Visit http://www.LearnQuick.Com

Today I took and passed Enterprise. It was adaptive- my score was 791 - 560 was required to  pass. Below are the notes I created based on the requirements. I read new riders, dummies, o'reilly mcse, used trans*** and the dumps here. On this exam the dumps did not help as much as in the past - i do not think I could have passed server the first time without the brain dump. Good luck!

This certification exam measures your ability to implement, administer, and troubleshoot information systems that incorporate Windows NT Server version 4.0 in an enterprise-computing environment.

An enterprise computing environment is typically a heterogeneous WAN.  It might include multiple servers and multiple domains, and it might run sophisticated server applications. Before taking the exam, you should be proficient in the following job skills.

Planning:

Plan the implementation of a directory services architecture.

Considerations include:

Selecting the appropriate domain model

Directory Services means: one user, one account. Universal resource access. Central admin.

Directory synchronization.

BDC- recommends one bdc for every 2000 authenticating users in all domain models

Single domain model- all users and groups in one domain. It is easy to install. Centralized admin.

Resources can be managed from one location. No trusts. It can handle a theoretical limit of 40,000  accounts- a max of 40mg Sam. The recommended (25,000 in dum- 20,000 in nr, 20,000- they all agree it is less that 40,000 – 26,000 is on one of the exams) no departmental admin controls can be assigned. Browsing is slow if there is a large number of computers

Single - Master Domain- same user limitations as single domain.

Centralized admin- but now  resources can admin themselves. Admin or resources can be shared. Each resources can have an admin. The trust is easy each resource domain trusts the master.

Allows for one user, one account. Master holds global groups.-

Limitations include- local groups must be defined in each domain (master and resource)- the max users is still 40,000 and well below 20,000 should be used. Resource domains have no control over global groups. Good for across WAN.

Multiple-Master Domain Model- good for big company. It is scaleable to required number of users  (more than 20 or 40 thousand.) Distributed resources administration.

East Master can have an admin or the masters can be grouped for centralized admin. Limitations are- complex trusts. User accounts  are distributed across multiple masters. Global groups may have to be defined a number of times. –

there are two one way trusts between each master and one between each master and each resource.

The equation is  master * (master-1) + resource * master = trusts

(the global groups may have to be defined a number of times because global groups can hold accounts from their domain only)

Complete- trust- rarely used. Hard to administer. No central admin.

Each domain controls its  resources. NumberofDomains * (NumberofDomains –1) Number f trusts needed to make complete trust. Not realistic for more than 3 or 4 domains.

Supporting a single logon account

Allowing users to access resources in different domains:

Accounts are defined in PDC (master or other) and are put into Global

Groups (all accounts in global groups MUST BE from the same domain). Global Groups can cross trusts.

They should have no permissions granted to them. They are placed in Local Groups (in the same domain or other) and  then granted Permissions. If you have multiple master PDC’s you must (may) create duplicate Global Groups to grant users from different domains the same permission in the Local Groups.

Member servers must define their own Local Groups. Other resources can have all groups defined from any trusted domain PDC. (in user manager – select domain – then add user or group)

Plan the disk drive configuration for various requirements.

Requirements include choosing a fault-tolerance method. Mirroring, duplexing and raid 5 disk striping with parity. Volume set, disk striping without parity (nneds only 2 disks)

Choose a protocol for various situations. Configure protocols and protocol bindings. include:

TCP/IP – connecting to internet

TCP/IP with WINS and

DHCP - DHCP uses DHCP Manager. Can maintain all DHCP servers from central location. A   SCOPE is IP’s are used. (range) name scope. Specify lease time/

Created in JET format- (MS Access) is stored in \winnt\system32\dhcp dir. To back up using jet type: JETPACK DHCP.mbd

c:\backup.dir\dhcp.mbd then restart dhcp service.

DHCP relay agent allows a multihomed

WINS- see wins section below

NWLink IPX/SPX Compatible Transport Protocol

Data Link Control (DLC)

AppleTalk – see services for mac below

Installation and Configuration:

Install Windows NT Server to perform various server roles. Server roles include:

Primary domain controller - account Backup domain controller – resource – helps with authentication

Member server- resource- application etc- local groups must be defined on them individually.

