WINDOWS ADMIN INTERVIEW QUESTIONS
1. Describe how the DHCP lease is
obtained. It’s a
four-step process consisting of (a) IP request, (b) IP offer, (c) IP selection
and (d) acknowledgement.
2. I can’t seem to access the Internet,
don’t have any access to the corporate network and on ipconfig my address is
169.254.*.*. What happened? The
169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the
DHCP server is not available. The name for the technology is APIPA (Automatic
Private Internet Protocol Addressing).
3. We’ve installed a new Windows-based
DHCP server, however, the users do not seem to be getting DHCP leases off of
it. The server must
be authorized first with the Active Directory.
4. How can you force the client to give
up the dhcp lease if you have access to the client PC? ipconfig /release
5. What authentication options do Windows
2000 Servers have for remote clients? PAP,
SPAP, CHAP, MS-CHAP and EAP.
6. What are the networking protocol
options for the Windows clients if for some reason you do not want to use
TCP/IP? NWLink
(Novell), NetBEUI, AppleTalk (Apple).
7. What is data link layer in the OSI
reference model responsible for? Data link layer is located above the physical
layer, but below the network layer.
Taking raw data bits and packaging them into frames. The network layer will be
responsible for addressing the frames, while the physical layer is responsible
for retrieving and sending raw data bits.
8. What is binding order? The order by which the network
protocols are used for client-server communications. The most frequently used
protocols should be at the top.
9. How do cryptography-based keys ensure
the validity of data transferred across the network? Each IP packet is assigned a
checksum, so if the checksums do not match on both receiving and transmitting
ends, the data was modified or corrupted.
10. Should we deploy IPSEC-based security
or certificate-based security? They
are really two different technologies. IPSec secures the TCP/IP communication
and protects the integrity of the packets. Certificate-based security ensures
the validity of authenticated clients and servers.
11. What is LMHOSTS file? It’s a file stored on a host machine
that is used to resolve NetBIOS to specific IP addresses.
12. What’s the difference between forward
lookup and reverse lookup in DNS?
Forward lookup is name-to-address; the reverse lookup is address-to-name.
13. How can you recover a file encrypted
using EFS? Use the
domain recovery agent.
IIS QUESTIONS
This came in the mail from the reader who recently went
through a job interview process. He didn’t mention the company name.
1.
How would you remotely administer IIS?
2.
What is RAID? What is it used for?
3.
How would you go about securing IIS and MS-SQL Server?
WINDOWS 2000 ADMINISTRATION
QUESTIONS
1.
Explain hidden shares. Hidden or
administrative shares are share names with a dollar sign ($) appended to their
names. Administrative shares are usually created automatically for the root of
each drive letter. They do not display in the network browse list.
2.
How do the permissions work in Windows 2000? What
permissions does folder inherit from the parent? When you combine
NTFS permissions based on users and their group memberships, the least restrictive
permissions take precedence. However, explicit Deny entries always override
Allow entries.
3.
Why can’t I encrypt a compressed file on Windows 2000? You can
either compress it or encrypt it, but not both.
4.
If I rename an account, what must I do to make sure the
renamed account has the same permissions as the original one? Nothing,
it’s all maintained automatically.
5.
What’s the most powerful group on a Windows system?
Administrators.
6.
What are the accessibility features in Windows 2000?
StickyKeys, FilterKeys Narrator, Magnifier, and On-Screen Keyboard.
7.
Why can’t I get to the Fax Service Management console? You can
only see it if a fax had been installed.
8.
What do I need to ensure before deploying an application
via a Group Policy? Make sure it’s either an MSI file, or contains a ZAP
file for Group Policy.
9.
How do you configure mandatory profiles? Rename
ntuser.dat to ntuser.man
10.
I can’t get multiple displays to work in Windows 2000. Multiple
displays have to use peripheral connection interface (PCI) or Accelerated
Graphics Port (AGP) port devices to work properly with Windows 2000.
11.
What’s a maximum number of processors Win2k supports? 2
12.
I had some NTFS volumes under my Windows NT installation.
What happened to NTFS after Win 2k installation? It got upgraded
to NTFS 5.
13.
How do you convert a drive from FAT/FAT32 to NTFS from
the command line? convert c: /fs:ntfs
14.
Explain APIPA. Auto Private IP Addressing (APIPA)
takes effect on Windows 2000 Professional computers if no DHCP server can be
contacted. APIPA assigns the computer an IP address within the range of
169.254.0.0 through 169.254.255.254 with a subnet mask of 255.255.0.0.
15.
