20369427 windows questions desktop engineer questions system admin

8/14/2019 20369427 Windows Questions Desktop Engineer Questions System Admin

1/64

IMPOTENT QUESTION

Windows Questions (Desktop Engineer Questions + System Admin

Question )

Q. What is the difference between Win2k Server and Win2k3?

Answer :

1. We cant rename domain in Win2k,u can rename in Win2k3

2. IIS 5.0 in Win2k and IIS 6.0 in Win2k3

3. No Volume Shadow Copying in Win2k, its available in Win2k3

4. Active Directory Federation Systems in Win2k3

Like that some other security features added in Win2k3, main features are above

Q. TELL ME WHY WE R USEING EXCHANGE SERVER?

Ans:- This is a mail server. we can use this Server to send mails in Intranet as wellas outside.

Q .What is DHCP?

Ans:- To assign ip addresses automatically.

Q. DHCP relay agent where to place it?

Ans. DHCP Relay agent u need to place in Software Router.

Q. what is forest?

Ans. Is a collection of trees? Tree is nothing but collection domains which ishaving same name space.Domain contains domain controllers..Forest Tree Domain

Dont get confused.. Understand carefully.

Q. what is GC? How many required for A Tree?


2/64


3/64

Domain Naming Master : Adding / Changing / Deleting any Domain in a forest ittakes care

Schema Master : It maintains structure of the Active Directory in a forest

Q. FTP, NNTP, SMTP, KERBEROS, DNS, DHCP, POP3 port numbers?

Ans:- FTP : 20, 21(20 is for controlling, 21 is Transmitting)

NNTP: 119

SMTP: 25

Kerberos: 88

DNS: 53

DHCP: 67, 68

Pop3: 110

Q DHCP PAT database path folder

Ans, C:\WINDOWS\system32\dhcp

Q. DNS Database path folder?

Ans : - C:\WINDOWS\system32\dns

Q. Working of ping, telnet, and gopher.

Ans. ping is a computer network tool used to test whether a particular host isreachable across an IP network. It works by sending ICMP echo request packets to thetarget host and listening for ICMP echo response replies. ping estimates the round-triptime, generally in milliseconds, and records any packet loss, and prints a statisticalsummary when finished.

TELNET (TELecommunication NETwork) is a network protocol used on the Internet orlocal area network (LAN) connections. It was developed in 1969 beginning with RFC 15and standardized as IETF STD 8, one of the first Internet standards.

The term telnet also refers to software which implements the client part of the protocol.TELNET clients have been available on most Unix systems for many years and areavailable for virtually all platforms. Most network equipment and OSs with a TCP/IP


4/64

stack support some kind of TELNET service server for their remote configuration(including ones based on Windows NT). Because of security issues with TELNET, its usehas waned as it is replaced by the use of SSH for remote access.

"To telnet" is also used as a verb meaning to establish or use a TELNET or other

interactive TCP connection, as in, "To change your password, telnet to the server and runthe passwd command".

Most often, a user will be telneting to a Unix-like server system or a simple networkdevice such as a switch. For example, a user might "telnet in from home to check his mailat school". In doing so, he would be using a telnet client to connect from his computer toone of his servers. Once the connection is established, he would then log in with hisaccount information and execute operating system commands remotely on that computer,such as ls or cd.

On many systems, the client may also be used to make interactive raw-TCP sessions,

even when that option is not available, telnet sessions are equivalent to raw TCP as longas byte 255 never appears in the data.

packet internet gopher (PING)DefinitionMethod used in determining the response time of an internet connection. PING softwaresends a request to an website, and times the receipt of reply (echo) called pong. A part ofthe Internet Protocol, PING is not directly accessible to the user.packet internet gopher (PING) is in the Data Management, Communications, & Networksand Internet & World Wide Web subjects.

Q. What is RAID? Types of RAID

Ans:- What is a RAID

Lets start with the basics. RAID Redundant Array of Independent Discs. In the old days italso used to mean Redundant Array of Inexpensive Discs. A RAID system is a collectionof hard drives joined together using a RAID level definition ( see level below). There aremany uses for RAID. First it can be used to stripe drives together to give more overallaccess speed (level 0). Second it can be used mirror drives (level 1). Third it can be usedto increase uptime of your overall storage by striping drives together and then keepingparity data, if a drive should fail the system keeps operating (level 5). Most people use

RAID level 5 for the uptime purposes and its ability to join together 16 drives, giving alarge storage block. Read about RAID levels below and see which one suits you best.

Hot Spares

A hot spare is a stand by drive assigned to an array or assigned to a group of arrays(global spare). If a drive goes bad in an array the hot spare will take over for failed drive


5/64

automatically and your array will not suffer a performance degradation. Hot spares onlymake sense on levels 5, 5+0 , 0+5, 1+5 and 5+1.

Hot Swap

Hot swap is a term used to describe the condition in which drives are attached to theRAID controller. You always want hot swap drives so that if a drive goes bad it can bereplaced on the fly without incurring downtime.

Other features to avoid downtime

Other features of professional RAIDs include Hot swap and redundant power supplies.Hot swap and redundant fans. In some more expensive RAID systems we even have hotswap and redundant RAID controllers.

RAID Levels

Configure and price a RAID system

RAID 0

This is the simplest level of RAID, and it just involves striping. Data redundancy is noteven present in this level, so it is not recommended for applications where data is critical.This level offers the highest level of performance out of any single RAID level. It alsooffers the lowest cost since no extra storage is involved. At least 2 hard drives arerequired, preferably identical, and the maximum depends on the RAID controller. Noneof the space is wasted as long as the hard drives used are identical. This level has becomepopular with the mainstream market for it's relatively low cost and high performance

gain. This level is good for most people that don't need any data redundancy. There aremany SCSI and IDE/ATA implementations available. Finally, it's important to note that ifany of the hard drives in the array fails, you lose everything.


RAID 1

This level is usually implemented as mirroring. Two identical copies of data are stored ontwo drives. When one drive fails, the other drive still has the data to keep the systemgoing. Rebuilding a lost drive is very simple since you still have the second copy. Thisadds data redundancy to the system and provides some safety from failures. Some

implementations add an extra RAID controller to increase the fault tolerance even more.It is ideal for applications that use critical data. Even though the performance benefits arenot great, some might just be concerned with preserving their data. The relative simplicityand low cost of implementing this level has increased its popularity in mainstream RAIDcontrollers. Most RAID controllers nowadays implement some form of RAID 1.

http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/


6/64

RAID 2

This level uses bit level striping with Hamming code ECC. The technique used here issomewhat similar to striping with parity but not really. The data is split at the bit leveland spread over a number of data and ECC disks. When data is written to the array, theHamming codes are calculated and written to the ECC disks. When the data is read from

the array, Hamming codes are used to check whether errors have occurred since the datawas written to the array. Single bit errors can be detected and corrected immediately. Thisis the only level that really deviates from the RAID concepts talked about earlier. Thecomplicated and expensive RAID controller hardware needed and the minimum numberof hard drives required, is the reason this level is not used today.


