Ok kids, I have sponged enough info from all of you, now it's time to give back to the needy. Here is what I remember from the NT Server 4.0 in the Enterprise exam 70-68. Before I start, I want to say that I REALLY hate how Microsoft says Chose the Best Answer. 'Best' is often a matter of opinion but anyhow that's my gripe. ==================================================== Here we go... Nitty Gritty 51 Questions, 90minutes, 784 to pass (approx 20points per question) * Know Trusts inside out (if you don't you fail - simple as that) * Know domain models inside out (single, single master, multi-master, full trusts) * Scenario: You want to give ONLY the sales group remote access (mandatory) and require data encryption AND password encryption. Proposed Solution: Configure only sales to have remote access thru usrmgr, allow any authentication method, require passwords to be changed every 40 days. * Same scenario as above. Proposed Solution. Configure only sales to have access thru usmgr, require encrypted authentication, require passwords to be changed every 40 days, implement hardware based security between the modems and the server * Scenario. You have 2 identical printer devices pooled. Accounting is always hogging the printer with 500 page docs that require alot of processing. You want Managers to always print first and have both printers in the pool available to them. You want Sales to also print to both printers but their jobs come after Managers. You want Accounting to print last and only to one of the printers. Proposed Solution: Configure a printer pool. Assign the Managers highest priority, followed by Sales, followed by Accoutants. Config Managers/Sales to print to both printers, Accountants to only 1. Allow Sales/Mangers to print after the first page is spooled, Accountants only print after last page is spooled. * Same Scenario as above, similar solution. Only major difference was that system was setup so Accounting group would print in off-peak hours. * You're the admin of master domain and u want to create a global group that has right to backup all DC (mandatory) and member server/Workstations (optional). Proposed Solution: Create a global group called PrintGlobal in master, put them into backup ops in resource domain. (This does not fulfill the Optional) * Same Scenario as above: Proposed Solution was different. Create a global group called BackUpGlobal in Master, create BackUpLocal in each resource domain. Assign BackUpGlobal to BackUpLocal, assign BackUpLocal backup/restore rights. Also, put BackUpGlobal groups in all member server/workstations local backup groups. * Your designing several server roles. You have 5000 users accessing a SQL server. How would you config this server? (Here you have a graphic with four options...) 1.??? 2. Balanced 3. Maximize Throughput for File sharing 4. Maximize Throughput for Network access * You have configed a server/printer with the DLC protocol, after you reboot, you can't print why? Something about someone connected to the printer with a continuous connection * You have a custom apps designed for use on NT workstations. How do you create a .pol file so your users can access them? -cut/paste from existing registry -create a template -??? -???? (can't remember this one too well) * Know that trusts are not transitory. ie: A trusts B and B trusts C does NOT mean A trusts C. * Had a couple question where it would show a graphic with multiple domains. It would list the requirements (centralized accounts, what the WAN speed is between them, where the DHCP/WINS server is, etc) then u had to choose the answer that matched the question. Pretty simple as long as you read each paragraph. * Lots of these questions made you decide what is the greatest single imprvement u could do, ie place a BDC on either side of a slow link to eliminate Netlogon traffic over the WAN or would that cause too much synchronization traffic. * Make sure you know the nuances of the Replication Governor, and the pulseconcurrency, pulse, pulsemaximum stuff. * Had one where Mary was a member of the Sales group and the SalesManagers group. She wanted access to the a file in a trusted domain but when she tried to get to it she was denied. They present you with a graphic showing what groups had what permissions to the files. Basically you had to point out that her No Access permission from her membership in the Sales group was overiding her Read permission in the SalesManager group. * Know you Share permissions and your NTFS permissions and how they interact. (Dig out that NT4.0 Core manual!) * You create a .pol file for everyone to use, where to you put it? ---users home dir ---Netlogon share ---member server ---etc * How do you designate a pol file as being mandatory? (gift) * How do you simplify the creation of home directories (%username%) * Know the duifference between dumpcheck and dumpexam. I had a question on dumpcheck. * How do you configure the location of a memory dump file? * Scenario where Finance wanted their staff to print cheques but only they had power of them. Not even Administrator should be able to fool around with the print jobs and only the person who created the job should have control. Typical globalgroup/local group thing but local group had to have very specific rights. Had something to do with ownership of files. * You run Performance Monitor to check a drive that is thrashing but when you check the log all counters are at zero. Why? Didn't turn on Diskperf -y * You want to monitor usage on a multi-processor system, what counter should you turn on. I think it was System: %_Total Processor * Make sure you know the difference and when to use rdisk, the Emergency Repair Disk, and the Setup Disks. ie: Know what files they each can replace in case of a system drive crash. * You boot up the system and the following message appears. "Could not find \Winnt\ntoskernel." How do you repair this. Copy file from tape back up Reboot from the setup disks Use the Emergency Repair Disks * Absolutely nothing on the Registry! * You are using Network Monitor to monitor network usage of a TCP/IP network on an NT Workstation. How can you filter only those packets initiated by the workstation? (or something to that effect) The answer was something about filtering by computer address. * You are hosting web