1.

What is Active Directory?

Active Directory is Microsoft's trademarked directory service. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. 2. What is X.500 Directory Service? A standard way to develop an electronic directory of people in an organization so that it can be part of a global directory available to anyone in the world with Internet access. The idea is to be able to look up people in a user-friendly way by name, department, or organization. Many enterprises and institutions have created an X.500 directory. Because these directories are organized as part of a single global directory, you can search for hundreds of thousands of people from a single place on the World Wide Web.,,, 3. What is LDAP? LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of X.500. LDAP originated at the University of Michigan and has been endorsed by at least 40 companies. 4. Explain ADs Logical and Physical Components

The logical structure consists of OUs, domains, trees, and forests. The logical structure helps you design a network hierarchy that suits your organizational needs. The physical structure consists of sites and domain controllers. The physical structure helps you optimize network traffic by customizing the network configuration. Domain The core component of ADs logical structure is the domain. A domain is a unit of replicationall domain controllers in a domain replicate information to each other and contain a complete copy of directory information for their domain. Domains also act as security

boundaries. Organization Unit (OU) You use OUs to organize objects within a domain and to delegate authority to individuals or groups who need to manage those objects. For example, if the finance department wants to manage its own resources, you can create an OU container called Finance, create objects (e.g., users, computers, printers) within that container, and assign someone from the finance department to manage these resources (known as delegating the authority). Tree Multiple Domains form a Tree. All domains in a tree maintains contiguous name space. Ex:- Microsoft .com, Support. Microsoft .com, US. Microsoft .com etc Forest A forest is one or more trees that don't share a contiguous namespace. We can have two trees in a forest representing two namespaces in one organization. A forest will share a common configuration (e.g., information about domains, computers, and trust relationships), schema (e.g., classes and attributes), and a Global Catalog. Physical structure - Sites and domain controllers. Site - is one or more well-connected IP subnets, controls replication traffic between domain controllers and lets users authenticate with a domain controller within their site. This functionality helps you optimize network traffic and logon authentication in large enterprises. Domain controller - Domain controller, which is a Win2K server running AD, contains a complete replica of the domain database. In Win2K, no single domain controller acts as a master domain controller. All domain controllers use a multi master replication model and are peers. 5. What are FSMO Roles? Though Windows 2K/2K3 domain models are multi master, there are certain roles performed only by a single server. These are known as Flexible Single Master Operations. There are five FSMO roles: Domain naming Master, Schema Master, RID Master, PDC Emulator and Infrastructure Master. There must be a domain controller that owns each one of those roles. 1.Domain naming Master: The machine which hasDomain

Naming mastershould be available for adding and removing a domain the roll is forest wide 2.Schema Master: this is permits the extention of schema. the schema to be extented the schema master should be on line the roll is forest wide

3.RID Master: Relative ID will alocate the pool of RIDs to domain cotrolers. the roll is Domain wide

4.PDC Emulator: Primary Domain Controler Emulats as a PDC for backword compactability.the roll is Domain wide

5.Infrastructure Master: This will initiate replication of group membership changes .the roll is Domain wide 6. What is Authoritative Restore and how it is performed? An authoritative restore replicates all objects that are marked authoritative to every domain controller hosting the naming contexts that the objects are in. To perform an authoritative restore on the computer, you must use the Ntdsutil.exe tool to make the necessary USN changes to the Active Directory database. 7. What is the Volume Shadow Copy Service? The Volume Shadow Copy service, or VSS for short, is a new feature in Windows 2003 server that allows you to maintain multiple views of how files, folders and shares on a Windows 2003 server appeared in the past. Shadow copy will allow you to restore a deleted or modified file. 8. What is DFS? The Distributed File System is used to build a hierarchical view of multiple file servers and shares on the network. Instead of having to think of a specific machine name for each set of files, the user will only have to remember one name; which will be the 'key' to a list of shares found on multiple servers on the network. 9. What is Kerberos? Kerberos is a network authentication protocol. It is designed to

provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well. 10. What are the well known ports?