How does Internet Connection Sharing work on Windows
2000? Internet Connection Sharing (ICS) uses the DHCP Allocator
service to assign dynamic IP addresses to clients on the LAN within the range
of 192.168.0.2 through 192.168.0.254. In addition, the DNS Proxy service
becomes enabled when you implement ICS.
WHAT ARE THE DIFFERENCE IN WINDOWS NT SERVER,
2000SERVER AND 2003 SERVER AND NOW WIN SERVER2008
NT SAM database is a flat database. Where as in windows 2000 active directory database is a hierarchical database.
In Windows NT only PDC is having writable copy of SAM database but the BDC is only read only database. In case of
Windows 2000 both DC and ADC is having write copy of the database
Windows NT will not support FAT32 file system. Windows 2000 supports FAT32
Default authentication protocol in NT is NTLM (NT LAN manager). In windows 2000 default authentication protocol is Kerberos V5.
Windows 2000 depends and Integrated with DNS. NT user NetBIOS names
Active Directory can be backed up easily with System state data
Application Server mode is introduced in windows 2003
Possible to configure stub zones in windows 2003 DNS
Volume shadow copy services is introduced
Windows 2003 gives an option to replicate DNS data b/w all DNS servers in forest or All DNS servers in the domain.
PDC contains a write copy of SAM database where as BDC contains read only copy of SAM database. It is not possible to reset a password or create objects with out PDC in Windows NT.
There is no difference between in DC and ADC both contains write copy of AD. Both can also handles FSMO roles (If transfers from DC to ADC). It is just for identification.
Functionality wise there is no difference windows 2008 is fully script based software with more group policies and permissions win 2000 domain name can't change. But in 2003 server we can change.
In 2003 we can able to add more than 220 group policy but in 2000 it not possible.
54 SCREENING QUESTIONS FOR
WINDOWS ADMIN
1.
What
is Active Directory?
2.
What
is LDAP?
3.
Can
you connect Active Directory to other 3rd-party Directory Services? Name a few
options.
4.
Where
is the AD database held? What other folders are related to AD?
5.
What
is the SYSVOL folder?
6.
Name
the AD NCs and replication issues for each NC
7.
What
are application partitions? When do I use them
8.
How
do you create a new application partition
9.
How
do you view replication properties for AD partitions and DCs?
10.
What
is the Global Catalog?
11.
How
do you view all the GCs in the forest?
12.
Why
not make all DCs in a large forest as GCs?
13.
Trying
to look at the Schema, how can I do that?
14.
What
are the Support Tools? Why do I need them?
15.
What
is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?
16.
What
are sites? What are they used for?
17.
What’s
the difference between a site link’s schedule and interval?
18.
What
is the KCC?
19.
What
is the ISTG? Who has that role by default?
20.
What
are the requirements for installing AD on a new server?
21.
What
can you do to promote a server to DC if you’re in a remote location with slow
WAN link?
22.
How
can you forcibly remove AD from a server, and what do you do later? • Can I get
user passwords from the AD database?
23.
What
tool would I use to try to grab security related packets from the wire?
24.
Name
some OU design considerations.
25.
What
is tombstone lifetime attribute?
26.
What
do you do to install a new Windows 2003 DC in a Windows 2000 AD?
27.
What
do you do to install a new Windows 2003 R2 DC in a Windows 2003 AD?
28.
How
would you find all users that have not logged on since last month?
29.
What
are the DS* commands?
30.
What’s
the difference between LDIFDE and CSVDE? Usage considerations?
31.
What
are the FSMO roles? Who has them by default? What happens when each one fails?
32.
What
FSMO placement considerations do you know of?
33.
I
want to look at the RID allocation table for a DC. What do I do?
34.
What’s
the difference between transferring a FSMO role and seizing one? Which one
should you NOT seize? Why?
35.
How
do you configure a “stand-by operation master” for any of the roles?
36.
How
do you backup AD?
37.
How
do you restore AD?
38.
How
do you change the DS Restore admin password?
39.
Why
can’t you restore a DC that was backed up 4 months ago?
40.
What
are GPOs?
41.
What
is the order in which GPOs are applied?
42.
Name
a few benefits of using GPMC.
43.
What
are the GPC and the GPT? Where can I find them?
44.
What
are GPO links? What special things can I do to them?
45.
What
can I do to prevent inheritance from above?
46.
How
can I override blocking of inheritance?
47.
How
can you determine what GPO was and was not applied for a user? Name a few ways
to do that.
48.
A
user claims he did not receive a GPO, yet his user and computer accounts are in
the right OU, and everyone else there gets the GPO. What will you look for?
49.
Name
a few differences in Vista GPOs
50.