RAID 3

This level uses byte level striping with dedicated parity. In other words, data is stripedacross the array at the byte level with one dedicated parity drive holding the redundancy

information. The idea behind this level is that striping the data increasing performanceand using dedicated parity takes care of redundancy. 3 hard drives are required. 2 forstriping, and 1 as the dedicated parity drive. Although the performance is good, the addedparity does slow down writes. The parity information has to be written to the parity drivewhenever a write occurs. This increased computation calls for a hardware controller, sosoftware implementations are not practical. RAID 3 is good for applications that dealwith large files since the stripe size is small.


RAID 4

This level is very similar to RAID 3. The only difference is that it uses block levelstriping instead of byte level striping. The advantage in that is that you can change thestripe size to suit application needs. This level is often seen as a mix between RAID 3 andRAID 5, having the dedicated parity of RAID 3 and the block level striping of RAID 5.Again, you'll probably need a hardware RAID controller for this level. Also, thededicated parity drive continues to slow down performance in this level as well.


RAID 5

RAID 5 uses block level striping and distributed parity. This level tries to remove the

bottleneck of the dedicated parity drive. With the use of a distributed parity algorithm,this level writes the data and parity data across all the drives. Basically, the blocks of dataare used to create the parity blocks which are then stored across the array. This removesthe bottleneck of writing to just one parity drive. However, the parity information still hasto be calculated and written whenever a write occurs, so the slowdown involved with thatstill applies. The fault tolerance is maintained by separating the parity information for ablock from the actual data block. This way when one drive goes, all the data on that drivecan be rebuilt from the data on the other drives. Recovery is more complicated than usual
http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/


7/64

because of the distributed nature of the parity. Just as in RAID 4, the stripe size can bechanged to suit the needs of the application. Also, using a hardware controller is probablythe more practical solution. RAID 5 is one of the most popular RAID levels being usedtoday. Many see it as the best combination of performance, redundancy, and storageefficiency.


RAID 10 or 0+1

Combining Levels of RAID

The single RAID levels don't address every application requirement that exist. So, to getmore functionality, someone thought of the idea of combining RAID levels. What if youcan combine two levels and get the advantages of both? Well that was the motivationbehind creating these new levels. The main benefit of using multiple RAID levels is the

increased performance. Usually combining RAID levels means using a hardware RAIDcontroller. The increased level of complexity of these levels means that software solutionsare not practical. RAID 0 has the best performance out of the single levels and it is theone most commonly being combined. Not all combinations of RAID levels exist. Themost common combinations are RAID 0+1 and 1+0. The difference between 0+1 and1+0 might seem subtle, and sometimes companies may use the terms interchangeably.However, the difference lies in the amount of fault tolerance. Both these levels require atleast 4 hard drives to implement. Let's look at RAID 0+1 first.

This combination uses RAID 0 for it's high performance and RAID 1 for it's high faulttolerance. I actually mentioned this level when I talked about adding striping to

mirroring. Let's say you have 8 hard drives. You can split them into 2 arrays of 4 driveseach, and apply RAID 0 to each array. Now you have 2 striped arrays. Then you wouldapply RAID 1 to the 2 striped arrays and have one array mirrored on the other. If a harddrive in one striped array fails, the entire array is lost. The other striped array is left, butcontains no fault tolerance if any of the drives in it fail.

RAID 1+0 applies RAID 1 first then RAID 0 to the drives. To apply RAID 1, you splitthe 8 drives into 4 sets of 2 drives each. Now each set is mirrored and has duplicateinformation. To apply RAID 0, you then stripe across the 4 sets. In essence, you have astriped array across a number of mirrored sets. This combination has better fault tolerancethan RAID 0+1. As long as one drive in a mirrored set is active, the array can still

function. So theoretically you can have up to half the drives fail before you loseeverything, as opposed to only two drives in RAID 0+1.

The popularity of RAID 0+1 and 1+0 stems from the fact that it's relatively simple toimplement while providing high performance and good data redundancy. With theincreased reduction of hard drive prices, the 4 hard drive minimum isn't unreasonable tothe mainstream anymore. However, you still have the 50% waste in storage spacewhenever you are dealing with mirroring. Enterprise applications and servers are often
http://4raid.com/http://4raid.com/


8/64

willing to sacrifice storage for increased performance and fault tolerance. Some othercombinations of RAID levels that are used include, RAID 0+3, 3+0, 0+5, 5+0, 1+5, and5+1. These levels are often complicated to implement and require expensive hardware.Not all of the combinations I mentioned above are used

Q. Types Of Active Directory Partitions?

Ans. Domain data

The domain data holds information about objects within a domain. This is information such as e-mail

contacts, user and computer account attributes, and published resources that are of interest to administrators

and users.

For example, when a user account is added to your network, a user account object and attribute data are

stored in the domain data. When changes to your organization's directory objects occur, such as object

creation, deletion, or attribute modification, this data is stored in the domain data.

Configuration data

The configuration data describes the topology of the directory. This configuration data includes a list of all

domains, trees, and forests and the locations of the domain controllers and global catalogs.

Schema data

The schema is the formal definition of all object and attribute data that can be stored in the directory.

Domain controllers running Windows Server 2003 include a default schema that defines many object types,

such as user and computer accounts, groups, domains, organizational units, and security policies.

Administrators and programmers can extend the schema by defining new object types and attributes or by

adding new attributes for existing objects. Schema objects are protected by access control lists, ensuring

that only authorized users can alter the schema

Application data

Data stored in the application directory partition is intended to satisfy cases where information needs to be

replicated but not necessarily on a global scale. Application directory partitions are not part of the directory

data store by default; they must be created, configured, and managed by the administrator.

Q. what is an organizational unit? In Active Directory,

Ans:- An organizational unit (OU) is a subdivision within an Active Directory into

which you can place users, groups, computers, and other organizational units.You can create organizational units to mirror your organization's functional orbusiness structure. Each domain can implement its own organizational unithierarchy. If your organization contains several domains, you can createorganizational unit structures in each domain that are independent of thestructures in the other domains.
http://kb.iu.edu/data/ahtd.htmlhttp://kb.iu.edu/data/ahtd.html


9/64

The term "organizational unit" is often shortened to "OU" in casual conversation."Container" is also often applied in its place, even in Microsoft's owndocumentation. All terms are considered correct and interchangeable.

