Info

You can add more comments using the string registry value. The format for comments is < title> n r< Description of the comment> . This is the title of the comment that is separated by a new line or a tab character. A description of the comment follows this character. Refer to Figure 9.37 for an illustration of how this value data is entered. Figure 9.37 Adding Comments to Your Custom Reasons Figure 9.37 Adding Comments to Your Custom Reasons 4. Click OK and close the Registry Editor....

Terminal Services Terminology and Concepts

As noted, back in the days ofWindows NT 4.0, Microsoft sold a separate server product called Terminal Server Edition. In Windows 2000, the Terminal Services feature was integrated into all Microsoft server operating systems.With Windows Server 2003, Microsoft has again included it with their server product line. All versions of Microsoft Windows Server 2003 come with it, except Windows Server 2003 Web Server Edition (the Web Server Edition includes the core terminal service and the Remote...

Using Computer Management to Manage a Remote Computer

Computer Management is available on client and server computers to perform management tasks, and is actually a pre-configured MMC console. To start Computer Management, select Start Settings Control Panel, double-click Administrative Tools, and then double-click Computer Management. Alternatively, right-click the My Computer icon and select Manage. You can also use computer management to connect to another computer (providing you have the appropriate rights). Select Connect to another computer...

The Remote Control

As mentioned in the Terminal Services Manager section of the chapter, remote control is a feature that enables an administrator to connect to, view, and interact with a user's session. It is ideal for remote troubleshooting or educating a user on the proper way to do something without leaving your desk. The default setting on this tab is Use remote control with user default settings, which accepts the remote control configuration settings stored in the properties of a user's account. The second...

Licensing Issues

Your company is open 24 hours a day, seven days a week. Everyone works eight-hour shifts and there are three shifts. All three shifts share the same computers. Over the next six months, you will be rolling out Windows Server 2003 and Windows XP.Your company has 1,500 workstations, 4,500 users, and 50 servers.Which licensing model should you use D. External Connector licensing 10. You have been hired as a consultant to assist a company in migrating from Novell NetWare 5.0 and Windows 95 to...

Q

QDOS (Quick and Dirty Operating System), 3 querying objects, with ADUC tool, 25 question mark ( ), for displaying command syntax, 262 queue length of application pools, extending, 689 Quick and Dirty Operating System (QDOS), 3 quota command, 90 Quota tab, missing, 178 RADIUS (Remote Authentication Dial-In User Service), 33 RAID 2 RAID 7, 153 RAID-5 volumes, 83 creating, 124-127 troubleshooting, 181-183 when to use, 124 RAID level 0, 152 RAID level 1, 153, 867 RAID level 5, 153, 868 RAID. See...

Using Emergency Management Services

During a review of disaster recovery planning at your company, the need to manage your servers remotely when the network has failed has been raised as an issue.You decide to use the Emergency Management Services feature ofWindows Server 2003.To test this, you connect a terminal to the serial port of your Windows Server 2003 computer. However, you find that you are getting no response on the terminal. What is the most likely reason for this A. EMS operates only when the operating system has...

Creating a New Forest

Select Start Run and type dcpromo in the Open field. 2. Click OK to start the Active Directory Installation Wizard, as previously shown in Figure 4.78. 4. You are warned (in the dialog box previously shown in Figure 4.79) that Windows 95 and Windows NT 4.0 machines not running at least Service Pack 4 will not be able to log on to a domain controller running Windows Server 2003. Click Next to accept the warning and continue. 5. Select the type of domain controller to create, as shown in Figure...

The Logon Settings tab

All Terminal Services clients are capable of providing log-on information to the Terminal Services computer. Typically, this includes a user name, password, and domain. The default setting on this tab, Use client-provided logon information, ensures that the credentials passed from the client are accepted at the server. If no credentials are passed, or incorrect credentials are passed, the user will be prompted for valid log-on information. The other major option on this page is entitled Always...

Understanding Remote Storage Concepts

Remote Storage gives you the best of both worlds. It provides fast access to data stored on disks and archival capabilities for data that isn't frequently used, and best of all, it handles switching between the two. It automates the archival process and makes accessing archived data easy for the end user. Consider your personal data. How much of it do you use on a daily basis Could you back up the files you only use occasionally to tape Most people would say, I see the benefit in backing up my...

Using Global Groups

Global groups should be used to manage objects that are likely to require frequent maintenance and management operations, such as user accounts and computer accounts. Global groups are not replicated beyond the boundaries of their own domains, thus changes can be made to global group members without creating large amounts of replication traffic to the Global Catalog servers. (This is in direct contrast to universal groups, as is discussed shortly.) Permissions and user rights that are assigned...

Using EFS Encryption

A user asks you about enabling encryption on a folder he is using on the server. Because he is trying to reduce the amount of disk space used, he has been compressing the data on the folder for several weeks. How can he change the settings on the folder so he can encrypt the contents of his compressed files A. Instruct the user to run the cipher command on the folder using the e parameter. B. Instruct the user to uncompress the files in the folder, enable encryption on the folder, and then...