pages for 5 different companies on your IIS server. These 5 companies have 5 different DNS names register to your server. How do you configure IIS to handle it? - bind 5 IP's to the NIC - map 5 web folders to the IP's - ??? - ??? Having not taken IIS I had no clue but they wanted 2 answers so I illiminated the 2 I thought were totally wrong. * There were a few questions on domain planning Investigate how you would plan for a large company that spanned 5+ major cities, where everyone needed access to all domains. * You two sites, London and Mexico City as one domain. Mexico city had the PDC, DHCP, & WINS servers. London had only workstations. London is complaining of slow logons and wickedly slow address and name resolutions (no kidding!) How do you make London as effecient as Mexico City? * You have one domain spanning 5 cities with 56K links between them all. How do you fix it so that there is a happy medium. * You are migrating Netware accounts to your NT domain but of course many of the Netware users have multiple user accounts. How do you deal with all these duplicate accounts? - Migrate them all and go back and delete all the duplicates one by one. - Chose OPTIONS , OVERWRITE Duplicate accounts. - Chose which accounts to migrate one by one with User Manager - ??? * You want to migrate, Netware users, computers, files, and permissions to NT. What must be in place. - NWLink ipx/spx - TCP/IP - System must be FAT - System must be NTFS * You have 6 hard drives. The first is your system drive. The other five are part of a fault tolerance implementation of disk stripping with parity. In a real fluke of bad luck you lose the first two drives of your disk stripe. How do you recover? * You have mirror the system partition. More bad luck strikes and the first drive of the mirror dies. How do you recover? * What do you do if you don't have an emergency repair disk. And of course the machine has crashed. * What do you do if you don't have the three installation boot disks. And of course the machine has crashed. * You want to optimize read/write performance. Which should you implement? - disk mirroring - disk duplexing - disk striping with parity * Study how the guest account affects users in domains and trust relationships. ( I don't think I knew enough about this, came up a couple of times) * You are installing NT as a BDC in the CORP domain, when you get the message "Could not locate Primary Domain Controller for CORP domain." What do you do? - Continue with install then physically connect the computer to the domain and join. * Know that you cannot promote a member server to BDC or PDC and vise versa. * Know that a DC cannot change domains without re-installation. * Know AGLP - Accounts are put into Global groups Global groups are put into Local groups Local groups are assigned Permissions. * Remember that Local Groups can contain Local Users, Global groups from the local and trusted domains, and Users from trusted domains. * Where do you store a users profile if you want it to be roaming? * How do you recover from losing the system partition? * You have 4 servers, 60 users, you want centralized administration of accounts and resources. Which domain model are we talking about here? =========================================================== Well, that's about all I can really remember. If you have the brain power, I strongly suggest studying 70-67 and 70-68 at the same time and writting both the same day. I wrote them 2 weeks apart and assumed I still had 70-67 fresh in my head when actually I had to dig and think about stuff I wrote only 2 weeks ago. I really don't know why Microsoft dips into all the others exams but it irks me to no end. You focus so hard on one subject matter and they throw in something like that damn IIS question (which by the way is NOT covered in the MOC! which kinda shoots my theory of "All answers are in the book"). Well Exchange server is next. Any brain dumps on that would be greatly appreciated. Or if anyone has a transcender practice exam to trade me?? Regards and good luck to those who are studying 70-68 and to those who aren't, I hope to god you didn't read down this far for nothing!! Ok kids, I have sponged enough info from all of you, now it's time to give back to the needy. Here is what I remember from the NT Server 4.0 in the Enterprise exam 70-68. Before I start, I want to say that I REALLY hate how Microsoft says Chose the Best Answer. 'Best' is often a matter of opinion but anyhow that's my gripe. ==================================================== Here we go... Nitty Gritty 51 Questions, 90minutes, 784 to pass (approx 20points per question) * Know Trusts inside out (if you don't you fail - simple as that) * Know domain models inside out (single, single master, multi-master, full trusts) * Scenario: You want to give ONLY the sales group remote access (mandatory) and require data encryption AND password encryption. Proposed Solution: Configure only sales to have remote access thru usrmgr, allow any authentication method, require passwords to be changed every 40 days. * Same scenario as above. Proposed Solution. Configure only sales to have access thru usmgr, require encrypted authentication, require passwords to be changed every 40 days, implement hardware based security between the modems and the server * Scenario. You have 2 identical printer devices pooled. Accounting is always hogging the printer with 500 page docs that require alot of processing. You want Managers to always print first and have both printers in the pool available to them. You want Sales to also print to both printers but their jobs come after Managers. You want Accounting to print last and only to one of the printers. Proposed Solution: Configure a printer pool. Assign the Managers highest priority, followed by Sales, followed by Accoutants. Config Managers/Sales to print to both printers, Accountants to only 1. Allow Sales/Mangers to print after the first page is spooled, Accountants only print after last page is spooled. * Same Scenario as above, similar solution. Only major difference was that system was setup so Accounting group would print in off-peak hours. * You're the admin of master domain and u want to create a global group that has right to backup all DC (mandatory) and member server/Workstations (optional). Proposed Solution: Create a global group called PrintGlobal in master, put them into backup ops in resource domain. (This does not fulfill the Optional) * Same Scenario as above: Proposed Solution was different. Create a global group called BackUpGlobal in Master, create BackUpLocal in each resource domain. Assign BackUpGlobal to BackUpLocal, assign BackUpLocal backup/restore rights. Also, put BackUpGlobal groups in all member server/workstations local backup groups. * Your designing several server roles. You have 5000 users accessing a SQL server. How would you config this server? (Here you have a graphic with four options...) 