At Indiana University, most OUs are organized first around campuses, and then

around departments; sub-OUs are then individual divisions within departments.For example, the BL container represents the Bloomington campus; the BL-

UITS container is a subdivision that represents the University Information

Technology Services (UITS) department, and there are subcontainers below that.This method of organization is not an enforced rule at IU; it is merely chosen forconvenience, and there are exceptions.

Some of this information was adapted from Microsoft's knowledge base. Formore information about Active Directory structures, you can access Microsoft'sknowledge base at:

Q.What are the requirements for installing AD on a new server?

Ans. An NTFS partition with enough free space An Administrator's username and password

The correct operating system version

A NIC

Properly configured TCP/IP (IP address, subnet mask and -

optional - default gateway)

A network connection (to a hub or to another computer via a

crossover cable)

An operational DNS server (which can be installed on the DC itself)

A Domain name that you want to use The Windows Server 2003 CD media (or at least the i386 folder)

Q. What is Kerberos? Which version is currently used by Windows?How does Kerberos work?

Ans :- Kerberos is the user authentication used in Win2000 and Win2003 ActiveDirectory servers

Kerberos version in 5.0

Port is : 88

Its more secure and encrypted than NTLM (NT authentication)

Q. Describe the lease process of the DHCP server.
http://kb.iu.edu/data/ahaw.htmlhttp://kb.iu.edu/data/ahaw.htmlhttp://kb.iu.edu/data/ahaw.htmlhttp://kb.iu.edu/data/ahaw.html


10/64

Ans : A DHCP lease is the amount of time that the DHCP server grants to theDHCP client permission to use a particular IP address. A typical server allows itsadministrator to set the lease time.

Q. Disaster Recovery Plan?

Ans: Deals with the restoration of computer system with all attendant softwareand connections to full functionality under a variety of damaging or interferingexternal condtions.

Q.Which protocol is used for Public Folder ?

ANS: SMTP

Q.What is the use of NNTP with exchange ?

ANS: This protocol is used the news group in exchange.

Q.How will take backup of Active Directory ?

Ans: Take the system state data backup. This will backup the active directorydatabase. Microsoft recomend only Full backup of system state database

What are the content of System State backup ?

The cotents areBoot fles,system files

Active directory (if its done on DC)Sysvol folder(if it done on DC)Cerficate service ( on a CA server)Cluster database ( on a clsture server)registryPerformance couter configuration inormationCoponet services class registration database

Q. What is the difference between windows server 2003...

A) In 2000 we cannot rename domain whereas in 2003 we can rename Domain

B) In 2000 it supports of 8 processors and 64 GB RAM (In 2000 Advance Server) whereas in2003 supports up to 64 processors and max of 512GB RAM

C)2000 Supports IIS 5.0 and 2003 Supports IIS6.0

D) 2000 doesnt support Dot net whereas 2003 Supports Microsoft .NET 2.0


11/64

E) 2000 has Server and Advance Server editions whereas 2003 has Standard, Enterprise,Datacentre and Web server Editions.

F) 2000 doesnt have any 64 bit server operating system whereas 2003 has 64 bit serveroperating systems (Windows Server 2003 X64 Std and Enterprise Edition)

G) 2000 has basic concept of DFS (Distributed File systems) with defined roots whereas2003 has Enhanced DFS support with multiple roots.

H) In 2000 there is complexality in administering Complex networks whereas 2003 is easyadministration in all & Complex networks

I) In 2000 we can create 1 million users and in 2003 we can create 1 billion users.

J) In 2003 we have concept of Volume shadow copy service which is used to create hard disksnap shot which is used in Disaster recovery and 2000 doesnt have this service.

K) In 2000 we dont have end user policy management, whereas in 2003 we have a End userpolicy management which is done in GPMC (Group policy management console).

L) In 2000 we have cross domain trust relation ship and 2003 we have Cross forest trustrelationship.

M) 2000 Supports 4-node clustering and 2003 supports 8-node clustering.

N) 2003 has High HCL Support (Hardware Compatibility List) issued by Microsoft

O) Code name of 2000 is Win NT 5.0 and Code name of 2003 is Win NT 5.1

P) 2003 has service called ADFS (Active Directory Federation Services) which is used tocommunicate between branches with safe authentication.

Q) In 2003 their is improved storage management using service File Server ResourceManager (FSRM)

R) 2003 has service called Windows Share point Services (It is an integrated portfolio ofcollaboration and communication services designed to connect people, information,processes, and systems both within and beyond the organizational firewall.)

S) 2003 has Improved Print management compared to 2000 server

T) 2003 has telnet sessions available.

U) 2000 supports IPV4 whereas 2003 supports IPV4 and IPV6

Q. Differencebetweenrouter and switch


12/64


13/64

Windows XP has better support for games and comes with more games than

Windows 2000.

Windows XP is the latest OS - if you don't upgrade now, you'll probably end

up migrating to XP eventually anyway, and we mere mortals can only take so

many OS upgrades.

Manufacturers of existing hardware and software products are more likely to

add Windows XP compatibility now than Windows 2000 compatibility.

Q. What are the perquisite for installation of Exchange Server ?

Ans. The pre requisite are

IISSMTPWWW serviceNNTP.NET Framework

ASP.NETThen run Forest prepThe run domain prep

Q. Latest service pack windows2000Professional

Ans. Windows 2000 Pro Service Pack 4

Ans . Windows XP Prof service Pack 2

Ans Windows 2000 Advance Server 4

Ans .Windows 2003 server service pack 2

Q. What is IP Address

Ans:-

IP addressLast modified: Thursday, August 12, 2004

Anidentifierfor a computer ordevice on a TCP/IPnetwork. Networks using theTCP/IPprotocol route messages based on the IP address of the destination. The

format of an IP address is a 32-bit numeric address written as four numbers separatedby periods. Each number can be zero to 255. For example, 1.160.10.240 could be an

IP address. Within an isolated network, you can assign IP addresses at random as longas each one is unique. However, connecting a private network to the Internetrequiresusing registered IP addresses (called Internet addresses) to avoid duplicates.

