Microsoft 70-291 Study Guide

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at





Topic 1: Installing and Deploying Windows Server 2003
Section 1.1: System Requirements
Section 1.2: Installing Windows Server 2003 from the CD-Rom
Section 1.3: Installing Windows Server 2003 from a Network Share
Section 1.4: Performing an Unattended Installation

1.4.1: Using an Unattended Answer File
1.4.2: Using the System Preparation Tool
1.4.3: Using Remote Installation Services (RIS)
Section 1.5: Windows Server 2003 Licensing
Section 1.6: Deploying Software Applications

1.6.1: Software Installation and Maintenance Technology Acquiring and Modifying Software Packages Deploying Software Packages Assigning Software Packages Publishing Software Packages Deploying .zap Files
1.6.2: Upgrading Software Mandatory Upgrades Optional Upgrades Redeploying Software Removing or Disabling Software
1.6.3: Deploying Service Packs and Hotfixes Installing Service Packs and Hotfixes Removing a Service Pack or Hotfix Slipstreaming Service Packs and Hotfixes Adding Service Packs and Hotfixes to a Network Installation Share Installing Multiple Hotfixes
1.6.4: Microsoft Software Update Services Windows Update Windows Update Catalog Automatic Updates Software Update Services
Section 1.7: The Windows Server 2003 Boot Process
1.7.1 Files Used in the Boot Process
1.7.2 The Boot.ini File
1.7.3: Advanced Boot Options
Section 1.8: The Recovery Console
1.8.1: Installing and Starting the Recovery Console
1.8.2: Using the Recovery Console

Topic 2: Configuring the Windows Server 2003 Network
Section 2.1: Creating Network Connections
Section 2.2: Configuring Automatic IP Addressing

2.2.1: DHCP Addressing
2.2.2: Automatic Private IP Addressing
2.2.3: The DHCP Lease Process Automatic Lease Renewal Manual Lease Renewal
2.2.4: DHCP and BOOTP Relay Agents
2.2.5: DHCP Backup and Fault Tolerance
Section 2.3: Testing IP Connections
2.3.1: Using the IPConfig Utility
2.3.2: Using the ping Utility
2.3.3: Using the tracert Utility
2.3.4: Using the net and nbtstat Utilities

Topic 3: Name Resolution
Section 3.1: NetBIOS Name Resolution
Section 3.2: Host Name Resolution
Section 3.3: Domain Name Space

3.3.1: DNS Zones Zone Files Resource Records File Types Zone Types
Section 3.4: Name Servers
3.4.1: Name Server Roles
3.4.2: Zone Transfers
3.4.3: Zone Transfer Security
3.4.4: Active Directory Integrated Zones
Section 3.5: Resolving Names
3.5.1 Forward Lookup Query
3.5.2 Reverse Lookup Query
3.5.3 DNS Recursion
Section 3.6: Installing the DNS Service
3.6.1: Configuring the DNS Service
3.6.2 Configuring a DNS Name Server
3.6.3 Creating Forward Lookup Zones and Reverse Lookup Zones
3.6.4 Configuring Clients for DNS
3.6.5: Configuring Dynamic DNS Dynamic Updates Secure Dynamic Updates SRV Resource Records and A Resource Records Creating Resource Records Configuring Scavenging
Section 3.7: Troubleshooting DNS
3.7.1 Disabling DNS on an Interface

Topic 4: The Windows Server 2003 Network Infrastructure
Section 4.1: Directory Service Functionality
4.1.1: Simplified Administration
4.1.2: Scalability and Extensibility
Section 4.2: Active Directory Support for Client Computers
Section 4.3: Active Directory Structure

