounts reside in the Servers organizational unit,
so that is where the policy must be linked to affect only those computers.
Answers a and b are incorrect because the computer accounts of the file servers do not reside
in those containers.
Answer d is incorrect because that would put the user account into the Backup Operators
group on all the computers in the domain.
Answer c is correct, because redirecting special folders to a specific path satisfies all the
requirements.
Answer d is correct, because the Grant the user exclusive rights to My Documents setting must
be enabled for this to work.
Note It may require two logons to see the results of the GPO.
3. Click OK
4. Open the My Documents folder. Create a new document named legal.txt. Enter some text and
save the document.
Managing the User Environment by Using Group Policy 7-5
a. Planning Mode
b. Logging Mode
Task 3
Test the setting
1. Log on to DEN-CL1 as GraphicsUser.
2. Open the Printers and Faxes folder.
3. Ensure that the Graphics1 printer appears.
Exercise 4: Using the Group Policy Results Wizard to Verify the Policy
Settings
In this exercise, you will use the Group Policy Results Wizard
to verify the policy settings for the GraphicsUser user account.
GPOs.
What GPOs are being applied to the computer?
The Backup Operators GPO, Admin Membership, and
the Default Domain GPO.
3. In the User Configuration Summary Section, expand
Group Policy Objects and Applied GPOs.
What GPOs are being applied to the user?
The Standard Desktop, Default Domain Policy,
Graphics Desktop and Map Printer GPOs
4. Click the Settings tab.
What GPO is applying the setting that hides the screen
saver?
The Standard Desktop GPO
What GPO is applying the setting that removes the Run
command from the Start menu?
The Graphics Desktop GPO
5. Right-click the report and click Save Report. Save the
report as an HTML file in the My Documents folder.
Module 8
Implementing Administrative Templates and Audit Policy
Contents:
Question and Answers 2
Lab Answer Keys 6
8-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answer: Answer b is correct. Hisecws is the Group Policy template used for the highest level of
security.
Import the security template into a GPO and apply the GPO to an organizational
unit
1. Open Group Policy Management and then create and link a GPO named XP Security to the
Sales organizational unit.
2. Right-click and edit the XP Security policy.
3. In the Group Policy Object Editor, expand Computer Configuration, Windows Settings, and
Security Settings.
4. Right-click Security Settings, and then click Import Policy.
5. In the Import Policy From dialog box, click Secure XP.inf, and then click Open.
6. Close the Group Policy Object Editor and Group Policy Management.
7. Open Active Directory Users and Computers, and move DEN-CL1 from the Computers
container to the Sales organizational unit.
Implementing Administrative Templates and Audit Policy 8-3
8. Close Active Directory User and Computers and then log off of DEN-DC1.
9. Log on to DEN-CL1 as Administrator.
10. Click Start, click Shutdown,and then click Restart. Do not shut down the virtual machine.
RSoP and Security Configuration and Analysis are the tools used to determine if the correct
Group Policy settings are applied.
7. In the Perform Analysis dialog box, click OK to accept the default path for the log file.
8-4 Managing and Maintaining a Microsoft Windows Server 2003 Environment
8. When the analysis is complete, expand Local Polices and click Security Options.
What are the Database and Computer settings for Renaming the administrator account?
Answer: The computer setting is XPAdmin. The Database setting is Not Analyzed because
the setting was not configured in the database.
Do the Database and Computer settings for Interactive logon: Do not display last user name
agree?
Answer: A green check mark indicates that the Database and Computer settings agree.
9. Click File System, C:\.
What are the Database and Computer settings for the Program Files directory?
Answer: This setting was not analyzed because it was not configured in the template.
10. Close all open windows and log off of DEN-CL1.
Auditing the events in answers b, e, and f tells you when a logon to the server fails and when a
user's attempt to access a folder fails.
Question: You are notified that users are having difficulty accessing shared resources on two of the
organization's file servers. You decide to review the audit logs for these servers to determine the
cause of the issues. When you review the event logs, you discover that the log only contains data
from the previous 12 hours. What may be responsible for the lack of data? Choose all that apply.
a. The maximum size of the event log is too small.
b. Too many events are being audited.
c. The Overwrite events older than [x] days setting is set to 1 day.
d. Another administrator manually cleared the event logs.
