test out 2003 (70-290)

7/23/2019 Test Out 2003 (70-290)

1/50

Terminal Services Facts

By default, Windows 2003 comes with Remote Desktop enabled. Using Remote Desktop,

you can connect to a se!e and manage it emotely "ust as you would if you wee sittingat the se!e console. Remote Desktop uses #eminal $e!ices technology. #eminal$e!ices can also be used by end uses to connect to the se!e and un applications. %oe&ample, uses can connect to a se!e to un an application that is not suppoted on theclient system.

'eep in mind the following details egading Remote Desktop.

Remote Desktop is the same as unning #eminal $e!ices in administation mode

on pe!ious Windows !esions. Remote Desktop is limited to two concuent connections.

When using Remote Desktop, the use account used to connect to the se!e mustbe assigned a passwod, and must be gi!en e&plicit pemission fo RemoteDesktop. (llow uses fo Remote Desktop though the $ystem applet.

)lient computes e*uie client softwae to make the connection. #his softwae is

included with Windows + o Windows $e!e 2003, but must be installedsepaately on othe Windows !esions -Windows 2000, fo e&ample.

'eep in mind the following details egading #eminal $e!ices.

/ou can suppot many moe clients by installing #eminal $e!ices -also called

installing application mode fo #eminal $e!ices. Use (ddRemo!e Windows

components to install #eminal $e!ices. 1icosoft allows an e!aluation peiod fo #eminal $e!ices of 20 days. /ou

must install a licensing se!e pio to e&piation o the se!e will stop acceptingemote connections.

1any settings on the RD#cp popeties $essions tab can o!eide indi!idually

configued use settings. Use the 1sg command to send a message to all connected uses of a paticula

teminal se!ices se!e. /ou should know the following facts about 1sg4o #he synta& is 5Use6ame 7 $ession6ame 7 $ession8D9

:se!e4$e!e6ame; :1essage;.o Use6ame is the name of the use you want to ecei!e the message.

o $ession6ame is the name of the session you want to ecei!e the message.o $ession8D is the numeic 8D of the session whose use you want to ecei!e

a message.o se!e4$e!e6ame specifies the teminal se!e whose session o use

you want to ecei!e the message. -8f unspecified, se!e uses the se!e towhich you ae cuently logged on.

o 1essage is the actual message you wish to send.

7/23/2019 Test Out 2003 (70-290)

2/50

#he

7/23/2019 Test Out 2003 (70-290)

3/50

u 8ndicates use of an unattended answe file

udf 8ndicates the use of a uni*ueness database file

s $pecifies a path to souce files

checkupgadeonly Ceifies upgade compatibility

Trouleshooting Installation Facts

Use the debuglevel4logfileswitch to ceate an installation debug log. #he default debugle!el is 2. #he default log file is )4EsystemootEWinnt32.log. #he log le!els ae asfollows4

!evel Report

0 $e!ee ?os

?os

2 Wanings

3 8nfomation

F Detailed infomation fo debugging

/ou can use $ystem %ile )hecke -$fc.e&e to !eify the integity of potected systemfiles if an installation appeas unstable. /ou can use the following switches with the $fccommand4

Switch Function$cannow efom a scan immediately

$canboot)onfigues the opeating system to pefom a scan e!ey time theopeating system boots

Re!et )hanges the scan beha!io back to the default

)achesiGe HsiGe

)onfigues how much disk space can be used to stoe cached !esions ofpotected system files

#o uninstall a se!ice pack o hotfi& fom the command line, un $puninst.e&e fom these!ice pack o hot fi& uninstall folde. Use the following switches with $puninst4

Switch Function

u Unattended mode

f %oce othe apps to close at shutdown

G Do not eboot when complete

*

7/23/2019 Test Out 2003 (70-290)

4/50

#o isolate a di!e causing an installation to fail, add the $os switch to the Boot.ini file.#his loads the di!es indi!idually, allowing you to isolate the bad di!e.

!icensing Facts

/ou should know the following facts about licensing4

#he Iicensing Iogging se!ice is a!ailable fom the (dministati!e tools menu.

#he Iicensing Iogging se!ice allows you to !iew, add, and delete installed

poduct licenses. euse licensing is moe e&pensi!e pe client wokstation than a pese!e

licensing model, but it becomes much less e&pensi!e when many wokstationsaccess se!eal se!es.

)pl.cfg is the puchasing histoy file.

Ilsuse.lls is the use infomation file. Ilsmap.lls is the license goup infomation.

Automated Installation Facts

Windows po!ides the ability to pefom an unattended installation fom a )DR1. #opefom an unattended installation fom a )DR1, the following conditions must bemet4

#he compute must suppot booting fom a )DR1, and must adhee to the ?l

#oito nonemulation specification.

#he unattended answe file must be enamed to Winnt.sif and copied to a floppydisk so $etup can access it. When $etup displays the message that it is e&aminingthe hadwae configuation, inset the floppy disk containing the Winnt.sif file.

#he answe file must contain a !alid :Data; section with the following enties to

the unattended answe file4o Unattended8nstallH/es Calue must be set to JyesJ.

o 1$Dos8nitiatedH6o Calue must be set to JnoJ o $etup will stop duing

the gaphical potion of $etup.o (utoatitionH 8f the !alue is set to , the installation patition is

automatically selected. 8f the !alue is set to 0 -Geo, you ae pompted fothe installation patition duing the te&t potion of $etup.

/ou can also automate installation by pepaing a disk image. /ou then duplicate the diskimage to a new had di!e and boot the system. Use the following files to pepae anautomated installation using an image4

File Function

$yspep.e&e epaes a system fo duplication

7/23/2019 Test Out 2003 (70-290)

5/50

$etupcl.e&e Runs a minisetup wiGad when the duplicated di!e is booted

$yspep.inf(n optional answe file that automates the minisetup wiGad. )an be copiedto a floppy disk.

"ote##hese files belong in the $yspep folde at the oot of the system di!e.

"etwor$ Installation Facts

/ou should know the following facts about Remote 8nstallation $e!ices4

(n R8$ se!e must ha!e the following components installed on it4

o D=)

o D6$

o R8$

o (cti!e Diectoy

Use the Rbfg.e&e -Remote Boot Disk >eneato file to ceate a boot disk fo non+? compliant netwok adaptes. #he boot disk simulates the +? boot pocess.#he file is located in the Remote8nstalladmini3KL folde on the R8$ se!e.

n the wokstation, be sue to enable netwok boot in the B8$.

Use the Ripep.e&e file to ceate the image of the efeence compute.

#o pefom a netwok installation without R8$4

. )opy the souce installation files to a shaed netwok di!e.2. 8f necessay, update the installation files with se!ice packs o hotfi&es.3. ?&ecute Winnt o Winnt32 fom the netwok shae.

#o use dynamic updates duing an installation, download the updates to a netwok shae.Use the following switches with the Winnt o Winnt32 command to apply dynamicupdates duing the installation4

Switch Function

Dupepae4[path to downloadedupdates]

epaes the updates fo use duing installation.

Dushae4[path to downloadedupdates]

$tats the installation with the downloaded updatefiles.

Dudisable e!ents the dynamic update fom occuing.

#o apply a se!ice pack to the souce installation files, use the Update.e&e Ms4[network_share]command and switch. #his applies the se!ice pack changes to theinstallation files in the netwok shae.

7/23/2019 Test Out 2003 (70-290)

6/50

%omain &ser Account Facts

/ou should know the following facts about domain -o global use accounts4

Domain use accounts let uses log on to the netwok, and allow access to domain

esouces. (cti!e Diectoy stoes these accounts fo the entie domain -uses ha!e to log on

only once to access domain esouces. Domain use accounts ha!e a !aiety of popeties, such as use infomation,

goup membeship, use pofiles, and dialin settings. ( use account can be enamed when uses change "obs o need pe!iously

assigned pemissions to esouces. Use (cti!e Diectoy Uses and )omputes fom a domain contolle -o

wokstation with (dministati!e #ools installed to configue domain accounts When a new account is ceated, it is eplicated to all of the domain contolles in

the domain, so any domain contolle in the domain can authenticate use logons.

?ach use account has a uni*ue secuity identifie -$8D to identify the use to theWindows se!e. ( use can log on to the domain fom any compute that is amembe of the domain and can access esouces on that compute o on othecomputes fo which the domain use account has pemissions.

Iogon estictions apply to uses, not goups.

'roup Facts

(cti!e Diectoy defines theescopes that descibe the domains on the netwok fomwhich you can assign membes to the goupN whee the goup@s pemissions ae !alidN andwhich goups you can nest.

Scope %escription

>lobalgoups

(e used to goup uses fom the local domain. #ypically, you assign useswho pefom simila "ob functions to a global goup. ( global goup cancontain use and compute accounts and global goups fom the domain inwhich the global goup esides. >lobal goups can be used to gantpemissions to esouces in any domain in the foest.

Domain

local goups

(e used to gant access to esouces in the local domain. #hey ha!e openmembeship, so they may contain use and compute accounts, uni!esalgoups, and global goups fom any domain in the foest. ( domain local

goup can also contain othe domain local goups fom its domain. Domainlocal goups can be used to gant pemissions to esouces in the domain inwhich the domain local goup esides.

Uni!esalgoups

(e used to gant access to esouces in any domain in the foest. #hey ha!eopen membeship, so you can include use and compute accounts, uni!esalgoups, and global goups fom any domain in the foest. Uni!esal goupscan be used to gant pemissions to esouces in any domain in the foest.Uni!esal goups ae a!ailable only in Windows 2000 6ati!e o Windows

7/23/2019 Test Out 2003 (70-290)

7/50

2003 domain functional le!el.