4.3.1: Logical Structure Domains Organizational Units (OUs) Schema
4.3.2: Physical Structure Sites Domain Controllers
4.3.3: Domain Controller Roles The Global Catalog Master Operation Roles PDC Emulator RID Master Infrastructure Master Domain Naming Master Schema Master Seizing a Role Master
4.3.4: Renaming Domain Controllers
Section 4.4: Installing Active Directory Directory Services
4.4.1: The Database and Shared System Volume
4.4.2: Domain Functional Levels Windows 2000 Mixed Domain Functional Level Windows 2000 Native Domain Functional Level Windows Server 2003 Domain Functional Level
4.4.3: Forest Functional Levels
Section 4.5: Active Directory Replication
4.5.1: Replication Within Sites
4.5.2: Replication Between Sites Site Link Attributes Site Link Bridges
4.5.3: Replication Latency
4.5.4: Resolving Replication Conflicts
4.5.5: Single Master Operations
Section 4.6: Active Directory Objects
4.6.1: Active Directory Naming Contexts Application Naming Contexts Configuration Naming Context
4.6.2: Moving Active Directory Objects The MoveTree Utility The ClonePrincipal The Active Directory Migration Tool
4.6.3: Controlling Access to Active Directory Objects
4.6.4: Delegating Administrative Control
Section 4.7: Publishing Resources
4.7.1: Setting Up and Managing Published Printers
4.7.2: Setting Up and Managing Published Shared Folders
Section 4.8: Auditing Access to Active Directory Objects
4.8.1: Monitoring User Access to Shared Folders Monitoring User Sessions Sending Administrative Messages to Users

Topic 5: Creating and Managing User and Computer Accounts
Section 5.1: User Accounts

5.1.1: Local User Accounts
5.1.2: Domain User Accounts Creating DomainUser Accounts Copying Domain User Accounts
5.1.3: Built-In User Accounts Administrator Guest HelpAssistant Support_388945a0
Section 5.2: Computer Accounts
Section 5.3: Modifying User Accounts and Computer Accounts
Section 5.4: Group Accounts

5.4.1: Group Scope
5.4.2: Group Nesting
5.4.3: Creating Groups
5.4.4: Adding a User to a Group
Section 5.5: Managing The User Environment
5.5.1: User Profiles Roaming User Profiles Mandatory User Profiles
5.5.2: Administrative Templates
5.5.3: Desktop Security Settings
5.5.4: Group Policy Script Settings
5.5.5: Folder Redirection

Topic 6: Routing and Remote Access Service (RRAS)
Section 6.1: Routing and Remote Access Service Features
Section 6.2: Installation and Configuration
Section 6.3: Connecting to RRAS

6.3.1: Remote Access Protocols
6.3.2: The PPP Authentication Process
Section 6.4: Remote Access Security
6.4.1: Secure User Authentication Mutual Authentication Data Encryption Callback Caller ID
6.4.2: Managing Authentication Windows Authentication RADIUS Authentication and IAS
Section 6.5: Securing RRAS Clients
6.5.1: Remote Access Policies
6.5.2 The Connection Manager Administration Kit
Section 6.6: Virtual Private Networks (VNP)
6.6.1: VPN Protocols
6.6.2: Configuring VPN Protocols
6.6.3: IPSec and NAT Transversal
6.6.4: Integrating VPN in a Routed Network
6.6.5: Integrating VPN Servers with the Internet
6.6.6: Configuring Client VPN Settings
Section 6.7: RRAS Tools
Section 6.8: Routing

6.8.1: Routing Tables Static Routing Dynamic Routing
6.8.2: Routing Protocols Routing Information Protocol (RIP) Open Shortest Path First (OSPF)

Topic 7: Controlling Network Security
Section 7.1: Access Control List
Section 7.2: NTFS Permissions

7.2.1: NTFS Folder Permissions
7.2.2: NTFS File Permissions
7.2.3: Multiple NTFS Permissions Cumulative Permissions The Deny Permission
7.2.4: Setting NTFS Permissions
7.2.5: NTFS Permissions Inheritance
7.2.6: Assigning Special Access Permissions Changing Permissions Taking Ownership
Section 7.3: Copying and Moving Files and Folders
Section 7.4: Troubleshooting NTFS Permission Problems