1.??? 2. Balanced 3. Maximize Throughput for File sharing 4. Maximize Throughput for Network access * You have configed a server/printer with the DLC protocol, after you reboot, you can't print why? Something about someone connected to the printer with a continuous connection * You have a custom apps designed for use on NT workstations. How do you create a .pol file so your users can access them? -cut/paste from existing registry -create a template -??? -???? (can't remember this one too well) * Know that trusts are not transitory. ie: A trusts B and B trusts C does NOT mean A trusts C. * Had a couple question where it would show a graphic with multiple domains. It would list the requirements (centralized accounts, what the WAN speed is between them, where the DHCP/WINS server is, etc) then u had to choose the answer that matched the question. Pretty simple as long as you read each paragraph. * Lots of these questions made you decide what is the greatest single imprvement u could do, ie place a BDC on either side of a slow link to eliminate Netlogon traffic over the WAN or would that cause too much synchronization traffic. * Make sure you know the nuances of the Replication Governor, and the pulseconcurrency, pulse, pulsemaximum stuff. * Had one where Mary was a member of the Sales group and the SalesManagers group. She wanted access to the a file in a trusted domain but when she tried to get to it she was denied. They present you with a graphic showing what groups had what permissions to the files. Basically you had to point out that her No Access permission from her membership in the Sales group was overiding her Read permission in the SalesManager group. * Know you Share permissions and your NTFS permissions and how they interact. (Dig out that NT4.0 Core manual!) * You create a .pol file for everyone to use, where to you put it? ---users home dir ---Netlogon share ---member server ---etc * How do you designate a pol file as being mandatory? (gift) * How do you simplify the creation of home directories (%username%) * Know the duifference between dumpcheck and dumpexam. I had a question on dumpcheck. * How do you configure the location of a memory dump file? * Scenario where Finance wanted their staff to print cheques but only they had power of them. Not even Administrator should be able to fool around with the print jobs and only the person who created the job should have control. Typical globalgroup/local group thing but local group had to have very specific rights. Had something to do with ownership of files. * You run Performance Monitor to check a drive that is thrashing but when you check the log all counters are at zero. Why? Didn't turn on Diskperf -y * You want to monitor usage on a multi-processor system, what counter should you turn on. I think it was System: %_Total Processor * Make sure you know the difference and when to use rdisk, the Emergency Repair Disk, and the Setup Disks. ie: Know what files they each can replace in case of a system drive crash. * You boot up the system and the following message appears. "Could not find \Winnt\ntoskernel." How do you repair this. Copy file from tape back up Reboot from the setup disks Use the Emergency Repair Disks * Absolutely nothing on the Registry! * You are using Network Monitor to monitor network usage of a TCP/IP network on an NT Workstation. How can you filter only those packets initiated by the workstation? (or something to that effect) The answer was something about filtering by computer address. * You are hosting web pages for 5 different companies on your IIS server. These 5 companies have 5 different DNS names register to your server. How do you configure IIS to handle it? - bind 5 IP's to the NIC - map 5 web folders to the IP's - ??? - ??? Having not taken IIS I had no clue but they wanted 2 answers so I illiminated the 2 I thought were totally wrong. * There were a few questions on domain planning Investigate how you would plan for a large company that spanned 5+ major cities, where everyone needed access to all domains. * You two sites, London and Mexico City as one domain. Mexico city had the PDC, DHCP, & WINS servers. London had only workstations. London is complaining of slow logons and wickedly slow address and name resolutions (no kidding!) How do you make London as effecient as Mexico City? * You have one domain spanning 5 cities with 56K links between them all. How do you fix it so that there is a happy medium. * You are migrating Netware accounts to your NT domain but of course many of the Netware users have multiple user accounts. How do you deal with all these duplicate accounts? - Migrate them all and go back and delete all the duplicates one by one. - Chose OPTIONS , OVERWRITE Duplicate accounts. - Chose which accounts to migrate one by one with User Manager - ??? * You want to migrate, Netware users, computers, files, and permissions to NT. What must be in place. - NWLink ipx/spx - TCP/IP - System must be FAT - System must be NTFS * You have 6 hard drives. The first is your system drive. The other five are part of a fault tolerance implementation of disk stripping with parity. In a real fluke of bad luck you lose the first two drives of your disk stripe. How do you recover? * You have mirror the system partition. More bad luck strikes and the first drive of the mirror dies. How do you recover? * What do you do if you don't have an emergency repair disk. And of course the machine has crashed. * What do you do if you don't have the three installation boot disks. And of course the machine has crashed. * You want to optimize read/write performance. Which should you implement? - disk mirroring - disk duplexing - disk