Implementing Administrative Templates and Audit Policy 8-5
e. All the relevant events are logged to domain controllers, not member servers.
Answer a is correct, because if the maximum size of the event log is too small, events that help
you determine the problem may be overwritten.
Answer b is incorrect. Although this may be a factor if you are auditing things you do not
need to, it is not correct for this scenario.
Answer c is correct, because this would cause events to be overwritten every 24 hours.
Answer d is correct, because it is possible that the events were cleared while another
administrator was trying to isolate a different issue.
Answer e is incorrect, because events are logged to the servers that are performing the
actions.
Module 9
Preparing to Administer a Server
Contents:
Question and Answers 2
Lab Answer Keys 4
9-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answer: Answer: c
Which of the following tasks can you use to accomplish these tasks? Choose all that apply.
a. Connect to one of the other print servers as an administrator, and then enable the new server
for remote administration.
b. Log on locally to the new print server as a server operator, and then configure the new server
for remote administration.
c. Log on locally to the new print server as an administrator, and then configure the new server
for remote administration.
d. On the new print server, in the Properties dialog box for Remote Desktop, enable the Redirect
local drives when logged on to the Remote computer option.
e. On the new print server, in the Properties dialog box for Remote Desktop, enable the Start
the following program on connection option.
Answer: Answer: b, c, e.
The minimum group membership that has the rights to configure a server for remote
administration is a server operator. You cannot accomplish the task by using answers a and d
because you must be logged on locally to the server to enable remote administration. Also,
the Redirect local drives when logged on to the Remote computer option is not used to
configure stating a program on connection.
Preparing to Administer a Server 9-3
Which of the following situations is a potential cause of this condition? Choose all that apply.
a. Other administrators are already logged on to and are actively using the server.
b. The other administrators are closing the Remote Desktop window rather than logging off the
remote desktop.
c. The other administrators are logging off the remote desktop rather than closing the Remote
Desktop window.
d. The other administrators are using computers running Microsoft Windows XP rather than
Microsoft Windows Server 2003 for remote administration.
Answer: Answer: a, b
The cause of this issue is that there are already two concurrent connections using remote
administration. The administrators are not logging off to disconnect their sessions. Instead,
they are closing the Remote Desktop window.
Answer c is incorrect because logging off would be the correct action, and the administrator
would be able to connect.
Answer d is incorrect because Remote Desktop works the same in both Windows XP and
Windows Server 2003.
9-4 Managing and Maintaining a Microsoft Windows Server 2003 Environment
8. In the Folder Path box, type C:\Data2, and then click Next.
9. Click Yes to create the folder.
10. Click Next to accept the default share name, and then click
Finish to accept the default permissions.
11. Click Close.
12. Close Computer Management.
changes.
2. To prepare for the next module start the DEN-DC1 and DEN-
CL1 virtual computers.
Preparing to Monitor Server Performance 10-1
Module 10
Preparing to Monitor Server Performance
Contents:
Question and Answers 2
Multimedia 4
Lab Answer Keys 5
10-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answer: d
Answers a, b, and c are incorrect, because the data gathered would not allow you to make that
determination. You need to gather data about all primary subsystems to isolate potential
performance issues.
What performance tools should you use to diagnose the problem quickly and to ensure that the tools
are not affecting the performance data?
a. Task Manager, on the server with the problem
b. System Monitor, using only the appropriate counters on the local computer.
c. System Monitor, using the default counters from a remote computer
d. System Monitor, using only the appropriate counters from a remote computer
Answer: d
Answer d is correct because they are running from a remote computer, which prevents further
degradation of the server's performance and does not use unnecessary counters.
Answers a, b and c are incorrect, either because they are running on the affected computer or
are using unnecessary counters.
Preparing to Monitor Server Performance 10-3
What is the best process for accomplishing this task with the least administrative burden?
a. Create one counter log that captures relevant counter data from all four servers.
b. Create four counter logs that capture relevant counter data, one for each server.
c. Use a screen capture utility to capture performance data every 30 minutes during the entire
day.
d. Create one counter log that captures all available counter data on all the servers.
Answer: a
Answer a is correct, because it uses one log to hold all the data from the servers, so it can be
easily compared.