The four numbers in an IP address are used in different ways to identify aparticular network and a host on that network. Four regional Internet registries-- ARIN, RIPE NCC,LACNIC and APNIC -- assign Internet addresses from
http://www.webopedia.com/TERM/I/identifier.htmlhttp://www.webopedia.com/TERM/I/identifier.htmlhttp://www.webopedia.com/TERM/I/device.htmlhttp://www.webopedia.com/TERM/I/TCP_IP.htmlhttp://www.webopedia.com/TERM/I/TCP_IP.htmlhttp://www.webopedia.com/TERM/I/network.htmlhttp://www.webopedia.com/TERM/I/protocol.htmlhttp://www.webopedia.com/TERM/I/protocol.htmlhttp://www.webopedia.com/TERM/I/Internet.htmlhttp://www.webopedia.com/TERM/I/Internet.htmlhttp://www.webopedia.com/TERM/I/ARIN.htmlhttp://www.webopedia.com/TERM/I/RIPE_NCC.htmlhttp://www.webopedia.com/TERM/I/RIPE_NCC.htmlhttp://www.webopedia.com/TERM/I/LACNIC.htmlhttp://www.webopedia.com/TERM/I/APNIC.htmlhttp://www.webopedia.com/TERM/I/identifier.htmlhttp://www.webopedia.com/TERM/I/device.htmlhttp://www.webopedia.com/TERM/I/TCP_IP.htmlhttp://www.webopedia.com/TERM/I/network.htmlhttp://www.webopedia.com/TERM/I/protocol.htmlhttp://www.webopedia.com/TERM/I/Internet.htmlhttp://www.webopedia.com/TERM/I/ARIN.htmlhttp://www.webopedia.com/TERM/I/RIPE_NCC.htmlhttp://www.webopedia.com/TERM/I/LACNIC.htmlhttp://www.webopedia.com/TERM/I/APNIC.html


14/64

the following three classes.

Class A - supports 16 million hosts on each of 126 networksClass B - supports 65,000 hosts on each of 16,000 networks

Class C - supports 254 hosts on each of 2 million networks

The number of unassigned Internet addresses is running out, so a new classlessscheme called CIDRis gradually replacing the system based on classes A, B,and C and is tied to adoption ofIPv6.

Also see Understanding IP Addressing in the Did You Know . . .? section ofWebopedia.

Q. What is getaway?

Ans. A gateway is a network point that acts as an entrance to another network. On theInternet, a node or stopping point can be either a gateway node or a host (end-point)node. Both the computers of Internet users and the computers that serve pages to usersare host nodes. The computers that control traffic within your company's network or atyour local Internet service provider (ISP) are gateway nodes. Can transcode or allowdifferent protocols to talk to each other.

Q. Types Of User Profiles

Ans . Local User Profile This profile is automatically created the first time

a user logs on to the computer, and it is stored on the computer's local harddrive. Any changes made to the local user profile are specific to the computerwhere the change was made.

Roaming User Profile You, as the administrator, create this profile, and

store it on a network server. This profile is available when a user logs on to

any computer on the network. Any changes made to roaming user profiles

are automatically updated on the server when the user logs off.

Mandatory User Profile Mandatory user profiles are stored on a network

server and are downloaded each time the user logs on. This profile does notupdate when the user logs off. It is useful for situations where consistent or

job-specific settings are needed Only administrators can make changes to

mandatory user profiles. If the mandatory user profile is unavailable, the

user cannot log on.

Types of event viewer logs
http://www.webopedia.com/TERM/I/CIDR.htmlhttp://www.webopedia.com/TERM/I/IPng.htmlhttp://www.webopedia.com/TERM/I/IPng.htmlhttp://www.webopedia.com/DidYouKnow/Internet/2002/IPaddressing.asphttp://www.webopedia.com/DidYouKnow/_index.asphttp://www.webopedia.com/TERM/I/CIDR.htmlhttp://www.webopedia.com/TERM/I/IPng.htmlhttp://www.webopedia.com/DidYouKnow/Internet/2002/IPaddressing.asphttp://www.webopedia.com/DidYouKnow/_index.asp


15/64

System Event Viewer Tips

By Nino Bilic

Although Event Viewer is a Microsoft Windows operating system tool, and

not a Microsoft Exchange Server tool, Event Viewer is useful when

troubleshooting Exchange Server problems. This article describes Event

Viewer basic concepts and new helpful features.

Definitions.

Overview

o

Types of Logs Found in Event Viewero Types of Events Logged

Event Anatomy

What Format to Save In?

How So You Know It Opened Properly?

Event Viewer Differences Between Windows Server 2003,

Windows XP, Windows 2000 Server, and Windows NT Server 4.0

Tips

o Increasing the Log File Size

o Filtering Events

o Searching for Keywords

o If on Windows XP, Use New Functionality

o Get All Logs that You Might Need

For More Information

Definitions

The following terms and definitions are used in this article:
http://technet.microsoft.com/en-us/library/aa996105.aspx#Definitions#Definitionshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Overview#Overviewhttp://technet.microsoft.com/en-us/library/aa996105.aspx#TypesOfLogsFoundInEventViewer#TypesOfLogsFoundInEventViewerhttp://technet.microsoft.com/en-us/library/aa996105.aspx#TypesOfEventsLogged#TypesOfEventsLoggedhttp://technet.microsoft.com/en-us/library/aa996105.aspx#EventAnatomy#EventAnatomyhttp://technet.microsoft.com/en-us/library/aa996105.aspx#WhatFormatToSaveIn#WhatFormatToSaveInhttp://technet.microsoft.com/en-us/library/aa996105.aspx#HowDoYouKnowItOpenedProperly#HowDoYouKnowItOpenedProperlyhttp://technet.microsoft.com/en-us/library/aa996105.aspx#Differences#Differenceshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Differences#Differenceshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Tips#Tipshttp://technet.microsoft.com/en-us/library/aa996105.aspx#IncreasingTheLogSize#IncreasingTheLogSizehttp://technet.microsoft.com/en-us/library/aa996105.aspx#FilteringEvents#FilteringEventshttp://technet.microsoft.com/en-us/library/aa996105.aspx#SearchingForKeywords#SearchingForKeywordshttp://technet.microsoft.com/en-us/library/aa996105.aspx#IfOnWindowsXP#IfOnWindowsXPhttp://technet.microsoft.com/en-us/library/aa996105.aspx#GetAllTheLogs#GetAllTheLogshttp://technet.microsoft.com/en-us/library/aa996105.aspx#ForMoreInformation#ForMoreInformationhttp://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx#Definitions#Definitionshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Overview#Overviewhttp://technet.microsoft.com/en-us/library/aa996105.aspx#TypesOfLogsFoundInEventViewer#TypesOfLogsFoundInEventViewerhttp://technet.microsoft.com/en-us/library/aa996105.aspx#TypesOfEventsLogged#TypesOfEventsLoggedhttp://technet.microsoft.com/en-us/library/aa996105.aspx#EventAnatomy#EventAnatomyhttp://technet.microsoft.com/en-us/library/aa996105.aspx#WhatFormatToSaveIn#WhatFormatToSaveInhttp://technet.microsoft.com/en-us/library/aa996105.aspx#HowDoYouKnowItOpenedProperly#HowDoYouKnowItOpenedProperlyhttp://technet.microsoft.com/en-us/library/aa996105.aspx#Differences#Differenceshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Differences#Differenceshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Tips#Tipshttp://technet.microsoft.com/en-us/library/aa996105.aspx#IncreasingTheLogSize#IncreasingTheLogSizehttp://technet.microsoft.com/en-us/library/aa996105.aspx#FilteringEvents#FilteringEventshttp://technet.microsoft.com/en-us/library/aa996105.aspx#SearchingForKeywords#SearchingForKeywordshttp://technet.microsoft.com/en-us/library/aa996105.aspx#IfOnWindowsXP#IfOnWindowsXPhttp://technet.microsoft.com/en-us/library/aa996105.aspx#GetAllTheLogs#GetAllTheLogshttp://technet.microsoft.com/en-us/library/aa996105.aspx#ForMoreInformation#ForMoreInformationhttp://technet.microsoft.com/en-us/library/aa996105.aspx##