Configure Windows NT Server core services. Services include:

Directory Replicator – is part of SERVER Services.helps maintain logon and profiles and same for  users. PDC is export server and import server receives all changes to files. Needs a service account  to use. The account should be a member of backup op and replicators groups. Default export dir is  /winnt/system32/repl/export. Script default for NETLOGON are found in  /winnt\system32\repl\import\scripts. NT Servers can export. WKSTN or NT Server can import. The default sync is every 5 minutes. You can force through Server manager.

It can be full or partial replication. BDC requests replication – sync. To change replication time you must edit the registry. 

You change the PulseConcurrency values and Pulse in reg key: Increase PULSE to decrease traffic  H_KEY_LOCAL_MACHINE\system\currentcontrolset\service\netlogon\parameters PULSE setting is REG_DWORD- defines pulse frequency (how often) every two hours regardless.

Can be set fro 60 to 3,600 seconds.

PulseConcurrency- is also REG_DWORD- define max simultaneous pulses.

Increasing - increases  the load on pdc. The default value is 20 and can range between 1 to 500 decreasing - lowers the frequency of replication.

ReplicationGovenor- defines how often bdc responds to pdc sync announcement. And how much  data is exchanged. The value is a percentage from 0 to 100. 100 is the default. This helps with lowering WAN traffic. ReplicationGovernor should not be set below 25.

Computer Browser – installed in services tab of network option. To allow browser edit Registry. In   Hkey_Local_Machine\system\currentcontrolset\services\browser\paramaters\maintainserverlist Three possible values- YES to become a browser service makes you either master or backup browser – default in dc’s. NO- never participates in browser service and AUTO- potential browser wkstn and server default. To maintain Browser list over WAN and subnets- You can Implement WINS, Use LMHOSTS, configure Router to forward through UDP port 137.

Wins- is a dynamic database which monitors and maintains netbios broadcast name management.

Allows for central admin. Eliminates need for LMHost file (which is static text file admin must make and put in each machine- updating manually) It decreases broadcast traffic. Can be used with remote clients.

WINS can be referred to by DNS to resolve host names and avoid creation of static mappings for all  hosts in DNS. WINS Server is designated in Network Control, TCP/IP properties. Contains info on IP to NetBios name. TTL = time to live – or time in which netbios name must renew. Default name time is 96 hours. (4 days) You should have one primary and secondary wins server for every 10,000 clients. WINS packets can cross Networks (routable) Needs Nt Server 3.51 or higher. Must have static IP, default gateway info and subnet mask. Add service through Services in Network Control Panel. Must add wins server to wins manager. Configured in wins manager.

Uses PUSH and PULL. Pulls info from replicating wins server. PUSH determines if pull partner is notified of changes Two methods of push and pull- set up predetermined amount of time- to update whenever there is a change. Push partner forces info to Pull partner.

Pull sends requests from time to time. Across WAN link should be the PULL partner. This way you can control traffic – keep at off  hours. WAN PULL – LAN Push Pull ---Auto back up every three hours. 2 ways to restore backed up db- use win manager and or manually move db.Can add static mappings. reserves name you can create these kinds of mappings: Unique – permits only one address per name. Group- a normal group doesn’t have an ip address stored for the computers in the group. A normal group is used for broadcasts and browsing. Internet Group- can have as many as 25 primary and back up domain  controllers- used to dc’s tp communicate with each other. Multi-homed- can have up to 25 addresses used for multi-homed systems. When statically mapped you see 3 entries one for netbios,  redirector messenger and server. Microsoft recommends compacting when reached 30mbs in size.

JETPACK- is the compactor tool must stop wins sever before compaction IS SAME UTILTIY FOR DHCP- syntax is: jetpack databasename temp databasename

You can include UNIX and non-Microsoft machines by giving a static mapping,. OR you can install wins proxy on the subnet with the "non-clients" b-node broadcasts cannot pass through routers. Win Proxy listens for broadcast and reports it to WIN server. It only works on one subnet….so you may  bee win proxy on each subnet of "non-clients" Permissible clients are any NT, 95, workgroups 3.1 w) tcp/ip and ms dos net client 3.0 or higher plus Lanmanager 2.2 or higher.