Answers b, c, and d would require more administrative overhead to compare and analyze the
performance data from the servers.
How do you configure performance monitoring so that you can keep up-to-date on potential
failures? Choose the best answer.
a. Create an alert for %Processor Time and log an entry to the application log.
b. Create an alert for %Processor Time and send a network message to yourself.
c. Create an alert for %Processor Time and start a performance data log.
d. Create an alert for %Processor Time and run the shutdown command to restart the server.
Answer: d
This will restart the server and make the application available to users. Answer a is incorrect,
because you may not be monitoring the application log at all times.
Answer b is incorrect, because you will not be notified if you are not logged in to the network.
Answer c is incorrect, because starting a log does not fix the problem or notify you.
10-4 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Multimedia
Media Type Title
4. Analyze a trend. L
Module 11
Managing Data Storage
Contents:
Question and Answers 2
Multimedia 5
Lab Answer Keys 6
11-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Which of the following conditions describes the effect of moving a file or folder between NTFS
volumes?
a. The file or folder is uncompressed, regardless of the compression state of the target folder.
b. The file or folder remains compressed, regardless of the compression state of the target folder.
c. The file or folder inherits the compression state of the target folder.
d. The file or folder retains its compression state no matter where you move it.
Answer: c
Answer c is correct, because the file or folder inherits the compression state of the target
folder.
Which of the following options are probable causes of these problems? Choose all that apply.
a. Volume is formatted as FAT32.
b. Volume is formatted with NTFS.
c. Folder is not compressed.
d. Folder is compressed.
Answer: a, d
How can you recover these files? Choose all that apply.
a. Reset the password of the salesperson and log on as the salesperson and decrypt the files.
b. Log on as any user that is a member of Domain Admins and decrypt the files.
c. Log on to the laptop as the domain administrator and decrypt the files.
d. Log on to the laptop as the local administrator and decrypt the files.
Answer: a, c
Answer a is correct, because after a domain account password is reset, the files are still
available to the user.
Answer c is correct, because the domain administrator is the default recovery agent in a
domain.
Answer b is incorrect, because the Domain Admins group has no special privileges to decrypt
files.
Answer d is incorrect, because the local administrator does not have any special privileges to
decrypt files if the laptop is a member of the domain.
Which of the following characteristics apply to disk quotas? Choose all that apply.
a. When a user takes ownership of a file, the file size is charged against the disk quota limit for
that user.
b. Although a file is compressed, disk usage is calculated based on the size of the uncompressed
file.
Answer: a, b
Answer a is correct, because when a user takes ownership of a file, the file is added to the
user's quota.
Answer b is correct, because disk quotas are always based on the size of the uncompressed
file.
11-4 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answer c is incorrect, because disk quotas require the NTFS file system.
Answer d is incorrect, because disk quotas are volume-based and can be set only at the
volume level.
Managing Data Storage 11-5
Multimedia
Media Type Title
Animation What Are the Differences Between the FAT, FAT32 and NTFS File Systems?
Properties.
2. Click the Quota tab and click Quota Entries.
3. Double-click the Paul West quota entry.
4. Click Do no limit disk usage and then click OK.
5. Close the Quota Entries for Allfiles (D:) window.
6. Click OK and close My Computer.
Pa$$w0rd.
2. Open Windows Explorer and browse to \\DEN-
DC1\Data\Encrypted.
3. Open Recover.txt. You will receive an access denied
error message.
4. Close Notepad.
Encrypt Recover.txt
1. Right-click Recover and click Properties.
2. Click Advanced, check the Encrypt contents to secure
data check box, and then click OK.
3. Click OK. Notice that the file name is green again.
Module 12
Managing Disaster Recovery
Contents:
Question and Answers 2
Lab Answer Keys 5
12-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answer: c
Answer c is correct, because it is the only way to prevent this type of damage to data.
Answer a is incorrect, because RAID does not work if the entire system is damaged.
Answer b is incorrect, because UPS does not work for water or fire damage.
Answer d is incorrect, although it is a good idea, because it would not recover the data itself.
