Barry Shilmover

1
70-215 Windows 2000 Server

• Barry Shilmover
• Founder/CIO (CGO)
• Sonic Mobility Inc.

2
Agenda

• What to Expect
• Microsofts new testing innovations
• The Exam
• Installing Windows 2000
• Working with Resources
• Hardware Devices and Drivers
• System Performance, Reliability, and Availability
• Windows 2000 and Storage
• Networking
• Security

3
Sidebar KB Articles

• Q number are mentioned throughout this
  presentation
• All are found on the Microsoft TechNet site
• They are the letter Q followed by a six digit
  code. For example, Q123456
• The URL for the above example would be
  http//support.microsoft.com/support/kb/articles/Q
  123/4/56.ASP

4
What to Expect

• Some exam detail
• 120 Minutes
• 62 Questions
• Passing Score 660
• Preparation Guide
• http//www.microsoft.com/trainingandservices/exams
  /examasearch.asp?PageID70-215

5
Testing Innovations

• Multiple choice
• Select-and-place exam questions
• Case study-based exam questions
• Simulations
• Computer adaptive testing

6
Multiple Choice

• Um yah

7
Select-and-Place Exam Questions

• Also known as Drag-and-Drop questions
• A Scenario is given and you must drag the answers
  to the right locations on the diagram

8
Case Study-Based Exam Questions

• A case study is introduced at the beginning and a
  number of questions are asked based on the
  information provided
• This is NOT a memory test The case study is
  always available

9
Simulations

• As the name states a simulation
• Some tips
• Read the question only give them what they want
• If information is not provided about a setting,
  assume the default settings
• Close all windows within the simulation
• Check your spelling
• Not currently on the exam

10
Computer Adaptive Testing

• You start with an easy to moderate question
• If you answer it correctly, you will get a more
  difficult question
• If you answer it incorrectly, you will get a less
  difficult question
• This process is repeated until the testing engine
  has determined your ability
• Main difference between CAT and Traditional is
  that you cannot navigate questions in a CAT exam
• Not used in this exam.

11
The Exam
12
Installing Windows 2000

• Attended Installation
• Unattended installation
• Upgrading from Windows NT 4.0
• Service Packs and hotfixes
• When an installation fails

13
Windows 2000 BI

• Before Installation
• Check the Windows 2000 Hardware Compatibility
  List (HCL)
• http//www.microsoft.com/hcl/default.asp
• Or run WINNT32.exe /checkupgradeonly

14
Attended Installation

• The four setup stages
• Setup Program (text)
• Setup Wizard (graphical)
• Windows Networking Installation
• Setup Completion
• Types of installation
• From the CD-ROM
• From the Network

15
From the CD

• Boot from the CD
• Or make boot floppies
• MAKEBOOT (16-bit) or MAKEBT32 (32-bit)
• Generate 4 startup disks
• TechNet article Q197063

16
From the Network

• Copy i386 directory to a server
• Share the i386 directory
• Create a boot floppy for the server (so that it
  can connect to the network)
• Map a drive to the network share
• Run the setup

17
Unattended Installation

• All questions are answered ahead of time
• These are stored in an answer file
• Answer files are created via
• A text editor
• Or the Setup Manager Wizard (SMW)

18
Unattended Installs and User Interaction

• The five levels
• Provide Defaults
• User simply accepts the default or makes changes
• Fully Automated
• No user interaction
• Hide Pages
• Only pages for which information was not provided
  is shown
• Read Only
• As 3, but shows all information in read-only
• GUI Attended
• Second stage of setup is automated. Rest is
  manual

19
The Setup Manager Wizard

• A GUI-based answer file creation utility
• Found in the Windows 2000 Resource Kit Deployment
  Tools section

20
The Setup Manager Wizard

• DEMO

21
SysPrep

• Tool used for ghosting of systems
• Reverses the unique settings of a system (such as
  the name and SID)
• Is found in the DEPLOY.CAB file on the Windows
  2000 Professional CD-ROM (in the \support\tools
  folder)

22
Upgrading from Windows NT 4.0

• Upgrade path

23
Service Packs and Hotfixes

• Windows 2000 now supports slipstreaming Service
  Packs
• Service Pack is added directly to the
  distribution share
• UPDATE.EXE /slip
• All installation performed from the distribution
  share will now have the Service Pack applied

24
When an Installation Fails
Never happens right?
25
(No Transcript)
26
When an Installation Fails

• Run the setup program in debug mode
• WINNT32.EXE /debuglevel
• Level 1 regular errors
• Level 2 warnings
• Level 3 all messages
• Check the HCL
• Check Network (including DNS!)