Topic 8: Shared Files and Folders
Section 8.1: Shared Folder Permissions
Section 8.2: Shared Application Folders
Section 8.3: Data Folders
Section 8.4: Administrative Shared Folders
Section 8.5: Offline Files

8.5.1: Enabling Offline Files
8.5.2: Offline File Synchronization
Section 8.6: Combining Shared Folder Permissions and NTFS Permissions

Topic 9: Monitoring Network Resources
Section 9.1: Monitoring Access to Shared Folders
9.1.1: Monitoring Shared Folders
9.1.2: Modifying Shared Folder Properties
9.1.3: Monitoring Open Files
9.1.4: Disconnecting Users from Open Files
9.1.5: Monitoring Network Users
9.1.6: Monitoring User Sessions
9.1.7: Disconnecting Users
Section 9.2: Auditing
9.2.1: Using an Audit Policy
9.2.2: Using Event Viewer to View Security Logs
9.2.3: Setting Up Auditing
9.2.4: Auditing Object Access Auditing Access to Files and Folders Auditing Access to Printers
Section 9.3: Using Event Viewer
9.3.1: Viewing Security Logs
9.3.2: Locating Events
9.3.3: Managing Audit Logs
Section 9.4: Using Group Policy
Section 9.5: The Shutdown Event Tracker

Topic 10: Monitoring System Performance
Section 10.1: The System Monitor
Section 10.2: Adding Performance Counters
Section 10.3: Performance Logs and Alerts

10.3.1 Counter Logs and Tracer Logs
10.3.2 Alerts



Table 1.1: Windows Server 2003 Minimum System Requirements
Table 1.2: Files Used in the Windows Server 2003 Boot Process
Table 1.3: ARC Path Naming Conventions
Table 1.4: Some Recovery Console Commands
Table 2.1: IPConfig Switches
Table 2.2: Ping Errors
Table 2.3: Nbstat Commands
Table 3.1: Top-Level Domains
Table 3.2: Zone Types
Table 4.1: Schema Active Directory Service Interface Objects
Table 4.2: Common Active Directory Objects
Table 4.3: Find Dialog Box Options
Table 4.4: Standard Active Directory Object Permissions
Table 5.1: The Dsadd Command-line Parameters
Table 5.2: The User Account Properties
Table 5.3: The Computer Account Properties
Table 5.4: The Dsmod Command-line Parameters
Table 5.5: The Dsadd Command-line Parameters
Table 5.6: Administrative Templates
Table 5.7: Desktop Security Settings
Table 5.8: Group Policy Settings to control the Network Environment
Table 5.9: Group Policy Settings to Control Access to the Administrative Tools
Table 6.1: Remote Access Policy Conditions
Table 6.2: Additional RADIUS Remote Access Policy Conditions
Table 6.3: Netsh Command-line Options
Table 6.4: Netsh global Commands
Table 6.5: Route Command Parameters
Table 7.1: Permission Inheritance Options
Table 7.2: Troubleshooting Permission problems
Table 8.1: Shared Folder Permissions
Table 9.1: Options for Filtering and Finding Events
Table 10.1: Some Useful Performance Counters

Implementing, Managing and Maintaining a
Microsoft Windows Server 2003
Network Infrastructure

Exam Code: 70-291

Microsoft Certified (MCP)
Microsoft Certified Systems Administrator (MCSA 2003) Core
Microsoft Certified Systems Engineer (MCSE 2003) Core