Name
some GPO settings in the computer and user parts.
51.
What
are administrative templates?
52.
What’s
the difference between software publishing and assigning?
53.
Can
I deploy non-MSI software with GPO?
54.
You
want to standardize the desktop environments (wallpaper, My Documents, Start
menu, printers etc.) on the computers in one department. How would you do that?
29 RESPONSES TO “54
SCREENING QUESTIONS FOR WINDOWS ADMIN”
Que.:
What is Active Directory?
Ans.
Active Directory is a Meta Data. Active Directory is a data base which stores a
data base like your user information, computer information and also other
network object info. It has capabilities to manage and administer the complete
Network which connect with AD.
Que.:
What is the Global Catalog?
Ans.:
Global Catalog is a server which maintains the information about multiple
domains with trust relationship agreement.
Que:
What is Active Directory?
Ans: Active Directory service is an extensible and scalable directory service that enables you to manage network resources efficiently.
Ans: Active Directory service is an extensible and scalable directory service that enables you to manage network resources efficiently.
Q01:
What is Active Directory?
Ans: Active Directory is directory service that stores information about objects on a network and makes this information available to users and network administrators.
Active Directory gives network users access to permitted resources anywhere on the network using a single logon process.
It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration
3for all network objects.
Ans: Active Directory is directory service that stores information about objects on a network and makes this information available to users and network administrators.
Active Directory gives network users access to permitted resources anywhere on the network using a single logon process.
It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration
3for all network objects.
Q;
What is active directory?
Ans:
active directory is a domain controller which is use to authenticate and administrate
the group of computer, user, server etc. remotely. All the policies and
security will be applicable on the client machine which one is join the domain.
And all this policies and security is defined in active directory.
Q2:
What is LDAP?
Ans2: LDAP (light weight directory access protocol) is an internet protocol which Email and other services is used to look up information from the server.
Ans2: LDAP (light weight directory access protocol) is an internet protocol which Email and other services is used to look up information from the server.
Q 18:
What is KCC?
Ans 18: KCC (knowledge consistency checker) is used to generate replication topology for inter site replication and for intrasite replication. With in site replication traffic are done via remote procedure calls over ip, while between sites it is done through either RPC or SMTP.
Ans 18: KCC (knowledge consistency checker) is used to generate replication topology for inter site replication and for intrasite replication. With in site replication traffic are done via remote procedure calls over ip, while between sites it is done through either RPC or SMTP.
Q 10:
What is Global Catalog Server?
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
Q;
What is active directory?
Active directory is a domain controller which is use to authenticate and administrate the group of computer, user, server etc. remotely. All the policies and security will be applicable on the client machine which one is join the domain. And all this policies and security is defined in active directory.
Active directory is a domain controller which is use to authenticate and administrate the group of computer, user, server etc. remotely. All the policies and security will be applicable on the client machine which one is join the domain. And all this policies and security is defined in active directory.
Q 4:
Where is the AD database held? What other folders are related to AD?
A 4:
The AD data base is store in NTDS.DIT file
Q 5:
What is the SYSVOL folder?
A 5; The sysVOL folder stores the server’s copy of the domain’s public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain.
A 5; The sysVOL folder stores the server’s copy of the domain’s public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain.
Q 19:
What is the ISTG? Who has that role by default?
A 19:
Windows 2000 Domain controllers each create Active Directory Replication
connection objects representing inbound replication from intra-site replication
partners. For inter-site replication, one domain controller per site has the
responsibility of evaluating the inter-site replication topology and creating
Active Directory Replication Connection objects for appropriate bridgehead
servers within its site. The domain controller in each site that owns this role
is referred to as the Inter-Site Topology Generator (ISTG).
Q: 15
What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is
REPADMIN?
A 15: LDP: Label Distribution Protocol (LDP) is often used to establish MPLS LSPs when traffic engineering is not required. It establishes LSPs that follow the existing IP routing, and is particularly well suited for establishing a full mesh of LSPs between all of the routers on the network.
A 15: LDP: Label Distribution Protocol (LDP) is often used to establish MPLS LSPs when traffic engineering is not required. It establishes LSPs that follow the existing IP routing, and is particularly well suited for establishing a full mesh of LSPs between all of the routers on the network.
Replmon: Replmon displays information about Active Directory Replication.
ADSIEDIT: ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool: ADSIEDIT.DLL
ADSIEDIT.MSCNETDOM: NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels.
REPADMIN:
This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers. Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. In addition, Repadmin can be used to manually create the replication topology (although in normal practice this should not be necessary), to force replication events between domain controllers, and to view both the replication metadata and up-to-datedness vectors.