Which of the following backup types do not clear the archive attribute? Choose all that apply.
a. Normal
b. Copy
c. Differential
d. Incremental
e. Daily
Answer: b, c, e
Answers b, c, and e are correct, because they do not clear the archive attribute.
Answers a and d are incorrect, because they do clear the archive attribute.
Managing Disaster Recovery 12-3
Which of the following is a valid reason why backup jobs should be scheduled rather than started
manually? Choose all that apply.
a. It reduces the workload on administrative staff.
Answer: a, b, c
Answer d is incorrect, because with volume shadow copy, open files are no longer a concern.
Answer: a, c, d
The backup set holds the data that is restored. A floppy disk is used to store disk
configuration information. The Windows Server 2003 installation CD-ROM is required to start
the ASR restore.
Answer b is incorrect. A Windows startup disk is not used as part of an ASR restore.
Answer: c
Shadow copies track changes to files. If a volume is corrupted, then shadow copies are lost as
well.
Answers a, b, and d are incorrect, because shadow copies could recover the file at the point
when the last shadow copy was taken.
Which of the following are valid ways that you can use to restore log on capabilities to this server?
Choose all that apply.
a. Use a Windows startup disk to disable the driver for the fingerprint reader.
b. Use Last Known Good Configuration to restore the registry to the last successful logon.
c. Use the Recovery Console to install a newer driver version for the fingerprint reader.
d. Use Safe Mode to remove the driver for the fingerprint reader.
Answer: b, d
Last Known Good Configuration will restore the registry to the state before the fingerprint
reader driver was installed. Safe Mode will still function because it loads only essential
components and would not load the driver for the finger print reader.
Answer a is incorrect, because a Windows startup disk will start Windows with the existing
configuration, including the driver for the fingerprint reader.
Answer c is incorrect, because the Recovery Console cannot be used to install drivers.
Managing Disaster Recovery 12-5
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-SRV1
12-6 Managing and Maintaining a Microsoft Windows Server 2003 Environment
12. Press Tab to select File, press the right arrow four times to select System
State, and then press the SPACEBAR.
13. Use Tab to select Start Restore and press ENTER.
14. Press ENTER to close the Warning dialog box.
15. Press ENTER to confirm the restore.
16. Click Yes to restart your computer.
Module 13
Software Maintenance Using Windows Server Update
Services
Contents:
Question and Answers 2
Multimedia 4
Lab Answer Keys 5
13-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Which is the best solution for ensuring that the operating systems of roaming clients are properly
updated?
a. Use a Group Policy object to configure automatic updates to install updates automatically as
they are available.
b. Provide users with instructions on how to download updates from the Microsoft Windows
Update Web site.
c. Provide users with instructions about how to configure automatic updates to automatically
install updates as they are available.
d. Provide users with instructions on how to install and configure their own WSUS server.
Answer: c
Configuring automatic updates to install updates automatically as they are available is the
most reliable way to ensure that workstations are updated.
Answer a is incorrect, because Group Policy is only applicable if the workstations are members
of the Active Directory directory service forest.
Answer d is incorrect, because configuring a WSUS server for each remote user will require too
many resources. WSUS requires a server.
a. All clients download updates from a single WSUS server at the head office.
b. Each location has an independent WSUS server the serves local clients.
c. Each remote location has replica WSUS servers that copy their configuration from the head
office WSUS server.
d. Each remote location has a disconnected WSUS server and updates are imported on those
servers from DVD.
Answer: b
Software Maintenance Using Windows Server Update Services 13-3
With independent servers at each location, the WSUS servers and clients will not generate any
WAN traffic.
Answer a is incorrect, because Automatic Updates for clients will generate a high volume of
WAN traffic as updates are downloaded.
Answer c is incorrect, because WAN traffic will be generated when updates and configuration
information are downloaded from the head office WSUS server to the replica WSUS servers.
Answer: a, b, c
The database contains the list of approvals and computer groups. These were lost when the
database was lost.
Answer d is incorrect, because the All Computers computer group is created by default.
Answer e is incorrect, because the Group Policy object was not lost when the database was
lost.
13-4 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Multimedia
Media Type Title
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-SRV1
DEN-CL1
13-6 Managing and Maintaining a Microsoft Windows Server 2003 Environment
4. Select the Unknown check box and the Needed check box, and then
click Apply.