(uilt)in 'roups

Windows domain contolles include se!eal builtin domain local goups, each of whichhas pedefined ights. #hese goups ae automatically ceated on domain contolles, andae placed in the Builtin folde in (cti!e Diectoy Uses and )omputes.

(uilt)in 'roup %escription

(dministatos%ull contol o!e the compute, including e!ey a!ailable ight in thesystem -the only builtin account that automatically has all ights,including the #ake owneship of files o othe ob"ects ight.

$e!e peatos$hae foldes and backup files and foldes.

Backuppeatos

Back up, copy, and estoe files on the compute -egadless ofpemissions. Iog on to and shut down the compute. )annot changesecuity settings.

(ccountpeatos

)eate, delete, and modify domain use accounts and goups. )annotmodify the (dministatos goup o any peatos goups.

#he basic best pactices fo use and goup secuity is4

)eate goups based on uses@ and administatos@ needs.

(ssign use accounts to the appopiate goups.

(ssign pemissions to each goup based on the esouce needs of the uses in the

goup and the secuity needs of you netwok.

'roup Strateg* Facts

#o make pemission assignments easie, assign pemissions to a goup, then add theaccounts that need to use the goup@s esouces. /ou can add use accounts, computes,and othe goups to goups. /ou should emembe the following when assigning membesto goups4

(dding a use account to a goup gi!es that account all the pemissions and ightsganted to the goup -the use must log off and log back on befoe the changetakes effect.

#he same use account can be included in multiple goups. -#his multiple

inclusion may lead to pemissions conflicts, so be awae of the pemissionsassigned to each goup.

7/23/2019 Test Out 2003 (70-290)

8/50

Nestingis the techni*ue of making a goup a membe of anothe goup. Using

hieachies of nested goups may make administation simpleas long as youemembe what pemissions you ha!e assigned at each le!el.

#he following table shows the thee basic ecommended appoaches to managing uses,

goups, and pemissions.

Strateg* &se %escription Application

A!P Used on wokstationsand membe se!es.

A4 lace use(ccounts!4 8nto IocalgoupsP4 (ssignemissions tothe local goups

Best used in a wokgoupen!ionment, not in a domain.

A'%!P Used in mi&ed modedomains and in nati!emode domains -does notuse uni!esal goups,which ae also nota!ailable in mi&edmode.

A4 lace use(ccounts'4 8nto >lobalgoups%!4 8ntoDomain IocalgoupsP4 (ssignemissions todomain localgoups

. 8dentify the uses in thedomain who use the sameesouces and pefom thesame tasks. >oup theseaccounts togethe in globalgoups.

2. )eate new domain localgoups if necessay, o usethe builtin goups to contolaccess to esouces.

3. )ombine all global goupsthat need access to the sameesouces into the domainlocal goup that contolsthose esouces.

F. (ssign pemissions to theesouces to the domain localgoup.

A'&%!P Used in nati!e modedomains, when thee ismoe than one domain,

and you need to gantaccess to simila goupsdefined in multipledomains.

A4 lace use(ccounts'4 8nto >lobal

goups&4 8ntoUni!esalgoups%!4 8ntoDomain IocalgoupsP4 (ssign

Uni!esal goups should be usedwhen you need to gant access tosimila goups defined in multiple

domains. 8t is best to add globalgoups to uni!esal goups, insteadof placing use accounts diectly inuni!esal goups.

7/23/2019 Test Out 2003 (70-290)

9/50

emissions todomain localgoups

&ser Pro+ile Facts

/ou should know the following facts about use pofiles4

Roaming use pofiles stoe the pofile contents on centallymanaged netwok

se!es and allow uses to log on to diffeent wokstations while maintaining theiWindows desktop.

1andatoy use pofiles allow all uses to make changes to thei desktops, but

those changes ae not sa!ed to the pofile. Uses ae foced to stat each logonsession with the oiginal pofile.

8f a use@s oaming Windows pofile is una!ailable duing log on, Windows will

use a copy of the locallycached pofile, wan the use of a possible netwok eo,and allow the use to log on.

Use account pofile configuation and netwok path infomation is associated

with the account and will mo!e with the account. #his allows simple mo!es ofuse account ob"ects and minimiGes the administati!e effot.

&ser Pro+ile ,anagement Tas$s

#he following list descibes some common pofile management tasks and theecommended method fo completing them.

To - - - %o - - -

)eate a newpofile

Iog on as a use without a pofile. Use pofiles ae ceatedautomatically, using the Default Uses pofile as a template. -/ou canalso set access pemissions on a copied pofile fo use as a newpofile.

?dit an e&istingpofile

Iog on as the use, then use the Windows inteface to modify thedesktop, $tat 1enu, taskba, and othe pefeences.

)eate $tat 1enuo Desktopshotcuts

)opy the desied shotcuts to the appopiate folde within the usepofile.

)opy a pofile

Use the Use ofiles tool to copy the pofile to a new location. 8f yousimply copy the subfoldes to a new location, egisty settings andpemissions will not be popely modified."ote# /ou cannot copy the pofile of a logged on use.

1ake a mandatoyuse pofile

Use ?&ploe to ename the 6tuse.dat file to 6tuse.man.

7/23/2019 Test Out 2003 (70-290)

10/50

1ake a oaminguse pofile

)opy the pofile to a netwok shae. Use the ofile tab in the useaccount popeties to ente the path to the use@s oaming pofile.

(ssign a specificpofile

?dit the popeties of the use account -eithe local o domain use toidentify the specific pofile -eithe to a use oaming o othewise touse.

Delete a pofileUse the Use ofiles tool. Do not simply delete the folde as egistysettings will not be modified appopiately."ote#/ou cannot delete the pofile of a logged on use.

Computer Account Facts

/ou should know the following facts about compute accounts4

#o "oin a compute to a domain4

o )eate a compute account in (cti!e Diectoy.o Ooin the compute to the domain.

1embes of the (dministatos o (ccount peatos goup can "oin an unlimited

numbe of computes to a domain. By default, domain uses can "oin up to 0 computes to a domain fom a

wokstation. )omputes added to the domain fom a wokstation ae added to the builtin

)omputes containe. Because the )omputes containe cannot be linked to policies, ceate compute

accounts befoehand in an U fo compute accounts. 8f the oganiGation uses a sepaate U fo computes, any compute accounts

ceated automatically in the )omputes containe must be mo!ed to the coectU.

Windows PK computes cannot use a compute account in a domain.

/ou can use the Dsadd and 6etdom utilities to ceate compute accounts.

( compute account must connect to the netwok befoe it will display

infomation about $ and $e!ice ack changes.

Trouleshooting !ogon

Both uses and computes must log on to the domain. Use logon is accomplished bysupplying a !alid usename and passwod combination. 8f uses ae ha!ing touble

logging on, check the following4

Ceify the coect logon name is being used, with the coect U6 suffi&. 1ake

sue the coesponding use account e&ists in (cti!e Diectoy. 1ake sue the use account is enabled.

8f the use has tied many times unsuccessfully, and ecei!es a message stating the

use account is locked, unlock the use account.

7/23/2019 Test Out 2003 (70-290)

11/50

8f necessay, change the passwod fo uses who might ha!e fogotten the

passwod.

)ompute account logon happens automatically in the backgound. %ailue to log onmight esult in a failue to use netwok esouces o gain access to the local compute. #o

toubleshoot compute accounts, apply the following steps4

. 8f the compute account e&ists, eset the account in (cti!e Diectoy.2. 8f the account does not e&ist, ceate it.3. 8f toubles pesist, emo!e the compute fom the domain and add it to a

wokgoup -use a wokgoup name not cuently in use. Re"oin the domain.

Command Prompt Tools

Command %escription

D$(dd )eate a new ob"ect in (cti!e Diectoy

D$

7/23/2019 Test Out 2003 (70-290)

12/50

'roup Polic* Facts

>oup policy is a tool used to implement system configuations that can be deployed

fom a cental location though >s ->oup olicy b"ects.

/ou should know the following >oup olicy facts4

>s contain hundeds of configuation settings.

>s can be linked to (cti!e Diectoy sites, domain, o oganiGational units

-Us. >s include compute and use sections. )ompute settings ae applied at

statup. Use settings ae applied at logon. ( > only affects the uses and computes beneath the ob"ect to which the >

is linked.

>oup policy settings take pecedence o!e use pofile settings. ( local > is stoed on a local machine. 8t can be used to define settings e!en if

the compute is not connected to a netwok. >s ae applied in the following ode4

. Iocal2. $ite3. DomainF. U

8f >s conflict, the last > to be applied o!eides conflicting settings.

#he )omputes containe is not an U, so it cannot ha!e a > applied to it.

>oup policy is not a!ailable fo Windows PK6# clients o Windows 6# F.0

domains. /ou can use a > fo document ediection, which customiGes whee use files

ae sa!ed. -%o e&ample, you can ediect the 1y Documents folde to point to anetwok di!e whee egula backups occu. %olde ediection e*uies (cti!eDiectoybased goup policy.

)onfiguing a domain goup policy to delete cached copies of oaming use

pofiles will emo!e the cached !esions of the pofile when a use logs off.

#o manually efesh goup policy settings, use the >pupdate command with the followingswitches4

Switch Function

6o switch Refesh use and computeelated goup policy.

taget4use Refesh useelated goup policy.

taget4compute Refesh computeelated goup policy.