striping with parity * Study how the guest account affects users in domains and trust relationships. ( I don't think I knew enough about this, came up a couple of times) * You are installing NT as a BDC in the CORP domain, when you get the message "Could not locate Primary Domain Controller for CORP domain." What do you do? - Continue with install then physically connect the computer to the domain and join. * Know that you cannot promote a member server to BDC or PDC and vise versa. * Know that a DC cannot change domains without re-installation. * Know AGLP - Accounts are put into Global groups Global groups are put into Local groups Local groups are assigned Permissions. * Remember that Local Groups can contain Local Users, Global groups from the local and trusted domains, and Users from trusted domains. * Where do you store a users profile if you want it to be roaming? * How do you recover from losing the system partition? * You have 4 servers, 60 users, you want centralized administration of accounts and resources. Which domain model are we talking about here? =========================================================== Well, that's about all I can really remember. If you have the brain power, I strongly suggest studying 70-67 and 70-68 at the same time and writting both the same day. I wrote them 2 weeks apart and assumed I still had 70-67 fresh in my head when actually I had to dig and think about stuff I wrote only 2 weeks ago. I really don't know why Microsoft dips into all the others exams but it irks me to no end. You focus so hard on one subject matter and they throw in something like that damn IIS question (which by the way is NOT covered in the MOC! which kinda shoots my theory of "All answers are in the book"). Well Exchange server is next. Any brain dumps on that would be greatly appreciated. Or if anyone has a transcender practice exam to trade me?? Regards and good luck to those who are studying 70-68 and to those who aren't, I hope to god you didn't read down this far for nothing!! Marc Thanks to this list and New Riders text passed 70-68 this morning with 941/1000, so here goes the Dump! Studied above resources exclusively , be sure to cover 70-67 topics such as Fault Tolerance, how to recover from disk failures, and how to recover from boot failures. I was prepared for the worst on domain trust questions and was not let down. At least 15-20 convoluted questions in this area , but all followed the same pattern!!! Very Important , know the Moft model and use it repeatedly Users in to Global Groups, Global Groups into Local Groups and permissions tied to Local Groups. I used the same technique on all non-trivial questions, i.e. Diagram Domain structure w/ proper trust relationships, look to disqualify as many answers as possible, ( Old SAT technique ), and then look for differances among remaining possibilities. This sounds time consuming, and everyone who posted about time management was right;however, after a couple of iterations the answers started to jump out and the questions all began to fit a pattern. 4 sets of questions involving 1 scenario with 2 questions. Remember that once you map these long ones out the second is almost free. All together this test was tough but not tricky, I didn't get the focused question on registry hacks and only 1 Netware question. A few RAS questions,and rights questions were all related to trusts. As I posted earlier TCP/IP is next and would like any input on differance between 70-53 (tcp/ip-3.51) and 70-59 (tcp/ip-4.0) as I cannot find text written specifically for 4.0 Thanks again, Keith NT 4.0 Enterprise Brain Dump: (This is typed up directly from my notes on the test) *Note There are no answers here, those went on the test. Printer pool configuration Primary: Management prints first. primary: Accounting only uses one printer. secondary: Optimized print time for accounting. secondary: Management and sales print before accounting.=20 There is a table of options that changes with each the test. Remote Access Primary: Only brokers get remote access. Primary: nobody else gets remote access. Secondary: Password encryption is used. Secondary: Data encryption is used. [2 questions] Backup all computers and workstations in a domain. Primary: Backup all domain controllers from the sales domain. Secondary: Backup all member servers too. Secondary: Backup all workstations as well. [2 questions] Domain planning Questions. There were a number of questions on Domains with trusts and how users should access resources using local and global groups. (I draw diagrams to figure these out, here they are) Sales -> Corporate Home Dirs sers East Domain -> Corporate <- West Domain Sales <- Support User Mary Printer Sales -> Corp (user Maria) Marketing Fldr Forecast file. Sales <- Support User Mary (GG) Printer (LG) Domain planning and optimization Diagram: Carakas -> Chicago <- Paris 56k ^ ^ ^ 56k | | | Seattle T1----- T1 -------T1 Atlanta Dallas Primary: Minimise logon validation traffic. Primary: Carakas and Paris need Chicago resources. Primary: Chicago Needs Carakas, Paris, Seattle, Dallas and Atlanta's resources. Secondary: Resource Administration is Decentralized. Secondary: User administration is centralized. Domain planning and optimization Diagram: London -> Mexico =09 Member server PDC, Wins, DHCP Primary: Increase Londons network performance. Secondary: Reduce wins traffic Secondary: Reduce DHCP Traffic. Secondary: Reduce replication traffic. Secondary: Reduce logon Validation traffic. Questions List:=20 These are brief descriptions of the questions that I encountered. Some are represented above, most were asked once. Printer pool Configuration. Ras Setup and configuration. DHCP Configuration. System Policy. Domain Models (quite a few). Fault Tolerance. Wins & DNS implementation. Network monitor filters. Performance Monitor & monitoring multiple processors. PDC Load reduction. Print Manager. Pausing & resuming service & restarting a document. RAS & Hardware based security hosts. Virtual servers and IP addressing with IIS. (only one but it threw me = off) System Policy. I know this is kinda sketchy, but you can see what I'm looking at on the = test. On the scenario questions I jot down the primary and secondary = goals cause they get scrolled off the page when looking at the proposed = solutions, and I check off the goals that are fulfilled as I go... I count em up and then answer the questions. On the domain model questions I plot out the domains, resources etc. This helps me visualize the question as I go so I do not have to re-read = it over to get it straight. Enjoy. Several people have asked for info on the NT Server 4.0 in the Enterprise exam, so I thought I'd post to the list.... The Sybex/Network Press book was good. I also read the New Riders NTW/NTS/NTSE book, which I used to prepare for NTS 4.0; most of the stuff you'll need for NTSE is in the NTS chapters.