16/64

Event Any significant occurrence in the system or an application

that requires users to be notified or an entry to be added to a log.

Event log service A service that records events in the System,

Security, and Application logs.

Event logging The process of recording an audit entry in the audit

trail whenever certain events occur, such as services starting and

stopping, or users logging on, logging off, and accessing resources.

Event Viewer A component you can use to view and manage event

logs, gather information about hardware and software problems, and

monitor security events. Event Viewer maintains logs about program,

security, and system events.

Overview

Using the event logs in Event Viewer, you can gather information about

hardware, software, and system problems, and you can monitor Windows

operating system security events.

Types of Logs Found in Event Viewer

Microsoft Windows Server 2003, Windows XP, Windows 2000 Server, and

Windows NT record events in three kinds of logs:

Application log The Application log contains events logged by

applications or programs. For example, a database program might

record a file error in the Application log. The program developer

decides which events to record.

System log The System log contains events logged by the Windows

operating system components. For example, the failure of a driver or

other system component to load during startup is recorded in the

System log. The event types logged by system components are

predetermined by the Windows operating system.

Security log The Security log can record security events such as

valid and invalid logon attempts as well as events related to resource
http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##


17/64

use, such as creating, opening, or deleting files. An administrator can

specify what events are recorded in the Security log. For example, if

you have enabled logon auditing, attempts to log on to the system

are recorded in the Security log.

Servers running Windows Server 2003 and Windows 2000 Server that are

domain controllers might have the following additional logs in Event Viewer:

Directory Service log Windows Server 2003 and Windows 2000

Server directory service logs events in the Directory Service log. This

includes any information regarding the Active Directory directory

service and Active Directory database maintenance.

File Replication Service log File Replication Service (FRS) logs its

events in this log. This service is used for replication of files, such as

domain policies, between domain controllers.

DNS Server service log This log includes events related to the

Domain Name System (DNS) Server service running on Windows

Server 2003 and Windows 2000 Server. This will show only on DNS

servers running Windows Server 2003 and Windows 2000 Server.

Types of Events Logged

The icon on the left side of the Event Viewer screen describes the

classification of the event by the Windows operating system. Event Viewer

displays these types of events:

Error A significant problem, such as loss of data or loss of

functionality. For example, if a service fails to load during startup, an

error will be logged.

Warning An event that is not necessarily significant, but may

indicate a possible future problem. For example, when disk space is

low, a warning will be logged.

Information An event that describes the successful operation of an

application, driver, or service. For example, when a network driver

loads successfully, an information event will be logged.


18/64

Success Audit An audited security access attempt that succeeds.

For example, a user's successful attempt to log on to the system will

be logged as a Success Audit event.

Failure Audit An audited security access attempt that fails. For

example, if a user tries to access a network drive and fails, the

attempt will be logged as a Failure Audit event.

Event Anatomy

The main event components are as follows:

Source The software that logged the event, which can be either an

application name, such as Microsoft SQL Server, or a component of

the system or of a large application, such as MSExchangeIS, which is

the Microsoft Exchange Information Store service.

Category A classification of the event by the event source. For

example, the security categories include Logon and Logoff, Policy

Change, Privilege Use, System Event, Object Access, Detailed

Tracking, and Account Management.

Event ID A unique number for each source to identify the event.

User The user name for the user who was logged on and working

when the event occurred. N/A indicates that the entry did not specify

a user.

Computer The computer name for the computer where the event

occurred.

Description This field provides the actual text of the event, or how

the application that logged the event explains what has happened.

Data Displays binary data generated by the event in hexadecimal

(bytes) or DWORDS (words) format. Not all events generate binary

data. Programmers and support professionals familiar with source

application can interpret this information.

What Format to Save In?
http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##


19/64

Generally, you want to use the Event Log (.evt) format only. This is the

easiest format to read and search through, because it can be opened with

Event Viewer on your server.

When you want to see events for services that you do not have installed onyour computer, such as Cluster service or third-party services, save logs in

.csv format. The .csv files can be opened in Microsoft Office Excel.

The least desirable format that you can save logs in is .txt file format. Text

files are searchable, but they can be cluttered with information, and it is easy

to miss critical events. Use .txt format only when necessary.

How Do You Know It Opened Properly?

The following is an example of an event that does not show

information properly.

Event Type: In fo rmat ion

Event Source: MSExchangeIS Pr iva te

Event Category: (30)

Event ID: 2003

Date: 8/16/2001

Time: 1:47:02 PM

User: N/A

Computer: SERVERNAME

Description: The description for Event ID ( 2003 ) in Source

( MSExchangeIS Private ) cannot be found. The local computer may

not have the necessary registry information or message DLL files to

display messages from a remote computer. The following information

is part of the event:

The following is the same event displayed properly.

Event Type: Information

Event Source: MSExchangeIS Private

Event Category: Transport Sending

Event ID: 2003

Date: 8/16/2001

Time: 1:47:02 PM
http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##


20/64

User : N/A

Compute r : SERVERNAME

Description: There are no messages ready to send. The send thread

is sleeping.

The first event example is the event as it appeared when opened on a

computer without Exchange Server. The second example is that same event

log entry when opened on a computer running Exchange Server.

