Exam Reviews
Server Mania
To get through 70-216, develop your skills in server installation, resource and storage management, hardware expertise, system performance, and networking and Active Directory.
The Windows 2000 Server exam is one of four core exams required for a
Win2K MCSE, and it’s the second exam most people take on their way to
an MCSE credential. If you’ve already passed the Win2K Professional exam,
you have a good base of knowledge for this one. [Click
here to read Jill’s review of the 70-210, Win2K Pro exam.—Ed.] Of
course, there are many new topics, but some topics will be duplicates
from the Pro exam.
Microsoft describes candidates for this exam as people with a minimum
of one year’s experience implementing and administering network operating
systems in a large environment with multiple physical locations. This
translates into the need for a lot of hands-on practice before you tackle
the exam. Keep that in mind!
In general, I thought this exam was a little harder than the Win2K Professional
exam, but not too much. Expect to see a few scenario and drag-and-drop
questions. Most of the questions are multiple-choice, but they tend to
be relatively long.
Microsoft offers traditional- and adaptive-format exams. A traditional
exam has a fixed number of questions. You can go forward and back in the
exam, allowing you to mark questions for review. On the other hand, an
adaptive exam varies in length. The test starts with an easy to moderate
difficulty question. If you answer the question correctly, the next question
is more difficult. If you answer the question incorrectly, the next question
is easier. This process continues until the test determines your ability
level. One of the most noticeable features of the adaptive exam is that
you can’t go back to review questions. Once you answer a question, it’s
graded and you move onto the next. At the time of this writing, exam 70-215
is a traditional-format exam, but Microsoft reserves the right to change
the testing format at any time.
Windows
2000 Server (70-215) |
Reviewer’s Rating
“This test truly challenges your abilities to implement,
administer and troubleshoot systems built around Windows
2000 Server.”
Title
Installing, Configuring, and Administering Microsoft
Windows 2000 Server
Current Status
Live as of June 15, 2000.
Who Should Take It
Core credit for the MCSE.
What Classes Prepare You
2151: Windows 2000 Network and Operating System
Essentials
2152: Implementing Microsoft Windows 2000 Professional
and Server
|
|
|
Installation Issues
The first set of objectives for the Win2K Server exam covers installation.
As always, before you start an installation, make sure the computer meets
all hardware requirements.
You must be able to perform attended and unattended installations. To
begin an attended installation, boot from the Win2K CD-ROM if the computer
supports booting from the CD. If your computer doesn’t support booting
from the CD-ROM, create boot disks with makeboot.exe or makebt32.exe.
You can also start an installation over the network. Set up a server with
a file share containing the contents of the \i386 folder. Boot the client
with a network boot disk and connect to the shared folder. Start the installation
by running Winnt.exe. Winnt.exe is used when you’re running a 16-bit environment.
This is typically the case when you create a network boot disk. If you’re
running a 32-bit environment, use Winnt32.exe.
For an unattended install, use the Setup Manager Wizard to create an
answer file. An answer file contains the information required by Setup
so you don’t have to enter anything during the installation. You can perform
an unattended installation by booting from the Win2K CD-ROM or by connecting
to a distribution server that contains the installation files. To perform
an unattended install with the installation CD, save the answer file on
a floppy with the name Winnt.sif. Boot from the CD, then put the floppy
in the drive.
Tip: An unattended installation over the network is similar to an
attended installation. Simply use the correct switch to specify the answer
file when you start the installation (Winnt /u:answerfile or Winnt32 /unattend:answerfile).
Other automated installation methods include sysprep and syspart. The
syspart parameter is used with Winnt32. It can be used when you have a
master computer and target computers without similar hardware. Use the
syspart switch to install the operating system on the second hard drive
in the master computer. Syspart marks the drive as the active boot device,
so when you move the drive to the target computer, it’s bootable.
Sysprep is used to duplicate disks. Install Win2K on a master computer.
Also, install any applications that’ll be installed on all target systems.
Then run sysprep and a third-party disk-imaging utility. Sysprep prepares
the hard disk on the master computer for use with the disk-imaging software.
When using sysprep, the master and target computers must have identical
HALs and mass storage device controllers. Plug and Play devices are automatically
detected by Win2K, so items such as network adapters and video cards don’t
have to be identical.