7/23/2019 Test Out 2003 (70-290)

13/50

Installing %evices

When installing de!ices4

Begin by adding the de!ice to the system o plugging the de!ice in. Windows

automatically detects and installs di!es fo lug and lay de!ices. %o undetected legacy de!ices, you might need to4

o Run the setup pogam that came with the de!ice.

o Use the (dd 6ew =adwae wiGad to install a de!ice di!e manually.

o 1anually set 8R

7/23/2019 Test Out 2003 (70-290)

14/50

#o potect against unsigned di!es,

?nfoce di!e signing on the system though the $ystem applet o >oup olicy.

Use goup membeship and use ights to pe!ent nomal uses fom installing

di!es -owe Uses o (dministatos only can install di!es.

#he =adwae )ompatibility Iist -=)I includes all de!ices fo which a signeddi!e is a!ailable.

Di!e Rollback allows you to estoe an oiginal di!e when a new di!e causes

system poblems.

File .eri+ication Programs

#he following table summaiGes the file !eification tools you can do to !eify di!esignatues and file integity.

Program Features

$ig!eif.e&e

>U8based tool that seaches fo unsigned files.By default, it seaches only the Windows diectoy -click the (d!ancedbutton to seach othe locations.#he pogam etuns a list of files without digital signatues.

Di!e*uey.e&e si

)ommandline tool that checks the digital signatues of di!es that aein use.Use the si switch to e*uest the signatue status of the di!es.#he epot lists each de!ice, the .inf file fo the de!ice, and the signedstatus of the di!e.

1sinfo32.e&e

>U8based tool that displays the list of de!ices and infomation about

each de!ice -including the di!e, di!e date, and signatue status.#he epot shows e!ey installed de!ice and the signed status of thedi!es.

$fc.e&e scannow

#ool that scans system files to ensue that they ha!e not been eplacedo coupted.Use the scannow switch to foce an immediate check of the system.Use the tool to automatically eplace bad files.

7/23/2019 Test Out 2003 (70-290)

15/50

File S*stem Facts

#he following table indicates which file systems suppot which capabilities.

Feature FAT FAT32 "TFS

Iong file names + + +

Iage than 2 >BF >B patitions + +

$malle clustes + +

?nhances file secuity though pemissions +

%olde and file le!el encyption +

%olde and file le!el compession +

Disk *uotas +

Use the )on!et.e&e utility to modify the file system without efomatting and losingdata. #o con!et the )4 di!e to 6#%$, use the following command4

convert C: /fs:ntfs

(asic and %*namic %is$s

'eep in mind the following when using basic disks.

( basic disk has a limit of fou patitions, only one of which can be an e&tended

patition. ne pimay patition must be maked acti!e.

1ost opeating systems can ecogniGe only one pimay patition. (ll othe

pimay patitions ae in!isible. -Windows 6#2000+$e!e 2003 canecogniGe multiple pimay patitions.

#he acti!e pimay patition is epesented with one di!e lette -)4. #he

e&tended patition can be di!ided into multiple logical di!es -up to 2L.

'eep in mind the following when using dynamic disks.

Windows 2000+$e!e 2003 ecogniGe dynamic disks.

Columes on dynamic disks ae like patitions and logical di!es on basic disks.

( !olume can be made of noncontiguous space on a single di!e o space taken

fom moe than one di!e. /ou cannot install the opeating system on a dynamic disk. /ou can, howe!e,

upgade a basic disk containing the opeating system to dynamic afte installation.

7/23/2019 Test Out 2003 (70-290)

16/50

'eep in mind the following points as you plan whethe to implement basic o dynamicdisks.

( had disk must be eithe basic o dynamicN it cannot be both at once.

Windows 2000+$e!e 2003 use basic stoage by default.

1$D$ and all !esions of 1icosoft Windows suppot basic stoage. Dynamic stoage was new to Windows 2000 and pe!ious Windows opeating

systems cannot use it -this is especially impotant if you plan to multiboot toothe opeating systems.

Dynamic stoage is not suppoted on potable computes because they nomally

ha!e only one intenal had di!e and cannot take ad!antage of ad!anced dynamicstoage featues.

#o con!et a basic disk to a dynamic disk, ight click the !olume in )ompute1anagement and choose Convert to d*namic dis$. , use the Diskpat command at thecommand line.

.olume Characteristics

#he following table summaiGes !olume types and thei chaacteistics.

.olume T*pe Characteristics

$imple !olume )ontains a single, contiguous block of space fom a single had disk.

?&tended!olume

)ontains space fom multiple aeas on the disk. (n e&tended !olume thatspans two disks is a spanned !olume.

$panned!olume

)ombines aeas fom two o moe disks into one stoage unit.

%ills the fist aea, then the second, and so on.Does not po!ide fault toleance. 8f one had disk fails, you lose all data.)annot contain system o boot files.

"ote# nly dynamic disks suppot e&tended, spanned, stiped, mioed, o R(8D!olumes.

1ioed and R(8D !olumes ae suppoted only on se!e !esions of Windows. #hese!olume types po!ide fault toleance and impo!e pefomance.

Redundanc* and Fault Tolerance

/ou should know the following facts about R(8D !olumes4

Redundant aay of 8ndependent Disks -R(8D combines the use of two o moe

disks fo fault toleance and pefomance. Windows suppots thee R(8D le!els4 0 -stiping, -mioing, Q -stiping with

paity. R(8D0 uses data stiping but no edundancy fo impo!ing pefomance.

7/23/2019 Test Out 2003 (70-290)

17/50

R(8D uses disk mioing fo po!iding fault toleance.

R(8DQ uses disk stiping with paity fo pefomance and fault toleance.

#he Windows inteface uses the temRAID to efe to R(8D Q o stiping with

paity. Overhead efes to the amount of e&ta -o JwastedJ disk space e*uied to add

fault toleance.o R(8DQ !olumes use one disk in the set fo fault toleance -a theedisk set

has 33E o!ehead, a foudisk set has 2QE o!ehead.o 1ioed !olumes ha!e Q0E o!ehead -meaning one disk in two is used

fo fault toleance.

#he following table summaiGes !olumes that po!ide edundancy and fault toleance.

.olume

T*peCharacteristics

1ioed!olume

$toes data to two duplicate disks simultaneously.%ault toleant because if one disk fails, data is pese!ed on the othe.#he system switches immediately fom the failed disk to the functioningdisk to maintain se!ice.

$tiped!olume

Uses stoage aeas on se!eal diffeent disks.8mpo!es pefomance by witing to multiple disks simultaneously.Uses disk aeas simila in siGe. #he amount of space used on each disk ise*ual to the smallest aea.$a!es data fom a single file on multiple disks.8s not faulttoleant. 8f one had disk in the set fails, you lose all data on alldisks.

)annot contain system o boot files.

R(8DQColume

)ontain thee o moe disks.Iike a stiped !olume, potions of a single file ae witten to each disk in theset.R(8DQ !olumes add fault toleance to stiping though a pocess calledpaity -whee data eco!ey infomation is added to each disk.ften called a stiped set with paity.

"ote# nly dynamic disks suppot e&tended, spanned, stiped, mioed, o R(8D!olumes.

%is$ ,anagement Facts

Use the following command line commands to manage disks4

Command %escription

Diskat1anage disks, patitions, and !olumes by using scipts o diect input fom thecommand pompt

7/23/2019 Test Out 2003 (70-290)

18/50

DefagIocates and consolidates fagmented boot files, data files, and foldes on local!olumes

)scipt (llows you to un scipts fom the commandlinebased scipt host.

/ou should also know the following facts about disk management4

When you mo!e a disk that has been installed and used in anothe compute, you

might need to impot the disk. 8n Disk 1anagement, ightclick the disk andchoose Import Foreign %is$s.

Using Disk 1anagement, you can analyGe a disk fo defagmentation befoe using

the defagmentation utility. Use Disk 1anagement to eacti!ate !olumes in a R(8DQ configuation. #his

impo!es pefomance afte a disk in the configuation has been eplaced.

/ou should know the following facts about eco!eing failed disks4

#o eco!e a failed disk in a mio configuation4

. Beak the mio.2. Delete the failed disk.3. Receate the mio to a new disk -make sue the disk is upgaded to a

dynamic disk fist. #o eco!e a failed disk in a R(8DQ configuation4

. Repai the !olume on a new dynamic disk.2. Delete the old disk.

#o eco!e a !olume in a failed opeating system4

. 1o!e the disk to a new machine.

2. 8mpot the foeign disk on the new system.

.olume ,ount Points

( !olume mount point allows you to use anothe patition in the compute and epesentit as a folde in an e&isting patition. #his allows you a geat deal of fle&ibility when youneed to e&pand stoage e*uiements. /ou should know the following facts about !olumemount points4

Both patitions must be fomatted with 6#%$.

/ou can use eithe patitions on basic disks o !olumes on dynamic disks fo

!olume mount points. #he folde on the souce patition must be empty.

#he taget patition must not ha!e a di!e lette.

1ultiple foldes can efeence the same taget patition.

(oot-ini Facts

#he Boot.ini file is esponsible fo the following opeations4

7/23/2019 Test Out 2003 (70-290)

19/50

Iaunching the menu fo opeating system selection duing statup

ointing to the system files fo the selected opeating system

8dentifying the contolle, had disk, and patition whee the system files ae

located

#he (R) path locates the system file and contains the following elements4

/ntr* ,eaning and &se

1UI#8-&o$)$8-&

8dentifies the contolle location.Use multi-& if the disk contolle is a $)$8 de!ice with its B8$ enabledo is a non$)$8 de!ice.Use scsi-& only if the disk contolle is a $)$8 de!ice with B8$disabled.#he !alue fo & begins at 0.

D8$'-&

8dentifies the disk location.