Using the DialIn

The Dial-in tab, shown in Figure 4.24, controls dial-in and VPN options for the selected user account. This tab contains two main sections, Remote Access Permissions and Callback Options. Remote Access Permissions determine if a user is allowed to connect to the Routing and Remote Access Service (RRAS) server for dial-in or VPN capabilities.The Callback Options controls how the phone call is managed when using a dial-in solution. The Remote Access Permission section includes the following...

Installing and Using the Remote Desktop Connection RDC Utility

The Remote Desktop Connection (RDC) utility (formerly the Terminal Services Client Connection Manager) is the standard client for connecting to Terminal Services, via RDA on a server or Terminal Services on a Terminal Server. It can be used for Remote Administration or full Terminal Server client use. It enables a user to connect to a single server running Terminal Services using the RDP protocol over TCP IP. The utility is installed with the operating system in Windows XP and Server 2003. It...

Defining Access Control

Access control is, quite simply, the process of determining who can access resources in an environment. In the Microsoft world, access control is comprised of physical access, logon access, file access, printer access, share access, and so on. This concept is occasionally referred to in general as security, or the lack thereof. On a Windows 95 or Windows 98 computer, access control is determined by whether you can power on the PC and interact with the keyboard and mouse. The Windows 95 and 98...

Azm

Open a command prompt and run cipher.exe d on the folder. D. Have each user open the folder properties and enable encryption for him or herself on the folder. 13. A user calls because he just e-mailed a file from his work account to his home account to edit at home. He just realized that the file was encrypted. What will he need to do to be able to work with the file at home A. He will not be able to work with the file at home. B. He will need to decrypt the file before e-mailing it to...

Finding Groups on the Global Catalog Server

By default, when you use dsquery.exe group to search for groups, only the domain partition of your domain is searched. Use the gc option to search the global catalog server.The following example shows the previous examples modified to search the global catalog server. dsquery group -desc Microsoft Trainers -gc dsquery group -desc *trainers* -gc dsquery group -name authors -gc dsquery group -name a* -gc dsget group displays the properties of groups in Active Directory. There are two variations...

Vkq

Server roles are a new concept in Windows Server 2003. Even though you might not use the Configure Your Server wizard to implement them, make sure that you are familiar with the different roles. Practice installing and configuring them. Use the file server role to configure disk quotas for users, run the indexing service to make searching for files faster, share folders using the Share a Folder Wizard, and install the File Server Management MMC. A quirk of installing the file server role is...

Using the Performance Utility to Monitor Performance

The main utilities that monitor performance are the System Monitor and the performance logs. These tools provide a graphical user interface to analyze performance data. We will also investigate the command-line tools available in Windows Server 2003.We'll start with the System Monitor. The System Monitor is the primary tool for monitoring system performance. In Windows NT 4.0, it was called the Performance Monitor in Windows 2000, Microsoft changed the name to System Monitor, within the...

Understanding Windows Terminal Services

The Microsoft Terminal Services feature has evolved and undergone major changes since Microsoft first licensed the technology from Citrix. In the beginning, using Terminal Services required purchasing a separate operating system (Windows NT 4.0 Terminal Server Edition). In Windows 2000, it was included with the Server products, but it was a component that required separate installation. In Windows Server 2003, the core service is installed with the operating system. This is to enable...

Using Command Line Tools

Windows Server 2003 also comes with a set of command-line tools to monitor performance monitoring.We investigate perfom.exe, logman.exe, relog.exe, and typeperf.exe tools in this section.You can use command-line tools to monitor performance locally or on a remote computer. The logman.exe command-line utility manages and schedules performance counters.You can also use it to manage and schedule trace logs.You can use this utility on a remote computer provided you have the proper administrator...

Using ADUC to Create Computers

Open Active Directory Users and Computers (Start Programs Administrative Tools Active Directory Users and Computers). 2. Right-click the domain or OU where you want to create a computer account, as shown in Figure 4.56. Figure 4.56 Creating a New Computer Account Figure 4.56 Creating a New Computer Account 3. Click New from the pop-up menu. 4. Click Computer from the pop-up menu. This gives you the window shown in Figure 4.57. 5. Type the name for the computer account in the Computer name...

Managing Security Identity Mappings

You can map an Active Directory user account to a Kerberos Name to be used in a trusted non-Windows Kerberos realm. Active Directory also supports mapping user accounts to X.509 Certificates as shown in Figure 4.30.You have three options when mapping X.509 certificates Map the certificate to one account. This is known as a one-to-one mapping. Map any certificate with the same subject to the user account, regardless of the issuer of the certificate. This is known as a many-to-one mapping. Map...

Creating and Managing Computer Accounts

You have a laptop that you want to join to the domain.Which of the following tools will enable you to create a machine account in Active Directory for your laptop (Choose all that apply). B. Active Directory Users and Computers C. Active Directory Domains and Trusts 0 dsadd.exe creates Active Directory objects (such as computers) from the command line. Active Directory Users and Computers creates Active Directory objects (such as computers) from the GUI. Therefore Answers A and B are...

Creating and Managing Group Accounts

You have a multiple domain forest.You want to use groups to assign permissions to shared resources in a single domain to users through the forest.You will then grant permissions to the network resources by adding users or other groups into these groups. Which group scope should you use 0 Domain local groups can contain other domain local groups in the same domain, global groups from any domain, universal groups from any domain, user accounts from any domain, and computer accounts from any...

