microsoft exam 70-270 preparation guide
TRANSCRIPT
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
1/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
Microsoft exam 70-270 preparation guide
Contents:
Part 1: Getting started with Windows XP ProPart 2: Automating installationPart 3: Upgrading to Windows XPPart 4: Configuring Windows XP Pro environmentPart 5: Managing the DesktopPart 6: Managing users and groupsPart 7: Managing securityPart 8: Managing disksPart 9: Accessing files and foldersPart 10: Managing network connectionsPart 11: Managing printingPart 12: Dial-up networking and InternetPart 13: Optimizing Windows XP ProPart 14: Performing system recovery
Preface
have written this short preparation guide as a way for myself to ease studying for the Mcirosoft 70-270 exam titled: "Installing,configuring and administrating Microsoft Windows XP Professional". I provide this guide as is, without any guarantees, explicit or imp
as to its contents. You may use the information contained herein in your computer career, however I take no responsibility for anyamages you may incur as a result of following this guide. You may use this document freely and share it with anybody as long as yo
provide the whole document in one piece and do not charge any money for it. If you find any mistakes, please feel free to inform me ahem Tom Kitta. Legal stuff aside, let us start.
Guide version 0.12 last updated on 24/05/2004
Part 1: GettingstartedwithWindowsXP Pro
1.1] Windows XP Professional hardware requirements
Processor minimum P233, recommended PII 300
RAM minimum 64Mb, recommended 128Mb
Disk Space minimum 1.5Gb, recommended 2Gb
Network needed if installing using itDisplay minimum SVGA 800x600 or better
Peripheral devices: keyboard and mouse (or other pointing device)
CD-ROM or DVD-ROM if installing from CD, recommended 12x or faster
Floppy drive if you intend to use ASR (Automated System Recovery)
Windows XP Professional supports up to 2 CPUs, while Windows XP Home edition supports only 1 CPU, there are not otherhardware requirement differences between Windows editions
1.2] Windows XP Professional install steps
Collecting information
Insert Windows XP CD and reboot the PC
Setup program starts when you boot from the CD. Press F6 for third party disk driver, F2 for automatic recovery
A welcome dialog box appears, press enter to install XP, R for repair of XP installation, F3 to quit
Licensing agreement, F8 to accept, ESC to refusePartitions screen appears
Copying of setup files
Remove CD and reboot PC
Installing Windows
Regional settings, choose locale (numbers, currencies, dates and times view options) and keyboard layouts
User name and organization screen
Product key screen, 25 character key
Computer name
up to 15 bytes for NetBIOS compatibility
1 byte is 1 character in most languages (2 in say Chinese)
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
2/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
FQDN has a limit of 155 bytes for DC in Windows 2000/2003 (255 bytes in NT 4.0)
Computer name has a limit of 63 bytes
Computer name has to be unique on the network
Administrative password
If you have a plug and play modem, you set it up now
Date and time
Network settings
Work group name or domain affiliation
Automated finishing tasks
1.3] Install optionsFor clean install/upgrade on computers running win 3.x or DOS (16 bit systems) use winnt.exe
For install/upgrade on computers running 32 bit OS use winnt32.exe
1.4] After installation
The default network setup is for the Windows XP to be a DHCP client
You need to activate your product within 30 days unless you have corporate licence
After 30 days you will not be able to logon to your PC without activation if you log out or restart your PC (you will still be able toaccess your PC in safe mode without network support)
Activation can be done over the phone or online
There are three log files created after installation
%systemdir%\setupact.log - installation actions log
%systemdir%\setuperr.log - errors that occurred during installation
%systemdir%\netsetup.log - network related log (like domain joining)
1.5] Support for multiboot
Windows XP will configure multiboot automatically if it detect compatible OS (i.e. Microsoft OS) and you are using clean installoption
Do not use dynamic disks or NTFS if the other OS doesn't support it
Windows XP will not be able to read volumes compressed with Windows NT4 compression
1.6] Joining a domain
You can pre-authorize a computer in the AD
Or, you can enter user name and password of the domain user that has 'Add computers to the domain' permission to add compto the AD
1.7] Laptop special Windows XP features
Credential manager
Clear type
Hot docking
1.8] Other points
Hardware compatibility list (HCL) http://www.microsoft.com/hcl/ now Windows catalog http://www.microsoft.com/windows/catalo
If hardware is not found in the Windows catalog you will not get any support from Microsoft
BIOS is preferred with ACPI (Advanced Configuration and Power Interface) functionality, APM (Advanced Power Managementthe API for ACPI hardware
If you are upgrading from Windows 98/Me checks whatever there are drivers for your hardware, since 98/Me drivers are VxDs(virtual device drivers) and don't work on Windows XP
You can upgrade from Windows 98/Me/NT4/NT3.51/2000 Pro (due to a bug win95 will qualify as upgrade media but only for cleinstall)
System partition is the location of the files that are needed for Windows XP to boot, vary little space, default is the active partit
Boot partition is the location of Windows XP OS (all files)
Note that Microsoft changed the default directory for installation from WINNT to WINDOWS
Installation files are in \I386 directory on the CD
WFP - Windows file protection is used to protect Windows system DLL files from modification, files are stored in %SystemRoo\System32\Dllcache
Sfc.exe - scans and verifies the versions of all protected system files when the computer is booting
Dynamic update runs during installation of Windows XP. You can disable it with /dudisable switch of winnt32, /duprepare:pathnto prepare network share for dynamic update files, /dushare:pathname to specify network share with dynamic update files.
Part 2: Automatinginstallation
2.1] Types of automated installation
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
3/28
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
4/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
After you copy the installation image to the destination PC a mini wizard runs (unless you have an answer file)
Sysprep modes:
Audit: allows for the verification of hardware and software installation by a system builder while running in factory floor moAudit boots allow a system builder to reboot after factory floor mode has completed its automated pre-install customizatioorder to complete hardware and software installation and verification, if necessary.
Factory: allows for the automated customization of a pre-install on the factory floor by using a Bill of Materials file to automsoftware installations, software, and driver updates, updates to the file system, the registry, and INI files such as Sysprep.iThis mode is invoked via the "sysprep -factory" command.
Reseal: is run after an original equipment manufacturer (OEM) has run Sysprep in factory mode and is ready to prepare tcomputer for delivery to a customer. This mode is invoked via the "sysprep -reseal" command.
Clean: Sysprep will clean the critical device database. The critical device database is a registry listing of devices and servthat have to start in order for Windows XP to boot successfully. Upon setup completion, the devices not physically presentthe system are cleaned out of the database, and the critical devices present are left in tact. This mode is invoked via the"sysprep -clean" command.
2.5] Unattended installation
With this method you use a distribution server or Windows XP installation CD on it to install Windows XP on target PC
The distribution may have answer file
The target computer must be able to connect to the distribution server over the network (if used)
End user interaction levels:
Fully automated installation
GUI attended installation
Read only installation
Hide pages installationProvide defaults installation
2.6] Installing applications with Windows Installer Packages
Microsoft installer (MSI) files - provided by software vendor
Repackaged application (MSI) - do not include native Windows installer packages, used to provide applications that can becleanly installed
ZAP files - used when you don't have MSI files and install applications using native setup program
MSP files (modification files) - provide paths to installed Microsoft software, must be assigned to MSI file at deployment
Windows installed packages work as
Published applications - not advertised, can be installed through Add/Remove programs. They can also be installed throopening of a document that uses uninstalled published application.
Assigned applications - advertised through programs menu, installed next time user starts the PC, before log on prompt
appearsPlease note that Windows Installer packages cannot be published to computers in Windows XP, all other options are OK, i.e. yocan assign applications to computers and assign/publish applications to users
You can create your own MSI files using VERITAS Software Console orWinINSTALL LE Discover
You create GPO for MSI package which is to be published or assigned. If it is for a user, User Configuration\Software Setting\Software, if it is a computerComputer Configuration\Software Settings\Software
Using AD you can uninstall old application, upgrade on top of old application. Computers can accept only mandatory upgrades,users support both optional and mandatory upgrades.