8f the fist component of the (R) name is scsi, disk-& indicates which$)$8 disk the opeating system is located on. #he & !alue begins with 0.8f the fist component of the (R) name is multi, this component isalways disk-0, and the disk containing the opeating system is indicatedby the disk-& component.#he !alue fo & begins at 0.

RD8$'-&

8dentifies the disk location.8f the fist component of the (R) name is multi, disk-& indicates whichphysical disk the opeating system is located on. #he & !alue begins at 0.8f the fist component of the (R) name is scsi, the disk component isalways disk-0 and the disk containing the opeating system is indicated

by the disk-& component.#he !alue fo & begins at 0.

(R#8#86-y8dentifies which patition holds the boot files.#he !alue fo y begins at .

7/23/2019 Test Out 2003 (70-290)

20/50

(ac$up Facts

1ost backup methods use the achi!e bit on a file to identify files that need to be backedup. When a file is modified, the system automatically flags the file as needing to beachi!ed. When the file is backed up, the backup method may eset -clea the achi!e bit

to indicate it has been backed up.

#he following table shows the type of data backed up using each backup method.

(ac$up T*pe (ac$s &p Resets Archive (it

%ull Backs up all files egadless of the achi!e bit. /es

8ncemental Backs up files on which the achi!e bit is set. /es

Diffeential Backs up files on which the achi!ed bit is set. 6o

)opy Backs up all files egadless of the achi!e bit status. 6o

1ost of the time, you will pefom backups using a stategy that combines backup types.#he following table compaes common backup stategies.

Strateg* (ac$up Characteristics Restore Characteristics

%ull BackupRe*uies lage tapes fo each backup.#akes a long time to pefom eachbackup.

#o estoe, estoe only the lastbackup.

%ull A8ncemental

8ncemental backups ae *uick topefom. #his is the fastest backupmethod.

#o estoe, estoe the full backupand every subseuent incementalbackup.

%ull ADiffeential

Diffeential backups take pogessi!elylonge to complete as time elapses sincethe last full backup.

#o estoe, estoe the last fullbackup and the last diffeentialbackup.6e&t to a full backup, this is thefastest estoe method.

"ote# Do not combine incemental and diffeential backups.

'eep in mind the following facts about doing backups4

Back up use data moe often than system state data -it changes moe fe*uently. Back up system state data whene!e you make a system change.

$ystem state data includes the egisty, )1A )lass Registation database,

system files, boot files, files unde Windows %ile otection, and the )etificate$e!ices database.

Duing a system data backup, all system data is backed up -system data cannot bebacked up selecti!ely in potions.

7/23/2019 Test Out 2003 (70-290)

21/50

%iles backed up fom one system might not estoe to anothe system. Restoe to a

system unning the same $. Be sue to test you back up and estoe stategy. 8t does no good to back up you

data if you can@t estoe it. ( nomal Diectoy $e!ices estoe efes to a pocess wheein you estat the

domain contolle in Diectoy $e!ices Restoe 1ode and estoe system statedata. Using the $e!ices snapin, Windows Backup, o the $cheduled #asks window,

you can stat the #ask $chedule se!ice. /ou must ha!e the #ask $chedulese!ice unning befoe you can schedule a backup.

8n ode fo a scheduled task to un, you must specify a local se!ice account and

passwod.

(ac$up %evices Facts

#ems and definitions4

Remo!able stoage4 $toage media -tape that can be emo!ed fom the de!ice.

1edia pool4 #he space on the emo!able stoage whee the backup is pefomed,

and whee the backed up files will be physically located.

#o configue a backup de!ice, begin by installing the de!ice and making sue it isecogniGed and configued in De!ice 1anage.

#o install de!ices, you must be a membe of the owe Uses o (dministatos

goup. %o paallel backup de!ices with bidiectional contol, enable enhanced paallel

pot -? in the B8$.

(fte configuing the de!ice, enable the media -the tape in )ompute 1anagement to seethe tape itself. #hee ae two modes fo !iewing media4

%ull mode allows you to see the media pool as well as all the nodes inside the

media pool. #his lets you select e&actly what you want to estoe o backup. $imple mode lets you see only the media pool.

1ake uses membes of the Backup peatos goup to enable them to back up andestoe files.

Backup peatos cannot !iew, edit, o delete files.

#o allow Backup peatos to e"ect the backup media, assign the ?"ect media use

ight to the Backup peatos goup.

7/23/2019 Test Out 2003 (70-290)

22/50

"TFS Permission Facts

#he following table summaiGes the pemissions fo foldes and files.

Permission Allowed Actions

Read Ciew folde details and attibutes. Ciew file attibutesN open a file.

Wite )hange folde o file data and attibutes.

Iist %olde)ontents

8ncludes all Read actions and adds the ability to !iew a folde@scontents.

Read ?&ecute 8ncludes all Read actions and adds the ability to un pogams.

1odify8ncludes all Read ?&ecute and Wite actions and adds the ability toadd o delete files.

%ull )ontol8ncludes all othe actions and adds the ability to take owneship of andchange pemissions on the folde.

Use these suggestions to help you plan 6#%$ pemissions.

8dentify the uses and thei access needs -i.e., the actions they need to be able to

pefom. Based on the types of uses you identify, ceate goups fo multiple uses with

simila needs, and then make uses membes of goups. (ssign each goup -not use the pemissions appopiate to the goup@s data

access needs. ->ant only the pemissions that ae necessay. (s you assign pemissions, take inheitance into account. $et pemissions as high

as possible on the paent containe and allow each child containe to inheit the

pemissions. When necessay, you can o!eide inheitance on a case by case basis.

Deny always o!eides (llow, so be caeful when you use it.

Shared Folder Facts

#he following table lists the shae pemissions and the le!el of access the pemissionallows.

Permission Actions

ReadBowse the shaed folde and its filespen files in the shaed folde and its subfoldes)opy files fom the shaed foldeRun pogams

)hange (ll Read actions -bowse, open files, copy files fom the folde, unpogamsWite to files and change file attibutes)eate new files and subfoldes

7/23/2019 Test Out 2003 (70-290)

23/50

)opy files to the shaed foldeDelete files o subfoldes

%ull )ontol(ll Read and )hange actions)onfigue shae pemissions

=ee ae some additional facts you should know4

/ou can publish a shae in (cti!e Diectoy to allow uses to access it moe easily.

8f a pogam in a shaed folde cashes and efuses to un on the client compute,

teminate the use session using the $haed %oldes option in De!ice 1anage.

Share Access Facts

Use both shae and 6#%$ pemissions to secue netwok esouces. -When used incombination, emembe that the most esticti!e set of pemissions will apply. =ee is a

common stategy fo administeing esouces with shae and 6#%$ pemissions4

. $ecue the folde with 6#%$ pemissions.2. $hae the folde using (llow %ull )ontol fo ?!eyone.

(n administati!e shae is a shae hidden fom bowsing. 'eep in mind the followingfacts about (dministati!e shaes.

(dministati!e shaes ae hidden by following the shaename with a S.

Default (dministati!e shaes ae accessible to only membes of the

(dministatos goup.

(ny shae can be hidden by appending the S to the shaename. ( hidden shae can only be accessed though the U6) path -they do not appea

when you bowse.

%is$ 1uota Facts

'eep the following in mind as you wok with disk *uotas.

7/23/2019 Test Out 2003 (70-290)

24/50

/ou cannot delete a use@s account *uota until you emo!e o take owneship of

all of that use@s files on the !olume. /ou can use the %sutil.e&e command to manage *uotas fom the command

pompt.

7/23/2019 Test Out 2003 (70-290)

25/50

/ou can also e&pot the eco!ey key and impot it onto the compute stoing the

files you want to eco!e. /ou can add additional authoiGed uses tofiles-not foldes who will be able to

open encypted files. 8mplement encyption though the file o folde popeties. , use the )iphe

command to encypt files and foldes.

)opying and mo!ing files might change the encypted state of the file. #o detemine thefinal state of a file, emembe the following ules.

8f you copy o mo!e an encypted file o folde to a non6#%$ patition, the file

o folde is unencypted -othe file systems do not suppot encyption. 8f you copy o mo!e an encypted file to an 6#%$ patition -eithe to the same

one o to a diffeent one, the file emains encypted. 8f you copy an unencypted file to an encypted folde, the file is encypted.

8f you mo!e an unencypted file into an encypted folde, the file emains

unencypted. ?ncyption is pese!ed when the file is backed up.

6omally, encypted files ae meant to be stoed and ead on the local compute only.When sa!ing encypted files on a emote compute, be awae of the following4

/ou can only encypt files stoed on emote computes if the compute is tusted

fo delegation in (cti!e Diectoy -how to do this is beyond the scope of thecouse.

When mo!ing files encypted on you local system to anothe compute -fo use

on that compute, make sue you cetificate and pi!ate key ae a!ailable on the

othe compute. thewise, you might be unable to open the file. When mo!ing encypted files to anothe compute o!e the netwok, files ae not

encypted while they ae in tansit. %iles might be intecepted as they aetansfeed. Use 8$ec to secue netwok communications.

File Compression Facts

'eep the following infomation in mind when woking with folde and file compession.

When you compess a file, Windows makes a copy of the file, compesses it, then

eplaces the oiginal file with the compessed one.

When you open a compessed file, Windows decompesses the file. #hedecompessed file is used by the application.

/ou cannot sa!e o copy a compessed folde o file to a disk containing less fee

space than the folde o file would be uncompessed. )ompession and encyption cannot be used on foldes o files at the same time.

(pply data compession to files that change siGe damatically. %o e&ample,

bitmap and speadsheet files compess by a much lage pecentage thanapplication o wodpocessing files.