=20 I also got some good advice from David Kittos on this mailing list. Thank= s, David! Make sure you know fault tolerance: which RAID levels are supported by NT= , and what the different levels mean. Know how to recover from failures usi= ng the various types. Know the basics of PerfMon. Nothing too detailed on the test, but know wh= at the various counters indicate, especially those that have to do with memo= ry (that's a hint). The planning questions (domain models, when, where, and why to use them) are pretty easy if you have a good grounding in the basics whys and wherefores of the different models. There are quite a few questions about the care and feeding of trusts. Kno= w the Microsoft user/group model by heart. That is, know that users go into global groups, global groups go into local groups, and permissions are assigned to local groups. You may get questions in which there are more than one "correct" answer; choose the "best" answer, which is the one tha= t follows the model.=20 I seem to recall one or two questions on NetWare migration (some have sai= d there are more, though). I just remember that they were very easy (of course, I had just done a NW migration the previous day, so=85.) Know NTFS permissions inside and out. I don't remember any questions as f= ar as what happens when you move vs. copy a file (and the effects on its permissions). Seems to me that those questions are on the NT Server exam; however, it's a good thing to know anyway. I recommend http://www.saluki.com/mcse/ntsec.htm for a good overview. You will need to know what objects (users and groups) can be put into whi= ch groups. Know which types of servers can be moved to another domain (without reinstalling NTS, that is). Well, that's all folks (that's all I can recall at the moment, anway)=85.= If anybody can add to this, please do. ---------- Dan Hi, I took the test recently and got a 980 (1 question wrong). I would recommend that you peruse Technet's knowledge base under NTS 4. There are a couple of articles that help you understand Microsoft's perspective on Directory Services (after all the questions seem to ask which should do? Rather than which could you do). Directory Services are big. RAS situational questions. Printing question with regard to assigning rights to people/special groups (creator/owner). Domain syncronization questions. How can you reduce different kinds of traffic, etc. Of course, trusts and domain models are big. A number of the questions are tricky. I recommend you think about what your audience (Microsoft) wants to hear and temper that with a little common sense. I also recommend, if at all possible, that you get your hands on the Transcender test questions, of which many are very similar to what you will find on the exam. Yours truly, Diallo I had one question on IIS on exam 70-68. It was regarding directory permissions for the root web directory.. Can anyone give me a definite answer as to how much, *IF ANY* Internet Info Server material is on this exam. I am getting conflicting reports. According to the saluki.com page, there is none. According to Microsoft, there is some. Any help is appreciated. I had one question that asked something similar to the following: One server with one NIC. Running TCP/IP. You want to have 5 different domain names, each with its own IP Address on this server. How do you do it? The answers gave you choices of partitioning the disk different ways, binding multiple IP addresses to the card etc. You had to pick TWO out of the four responses. I was able to eliminate two responses and I picked the two remaining. I still am not sure if I got the question right or not. I hope this helps One of the neatest features of IIS is that you can create multiple domain names on the same server. First go to your TCP/IP settings via control panel, hit advanced button on the ip address tab, and add the address that you will assign to the domain name. Then go to the Internet service manager and add the directory you want to associate with that address on the directory tab under the www server. Then update your DNS routing tables and your good to go. Jay >You are hosting web pages for 5 different companies on your IIS server. These 5 companies have 5 different DNS names register to your server. How do you configure IIS to handle it ? >Any idea? yes. ;) 1. add the 5 ip addresses to your network card 2. reboot 3. create 5 homedirs with the 5 ip addresses in the 'internet information server configuration manager'. Just create the directories and put them in the config util. Then mark 'home directory' and 'virtual server' and type in the ip addresses. 4. stop/restart iis (i think) 5. tataaaa! 6. btw: has nothing to do with dns since nt can't hande that very well. 7. you must know the ip addresses of the dns names in order to put them on your network card and iis. Perhaps the following item helps: http://www2.ebay.com/aw/itemfast.cgi?item=3Dziu60969 Ok, here are the Enterprise dumps, like I said, they need to be cleaned up, please forgive me as I have been studying for the Server exam, and by the way, yesterday I passed, my first test the first time, yes I am very pleased. NT 4.0 SERVER IN THE ENTERPRISE 70-68 -Difficult exam -10 rate the solution questions -heavy on domains -Netware connectivity -understand that you can only regen 1 disk in a stripe set with party -Know the ins and outs of Alerts -know when to use global and local groups -mandatory and roaming user profiles -performance monitor -using rdisk.exe -Memory dump utilities -wins,dhcp,dns -how to move a server to another domain -after looking at a report, know what the system bottleneck is -when to use which domain model Materials Used to study -Scholars.com -Transcender -MCSE Study Guide Additional Info on the 70-68 exam. I finally passed all my exams and am officialy an MCSE. Thanks to everybody in all these newsgroups for the info. Special thanks to Rob (see message posted 2/2/97.) In the spirit of helping my fellow colleagues, please add the following to the information provided by Rob. 1. How does RAID5 affect read/write performance and processor? 