27
Working with Resources

• Network Services
• Printers
• Files, Folders, and Shares
• Distributed File System (DFS)
• Security
• Web Sites

28
Network Services

• FrontPage 2000 Server Extensions
• FTP Server
• NNTP Server
• SMTP Server
• Telnet Server
• Web Server
• WINS/DNS/DHCP
• DHCP-Relay

29
Printers

• Has not changed much from Windows NT
• Supported Clients
• Windows
• Macintosh
• Using File and Print Services for Macintosh
• Novell
• Using Client Service for NetWare/NWLink
  IPX/SPX/NetBIOS Compatible Transport Protocol
• Unix
• Using Services for Unix 2.0

30
Printers Continued

• Print Pooling
• The ability to group two or more identical
  printer together. They appear as one logical
  printer to the clients
• Print Priority
• The ability to set different logical printers,
  each with different priorities (from 1, lowest
  and default, to 99)
• Remember to set security. (Everyone Full
  Control)
• Internet Printing
• New Feature!
• Allows for accessing the printers via a web
  browser
• http//servername/printers

31
Printer Continued

• Windows 2000 automatically downloads and installs
  drivers for Windows 2000, Windows NT3.51/4.0, and
  Windows 95/98/Me
• Most common way to fixed a stalled printer
  spooler?
• Kick it!
• Be aware of how to set permissions, printer and
  print server properties

32
Files, Folders, and Shares

• Windows 2000 now supports FAT32 natively
• Use FAT and FAT32 for dual boot with other
  operating systems

33
Files, Folders, and Shares, cont.

• New version of NTFS
• Known as NTFSv5 or Windows 2000 NTFS
• Now supports
• Disk Compression
• Encryption
• Disk Quotas
• Reparse Points
• Volume Mount Points
• SID Searching
• If NTFSv4 is installed on the system, it will
  automatically be upgraded to NTFSv5
• Therefore, Windows NT systems need SP4 or higher

34
Files, Folders, and Shares, cont.

• NTFS partitions can now be Defragmented
• Command-line program for modifying NTFS
  permissions
• cacls.exe
• Copying/Moving files is the same as with Windows
  NT
• Copying within a partition permissions are
  inherited
• Moving within a partition permissions are
  retained
• Moving between partitions permissions are
  inherited

35
Distributed File System

• A Definition
• Distributed file system (Dfs) allows
  administrators to make network-wide resources
  appear as though they exist in a single location
  on the network

36
An Example

• Without DFS
• Domain
• Server1
• Documents
• Corp
• Server2
• Users
• Server3
• Home

• With DFS
• Domain
• Corp
• Documents
• Home
• Users

37
Distributed File System - Standalone

• Setup
• Administrative Tools Distributed File System
• Select Create a standalone DFS root
• Limitations
• No fault-tolerance
• Only single-level hierarchy is available

38
Distributed File System Domain-based

• Setup
• Administrative Tools Distributed File System
• Select Create a domain DFS root
• Features
• All configuration is stored in and replicated by
  Active Directory
• Fault-tolerant through replicas
• No limit on hierarchy levels (sort of)

39
Web Sites

• Virtual Servers
• The ability to host a number of web sites on the
  same physical box
• Three setup methods
• IP Address
• Host Header
• Port number

40
Web Sites Continued

• Virtual Directory
• A directory that appears under the root directory
  of the web site
• A virtual Directory can be
• A directory on the local machine
• A shared folder on a network server
• Another web site (ie http//www.somedomain.com)
• Tip Refrain from using spaces in the name of
  the virtual directory. Older browsers cant
  interpret the spaces

41
Web Sites - Security

• Authentication Methods for web sites
• Allow anonymous
• Basic authentication
• Integrated Windows Authentication
• Digest authentication
• SSL Client Certificate

42
Hardware Devices and Drivers

• Windows 2000 finally supports Plug and Pray

43
Hardware Devices and Drivers

• Windows 2000 finally supports Plug and Play
• All Hardware information is now behind My
  Computer
• Add/Remove Hardware control panel to launch the
  Hardware Wizard
• System Information snap-in displays read-only
  information about installed hardware
• Device Manager configures hardware

44
Driver Signing

• A new feature in Windows 2000 that allows you to
  ensure that the drivers you are installing have
  been tested and passed the Windows Hardware
  Quality Lab (WHQL) test
• Q224404 for more information