If you have multiple versions of the same software, you will need to configure install order and/or whatever it is a mandatory inst
You need AD to deploy packages which are found on a share on a file server
Msiexec.exe - provides the means to install, modify, and perform operations on Windows Installer from the command line. Forexample you can force end user to enter CD key for the software that is being installed
Part 3: Upgradingto WindowsXP
3.1] Upgrade general points
You can upgrade from Windows 98/Me/NT4/NT3.51/2000 Pro (Windows Home edition can upgrade from only 98/Me/2000) Theis a bug on the CD allowing a clean install provided Windows 95 CD.
Choose upgrade if you want to keep existing applications and preserve current local users and groups
Clean install will allow you to multiboot
Upgrade from Windows NT/2000 Pro is easier than from 98/Me due to their similarity to XP
You can generate Windows XP compatibility report winnt32 /checkupgradeonly
Upgrade your BIOS so you can use advanced power futures and device configurations
Before the upgrade remove or disable any client software like virus scanners or network services
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
5/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
If older applications fail to run on Windows XP due to security issues, use compatws.inftemplate
Upgrade of Windows 98/Me can be undone using osuninst.exe or through add and remove programs control panel
For upgrade you have a choice ofExpress upgrade orCustom upgrade
3.2] Unsupported by upgrade Windows 9x software properties
File system applications
Custom plug and play solutions
Custom power management solutions
Third part disk compression utilities, defragmenters (Windows NT and 2000 as well)
Partitions compressed with DriveSpace orDoubleSpace are not supported
3.3] Migrating user dataUser state management tool (USMT) is used for migration of users from one computer to another
ScanState.exe - collects user data and settings information based on the configuration of the Migapp.inf, Migsys.inf, Miguser.insysFiles.inf
LoadState.exe - deposits information collected on the source computer to a PC running copy of Windows XP. Cannot be usedcomputer that was upgraded to Windows XP.
Supports Windows 95/98/Me/2000 to XP
F.A.S.T.
Files and Settings Transfer Wizard (F.A.S.T.) It is one of the least known new features in Windows XP.
Supports all Windows versions from Windows 95 (with IE4) through Windows XP (XP as destination only)
Can be used as poor man's backup utility, creates a backup files that can be stored to HD or CD-RW
Can move user accounts one at a time, good for single users
Part 4: ConfiguringWindowsXP Pro environment
4.1] Windows image acquisition architecture
WIA is used to manage images between image capture devices and computer software applications
Supported devices
IEEE 1394
USB
SCSI
Devices connected through standard COM port or infrared connection are not supported by WIA
4.2] Support for digital audio and video
Multichannel audio output
Acoustic echo cancellation (AEC)
Global effects (GFX)
4.3] Microsoft Management Console (MMC)
The MMC is an utility used to create, save, and open collections of administrative tools that are called consoles
Access control options for MMC
Author mode - full customization of the MMC console
User mode-full access - as author mode, except that users cannot add or remove snap-ins, change console options, creFavorites, or create taskpads
User mode-limited access, multiple windows - access only to those parts of the console tree that were visible when theconsole file was saved. Users can create new windows but cannot close any existing windows.
User mode-limited access, single window - as 'user mode limited access, multiple windows' but users cannot create newindows
4.4] Installing hardware
Plug and Play support
Non-plug and play devices can be installed using 'Add hardware wizard'
DVDs regional settings can be changed up to 5 times (hardware change, need new DVD-ROM after that)
4.5] Device drivers
Accessed from 'Device manager'
You can update drivers
You can roll back drivers (new in Windows XP)
You can also uninstall driver
Driver signing:
Harmful driver install prevention
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
6/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
HCL - Hardware compatibility list, replaced by Windows catalog
Run d:\i386\winnt32 /checkupgradeonly from Windows XP CD to check hardware compatibility
Command line sigverif.exe is used to check drivers from command line
By default system is set to warn user if he or she is installing unsigned driver (other options are: ignore and block)
Driver signing can also be controlled from GP using object settings for local computer (or computer configuration for domachoices are: Silently succeed, Warn but allow installation and Do not allow installation.
Unsigned driver means that the driver was not tested by Microsoft and is not supported by Microsoft. For most part thesedrivers are still OK
When driver is signed by Microsoft it and the hardware are tested by Microsoft
Some older devices (like CD-ROM etc.) plug into LPT port on the PC. You will need to set LPT port to "Legacy plug and playsupport" on port settings tab for older devices to work.
The easiest way to solve embedded device conflict with an add on device is to disable the on board device. For example, to useon music card, you will need to disable on board music card
Many problems are caused by incorrect drivers, for example graphic card that displays only 800x600 resolution. Update driver tsolve these problems.
Driver.cab on Windows XP CD contains all original Windows XP drivers
4.6] Multiple display support
To avoid flickering monitor resolution should be set to at least 72Hz
Maximum of 10 monitors per PC
When you install 2nd video card the build into the motherboard card gets disabled and new card becomes primary display adap
Secondary adapter has to support multiple-displays
4.7] Computer power statesComplete shutdown of PC
Hibernation - saves all of the desktop state into a file which uses as much HD space as there is RAM in the system, to go backactive mode press power button
Standby (three levels on ACPI compliant PC)
Level one turns off the monitor and hard drives
Level two turns off the CPU and cache as well
Level three turns off everything but the RAM
Fully active PC
You configure standby through the Power options in Control panel, Level 2 and 3 of standby are only available if universal powesupply (UPS) has been configured
Through power options you can also configure alerts when system is running on battery power and behaviour of power button
4.8] PCMCIA (Personal Computer Memory Card International Association) CardsType I cards - are up to 3.3mm thick. Used for adding more RAM to the PC
Type II cards - are up to 5.5mm thick. Used for modem and network cards
Type III cards - are up to 10.5mm thick. Used for portable disk drives
4.9] Configuring I/O devices
Through Keyboard properties you can configure typing delay and cursor behaviour as well as keyboard key layout
You need a keyboard in order to install Windows XP
Through Mouse properties you can configure mouse properties such as: speed, buttons, wheel and pointers
USB 2.0 supports up to 127 devices per root hub, up to 5 deep nested external hubs, transfer speeds up to 12Mbps. You can sepower & bandwith usage by checking out root properties.
USB supports two speeds, low and high, which use different cables
USB controllers require that an IRQ be assigned in the computer BIOS. Make sure you have newest BIOS and/or firmware.
Wireless devices, RF - Radio Frequency and IrDA - Infrared Data Association
4.10] Windows registry
Windows registry is a database used by the OS to store system configuration
Regedit is used to edit the registry (regedit32 is just a pointer to that file)
There are five default keys in the Windows registry:
HKEY_CURRENT_USER - for user who is currently logged on the computer
HKEY_USERS - configuration data for all users of the PC
HKEY_LOCAL_MACHINE - computer hardware and software configuration, devices drivers and startup options
HKEY_CLASSES_ROOT - used by Windows explorer for file type to application association, software configuration data OLE (object linking and embedding) data
HKEY_CURRENT_CONFIG - hardware profile that is used during system startup
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
7/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
4.11] Remote desktop
Remote desktop connection = terminal services client
In Windows XP terminal services service is limited to single connection only. Service is disabled by default and has to be enablthrough system properties Remote tab
Remote desktop depends on terminal services service
Windows XP Home Edition does not allow connections to it using Remote desktop, XP Pro allows only one connection
4.12] Remote assistance
Remote assistance is available with all editions of Windows server 2003 and Windows XP
The person assisting the user has a concurrent session with logged in user
Logged in user has to authorize accessYou can send invitation from 'Help and Support' menu. You can send invitations through e-mail using MAPI enabled client,Microsoft messanger or using a file. You need to supply a connection password.