2. Know how to set filters to isolate IP addressing in Net Monitor 3. Study how the guest account affects users in domains and trust relationships. 4. How would you ensure that only authorized group users will be able to use RAS connections, and what kind of security measureas are available. 5. How do multiple group memberships affect profiles based upon groups? 6. Important... To change domain membership, Windows NT has to be re-installed on DC's. 7. A - Accounts G - Go into Global Groups L - Which get assigned to Local Groups P - Which get assigned permissions 8. How would you install a member server and move it to a different domain without re-installing NT? 9. Remember that Local Groups can contain Global Groups, Trusted users and Local Users After I finished four exam(nt ws4.0, nt server 4.0 net essential,iis), I found there is little information avaiable about this enterprise exam. Until I found this site (listed by ncp site), I didn't even know that 3.51 doesn't have a exam like this.(;-(, I guess I took too little time to prepare the whole exam, 8 weeks part time for all four from ground) I want to contribute a little since I benefit from this site for my fifth exam, which I took this noon and got a 86.6). 1) 51 problems 1.5 hrs. 5~6 problems with secerenia, I found that time was a concern(I typically have 0.5 hr extra for all the other exam, for this one, I only had 10 mins) 2) Don't be Misleaded, it is NOT difficult as fas as the problem was concerned. With general knowledge of Trust and basic understanding of disk performance, Sam, you will be all right. If you have a good sleep last night, it will be more helpful than reading another book. Mac and Novell problem is minimum. The general knowledge knowledge with tcp/ip will be enough( don't spend too much time on DNS, DHCPand WINS etc and those tcp utility (such as arp icmp netstat..), they are not important. Again have a clear picture of the major stuff will be more helpful in most opf the problem. 3) The On line book with nt4.0 (2 books) is Very very good for both exams(enterprise and Non-enterprise), except browse through the resource guides(2 books), I didn't Touch any other books( it turns out to be You don't need to be) I did buy couple other books, Master Nt server 4.0 by sybex and Professional guide for nt 4.0, but I just didn't feel like I need them.(I set a deadline for myself for each test, so even if I didn't finish reading all the materials, I still go for the exam. Fortunetaly in the past 1.5 months, I passed all five exams in one shot. I don't mean those material is not good, I mean probably you don't need them if you have limited funding) 4)Try to get hold of one technet CD (newer than Nov., 1996) If you feel like that you are not clear with one concept, try to do a search and read one or two articles. You don't need those that much, only ocationally. 5) don't forget to take the assement test even if they are for 3.51. I took (and passed) the Enterprise Exam with a score of 882. Here are a few items I saw that made me go ... "WHAT ??" * If you have a server that is hosting multiple domain names, how do you use WINS, IIS, and DNS to resolve the name to an IP. * YOU MUST KNOW TRUSTS .. you will not pass without a FIRM knowledge of trusts. But keep in mind, it takes more than trusts to pass the test, but without 'em you haven't got a chance. The item that helped me the most was the following. HARDWARE -------> PEOPLE I created a diagram of two trusts, one named "HARDWARE" and one named "PEOPLE". I then pointed the arrow at the people and wrote the following sentence below the trust. "The HARDWARE trusts the PEOPLE". I wrote this on my first blank page once the exam began. This one picture made life so much easier. I no longer had to think about the trust interaction. I just referenced my diagram, and applied it to my current problem. * Remember that a local group cannot span trusts, they want you to fall for that one on most every question. * There were a few questions on domain planning Investigate how you would plan for a large company that spanned 5+ major cities, where everyone needed access to all domains. * How about the problem of having one Domain span all 5 (or 6) cities. Some cities are connected via a fast connection (T1) other cities are connected via a slow connection (56K). How would you place BDC's so that the authentication at any city was reasonable. * I didn't see much on subnetting .. maybe one or two questions on TCP/IP. * a few on netware migration (not a whole bunch). Don't spend much time here. * If you have two domains, a user in one domain and resources in the other domain. What should you do to allow the user to connect to the resource in the other domain. * Know how file permissions and share permissions interact to allow a user to use resources on a share. * Know how to recover from a RAID failure. * What do you do if you don't have an emergency repair disk. And of course the machine has crashed. * What do you do if you don't have the three installation boot disks. And of course the machine has crashed. * How to support multiple domain names under IIS, How to configure IIS to allow multiple names, and how do you create the multiple root locations. =B7 Some performance tuning stuff. Thanks to this list and New Riders text passed 70-68 this morning with 941/1000, so here goes the Dump! Studied above resources exclusively , be sure to cover 70-67 topics such as Fault Tolerance, how to recover from disk failures, and how to recover from boot failures. I was prepared for the worst on domain trust questions and was not let down. At least 15-20 convoluted questions in this area , but all followed the same pattern!!! Very Important , know the Moft model and use it repeatedly Users in to Global Groups, Global Groups into Local Groups and permissions tied to Local Groups. I used the same technique on all non-trivial questions, i.e. Diagram Domain structure w/ proper trust relationships, look to disqualify as many answers as possible, ( Old SAT technique ), and then look for differances among remaining possibilities. This sounds time consuming, and everyone who posted about time management was right;however, after a couple of iterations the answers started to jump out and the questions all began to fit a pattern. 