Upgrading is another installation topic. You can upgrade directly to
Win2K Server from Windows NT Server 3.51 and Windows NT Server 4.0. If
you’re running NT Server 3.1 or 3.5, first upgrade to NT 3.51 or 4.0,
then upgrade to Win2K. Upgrades get more complicated when you upgrade
a Domain Controller instead of a member server. The first step in a domain
upgrade is to upgrade the Windows NT PDC to Win2K Server. After you upgrade
the PDC, then you can upgrade BDCs in any order.
Tip: Make sure you understand that you can run Win2K service packs
against your shared network copies of the Win2K installation files by
invoking update.exe with the -s option. This way, after installing new
Win2K features, you don’t have to reapply the service pack.
Dealing with Resources
For resource management, make sure you know NTFS and share permissions
inside and out. When you set permissions on a parent folder, new files
and subfolders in that folder inherit those permissions. If you don’t
want a file or subfolder to inherit permissions from the parent, you need
to clear the “Allow inheritable permissions from parent to propagate to
this object” check box. Know the rules for copying and moving files on
NTFS partitions. When you copy a file or move a file to a different partition,
it inherits the permissions of the destination folder. When you move a
file to a different folder on the same partition, it retains its permissions.
The distributed file system (Dfs) organizes shared folders on different
servers into a single, hierarchical structure, starting with a root located
on a Win2K server. Instead of seeing many file servers (each containing
shares), users see a few Dfs root shares. Users no longer need to know
which servers contain what shares. A Dfs root may be standalone or domain-based.
Domain-based Dfs allows for folder replicas, which create fault tolerance.
Standalone Dfs doesn’t.
You need to know the basics of printer management, including printer
installation, how to set permissions, configuration options such as printer
priorities, and how to change the location of the spool folder.
One new feature is Internet printing. If the print server needs to be
running IIS, you can connect to a printer via a URL. Use http://servername/printers
to see a list of all printers on that server. Use http://servername/printersharename
to go directly to the page for that printer. Also, know how to make your
Win2K printers available to Unix users.
Tip: IIS is installed by default when you install Win2K. You need
basic Web site management skills for this exam. Make sure you understand
Web sharing permissions, as well as the basics of setting up and configuring
sites.
Hardware Expertise
The hardware management section of this exam relies heavily on experience.
If you’ve set up your share of computers, exam questions in this area
will be straightforward. If you haven’t, get your hands on some hardware
and start practicing. You need to know how to install, update and troubleshoot
hardware drivers. Device Manager is the primary tool for driver management.
Tip: You should also be familiar with Windows Update on the Microsoft
Web site.
Driver signing is new to Win2K. Microsoft has digitally signed drivers
to help ensure quality. Drivers need to meet certain testing criteria
before they can be signed. As an administrator, you can configure how
the computer responds to signed and unsigned drivers. The default is to
display a warning when it detects an unsigned driver. Other options include
ignoring unsigned drivers and preventing their installation.
System Performance
Optimizing your computer’s performance is similar to Windows NT 4.0. System
Monitor is essentially Performance Monitor spruced up-the MMC. Understand
when you need an additional CPU or just more memory. You can also monitor
the computer and manage processes with Task Manager.
Windows Backup is your basic tool for backing up data and the system
state data. The system state data on a Win2K member server includes the
registry, boot files and COM objects. On a Win2K Domain Controller, the
system state data also includes Active Directory. When you restore AD
on a DC, there are two general methods: non-authoritative restores and
authoritative restores. In a non-authoritative restore, the DC is restored
from backup, and the restored data is updated by AD replication. If you
need to restore a deleted AD object, use an authoritative restore. In
this case, you restore from backup and run the Ntdsutil tool to mark all
or part of the directory as authoritative. The marked data will be replicated
to other DCs after you reboot.
Tip: For a rundown on the restoration of Active Directory, read Jeremy
Moskowitz’s article, “Active
Directory: Back from the Dead,” in the February 2001 issue.
You have a number of options for troubleshooting boot problems. Safe
mode loads a minimal driver set during start up. You can also boot to
the command-line Recovery Console. The Recovery Console can be used to
start and stop services, read and write data on a local drive, and format
disks.
Storage Use
The Win2K Server exam places a heavy emphasis on disk management. Win2K
supports a new type of disk: the dynamic disk. When you first install
a hard drive, it’s a basic disk. To upgrade to a dynamic disk, you need
at least 1MB of unallocated space. Know the vocabulary for both types
of disks. Supported volume types include simple, spanned, striped, mirrored
and RAID-5 volumes. Mirrored and RAID-5 volumes are fault-tolerant. You
need to know how to configure and manage each of these types of volumes
on both basic and dynamic disks. You also need to be able to recover from
disk failures.