You can also offer remote assistance to others (disabled in GP by default)
You can chat using text or voice, you can send and receive files
HelpAssistant account is used if help is given by another user, support_XXXX account is used if help is given by Microsoft staff
4.13] Services
A service is a program, routine or a process that performs a specific function
Service startup types: automatic, manual and disabled
You can choose the account service uses to log on
When service fails you can choose the OS to do one of the following options
SC.exe used for communication with service control manager
Take no actionRestart the service
Run a file
Reboot the computer
4.14] HAL - hardware abstraction layer
Computer driver which is the interface to BIOS, kernel is build on top of this driver
You can choose HAL during install by pressing F5
Multiple processors - when installing a 2nd processor in a single processor system (UP - uni processor) you will need to updaHAL for the CPU from single CPU to multiple CPU (SMP - symmetric multi processor driver)
Do not upgrade from standard HAL to ACPI (advanced configuration and power interface) HAL and vice versa
4.15] Hardware profiles
Hardware profile consists of a set of instructions that instruct Windows as to which devices to start when computer starts and/o
which settings to use for each deviceBy default you have hardware profile called Profile 1 (for laptops, Docked Profile or Undocked Profile) is created
You can designate a default profile. If you want the default hardware profile to load automatically (without showing you the listduring startup), enter a 0 in seconds under Hardware profiles selection. If you want to see the list anyway press the SPACEBARduring startup.
Windows will ask you which profile to use every time you start your computer if you have more then one profile and you don't spdefault profile with 0 wait time
You can also use hardware profiles as a debuging tool. For example, you can set up profiles that omit the hardware devices yoususpect of being defective.
4.16] Other hardware
Fax service - is used for faxing support, controled through fax applet in control panel when installed
Program compatability wizard - accessed from Accessories, used to run programs in Windows 95, 98/Me, NT4, 2000
compatability mode
Part 5: Managingthe Desktop
5.1] Customizing desktop
You can configure start menu and taskbar through 'Taskbar and Start menu properties'
'Start menu' modifications are done to Windows XP theme, while 'Classic start menu' modifications are done to Windows 2000theme
Display properties
You can select a different theme
You can display web page on your desktop or just a picture(s)
You can set up a screen saver
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
8/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
In appearance you can change many aspect of the choosen theme
In settings you can change aspects of video display adapter
Default Windows XP theme is also known as 'Luna'
Local profile is created when user logs on for the 1st time, consists of following folders: Desktop, NetHood, PrintHood, SendTo,Start Menu, Cookies, Favorites, Application Data
Notification area was previously named system trey
5.2] Multilanguage technology
Unicode - internationall standard that allows support for the characters used in world's most common languages
National language support API - is used to provide information for locale, character mapping and keyboard layout
Multilingual API - used to set up applications to support keyboard input and fonts from various language version of applicationWindows XP stores all language specific information in separate files from the OS files
5.3] Multilanguage support
Support for two technologies
Multilangual editing and viewing which supports multiple languages while user is viewing, editing and printing documents
Multilanguage user interface
Localized Windows XP - include fully localized user interface for the language that was selected. This version allows user to vedit and print documents in more than 60 languages. There is no support for multilangual user interface.
Multilanguage Windows XP - provides user interfaces in several different languages. You will need to install the following files
Language groups - contain fonts and files needed to process specific language
Windows XP multilanguage version files - contain language content required by user interface and help files, can be up45Mb in size
Use muiseteup.exe to setup default user interfaceMultilanguage version of Windows XP is not available in retail, need Windows volume licensing
On localized version of Windows XP you configure multiple languages through 'Regional and language options'
5.4] Accessability options
Configured through 'Accessability options' in control panel
Keyboard settings:
StickyKeys - allows user to enter key combinations one key at a time
FilterKeys - ignores brief repeated keystrokes
ToggleKeys - user hears tones when togling CAPS LOCK/NUM LOCK/SCROLL LOCK
MouseKeys - allows you to use the numeric keypad to control the mouse pointer
ShowSounds - instructs programs that convey information by sound to also provide information visually
SoundSentry - allows you to change settings to generate visual warningsYou can also set the time after which options are turned off and when they are turned on (like on user log on)
5.5] Accessability utilities
Accessability wizard - adjust PC based on users vision, hearing and mobility needs
Magnifier utility - makes portion of the screen bigger for easier viewing
Narrator utility - employes text-to-speech technology to read the contents of the screen
On screen keyboard - has three different modes:
Clicking mode - user clicks the on-screen keys to type text
Scanning mode - on-Screen keyboard highlights areas where you can type characters
Hovering mode - use a mouse or joystick to point to a key for period of time to type character
Utility manager- start and stop accessability utilities, can start/stop utilities on user log on or when PC is locked
Part 6: Managingusersand groups
6.1] Built-in Accounts
Administrator- full control over the PC, even if disabled can be accessed from safe mode, password provided suring setup
Guest - for users that don't have username and password on the system, disbled by default
Initial user- uses the name of the registered user and exists only if the computer is member of a workgroup not a domain, bydefault member of the administrative group
HelpAssistant - new in Windows XP, used together with remote assistance
Support_xxxxxxx - used by Microsoft for help and support services, disabled by default
6.2] Logging on
There are two type of users, local and domain
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
9/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
Local user credential are compared to local security database, domain user credentials are checked agains active directory stoon domain controller
When user logs onto the system an access token is created
Local user credentials cannot be used to access network resources
6.3] Managing users
You manage users through 'Local users and groups' MMC that can be accessed in two ways
Custom MMC
By right clicking on My computer and selecting 'manage'
User account consist of:
Name and passwordSID (security identifier) - consists of a domain SID, which is the same for all SIDs created in the domain, and a RID, whichunique for each SID created in the domain. SIDs are unique in the network.
Can have other attributes, like group membership
User names can be up to 256 bytes (characters) long and must be unique (different than other user names and group names)
User names cannot contain *{}\/:;,=|+?" and cannot be made of spaces and periods alone
User names are not case sensitive but passwords are
You can create users using net user
You have following user options:
User name (required field)
Full name (by default same as user name)
Description
Password textbox (up to 127 bytes (characters), 15 for NTLM)Confirm password textbox
User must change password at next logon checkbox
User cannot change password checkbox
Password never expires checkbox
Account is disabled checkbox
You can set the following user properties
User profile path - stored in 'Documents and settings\%username%' folder, contains user preferences, and file ntuser.daWindows NT 4.0 the path was \%systemdir%\profiles\%username%
Logon script - files that are run every time user logs into the PC
Home folder- is where users commonly store their personal files and documents
Password reset disk - use when user forgot their password. If you just reset the user password access to encrypted data will blost.
Mandatory profiles can only be used with roaming profiles, they don't work with local profiles. Mandatory profiles can only be seby an administrator
You can copy profiles using 'User profiles' tab of 'System properties'
UNC path - is in the format //computer_name/share_name
Renaming an account maintains all group membership, permissions, and privileges of the account. Copying a user accountmaintains group membership, permissions, an privileges assigned to its groups, but doing so does not retain permissionsassociated with the original user account. Deleting and re-creating an account with the same name loses all group membershippermissions.
6.4] Build-in local groups
Administrators - full control over the PC
Backup operators - can only access file system through backup utility
Network configuration operators (new) - network settingsGuests - limited privileges
Power users - can add/remove users, create non-administrative shares, manage printers, start and stop services that are notstarted automatically
Remote desktop users (new) - members can logon remotely
Replicator- for directory replication used by domain servers
Users - run programs, print stuff, nothing special
HelpServices (new) - support through Microsoft Help services
6.5] Special groups
Special groups are used by the system. Membership is automatic based on special criteria. You cannot manage these groups
Creator Owner- the account that created or took ownership of an object
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
10/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
Creator- the group that created or took ownership of an object
Everyone - everyone that can possibly be accessing the PC, doesn't include the anonymous group
Interactive - users who use resources interactively (locally)
Network - users who access resources over the network
Authenticated users - users who access the PC using valid user name and password
Anonymous logon - users who access the PC through anonymous logon
Batch - user accounts that are only used to run a batch job
Dialup - users that logon to the network through dialup connection
Service - user accounts that are used only to run a service
Local System - a system processes that uses resources as users are members
Terminal server users - users who logon through terminal services
6.6] Managing groups
Groups can be up to 256 bytes (characters) long, have to be unique and cannot contain '\'
Groups are used to manage and organize users. Add users to a group and then assign permission to the group
Part 7: Managingsecurity
7.1] Policies
Configured through 'Local computer policy' group policy, gpedit.msc MMC
Account policies are used to control logon procedures. If you want to control user after logging on, use local policies
Local policies are made up of
Audit policy - disabled by default
User rights assignment - too many to list here, see explanation underneath
Security options - also too many to list
Local policies are set for all users of the computer, you cannot single users out (you need AD for that)
7.2] Password policy settings
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Complexity requirement
Store passwords using reversible encryption
7.3] Account lockout policyAccount lockout duration
Account lockout threshold
Reset account lockout counter after X minutes
7.4] Enabling auditing for files, folders and printers
You will need to enable auditing forobject access policy
And you also need to enable auditing for individual files and folders through NTFS security or through printer security
Auditing data is placed into security log
7.5] Auditing
Account logon events - success or failure of domain logon
Account management - events such as resetting passwords and modifying user properties
Directory services - any time user access AD an event is generated
Logon events - success or failure of local logon or logon to a share
Object access - file, folder or printer access
Policy change - success or failure of change of security options, user rights, account policies and audit policies. Both domain alocal PC changes are tracked.