Tas

0 whoami.exe displays information such as group membership, SID, and allowed privileges for the currently logged-on user, therefore Answer D is correct. 0 Answer A is incorrect, because dsquery.exe queries Active Directory for all objects that match the specified criteria. Answer B is incorrect, because dsmove.exe moves objects in Active Directory. Answer C is incorrect, because gpresult.exe displays Resultant Set of Policy (RSoP) about users and computers.Answer E is incorrect, because...

Troubleshooting Hardware Devices

You have recently installed an additional network card into your server for users on a new network segment to access the resources. One of the support analysts calls you several weeks later to tell you that users on that network segment cannot access the server.You use Remote Desktop to access the console from one of the other segments. Opening the command prompt you run ipconfig to see that the device is not listed. What should you do A. Configure the network interface to use static...

Monitoring Server Hardware

You have recently installed a new non-PNP device using the Add New Hardware Wizard.You need to configure some resource settings in the device driver but you are unable to find it in Device Manager.You verify that the device is attached and working.You need to complete this task with the least administrative effort. How can you gain access to the device properties A. Restart the system with the Recovery Console. B. Restart the system in Safe Mode. C. Select Resources by Type in Device Manager....

Understanding Server Hardware Vulnerabilities

You are attempting to play an audio file using Windows Media Player on a server running Windows Server 2003.Windows Media Player tells you that the sound device is not working.What could be the cause of the problem A. Your audio file is the incorrect format. B. The speakers attached to the system are not turned on. C. Sound devices are not enabled by default. D. You need to upgrade the version ofWindows Media Player 0 Sound devices are not installed by default on Windows Server 2003 systems,...

Troubleshooting Disks and Volumes

Your company has recently merged with another company named Novig.As part of the merger you are responsible for migrating all of Novig's e-mail to your Exchange servers.You do not want to migrate the mail across the WAN link, because it would be very slow.You send someone to pick up Novig's Exchange server and bring it to you so you can do the migration locally. However, when you turn on the server it has problems starting Exchange. You look in Disk Management (Figure 2.118) and see that...

Understanding and Using Remote Storage

You have a server running Remote Storage on Windows 2000 Server.You need to upgrade the server to Windows Server 2003.You want it to continue to run Remote Storage after the upgrade.Which version of Windows Server 2003 should you upgrade to 0 When upgrading from Windows 2000 Server to Windows Server 2003, you must upgrade to either Standard Edition or Enterprise Edition. Standard Edition does not support remote storage, but Enterprise Edition does, making Enterprise Edition (Answer C) the...

Optimizing Disk Performance

You use Disk Defragmenter to run an analysis at lunch to determine if you need to defragment your servers.The report states that your disk is extremely fragmented and suggests that you run a defragmentation.You don't want to do it during the day due to performance rea-sons.You come in after hours to run your defragmentation, but you get the error message shown in Figure 2.117 every time you open Disk Defragmenter.What could be the cause of your problem Figure 2.117 Running Disk Defragmenter...

Raid

0 A spanned volume (Answer B) provides a 100-percent drive utilization and enables you to combine different-sized disks into one volume. 0 Answer A is incorrect because you want to store everything on one share. If you used simple volumes you would have four different drives and each one would be shared out separately. Answer C is incorrect because a striped volume requires that all disks have the same amount of unallocated space. Because all our disks are different sizes, a striped volume...

Understanding and Managing Physical and Logical Disks

Users have been complaining that printing is slow.Your print server is currently using basic disk. All spooling takes place on a primary partition.You want to create a dynamic volume to see if it increases your performance.Which of the following volume types should you create 0 A striped volume (Answer C) provides the fastest read and write access of all the dynamic volumes. 0 Answer A is incorrect because a simple volume would not have any better performance than the primary partition you are...

Using Disk Management Tools

You add two new SCSI drives to your test server.You decide that you want to use diskpart.exe to create a new volume on each drive. Every time you type a command you get a message back saying that no disk is selected.What is the cause of your problem A. You need to set diskpart.exe to focus on a disk. B. You need to go into the disk management MMC and enable the ability to use diskpart.exe. C. You are having hardware problems with your new disks. D. Diskpart.exe does not work with SCSI disks. 0...

Installation and Upgrade Issues

You have three Windows 2000 servers that need to be upgraded to Windows Server 2003. Two of your servers are running Windows 2000 Advanced Server, and one is running Windows 2000 Server. All three servers need to be running Windows Server 2003 Standard Edition. Which of the following steps should you perform (Choose two answers.) A. Upgrade the servers running Windows 2000 Advanced Server to Windows Server 2003 Standard Edition. B. Upgrade the server running Windows 2000 Server to Windows...

The Windows Server Family

Your company has decided to get rid of all their fax machines. Now, instead of each department having its own fax machine, everyone will share the same fax server. This fax server will allow you to send and receive faxes from within Outlook. Faxing is an important aspect to company business, so you have been tasked with making the Exchange e-mail servers as fault tolerant as possible.You decide to put in a two-node Windows Server 2003 cluster. Each node will have four processors and 2GB of...