4. Select the Unknown check box and the Needed check box, and then
click Apply.
5. Expand den-srv1.contoso.msft.
6. Close Internet Explorer.
Click Start, click Run type net start mssql$wsus, and then click OK.
Module 14
Securing Windows Server 2003
Contents:
Question and Answers 2
Lab Answer Keys 4
14-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Which of the following are security challenges that are more common in smaller companies? Choose
all that apply.
a. Servers are performing multiple roles.
Answer: a, c, d
Servers performing multiple roles are more often found in smaller organizations. Smaller
organizations typically cannot afford to devote staff to specialized task such as security.
Smaller organizations are more likely not to restrict physical access to servers.
Answer b is incorrect, because a high percentage of security threats are internal for large and
small businesses.
Answer e is incorrect, because legal consequences for security breaches apply to large and
small businesses.
Which of the following are features of the Security Configuration Wizard? Choose all that apply.
a. Services are enabled and disabled based on server role.
b. Firewall rules are configured based on server role.
c. Security Configuration Wizard settings can be imported into a Group Policy object.
d. Changes can be rolled back if there are problems.
Answer: a, b, c, d
Securing Windows Server 2003 14-3
Which of the following threats are specific to domain controllers? Choose all that apply.
a. Unauthorized changes to Active Directory directory service objects
b. Denial-of-service attacks
c. Exploitation of known security issues
d. Password attacks
Answer: a, d
Only domain controllers hold a copy of Active Directory objects, including passwords.
Answer c is incorrect, because any server that is missing updates is vulnerable to known
security issues.
What features or benefits does MBSA provide that WSUS does not? Choose all that apply.
a. Scans for missing Microsoft Office updates
b. Scans for missing Microsoft BizTalk Server updates
c. Scans for configuration errors in addition to missing updates
Answer: b, c, e
These features are unique to MBSA and are not found in WSUS.
Answer a is incorrect, because WSUS scans for missing Microsoft Office updates.
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-SRV1
DEN-CL1
Securing Windows Server 2003 14-5
14. Click Next again to accept the list of ports that will be opened.
15. Check the Skip this section check box, and then click Next to skip
configuring registry settings.
16. Check the Skip this section check box, and then click Next to skip
14-6 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Task 3 Import a security template into the Group Policy object for
Securing Windows Server 2003 14-7
member servers
1. Right-click Member Security, and then click Edit.
2. Under Computer Configuration, expand Windows Settings, right-
click Security Settings, and then click Import Policy.
3. Select D:\2275\Practices\Mod09\Security Templates\Enterprise
Client .Member Server Baseline.inf, and then click Open.
4. Close the Group Policy Object Editor.
Module A
Implementing Printing
Contents:
Question and Answers 2
Multimedia 5
Lab Answer Keys 6
A-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Because a color print device carries a higher cost per use than a black-and-white print device, you are
asked to limit this resource to groups that require color print jobs. Which of the following best fulfills
this requirement? Choose the best answer.
a. Create a local group that contains all the authorized users and set the permissions on the
color printers to:
Everyone = Deny Print New local group = Allow Print
b. Create a global group that contains all the authorized users, and set permissions on the color
printer to:
Everyone = Allow Print New global group = Allow Print
c. Create a local group that contains all the authorized users and set the permissions on the
color printer to:
New local group = Allow Print
d. Create a global group that contains all the authorized users and set the permissions on the
color printer to:
New global group = Deny Print
Answer a is incorrect, because if everyone is denied Print permission, then no one can access
the printer.
Answer b is incorrect, because if everyone is granted Print permission, then the goal is not
met.
Answer c is correct, because the Everyone group has been removed. As a result, the Everyone
group is implicitly denied access.
Answer d is incorrect, because denying the new group the Print permission does not allow
anyone to print to the printer.
What must you do to ensure that the clients running Windows NT 4.0 can print to your print devices?
Choose the answer that requires the least amount of administrative effort.
a. Install the printer driver for Windows XP on each computer running Windows NT 4.0.
b. Install the printer driver for Windows NT on each computer running Windows XP.
c. Nothing; the computers running Windows NT can print by default.
d. Add the printer driver for Windows NT to the existing printers.