4 sets of questions involving 1 scenario with 2 questions. Remember that once you map these long ones out the second is almost free. All together this test was tough but not tricky, I didn't get the focused question on registry hacks and only 1 Netware question. A few RAS questions,and rights questions were all related to trusts. As I posted earlier TCP/IP is next and would like any input on differance between 70-53 (tcp/ip-3.51) and 70-59 (tcp/ip-4.0) as I cannot find text written specifically for 4.0 Here is what I remember from the NT Server 4.0 in the Enterprise exam 70-68. Before I start, I want to say that I REALLY hate how Microsoft says Chose the Best Answer. 'Best' is often a matter of opinion but anyhow that's my gripe. Here we go... Nitty Gritty 51 Questions, 90minutes, 784 to pass (approx 20points per question) * Know Trusts inside out (if you don't you fail - simple as that) * Know domain models inside out (single, single master, multi-master, full trusts) * Scenario: You want to give ONLY the sales group remote access (mandatory) and require data encryption AND password encryption. Proposed Solution: Configure only sales to have remote access thru usrmgr, allow any authentication method, require passwords to be changed every 40 days. * Same scenario as above. Proposed Solution. Configure only sales to have access thru usmgr, require encrypted authentication, require passwords to be changed every 40 days, implement hardware based security between the modems and the server * Scenario. You have 2 identical printer devices pooled. Accounting is always hogging the printer with 500 page docs that require alot of processing. You want Managers to always print first and have both printers in the pool available to them. You want Sales to also print to both printers but their jobs come after Managers. You want Accounting to print last and only to one of the printers. Proposed Solution: Configure a printer pool. Assign the Managers highest priority, followed by Sales, followed by Accoutants. Config Managers/Sales to print to both printers, Accountants to only 1. Allow Sales/Mangers to print after the first page is spooled, Accountants only print after last page is spooled. * Same Scenario as above, similar solution. Only major difference was that system was setup so Accounting group would print in off-peak hours. * You're the admin of master domain and u want to create a global group that has right to backup all DC (mandatory) and member server/Workstations (optional). Proposed Solution: Create a global group called PrintGlobal in master, put them into backup ops in resource domain. (This does not fulfill the Optional) * Same Scenario as above: Proposed Solution was different. Create a global group called BackUpGlobal in Master, create BackUpLocal in each resource domain. Assign BackUpGlobal to BackUpLocal, assign BackUpLocal backup/restore rights. Also, put BackUpGlobal groups in all member server/workstations local backup groups. * Your designing several server roles. You have 5000 users accessing a SQL server. How would you config this server? (Here you have a graphic with four options...) 1.??? 2. Balanced 3. Maximize Throughput for File sharing 4. Maximize Throughput for Network access * You have configed a server/printer with the DLC protocol, after you reboot, you can't print why? Something about someone connected to the printer with a continuous connection * You have a custom apps designed for use on NT workstations. How do you create a .pol file so your users can access them? -cut/paste from existing registry -create a template -??? -???? (can't remember this one too well) * Know that trusts are not transitory. ie: A trusts B and B trusts C does NOT mean A trusts C. * Had a couple question where it would show a graphic with multiple domains. It would list the requirements (centralized accounts, what the WAN speed is between them, where the DHCP/WINS server is, etc) then u had to choose the answer that matched the question. Pretty simple as long as you read each paragraph. * Lots of these questions made you decide what is the greatest single imprvement u could do, ie place a BDC on either side of a slow link to eliminate Netlogon traffic over the WAN or would that cause too much synchronization traffic. * Make sure you know the nuances of the Replication Governor, and the pulseconcurrency, pulse, pulsemaximum stuff. * Had one where Mary was a member of the Sales group and the SalesManagers group. She wanted access to the a file in a trusted domain but when she tried to get to it she was denied. They present you with a graphic showing what groups had what permissions to the files. Basically you had to point out that her No Access permission from her membership in the Sales group was overiding her Read permission in the SalesManager group. * Know you Share permissions and your NTFS permissions and how they interact. (Dig out that NT4.0 Core manual!) * You create a .pol file for everyone to use, where to you put it? ---users home dir ---Netlogon share ---member server ---etc * How do you designate a pol file as being mandatory? (gift) * How do you simplify the creation of home directories (%username%) * Know the duifference between dumpcheck and dumpexam. I had a question on dumpcheck. * How do you configure the location of a memory dump file? * Scenario where Finance wanted their staff to print cheques but only they had power of them. Not even Administrator should be able to fool around with the print jobs and only the person who created the job should have control. Typical globalgroup/local group thing but local group had to have very specific rights. Had something to do with ownership of files. * You run Performance Monitor to check a drive that is thrashing but when you check the log all counters are at zero. Why? Didn't turn on Diskperf -y * You want to monitor usage on a multi-processor system, what counter should you turn on. I