Wins for DHCP enabled clients0 require 044 WINS/NETBIOS Name Service Servers and 046

WINS/BT Node Type OR add wins server in tcp/ip properties.

Configure hard disks to meet various requirements. Requirements include: Providing   redundancy Improving performance

To monitor disk performance must turn on diskperf –y tool. –it turns on monitoring counters.

%disk Time – percent of disk busy time

Ave. Disk Queue Length- ave numb of waiting ops

Current Disk Queue Length- num of ops waiting now

Ave. Disk/Sec Transfer –average data transfer time in seconds

Disk Bytes/ Sec – how fast bytes are being moved. This is primary measure of throughput  Ave Disk/Bytes/Transfer – measure of efficiency

Disk Transfer/ Sec – how quickly transfers are serviced

Abottle neck occurs if regular activity is 85 percent or higher. Also if disk ques are greater than 2 while paging is less than 5 per sec.- Usually adding ram solves problems from paging

Mirroring and Duplexing have moderate read/write times – write time slower with mirror

Disk Striping with Parity increased write performance. Needs more memory

Configure printers. Tasks include:

Adding and configuring a printer – add printer wizard…

Implementing a printer pool – devices must be on same server and use same driver

Setting print priorities 1 is lowest 99 is highest

Configure a Windows NT Server computer for various types of client computers.

Client computer types include: Windows NT Workstation Windows® 95

Network Client Adminstrator - make startup disk for net install of os, make disk set- for  networking tools on sys with Os

Macintosh® - services for Macintosh installs AppleTalk. Mac can access special volumes on NTFS for Macs only. Can share printing on nt and within AppleTalk zone.

Can Install Admin tools on other OS- for 95 – event viewer, server manager and user manager for domain

On NT Workstation- dhcp manager, event viewer, RAS admin, remote reboot, server manager, services for Mac, user manager for domains, WINS manager, and USER profile Editor.

Administer remote servers from various types of client computers.

Client computer types include:

Windows 95 Windows NT Workstation – see configure clients

Manage disk resources. Tasks include: Creating and sharing resources – server manager

Implementing permissions and security- right click on item

Establishing file auditing- go to securities tab on file or folder of object to be audited. Replace auditing on subdirectories and replace auditing on existing file check boxes. Select the user or groups to audit- add names. Select the events you wish to audit. (this

process is the same to audit

printers---for policies do this from user manager for domains s and

select policies – audit and audit

these events) audit logs are saved in the system and security logs and

can be viewed with the event

viewer. Can monitor success or failure if following events:

Logon and off

File and object access

Use of user rights

User and group management

Security policy changes

Restart, shutdown and system

Process tracking.

Connectivity

Configure Windows NT Server for interoperability with NetWare servers

by using various tools.

Tools include:

Gateway Service for NetWare – lets NT server and machines using NT

server access NetWare file

and print services. Don’t need to add software to clients for them to

access NetWare. NWLink must

be on system.

Migration Tool for NetWare – you can not migrate passwords. The only

way around is to USE a

mapping file. Can not migrate workgroup and user account managers,

NetWare logon scripts and

print and que info.

Uses nwconv.exe. If it tuns into identical user names the default is

to skip the account and stop

migrating. After migration must replace NetWare redirectors with

Microsoft redirectors.

FPNW- File and Print Services for NetWare.- allows NetWare users to

access NT resources.- no

additional client software is needed. This is an add on service –

additional cost.

DSMN- Directory Service for NetWare

CSNW- only on Workstation. Allows access NetWare in conjunction with

nwlink.

 

Install and configure multiprotocol routing to serve various

functions. Functions include: good for

small to mid sized networks. You need NT server & 2 nics, ENABLE IP

FORwarding. Create A

static routing table for entries to remote networks the nics are nto

attached to.- may optionally create

a ROUTE entry so the router can exhange info with other routers.