Netstat - 15 FTP 20 (data) and 21(Control) SSH -22 Telnet 23 SMTP -25 Wins - 42 DNS -53 DHCP server 67 & clint 68 TFTP 69 HTTP 80 Secure 81 Kerbros - 88 * POP3 110 NNTP 119

Net bios - 139 SNMP - 161 IMAP3 220 LDAP - 389 SSL - Secuer socket leyar - 443 RIP - 520 MS Sql - 1433 NFS - 2049 RDP - Remote Desk top Protocals - 3389 X Windows - 6000

11. What is network Monitor and which is the protocol used for Network Monitor? Network Monitor is a protocol analyzer used to capture inbound and outbound frames. The protocol used is SNMP. 12. Whats the difference between local, global and universal groups? Domain local groups assign access permissions to global/domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains. 13. I? I am trying to create a new universal user group. Why cant

Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory. 14. What is LSDOU?

Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units. 15. Where are group policies stored?

%SystemRoot%System32\GroupPolicy 16. What is GPT and GPC?

Group policy template and group policy container. 17. Where is GPT stored?

%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID 18. You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority? The computer settings take priority. 19. How can you restrict running certain applications on a machine? Via group policy, security settings for the group, then Software Restriction Policies. 20. You need to automatically install an app, but MSI file is not available. What do you do?

A .zap text file can be used to add applications using the Software Installer, rather than the Windows Installer. 21. Whats the difference between Software Installer and Windows Installer? The former has fewer privileges and will probably require user intervention. Plus, it uses .zap files. 22. What is loop back address and its purpose?

127.0.0.1. The Loop back address is used to check the drivers of the TCP/IP protocol. 23. What can be restricted on Windows Server 2003 that wasnt there in previous products? Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network configuration parameters. 24. How frequently is the client policy refreshed?

90 minutes. 25. Where is secedit?

Its now gpupdate. 26. You want to create a new group policy but do not wish to inherit. Make sure you check Block inheritance among the options when creating the policy. 27. What does IntelliMirror do?

IntelliMirror intelligently mirror user settings. It helps to reconcile desktop settings, applications, and stored files for users, particularly those who move between workstations or those who must periodically work offline. 28. What are private IP addresses?

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (local networks): 10.0.0.1 - 10.255.255.254 172.16.0.1 - 172.31.255.254

192.168.0.1 - 192.168.255.254 29. What are the IP Classes? Class A 1-126.x.x.x, hosts supported 16777214, with mask 255.0.0.0 Class B 128-191.x.x.x, hosts supported 65534, with mask 255.255.0.0 Class C 192-223.x.x.x, 255.255.255.0 hosts supported 254, with mask

Class D 224-239.x.x.x, reserved for multicast addressing Class E 240-254.x.x.x, reserved for experimental use 30. What is CIDR?

This is a shorthand notation for a subnet mask, classless interdomain routing (CIDR) notation. It counts the number of 1's in the subnet masks binary representation and is displayed after the ip address, for example 192.168.2.12/24 means that the subnet mask is 255.255.255.0 since we have 24 1's in the subnet mask. 31. How many name resolution for windows?

There are Two (1) NetBIOS (2) DNS 32. What is DNS?

Domain Naming System. To resolve Host name to IP Address 33. Whats the difference between forward lookup and reverse lookup in DNS? Forward lookup is name-to-address, the reverse lookup is address-to-name. 34. Types of Zones

Primary, Secondary and STUB Zone 35. What is Primary Zone?

Primary zones, which store their zone information in a writable text file on the name server. 36. What is Secondary Zone?

Secondary zones, which store their zone information in a readonly text file on the name server.

37.

What is Stub Zone?

Stub zone is a new feature in windows 2003. It is like a secondary zone. But there are certain differences. The differences are while secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records: (1) Copy of the SOA record for the zone. (2) Copies of NS records for all name servers authoritative for the zone. (3) Copies of A records for all name servers authoritative for the zone. 38. What are the common Resource Records A, NS, SOA, MX, SRV, Cname, PTR 39. What is Conditional Forwarding

Conditional forwarding is a new feature of DNS in Windows Server 2003. Conditional forwarding can be used to speed up the DNS name resolution process by directing queries for specific domains to specific name servers. 40. What is LMHOSTS file?