7/23/2019 Test Out 2003 (70-290)

26/50

Do not compess files that ae aleady compessed using anothe compession

utility. Use Gipped foldes to shae compessed files with othe computes.

6#%$ compession on !olumes with cluste siGes lage than F 'B is not

suppoted.

)opying and mo!ing files and foldes can affect thei compessed state. #o detemine thefinal state of a file o folde, emembe the following ules.

8f you copy o mo!e a compessed file o folde to a non6#%$ patition, the file

o folde is uncompessed -othe file systems do not suppot 6#%$ compession. 8f you copy a compessed file o folde, it inheits the compessed state of the

destination folde. 8f you mo!e a compessed file o folde to the same 6#%$ patition, it etains its

compessed state. 8f you mo!e a compessed file o folde to anothe 6#%$ patition, it inheits the

compessed state of the destination folde. 8f you copy o mo!e a Gipped folde, it always emains Gipped -egadless of the

destination file system.

)ompact.e&e is a command pompt tool that you can use to set and manage compession.#he following table summaiGes some options fo the )ompact.e&e command.

ption Action

) )ompesses the specified files. %oldes ae maked with the compessed attibute.

$ )ompesses all subfoldes of the specified folde.

U Uncompesses the specified files. %oldes ae maked with the uncompessedattibute.

%o e&ample, the following command will compess all files in the)4Documents#ansfe folde, including all subfoldes4

Compact /C C:\Documents\Transfer\*.* /S

++line Settings

#he following table summaiGes the offline files settings that can be configued on ashaed folde.

Setting %escription

nly the files and pogams thatuses specify will be a!ailableoffline

Uses designate and contol which files ae a!ailableoffline.

7/23/2019 Test Out 2003 (70-290)

27/50

(ll files and pogams that usesopen fom the shae will beautomatically a!ailable offline

(ll files uses open fom the shae ae a!ailable offline.8f ptimied +or per+ormanceis selected, all pogamswill be automatically cached so that they will bea!ailable locally.

%iles o pogams fom the shae

will not be a!ailable offline

Uses will not be able to stoe files fom the shae

offline.

Internet In+ormation Services 4IIS5

Use 88$ to enable4

(cti!e Desktop

8ntenet inting

7/23/2019 Test Out 2003 (70-290)

28/50

Remote Desktop

$hae foldes -Web foldes fo access though 8?

/ou should know the following facts about 88$4

When you install 88$, a default Web site is automatically ceated. By default, all Web content is stoed in the inetpubwwwoot diectoy.

( !itual diectoy is used to make content outside of the default diectoy path

a!ailable though the Web site.

#o make content a!ailable on you Web site4

lace content in the inetpubwwwoot diectoy.

Web shae a folde. #his ceates a !itual diectoy in the Web site.

IIS Securit* Facts

/ou should know the following facts about secuing 88$4

(nonymous access allows 8ntenet uses to access public content on a Web site.

Windows (uthentication allows only authoiGed uses to access potected content.

Uses ae logged into a site automatically and tanspaently while outsideconnections ae blocked.

Basic authentication sends use cedentials in clea te&t.

Digest authentication e*uies uses to ha!e a domain use account.

Blocking access to a web site by domain name, single compute, o 8 netwok

numbe ensues that only desied connections get though.

8 addess estictions can be configued which eithe allow all access e&cept folisted addesses, o block all access e&cept listed addesses.

#he following table descibes the diffeent authentication methods4

,ethod %escription (est &se

(nonymous(uthentication

Uses can access public potions of thesite without use names o passwods.Uses the 8U$RTcomputename localuse account.

#o gi!e public access toesouces that e*uie nosecuity.

Basic(uthentication

Re*uies a local o domain use account-use name and passwod is sent in cleate&t

Use fo nonWindows hostsand clients unning any =##.0 bowse

Digest(uthentication

%unctions like Basic (uthentication(uthenticates using domain accountswith passwods stoed using e!esibleencyption

#o gant access to esoucesfom public netwoks.

7/23/2019 Test Out 2003 (70-290)

29/50

asswods ae secuedRe*uies 8? Q.0 o highe88$ must be unning on a domainmembe

(d!anced Digest(uthentication

8s a!ailable fo use accounts that ae

pat of (cti!e Diectoy.Use names and passwods ae stoed ona domain contolle. Re*uies 8? Q obette and =## . potocol.

#o gant access to esouces

fom public netwoks thate*uie moe secuity thangi!en though Digest(uthentication.

8ntegatedWindows(uthentication

Use infomation is collected though achallengeesponse pocess duing whichthe use name and passwod ae hashedbefoe being sent acoss the netwok(uthenticates using Windowsauthentication methods -6#I1 o'ebeosRe*uies 8ntenet ?&ploe 2.0 o highe-8? Q.0 fo 'ebeos)annot be used though a po&y se!e

#o gant access to esouceson an intanet.

)etificate(uthentication

Uses $$I -$ecue $ockets Iayesecuity though use o se!ecetificates o both. -(!ailable only with)etificate $e!ices.

#o allow secue businesstansactions o!e the 8ntenet.

.6?# asspot(uthentication

(llows the use of a single signin se!icethough $$I, =## ediects, cookies,1$ O$cipt, and symmetic key

encyption.

#o gant access to !aiousesouces o!e the 8ntenet.

(uthentication methods can be applied to the following4

$e!e

Web site

%# site

Citual Diectoy

%ile

8n addition to authentication, you can secue Web content with Web pemissions. #hefollowing table descibes the 88$ pemissions you can set fo Web sites o Web foldes4

Permission %escription

Read Ciew file content and popeties

Wite 1odify, delete, o add files o diectoies1odify file and diectoy attibutes

7/23/2019 Test Out 2003 (70-290)

30/50

#ypically only enabled on intanets o pi!ate sites

$cipt $ouce(ccess

Uses can access the souce code fo files -e*uies eithe Read o Witepemissions)ombined with Read pemissions, uses can !iew the souce code)ombined with Wite pemissions, uses can wite to the souce code

#ypically only enabled on de!elope intanets

DiectoyBowsing

Ciew diectoy contentsWhen enabled, the Web se!e etuns a listing of the diectoy contentswhen it cannot find a default home page to displayUse with Read pemission

?&ecuteemissions

)ontols how scipts and e&ecutables un fom the Web site/ou can allow scipts only, scipts and e&ecutables, o pe!ent eithefom unning

8f Web content is on an 6#%$ patition, you can also use 6#%$ pemissions to secue

content. 'eep in mind the following when using 6#%$ pemissions fo Web content4

88$ uses the use account to identify the end use and thei pemissions. #o estict

access fo uses othe than the anonymous use, you must choose anauthentication method that uses Windows use accounts.

When both Web and 6#%$ pemissions ae used, the !ost restrictivepemissions

take effect.

We Site Identi+ication

/ou should know the following facts about managing 88$4

#he default Web site is assigned to (ll Unassigned 8 addesses on pot K0.

By default, a Web site will espond to =## e*uests diected to any 8 addess

configued fo the host compute. When you configue Web site identification, you can configue it to espond to all

addesses o to only a specific addess. n a se!e that has multiple 8 addesses, each 8 addess can be used fo a

diffeent site. /ou can host multiple sites by using diffeent pots fo each site.

/ou can configue a Web site with a host heade to enable it to espond to

altenate Web site na!es. ( host heade solution e*uies two pats4o )onfigue the host heade on the Web site.o )onfigue the D6$ database to associate the host heade name with the 8

addess.

Printing Facts

7/23/2019 Test Out 2003 (70-290)

31/50

#he following table lists some key definitions with which you should be familia.

Term %e+inition

int$e!e

#he compute whee pinting is established.

inte( !itual de!ice inside the pint se!e that can be configued to send output toa pinting de!ice.

intDe!ice

#he physical de!ice connected to the pint se!e whee pint output occus.

intDi!e

#he softwae that allows the pinte to communicate with the pint de!ice.

int

7/23/2019 Test Out 2003 (70-290)

32/50

Printer Pooling

intepooling uses a single pinte ob"ect to epesent multiple pint de!ices. Withpinte pooling,

Uses send pint "obs to a single pinte

#he pint se!e decides which pint de!ice to send the "ob to

When ceating a pinte pool, all pint de!ices in the pool4

1ust be the same model -using the same pinte di!e

$hould be in the same physical location -because uses won@t know which

physical de!ice thei pint "ob pints on

inte pools4

$peed pinting by educing the time that documents spend waiting fo a fee pint

de!ice $implify pinte administation because you manage multiple de!ices though a

single pinte ob"ect

,ultiple Printers

)onfigue multiple pinte ob"ects fo a single pint de!ice to contol access to the pintebased on "ob oles. #o configue multiple pintes4

. )eate multiple pinte ob"ects, one pe goup o use with distinct access.2. %o each pinte, configue pemissions to estict access.3. %inetune access by editing the (d!anced popeties fo the pinte to modify

pioity -PP is the highest and esticting pinte a!ailability.

,anaging Printing

#he following table summaiGes the pinting component you would use to complete eachconfiguation task.

To Con+igure - - - /dit - - -

(dditional di!es fo a pinteinte ob"ect popetiesint se!e popeties

Oob pioity int

7/23/2019 Test Out 2003 (70-290)

33/50

$pool file location int se!e popeties

Trouleshooting Printing Facts

/ou should know the following facts about toubleshooting pinting4

/ou can take an uneliable pinte out of se!ice by changing its popeties to not

shaed. inte *ueues and the ?!ent Ciewe of the assigned pint se!e will offe the

best infomation egading pinte and pint "ob status. By default, pint spool files ae stoed in the )4 di!e of the se!e, in

Windows$ystem32$poolintes. 8f the )4 di!e fills up, then uses will be unable to add pint "obs to the *ueue, the

*ueues will stop, and the system may become unstable -because the pagefile alsodefaults to di!e )4.