Self Test Questions Answers and Explanations

This appendix provides complete Self Test Questions, Answers, and Explanations for each chapter. Chapter 1 Overview of Windows Server 2003 1. Your company has decided to put in a Windows-based Network Address Translation (NAT) server.Your boss wants to use Windows 2000 if possible because you already own a license for it.You have been tasked with determining ifWindow 2000 will suffice, or if you need to go with Windows Server 2003.Which of the following required protocols will help you...

Self Test

Defining and Understanding Disaster Recovery 1. A small company uses a single Windows Server 2003 machine to provide resources and services to users of the network. During a power failure, the drivers for the network card and graphics card for this server are corrupted.You want to connect to this server remotely so that you can repair the damage. Which of the following will you use to fix these problems 2. You are using the Special Administration Console to repair a Windows Server 2003 computer...

Exam Objectives Fast Track

Defining and Understanding Disaster Recovery 0 A disaster recovery plan provides procedures for recovering from a disaster after it occurs and addresses how to return normal Information Technology functions to the business. 0 Best practices should be followed when developing a disaster recovery plan. These include developing and implementing a backup plan, keeping installation CDs handy, using Emergency Management Services, installing the Recovery Console as a startup option, and specifying...

Summary of Exam Objectives

Disasters can occur at any time, and can result from any number of causes. To prevent disasters from causing extensive damage, you need to identify the types of disasters that can affect your business, and then implement plans and policies to deal with them effectively. Such plans include information on how to perform backups and restore data, recover from server problems, and address other issues that can make the business unable to function. Windows Server 2003 provides a number of tools that...

Understanding Access Control

A user attempts to open a file on the network. The user is not listed explicitly in the SACL for the file or its containing folder, nor are any of the groups to which the user belongs. What happens when the user attempts to open the file A. The user is denied access to the file. B. The user is granted access to the file and an audit is triggered upon access. C. The user is granted access to the file and no audit is triggered. D. The user is granted read-only access to the file. 0 Answer C is...

Using Management Tools

You are a consultant and you work for several companies at one time.You keep your laptop in a workgroup because you are at a different company every day.You want to use Stored Usernames and Passwords to add credentials for each of the companies' domains so that you don't have to manually authenticate every time you map drives and print. Which tool would you use 0 cmdkey.exe manages Stored Usernames and Passwords from the command prompt, therefore Answer F is correct.To add a set of credentials,...

Domain Recovery Policies

You can control the EFS environment for your organization through Group Policy. Domain-level Group Policy settings can enforce a recovery policy, specify recovery agents for the domain, and restrict users in the domain from using EFS altogether. To view or configure EFS settings in the domain, follow these steps 1. Open Active Directory Users and Computers. 2. Right-click the appropriate domain and select Properties. 4. Select the appropriate policy object from the list and click Edit. 5....

Recovering from Server Hardware Failure

Recovering from disasters isn't limited to being able to restart the server or restore deleted files. Anyone who's ever had hard disks fail and lost important data can testify to the importance of a computer's capability to recover from hardware failure. Similarly, if a server becomes unavailable due to a major problem, network users are unable to access resources. To deal with the possibility of hardware failure,Windows Server 2003 natively supports different methods of recovery, including the...

Installing and Configuring Server Hardware Devices

You have recently installed a new device into the system.You cannot locate an entry for the device in Device Manager, nor have you been prompted to install device drivers at any A. Use Windows Update to locate and install an updated version of the device driver. B. Copy the device drivers to a directory in the device driver search path. C. Use the Add New Hardware Wizard to install the device drivers. D. Change the Driver Signing Policy options from Ignore to Warn. 0 The device is a...

Using Group Policy to Set User Rights

You have read several times in this chapter that you should apply security configurations to groups and not to users. This holds true for user rights as well. Wherever possible, user rights should be granted to a group and not an individual user object. If you are logged on to a domain controller, the most direct way to assign user rights is through the Domain Controller Security Policy.You can find the link to this in the Administrative Tools folder, either in the Control Panel folder or in...

Creating and Managing User Accounts

You have an administrator named Jeff who cannot log on to any of the servers.You are able to log on to all the servers with no problem. Jeff can log on to his two workstations without any problems.You verify that Jeff has the correct rights to log on to the servers.You think that someone has changed the properties ofJeff's user account to play a joke on him.What could be the cause of the problem A. Jeff's log-on hours have been changed. B. Jeff's log-on workstations have been changed. C. Jeff's...

New Security Features

IIS 5.0 and earlier versions were constantly patched up by HotFixes from Microsoft. IIS was once considered one of the main security holes in Windows architecture. This was a major deterrent to using IIS as a commercial Web server. IIS 6.0 comes with an impressive list of new security features designed to win back commercial users.You will learn about these new features in the next sections. Advanced Digest authentication is an extension of Digest security. Digest security uses MD5 hashing to...

Eventcreateexe

The eventcreate.exe utility creates an event in a specified event file.The valid event files are Application and System logs.You cannot enter events in the Security log with this utility. You must have administrator access to use this utility to enter entries into the application and system logs. The Application log is the default log file for this utility. The log file in which the event is to be entered is specified by using the l switch.The syntax for the command is shown below.The available...