This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers. Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. In addition, Repadmin can be used to manually create the replication topology (although in normal practice this should not be necessary), to force replication events between domain controllers, and to view both the replication metadata and up-to-datedness vectors.
Q 36: How
to take the backup of AD?
A 36 : for taking backup of active directory you have to do this :
first go to START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUP
when the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the system including AD backup , DNS ETC.
A 36 : for taking backup of active directory you have to do this :
first go to START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUP
when the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the system including AD backup , DNS ETC.
Q 37:
how to restore the AD?
A 37: For this do the same as above in the question 36 but in place of backup you select the restore option and restore the system state.
A 37: For this do the same as above in the question 36 but in place of backup you select the restore option and restore the system state.
Q 19:
What is the ISTG? Who has that role by default?
A 19: Inter-Site Topology Generator (istg) is responsible for managing the inbound replication connection objects for all bridgehead servers in the site in which it is located. This domain controller is known as the Inter-Site Topology Generator (ISTG). The domain controller holding this role may not necessarily also is a bridgehead server.
A 19: Inter-Site Topology Generator (istg) is responsible for managing the inbound replication connection objects for all bridgehead servers in the site in which it is located. This domain controller is known as the Inter-Site Topology Generator (ISTG). The domain controller holding this role may not necessarily also is a bridgehead server.
Q 29:
What are the DS* commands A 29: You really are spoilt for choice when it
comes to scripting tools for creating Active Directory objects. In
addition to CSVDE, LDIFDE and VBScript, we now have the following DS commands:
the da family built in utility DSmod
- modify Active Directory attributesDSrm - to delete Active Directory
objectsDSmove - to relocate objectsDSadd
- create new accountsDSquery - to find
objects that match your query attributesDSget - list the
properties of an object
Q 30
:What’s the difference between LDIFDE and CSVDE? Usage considerations?
A 30 : CSVDE is a command that can be used to import and export objects to and from the AD into a CSV-formatted file. A CSV (Comma Separated Value) file is a file easily readable in Excel. I will not go to length into this powerful command, but I will show you some basic samples of how to import a large number of users into your AD. Of course, as with the DSADD command, CSVDE can do more than just import users. Consult your help file for more info.
Like CSVDE, LDIFDE is a command that can be used to import and export objects to and from the AD into a LDIF-formatted file. A LDIF (LDAP Data Interchange Format) file is a file easily readable in any text editor, however it is not readable in programs like Excel. The major difference between CSVDE and LDIFDE (besides the file format) is the fact that LDIFDE can be used to edit and delete existing AD objects (not just users), while CSVDE can only import and export objects.
A 30 : CSVDE is a command that can be used to import and export objects to and from the AD into a CSV-formatted file. A CSV (Comma Separated Value) file is a file easily readable in Excel. I will not go to length into this powerful command, but I will show you some basic samples of how to import a large number of users into your AD. Of course, as with the DSADD command, CSVDE can do more than just import users. Consult your help file for more info.
Like CSVDE, LDIFDE is a command that can be used to import and export objects to and from the AD into a LDIF-formatted file. A LDIF (LDAP Data Interchange Format) file is a file easily readable in any text editor, however it is not readable in programs like Excel. The major difference between CSVDE and LDIFDE (besides the file format) is the fact that LDIFDE can be used to edit and delete existing AD objects (not just users), while CSVDE can only import and export objects.
Q 25 :
What is tombstone lifetime attribute?
A 25 :
The number of days before a deleted object is removed from the directory
services. This assists in removing objects from replicated servers and
preventing restores from reintroducing a deleted object. This value is in the
Directory Service object in the configuration NIC.
You
want to standardize the desktop environments (wallpaper, My Documents, Start
menu, printers etc.) on the computers in one department. How would you do that?
How it is possibal
(20)What are the requirements for installing
AD on a new server?
Ans:1)The Domain structure2)The Domain Name3)storage location of the database and log file4)Location of the shared system volume folder5)DNS config Methode6)DNS configuration
Ans:1)The Domain structure2)The Domain Name3)storage location of the database and log file4)Location of the shared system volume folder5)DNS config Methode6)DNS configuration
7.
What are application partitions? When do I use them.
Ans:
AN application diretcory partition is a directory partition that is replicated
only to specific domain controller.Only domain controller running windows
Server 2003 can host a replica of application directory partition.
Using
an application directory partition provides redundany,availabiltiy or fault
tolerance by replicating data to specific domain controller pr any set of
domain controllers anywhere in the forest
Q:You
want to standardize the desktop environments (wallpaper, My Documents, Start
menu, printers etc.) on the computers in one department. How would you do that?