Answer a is incorrect, because you cannot install a printer driver for Windows XP on
computers running Windows NT.
Answer b is incorrect, because you would not install a driver for an older operating system on
a computer.
Answer d is the best answer and requires the least amount of administrative effort.
b. Print device
Locations are always for the print device. The location of the printer is irrelevant to the users.
Question: Which of the following are requirements for printer-location tracking? Choose all that
apply.
a. Client computers that can search Active Directory directory service
The print device does not need to understand anything about Active Directory.
Answer: Denver/Downtown.
6. Click Cancel.
7. Open the Properties dialog boxfor the 10.15.0.0/16 subnet, and then click the Location tab.
What location is associated with this subnet?
Answer: Denver/Warehouse.
8. Click Cancel and then close Active Directory Sites and Services.
9. Click Start, point to Administrative Tools, and then click Group Policy Management.
10. Expand Forest:contoso.msft/Domains/contoso.msft.
11. Click the Group Policy Objects folder.
12. In the details pane, right-click the Default Domain Policy and then click Edit.
13. In the Group Policy Object Editor window, expand Computer Configuration, Administrative
Templates, and then click Printers.
14. In the details pane, double-click Pre-populate printer search location text.
15. On the Setting tab, click Enable and then click OK.
16. Close all open windows.
17. Open a command prompt and refresh group policy by typing Gpupdate /force.
18. Close all windows and log off of DEN-DC1.
Multimedia
Media Type Title
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-SRV1
DEN-CL1
Implementing Printing A-7
In this exercise, you will search Active Directory and test access
to the Shipping printer.
Module B
Managing Printing
Contents:
Question and Answers 2
Multimedia 5
Lab Answer Keys 6
B-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answer a is incorrect, because restarting the print spooler service does not affect
performance.
Answer b is correct, because using a dedicated disk increases printer performance by giving
the service exclusive access to the disk.
Answer d is correct, because adding RAM increases the overall performance of the print
server.
Answer e is correct, because using a faster or larger disk increases printer performance by
giving the service more disk space.
Answer f is incorrect, because doing this adversely affects the performance of the print server.
Setting the group that prints the low-priority documents to low priority is the best solution to
this problem.
Answer a is incorrect, because if the schedule were incorrect, then no documents from this
group would print.
Answer b is correct, because if the print server is running low on disk space, only some of the
documents would print.
d. No, because users will not know to which printer room their job printed
Printing pools must contain print devices that use the same print drivers.
A new local port can point to the UNC path of another printer. The current jobs in the queue
will automatically transfer over as long as the new port is used.
Managing Printing B-5
Multimedia
Media Type Title
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-SRV1
Managing Printing B-7
16. On the Print Test Page page, select No and click Next.
17. Click Finish to complete the installation.
Module C
Monitoring Server Performance
Contents:
Question and Answers 2
Multimedia 6
Lab Answer Keys 7
C-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Given the following counters and results for the Memory performance object, which of the following
options indicate that the memory subsystem is the cause of the performance problem? Choose all
that apply.
a. Pool Nonpaged Bytes = Rising Committed Bytes = 500 MB
b. Pool Nonpaged Bytes = Steady Committed Bytes = 212 MB
c. Pages/sec = 17 Available Bytes = 20 MB
d. Pages/sec = 4 Available Bytes = 284 MB
Answer: a, c
Answers a and c are correct, based on the recommended performance thresholds for the
memory subsystem.
Given the following counters and results for the CPU objects, which of the following options indicates
that the CPU is the cause of the performance problem?
a. Processor\% Processor Time = 40% to 90%
b. System:\Processor Queue Length = 4 to 5
c. Server Work Queues\Queue Length = 2 or less
d. Processor\% Processor Time = steady at 80%
Answer: b
3. Click System Monitor, and then add the Processor\% Processor Time counter and the
System\Processor Queue Length counter.
4. Record the information for the following counters:
Given the following counters and results for the Physical Disk performance object, which of the
following options indicate that the physical disks may be the cause of the performance problem?