Becoming Familiar with Using Command Line Tools

Before we dive into the various commands, we'll cover command-line syntax in general. If you are a pro at using command-line tools, you may want to skip ahead to the next section (Using dsadd.exe), because you may find this section fairly basic. For the rest of you, we hope this will make using command-line tools a joy instead of a burden. Using command-line tools can be difficult at times. The sticking point for most people isn't figuring out which tool to use. The problem is making sense of...

Specify Group Policy

Click Start Run and type mmc to open an empty management console. 2. Select Add Snap in from the File menu and click Add. 3. Select Group Policy Object Editor and click Add. 4. In the Select Group Policy Object dialog box, click the Browse button to select the correct GPO for the domain or organizational unit. The GPO opens in the Group Policy Object Editor. 5. To specify the file auditing policy, navigate to the Computer Configuration Windows Settings Security Settings File System node in the...

Understanding Event Logs

In this section, we discuss the Event Viewer format and examine the way information is presented in each log. Every event log entry is comprised of several pieces of information. These components are listed in Table 9.5. All of these components can be enabled or disabled by using the View Add Remove Columns menu item. Table 9.5 Columns Available in Event Logs Column Name Description The date the event occurred. This is stored in Universal Time Coordinate (UTC) format, but the date is displayed...

Using Terminal Services Administrative Tools

0 Terminal Services Manager is the primary session management tool. It enables an administrator to monitor, connect to, disconnect from, log off, remotely control, and reset sessions. 0 The Terminal Services Configuration utility is used to create listener (RDP-Tcp) connections on the server and configure server settings that apply to all users who use a particular connection. There can only be one listener connection bound to each network card. 0 Connections can be used to control a wide range...

Iisvdirvbs

The iisvdir.vbs command enables us to create virtual directories for a specific Web site.We can use create, delete, and query switches on this script. It is important to clarify that this command does not generate any new code or physical directories. This command will basically instruct the IIS configuration to point at existing directories and refer to it as a local directory of the Web site. This switch will create a new virtual directory. The following example illustrates the syntax. Table...

Understanding the Interaction of Share Permissions and NTFS Permissions

When a user accesses data through a file share, the share permissions and NTFS permissions both impact the level of access the user has to the files and folders in the share. The user access level is determined by the more restrictive access defined by the total cumulative permissions in either the share or NTFS security. This is easy to understand if the NTFS permissions are more limited, but many new system administrators can get confused when the share permissions are more limited.You need...

Uva

You have recently installed an additional network card into your server for users on a new network segment to access the resources. One of the support analysts calls you several weeks later to tell you that users on that network segment cannot access the server.You use Remote Desktop to access the console from one of the other segments. Opening the command prompt you run ipconfig to see that the device is not listed.What should you do A. Configure the network interface to use static instead...

Understanding How Permissions Are Inherited

When setting NTFS permissions on a folder, those permissions are automatically transferred to all files and subfolders within the folder. This is by design otherwise, you would have to set permissions on every folder on the disk to control access, and that would place a huge burden on system administrators who would have to keep up with all the changes they would have to make each time some folder setting was modified. Say that you create a folder on your server and name it Public.You then...

Using cmdkeyexe

Cmdkey.exe enables you to manage Stored Usernames and Passwords from the command prompt. It displays, creates, and deletes stored usernames and passwords. cmdkey.exe uses the following syntax. (Table 4.4 displays the syntax for cmdkey.exe in detail.) CMDKEY add generic targetname smartcard user username pass password delete targetname ras list targetname Table 4.4 Understanding cmdkey.exe Syntax Table 4.4 Understanding cmdkey.exe Syntax Adds a username and password to the list. Adds generic...

Using New Command Line Tools

Windows Server 2003 introduces a number of command-line-based scripts to manage printers. If you have large numbers of printers on your network with many servers, using these new command-line scripts in batch files can save you a lot of time compared with using the graphical interface. The scripts are written in Visual Basic and have to be run in a command window using cscript, as in this example cscript prncnfg.vbs. It isn't necessary to include the .vbs extension. But using cscript is...

U

(UTF-8), 664 universal groups, 319, 320-323 determining changing, 343 using, 346 universal serial bus devices, support for introduced with Windows 95b, 7 UNIX, IIS troubleshooting and, 691 unreadable disk error message, 173 upgrading to Windows Server 2003, 52 benefits drawbacks of, 50-53 UPN name suffix, changing, 282 URL authorization, for IIS 6.0, 661 USB devices, support for introduced with Windows 95b, 7 user account extensions, 560-564 user accounts, 256, 277-317 creating automating for...

Working with Volume Shadow Copies

Volume shadow copies are used to provide copies of data at a given point in time. Users can view the contents of shared folders and see previous versions of data. This enables them to use these copies as if they were restoring a backup of data from an earlier time. When shadow copies are made of shared folders, there are a number of benefits. If a file was deleted or corrupted in some way, you can open the previous version and copy it to the original location or another location. This also...

The Client Settings

Remember that when you connect to a Terminal Services session, you are really working on the server. The desktop that is displayed on your local system reflects what is happening on the server.When you open Windows Explorer, the local drives displayed are actually the server's disk drives. The Client Settings tab contains a number of settings that can be used to make your local client resources (disk drives, printers, bar code scanner, etc.) also available from within your session. As with many...