If you want to open an event log and see event descriptions properly, you

must open the log on the computer that has those applications or services

installed. If you need to display the event log for events that were created by

a third-party application on another computer, you might want to save the

log in .csv format to see what those events say.

There will always be some events that you will not see properly, such as

third-party services, hardware drivers, audio visual software, and backup

software, but at least you will see Exchange Server events as they should

appear, if you open the log on the Exchange server.

Event Viewer Differences Between Windows Server 2003, Windows XP,

Windows 2000 Server, and Windows NT Server 4.0

In Event Viewer, when you press the COPY button, the whole text recorded in

the event is copied to the Clipboard. You can then paste the information

anywhere you need it.

In Windows Server 2003 and Windows XP, you can direct Event Viewer to

look up registry entries on some other computer when you are opening the

log. For example, on a computer running Windows XP Professional, you can

create additional shortcuts for launching Event Viewer. Each of the shortcutscan point to another computer, one for Exchange Server version 5.5, another

for Exchange 2000 Server, and a third one for Cluster service, so you can

open the associated event logs on your workstation computer.
http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##


21/64

You can open event logs created on Windows Server 2003, Windows 2000

Server, and Windows NT Server 4.0. In almost all cases, all events will

appear properly. There might be a case when Windows NT Server 4.0 events

will appear as something totally different when viewed on Windows

Server 2003 or Windows 2000 Server. For information, see Microsoft

Knowledge Base article 312216, "Detailed Usage of the Event Viewer

/AUXSOURCE Switch Option."

Tips

The following sections provide information that can help you when

troubleshooting Exchange Server.

Increasing the Log File Size

By default, the log file size is 512 kilobytes (KB), which is not enough if you

want to see activity over several days. On a busy application server, with

some diagnostics logging, 512 KB can be filled with information within a few

hours. Consider increasing the log file size. A log file size of 10 megabytes

(MB) or larger will in most cases give you enough history to show a few days

of information. Event logs compress well. It is common for a 90 MB

Application log to compress to a 2 MB file.

Filtering Events

If you are looking for a specific event ID in the log, or you want to see just

errors, warnings, or events logged by a specific component, use filtering. On

Windows NT Server 4.0, click View, and then click Filter Events. On Windows

Server 2003 or Windows 2000 Server, select the log you want to filter, click

View, and then click Filter. This is a useful feature when viewing large event

logs.

Searching for Keywords

Consider that you want to search all events in a particular event log that

mention one specific user or server. In Event Viewer, click View, and then
http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://technet.microsoft.com/en-us/library/aa996105.aspx##http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://technet.microsoft.com/en-us/library/aa996105.aspx##


22/64

click Find. Type a word that you want to find in any event in the Description

field, or you can search for specific information, such as event IDs or source.

If on Windows XP, Use New Functionality

As mentioned previously, there is new functionality in Windows Server 2003

and Windows XP. You can redirect Event Viewer to look up registry settings

and DLLs on another computer.

This is a useful and timesaving feature. It allows you to view event logs for

any type of application that you might have installed on any servers in your

environment, from your computer running Windows XP. For more

information, see Microsoft Knowledge Base Article 312216, "Detailed Usage

of the Event Viewer /AUXSOURCE Switch Option."

Get All Logs that You Might Need

In most cases, you should look at the Application log when troubleshooting

Exchange Server. However, with Exchange Server 2003 and Exchange 2000

Server, you should always also check the System log, because of the

interrelationship between Exchange, Active Directory, and DNS. Consider

getting both logs at the same time. Reviewing both might show you errors on

the Windows operating system level that might explain the Exchange Server

behavior.

Windows Server 2003 Active Directory and Security questions

Windows interview questions

1. Whats the difference between local, global and universal groups? Domainlocal groups assign access permissions to global domain groups for local domain

resources. Global groups provide access to resources in other trusted domains.Universal groups grant access to resources in all trusted domains.

2. I am trying to create a new universal user group. Why cant I? Universalgroups are allowed only in native-mode Windows Server 2003 environments.Native mode requires that all domain controllers be promoted to Windows Server2003 Active Directory.

3. What is LSDOU? Its group policy inheritance model, where the policies areapplied to Local machines, Sites, Domains and Organizational Units.
http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://www.techinterviews.com/?p=12http://www.techinterviews.com/?cat=6http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://www.techinterviews.com/?p=12http://www.techinterviews.com/?cat=6


23/64

4. Why doesnt LSDOU work under Windows NT? If theNTConfig.polfileexists, it has the highest priority among the numerous policies.

5. Where are group policies stored? %SystemRoot%System32\GroupPolicy6. What is GPT and GPC? Group policy template and group policy container.7. Where is GPT stored?

%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID8. You change the group policies, and now the computer and user settings are inconflict. Which one has the highest priority? The computer settings takepriority.

9. You want to set up remote installation procedure, but do not want the user togain access over it. What do you do? gponame> User Configuration>Windows Settings> Remote Installation Services> Choice Options is yourfriend.

10. Whats contained in administrative template conf.adm? Microsoft NetMeetingpolicies

11. How can you restrict running certain applications on a machine? Via group

policy, security settings for the group, then Software Restriction Policies.12. You need to automatically install an app, but MSI file is not available. Whatdo you do? A .zap text file can be used to add applications using the SoftwareInstaller, rather than the Windows Installer.

13. Whats the difference between Software Installer and Windows Installer?The former has fewer privileges and will probably require user intervention. Plus,it uses .zap files.

14. What can be restricted on Windows Server 2003 that wasnt there inprevious products? Group Policy in Windows Server 2003 determines a usersright to modify network and dial-up TCP/IP properties. Users may be selectivelyrestricted from modifying their IP address and other network configurationparameters.

15. How frequently is the client policy refreshed? 90 minutes give or take.16. Where issecedit? Its nowgpupdate.17. You want to create a new group policy but do not wish to inherit. Make sure

you checkBlock inheritance among the options when creating the policy.18. What is "tattooing" the Registry? The user can view and modify user

preferences that are not stored in maintained portions of the Registry. If the grouppolicy is removed or changed, the user preference will persist in the Registry.

19. How do you fight tattooing in NT/2000 installations? You cant.20. How do you fight tattooing in 2003 installations? User Configuration -

Administrative Templates - System - Group Policy - enable - Enforce ShowPolicies Only.

21. What does IntelliMirror do? It helps to reconcile desktop settings, applications,and stored files for users, particularly those who move between workstations orthose who must periodically work offline.