Choose all that apply.
a. % Disk Time = 22% Current Disk Queue Length = 0
b. % Disk Time = 94% Current Disk Queue Length = 1
c. Avg. Disk Bytes/Transfer = 30% lower than baseline Disk Bytes/sec = 22% lower than baseline
d. Avg. Disk Bytes/Transfer = 26% higher than baseline Disk Bytes/sec = 33% higher than
baseline
Answer: b, c
Answers b and c are correct, based on the recommended performance thresholds for the disk
subsystem.
a. Memory\Pages/sec
b. PhysicalDisk\% Disk Time
c. PhysicalDisk\Current Disk Queue Length
d. Processor\% Processor Time
6. Record the information for the following counters:
a. Memory\Pages/sec
b. PhysicalDisk\%Disk Time
c. PhysicalDisk\Current Disk Queue Length
d. Processor\% Processor Time
7. Open D:\2275\Practices\Mod03 and start the disk.bat application.
8. Switch to report view, and then record the information for the following counters:
a. Memory\Pages/sec
b. PhysicalDisk\%Disk Time
c. PhysicalDisk\Current Disk Queue Length
d. Processor\% Processor Time
9. On the Start menu, click Help and Support andrecord how long it takes to start Help.
10. Is disk.bat causing a disk bottleneck? How can you tell?
Answer: Yes, the Current Disk Queue Length is above 2.
11. Close all windows.
Given the following counters and results for the Network Interface performance object, which of the
following options indicate that the network is the cause of the performance issue? Choose all that
apply.
a. Bytes Total/sec = 15000.220 Network Utilization = 78%
b. Bytes Total/sec = 210.254 Network Utilization = 22%
c. Bytes Sent/sec = 300.452 Network Utilization = 85%
d. Bytes Sent/sec = 14025.321 Network Utilization = 21%
Monitoring Server Performance C-5
Answer: a, c
Answers b and d are within the recommended performance threshold for the network
subsystem.
C-6 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Multimedia
Media Type Title
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
C-8 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Module D
Maintaining Device Drivers
Contents:
Question and Answers 2
D-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answer: b
Answer b is correct, because Ignore allows the driver to be installed without user intervention.
Answer a is incorrect, because blocking the driver signing forces the driver not to be installed.
Answer d is incorrect, because removing this option means it must be configured separately
for each user on a computer.
Answer: c
Answer c is correct, because this solution requires the least amount of administrative effort
and has the lowest risk of failure.
Answer a is incorrect, because this solution, although it would work, requires more
administrative effort.
Maintaining Device Drivers D-3
Answer b is incorrect, because this solution may cause some issues, and it is not a best practice
because some vendors may have the wrong dates on the files.
Answer d is incorrect, because this action would lower security for this environment.
Managing Disks E-1
Module E
Managing Disks
Contents:
Question and Answers 2
Lab Answer Keys 6
E-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
How many partitions should you create? With which file system should you format the partition or
partitions? Choose the correct answer.
a. 4 partitions, FAT32
b. 5 partitions, FAT
c. 1 partition, NTFS
d. 1 partition, FAT32
e. 2 partitions, NTFS
Answer: c
NTFS is the only file system that can be used to format a volume of this size. The maximum
volume that FAT32 can format in Microsoft Windows Server 2003 is 40 GB. If the volume is
formatted using Microsoft Windows 2000, however, Windows Server 2003 can use the
volume.
From the following options, select the one that requires conversion to dynamic disks to accomplish all
stated goals. Choose all that apply.
a. One drive letter for all three disks, NTFS file system, dual boot to run a proprietary backup
application
b. NTFS file system, use RAID-5 for all three disks
c. Striped volume for all three disks, NTFS file system
Answer: b, c
Answer a is incorrect, because dual boot is not supported while using dynamic disks.
Managing Disks E-3
Answer: d
Answer d is correct, because this option requires the least amount of administrative effort.
Answer b is incorrect, because this is a very manual process that requires much effort.
Answer c is incorrect, because Device Manager would not work for this task.
How can you create additional space on volume D with the least amount of administrative effort?
a. Back up of all four volumes, remove the hard disk, install a larger hard disk, create four
partitions on the new hard disk, and make D the largest partition.
b. Delete all mount points from drive D, because mount points consume an excessive amount of
disk space.
c. Move some of the data from drive D to drive F and create a mount point that recreates the
original file structure.
d. Tell users to delete files from drive D until there is 20 percent space free.