Activating Windows Server

Unless you are using Volume Licensing for Windows Server 2003, you will at some point have to activate a server. You can activate over the Internet or via the phone. Use the following steps to activate over the Internet. These steps are based on using the new LUNA interface of Windows Server 2003. If you are using the classic Start menu, the first steps will differ. 3. Click on Activate Windows. This will open the Activate Windows screen as shown in Figure 1.14. 4. Select Yes, let's activate...

W

WANs (wide area networks),Terminal Services and, 490 warnings, as event type, 760 WBEM (Web-Based Enterprise Management), 595 WBTs (Windows-based Terminals), 490 Web-Based Enterprise Management (WBEM), 595 Web browsers, managing servers remotely via, 591-593 Web Distributed Authoring and Versioning (WebDAV), 658 Web Edition (of Server 2003), 45 IIS and, 646 Web servers, managing with IIS 6.0, 645-719 Web Service Extensions, 650 configuring security settings for in IIS, 684-686 creating managing...

Using Control Panel Applets

Certain Control Panel applets expose hardware status information as you work with the functional properties that involve those devices. When it comes to actually managing the hardware side, these applets often bring you back to Device Manager's Properties dialog boxes to do actual management. Applets that involve this sort of functionality include Network Connections, Mouse (shown in Figure 3.16), Keyboard, Sounds and Audio Devices, and more. Figure 3.16 Mouse Control Panel - Hardware Tab

Exam Warning

Do not confuse striped volumes with RAID-5 volumes (formerly known as stripe sets with parity). Striped volumes (without parity) do not provide fault tolerance. Their purpose is to increase the speed of read and write access to a volume. Figure 2.6 Understanding Striped Volumes Disk 0 Disk 1 Disk 2 Disk 3 Figure 2.6 Understanding Striped Volumes Mirrored volumes require exactly two disks and these two disks should be identical. Not only should they be the same size, but Microsoft recommends...

Manage Software Site Licensing

Microsoft based the Windows Server 2003 licensing structure on Windows 2000's structure. However, they have changed some things.This section is not the end all be all when it comes to Microsoft licensing. This section is meant to serve as a guide on the basics of Windows Server 2003 licensing. To order licenses, contact your Microsoft Software Advisor. In the United States, call (800) 426-9400, or visit the Microsoft Licensing Program Reseller Web page In Canada, call the Microsoft Resource...

Public Key Cryptography

Public key cryptography is a significant improvement over secret key cryptography. In the secret key method, only one key is needed to encrypt and decrypt data, but both parties must have the secret key. Managing and keeping track of changes to secret keys is a difficult process, and whoever has a copy of the secret key, no matter how they acquired it, is able to decrypt any data encrypted with the secret key. In public key cryptography, a pair of keys are assigned to a user. These keys are the...

Ensuring Your Device Drivers Are Digitally Signed

Ongoing changes to the server environment bring the risk of critical system files being replaced. One of the advantages of using digitally signed device drivers is that there are several tools to help ensure that they remain intact on a continuous and on-demand basis. These tools include the following File Signature Verification tool Windows File Protection (WFP) helps protect critical system files from being replaced or corrupted by other processes. Protecting these files helps the system...

Rei

Access control, 409-485 how the process works, 412 terminology of, 411 troubleshooting, 444-447 guidelines for, 445 See also security reliability Access Control Entry (ACE), 411 Access Control Lists (ACLs), 661, 665 types of, 411 access tokens, 412 Account tab (ADUC tool), for user accounts, 282-285 ACE (Access Control Entry), 411 ACLs. See Access Control Lists activating Windows Server 2003, 48-50 active command, 88 Active Directory (AD), 2, 16, 22, 258 clustering integrated with, 31 computer...

Understanding Disk Terminology and Concepts

Your domain controller currently has one 36GB dynamic disk.You want to add another disk and configure both disks into a mirror to provide fault tolerance for your domain controller. You shut down your sever and add the disk. After starting Windows, you go into the disk management MMC and verify that the disk is there. It shows up as unallocated space.You right-click on the C drive, but Add Mirror is grayed out.You cannot select it.What could be the cause of your problem A. You need to format...

Implementing RAID Solutions

There are several options for setting up a RAID environment.You can use either software-based RAID or hardware-based RAID. Software-based RAID is more cost effective because you don't have to purchase anything extra, but it works only in certain situations and performance is not as good.You cannot easily change from one RAID type to another. If you want to change you must do the following 2. Erase your existing RAID configuration. 3. Create a new RAID configuration. 4. Restore your data from...

Understanding and Using Access Permissions

The employees in Marketing access their shared data through a share named Marketing, which gives them access to read, write, create, and delete files in the folder. They have created a new folder in the shared folder named Public. They have asked you to create a new share to this public folder so they can make the contents of the folder available to the entire company, yet restrict access so only marketing employees can modify any of the files in this new share. How will you set up the...

Revised IIS Architecture

Internet Information Services (IIS) is Microsoft's Web server product. IIS 6.0 is included with all versions ofWindows Server 2003.With this new version, Microsoft has made great leaps in the area of IIS reliability, availability, management, and security. IIS 6.0 was designed so a problem with one application won't cause the server or other applications running on the server to crash. It provides health monitoring and disables Web sites and applications that fail too frequently within a...