IPP Facts

/ou should know the following facts about 84

8 can be installed afte 88$ is installed.

8 allows uses to access pintes and pint esouces acoss an intanet o

though the 8ntenet. 8 e*uies the use of 8ntenet ?&ploe F.0 o bette.

Uses access pintes and pint se!ices though a URI

-http4serverna!epintes. Use 8ntenet ?&ploe F.0 o bette to administe 8 pinting fom any location.

Installer Pac$age Facts

#he following table descibes the file e&tensions that ae used with installe packages.

File /6tension %escription

.msi ( Windows 8nstalle package file. Use the 1sie&ec command todeploy .msi files. Use the i switch to specify the package file.

.msp ( patch file. (n .msp file can be applied to an .msi, but the .msi must beedeployed afte the patch is applied.

.mst ( tansfom file. #ansfom files ae applied when a softwae package isassigned o published. #ansfom files change .msi files. #o apply a .mstto a .msi duing deployment, append #R(6$%R1$H followed by a

7/23/2019 Test Out 2003 (70-290)

34/50

list of .mst files to the 1sie&ec command.

.Gap ( file to efeence a $etup.e&e file on a netwok, fo e&ample.

Using >oup olicy, you can eithe assign o publish softwae. /ou can also associate

softwae packages with eithe uses o computes.

(pplications may be published to uses, but not to computes. /ou can assign

applications to eithe uses o computes. When you publish an application, it does not appea in the use@s $tat menu.

8nstead, the use goes to (ddRemo!e ogams to install the pogam. (ssigning softwae to a compute installs the softwae when the compute stats

up. Uses cannot use (ddRemo!e ogams to emo!e compute assignedsoftwae.

(ssigning softwae to a use puts a shotcut on the uses $tat menu. #he

softwae is automatically installed when the shotcut is clicked.

So+tware &pdate Services 4S&S5 Components

$oftwae Update $e!ices -$U$ is a clientse!e application that allows you to use ase!e on you intanet as a centaliGed point fo updating softwae. Without $U$, clientsmust communicate with 1icosoft@s Web site to download and install patches and otheupdates. With $U$, you can contol which updates ae installed on netwok clients.

#he following table lists the ma"o $U$ components4

Component %escription

$U$ on an 8ntenet8nfomation $e!ices-88$ se!e

#his is the se!eside component of $U$. 8t synchoniGes updateinfomation and downloads updates pio to deployment.

$U$ Web site

(dministati!e tasks ae done though the $U$ Web site. thethan installation and configuation, administati!e tasks consistpimaily of !eifying successful se!e synchoniGation and updateappo!al pio to client distibution.

(utomatic Updates#he (utomatic Update client downloads updates fom the $U$se!e -o a Windows Update se!e. 8t also installs the updatesaccoding to the established paametes.

>oup olicy settingsBy configuing Windows Update policies in a >, you canconfigue (utomatic Updates clients to synchoniGe with a $U$se!e athe than a Windows Updates se!e.

$U$ offes the following ad!antages4

/ou can contol which updates clients in you oganiGation ecei!e.

7/23/2019 Test Out 2003 (70-290)

35/50

)lients ecei!e updates fom local se!es athe than using 8ntenet links to

ecei!e updates. /ou can enfoce the application of updates thoughout you oganiGation.

$U$ woks as follows4

. #he $U$ se!e downloads infomation about a!ailable updates fom the1icosoft Windows Update Web site. #he se!e can also be configued todownload the update content itself.

2. (n administato appo!es the updates that should be applied to netwok clients.3. )lients contact the local $U$ se!e to identify appo!ed updates. 8t then

downloads the appo!ed updates fom the coesponding se!e.

S&S Server Con+iguration

(n $U$ se!e manages the updates that clients can install. #o install $U$, download the

setup softwae fom the 1icosoft Website -it is not on the Windows $e!e 2003 media.Befoe installing the softwae, you se!e must ha!e 88$ installed. Duing installation,you will need to po!ide the following two paths4

#he path to the update files. #hese ae the actual files that will be used to update

clients. %o e&ample, you can choose to lea!e the update files on the 1icosoftWindows Update Web site. 8n this case, clients will download updates fom the1icosoft Web site. (ltenati!ely, you can choose to place the files on the $U$se!e. 8n this case, clients will download content fom you $U$ se!e.

#he path to the update file metadata. #he metadata is infomation about each

update file. /ou will edit the metadata to contol how updates ae applied to client

systems.

#he installation pogam installs the following components4

$oftwae Update $ynchoniGation $e!ice -to download content to the $U$

se!e. 88$ Web site -to se!ice e*uests fom (utomatic Update clients.

$U$ administation Web site -whee you synchoniGe the $U$ se!e and appo!e

updates.

(fte installation, use a Web bowse and go to http4#$#serverna!e$U$admin to

manage the $U$ se!e. $U$ administation consists of thee tasks4

)onfiguing $U$ se!e settings.

$ynchoniGing updates -downloading updates fom the 1icosoft update Web

site. (ppo!ing updates -identifying which updates to deli!e to clients and

configuing how those updates will be applied.

7/23/2019 Test Out 2003 (70-290)

36/50

S&S Client Con+iguration

?ach client compute must ha!e the Windows (utomatic Updates client softwae toutiliGe automatic updates. #his softwae is included automatically with Windows $e!e2003, Windows + $e!ice ack , and Windows 2000 $e!ice ack 3. 8t can be added to

othe opeating systems as a special download.

)lient computes will communicate with an $U$ se!e to identify a!ailable updates. /oucan customiGe which se!e the clients use to ecei!e updates. By default, clients contactthe 1icosoft Web site. %o a custom solution, configue clients to contact you $U$se!e.

/ou can also customiGe how clients download updates4

%ownload %escription

(utomatic Downloads ai!e without use inte!ention o notification.

6otification#he system waits fo a use with administato cedentials to log on befoesending a notification of a!ailable update downloads !ia a balloon abo!e the$ystem #ay.

/ou can also customiGe what the client does with the updates afte they ae installed.

Installation %escription

(utomatic-$cheduled

Upon successful download, an e!ent is egisteed in the system e!ent log.When a use with local administati!e pi!ileges logs on, the use caninstall the updates manually any time befoe the scheduled installationtime. (t the scheduled installation time, a local administato can cancelthe installation, delaying it until the ne&t scheduled installation. ( use withnonadministato pi!ileges ecei!es a waning message but cannot delayupdate installation. 8f no one is logged on, the installation occusautomatically.

6otificationUpon successful download, an e!ent is egisteed in the system e!ent log.When a use with local administati!e pi!ileges logs on, the use caninstall the updates manually.

#he easiest way to configue client settings is to use >oup olicy to distibute the se!e

name and othe update paametes. #he following table lists the (utomatic Updatepolicies4

Polic* %escription

)onfigue(utomatic Updates

#hee ae thee options fo configuing the beha!io of the (utomaticUpdates client4

6otify fo Download (nd 6otify %o 8nstall

7/23/2019 Test Out 2003 (70-290)

37/50

(uto Download (nd 6otify %o 8nstall

(uto Download (nd $chedule #he 8nstall

Reschedule(utomatic Updates$cheduled8nstallations

8f a client machine is tuned off duing a scheduled installation, bydefault the installation occus at the ne&t scheduled time. =owe!e,this policy allows you to set the installation to occu between andL0 minutes afte the system stats up.

6o (utoRestat%o $cheduled(utomatic Updatesand 8nstallations

#his policy allows (utomatic Updates to disegad a e*uied estatwhen a use is logged on. #he use ecei!es a notification about thee*uied estat but is not e*uied to estat the machine.

$pecify 8ntanet1icosoft Update$e!ice Iocation

#his policy allows you to ediect clients fom the 1icosoftWindows Update se!e to a $U$ se!e on you netwok. /ou canalso set logging to occu on any se!e on the netwok unning 88$.88$ logs ae found in EWindiE$ystem32IogfilesW3s!c.

S&S In+rastructure %esign

$oftwae Update $e!ices -$U$ offes you geat fle&ibility in designing whee updatesae stoed and who contols which updates ae appo!ed. /ou can also configue multiplese!es within you oganiGation to distibute the load o customiGe the list of appo!edupdates.

Con+iguration Characteristics &ses

(ppo!e updateslocally, downloadcontent fom1icosoft

#he local $U$ se!e downloadsupdate metadata -infomationabout a!ailable updates fom theWindows Update Web site.(n administato appo!esapplicable updates.)lients identify appo!ed updatesusing the local $U$ se!e, butdownload content fom theWindows Update Web site.

Use when all clients ha!e a fast8ntenet connection and 8ntenetlink usage is not a concen.

(ppo!e updates

locally, downloadcontent locally

#he local $U$ se!e downloads

update metadata andsynchoniGes update installationfiles fom the Windows updateWeb site.(n administato appo!esapplicable updates.)lients identify appo!ed updatesusing the local $U$ se!e and

Use to minimiGe downloads

though an 8ntenet link -updatesae downloaded though the8ntenet only once.Use when 8ntenet links ae slowo uneliable.

7/23/2019 Test Out 2003 (70-290)

38/50

download the updates fom thelocal se!e.

1ultiple se!etopology

lace an $U$ se!e in eachlocation.?ach $U$ se!e synchoniGes

content fom Windows UpdateWeb site.(n administato at each locationappo!es a list of appo!edupdates fo local clients.)lients ecei!e updates fom theneaest $U$ se!e.