Process tracking - useful for applications
System events - system events such as shutting down PC or clearing the logs
7.6] User rights
Administrators can assign specific rights to group accounts or to individual user accounts. If a user is a member of multiple grouthe user's rights are cumulative, which means that the user has more than one set of rights. The only time that rights assigned toone group might conflict with those assigned to another is in the case of certain logon rights.
There are too many user rights to list
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
11/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
There are two types of user rights:
Privileges, such as the right to back up files and directories
Logon rights, such as the right to logon to a system locally
7.7] Security options
Security option policies are used to configure security for the computer
These policies are applied to the computer, not to users and groups
Security options are edited through computer part of 'Group policy editor' GP object 'Local computer policy' MMC
Security options can also be viewed with secpol.msc
There are too many security options to list
7.8] Security templatessecedit.exe is used to compare and analyzes system security by comparing your current configuration to at least one template
Security templates are stored in %systemroot%\security\templatesfolder
Setup security.inf- default settings
Compatws.inf- used for backwards compatibility, so applications not certified for Windows XP can work
Secure*.inf- implements recommended security in all areas except files,folders and registry keys
Hisec*.inf - high security network communication, Windows XP can communicate only with other XP or 2000 computers
Rootsec.inf- new root permissions introduced in XP are going to be applied
Notssid.inf- removes default permissions granted to terminal server SID
7.9] Using local group policies
Normally GP are applied through AD, but they can also be applied locally
When you use local group policies there can only be one GP objectPolicies that have been applied through AD will take precedence over any local group policies
You administer local GP through Local group policy object (gpedit.msc)
Rsop - resultant set of policies is the final set of policies that is applied to the user and computer. Use gpresult to display Rsop current user in command line format. Use rsop.msc to start Microsoft management console that displays Rsop.
7.10] Using group policies with AD
When a DC is present you can have GPO in AD, they are stored in %systemroot%/Sysvol folder on every DC by default
When user logs into active directory, this is the order of policy application:
Local computer
Site (group of domains)
Domain
OU (organizational unit)
The following options are available for overriding the default policy applicationNo override - enforce policy inheritance, you force all child policy containers to inherit the parent's policy, even if that policconflicts with the child's policy and even if Block Inheritance has been set for the child. This option is used by corporationswant to have corporate level security and don't want low level administrators to be able to override it. To set no override opopen properties screen of domain or OU in the GPO Links list, r-click the GPO link that you want to enforce, click No Overr
Block inheritance - used if you don't want to inherit GP settings from parent containers. You can block policy inheritance the domain or OU level by opening the properties dialog box for the domain or OU and selecting the 'Block Policy inheritacheck box
Group Policy is not inherited from parent to child domains, i.e. blah.boom.com does not inherit from boom.com
The smallest unit you can apply GP to is an organizational unit (OU)
7.11] Other security issues
Both Windows XP Pro and Home Edition allow user accounts to utilize blank passwords to log into their local workstations, althin XP Pro, accounts with blank passwords can no longer be used to log on to the computer remotely over the network
In XP Home Edition all user accounts have administrative privileges and no password by default
Windows XP Home Edition will not allow you to disable the Guest account. When you disable the Guest account via the ControlPanel, it only removes the listing of the Guest account from the Fast User Switching Welcome screen, and the Log on Local righThe network credentials will remain intact and guest users will still be able to connect to shared resources.
The "Everyone" group has access to Printers assigned by default
Remote desktop is not enabled by default on Windows XP Pro
Part 8: Managingdisks
8.1] File systems
FAT 16 bit (File Allocation Table)
FAT 32 bit
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
12/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
NTFS (New Technology File System)
To convert from FAT to NTFS use: convert x: /fs:NTFS. You cannot use convert to convert to other file systems.
8.2] Disk drives
SCSI 15000RPM, 20Mbps transfer
IDE 7200RPM, 16.7Mbps transfer
SATA (similar to IDE)
Both SCSI and SATA support up to 15 drives on a single controller
IDE drives have 'cable select' option on them which automatically determines master and slave. It is best practice to manually sjumpers for master and slave.
8.3] ARC path designation (Advanced RISC computing)ARC dates back to NT 3.5 days (in the form presented here, otherwise NT 3.1)
The file boot.ini is used to find '\windows\' directory
Bootcfg.exe configures, queries, or changes Boot.ini file settings
Msconfig can be used to change system startup options including modification of boot.ini
Please note that Microsoft has changed the default install directory from WINNT to WINDOWS for Windows XP. For upgradeswill still use WINNT directory.
Multi
Identifies the controller physical disk is on
Multi(x) syntax of the ARC path is only used on x86-based computers
For IDE or pure SCSI disks when OS is on the 1st or 2nd SCSI drive
The Multi(x) syntax indicates to Windows NT that it should rely on the computers BIOS to load system files. This means th
the operating system will be using interrupt (INT) 13 BIOS calls to find and load NTOSKRNL.EXE and any other files needto boot Windows NT.
Numbering starts at 0, for example Multi(0), due to technical reasons it should always be 0
In a pure IDE system, the Multi(x) syntax will work for up to the 4 drives on the primary and secondary channels of a dual-channel controller
In a pure SCSI system, the Multi(x) syntax will work for the first 2 drives on the first SCSI controller (that is, the controllerwhose BIOS loads first)
In a mixed SCSI and IDE system, the Multi(x) syntax will work only for the IDE drives on the first controller
SCSI
Identifies the controller physical disk is on
The SCSI(x) syntax is used on both RISC and x86-based computers
Using SCSI() notation indicates that Windows NT will load a boot device driver and use that driver to access the boot part
On an x86-based computer, the device driver used is NTBOOTDD.SYS, on a RISC computer, the driver is built into thefirmware
Numbering starts at 0, for example SCSI(0)
Windows NT Setup always uses Multi(x) syntax for the first two drives
Disk
Identifies the physical disk attached to controller
0 if Multi(x) present, Disk is only for SCSI
For SCSI value of Disk(x) is the SCSI ID and can be 0-15 Note: one channel is always reserved for the controller itself
Numbering starts at 0, for example Disk(0)
Rdisk
Identifies the physical disk attached to controller
Almost always 0 if SCSI(x) is present, Rdisk is for Multi(x), ordinal for the disk, usually number 0-3
Numbering starts at 0, for example Rdisk(0)
Partition
Refers to the partition on the hard disk where Windows system folder is located on
All partitions receive a number except for type 5 (MS-DOS Extended) and type 0 (unused) partitions, with primary partitiobeing numbered first and then logical drives
A partition is a logical definition of hard drive space
Numbering starts at 1, for example Partition(1)
Signature
Used when system BIOS or controller hosting the boot partition cannot use INT-13 Extensions
The signature() syntax is equivalent to the scsi() syntax
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
13/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
Using the signature() syntax instructs Ntldr to locate the drive whose disk signature matches the value in the parenthesesmatter which SCSI controller number the drive is connected to
The signature() value is extracted from the physical disk's Master Boot Record (MBR)
8.4] Easy way to memorize ARC
There are 5 letters in the word 'Multi' and 5 letters in the word 'Rdisk'
There are 4 letters in the word 'SCSI' and 4 letters in the word 'Disk'
'SCSI' works together with 'Disk' while 'Multi' works together with 'Rdisk'
When system uses Multi(x) it uses BIOS INT-13 Extensions, so on board BIOS has to be enabled
8.5] Disk Management MMC snap-in
To activate: start -> all programs -> administrative tools -> computer management -> disk management tree nodeAnother ways is to r-click on My computer and select 'manage' from the list
Finally you can just create a custom MMC snap in
Using disk management, among other things, you can:
Initialize new disks
Create new volumes and partitions
If you r-click and select properties -> general tab you can see location heading with a number. That number is the ARC number the HD.