About This Study Guide
This Study Guide provides all the information required to pass the Microsoft 70-291 exam – Implementing,
Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure. It however, does not
represent a complete reference work but is organized around the specific skills that are tested in the exam.
Thus, the information contained in this Study Guide is specific to the 70-291 exam and not only to
Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure. It
includes the information required to answer questions related to the maintaining Windows Server 2003
environment, Windows 2000, Windows XP Professional, Windows NT, and Windows 98 that may be asked
during the exam. Topics covered in this Study Guide include: Installing Windows Server 2003,
Implementing, Managing, and Maintaining IP Addressing; Configuring TCP/IP Addressing on a Server
Computer; Managing DHCP; Managing DHCP Clients and Leases; Managing DHCP Relay Agent;
Managing DHCP Databases; Managing DHCP Scope Options; Managing Reservations and Reserved
Clients; Troubleshooting TCP/IP Addressing; Diagnosing and Resolve Issues Related To Automatic Private
IP Addressing (APIPA); Diagnosing and Resolve Issues Related To Incorrect TCP/IP Configuration;
Troubleshoot DHCP; Diagnosing and Resolving Issues Related to DHCP Authorization; Verifying DHCP
Reservation Configuration; Examining the System Event Log and DHCP Server Audit Log Files to Find
Related Events; Diagnosing and Resolve Issues Related To Configuration of DHCP Server and Scope
Options; Verifying the DHCP Relay Agent; Verifying Database Integrity; Implementing, Managing, and
Maintaining Name Resolution; Installing and Configuring the DNS Server Service; Configuring DNS
Server Options; Configuring DNS Zone Options; Configuring DNS Forwarding; Managing DNS; Manage
DNS Zone Settings; Manage DNS Record Settings; Manage DNS Server Options; Monitor DNS;
Implementing, Managing, and Maintaining Network Security; Implementing Secure Network
Administration Procedures; Using Security Templates; Monitoring Network Protocol Security;
Implementing, Managing, and Maintaining Routing and Remote Access; Configuring Routing and Remote
Access User Authentication; Configuring Remote Access Authentication Protocols; Configuring Internet
Authentication Service (IAS) To Provide Authentication for Routing and Remote Access Clients;
Configuring Routing and Remote Access Policies to Permit or Deny Access; Managing Remote Access;
Managing Packet Filters; Managing Routing and Remote Access Routing Interfaces; Managing Devices and
Ports; Managing Routing Protocols; Managing Routing and Remote Access Clients; Managing TCP/IP
Routing; Managing Routing Protocols; Managing Routing Tables; Managing Routing Ports; Implementing
Secure Access between Private Networks; Troubleshooting User Access to Remote Access Services;
Diagnosing and Resolving Issues Related To Remote Access VPNs; Diagnosing and Resolving Issues
Related To Establishing a Remote Access Connection; Diagnosing and Resolving User Access to Resources
beyond the Remote Access Server; Troubleshooting Routing and Remote Access Routing; Troubleshooting
Demand-Dial Routing; Troubleshooting Router-To-Router VPNs; Maintaining a Network Infrastructure;
Monitoring Network Traffic; Troubleshooting Connectivity to the Internet;

Intended Audience
This Study Guide is targeted specifically at people who wish to take the Microsoft MCSA / MCSE exam 70-
291 exam – Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network
Infrastructure. This information in this Study Guide is specific to the exam. It is not a complete reference
work. Although our Study Guides are aimed at new comers to the world of IT, the concepts dealt with in this
Study Guide are complex and require an understanding of material provided for the CompTIA A+,
Network+ and Server+ exams.

Note: There is a fair amount of overlap between the 70-291 and the 70-290
exams. Don’t skim over the information that seems familiar. Read over it
again to refresh your memory.

How To Use This Study Guide
To benefit from this Study Guide we recommend that you:

• Study each chapter carefully until you fully understand the information. This will require regular and
disciplined work.

• If possible, perform all the walk-throughs that are included in this Study Guide to gain practical
experience, referring back to the text so that you understand the information better. Remember, it is
easier to understand how tasks are performed by practicing those tasks rather than trying to memorize
each step.

• Be sure that you have studied and understand the entire Study Guide before you take the exam.

Note: Remember to pay special attention to these note boxes as they contain
important additional information that is specific to the exam.

Good luck!

Topic 1: Installing and Deploying Windows Server 2003
You can install Windows Server 2003 directly from the CD-Rom or from a network share. The Windows
Server 2003 installation process consists of five stages

Stage 1: Hard Drive Preparation: In text mode Setup checks the hard drive for consistency and errors. It
allows you to format and create the Windows Server 2003 partition if you need to and copies setup files to
the hard drive. Setup then reboots the computer.