Using New IIS Command Line Utilities

The iisftp.vbs command can be used to create, start, stop, pause, and list FTP sites in IIS 6.0 server.You have been experimenting with this command.What will be the outcome of an iisftp query command-line invocation A. An error will come up. It is not a valid command because the .VBS extension is not present. B. An error will come up.You haven't listed the FTP site name to query on. C. A list of all FTP sites will come up. D. The information for the query FTP site will come up. 0 The query...

Add An Audit Setting for Files and Folders

Open Windows Explorer Start Accessories Windows Explorer . 2. Navigate to the file or folder you on which you want to enable audit policy. Select the c test directory for this exercise. 3. Click Properties and navigate to the Security tab. 4. Click the Advanced button and select the Auditing tab. Your screen should be similar to Figure 9.21. The existing audit entries on the folder are displayed. You can select the Edit button or the Remove button to modify the existing properties or remove...

Creating the Certificate Authority Hierarchy

The first step in creating the CA hierarchy is installing the root CA, the highest point of trust in the organization. If the root CA is the only CA in the hierarchy, it will issue certificates to all objects in the PKI. If the structure is larger, the root CA can issue certificates to other CA servers alone, or it can be used to serve users and computers as well although the latter scenario is not recommended .The root CA generates a self-signed certificate that will be used to authenticate...

Using the Members

A group's Members tab is shown in Figure 4.38.This lists all the members of the group. It shows the members' names and locations in Active Directory. Click Add to add members to the group.This gives you the window shown in Figure 4.39.Type the name of the account user or group you want to make a member of the group and click Check Names to verify that the user or group exists and that the name is spelled correctly. Click OK to add the account to the group. Figure 4.38 Understanding a Group's...

Adding a User to a Group

Right-clicking a user account and choosing Add to a group gives you the window shown in Figure 4.29.This window enables you to add the selected user account to a group. Type the name of the group and click the Check Names button to verify that the group exists. If the group exists and you spelled it right, it will be underlined. Click OK to add the user to the selected group. Figure 4.29 Changing Group Membership

Installing the Remote Desktop Web Connection Utility

Rdp Printers Dialog Box

The Remote Desktop Web Connection utility does not install automatically with IIS6. It is not available for installation from the Configure Your Server Wizard, but must be added using Add or Remove Programs from Control Panel in the Windows Start menu. To install it, follow these steps 1. In the Add or Remove Programs utility, click the Add Remove Windows Components button on the left side of the screen. A Windows Setup pop-up dialog box will briefly appear, followed by the Windows Components...

Using the Object

There is nothing to configure on the user's Object tab, shown in Figure 4.25.This tab shows you the location of the object in Active Directory the Canonical name . It shows you the type of object you are looking at Object class . It shows you when the object was created and when it was last modified. For replication purposes, the Object tab also lists the current and original Update Sequence Numbers USNs . Active Directory uses USNs to determine what directory changes need to be replicated...

Objective

Table 4.9 Understanding the for Command Value Description variable Specifies a single-letter replaceable parameter. set Specifies a set of one or more files. Wildcards may be used. command Specifies the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. Shows the help for the For command. There are many more options available that are not listed here due to length. Simply put, the for command enables you to instruct a command such...

Managing User Accounts Via the PopUp Menu

We just saw in detail how to use ADUC to manage user accounts by going to the properties of the user and working through each tab. Some items can be managed quickly via the pop-up menu when you right-click a user account name in the right details pane, as shown in Figure 4.27. Figure 4.27 Administering User Accounts Figure 4.27 Administering User Accounts You can perform the following tasks by right-clicking on a user Copy Copy certain properties of the user account to be used when creating a...

Using the General

The General tab of a group's properties is shown in Figure 4.37. Use this tab to change the group's name and description. Always give your groups a descriptive name and fill in the description. Use the Notes field to key in additional information about the group, such as the group's point of contact, who created the group, why the group was created, etc. If the group is mail-enabled for Exchange 2000, the E-mail field is automatically populated with the primary e-mail address of the group.The...

Using dsaddexe Group

Dsadd.exe enables you to quickly add multiple groups. In this section, you learn the syntax for dsadd group. Like the other dsadd commands, there is a lot of syntax for this command. The syntax for dsadd group is as follows, and available switches are explained in detail in Table 4.12. dsadd group lt GroupDN gt -secgrp yes no -scope l g u -samid lt SAMName gt -desc lt Description gt -memberof lt Group gt -members lt Member gt -s lt Server gt -d lt Domain gt -u UserName gt -p lt Password gt -q...

Ij

Q How can I connect to, view, and interact with the console session using Terminal Services A The Remote Desktop MMC snap-in is designed for administrator use. It enables connection to multiple Terminal Services computers, in addition to defaulting to console session access.You can also connect to the console from the command line by typing mstsc console. Q Is Remote Assistance a part of Terminal Services or a separate component A Like Remote Desktop for Administration, Remote Assistance exists...