If you need a disk formatted in FAT or FAT32 you cannot do it from disk manager, you need to use: format x: /fs:FAT32 NoteWindows can format FAT 32 disks up to maximum of 32Gb but can read higher capacity drives
DiskPart.exe - you can create scripts to automate tasks, such as creating volumes or converting disks to dynamic.
Fsutil.exe - perform many NTFS file system related tasks, such as managing disk quotas, dismounting a volume, or querying
volume information.Mountvol.exe to mount a volume at an NTFS folder or unmount the volume from the NTFS folder.
8.6] Remote management
Computer management is not just for the local machine, you can also manage other PCs, to activate r-click on computermanagement (local) and select 'connect to another pc'
By default Domain Admins are part of local administrators group and you need these right to connect and administer remote PC
If you cannot access Device Manager from the Computer Management extension snap-ins on a remote computer, ensure that tRemote Registry service is started on the remote computer.
Computer Management does not support remote access to computers that are running Windows 95.
In remote management 'Device Manager' is in read only mode
8.7] Basic Disks
Primary partition is the only one that is bootable and there is a maximum of 4 primary partitions
Extended partitions are not bootableLogical drives are created in extended partitions. There are no limits as to the number of logical drives each extended partitionmay have.
Primary partitions and logical drives are assigned drive letters
Basic Disk FAT is located on the first sector of the hard disk; space is shared with the MBR
8.8] Dynamic disks
Fault tolerance better than basic disks, due to multiple storage places for information. 1Mb database is placed at the end of eacphysical hard disk containing information about all dynamic disk located in this particular system, this creates multiple storagespaces of the same data.
Can be one of the following:
Simple volume:
Single disk
No fault toleranceCan be NTFS or FAT
Spanned volume:
maximum of 32 disks
Cannot extend spanned volumes, need to delete and recreate
No fault tolerance
Mirror volume:
Also known as RAID 1
Windows XP Pro does not support mirror volumes
Can be NTFS or FAT
Fault tolerance, data is the same on both disks
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
14/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
To replace the failed mirror in a mirrored volume, right-click the failed mirror and then click Remove Mirror, and thenright-click the other volume and click Add Mirror to create a new mirror on another disk
Variation of mirroring called duplexing uses HD connected to different controllers for even more fault tolerance
Striped volume:
Also known as RAID 0
Maximum of 32 disks
Breaks data into 64Kb chunks for writing to different disks that make up the stripe
It is recommended to use same type of hard drives for member drive
Windows XP cannot be installed on software RAID 0
You cannot extend striped volume, need to recreate itNo fault tolerance
RAID 5:
Made up of three disks with each storing parity information
Fault tolerance when one disk fails
Maximum of 32 disks, minimum of 3
Not available in Windows XP professional
To replace the failed disk region in a RAID-5 volume, right-click the RAID-5 volume and then click Repair Volume
Only in Windows XP Professional, Windows 2000 Professional and Windows 2003 server (all editions) you can use dynamic di
Note: if disk fails for which ARC path is in boot.ini system will not boot. You should have a disk with modified boot.ini
Mounted volumes - can mount HD as a NTFS folder
Uninstall disks prior to moving them, Re-scan disk when you attach it
Dynamic disks can be re-configured without re-boot
When your boot disk is also a dynamic disk, then you will not be able to dual boot into OS that is not dynamic disk capable
Dynamic disks are not supported on laptops due to luck of advantage over basic disks in this scenario
Dynamic disk partition table types:
dynamic GUID partition table (GPT) disks, for 64bit editions of Windows
dynamic MBR disks, for 32 and 64bit editions of Windows
The Foreign status occurs when you move a dynamic disk to the local computer from another computer
You can have a maximum of 2000 volumes on a dynamic disk, recommended maximum is 32
Volumes created after the 26th drive letter has been used must be accessed using volume mount points
Hard drives that are connected to the Pc using USB or IEEE 1394 can not be converted to dynamic volumes
Extending simple volume:
Similar to spanned volume but uses the same physical HD with simple volumeYou can extend a simple volume only if it does not have a file system or if it is formatted using the NTFS file system. You need free space on HD and the volume could not have been originally a basic disk partition.
You cannot extend volumes formatted using FAT or FAT32
You cannot extend a system volume, boot volume, striped volume, mirrored volume, or RAID-5 volume
8.9] Volume status descriptions
Failed - basic or dynamic volume cannot be started automatically or the disk is damaged
Failed Redundancy - data on a mirrored or RAID-5 volume is no longer fault tolerant because one of the underlying disks is noonline, has substatus information
Formatting - occurs only while a volume is being formatted with a file system
Healthy - normal volume status on both basic and dynamic volumes, no known problems, has substatus information
Regenerating - occurs when a missing disk in a RAID-5 volume is reactivated
Resynching - occurs when creating a mirror or restarting a computer with a mirrored volumeUnknown - occurs when the boot sector for the volume is corrupted
Data Incomplete - displayed in the Foreign Disk Volumes dialog box, and occurs when data spans multiple disks, but not all of disks were moved.
Data Not Redundant - displayed in the Foreign Disk Volumes dialog box when you import all but one of the disks in a mirrored RAID-5 volume
Stale Data - displayed in the Foreign Disk Volumes dialog box, and occurs when a mirrored or RAID-5 volume has stale mirrorinformation, stale parity information, or I/O errors
8.10] Converting to dynamic disk and back to basic disk
If you convert a boot disk, or if a volume or partition is in use on the disk you attempt to convert, you must restart the computer fothe conversion to succeed.
The conversion may fail if you change the disk layout of a disk to be converted or if the disk has I/O errors during the conversion
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
15/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
After you convert a basic disk into a dynamic disk, any existing partitions on the basic disk become (dynamic) simple volumes.
If you are using shadow copies and they are stored on a different disk then original you must first dismount and take offline thevolume containing the original files before you convert the disk containing shadow copies to a dynamic disk.
If you are converting disks form dynamic to basic the disk being converted must not have any volumes on it nor contain any datbefore you can change it back to a basic disk. If you want to keep your data, back it up before you convert the disk to a basic dis
8.11] Disk quotas
Disk quota applies to everyone using the volume except administrators
Remember that every user needs few Mb (min 2) for storage of the profile which is needed for logging in
Quota entry can be created per user but not per group, only volumes and users have quota entries
Quota limit is calculated using the uncompressed file size, thus compressing files will not create more space
The default quota entry is for all users of given volume. You can add additional quota entries on per user basis only.
Once again, quota entries are per user per volume, no groups are allowed.
Remember that once a user uses a volume with quota set on it an entry is automatically added. Thus, if you had a general entryall users and later on some users run out of space and need more you modify quota entries not add new ones.
Disk quota is only applied to the files that are being added after the quota entry got created, it doesn't apply to files that were alrethere
Each file can contain up to 64kb of metadata that is not applied towards users quota limit
Fsutil is used to manage quota from command line
To free some space run disk cleanup, from command prompt: cleanmgr.exe (note it doesn't clear internet temporary files)
8.12] Defragmenting
You will need at least 15% of free HD space in order to defragment
You may need to repeat the process several times in order to achieve planned resultsDefragmenting should be done on every volume every 1 to 2 months
You cannot schedule defragmenting task (unless you use custom scripts)
Windows defragmenter works with FAT16, FAT32 and NTFS
On modern computer systems that use NTFS and don't use the file system extensively (desktops) the benefits of defragmentinghard drive are measurable but not noticeable for the end user. Thus defragmenting is only significant performance tool for fileservers.