How it is possibal.
Ans:Login
on client as Domain Admin user change whatever you need add printers etc go to
system-User profiles copy this user profile to any location by select Everyone
in permitted to use after copy change ntuser.dat to ntuser.man and assgin this
path under user profile
Q. 8.
How do you create a new application partition
ANS:Use
the DnsCmd command to create an application directory partition. To do this,
use the following syntax:
DnsCmd ServerName /CreateDirectoryPartition FQDN of partition
DnsCmd ServerName /CreateDirectoryPartition FQDN of partition
Global
catalog provides a central repository of domain information for the forest by
storing partial replicas of all domain directory partitions. These partial
replicas are distributed by multimaster replication to all global catalog
servers in a forest.
Its also used in universal global membership.
Its also used in universal global membership.
How do
you view all the GCs in the forest?
Ans: C:\>repadmin
/showreps <domain_controller>
where domain_controller is the DC you want to query to determine whether it’s a GC. The output will include the text DSA Options: IS_GC if the DC is a GC. . . .
where domain_controller is the DC you want to query to determine whether it’s a GC. The output will include the text DSA Options: IS_GC if the DC is a GC. . . .
Trying
to look at the Schema, how can I do that
Ans: type
“adsiedit.msc” in run or command prompt
Q. Can
you connect Active Directory to other 3rd-party Directory Services? Name a few
options.
Ans.
Yes, you can use dirXML or LDAP to connect to other directories In Novell you
can use E-directory
PAGE FILE AND VIRTUAL MEMORY
Page File Is Storage Space For The
Virtual Memory, Page File Uses Hard Disk Space As a Memory To Provide Memory
Allocation..
DIFFERENCE BETWEEN DNS IN WINDOWS2000
& WINDOWS2003
We can rename or moved the domain name without rebulding in windows 2003 server,but in windows 2000 server, we can't do that.
Shadow copy feature available in windows2003 server but not in windows2000 server.A new tools to recover files.
There are 220 new group polices are added in windows2003 server over windows2000 server.
In windows2000 server support maximum 10 users access shared folders at a time through network, but windows2003 server no limitation.
Windows 2003 server includes IIS in it.
1.
Describe
how the DHCP lease is obtained.
It’s a four-step process consisting of (a) IP request, (b) IP offer, © IP selection and (d) acknowledgement.
It’s a four-step process consisting of (a) IP request, (b) IP offer, © IP selection and (d) acknowledgement.
2.
I
can’t seem to access the Internet, don’t have any access to the corporate
network and on ipconfig my address is 169.254.*.*. What happened?
The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).
The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).
3.
We’ve
installed a new Windows-based DHCP server, however, the users do not seem to be
getting DHCP leases off of it. The
server must be authorized first with the Active Directory.
4.
How
can you force the client to give up the dhcp lease if you have access to the
client PC?
ipconfig /release
ipconfig /release
5.
What
authentication options do Windows 2000 Servers have for remote clients?
PAP, SPAP, CHAP, MS-CHAP and EAP.
PAP, SPAP, CHAP, MS-CHAP and EAP.
6.
What
are the networking protocol options for the Windows clients if for some reason
you do not want to use TCP/IP? NWLink
(Novell), NetBEUI, AppleTalk (Apple).
7.
What
is data link layer in the OSI reference model responsible for? Data link layer
is located above the physical layer, but below the network layer.
Taking raw data bits and packaging them into frames. The network layer will be responsible for addressing the frames, while the physical layer is reponsible for retrieving and sending raw data bits.
Taking raw data bits and packaging them into frames. The network layer will be responsible for addressing the frames, while the physical layer is reponsible for retrieving and sending raw data bits.
8.
What
is binding order?
The order by which the network protocols are used for client-server communications. The most frequently used protocols should be at the top.
The order by which the network protocols are used for client-server communications. The most frequently used protocols should be at the top.
9.
How
do cryptography-based keys ensure the validity of data transferred across the
network?
Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends, the data was modified or corrupted.
Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends, the data was modified or corrupted.
10.
Should
we deploy IPSEC-based security or certificate-based security?
They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of the packets. Certificate-based security ensures the validity of authenticated clients and servers.
They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of the packets. Certificate-based security ensures the validity of authenticated clients and servers.
11.
What
is LMHOSTS file?
It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.
It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.
12.
What’s
the difference between forward lookup and reverse lookup in DNS?
Forward lookup is name-to-address, the reverse lookup is address-to-name.
Forward lookup is name-to-address, the reverse lookup is address-to-name.