think it was System: %_Total Processor * Make sure you know the difference and when to use rdisk, the Emergency Repair Disk, and the Setup Disks. ie: Know what files they each can replace in case of a system drive crash. * You boot up the system and the following message appears. "Could not find \Winnt\ntoskernel." How do you repair this. Copy file from tape back up Reboot from the setup disks Use the Emergency Repair Disks * Absolutely nothing on the Registry! * You are using Network Monitor to monitor network usage of a TCP/IP network on an NT Workstation. How can you filter only those packets initiated by the workstation? (or something to that effect) The answer was something about filtering by computer address. * You are hosting web pages for 5 different companies on your IIS server. These 5 companies have 5 different DNS names register to your server. How do you configure IIS to handle it? - bind 5 IP's to the NIC - map 5 web folders to the IP's - ??? - ??? Having not taken IIS I had no clue but they wanted 2 answers so I illiminated the 2 I thought were totally wrong. * There were a few questions on domain planning Investigate how you would plan for a large company that spanned 5+ major cities, where everyone needed access to all domains. * You two sites, London and Mexico City as one domain. Mexico city had the PDC, DHCP, & WINS servers. London had only workstations. London is complaining of slow logons and wickedly slow address and name resolutions (no kidding!) How do you make London as effecient as Mexico City? * You have one domain spanning 5 cities with 56K links between them all. How do you fix it so that there is a happy medium. * You are migrating Netware accounts to your NT domain but of course many of the Netware users have multiple user accounts. How do you deal with all these duplicate accounts? - Migrate them all and go back and delete all the duplicates one by one. - Chose OPTIONS , OVERWRITE Duplicate accounts. - Chose which accounts to migrate one by one with User Manager - ??? * You want to migrate, Netware users, computers, files, and permissions to NT. What must be in place. - NWLink ipx/spx - TCP/IP - System must be FAT - System must be NTFS * You have 6 hard drives. The first is your system drive. The other five are part of a fault tolerance implementation of disk stripping with parity. In a real fluke of bad luck you lose the first two drives of your disk stripe. How do you recover? * You have mirror the system partition. More bad luck strikes and the first drive of the mirror dies. How do you recover? * What do you do if you don't have an emergency repair disk. And of course the machine has crashed. * What do you do if you don't have the three installation boot disks. And of course the machine has crashed. * You want to optimize read/write performance. Which should you implement? - disk mirroring - disk duplexing - disk striping with parity * Study how the guest account affects users in domains and trust relationships. ( I don't think I knew enough about this, came up a couple of times) * You are installing NT as a BDC in the CORP domain, when you get the message "Could not locate Primary Domain Controller for CORP domain." What do you do? - Continue with install then physically connect the computer to the domain and join. * Know that you cannot promote a member server to BDC or PDC and vise versa. * Know that a DC cannot change domains without re-installation. * Know AGLP - Accounts are put into Global groups Global groups are put into Local groups Local groups are assigned Permissions. * Remember that Local Groups can contain Local Users, Global groups from the local and trusted domains, and Users from trusted domains. * Where do you store a users profile if you want it to be roaming? * How do you recover from losing the system partition? * You have 4 servers, 60 users, you want centralized administration of accounts and resources. Which domain model are we talking about here? Thought this might be of interest to the list. I posted it to Scholars.com public folders. Alright! I just passed my 3rd exam in the last 2 weeks. 3 down 3 to go. What was the exam like? By far the worst exam I have taken. Keys: Time management!!!! I went through the test and marked all the longer scenario type questions to come back to later on. After finishing the simple answer questions I had about 50 minutes left. After going through the scenario questions I had 8:32 left on the clock. Not enough time to go through and review all my answers which I like to do. My Experience: -Setting up server: balance, minimize, maximize...for file sharing and network apps. 2 questions -System policy 2 questions. -Several on NTFS permission (3-5) -Many on trusts at least 10. Be comfortable with all aspects of trusts. There is no way around that. -Domain Models/WAN planning- 6-8 questions. Several required a lot of thought as they ran through the details of what they were looking for. Kevin(advisor) sent me a sheet (Titled: WINS, DHCP) that helped a lot here. -There were several give me questions that you will be well prepared for. -No questions on the Registry -No MAC questions -Performance Monitor/Network Monitor 5-6 questions. Pretty straight forward questions. -Learn about the creator special group. That was on my exam and I had no clue. -Learn about the role of guest groups in domains. Again on my exam, I did not know. ie what type of access does a guest group have accross a trust? -IIS- 1 question -Migration from Netware-2 questions - My preparation: -Scholars material. -STS- for the enterprise exam they are right on the money. Practice, Practice, Practice the STS exams. Know why they come up with the answers that they do. Probrably >50% of the questions are very similar to the Exam questions that I had. -Check out the site www.mcpmag.com. When you get there click on forum in the left window. There are forums for each exam that you need to take. It is a life saver to find out what the exams will be like. Good luck as you take this exam. Just remember the following 1. Know how trusts work, with Global and Local groups 2. Understand counters in Perf Mon 3. Make sure you have a good understanding of NT...raid levels and you will also get questions on NT4 workstation such as policies and profiles etc Good Luck you can do it Mike