Answer: c
Answer a is incorrect, because although it would work, it requires too much administrative
effort.
E-4 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Answer d is incorrect because users might delete incorrect files and the management of this
process would be a lot of work.
Which option should you choose to reduce administrative effort and minimize the chance of volume
failure? Choose the best answer.
a. Extend the D: volume using space on the same physical disk.
b. Create a spanned volume using space on a different physical disk.
c. Create a new larger volume, copy the contents of D: to it, then reconfigure drive letters so
that the new volume is D.
d. Create a new striped volume, copy the contents of D: to it, then reconfigure the drive letters
so that the new volume is D.
Answer: a
Answer b is incorrect, because a volume spanning two disks is twice as likely to fail.
Answer d is incorrect, because a striped set has a higher risk of failure than a single disk.
Which option should you choose to maximize available disk space and ensure that all data is stored
on a fault-tolerant volume? Choose the best answer.
a. Create a single RAID-5 volume from the space on all six disks.
b. Create three mirrored volumes of two disks each.
c. Create a mirrored volume for the boot and system partitions and a four-disk RAID-5 volume
for data.
d. Create a four-disk RAID-5 volume for the boot and system partitions and mirrored volume for
the data.
Answer: c
Answer a is incorrect, because Windows Server 2003 cannot boot from a software-based
RAID-5 volume.
Managing Disks E-5
Answer b is incorrect, because mirrored volumes are not an effective use of disk space.
Answer d is incorrect, because Windows Server 2003 cannot boot from a software-based
RAID-5 volume.
What are possible reasons that the disk status is Offline? Choose all that apply.
a. The disk was already configured as a dynamic disk.
b. The disk was already formatted with the NTFS file system.
c. The disk was part of a spanned or striped volume.
d. The disk was formatted with the FAT32 file system.
Answer: a, c
Answer a is correct, because if you install a dynamic disk to a different system, the disk must
be imported before it can be accessed.
Answer c is correct, because conditions require that the disk be imported before it can be
accessed.
Note This lab focuses on the concepts in this module and as a result
may not comply with Microsoft security recommendations.
Prerequisites To complete this lab, you must have the following virtual machines:
DEN-DC1
DEN-SRV2
Managing Disks E-7
3. Click Yes.
computers.
Managing and Maintaining a Microsoft Windows Server 2003 Environment R-1
Resources
Contents:
Additional Reading 2
Internet Links 3
R-2 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Additional Reading
To open an Additional Reading file, click one of the links below.
Self-Study Module A, Implementing Printing
Self-Study Module B, Managing Printing
Self-Study Module C, Monitoring Server Performance
Internet Links
The Web sites listed below provide additional resources.
Microsoft Corporation
Microsoft Internet Explorer
Microsoft Learning
HOW TO: Apply Local Policies to All Users Except Administrators on Windows Server 2003 in a
Workgroup Setting
Secedit
Best practices for Security Templates
Auditing Overview
R-4 Managing and Maintaining a Microsoft Windows Server 2003 Environment
Auditing Policy
Auditing Security Events Best Practices
HOW TO: Set Up and Manage Operation-Based Auditing for Windows Server 2003, Enterprise
Edition
Windows 2000 Security Event Descriptions (Part 1 of 2)
Windows 2000 Security Event Descriptions (Part 2 of 2)
Windows Server 2003 Security Guide
Windows XP Security Guide v2
Security Configuration Manager
Note Not all training products will have a Knowledge Base article if that is the case, please ask your
instructor whether or not there are existing error log entries.
Courseware Feedback
Send all courseware feedback to support@mscourseware.com. We truly appreciate your time and effort.
We review every e-mail received and forward the information on to the appropriate team. Unfortunately,
because of volume, we are unable to provide a response but we may use your feedback to improve your
future experience with Microsoft Learning products.
Reporting Errors
When providing feedback, include the training product name and number in the subject line of your e-
mail. When you provide comments or report bugs, please include the following:
Document or CD part number
Page number or location
Complete description of the error or suggested change
Please provide any details that are necessary to help us verify the issue.
Important All errors and suggestions are evaluated, but only those that are validated are added to the
product Knowledge Base article.