13.
How
can you recover a file encrypted using EFS?
Use the domain recovery agent.
Use the domain recovery agent.
1.
How
do you double-boot a Win 2003 server box? The Boot.ini file is set as
read-only, system, and hidden to prevent unwanted editing. To change the
Boot.ini timeout and default settings, use the System
option in Control Panel from the Advanced tab and select Startup.
2.
What
do you do if earlier application doesn’t run on Windows Server 2003? When an
application that ran on an earlier legacy version of Windows cannot be loaded
during the setup function or if it later malfunctions, you must run the
compatibility mode function. This is accomplished by right-clicking the
application or setup program and selecting Properties –> Compatibility –>
selecting the previously supported operating system.
3.
If
you uninstall Windows Server 2003, which operating systems can you revert to? Win ME, Win 98, 2000, XP. Note,
however, that you cannot upgrade from ME and 98 to Windows Server 2003.
4.
How
do you get to Internet Firewall settings? Start –> Control Panel –>
Network and Internet Connections –> Network Connections.
5.
What
are the Windows Server 2003 keyboard shortcuts? Winkey opens or closes the Start
menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB
moves the focus to the next application in the taskbar. Winkey + SHIFT + TAB
moves the focus to the previous application in the taskbar. Winkey + B moves
the focus to the notification area. Winkey + D shows the desktop. Winkey + E
opens Windows Explorer showing My Computer. Winkey + F opens the Search panel.
Winkey + CTRL + F opens the Search panel with Search for Computers module
selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M
undoes minimization. Winkey + R opens Run dialog. Winkey + U opens the Utility
Manager. Winkey + L locks the computer.
6.
What
is Active Directory?
Active Directory is a network-based object store and service that locates and
manages resources, and makes these resources available to authorized users and
groups. An underlying principle of the Active Directory is that everything is
considered an object—people, servers, workstations, printers, documents, and
devices. Each object has certain attributes and its own security access control
list (ACL).
7.
Where
are the Windows NT Primary Domain Controller (PDC) and its Backup Domain
Controller (BDC) in Server 2003?
The Active Directory replaces them. Now all domain controllers share a
multimaster peer-to-peer read and write relationship that hosts copies of the
Active Directory.
8.
How
long does it take for security changes to be replicated among the domain
controllers?
Security-related modifications are replicated within a site immediately. These
changes include account and individual user lockout policies, changes to
password policies, changes to computer account passwords, and modifications to
the Local Security Authority (LSA).
9.
What’s
new in Windows Server 2003 regarding the DNS management? When DC promotion occurs with an
existing forest, the Active Directory Installation Wizard contacts an existing
DC to update the directory and replicate from the DC the required portions of
the directory. If the wizard fails to locate a DC, it performs debugging and
reports what caused the failure and how to fix the problem. In order to be
located on a network, every DC must register in DNS DC
locator DNS records. The Active Directory Installation Wizard verifies a proper
configuration of the DNS infrastructure. All DNS configuration debugging and
reporting activity is done with the Active Directory Installation Wizard.
10.
When
should you create a forest?
Organizations that operate on radically different bases may require separate
trees with distinct namespaces. Unique trade or brand names often give rise to
separate DNS identities. Organizations merge or are acquired and naming
continuity is desired. Organizations form partnerships and joint ventures.
While access to common resources is desired, a separately defined tree can
enforce more direct administrative and security restrictions.
11.
How
can you authenticate between forests? Four types of authentication are used across forests: (1)
Kerberos and NTLM network logon for remote access to a server in another
forest; (2) Kerberos and NTLM interactive logon for physical logon outside the
user’s home forest; (3) Kerberos delegation to N-tier application in another
forest; and (4) user principal name (UPN) credentials
12.
What
snap-in administrative tools are available for Active Directory? Active Directory Domains and Trusts
Manager, Active Directory Sites and Services Manager, Active Directory Users
and Group Manager, Active Directory Replication (optional, available from the
Resource Kit), Active Directory Schema Manager (optional, available from
adminpak)
13.
What
types of classes exist in Windows Server 2003 Active Directory?
1.
Structural
class. The
structural class is important to the system administrator in that it is the
only type from which new Active Directory objects are created. Structural
classes are developed from either the modification of an existing structural
type or the use of one or more abstract classes.
2.
Abstract
class. Abstract
classes are so named because they take the form of templates that actually
create other templates (abstracts) and structural and auxiliary classes. Think
of abstract classes as frameworks for the defining objects.
3.
Auxiliary
class. The
auxiliary class is a list of attributes. Rather than apply numerous attributes
when creating a structural class, it provides a streamlined alternative by
applying a combination of attributes with a single include action.