Stage 2: Setup Wizard: The graphical user interface Setup Wizard gathers information from you; such as
regional settings, your name and organization, the Windows Server 2003 CD-key, and computer name. The
Windows Server 2003 Setup Program then creates the local Administrator user account and requests a
password for it.

Stage 3: Installing Network Components: After the Setup Wizard has gathered the necessary information
from you in Stage 2, it begins the network components installation. It detects your network adapter card;
allows you to choose which network components, such as the network client, file and printer sharing and
protocols, to install; allows you to join a workgroup or domain; and installs the components you have

Stage 4: Completing the Installation: The Setup Wizard completes the installation by installing the startmenu
items and applying and saving the configuration settings you chose in the previous stages. It then
deletes the temporary setup files and reboots the computer.

Stage 5: Post Installation: After the installation is complete, you must perform the “Product Activation”
and configure your server. You should also check your device manager for undetected or nonfunctioning
hardware components.

Section 1.1: System Requirements
Before installing Windows Server 2003, you must ensure that the computer meets the minimum system
requirements for Windows Server 2003.

Table 1.1: Windows Server 2003 Minimum System Requirements


Minimum Requirement
Processor Pentium 133 MHz (Pentium III 550 MHz recommended for Standard
Edition and Pentium III 733 MHz for Enterprise Edition)
Memory 128 MB Ram (256 MB Ram recommended)
Hard Disk Space 1.5 GB hard disk free space
Networking Standard network adapter card
Display Monitor and adapter with minimum resolution of the VGA standard
I/O devices CD-ROM, keyboard, mouse, or other pointing devices.

Section 1.2: Installing Windows Server 2003 from the CD-Rom
When installing Windows Server 2003 on a new computer from the CD-Rom you must boot directly from
the CD-Rom. Unlike Windows 2000, Windows Server 2003 does not support booting from boot disks.
Therefore, if your computer does not support booting from the CD-Rom, you must install Windows Server
2003 from a network share or from within an existing operating system.
Place the Windows Server 2003 installation disk in the CD-Rom and reboot the computer. During the boot
process you will be prompted to “press any key to boot from CD-Rom”. Once you have pressed a key
the installation of Windows Server 2003 will begin.

Section 1.3: Installing Windows Server 2003 from a Network Share
To install Windows Server 2003 over the network you must copy the i386 folder from the Windows Server
2003 Installation CD to a shared network folder. You must also ensure that the computer has a can connect
to the network share when it has booted.

Section 1.4: Performing an Unattended Installation
Microsoft allows for the automated installation of Windows Server 2003 through unattended installations.
There are three mechanisms through which an unattended installation can be performed. These are through:

• unattended answer files;
• disk imaging using the System Preparation Tool; and
• Remote Installation Services

1.4.1: Using an Unattended Answer File
The first mechanism you can use to perform an unattended installation of Windows Server 2003 is to use an
answer file. An answer file is an automated script that supply’s the Windows Server 2003 Setup program
with all the information it would require during the installation.

• You can use Setup Manager located in the file in the /support/tools folder of the Windows
Server 2003 Installation CD to create and modify an answer file or you can manually create the Answer
file. You can use Setup Manager to create an answer file for an unattended installation, a sysprep install,
and for a Remote Installation Services.

1.4.2: Using the System Preparation Tool
With disk imaging it is possible to install and configure Windows Server 2003 and all the applications and
application update packs on a test computer and then create an exact image of the hard drive that can then be
used to install Windows Server 2003 and the applications on other client computers. However, all the target
computers to which the image is to be applied must have the same hardware configuration as the test
computer. You will also have to change the computer name of all the target computers as each computer on
the network must have a unique name.