Its a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses. 41. What is HOSTS file?

Its a file stored on a host machine that is used to resolve Host name to specific IP addresses. 42. What is DHCP?

DHCP stands for "Dynamic Host Configuration Protocol". DHCP allows for dynamic allocation of network addresses and configurations newly attached hosts. 43. Describe how the DHCP lease is obtained.

Its a four-step process consisting of (a) DHCP Discover, (b) DHCP Offer, DHCP Request (d) DHCP Acknowledgement. 44. Can a BOOTP client boot from a DHCP server?

Only if the DHCP server is specifically written to also handle BOOTP queries. 45. What is DHCP Scope?

Scope - A range of IP addresses that the DHCP server can assign to clients that are on one subnet. 46. What is Supersocpe?

Superscope is a range of IP addresses that span several subnets. The DHCP server can assign these addresses to clients that are on several subnets. 47. What is Client Reservation?

Client Reservation is used to be sure a computer gets the same IP address all the time. Therefore since DHCP IP address assignments use MAC addresses to control assignments. 48. What is Exclusion range?

Exclusion range is used to reserve a bank of IP addresses so computers with static IP addresses, such as servers may use the assigned addresses in this range. These addresses are not assigned by the DHCP server. 49. Which utility is used to compact DHCP Database?

JETPACK 50. What is Scope Options?

Scope options are IP configuration settings for a particular subnet including the IP address of the router (default gateway), DNS Server, Domain Name, WINS Server etc. 51. Why we need DHCP Relay Agent?

When you have clients on different Subnets, you either need to have multiple DHCP Servers, or a DHCP Relay Agent. All DHCP packets are broadcast packets. When there is a DHCP broadcast the router will not forward the broadcast packets. To allocate IP address for the clients which are on a network other than DHCP server, you need to configure DHCP relay agent on Router. The DHCP Relay Agent allows you to place DHCP Clients and DHCP Servers on different networks. 52. I cant seem to access to the corporate network and on ipconfig my address is 169.254.X.X. What happened? The 169.254.x.x netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing)

53. Weve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP lease for the Server. Reason out why the lease is not available? The server must be authorized first with the Active Directory. 54. How can you force the client to give up the dhcp lease if you have access to the client PC? ipconfig /release 55. What are the occasion a client renew IP address from DHCP server 1) Every restart 2) 50% of lease duration 3) ipconfig /renew 56. What authentication options do Windows 2003 Servers have for remote clients? PAP, SPAP, CHAP, MS-CHAP, MS-CHAP v2 and EAP. 57. What is data link layer in the OSI reference model responsible for? Data link layer is located above the physical layer, but below the network layer. Taking raw data bits and packaging them into frames. The network layer will be responsible for addressing the frames, while the physical layer is responsible for retrieving and sending raw data bits. 58. What is Routing?

Routing is the process of transferring packets from one network to other network. Windows 2003 can be configured as router. 59. What are the features available with Windows 2003 Routing and Remote Access Server (RRAS)? We can configure a windows 2003 machine as Router, Remote Access Server, NAT Server, Demand Dial Router, and VPN Server. 60. Differentiate Routed Protocol and Routing Protocol

Routed protocol: Any network protocol that provides enough information in its network layer address to allow a packet to be forwarded from one host to another host based on the addressing scheme. x: IP/IPX Routing protocols: facilitate the exchange of routing information between networks, allowing routers to build routing tables

dynamically. Ex: RIP, OSPF 61. Explain Distance Vector and link state protocol

Routing protocols fall into two main categories, Distance Vector or Link State. Distance Vector protocols determine best path by counting number of HOPS. Hops are devices. Link State protocols are capable of using more sophisticated methods taking into consideration link variables, such as bandwidth, delay, reliability and load. 62. Give examples of Distance Vector and Link State Protocol Distance Vector RIP, IGRP Link State OSPF, EIGRP 63. Which are the routing protocol supported by windows 2003? RIP and OSPF 64. What is METRIC?

Metrics are values routing protocols use to determine the best path to a destination, when multiple paths exist. 65. What is RADIUS?