45
Some Utilities

• Driver Verifier Manager
• A command-line tool for troubleshooting driver
  problems
• verifier.exe (Q224404)
• Windows Report Tool
• A tool for taking a snapshot of the system
  hardware/software
• winrep.exe (Q188104)
• System File Checker
• A utility for verifying protected files and their
  version number
• sfc.exe (Q222471)
• Windows Signature Verification
• A tool for checking the signatures of signed
  drivers
• sigverif.exe (Q185828)

46
System Performance, Reliability, and Availability

• As with Windows NT, performance objects are
  important for the exam
• Unlike Windows NT, physical disk counters are now
  enabled by default
• To enable logical disk and volumes you need to
  run the diskperf yv command
• The Performance Monitor (in Windows NT) is now
  called the Performance Console

47
Alerts and Logs

• Three types of logs
• Trace
• Monitors information based on events. All
  information is recorded
• Counter
• These logs record information about specified
  objects and counters
• Alert
• Similar to a trace log except that information is
  not logged, it simply reacts to an event

48
Processes

• Processes are viewed through the Windows Task
  Manager
• Accessible through CtrlAltDelete and Task
  Manager
• Shortcut CtrlShiftEsc
• Each process has a priority assigned to it
  between 0 (lowest) and 31 (highest). Most common
  priorities
• Low 4
• Normal 8
• High 13
• Realtime 24
• Priorities can be changed through the Task
  Manager (not recommended)

49
Disk Performance

• Both mirrored and spanned volumes will degrade
  system performance.
• Striped disks offer the greatest performance.
• Microsoft has finally admitted that NTFS
  partitions get fragmented. Defragment regularly.
• Spread the pagefile across multiple hard drives,
  but take them off the system and boot disks (see
  Q197379).

50
System State and User Data

• System State Data
• Contains the Registry, System startup files, and
  COM class registrations.
• May contain
• Active Directory services and the Sysvol
  directory (on an AD Domain Controller)
• Resource Registry Checkpoints and Quorum Resource
  recover log (on a Windows 2000 Cluster)
• Certificate Services database (on a Certificate
  Server)
• Improve performance on an Active Directory domain
  controller by moving the system state data off
  the system/boot volume.

51
System State and User Data Recovery

• Emergency Repair Disk
• No more RDISK.exe. ERDs are now created through
  the backup program.
• No longer a repair disk. Is now a boot disk
  for accessing repair tools stored on the CD
  (Q216337).
• The ERD contains the following files
  autoexec.nt, config.nt, and setup.log.

52
Emergency Repair Disk
53
Safe Mode

• Safe mode is actually several modes
• Enable Boot Logging
• Enable VGA Mode
• Last Known Good Configuration
• Recovery Console
• Directory Services Restore Mode
• Debugging Mode
• Boot Normally
• Enter safe mode by pressing F8 during startup.

54
Recovery Console

• Gives you the ability to boot Windows 2000 to a
  DOS prompt.
• Similar to ERDCommander 2000 from
  Sysinternals.com.
• Limited functionality
• You can copy from removable media to the hard
  drive, but not the other way.

55
Windows Backup

• A watered down version of Veritas Softwares
  BackupExec.
• A major improvement to that monstrosity backup
  program in Windows NT.
• Better interface
• Can backup and restore to removable media, hard
  drive, or share.

56
Windows 2000 and Storage

• Windows 2000 has two disk types
• Basic Disks
• Dynamic Disks

57
Basic Disks

• Similar to Windows NT
• Contains Primary Partitions, Extended Partitions,
  and Logical Drives
• Used for dual-boot systems with non-Windows 2000
  systems

58
Dynamic Disks

• New to Windows 2000
• Contains volumes
• Can be resized without a system reboot
• Can be converted back to Basic Disks (assuming no
  volumes exist)
• Can be exported/imported

59
Basic and Dynamic Disks compared

• Partition
• Extended Partition
• Logical drive
• Mirror Set
• Volume Set
• Stripe Set
• Stripe Set with Parity

• Volume
• Volume
• Simple Volume
• Mirrored Volume
• Spanned Volume
• Stripped Volume
• RAID-5 Volume

60
Storage - New Features

• Data Compression
• Any file or folder on an NTFS folder can be
  compressed/uncompressed.
• Can be performed through My Computer or Windows
  Explorer

61
Storage - New Features

• Disk Quotas
• Quotas can only be set on the volume, not on
  individual folders (Q183322).
• Disabled by default.
• Tips
• While you cannot assign quotas to groups, you can
  choose multiple users.
• Do not choose the Deny disk space to users
  exceeding quota limit option on the disk storing
  Windows 2000.