4.
88
class. The 88
class includes object classes defined prior to 1993, when the 1988 X.500
specification was adopted. This type does not use the structural, abstract, and
auxiliary definitions, nor is it in common use for the development of objects
in Windows Server 2003 environments.
14.
How
do you delete a lingering object?
Windows Server 2003 provides a command called Repadmin that provides the
ability to delete lingering objects in the Active Directory.
15.
What
is Global Catalog?
The Global Catalog authenticates network user logons and fields inquiries about
objects across a forest or tree. Every domain has at least one GC that is
hosted on a domain controller. In Windows 2000, there was typically one GC on
every site in order to prevent user logon failures across the network.
16.
How
is user account security established in Windows Server 2003? When an account is created, it is
given a unique access number known as a security identifier (SID). Every group
to which the user belongs has an associated SID. The user and related group
SIDs together form the user account’s security token, which determines access
levels to objects throughout the system and network. SIDs from the security
token are mapped to the access control list (ACL) of any object the user
attempts to access.
17.
If
I delete a user and then create a new account with the same username and
password, would the SID and permissions stay the same? No. If you delete a user account and
attempt to recreate it with the same user name and password, the SID will be
different.
18.
What
do you do with secure sign-ons in an organization with many roaming users? Credential Management feature of
Windows Server 2003 provides a consistent single sign-on experience for users.
This can be useful for roaming users who move between computer systems. The
Credential Management feature provides a secure store of user credentials that
includes passwords and X.509 certificates.
19.
Anything
special you should do when adding a user that has a Mac? “Save password as encrypted clear
text” must be selected on User Properties Account Tab Options, since the Macs
only store their passwords that way.
20.
What
remote access options does Windows Server 2003 support? Dial-in, VPN, dial-in with callback.
21.
Where
are the documents and settings for the roaming profile stored? All the documents and environmental settings
for the roaming user are stored locally on the system, and, when the user logs
off, all changes to the locally stored profile are copied to the shared server
folder. Therefore, the first time a roaming user logs on to a new system the
logon process may take some time, depending on how large his profile folder is.
22.
Where
are the settings for all the users stored on a given machine? \Document and Settings\All Users
23.
What
languages can you use for log-on scripts? JavaScipt, VBScript, DOS batch files
(.com, .bat, or even .exe)
24.
What’s
the difference between local, global and universal groups? Domain local groups assign access
permissions to global domain groups for local domain resources. Global groups
provide access to resources in other trusted domains. Universal groups grant
access to resources in all trusted domains.
25.
I
am trying to create a new universal user group. Why can’t I? Universal groups are allowed only in
native-mode Windows Server 2003 environments. Native mode requires that all
domain controllers be promoted to Windows Server 2003 Active Directory.
26.
What
is LSDOU? It’s
group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.
27.
Why
doesn’t LSDOU work under Windows NT? If the NTConfig.pol file
exist, it has the highest priority among the numerous policies.
28.
Where
are group policies stored?
%SystemRoot%System32\GroupPolicy
29.
What
is GPT and GPC?
Group policy template and group policy container.
30.
Where
is GPT stored?
%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID
31.
You
change the group policies, and now the computer and user settings are in
conflict. Which one has the highest priority? The computer settings take priority.
32.
You
want to set up remote installation procedure, but do not want the user to gain
access over it. What do you do?
gponame–> User Configuration–> Windows Settings–> Remote Installation
Services–> Choice Options is your friend.
33.
What’s
contained in administrative template conf.adm? Microsoft NetMeeting policies
34.
How
can you restrict running certain applications on a machine? Via group policy, security settings
for the group, then Software Restriction Policies.
35.
You
need to automatically install an app, but MSI file is not available. What do
you do? A .zap text file can be used to add applications using the
Software Installer, rather than the Windows Installer.
36.
What’s
the difference between Software Installer and Windows Installer? The former has fewer privileges and
will probably require user intervention. Plus, it uses .zap files.
37.
What
can be restricted on Windows Server 2003 that wasn’t there in previous
products? Group
Policy in Windows Server 2003 determines a users right to modify network and
dial-up TCP/IP properties. Users may be selectively restricted from modifying
their IP address and other network configuration parameters.
38.
How
frequently is the client policy refreshed? 90 minutes give or take.
39.
Where
is secedit? It’s now gpupdate.
40.
You
want to create a new group policy but do not wish to inherit. Make sure you check Block inheritance
among the options when creating the policy.
41.
What
is “tattooing” the Registry?