Remote Authentication and Dial In Service (RADIUS) is a server for remote user authentication and accounting. Its primary use is for Internet Service Providers, though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations. 66. Which is Microsoft Implementation of RADISU? And when it is required? MS Implementation of RADIUS is Internet Authentication Service (IAS). IAS need to be configured when the set up needs to centrally manage Authentication, Authorization and Accounting. 67. What is Remote Access Policy?

Remote access policies are an ordered set of rules that define how connections are either authorized or rejected. For each rule, there are one or more conditions, a set of profile settings, and a remote access permission setting. 68. What are the Remote Access Policy Elements and how they

are evaluated? The three policy elements are evaluated in the following order: Conditions Permissions Profile 69. Explain about Routing table? There are three types of routes that one finds inside a routing table: Default route - there is a single entry for this route in the table, the address provided is used as a destination for packets whose address doesn't match any other entry in the routing table. This route is indicated by both address and network mask of 0.0.0.0 Host route - provides route to a specific host or a broadcast address, this type of routes is marked by network mask of 255.255.255.255 Network route - provides route to a specific network, this type of routes can have a subnet mask between 0.0.0.0 and 255.255.255.255 70. What is binding order?

The order by which the network protocols are used for clientserver communications. The most frequently used protocols should be at the top. 71. Whats the major difference between FAT and NTFS on a local machine? FAT and FAT32 provide no security over locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files. 72. How do FAT and NTFS differ in approach to user shares?

They dont, both have support for sharing. 73. What is CIFS?

The protocol used for File and print sharing in windows network. Common Internet File System (CIFS) is an extension of the SMB protocol that is used with basic file sharing. One of the advantages of CIFS over SMB is the ability to operate directly over DNS without the use of NetBIOS. 74. What are the types of Backup in windows?

There are five types. Normal Takes the full backup, Will not see the Archive bit but uncheck the bit after backup Incremental Backs up only the files whose archive bit is on and uncheck the bit after backup Differential - Backs up only the files whose archive bit is on and will not uncheck the bit after backup Copy Just like normal. Will not do anything with Archive bit. Daily - Back up all the files which are created/modified on scheduled date. 75. Explain the List Folder Contents permission on the folder in NTFS. Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission. 76. I have a file to which the user has access, but he has no folder permission to read it. Can he access it? It is possible for a user to navigate to a file for which he does not have folder permission. This involves simply knowing the path of the file object. Even if the user cant drill down the file/folder tree using My Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The best way to start would be to type the full path of a file into Run window. 77. For a user in several groups, are Allow permissions restrictive or permissive? Permissive, if at least one group has Allow permission for the file/folder, user will have the same permission. 78. For a user in several groups, are Deny permissions restrictive or permissive? Restrictive, if at least one group has Deny permission for the file/folder, user will be denied access, regardless of other group permissions. 79. What hidden shares exist on Windows Server 2003 installation? Admin$, Drive$, IPC$, print$.

80. Whats the difference between standalone and faulttolerant DFS (Distributed File System) installations? The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may include multiple connections to the same data residing in different shared folders. 81. Were using the DFS fault-tolerant installation, but cannot access it from a Win98 box. Use the UNC path, not all client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares. 82. Where exactly do fault-tolerant information in Active Directory? DFS shares store

In Partition Knowledge Table, which is then replicated to other domain controllers. 83. Is Kerberos encryption symmetric or asymmetric?

Symmetric. 84. How does Windows 2003 Server try to prevent a middleman attack on encrypted line? Time stamp is attached to the initial client request, encrypted with the shared key. 85. What hashing algorithms are used in Windows 2003 Server? RSA Data Securitys Message Digest 5 (MD5), produces a 128-bit hash, and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash. 86. Which are the four domain functional levels in windows 2003? Mixed, Native, NT Interim and Windows 2003. 87. Whats the number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though, that its the Administrator account, not any account thats part of the Administrators group.

88. Whats the difference between guest accounts in Server 2003 and other editions? More restrictive in Windows Server 2003. 89. If you uninstall Windows Server 2003, which operating systems can you revert to? Win ME and Win 98. 90. What is ICF?