You should use the Sysprep, after installing and configuring Windows Server 2003, the applications and
application update packages on a test computer, to prepare the computer of disk imaging. You should then
run the disk imaging program after Sysprep has completed. Sysprep adds a mini-Setup Wizard to the disk
image that will request the user-specific information such as productID, user name, network configuration,
etc, on the first reboot of the target computer. This information can either be supplied by the user or by an
answer file.

1.4.3: Using Remote Installation Services (RIS)
Unlike Windows 2000 Server, Windows Server 2003 can be deployed using Remote Installation Services
(RIS). Remote installation is the process of connecting to Remote Installation Services (RIS) server from a
target computer and then performing an automated installation of Windows Server 2003 on the target
computer. This is the most effective method of deploying Windows Server 2003. Remote Installation allows
administrators to use a centrally located computer to install Windows Server 2003 on a target computer, i.e.
the computer on which the Windows Server 2003 operating system is to be installed, anywhere on a
network. It however requires that your network already has a Windows Server 2003 server infrastructure in
place and that the target computers support remote booting.

Section 1.5: Windows Server 2003 Licensing
The use of Windows Server 2003 requires two distinct types of licensing: a product license, i.e., the CDkey,
which allows you to install the Windows Server 2003 operating system on a computer; and a Client
Access License (CAL), which allows clients to connect to the Windows Server 2003 computer.
Windows Server 2003 provides three CAL modes: a per server mode, which sets the number of concurrent
users or clients that can log on to a specific Windows Server 2003 computer; a per user mode, which permits
an unlimited number of concurrent users to connect to the Windows Server 2003 computer, providing each
has a CAL; and a per device mode, which permits an unlimited number of concurrent client computers, or
devices, to connect to the Windows Server 2003 computer, providing that each device has a CAL.

Section 1.6: Deploying Software Applications
1.6.1: Software Installation and Maintenance Technology

The software installation and maintenance technology in Windows Server 2003 uses Group Policy in
conjunction with Windows Installer to automate and manage software installations, updates and removal
from a centralized location. Group Policy can be used to assign the software application to a group of users
that are members of an OU, and allows you to manage the various phases of software deployment.
There are four phases of software life cycle:

• Preparation: preparing the files that allows you to use Group Policy to deploy the application software.
This involves copying the Windows Installer package files to a software distribution point. The
Windows Installer application files can be obtained from the application’s vendor or can be created
through the use of third-party utilities.

• Deployment: the administrator creates a Group Policy Object (GPO) that installs the software on the
target computers and links the GPO to the appropriate Organizational Unit. During this phase the
software is installed.

• Maintenance: the software is upgraded with a new version or redeployed with a patch or a service pack.
MCSE 70-291

• Removal: to remove software that is no longer required, you must remove the Windows installer
package from the GPO that was used to deploy the software. The software is then automatically removed
when a user log on or when the computer restarts.

Windows Installer consists of Windows Installer service, which is a client-side service, and Windows
Installer package. Windows Installer package uses the .msi file extension that replaces the Setup.exe file and
contains all the information that Windows Installer services requires to install the software. The software
developer provides the Windows Installer package with the application. If a Windows Installer package does
not come with an application, you can create a Windows Installer package or repackage the application,
using a third-party utility. Alternatively you could create an application file (.zap) that uses the application’s
existing setup program. A .zap file is not a native Windows Installer package.

Advantages of using Native Windows Installer packages:
• Automatic File Repair when a critical application file becomes corrupt. The application automatically
returns to the installation source to retrieve a new copy of the file.

• Clean Removal without leaving orphaned files and without deleting shared files used by another

• Transformable. You can customize a Windows Installer package to meet the requirements set by your
company by using authoring and repackaging tools. Transformed Windows Installer packages are
identified by the .mst file extension.

• Patches. Patches and upgrades can be applied to the installed applications. These patches use the .msp
file extension.

Note: A .zap file is not a native Windows Installer package and does not offer
the same benefits as Windows Installer packages. It therefore does not
support automatic repairing and cannot be transformed.



MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

About the author /





November 2011
« Oct   Dec »