Quota management is new to Win2K. Disk quotas are assigned to volumes.
You can set a default quota for all users on the volume, with different
quotas for individual users. Quotas aren’t assigned according to group
memberships. Users are charged for the files they own, but be aware that
quotas count the amount of uncompressed disk space. A user with compressed
files may be surprised to learn he’s out of disk space.
The other topic in this category is compression. Compression is an NTFS
attribute, so when you copy and move files, it behaves like NTFS permissions.
However, there are a couple of gotchas. Encryption and compression are
mutually exclusive. You can’t compress an encrypted file and you can’t
encrypt a compressed file. Also, it’s an NTFS attribute, so when you try
to copy a compressed file to an FAT partition, it’ll be uncompressed.
Tip: Encryption is a little different from compression in that when
an encrypted file is copied or moved to a different Win2K NTFS drive,
it always remains encrypted. This is even the case when copying to an
NTFS drive on a remote Win2K machine.
Making Connections
Although there’s a separate exam that covers networking services (70-216),
you need a solid networking foundation to pass this exam. Make sure you
have a good basic understanding of DNS, DHCP, WINS and TCP/IP.
You also need a solid understanding of Routing and Remote Access. Understand
how to set up your server as a VPN server or as a dial-up Remote Access
Server. Make sure you’re up to speed on the following protocols: CHAP,
MS-CHAP (v1 and v2), EAP, PAP, SPAP and RADIUS.
When you set up a remote access server, you can create remote access
policies to control who has access to the computer. Policies can specify
the times and days the server is available or who can connect to the server
based on group memberships. Each policy may have an associated profile,
which sets properties such as dial-in constraints, authentication and
encryption options.
Terminal Services allows clients to execute applications on the Terminal
Server. Clients use terminal emulation software to send keystrokes and
mouse movements to the server. Terminal Server does all the data processing
and sends it back to the display. Terminal Server (TS) is installed in
either remote administration mode or application mode. In remote administration
mode, you have licenses for two simultaneous connections. This mode is
intended to administer remote servers. When running application mode,
TS delivers applications to client computers.
Tip: If you plan to deliver applications, you must install a Terminal
Server License Server and purchase TS client access licenses from Microsoft.
Hardcore Security
The Encrypting File System (EFS) is a new feature of NTFS. Be aware that
you can’t compress encrypted files. Only the person who encrypted a file
or the designated Recovery Agent can decrypt that file. Note that this
will cause problems if you try to share an encrypted file! Because EFS
is an NTFS feature, encrypted files and folders are decrypted if you copy
them to FAT or FAT32 volumes. Also, be careful when you copy encrypted
files and folders to a different computer. The encryption certificate
and private key used to decrypt the files are needed on that computer.
If it doesn’t have them, you won’t be able to open the files.
Tip: Be aware that you need to be able to work with both local and
domain user accounts. Local user accounts are stored on the local computer
and are typically used in a workgroup environment. Domain user accounts
are stored in AD and allow the user to gain access to domain resources.
Although this isn’t the AD exam, you do need a basic understanding of
it. Specifically, you need to understand local and group policies in AD.
Group policies are deployed by linking them to sites, domains or Organizational
Units (OUs). Understand what happens when multiple policies are applied
to a computer. Look at policy inheritance. For example, you can block
policy inheritance at the OU level, but you can also set the No Override
option for a group policy. If you set No Override, the policy can’t be
blocked at a lower-level OU.
Other security topics include auditing and account policy. These are
configured on the local computer through Local Security Policy. They can
also be configured through group policy in AD. Account policy includes
password settings, such as the minimum password length, and lockout settings,
such as the number of failed logon attempts before the system locks you
out. When you configure the account policy for a domain, it’s set at the
domain level, not on individual OUs.
When you create an audit policy, be aware that auditing files, folders
or printers requires two things: You need to audit object access and you
need to configure auditing on the specific file, folder or printer.
Finally, look at security templates. They’re used to apply security settings
to the computer. There are standard templates for basic, secure and high-security
installations. Don’t use the hisec templates unless you have a Win2K-only
environment. Computers running the hisec templates can’t communicate with
older Windows clients! Good luck!