Internet Connection Firewall (ICF) is firewall software that is used to set restrictions on what traffic is allowed to enter your network from the Internet. ICF protects your network against external threats by allowing safe network traffic to pass through the firewall into your network, while denying the entrance of unsafe traffic. 91. What are the Windows Server 2003 keyboard shortcuts?

Winkey opens or closes the Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next application in the taskbar. Winkey + SHIFT + TAB moves the focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer. Winkey + F opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimization. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer. 92. Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003? The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory. 93. How long does it take for security changes to be replicated among the domain controllers? Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).

94. Whats new in Windows Server 2003 regarding the DNS management? When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory. If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard. 95. When should you create a forest?

Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions. 96. How can you authenticate between forests?

Four types of authentication are used across forests: (1) Kerberos and NTLM network logon for remote access to a server in another forest; (2) Kerberos and NTLM interactive logon for physical logon outside the users home forest; (3) Kerberos delegation to N-tier application in another forest; and (4) user principal name (UPN) credentials. 97. What snap-in administrative tools are available for Active Directory? Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from adminpak) 98. What is Global Catalog?

The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent

user logon failures across the network. 99. How is user account security established in Windows Server 2003? When an account is created, it is given a unique access number known as a security identifier (SID). Every group to which the user belongs has an associated SID. The user and related group SIDs together form the user accounts security token, which determines access levels to objects throughout the system and network. SIDs from the security token are mapped to the access control list (ACL) of any object the user attempts to access. 100. If I delete a user and then create a new account with the same username and password, would the SID and permissions stay the same? No. If you delete a user account and attempt to recreate it with the same user name and password, the SID will be different. 101. What remote access options does Windows Server 2003 support? Dial-in, VPN, dial-in with callback. 102. Where are the documents and settings for the roaming profile stored? All the documents and environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all changes to the locally stored profile are copied to the shared server folder. Therefore, the first time a roaming user logs on to a new system the logon process may take some time, depending on how large his profile folder is. 103. Where are the settings for all the users stored on a given machine? Document and Settings\All Users 104. What languages can you use for log-on scripts?

JavaScipt, VBScript, DOS batch files (.com, .bat, or even .exe) 105. What is presentation layer responsible for in the OSI model? The presentation layer establishes the data format prior to passing it along to the network applications interface. TCP/IP networks perform this task at the application layer.

106. Yes.

Does Windows Server 2003 support IPv6?

107. Whats the difference between the basic disk and dynamic disk? The basic type contains partitions, extended partitions, logical drivers, and an assortment of static volumes; the dynamic type does not use partitions but dynamically manages volumes and provides advanced storage options 108. How do you install recovery console?

C:\i386\win32 /cmdcons, assuming that your Win server installation is on drive C. 109. Whats new in Terminal Services for Windows 2003 Server?

Supports audio transmissions as well, although prepare for heavy network load. 110. Whats the name of the user who connects to the Web site anonymously? IUSR_computername 111. Whats the relation between SSL and TLS?

Transport Layer Security (TLS) extends SSL by providing cryptographic authentication. 112. Whats a heartbeat?

Communication processes between the nodes designed to ensure nodes health. 113. Which service do you use to set up various alerts?

MOM (Microsoft Operations Manager). 114. What is KCC?

115. How AD offline defragmentation carried out?

116. What is Metta data cleener?

117. Networking Moniter protocal? and tools ?

118. Service responsable for SYSVOL relication ?

119. Define the following : GPT:(Group policy Templet) GPC:(Group policy Container) GPO:(Group policy Object) 120.

Windows Server 2003 Active Directory and Security questions

By admin | December 7, 2003

1.

Whats the difference between local, global and universal groups? Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains. I am trying to create a new universal user group. Why cant I? Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory. What is LSDOU? Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units. Why doesnt LSDOU work under Windows NT? If the NTConfig.pol file exist, it has the highest priority among the numerous policies. Where are group policies stored? %SystemRoot%System32\GroupPolicy What is GPT and GPC? Group policy template and group policy container. Where is GPT stored? %SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority? The computer settings take priority. You want to set up remote installation procedure, but do not want the user to gain access over it. What do you do? gponame> User Configuration> Windows Settings> Remote Installation Services > Choice Options is your friend.