Use when each location hasdiffeent appo!ed update needs.Use when you oganiGation hasmultiple sites with thei own8ntenet connection.

)entaliGedclientse!e topology

)onfigue one $U$ se!e tosynchoniGe content with theWindows Update Web site.)onfigue a list of appo!edupdates on the cental se!e.)onfigue additional se!es tosynchoniGe update content andthe list of appo!ed updates withthe cental se!e.)lients ecei!e updates fom theneaest $U$ se!e.

Use in a lage oganiGation toenfoce consistent update policies-local $U$ se!es ecei!e a listof appo!ed updates fom thecental se!e.

DecentaliGedclientse!e topology

)onfigue one $U$ se!e tosynchoniGe update content withthe Windows Update Web site.

)onfigue additional se!es tosynchoniGe update content withthe cental se!e.)onfigue a list of appo!edupdates on each $U$ se!e.)lients ecei!e updates fom the$U$ se!e that holds appo!edupdates that should apply to theclient.

Use to minimiGe downloading ofupdate content while allowingdiffeent sites o oganiGations tomaintain thei own list ofappo!ed updates.

S&S Facts

/ou should know the following facts about $U$ facts4

$U$ is not a!ailable though the Windows $e!e 2003 installation media.

Download the $U$ se!e softwae fom the 1icosoft Web site. $oftwae Update $e!ices allows you to configue the distibution of opeating

system patches fo clients, including ones elated to secuity.

7/23/2019 Test Out 2003 (70-290)

39/50

> settings fo configuing Windows (utomatic Updates ae stoed in the

Wuau.adm template. /ou must manually copy this template file fom the $U$se!e to the EsystemootEinf folde of any compute used to configue gouppolicy.

#o pe!ent clients fom using Windows Update, edit >oup olicy settings to

pe!ent uses fom manually downloading patches. $U$ with $e!ice ack does not suppot LFbit !esions of Windows.

$oftwae Update $e!ices does not suppot updating di!es, although the

(utomatic Updates client will detect and epot them. /ou must install di!esmanually fom Windows Update.

$oftwae Update $e!ice only distibutes patches fo the opeating system. /ou

can@t use $oftwae Update $e!ices to distibute patches fo anything else,including othe 1icosoft poducts. =owe!e, you can use a softwae distibutionpolicy -o $ystems 1anagement $e!e to distibute application updates.

#he 6o(utoRebootWithIoggednUses policy setting will allow logged on uses

to a!oid ebooting afte a se!ice pack installation -although the se!ice pack

installation won@t be completed until the ne&t estat. #he Windows Update $e!e is esponsible fo synchoniGing and appo!ing

updates. )lients of $U$ need the (utomatic Updates )lient -Wuau22.msi which can be

deployed though goup policy. )lients also need to be ediected fom Windows Update to the $U$ se!e

though a >.

Account Policies Facts

(ccount policies contol passwods and login popeties. $ettings in the local > aeused if the compute is a membe of a wokgoup. $ettings in the domain > ae usedfo computes that ae membes of a domain. olicy settings ae applied to the compute,not the use.

7/23/2019 Test Out 2003 (70-290)

40/50

#he following table descibes the passwod settings.

Setting %escription

asswod histoy#his setting e*uies uses to input uni*ue passwods. #he systemcan stoe up to 2F passwods, so the use can@t epeat pe!ious

passwods.

1a&imum passwodage

#his setting e*uies the use to change the passwod afte a gi!enlength of time.

1inimum passwodage

#his setting keeps uses fom changing passwods immediatelyafte they@!e eset thei passwods. #his pe!ents uses fomdefying the passwod histoy by enteing se!eal passwods to getback to a pefeed passwod.

1inimum passwodlength

#his pe!ents people fom using passwods that ae too shot.

asswod comple&ity

#his setting e*uies uses to ceate a passwod with a minimum ofthee of the fou types of special chaactes -e.g., lowe case lettes,uppe case lettes, numbes, o V, , X, S, E, Y, , Z. #his settingalso disallows use of dictionay wods o any pat of the use loginidentification.

Re!esible encyption#his setting e*uies the system to stoe the passwod withe!esible encyption.

Use account lockout to potect use accounts fom guessing and pe!ent accounts fombeing used when hacking attempts ae detected. #he following table descibes accountlockout settings.

Setting %escription

Iockoutduation

#his setting detemines the length of time the account will be disabled.When set to 0, an administato must unlock the account.

Iockouttheshold

#his setting detemines the numbe of attempts a use can make befoethe account is locked.

Reset accountlockout

#his setting detemines the amount of time that must pass befoe theaccount is enabled.

Auditing Facts

/ou can configue the following audit policies in >oup olicy.

Audit Categor* Trigger /vent4s5

(ccount logon (udits logon though a use accountRecoded by the local compute fo the local account, ecoded by

7/23/2019 Test Out 2003 (70-290)

41/50

domain contolle fo the (D account

(ccountmanagement

(dd, ename, disableenable, delete, o change the passwod fo a useaccount

IogonIog on o off of the local system

1ake a netwok connection to a local computeb"ect access %ile, folde, pinte access

olicy change)hange account passwod o logon settings, use ights, o auditpolicies

i!ilege useUse e&ecises use ights(n administato takes owneship of an ob"ect

ocess tacking(n application pefoms an action#his is used mainly fo pogam debugging and tacking

$ystem e!ents$hutdown, estat, se!ice stats(n e!ent affects secuity o the secuity log

'eep in mind the following about configuing auditing4

(uditing can be enabled to log successful o failed e!ents -o both.

Because auditing consumes system esouces and might esult in a lot of

geneated data, enable auditing only on the e!ents you ae inteested in. Ciew audit enties in the ?!ent Ciewe $ecuity log.

$et the )ashn(udit%ail egisty enty to pe!ent uses fom logging on to the

system when enties can@t be witten to the secuity log. #o monito a domain fo unauthoiGed use access, configue the domain with a

goup policy to (udit Iogon ?!ents. %o file auditing to occu, the files must be on 6#%$ patitions.

With auditing configued, cleaing the log geneates an e!ent identifying when the

log was clea and by whose authoity.

Securit* Template Facts

Windows po!ides the following pedefined secuity templates4

Template Function

$etup $ecuity.inf

)eated specifically fo each compute duing setup

Diffes depending on whethe installation was a clean installation o anupgade)ontains default secuity settings applied duing installationDefines default file pemissions fo system di!e ootUsed on wokstation o se!es -not on domain contolles$hould not be applied though goup policy

D) $ecuity.inf )eated when se!e is upgaded to a domain contolle

7/23/2019 Test Out 2003 (70-290)

42/50

>i!es default secuity settings fo files, egisty, and system se!ice

$ecueZ.inf$ecues a system without causing application o compatibility issues$ecuews.inf can be applied to a wokstation o a se!e$ecuedc.inf can be applied to a domain contolle

=isecZ.inf $pecifies additional secuity settings beyond the $ecue templates=isecws.inf can be applied to a wokstation o a se!e=isecdc.inf can be applied to a domain contolle

)ompatws.inf%oces compatibility acoss Windows platfoms$hould not be applied to domain contolles

Use the $ecuity (nalysis and )onfiguation snapin to manage secuity templates,analyGe cuent settings, ceate custom templates, o impot an e&isting template. Whenwoking with templates4

)ompae an e&isting system with a template to see how the system compaes to

the template. )lea cuent settings befoe impoting a new template.

(fte applying a secue template, you might need to estoe goup membeships in

the (dministatos o owe Uses goup. /ou can also use the $ecedit command to analyGe and apply templates.

/ou should also know the following facts about secuity analysis4

#he 1icosoft Baseline $ecuity (nalyGe will tell you which patches ha!e been

installed on a paticula compute. /ou should also need to !eify that patches ha!e not been manually applied.

)heck the Windows Update log to see if a patch came fom the $oftwae Update$e!e o fom the Windows Update website.

/vent Facts

/ou should know the following facts about e!ents4

7/23/2019 Test Out 2003 (70-290)

43/50

#he $ystem Iog ecods infomational, waning, and eo messages. ?o and

waning messages ae the most seious. #he default e&tension fo sa!ed logs is .?!t.

$hutdown e!ents ha!e an e!ent 8D 0[F.

?!ent Ciewe is the location whee most eos and wanings ae logged.

#he %ile Replication $e!ices log lists eos o e!ents elated to the copying ofinfomation between domain contolles duing a eplication cycle. #his log isa!ailable though ?!ent Ciewe on Windows $e!e 2003 machines that functionas domain contolles.

?&amine the $ecuity Iog to find the esults fo system audits.

(dditional logs -such as the D6$ Iog ae added when you install !aious

se!ices.

,onitoring Per+ormance Facts

/ou should know the following facts about monitoing system pefomance4

#ask 1anage shows a summay of a system@s pefomance.

$ystem 1onito measues the pefomance of a wokstation o othe wokstations

on a netwok. /ou can configue an automatic schedule of monitoing.

( $ystem 8dle pocess nea 00E may indicate a connecti!ity poblem with a

se!e. #he efomance tool is capable of monitoing emote computes. 1onitoing of

se!e pefomance should be done fom a compute othe than the se!e. 8f you aen@t sue what a specific counte o measue is used fo, select it and click

the ?&plain button.

#he efomance Iogs and (lets console in the efomance tools can beconfigued to tigge an alet when cetain thesholds ae eached.

#he Repot Ciew pesents countes in a hieachical display using wods, not

gaphical epesentations. /ou can un the Win1$D utility fom a command pompt to !iew such

infomation as 8ntenet secuity.