8.13] Encryption:
Only users who created the files, users whom owner gave access to view the file (new in Windows XP, additional users need toalready be issued certificates) and recovery agents can decrypt the file
When moving encrypted file from one volume to another volume, it stays encrypted. When copying file it also stays encrypted. Tbehaviour is unique for encryption!
Note that user which has NTFS permissions to an encrypted file can delete that file, even if he/she cannot view that file. They c
also move the file around on the same NTFS volume (different volume would mean a copy operation and possible decryption).Cannot encrypt and compress at the same time (due to encryption process using pseudo random salt which cannot be furthercompressed due to its nature)
You can zip 1st using winzip or other 3rd party compression tool, then encrypt to get encrypted and compressed file
Executable file cipher.exe is a command line encryption utility
By default, the recovery agent is the Administrator account on the 1st DC, there is no default for stand alone server/workstation
For encryption property, moving/copying a file to a FAT system decrypts file without warning
It is recommended to store recovery agent certificate on a floppy disk in secured location. It is also recommended to copy their fto be recovered to the recovery agent PC where it will be recovered.
User needs correct certificate to perform action on a file that would result in that file being decrypted
8.14] How EFS (encrypted file system) works
When the user chooses to encrypt a file, a file encryption key is generated
This encryption key, together with encryption algorithm is used to encrypt the contents of the file
The file encryption key is encrypted itself using user's public key and stored together with the encrypted file. The file encryptionis also protected by the public key of each additional EFS user that has been authorized to decrypt the file and each recovery ag
File can only be decrypted by using user's private key, by using private key of users given permission to view the file and privatkey of recovery agent
Private/public pair is created using user's certificate
On stand alone machines user's certificate is created the 1st time he or she tries to encrypt a file
For domain user certificate is issued by the certification authority - user needs permission to get a certificate
Files marked with the System attribute cannot be encrypted, nor can files in the systemroot directory structure.
Before users can encrypt or decrypt files and folders that reside on a remote server, an administrator must designate the remotserver as trusted for delegation.
If you open the encrypted file over the network, the data that is transmitted over the network by this process is not encrypted.
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
16/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
Users can use EFS remotely only when both computers are members of the same Windows Server 2003 family forest
Encrypted files are not accessible from Macintosh clients
Encrypting File System (EFS) no longer requires a recovery agent
8.15] Compression (NTFS)
When you compress a whole folder:
All files are compressed automatically when added but not current folder occupants
OR
Compression can also be applied to current files and subfolders
Decompression is a reverse process of compression
Moving a file on the same volume means that the file location is moved in MFT only, not the physical file itself.When you copy a file, no matter whatever on the same volume or not, the destination file will inherit the destination folder'spermissions
When you move a file on the same volume, it keeps its original permissions. When you move a file to another volume, the movetreated as a copy operation and the file permissions are inherited from the destination folder.
All file attributes behave in the same way with the exception of encryption
File compression is supported only on NTFS volumes with cluster sizes 4 KB and smaller
For command line use compact.exe, it can display and modify compression attributes but it works only on NTFS
Part 9: Accessingfilesand folders
9.1] General folder options
General folder options:
Windows classic or web content in the folders
Whatever foldersare openedall inthesamewindowor separatewindows
Opening with single or double mouse click
Folder view options:
Configure things that you see once you open files and folders
There are too many options to list
File type options are used to associate file extensions with application file types
9.2] Offline folder options
Offline folder options, you can store network files offline
On the client side:
The first step is to enable (enabled by default) offline file support on the client under Folder options -> Offline files and is
available only on Windows XP and aboveIn the folder options for offline files you can set:
You can set synchronization options: manually synchronize, automatic synchronization (log on or log off) and remindat certain time intervals
You can also set up an option for how much disk space will be used for temporary network files and whatever thesebe encrypted
When offline files are enabled connect to a shared folder, right click it and select 'Make available offline' this will bring settdialog box and start synchronization
When the folder is set up as available offline when you right click on it you will have an option to synchronize
Folders that are synchronized appear with a small blue arrow pointing down in the lower left corner of the folder icon
On the server side:
SMB are used for communication between networked computers, for offline file sharing any SMB PC will do as a server
You can disable and enable (default) client's ability to use offline content by changing the options in Share properties ->Caching on the server computer
9.3] ACL - access control list
Every object in AD (and on a stand alone PC) has ACL
ACE - access control entries
ACL is a list of ACEs. Each ACE has deny or accept action and an associated SID (security identifier).
The process of checking user access is preformed in this way:
User SID is checked against ACE on ACL list of the resource user wants to access
Also groups that the user belongs to (group SID) is checked against ACE in ACL
If there is no entry, then access is denied
Accept if ACE = SIDs in ACL and associated ACE action is accept
Windows resolves SID and presents name as ACE
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
17/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
Deny right takes precedence over allow right in group and user security context. This is true even for Administrator and obowner.
9.4] General NTFS permissions forfiles
Read
List files attributes
Read data in the file
Read permissions
Write
Change file attributes
Create new files and write data to filesAppend data to files
Read and execute = 'Read' + execute file permission
Modify = 'Read and Execute' + 'Write' + delete permission
Full control = all of above permissions + 'Change Permissions' permission + 'Take Ownership' permission
9.5] General NTFS permissions forfolders
Read
List folder attributes
List folder
Read permissions
Write
Change folder attributes
Create folders
Read and execute
Modify = 'Read and Execute' + 'Write' + delete permission
List folder contents (only permission for a folder)
Traverse folders
List the contents of a folder
See folder's or file attribute
Full control = all of above permissions + 'Change Permissions' permission + 'Take Ownership' permission
9.6] Share permissions
Only applicable for folders, no share permissions for files
Read = read file data, file names and subfolder names + execute (default assigned to everyone group)
Change = read permission + delete files and subfolders + writeFull control = all of above permissions + change of share permissions right only
Share permissions do not apply to users that are logged into the OS interactively (i.e. locally)
NTFS general permissions always apply, even for a share i .e. user needs two read permissions in order to access a file over thnetwork
Use NTFS permissions to tighten security
To add share form command prompt: net share 'folder name'='path'
To delete share form command prompt: net delete 'folder name'
To connect to a share from command prompt use: net use \\computer_name\share_name
When a share name ends in $ it is hidden and cannot be browsed to, full name needs to be typed in
Share permissions are not included in a backup or restore of a data volume
Share permissions do not replicate through the File Replication serviceWhen both NTFS and share permissions are applied to a resource the system looks at the effective permissions for NTFS andshare permissions and applies to the object the most restrictive set of cumulative permissions
Be default, simple file sharing is enabled in Windows XP if you are not connected to a domain. Therefore, the Security tab andadvanced options for permissions are not available. In Windows XP Home edition you have to use simple file sharing.
You can not disable simple file sharing in Microsoft Windows XP Home Edition, in Windows XP Pro you use folder options todisable simple file sharing
9.7] Explicit permissions and inherited permissions for files and folders
There are two types of permissions: explicit permissions and inherited permissions.
Explicit permissions are those that are set by default when the object is created, by user action.
Inherited permissions are those that are propagated to an object from a parent object. Inherited permissions ease the task ofmanaging permissions and ensure consistency of permissions among all objects within a given container.
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
18/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
Explicit permissions take precedence over inherited permissions, even inherited Deny permissions. This has nothing to do withand group security context.
9.8] Inherited permissions (file and folders)
All files and folders inherit their permissions from the parent folder by default
There are three ways to make changes to inherited permissions:
Make the changes to the parent folder, and then the file or folder will inherit these permissions. Remember this is not relatto user and group security!
Select the opposite permission (Allow or Deny) to override the inherited permission.
Clear the 'Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these withentries explicitly defined here' check box. You can then make changes to the permissions or remove the user or group fro
the permissions list. However, the file or folder will no longer inherit permissions from the parent folder. You be presented a confirmation dialog that has these options
You can 'copy' permission entries making all entries explicit (convert inherited entries into explicit)
Or you can remove all inherited permissions and keep only the current explicit permissions
You cannot change parent permissions inside a child object - they show as grayed out if inheritance is on.
If the object is inheriting conflicting settings from different parents then the setting inherited from the parent closest to the objectthe subtree will have precedence.
Only inheritable permissions are inherited by child objects. When setting permissions on the parent object, you can decide whetfolders or subfolders can inherit them with Apply onto.