22. Whats the major difference between FAT and NTFS on a local machine?FAT and FAT32 provide no security over locally logged-on users. Only nativeNTFS provides extensive permission control on both remote and local files.


24/64

23. How do FAT and NTFS differ in approach to user shares? They dont, bothhave support for sharing.

24. Explan theList Folder Contents permission on the folder in NTFS. Same asRead & Execute, but not inherited by files within a folder. However, newlycreated subfolders will inherit this permission.

25. I have a file to which the user has access, but he has no folder permission toread it. Can he access it? It is possible for a user to navigate to a file for whichhe does not have folder permission. This involves simply knowing the path of thefile object. Even if the user cant drill down the file/folder tree using MyComputer, he can still gain access to the file using the Universal NamingConvention (UNC). The best way to start would be to type the full path of a fileinto Run window.

26. For a user in several groups, are Allow permissions restrictive or permissive?Permissive, if at least one group has Allow permission for the file/folder, user willhave the same permission.

27. For a user in several groups, are Deny permissions restrictive or permissive?

Restrictive, if at least one group has Deny permission for the file/folder, user willbe denied access, regardless of other group permissions.28. What hidden shares exist on Windows Server 2003 installation? Admin$,

Drive$, IPC$, NETLOGON, print$ and SYSVOL.29. Whats the difference between standalone and fault-tolerant DFS

(Distributed File System) installations? The standalone server stores the Dfsdirectory tree structure or topology locally. Thus, if a shared folder is inaccessibleor if the Dfs root server is down, users are left with no link to the sharedresources. A fault-tolerant root node stores the Dfs topology in the ActiveDirectory, which is replicated to other domain controllers. Thus, redundant rootnodes may include multiple connections to the same data residing in differentshared folders.

30. Were using the DFS fault-tolerant installation, but cannot access it from aWin98 box. Use the UNC path, not client, only 2000 and 2003 clients can accessServer 2003 fault-tolerant shares.

31. Where exactly do fault-tolerant DFS shares store information in ActiveDirectory? In Partition Knowledge Table, which is then replicated to otherdomain controllers.

32. Can you use Start->Search with DFS shares? Yes.33. What problems can you have with DFS installed? Two users opening the

redundant copies of the file at the same time, with no file-locking involved inDFS, changing the contents and then saving. Only one file will be propagatedthrough DFS.

34. I run Microsoft Cluster Server and cannot install fault-tolerant DFS. Yeah,you cant. Install a standalone one.

35. Is Kerberos encryption symmetric or asymmetric? Symmetric.36. How does Windows 2003 Server try to prevent a middle-man attack on

encrypted line? Time stamp is attached to the initial client request, encryptedwith the shared key.


25/64

37. What hashing algorithms are used in Windows 2003 Server? RSA DataSecuritys Message Digest 5 (MD5), produces a 128-bit hash, and the SecureHash Algorithm 1 (SHA-1), produces a 160-bit hash.

38. What third-party certificate exchange protocols are used by Windows 2003Server? Windows Server 2003 uses the industry standard PKCS-10 certificate

request and PKCS-7 certificate response to exchange CA certificates with third-party certificate authorities.39. Whats the number of permitted unsuccessful logons on Administrator

account? Unlimited. Remember, though, that its the Administrator account, notany account thats part of the Administrators group.

40. If hashing is one-way function and Windows Server uses hashing for storingpasswords, how is it possible to attack the password lists, specifically the ones

using NTLMv1? A cracker would launch a dictionary attack by hashing everyimaginable term used for password and then compare the hashes.

41. Whats the difference between guest accounts in Server 2003 and othereditions? More restrictive in Windows Server 2003.

42. How many passwords by default are remembered when you check "EnforcePassword History Remembered"? Users last 6 passwords.

Windows Server 2003 IIS and Scripting interview questions

Windows interview questions

1. What is presentation layer responsible for in the OSI model? The presentation

layer establishes the data format prior to passing it along to the networkapplications interface. TCP/IP networks perform this task at the application layer.2. Does Windows Server 2003 support IPv6? Yes, run ipv6.exe from command

line to disable it.3. Can Windows Server 2003 function as a bridge? Yes, and its a new feature for

the 2003 product. You can combine several networks and devices connected viaseveral adapters by enabling IP routing.

4. Whats the difference between the basic disk and dynamic disk? The basictype contains partitions, extended partitions, logical drivers, and an assortment ofstatic volumes; the dynamic type does not use partitions but dynamically managesvolumes and provides advanced storage options

5. Whats a media pool? It is any compilation of disks or tapes with the sameadministrative properties.

6. How do you install recovery console?C:\i386\win32 /cmdcons,

assuming that your Win server installation is on drive C.7. Whats new in Terminal Services for Windows 2003 Server? Supports audio

transmissions as well, although prepare for heavy network load.8. What scripts ship with IIS 6.0?iisweb.vsb to create, delete, start, stop, and list

Web sites, iisftp.vsb to create, delete, start, stop, and list FTP sites, iisdir.vsb to
http://www.techinterviews.com/?p=13http://www.techinterviews.com/?cat=6http://www.techinterviews.com/?p=13http://www.techinterviews.com/?cat=6


26/64

create, delete, start, stop, and display virtual directories, iisftpdr.vsb to create,delete, start, stop, and display virtual directories under an FTP root, iiscnfg.vbs toexport and import IIS configuration to an XML file.

9. Whats the name of the user who connects to the Web site anonymously?IUSR_computername

10. What secure authentication and encryption mechanisms are supported byIIS 6.0? Basic authentication, Digest authentication, Advanced digestauthentication, Certificate-based Web transactions that use PKCS #7/PKCS #10,Fortezza, SSL, Server-Gated Cryptography, Transport Layer Security

11. Whats the relation between SSL and TLS? Transport Layer Security (TLS)extends SSL by providing cryptographic authentication.

12. Whats the role of http.sys in IIS? It is the point of contact for all incomingHTTP requests. It listens for requests and queues them until they are allprocessed, no more queues are available, or the Web server is shut down.

13. Wheres ASP cache located on IIS 6.0? On disk, as opposed to memory, as itused to be in IIS 5.

14. What is socket pooling? Non-blocking socket usage, introduced in IIS 6.0. Morethan one application can use a given socket.15. Describe the process of clustering with Windows 2003 Server when a new

node is added. As a node goes online, it searches for other nodes to join bypolling the designated internal network. In this way, all nodes are notified of thenew nodes existence. If other nodes cannot be found on a preexisting cluster, thenew node takes control of the quorum resources residing on the shared disk thatcontains state and configuration data.