Counters and .alues to Watch

#he following table outlines the ma"o ob"ects and citical counte !alues4

7ect Purpose Counters ptimum

ocesso 1easues the )U pefomance E ocesso time \ K0E sustained

hysicaldisk1easues how the indi!idual, physicaldisks ae pefoming -the eadwitesand pecentage to be witten to the disk

E Disk time] 2 times thenumbe of di!esis high

1emoy 1easues R(1 pefomance agessec 0 pagessec is a

7/23/2019 Test Out 2003 (70-290)

44/50

good eading

6etwok1easues the pefomance of thesystem on the netwok

Bytes totalsec\ 6etwokcapacity

W,IC

#he Windows 1anagement 8nteface )ommandline -W18) gi!es administatos accessto Windows 1anagement 8nstumentation -W18, 1icosoft@s implementation of WebBased ?ntepise 1anagement -WB?1. #he following components make up W184

Component %escription

W18 b"ect1anage

#he W18 b"ect 1anage ecei!es infomation about de!ices, se!ices,applications and othe system components fom W18 po!ides.

W18Repositoy

#he W18 b"ect 1anage inputs the infomation it ecei!es into the W18Repositoy. #he infomation in the W18 Repositoy can be used tomanage components, monito e!ents, set popeties, and pefom othemanagement tasks.

#he W18) can be used to access the W18 Repositoy. ( peson can pefom local oemote management tasks using W18) on any system that is unning W18 that canauthenticate the peson using W18). W18) uns in two modes4

8nteacti!e mode begins when the use ente W18) at the command pompt.

8nteacti!e mode is used when commands ae enteed one at a time.

6oninteacti!e mode allows W18) to e&ecute a command and etun to thecommand pompt. 6oninteacti!e mode is used to let W18) un inside a batchfile.

W18) uses aliases to simplify access to W18 infomation. Using aliases, you don@t needto emembe comple& schema ob"ects and popeties. #he alias is the fist paamete ofthe W18) command line.

(liases can pefom actions, which ae initiated by !ebs. Using !ebs in combinationwith aliases, you can contol what kinds of infomation you get fom the W18Repositoy. /ou can also contol application and system popeties.

When W18 is unning on a compute, a use with sufficient ights can pefommonitoing tasks fom W18). #he infomation can be output to a )$C, te&t, o =#1Ifile. Use aliases, command, and switches to configue monitoing.

#o stat W18), ente W18) at the command line. #o get a list of a!ailable aliases,ente ^ at the W18) command line.

7/23/2019 Test Out 2003 (70-290)

45/50

/ou can pefom the following monitoing tasks using W18)4

oduct

Iists the softwae installed on the local compute.

6te!ent whee Je!enttypeHQ and lofgileH@secuity@J get logfile, soucename,

e!enttype, message, timegeneated

Iists failue e!ents fom the secuity log data.

6te!ent whee Je!enttype\3 and logfileH@application@J get logfile, soucename,

e!enttype, message, timegeneated

Iists 0, , and 2 e!ent types fom the application log of the local compute.

Use the output4path and filena!eswitch to ediect output fom the console to afile.

.olume Shadow Cop* Services 4.SS5

C$$ is a component of the backup system that takes a pointintime snapshot of files onthe disk. By enabling C$$, you can eco!e lost -deleted files and back up open files.

/ou enable C$$ on a !olume though ?&ploe. (fte C$$ is enabled, all shaed foldeson the !olume will be shadow copied. /ou can customiGe whee files ae copied to, thelimit that copied files can take up, and the inte!al at which copies will be made.

#hough shadow copies, you can eco!e lost, damaged, o o!ewitten files by accessingthe pe!ious !esions of the files cached by the se!e. #he e!ious )opies tab in theopeties dialog bo& of a folde o file lists the pe!ious copies you can access. #hee!ious )opies tab is a!ailable unde the following cicumstances4

$hadow )opies must be enabled on the se!e.

#he client must ha!e the $hadow )opy client softwae -installed to the

Esyste!rootE$ystem32)lients#wclient&KL folde on the Windows $e!e2003 system.

/ou must access the file@s popeties though a shaed folde -if you access the

popeties fo a file on the local machine, the e!ious )opies tab won@t bea!ailable, e!en if the file is shaed and C$$ is unning.

S*stem Recover* Facts

Windows offes you se!eal diffeent ways to eco!e fom a system failue. =ee aesome methods you can use to eco!e fom system poblems -methods ae listed in thegeneal ode you would pefom when tying to eco!e the system.

7/23/2019 Test Out 2003 (70-290)

46/50

Tool &se

Di!e RollbackUse this tool to uninstall ecent di!e changes and e!et to a pe!ious!esion. 8n De!ice 1anage, edit the popeties of the de!ice.

Iast 'nown

>ood)onfiguation

#his option eboots the system using the last successful hadwae

pofile. =owe!e, it can only be used if you ha!e not logged on afte thelast change.

$afe 1ode

Boots Windows with a limited numbe of di!es and featues enabled.ess %K duing boot to ente $afe 1ode. (fte booting into $afe 1ode,you can use De!ice 1anage to ollback di!es, disable de!ices,uninstall de!ices, o einstall o update di!es.

Reco!ey)onsole

#his is a commandline inteface. Befoe a poblem e&ists, you mustinstall Reco!ey )onsole. 8nstall it by using the winnt32.e&e cmdconscommand to install the eco!ey tools on the system. Use Reco!ey)onsole to fi& boot secto o maste boot ecod -1BR. /ou can alsoemo!e o update system files and epatition had disks.

(utomated$ystem Reco!ey

#his estoes oiginal Windows 2003 $e!e di!es and files as well asfiles fom the ($R backup set.

'eep in mind the following facts about using (utomated $ystem Reco!ey -($R.

/ou need an ($R backup tape set and a Windows 2003 $e!e )D to estoe a

system. Use the ($R diskette with a !alid backup to estoe the system.

#he ($R diskette is a boot diskette that contains limited system configuation

infomation. #he est of the infomation is on the backup tape.

#he ($R diskette contains the (s.sif and (spnp.sif files. )opies of these filesae placed on the system so you can copy them manually.

#o estoe a system, pess the %2 key when pompted and inset the ($R floppy

disk. ($R will estoe disk configuations and install the oiginal opeatingsystem softwae.

/6am 7ectives

/6am 80)290 ,anaging and ,aintaining a ,icroso+t: Windows: Server 2003

/nvironment

#his cetification e&am measues you ability to implement, administe, and toubleshootinfomation systems that incopoate 1icosoft Windows $e!e 2003. Befoe taking thee&am, you should be poficient in the "ob skills listed below.

7/23/2019 Test Out 2003 (70-290)

47/50

; /6am 7ective ,odule)

Section

7/23/2019 Test Out 2003 (70-290)

48/50

Diagnose and esol!e issues elated to compute accounts by

using the (cti!e Diectoy Uses and )omputes 11) snapin.

Reset compute accounts.

20L #oubleshoot use accounts.

Diagnose and esol!e account lockouts.

Diagnose and esol!e issues elated to use account popeties.

2...2

20[ #oubleshoot use authentication issues. 2.Q..2

300 ,anaging and ,aintaining Access to Resources

30 )onfigue access to shaed foldes.

1anage shaed folde pemissions.

[.2[.3

[.Q[.L

302 #oubleshoot #eminal $e!ices.

Diagnose and esol!e issues elated to #eminal $e!ices

secuity.

Diagnose and esol!e issues elated to client access to #eminal

$e!ices.

0.2

303 )onfigue file system pemissions.

Ceify effecti!e pemissions when ganting pemissions.

)hange owneship of files and foldes.

Q.

[.2

30F #oubleshoot access to files and shaed foldes. [.[.2[.3[.F[.Q[.L

>00 ,anaging and ,aintaining a Server /nvironmentF0 1onito and analyGe e!ents. #ools might include ?!ent Ciewe and

$ystem 1onito.2.

F02 1anage softwae update infastuctue. 0.0.2

F03 1anage softwae site licensing. .

F0F 1anage se!es emotely. 0.2

7/23/2019 Test Out 2003 (70-290)

49/50

1anage a se!e by using Remote (ssistance.

1anage a se!e by using #eminal $e!ices emote

administation mode.

1anage a se!e by using a!ailable suppot tools.

F0Q #oubleshoot pint *ueues. P.2P.3P.FP.Q

F0L 1onito system pefomance. .32.2

F0[ 1onito file and pint se!es. #ools might include #ask 1anage, ?!entCiewe, and $ystem 1onito.

1onito disk *uotas.

1onito pint *ueues.

1onito se!e hadwae fo bottlenecks.

[.FP.

P.2P.3P.Q

F0K 1onito and optimiGe a se!e en!ionment fo applicationpefomance.

1onito memoy pefomance ob"ects.

1onito netwok pefomance ob"ects.

1onito pocess pefomance ob"ects.

1onito disk pefomance ob"ects.

2.2

F0P 1anage a Web se!e.

1anage 8ntenet 8nfomation $e!ices -88$.

1anage secuity fo 88$.

K.K.2K.3

?00 ,anaging and Implementing %isaster Recover*

Q0 efom system eco!ey fo a se!e.

8mplement (utomated $ystem Reco!ey -($R.

Restoe data fom shadow copy !olumes.

Back up files and $ystem $tate data to media.

)onfigue secuity fo backup opeations.

L.2.3

Q02 1anage backup pocedues. L.

7/23/2019 Test Out 2003 (70-290)

50/50

Ceify the successful completion of backup "obs.

1anage backup stoage media.

Q03 Reco!e fom se!e hadwae failue.

Restoe backup data.

$chedule backup "obs.

Q.FL.