9.9] Special shares
drive letter$ - shared resource that enables administrators to connect to the root directory of a drive
ADMIN$ - resource that is used during remote administration of a computer. The path of this resource is always the path to the
system root (ex. c:\windows)IPC$ - resource that shares the named pipes that are essential for communication between programs. You use IPC$ during remadministration of a computer and when you view a computer's shared resources. You cannot delete this resource.
NETLOGON - required resource that is used on domain controllers
SYSVOL - required resource that is used on domain controllers
PRINT$ - resource that is used during remote administration of printers
FAX$ - shared folder on a server that is used by fax clients in the process of sending a fax
You cannot browse to $ shares (cannot see them in Explorer)
9.10] Moving and copying of files
Moving a file on the same volume means that the file location is moved in MFT only, not the physical file itself.
When you copy a file, no matter whatever on the same volume or not, the destination file will inherit the destination folder'spermissions (destination folder and file permission will be the same)
When you move a file on the same volume, it keeps its all of its original permissions, explicit and inherited from original folder.Assign the following names: the file, call it F, new folder call it A, original folder, call it B. When you move F from B to A and thenmake some permissions changes on folder A, they will be inherited by the file F (unless inheritance is blocked on F), old inheritepermissions (the one's from folder B) will be removed. However, the file F will keep all explicit permissions, which is different thecopy operation, where explicit permissions are removed after copy.
When you move a file to another volume, the move is treated as a copy operation. The file permissions are inherited from thedestination folder in the same way regular copy operation permission are inherited.
9.11] Other points
Groups or users granted Full Control on a folder can delete any files in that folder regardless of the permissions protecting the fi
Every general permission has 'Synchronize' permission
Read attributes permission includes 'Read Extended Attributes' permission
Everyone group is no longer granted full control by default to shares, only read access (as of service pack 1, original had fullaccess)
The Anonymous Logon security group has been removed from the Everyone security group
Windows XP and 2000 need installation of client software, twcli32.msi to take advantage ofVolume Shadow Service (VSS) thrun on Windows Server 2003 computer
Part 10: Managingnetworkconnections
10.1] Installing a network adapter
Make sure you install the latest driver
If you have a combo network card (that has two network connectors) make sure you configure speed and cable type
70 to 80 percent of network problems are due to faulty cabling
If you have a combo network card make sure that the speed and cable type are configured correctly
10.2] Configuring TCP/IP
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
19/28
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
20/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
WINS addresses, in order of use
Enable LMHOSTS lookup
Enable/Disable NetBIOS over TCP/IP
Use NetBIOS settings from the DHCP server
NetBEUI - NetBIOS Enhanced User Interface
AppleTalk - is not supported by Windows XP (was supported before)
10.6] TCP/IP filtering
Through filtering you can specify for your PC:
Which TCP ports are permitted
Which UDP ports are permittedWhich protocols are permitted
This is set for all adapters at once and is separate from firewall
It is set up from Network connections -> connection -> TCP/IP properties -> advanced button -> options tab
10.7] Configuring NWLink IPX/SPX/NetBIOS
NWLink IPX/SPX/NetBIOS is Microsoft implementation of Novell IPX/SPX (Internetwork Packet Exchange/Sequenced PacketExchange)
This is just a transport protocol that is routable, if you want to access Novell servers you need to install client software
Internal network number- used to identify file servers, normally leave as is
Frame type - specifies how the data is packaged for transmission
10.8] Network access authentication
Network access control using IEEE 802.1X - you choose a method, password/certificate/smart card
Authenticate as computer when computer information is available
Authenticate as guest when user or computer information is unavailable
Part of connection properties
10.9] Advanced options
Bindings are used to attach protocols to a network adapter. You can improve performance by binding common protocols highebinding order
Part 11: Managingprinting
11.1] Printing related definitions
Printer- this is how we call a piece of software on your PC
Print device - this is the actual hardware printer
Print server- PC to which a local printer is connected - any Windows PC. It is the computer that sends print jobs to the print devFor a network printer you send jobs to the server as well.
Print spooler- also referred to as print queue this is a directory on print server where jobs are being stored prior to being print
Print processor- also known as rendering is the process that determines whatever a print job needs further processing oncehas been sent to the spooler
Printer pool - configuration that allows to use one printer for multiple print devices
Print driver- piece of software that understands your print device codes
Physical port - port through which a printer is directly connected to the computer, COM or LPT
Logical port - port through which a printer with a network card is attached to network, much faster than a physical port
Local printer- printer that uses a physical port and has not been shared
Network printer- printer that is available to local and network users, can use either physical or logical port
11.2] Printer and print device configurations1 printer per 1 print device
1 printer for many print devices (print pooling)
Many printers for 1 print device - used usually for print scheduling
11.3] Windows print process
When user chooses to print the document, request is sent to Graphics Device Interface (GDI) which calls print driver
Print job is sent to a local print spooler which sends the job to the print server
The print spooler on the print server saves the job to disk
Print processor analyzes the print job to determine whatever extra processing is needed, separator page is called if needed
Job is passed to the print manager which directs job to the right port at the right time
Print device prints the job
11.4] Printer information
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
21/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
You can use UNIX (LPR) protocol, for this you will need to add LPR port. LPR is included in "print services" for UNIX, which isinstalled as a separate component of Windows XP
You can also have print services for Macintosh and for Netware
Whenever you hear anything that deals with: LPR, LPD, LPQ think UNIX
You can set printer priority (1-99) as well as printer availability (which means when the printer will be available timewise) todifferent user groups as well as access to the print device itself to different user groups and individual users.
For example to use different print priority for two groups you need to setup two print devices, restrict their use and set priority onthem
If you want to know printer utilization track print queue object in system monitor
%systemdir%\system32\spool\printers\is the default location of the spool folder. You should change it if your server servesmany printers.
A port is defined as the interface that allows the PC to communicate with the print device
Print.exe - sends a text file to a printer
Net Print - displays information about a specified printer queue, displays information about a specified print job, or controls aspecified print job
Bidirectional support - option on ports tab that allows printer to communicate with the computer, for example print errors
11.5] Spooling
Spooling is the process of saving the jobs to disk in a queue before they are sent to the print device
You have the option of:
Start printing after the last page is spooled - small jobs that enter the queue after large jobs may print before large jobsfinish spooling
Start printing immediately - strict order of entry into the queue determines who gets printed 1st
Print directly to the printer- good for troubleshooting the print device
You can change location of print spooler
11.6] Print processor
There are 5 print processors in Windows XP
RAW - makes no change to the job
RAW (FF appended) - always adds form feed character
RAW (FF auto) - tries to determine whatever form feed character needs to be added
NT EMF - for use with other Windows XP clients, multiple versions
TEXT - interprets all data as plain text
11.7] Printer Pooling
One printer, multiple print devices
Think of it as load balancing for printers, used in larger enterprises
Need to use the same driver for all print devices that are member of the pool. Many newer printer devices will work with older druse driver that is the newest for the oldest printer.