L

-uc -uco -uci -part lt PartitionDN gt Shows the user's home drive letter if home directory is a UNC path . Shows the user's profile path. Shows the user's logon script path. Shows if the user must change his her password at the time of next logon. Displays yes or no. Shows if the user can change his her password. Displays yes or no. Shows if the user password never expires. Displays yes or no. Shows if the user account is disabled for logon or not. Displays yes or no. Shows when the user...

Gb Gb

Set the criteria for managing free space on the volume with the Volume Settings dialog box shown in Figure 2.101. Click Next to continue. 5. Next you will be asked to choose which media type to use, as shown in Figure 2.102. For this exercise, select Removable media and click Next to continue. Figure 2.101 Managing Free Space on Your Volumes Figure 2.101 Managing Free Space on Your Volumes 6. The last item to configure is the schedule for copying files, as shown in Figure 2.103. To accept...

Extending a Basic Volume

Even though you cannot use Disk Management to extend a basic volume, let's open it anyway so that we can see our volume as it gets extended. We will use diskpart.exe to actually do the extending. For this exercise we will be extending the primary partition F on Disk 2. 1. Open Computer Management by right-clicking My Computer and choosing Manage. 2. Expand Storage and click Disk Management. This will give you the window shown in Figure 2.37. Use this window to see the before and after of...

Understanding How EFS Works Under the Hood

Instead of using passwords that the user must remember each time he or she wants to access a file, EFS uses a system of keys based on public key technology.When a user encrypts a file on an EFS-enabled NTFS volume, several keys are created related to the file. First, if the user does not have a digital certificate suitable for EFS, one is automatically created by the system, which also generates a public key for the user based on the certificate. Next, a randomly generated key is created and...

Installing the Remote Desktops MMC SnapIn

To prepare the Remote Desktops MMC snap-in for use, you begin by opening a blank MMC console. Click Start Run and type MMC in the Open dialog box. In the MMC window that appears, click File Add Remove Snap-in. In the Add Remove Snap-in dialog box, click the Add button. Select Remote Desktops from the Available Standalone Snap-ins list in the Add Standalone Snap-in dialog box and click the Add button followed by the Close button. In the Add Remove Snap-in dialog box, click the OK button. Remote...

Enabling Auditing of Object Access

In addition to defining an audit policy as you learned to do in the exercises, you must enable auditing on each particular object for which you want to audit access. In this section, we will discuss how to enable auditing on objects, files, and folders. Objects include Registry keys, printers, files, folders, and so forth. Every Windows object has a security information object attached to it. It is referred as the security descriptor of the object. The security descriptor contains permission...

System Configuration Utility

The System Configuration Utility helps you diagnose services that are related to startup and that can cause issues. It is geared more towards system services as opposed to device drivers, but can be useful because some devices include services as well as more traditional device drivers. To access this tool, at the command prompt or Run option on the Start menu, type msconfig.exe and press Enter. After you open the tool, you will notice a variety of options that can be used to configure the...

Adding a New Connection

Now that you've created the new MMC, it's time to learn how to configure it to connect to Terminal Services on your servers. Begin by right-clicking the Remote Desktops node in the tree view on the left side of the utility. From the context menu that appears select Add new connection. This will open the Add New Connection window, as shown in Figure 6.9. Figure 6.9 The Add New Connection Dialog Box in the Remote Desktops MMC Snap-In Figure 6.9 The Add New Connection Dialog Box in the Remote...

Monitoring Performance

You need to query your memory trace file. The file is called test_log and it is stored in the root of the C drive.You are thinking of using the relog.exe command-line utility to extract the data to a .csv file called out.csv that also resides on the root of C drive.You are thinking of reading the log data in chunks of 10 records at a time.What will be your command-line instructions to execute this scenario A. relog.exe C test_log.blg -config Memory Available Bytes o C out.csv t 10 f csv B....

Troubleshooting Fragmentation Problems

Disk fragmentation is inevitable if you ever delete files, install programs, or otherwise use the computer for normal tasks. To optimize disk performance, you should defragment your disks as often as needed.This section covers some of the common problems that you might encounter related to disk fragmentation and the defragmentation process, including the following Computer is operating slowly. The Analysis and Defragmentation reports do not match the display. Volumes contain unmovable files....

Using the New Hardware Wizard

The New Hardware Wizard is used to install device drivers for non-PNP devices.You can also use the wizard to install drivers for any PNP device for which you did not have the suitable device driver at the time it was connected to the system.The latter scenario is actually handled by the Hardware Update Wizard, which is invoked from within the New Hardware Wizard. You need the following rights to use the New Hardware Wizard by default, members of the local Administrators group hold these...

Creating a Backup Plan

Members of the organization store files on a Windows Server 2003 computer. Each department has its own folder, with subfolders inside for each employee within that department. A complaint has been made about an employee having non-work-related files on the server that are considered offensive. Upon checking the contents of that person's folder, you find it to be true.You want to back up the entire contents of this folder, without affecting the backups that are performed daily. What will you...

Assigning User Rights

In this exercise, you will go through the steps necessary to assign the capability to log on to a terminal server to an Active Directory group. You have just set up a new Windows Server 2003 computer and configured it to run as a terminal server. Now the employees in the Sales department want to be able to access the terminal server when they are on the road. 1. Open Start Programs Administrative Tools Domain Security Policy. 2. Expand the Local Policies object in the left pane. 3. Select the...