Internet router – multi-homed nt machine- unique ips on each nic.

BOOTP/DHCP Relay Agent –dhcp is not designed to cross routers- so you

need to have a dhcp

router on each subnet OR bootp/ dhcp agent installed on remote subnet

forwards request for dhcp

info to dhcp server. Some routers do not support BOOTP

IPX router - dynamically exchange route info- broadcast s routing info

to other routers. Using SAP

(Server Advertising Protocol) Agent – need to periodically broadcast.

you don’t always need sap for

ipx routing only if an app requires it. – Installed by default

RIP for TCP/IP- dynamically exchange route info- broadcast s routing

info to other routers. Using

SAP (Server Advertising Protocol) Agent

Troubleshooting Routing Problems: use ROUTE PRINT command shows

routes. IF it has a

METRIC of 2 the route was found dynamically from another router. Check

the default gateway.

Install and configure Internet Information Server. Services include:

add from network control panel,

services. Installs Internet Service Manager Which- allows the stop,

start and pause of highlighted

service. You must specify tcp port- defaults are:

World Wide Web – 80, ftp 21 and gopher is 70

Can designate a PASSWORD for access to the server. Can make a path to

another machine and

DIRECTORY accessible using UNC. Can Create HOME directory which will

act as root for the

service. To create a VIRTUAL Directory – create and alias within the

service root.

ENABLE DEFAULT DOCUMENT- make the default page index (whatever

designated

DIRECTORY Browser Access- allows you to see the dir structure if the

default document is not

found if enabled.

ACOUNT INFO is required if you will be going to another machine on

network

ACCESS- determines is you have read, write ….must agree with NTFS

permissions

Can LOG visits

Advanced PROPERTIES- TAB- allows you to control access and bandwidth

used

GRANTED ACCESS, DENIED ACCESS-controls who can visit the site

EXCEPT THOSE LISTED- works well in conjunction to above. Can make

access list using a list of

approved IPS

Limit Network Usage- allows you designate the allowable bandwidth to

be used and number of

attaching users.

DNS – static database for ip to fully qualified domain name

resolution- can work with wins to

resolve hosts- is like HOSTS file.

Intranet

Install and configure Remote Access Service (RAS). Configuration

options include:

Configuring RAS communications check box to require data encryption

Configuring RAS protocols –NetBEUI ipx/spx and tcp/ip

Configuring RAS security – callback, encrypted password

Managing Resources

Manage user and group accounts. Considerations include:

Managing Windows NT user accounts Managing Windows NT groups- see

directory services

Managing Windows NT user rights – from User Manager. Can designate

path to profile. Rights are

assigned to groups or users. Like access this computer from the

network(admin, power users and

everyone), backup(admin and backup op), change system time(admin and

power users), load and

unload device drivers(admin), manage and audit security log(admin),

restore files and

directories(admin and backup), shutdown (all), take ownership (admin)

Administering account policies -

Create and manage policies and profiles for various situations.

Policies and profiles include:

Local user profiles – specifics of users working environment. System

policies control user

environments. User managers is where they are created. Policy editor

makes Policies. Allows ad min

to control access to resource

Roaming user profiles – good on any machine saved in share on pdc

changeable by user

System policies- many of the same settings as user profile but

strictly controlled by admin. Can

prevent users from changing settings and restrict applications.

POLICIES override USER Profile

settings.

User Policies – are kept in HKEY_LOCAL_USER key. –

control panel allows you to restrict display control panel o hide it,

Desktop allows mandatory

wallpaper and schemes.

Shell relates to startup menu and explorer can disable run and find

commands. Hide drive letters and

restrict net neighborhood items, disable shutdown and prevent shell

settings from being saved.

System allows you to disable regedit access, specify a list of

allowable applications.

NT Shell- enforces locations for start menu and contents, program

folders and net neighborhood and

other system folders

WindowsNTSystem, include environment variables defined in dos

autoexec.bat and options relating

to logon scripts.

Computer Policies- effect a specific machine. Kept in

HKEY_LOCAL_MACHINE start at boot

time.

Policies are created in System Policy Editor.