It is enabled with a check box found at the bottom of the ports tab
When one print device fails the print job gets redirected to another print device in the pool
11.8] Redirecting print jobs
You can redirect print jobs provided both printers use the same driver
When user placed into a queue a request to print a document on a print device which failed to print BEFORE commencement oprinting you can redirect printing to another printer
To redirect a print job select print device you want jobs redirected from
If the new printer is on this print server, just select new port to which the new printer is attached, otherwise
Click on 'ports' tab
Click on 'add port', select local printer and click on 'new port'
Type in UNC share name of the printer you want the job redirected to, in format \\other_print_server\share_name
Check the check box next to the port you just created
11.9] Separator pages
Separator pages are used in multi user environments, sample files are found in %systemroot/system32/ folder with .sep ending
Pcl.sep - used to send a separator page on printers supporting PCL (Printer Control Language), which is a common standard
Pscript.sep - doesn't send a separator page but switches the computer to PostScript printing mode
Sysprint.sep - used by PostScript printers to send separator pages
Sysprintj.sep - same as sysprint.sep but with support for Japanese characters
11.10] Managing printers
To manage printer, right click it, you have following options:
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
22/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
Set as Default Printer- jobs will by default be sent to this printer
Printing preferences - settings like page layout
Pause printer- jobs can still be submitted, but will not print
Use printer offline - pauses the printer and saves the print queue so documents in it are available even after PC reboot
Other options: Rename, Sharing, Delete
You can also manage documents with following options: Pause,Restart,Resume,Cancel,Properties
11.11] Sharing
When you share a printer it becomes a Network printer
If you don't share your printer it is a Local printer
You cannot share a Fax printerYou can specify print drivers for following systems:
Alpha Windows NT 4.0
IA64 Windows XP
Intel Windows 95/98/Me/NT 4.0/2000/XP
11.12] Security
There are three print related permissions:
Print - users can send print jobs to a printer
Manage Printers - administration of printer consisting of: can pause,restart printer, change spool settings, share/unshareprinter, change print permissions
Manage documents - pause/restart/resume and delete queued documents, no control over the printer itself
Special permissions - used to customize the print options with allow or deny access with: Print, Manage Printers, ManagDocuments, Read Permissions, Change Permissions and Take Ownership
Administrators and Power users can do all tasks
Creator Owner group can Manage Documents only
Everyone group can Print only
Advanced security settings:
Permissions - list all users, computers and groups that have been given permissions to the printer
Auditing - tracks who is using the printer and what type of access is being used
Owner- owner of the printer
Effective permissions
Part 12: Dial-up networkingand Internet
12.1] Configuring a modem
General: speaker volume, maximum port speed, wait for dial tone before dialing check box
Selection of country and extra initialization string
Advanced port settings allow to set buffer size
Hardware settings like Data bits, Parity, Stop bits and Modulation
Data connection settings like Port speed, data protocol, compression and flow control
You can run diagnostics of your modem
12.2] Connecting to a Remote access server (RAS)
You can connect to a RAS server using a modem, ISDN or a null modem cable
Both client and server must use the same connectivity settings
RAS security settings
Allow unsecured passwordsRequire secured password
Use smart card (you will need EAP)
Logon security protocols
MS-chap (Microsoft Challenge Handshake Authentication Protocol) still supports NTLM (but not by default) Same encrypkey is used for all connections, both authentication and connection data are encrypted
MS-chap v2 no NTLM and stronger encryption (like salting passed encrypted password strings) both MS-chap protocols athe only ones that can change passwords during the authentication process. New key is used for each connection anddirection.
Chap - need to enable storage of a reversibly encrypted user passwords, encryption of authentication data through MD5hashing. No encryption of connection data.
PAP (Password Authentication Protocol) passwords are unencrypted as well as connection data
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
23/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
SPAP (Shiva Password Authentication Protocol) - less secure than CHAP or MS-CHAP, no encryption of connection data
EAP-TLS (Extensible Authentication Protocol - transport level security) - certification based authentication (EAP) used witsmart cards, both authentication and connection data are encrypted, not supported on stand alone servers - only for doma
EAP-MD5 CHAP (Extensible Authentication Protocol - Message Digest 5 Challenge Handshake Authentication protocol) this is a version of Chap that was ported to EAP framework. Encrypts only authentication data, not connection data, sameChap.
Unauthenticated access - connections without credentials, good for testing
12.3] Using Virtual Private Networking (VPN)
Data that is sent over the network is encrypted, for VPN you just need access to a network while for RAS you need to dial-in
VPN supports
Single inbound connections
Tunneling protocols
Callback security
Multilink support (chaining of multiple modems)
PPTP (Point-to-Point Tunneling Protocol) - build in encryption for IP or IPX protocols inside of PPP datagrams, require IPconnectivity between your computer and the server
L2TP (Layer Two Tunneling Protocol) - Windows XP implementation of L2TP is designed to run natively over IP networks only,does not support native tunneling over X.25, Frame Relay, or ATM networks. Uses IPsec and certificates for security.
12.4] Using Internet Connection Sharing (ICS)
Internet connection sharing (ICS) allows you to connect a small network to the internet through a single connection
Internet connection sharing server gets assigned address 192.168.0.1 and its simple DHCP server assigns addresses in the ranof 192.168.0.2 - 192.168.0.254 to all client computers
You can specify which protocols and ports are to be shared, for example HTTP on port 80
You configure connection sharing using Network and Internet connections from control panel in advanced tab
12.5] Managing IE settings
Security zones
Internet
Local intranet
Trusted sites
Restricted sites
Content
Content advisor - you can limit what is accessed based on language, nudity, sex and violence
Certificates
Personal information - you can configure Auto complete and Microsoft profile assistantConnections - how you connect to the internet, any connection
Programs associated with different internet services, HTML editor, E-mail, News groups, Internet call, calendar and contact list
Advanced tab has too many options to list
You can print to an internet printer if the print server has IIS and supports internet printing
Internet printing uses Internet print protocol (IPP)
To install internet printer, start the 'Add printer wizard', choose network printer and type as address http://computername/printshare_name/.printer
You can connect through a web browser to print server by surfing to http://print_server/printers if it is allowed and print serverIIS installed
To connect using IE to an ftp server that uses password and user name, use: ftp://user_name:[email protected];Otherwise IE will ask you to enter your credentials.
12.6] Internet connection firewallICF is a stateful firewall
Configured from Network Connections -> Connection you wish to firewall -> properties -> advanced tab
You can log dropped packets and successful connections
You can choose a service that already is listed (like port 80 IIS) or add your own
Don't confuse with IP packet filtering which is set for all connections at once.
12.7] Other points
PPP - Point-to-Point Protocol that provides advanced futures (like: IPX, NetBEUI and TCP/IP, encrypted authentication ifconfigured) not found in Serial Line Internet Protocol (SLIP)
Part 13: OptimizingWindowsXP Pro
-
8/6/2019 Microsoft Exam 70-270 Preparation Guide
24/28
Prosoft exam 70-270 preparation guide
10/05/2011 04:50://www.tomkitta.com/guides/70-270.html
13.1] Performance and system events
Task manager
Event viewer
System monitor (to activate you can run perfmon.exe from command line)
Performance logs and alerts
Network monitor
13.2] Performance
To set process priority at run time, go use start "process name" /"priority value"
Another way is to: cmd /c start /"priority setting""application name" -- you cannot use this from the run menu
Priority types:Real time (you will need Administrator access to set this priority level)
High
Above normal
Normal
Below normal
Low
Processor affinity is the process of assigning specific processors to specific tasks in multiprocessor system, this is done throutask manager
Relog - extracts performance counters from performance counter logs into other formats, such as text-TSV, text-CSV, binary-Bor SQL
Logman - manages and schedules performance counter and event trace log collections on local and remote systems
13.3] Performance indicatorsMemory: pages faults/sec - data not found in CPU cache creates a fault, most processors can handle large amounts of soft pafaults, compare with memory: pages/sec
Available memory in bytes - need more if less than 10% available (could be an application memory leak)
Memory: pages/sec - hard drive access to page file, a rate of 20 or more indicates a need for more RAM
Page file percent close to 100, need more space on file or more RAM
Physical disk: percentage disk time above 70% - is too high, if paging file usage is excessive as well it indicates more RAM ineeded otherwise a disk is the bottleneck
Physical disk average queue length above 2 - check paging file and physical memory
Physical disk current queue length - a value above 2 indicates a problem
CPU close to 100% - need more CPU power if situation continues for excessive amounts of time
Number of open files indicates how busy the server is, compare to baselineServer: bytes total/sec - indicates network throughput
Baselining is the process of determining average/normal system performance. Should be done over a period of 3 to 4 weeks ucounter logs.
Performance logs and alerts are used to perform long term analysis:
Using the default Windows XP Pro data provider or another application provider, trace logs record detailed systemapplication events when certain activities, such as a disk I/O operation occurs. When the event occurs, your OS logs thesystem data to a file. A parsing tool is required to interpret the trace log output, like Tracerpt
When counter logs are in use, the service obtains data from the system when the update interval has elapsed, rather thawaiting for a specific event.
Remember that trace logs are event driven and
Counter logs are update interval driven
13.4] Performance alertsAlerts are created when specific counter(s) go above or below a specific value. W