I recommend MCSE Windows 2000 Professional Exam Prep (Exam: 70-210) along with this study guide to study for the 70-210 Windows 2000 professional exam.
Installing Windows 2000 Study Guide:
Installation files for Windows 2000 are located in the I386 folder on the CD-ROM.
WINNT.EXE is used for standard installation on Windows 2000 new install.
WINNT32.EXE is used only for upgrading from previous versions of NT.
Unattended Installation:
Unattended installations use an answer file to provide answers to the questions that Windows 2000 asks during the installation process.
Setup Manager creates the files needed fo ran unattended installation. Setup manager is located in the tools directory of the CD ROM
UNATTEND.TXT – provides answers to questions asked during installation for questions that are the same for each computer (hardware, time zone, etc…).
Uniquess Database File (UDF) – provides the answers that must be different for each installation (such as the computer name)
Five levels of user interaction for unattended installs:
Provide Defaults - Administrator supplies default answers and user can accept or make changes.
Fully Automated - No user input or prompts.
Hide Pages - Users can only interact with setup where Administrator did not provide default information.
Read Only – Users can see all answers, but can not change administrative defaults
GUI Attended - Only automates stage two of setup. All other stages require interaction.
To run a unattended install when booting from CD, you must name your answer file WINNT.SIF, as this is the file specified on the CD. Place the file on a floppy disk, and place it in the drive.
SYSPREP:
The sysprep tool is designed to prepare an operating system for third party imaging software. Install Windows 2000 with all needed software, and then run SYSPREP to strip away specific information. Use third party software to image the OS, and then transfer that image to another computer. When you boot, you will be in the GUI installation screens.
Run sysprep with the -pnp parameter to prepare image to detect new hardware on first boot.
Run sysprep with the -nosidgen parameter will leave the SID in the image.
Remote Installation Service:
RIS allows a client computer to boot into a network, receive an IP address, and receive a new installation of Windows 2000 Professional. In order for RIS to operate, You must have:
- A RIS server with a second hard drive to hold the installation files
- A DHCP server to assign IP addresses to the new computers
- Active Directory (which requires DNS on your network)
- PXE compliant (boot ROM) clients or client boot disks (made using RBFG.EXE)
RIS can Install using the standard Windows 2000 Professional Installation files, or by using a pre-configured image file prepared using RIPREP.
If DHCP does not have enough IP addresses for the RIS clients, then some installations will fail.
Windows 2000 Disk sets:
Windows 2000 Installation disk set: A set of four disks used to run the installation process from the CD-ROM. This set is created by using the MAKEBOOT command from the CD.
Windows 2000 Boot disk: A windows 2000 boot disk is a single floppy disk that points to the location of the operating system on your computer.
Emergency Repair Disk: A non-bootable disk that contains information on registry settings and system files. The ERD is used by first booting with the CDROM (or install disk set) and choosing the Repair option.
Network Boot Disk: A network boot disk is a DOS based client disk that allows a computer to boot from floppy disk, and log into a domain and map a network drive. It is used to begin network installations.
Administration of Resources:
Managing your computer:
Use the Shares tool in Computer Management (System Tools) to view all the shares available on your computer, including paths, open files, and users connected.
Windows Installer:
Windows Installer runs as part of a Domain or OU Group Policy Object (GPO). When you specify software to be deployed, you specify an MSI file for use with the deployment (this is referred to as packaging and deploying an .MSI file). The MSI file is provided by the software vendor. Clients must have at least READ permission to the installation files.
An MST file is for deploying changes to an existing application.
Windows Installer allows you to publish or assign files to clients. If you assign a software package, clients will be forced to install the package at logon. If you publish the software, it will be added to their add/remove programs list (in control panel)
Managing file systems:
File Systems are managed through the Disk Management tool in the Computer Management console.
NTFS - provides security and reliability. Every file and folder on an NTFS partition has an Access Control List (ACL) that allows access to be restricted by users or groups. NTFS also offers advanced features such as disk compression, disk quotas and encryption.