2.

3.

4.

5. 6. 7. 8.

9.

10. Whats contained in administrative template conf.adm? Microsoft NetMeeting policies 11. How can you restrict running certain applications on a machine? Via group policy, security settings for the group, then Software Restriction Policies.

12. You need to automatically install an app, but MSI file is not available. What do you do? A .zap text file can be used to add applications using the Software Installer, rather than the Windows Installer. 13. Whats the difference between Software Installer and Windows Installer? The former has fewer privileges and will probably require user intervention. Plus, it uses .zap files.

14. What can be restricted on Windows Server 2003 that wasnt there in previous products? Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network configuration parameters. 15. How frequently is the client policy refreshed? 90 minutes give or take.

16. Where is secedit? Its now gpupdate. 17. You want to create a new group policy but do not wish to inherit. Make sure you check Block inheritance among the options when creating the policy.

18. What is "tattooing" the Registry? The user can view and modify user preferences that are not stored in maintained portions of the Registry. If the group policy is removed or changed, the user preference will persist

in the Registry. 19. How do you fight tattooing in NT/2000 installations? You cant. 20. How do you fight tattooing in 2003 installations? User Configuration - Administrative Templates System - Group Policy - enable - Enforce Show Policies Only. 21. What does IntelliMirror do? It helps to reconcile desktop settings, applications, and stored files for users, particularly those who move between workstations or those who must periodically work offline. 22. Whats the major difference between FAT and NTFS on a local machine? FAT and FAT32 provide no security over locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files. 23. How do FAT and NTFS differ in approach to user shares? They dont, both have support for sharing. 24. Explan the List Folder Contents permission on the folder in NTFS. Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission. 25. I have a file to which the user has access, but he has no folder permission to read it. Can he access it? It is possible for a user to navigate to a file for which he does not have folder permission. This involves simply knowing the path of the file object. Even if the user cant drill down the file/folder tree using My Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The best way to start would be to type the full path of a file into Run window. 26. For a user in several groups, are Allow permissions restrictive or permissive? Permissive, if at least one group has Allow permission for the file/folder, user will have the same permission. 27. For a user in several groups, are Deny permissions restrictive or permissive? Restrictive, if at least one group has Deny permission for the file/folder, user will be denied access, regardless of other group permissions. 28. What hidden shares exist on Windows Server 2003 installation? Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL. 29. Whats the difference between standalone and fault-tolerant DFS (Distributed File System) installations? The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may include multiple connections to the same data residing in different shared folders. 30. Were using the DFS fault-tolerant installation, but cannot access it from a Win98 box. Use the UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares. 31. Where exactly do fault-tolerant DFS shares store information in Active Directory? In Partition Knowledge Table, which is then replicated to other domain controllers.

32. Can you use Start->Search with DFS shares? Yes. 33. What problems can you have with DFS installed? Two users opening the redundant copies of the file at the same time, with no file-locking involved in DFS, changing the contents and then saving. Only one file will be propagated through DFS. 34. I run Microsoft Cluster Server and cannot install fault-tolerant DFS. Yeah, you cant. Install a standalone one.

35. Is Kerberos encryption symmetric or asymmetric? Symmetric. 36. How does Windows 2003 Server try to prevent a middle-man attack on encrypted line? Time stamp is attached to the initial client request, encrypted with the shared key. 37. What hashing algorithms are used in Windows 2003 Server? RSA Data Securitys Message Digest 5 (MD5), produces a 128-bit hash, and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash. 38. What third-party certificate exchange protocols are used by Windows 2003 Server? Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7 certificate response to exchange CA certificates with third-party certificate authorities. 39. Whats the number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though, that its the Administrator account, not any account thats part of the Administrators group. 40. If hashing is one-way function and Windows Server uses hashing for storing passwords, how is it possible to attack the password lists, specifically the ones using NTLMv1? A cracker would launch a dictionary attack by hashing every imaginable term used for password and then compare the hashes. 41. Whats the difference between guest accounts in Server 2003 and other editions? More restrictive in Windows Server 2003. 42. How many passwords by default are remembered when you check "Enforce Password History Remembered"? Users last 6 passwords.