The user can view and modify user preferences that are not stored in maintained
portions of the Registry. If the group policy is removed or changed, the user
preference will persist in the Registry.
42.
How
do you fight tattooing in NT/2000 installations? You can’t.
43.
How
do you fight tattooing in 2003 installations? User Configuration - Administrative
Templates - System - Group Policy - enable - Enforce Show Policies Only.
WHAT IS THE DIFFERENCE BETWEEN X86 AND
I386 COMPUTER
X86 Is A Hardware Architecture Used By
Intel Based CPU's While I386 Is The File Folder Resides In Windows Installation
CD, Contains All The Necessary Windows Installation Files.
x86 refers to a popular set of
instructions most commonly used in processors from Intel, AMD, VIA, and others. It
usually implies a binary compatibility with the 32-bit instruction set of the
80386 (a.k.a. i386).
i386 (as eluded to above) is the common name for the Intel386 (or 80386) based PCs. It is sometimes emphasized as x86-32 (for 32-bit) and x86-64 (also called x64 - for 64-bit).
i386 (as eluded to above) is the common name for the Intel386 (or 80386) based PCs. It is sometimes emphasized as x86-32 (for 32-bit) and x86-64 (also called x64 - for 64-bit).
INTERRUPT "TRAP" WHAT IS
THIS TRAP?
There are two hinderances to a
process. Interrupt and trap.
Interrupt is when the process needs some I/O services whereas trap occurs due to some fault or exception in the code.
Interrupt is when the process needs some I/O services whereas trap occurs due to some fault or exception in the code.
How does multithreading take place on
a computer with a single CPU
The operating system's task scheduler
allocates execution time to multiple tasks. Byquickly switching between
executing tasks, it creates the impression that tasks executesequentially.
By quickly switching among executing
tasks, it creates the impression that the tasks execute simultaneously.
If it didn't switch among the tasks, they would execute sequentially.
multi-threading has two forms, theory
and reality. In theory, multi-threading is suppose to be the same as
"multi-tasking" which means do two different task at the same time.
Not possible on a single CPU unless you consider GPU and ALU which generally we
do not (consider them). In reality, multi-threading does more than create an
illusion, it allows computers to shut down a program in infinite loop by
creating another thread so CPU executes one iteration of the loop, switch to
the kill thread and terminates the loop. Multi-tasking was suppose to do that
but not as well handled.
Hyperthreading processors have more than one execution units but only
one processor core, thats how multiple tasks are performed simultaneously
what is the difference between
blocking and waiting state of process ?
I think blocking state of a process is
that state when it reaches to that state cannot be regained, but in case of
wating state it can go in blocked state or go in running state again. Overall
blocked state will be starvation state of a process.
A "waiting" process has been
loaded into main memory and is waiting execution on a CPU.
When a process is "blocked" on a resource (such as a file, a semaphore or a device), it will be removed from the CPU (as a blocked process cannot continue execution) and will be in the blocked state.
When a process is "blocked" on a resource (such as a file, a semaphore or a device), it will be removed from the CPU (as a blocked process cannot continue execution) and will be in the blocked state.
A blocking state is the state in which
the process is waiting for some operation to get completed.It can be an I/O
operaion,or some Inter-Process-communication. The process can not execute
furthur without these signals.
A waiting state is the state in which the process is ready to run but the processor is not idle.
When the operation on the blocked process complete, it will move in to the waiting state.
A waiting state is the state in which the process is ready to run but the processor is not idle.
When the operation on the blocked process complete, it will move in to the waiting state.
A process is said to be in waiting state when it
is queuing in the main memory for its turn to be executed. Whereas, the process
enters a blocked state
in case of any interrupt or due to unavailability of resources. If it is
no more in execution for a long time , it is swapped out of main memory
and called back when the requested resource is available.
Important point: A process cannot enter running state from blocked state. The process first has to go to the waiting state and then to running state.
I hope that answers the question.
Important point: A process cannot enter running state from blocked state. The process first has to go to the waiting state and then to running state.
I hope that answers the question.
WHAT
IS SUPERSCOP?
A superscope is an administrative
feature of DHCP servers running Windows Server 2003 that you can create
and manage through the DHCP console. Using a superscope, you can group multiple
scopes as a single administrative entity. With this feature, a DHCP server can:
Support DHCP clients on a single
physical network segment (such as a single Ethernet LAN segment) where
multiple logical IP networks are used. When more than one logical IP network is
used on each physical subnet or network, such configurations are often called multinets.
Support remote DHCP clients located on
the far side of DHCP and BOOTP relay agents (where the network on the far side
of the relay agent uses multinets).