FAT32 used for dual booting between Windows 2000 and Win 95/98). Windows 95/98 cannot read NTFS, and will not recognize the partition.
FAT (FAT16) - Only used for dual booting with DOS.
Compression only works on an NTFS partition. When you copy a compressed file to a FAT drive or floppy disk, it will loose it’s compression attribute. Use another program to compress files on to floppy disk.
Convert.exe is used to convert a FAT, FAT32, or HPFS file system to NTFS. NTFS partitions cannot be converted to FAT or FAT32
An existing NT 4.0 NTFS system partition will be upgraded to Windows 2000 NTFS automatically. If you wish to dual-boot between NT4.0 and 2000 you must first install Service Pack 4 on the NT4.0 machine. This will allow it to read the upgraded NTFS partition, but advanced features such as EFS and Disk Quotas will be disabled.
When Disk Quotas are enabled, they apply to an entire drive. If a user reaches their disk quota for a drive, the only options are to increase their disk quota, or to have them remove files from that drive. File compression has no effect on a user’s quota limit.
With NT4 and 2000 on the same computer, only the users who boot into Windows 2000 will be affected by quotas. Windows NT 4.0 won’t recognize quotas on the same machine.
Offline files allow a user to cache shared network files on their client computer for use when they are no longer connected to the network. Once you set up a directory for offline use, your computer will synchronize files from the server when you log off the network. A Windows 2000 server can be set to not permit caching of offline files on shared directories by viewing properties in Windows Explorer.
Troubleshooting Hardware Devices and Drivers
Drivers:
Use the Add/Remove hardware applet in control panel for all hardware driver installation and removal.
Never use the vendor-provided installation program: only WDM compliant drivers.
Windows 2000 allows the administrator to deny the installation of non-WDM compliant device drivers through the use of driver signing. A WDM compliant driver has met the standards for Windows 2000. This setting must be applied as system default setting for all computers in your network.
Driver Signing compliance modes:
Ignore - Install all files, regardless of file signature.
Warn - Display a message before installing an unsigned file.
Block - Prevent installation of unsigned files.
To disable a hardware device, you must use the disable command in device manager. This leaves the driver installed, but Windows 2000 will not use it. If you remove the device, Windows 2000 will detect the device, and re-install the driver.
To use a CDROM over a parallel connection, check the “enable legacy plug and play detection” box.
You can add support for a second processor to the Windows 2000 kernel by adding the appropriate driver.
The BIOS based virus checker on most computers may interfere with Windows 2000 installation because Windows 2000 changes the master boot record. It is best to turn it off.
Printers:
To change spooler settings, use the Print Server Properties dialog box, and choose the directory that you wish the print spooler to use.
To redirect print jobs to another printer, add a port to your printer, and enter the NetBIOS name of the other printer for that port (ex: \\printserver\printer )
System recovery:
- If your system fails to boot because of incorrect display driver settings, you can boot into safe mode and correct display driver settings
- If your system fails to boot because of an improperly installed driver, you can use last known good configuration or recovery console to fix it.
- If your system fails to boot because of a modified registry entry, you can repair using last known good configuration or perform emergency repair
- If your system failed to boot with the error “missing or corrupt NTOSKRNL.EXE”, you have an incorrect entry in your BOOT.INI file. Use Windows 2000 boot disk or fix BOOT.INI
- If your system failed to boot because of problems encountered during an installation
Last known good configuration is updated at the CTRL+ALT+DEL to log in message. If your computer boots past that point, then it is too late to use the last known good configuration.
Recovery Console and Emergency Repair process are both started by booting to the Windows 2000 CDROM, or using the Installation Boot Disk set.
Recovery Console is only available once installed using winnt32 /cmdcons
System Performance
Backup
Select the “Backup System State” option in Windows Backup to ensure that your registry, boot files, and COM+ Objects are also backed up when you perform a backup operation.
Desktop Environment:
Multiple language settings are changed in the Regional Options applet in Control Panel. Access Input Locale tab in Region Options to add more locales. Check each language you want your system to support.