62
Disk Failures

• Know the ARC paths in BOOT.INI (Q119467 and
  Q113977).
• multi()
• scsi()
• disk()
• rdisk()
• parition()
• lowest value1

63
Networking

• Virtual Private Networks
• Network Protocols
• Network Services
• Remote Access
• Terminal Services

64
Virtual Private Networks

• Remote Access Service (RAS) in Windows NT is now
  Routing and Remote Access (RRAS).
• Two supported protocols Point to Point
  Tunneling Protocol (PPTP) and Layer Two Tunneling
  Protocol (L2TP).

65
TCP/IP

• Most used protocol today.
• DHCP is used to dynamically assign TCP/IP
  addresses
• DNS is used to resolve TCP/IP addresses and names
  (and the reverse).
• WINS is used to resolve NetBIOS names to TCP/IP
  addresses.
• Subnet mask is used to distinguish between the
  network and host IDs of the TCP/IP address.
• Default gateway is used to identify the host
  which communicates outside the network

66
TCP/IP - Continued...

• Windows 2000 will automatically assign an address
  (169.254.x.y and 255.255.0.0)
• Troubleshooting
• ipconfig (Q223413)
• netstat
• nbtstat
• tracert
• route
• ping

67
Remote Access

• RRAS supports multilink (Q223171, Q233151,
  Q244071).
• Like RAS, it supports callback (called Callback
  Security.

68
Terminal Services

• Terminal Services includes
• TS Client Creator
• TS Configuration
• TS Licensing
• TS Manager
• Uses Remote Desktop Protocol (RDP) and RDP-TCP
  (RDP over TCP/IP).

69
TS - Continued...

• It is recommended that you install applications
  through the Add/Remove Program control panel.
• If installing manually, put TS into install mode
• change user /install
• To turn off
• change user /execute
• Clients include Windows 3.11, Windows 95/98/Me,
  Windows NT, Windows 2000, Internet Explorer.
• Install TSAC for access through Internet Explorer.

70
Security

• Encrypted File System
• Policies
• Auditing
• Local Accounts
• Account Policy
• The Security Configuration Tool Set

71
Encrypted Files System (EFS)

• Any file on an NTFSv5 volume can be encrypted.
• The process is transparent to the user.
• A Recovery Agent is used to recover encrypted
  file with a lost key.
• Default encryption is 56-bit. North Americans
  can upgrade to 128-bit.
• The efsinfo.exe utility (Resource Kit) can give
  you info on encrypted files (Q243026).
• Does graphically or using the Cipher.exe command.

72
Policies

• Similar to System Policy Editor in Windows NT.
• Group Policy MMC snap-in (gpedit.msc).
• Settings can be stored in AD.
• Settings can be exported/imported using .INF files

73
Auditing

• Disabled by default.
• Enabled via Start Administrative Tools Local
  Security Policy.

74
Local Accounts/Account Policy

• Local Accounts
• Usernames cannot be longer than 20 characters.
• They cannot contain / \ , ? lt
  gt
• Passwords can be up to 128 characters in length
  (Microsoft recommends 8).
• Account Policy
• Password policy (default)
• Enforce password history 0 days
• Maximum password age 42 days
• Minimum password age 0 days

75
Account Policy - Continued...

• Minimum password length 0 characters
• Passwords must meet complexity requirements
  disabled
• Store password using reversible encryption for
  all users in the domain disabled
• Account Lockout Policy (default)
• Account lockout duration not defined
• Account lockout threshold 0 invalid login
  attempts/disabled
• Reset account lockout after not defined

76
The Security Configuration Tool Set

• The Security Configuration and Analysis snap-in
  is normally used to troubleshoot security.
• Security database (mysecuresv.mdb) is compared to
  the template.
• Command-line based version secedit.exe.

77
Additional Resources

• Exam Preparation Guide http//www.microsoft.com/tr
  ainingandservices/exams/examasearch.asp?PageID70-
  215
• Windows 2000 Server and Professional Resource
  Kits
• Course 2151 Microsoft Windows 2000 Network and
  Operating System Essentials http//www.microsoft.c
  om/trainingandservices/syllabi/syllasearch.asp?Pag
  eID2151Afinalcoursenumber2151
• Course 2152 Implementing Microsoft Windows 2000
  Professional and Server http//www.microsoft.com/t
  rainingandservices/syllabi/syllasearch.asp?PageID
  2152Bfinalcoursenumber2152

78
Questions?

• Barry.Shilmover_at_SonicMobility.com