Network policy – is added every time they logon,

System uses SNMP allows you to run specific applications.,

Windows NT Network – determines if hidden shares are created.

NT Printers, options for printing and spooling,

Remote access- security. Shell- specify shared dirs for program

folders and desktop icons, User

Profiles- can force deletion of former user to be deleted at logout.

Auditing changes to the user account database –User

Manager>Policies>Audit>check box User

and Group Management and check box for success and failure

 

Monitoring and Optimization

Establish a baseline for measuring system performance. Tasks include

creating a database of

measurement data. Use should monitor disk objects, memory objects,

processor objects and

network protocol objects to get a baseline. You can use save to log

and later can create a report to

view baseline.

Processor bottle neck id: processor object %processor time –over

85;System object: processor

queue length is often greater than 2; memory objects

Monitor performance of various functions by using Performance Monitor.

Functions include:

Processor – Memory Disk Network processor object %processor

time – how often busy,

%User Time- how often users have control of processor; %priveledge

time – os using processor.

Memory

OBJECT COUNTER DESCRIPTION

Memory Available Bytes Virtual

memory available for system use

< 4MB indicates a need for more RAM

Memory Pages/sec Number of

pages being written between

physical memory and paging file.

This number should be below 20.

Memory Committed Bytes Memory that is allocated and

currently being

used by applications. Should be less that the physical memory

installed on your computer.

CPU

OBJECT COUNTER DESCRIPTION

System %ProcessorTime If consistently at

or above 80%, consider upgrading

the

processor.

System Processor Queue Length Consistent processor

length > 2, the processor causing

a

problem.

Disk Access

OBJECT COUNTER

DESCRIPTION

Physical Disk %Disk Time

If Over 90% then disk is the

bottleneck

Physical Disk Current Disk Queue length

If Over 2 then disk is the bottleneck

Logical Disk Avg. Disk sec/Transfer

Network Access

OBJECT COUNTER

DESCRIPTION

Network Segment %Network Utilization

Should below 40% in Ethernet

Should below 80% in Token

Ring

Monitor network traffic by using Network monitor. Tasks include:

Two Tools-

Agent – which runs at client computers and monitors their status and

Manager - which polls clients and summarizes data.

Collecting data

Capture data- 3 ways- capture >start start capture toolbar F10

Stop Capture- 4ways- capture>stop stop capture toolbar F11 stop>view

Display-3ways-capture>display cap. data display cap. Data toolbar F12

Presenting data -3 windows- summary detail hexidecimal

Filtering data

Identify performance bottlenecks.

Optimize performance for various results. Results include:

Controlling network traffic

Controlling server load

Troubleshooting

Choose the appropriate course of action to take to resolve

installation failures.

Choose the appropriate course of action to take to resolve boot

failures.

Choose the appropriate course of action to take to resolve

configuration errors. Tasks include:

Backing up and restoring the registry – rdisk /s checkbox on

ntbackup, regback, regrest (resoucre

kit tools- for live restorations) canback up rvia regedit32 restore

key through registry editor although

not optimal.

Editing the registry - regedit regedit32

Choose the appropriate course of action to take to resolve printer

problems.

Choose the appropriate course of action to take to resolve RAS

problems.

Choose the appropriate course of action to take to resolve

connectivity problems.

Choose the appropriate course of action to take to resolve resource

access and permission

problems.

Choose the appropriate course of action to take to resolve

fault-tolerance failures.

Fault-tolerance methods include: Tape backup- restore Mirroring –

break and recreate –

Stripe set with parity- one disk regenerate 2 restore from tape after

recreation

Perform advanced problem resolution. Tasks include: Diagnosing and

interpreting a blue screen

Configuring a memory dump- in startup shutdown menu BEFORE blue

screen, go to my

computer>startup/shutdown>recovery>write debugging information to

check box

Memory dump Is size of physical ram. Must be room on hd

Dumpchk- checks order lists i/o and errors

Dumpexam utility examines.- creates text file. need imagehlp.dll –

conatins same info as blue screen

Dumpflop- backs the dump to a series of floppies to be sent out

Using the Event Log service