To turn off the Logoff option from the Start Menu, you must clear the Display Logoff option from the Advanced Tab of the Taskbar & Start Menu properties, and clear the personalized menus box.
Accessibility Options will shut off after a short idle time (5 minutes) unless you uncheck the “Turn off Accessibility Options if Idle” check box in Accessibility Options in Control Panel.
Profiles:
Profiles are stored in the Documents and Settings directory by default. If your computer was upgraded from NT 4.0 then your profile will be located in the \WINNT\PROFILES directory.
To make your profile into a roaming profile, you must specify a profile path for that user account. For local user accounts, use the Users
When a user first logs on to a computer, they will have the Default User profile copied to a profile in their name. The everyone group should have access to the default user folder.
Network Protocols and Services:
TCP/IP
The default gateway setting is the address of your router. With an incorrect Default Gateway setting, you will see computers on your subnet, but will not see any computers outside of your subnet.
By default, Windows 2000 computers are set to receive their TCP/IP settings from DHCP
DNS:
If you add domain.com to your DNS suffix search order then when your computer searches for a computer named “server”, it will also try server.domain.com
Remote Access Services (RAS):
When you connect to a RRAS server, you become part of the same network as the RRAS server. You must be assigned an IP address from the same subnet as the RRAS server, and you must have the same default gateway as the RRAS subnet to communicate beyond that subnet.
(PAP) Password Authentication Protocol - Unencrypted password
(SPAP) Shiva Password Authentication Protocol – for Shiva LAN
(CHAP) Challenge Handshake Authentication Protocol – encrypts password, not data – works with most clients and servers
(MS-CHAP) Microsoft CHAP – encrypts password, and data – works with Microsoft clients and servers
(MS-CHAP v2) Microsoft CHAP Version 2 – enhanced MS-CHAP
(EAP) Extensible Authentication Protocol – Used with smart cards or other two-factor authentication
Windows 2000 supports Multi-link. Make sure multi-link is enabled on the server, and the client.
Virtual Private Networks (VPNs)
Security:
User Accounts:
When one user is replaced by another user, you can rename the original user account, and specify that the user must change password at next logon. The new user will have all security settings as the original user, and the original user will no longer have access to the network.
Permissions:
If a user is in a group that is denied permission to a resource, then they will not be able to access that resource, even if they are in another group that has full control.
Scheduled tasks that require certain permissions must be run under the context of a user account that has the necessary permissions to run the task.
Encrypting File System (EFS):
Encrypted files will only exist on a NTFS partition. Encrypted files that are copied to a floppy disk or a FAT partition will become unencrypted. Encrypted files restored from tape will be encrypted. Encrypted files are not encrypted on the network when being transferred from one location to another.
Encrypted files can only be read by the person who encrypted the file, the Domain Admins, and Authorized recovery agents. Encryption is an attribute, and is not part of NTFS security. The same rules apply for copying encrypted files as applies to other attributes.
Some programs written to run under NT4.0 security settings will fail to run under Windows 2000 security settings. You must apply the Compatws.inf security template to ease the security for these programs to run.
Policies:
A Group Policy Object (GPO) can be applied to a domain or OU.
A GPO can be used to re-direct user’s My Documents directory
Auditing:
To log users access to files, directories and printers, Audit object access.
Local Group-Description
Administrators-Can perform all administrative tasks on the local system. The built-in Administrator account is made a member of this group by default.
Backup Operators-Can use Windows Backup to back up and restore data on the computer
Power Users-Can create and modify local user accounts on the computer, and share resources.
Users-Anyone who has an account on the computer is a default member of this group.
Built-in system groups:
Special Groups (apply to users during special conditions):
Everyone-Includes all users, authenticated or not.
Authenticated Users-Includes all users with a valid user account on the computer or domain.
Creator Owner-Includes user account for the user who created or took ownership of a resource.
Network-Includes any user accessing this computer from the network
Interactive-The user who is currently logged on to the computer is in this group
Anonymous Logon-Any user that Windows 2000 didn't authenticate.
Dialup-Any user who is connected through a dial-up connection.
|