16. What applications are not capable of performing in Windows 2003 Serverclusters? The ones written exclusively for NetBEUI and IPX.

17. Whats a heartbeat? Communication processes between the nodes designed toensure nodes health.

18. Whats a threshold in clustered environment? The number of times a restart isattempted, when the node fails.

19. You need to change and admin password on a clustered Windows box, butthat requires rebooting the cluster, doesnt it? No, it doesnt. In 2003environment you can do that via cluster.exe utility which does not requirerebooting the entire cluster.

20. For the document of size 1 MB, what size would you expect the index to bewith Indexing Service? 150-300 KB, 15-30% is a reasonable expectation.

21. Doesnt the Indexing Service introduce a security flaw when allowing accessto the index? No, because users can only view the indices of documents andfolders that they have permissions for.

22. Whats the typical size of the index? Less then 100K documents - up to 128MB. More than that - 256+ MB.

23. Which characters should be enclosed in quotes when searching the index? &,@, $, #, ^, ( ), and |.

24. How would you search for C++? Just enter C++, since + is not a specialcharacter (and neither is C).

25. What about Barnes&Noble? Should be searched for as Barnes&Noble.


27/64

26. Are the searches case-sensitive? No.27. Whats the order of precedence of Boolean operators in Microsoft Windows

2003 Server Indexing Service? NOT, AND, NEAR, OR.28. Whats a vector space query? A multiple-word query where the weight can be

assigned to each of the search words. For example, if you want to fight

information on black hole, but would prefer to give more weight to the wordhole, you can enterblack[1] hole[20] into the search window.29. Whats a response queue? Its the message queue that holds response messages

sent from the receiving application to the sender.30. WhatsMQPingused for? Testing Microsoft Message Queue services between

the nodes on a network.31. Which add-on package for Windows 2003 Server would you use to monitor

the installed software and license compliance? SMS (System ManagementServer).

32. Which service do you use to set up various alerts? MOM (MicrosoftOperations Manager).

33. What languages does Windows Scripting Host support? VB, VBScript,JScript.

Windows Admin Interview Questions

1. Describe how the DHCP lease is obtained.Its a four-step process consisting of (a) IP request, (b) IP offer, IP selection and(d) acknowledgement.

2. I cant seem to access the Internet, dont have any access to the corporatenetwork and on ipconfig my address is 169.254.*.*. What happened?

The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XPif the DHCP server is not available. The name for the technology is APIPA(Automatic Private Internet Protocol Addressing).

3. Weve installed a new Windows-based DHCP server, however, the users donot seem to be getting DHCP leases off of it. The server must be authorized firstwith the Active Directory.

Windows Server 2003 Interview and Certification Questions

1. How do you double-boot a Win 2003 server box? The Boot.ini file is set asread-only, system, and hidden to prevent unwanted editing. To change the Boot.initimeout and default settings, use the System option in Control Panel from theAdvanced tab and select Startup.

2. What do you do if earlier application doesnt run on Windows Server 2003?When an application that ran on an earlier legacy version of Windows cannot beloaded during the setup function or if it later malfunctions, you must run thecompatibility mode function. This is accomplished by right-clicking theapplication or setup program and selecting Properties > Compatibility >selecting the previously supported operating system.
http://msdn.microsoft.com/library/en-us/script56/html/wsoriWindowsScriptHost.asphttp://technical-interviews.com/windows-admin-interview-questions/http://technical-interviews.com/windows-server-2003-interview-and-certification-questions/http://msdn.microsoft.com/library/en-us/script56/html/wsoriWindowsScriptHost.asphttp://technical-interviews.com/windows-admin-interview-questions/http://technical-interviews.com/windows-server-2003-interview-and-certification-questions/


28/64

Windows Server 2003 Interview and Certification Questions II

1. What snap-in administrative tools are available for Active Directory? ActiveDirectory Domains and Trusts Manager, Active Directory Sites and ServicesManager, Active Directory Users and Group Manager, Active Directory

Replication (optional, available from the Resource Kit), Active Directory SchemaManager (optional, available from adminpak)2. What types of classes exist in Windows Server 2003 Active Directory?

o Structural class. The structural class is important to the system

administrator in that it is the only type from which new Active Directoryobjects are created. Structural classes are developed from either themodification of an existing structural type or the use of one or moreabstract classes.

Windows Server 2003 Active Directory and Security questions

1. Whats the difference between local, global and universal groups? Domainlocal groups assign access permissions to global domain groups for local domainresources. Global groups provide access to resources in other trusted domains.Universal groups grant access to resources in all trusted domains.

2. I am trying to create a new universal user group. Why cant I? Universalgroups are allowed only in native-mode Windows Server 2003 environments.Native mode requires that all domain controllers be promoted to Windows Server2003 Active Directory.

3. What is LSDOU? Its group policy inheritance model, where the policies areapplied to Local machines, Sites, Domains and Organizational Units.

Windows Server 2003 Active Directory and Security questions II

1. How can you restrict running certain applications on a machine? Via grouppolicy, security settings for the group, then Software Restriction Policies.

2. You need to automatically install an app, but MSI file is not available. Whatdo you do? A .zap text file can be used to add applications using the SoftwareInstaller, rather than the Windows Installer.

3. Whats the difference between Software Installer and Windows Installer?The former has fewer privileges and will probably require user intervention. Plus,it uses .zap files.

Networking questions

1. What is a default gateway? - The exit-point from one network and entry-wayinto another network, often the router of the network.

2. How do you set a default route on an IOS Cisco router? - ip route 0.0.0.00.0.0.0 x.x.x.x [where x.x.x.x represents the destination address]

3. What is the difference between a domain local group and a global group? -Domain local groups grant permissions to objects within the domain in which the
http://technical-interviews.com/windows-server-2003-interview-and-certification-questions-ii/http://technical-interviews.com/windows-server-2003-active-directory-and-security-questions/http://technical-interviews.com/windows-server-2003-active-directory-and-security-questions-ii/http://www.techinterviews.com/?p=304http://technical-interviews.com/windows-server-2003-interview-and-certification-questions-ii/http://technical-interviews.com/windows-server-2003-active-directory-and-security-questions/http://technical-interviews.com/windows-server-2003-active-directory-and-security-questions-ii/http://www.techinterviews.com/?p=304


29/64

reside. Global groups contain grant permissions tree or forest wide for any objectswithin the Active Directory.

4. What is LDAP used for? - LDAP is a set of protocol used for providing access toinformation directories.

5. What tool have you used to create and analyze packet captures? - Network

Monitor in Win2K / Win2K3, Ethereal in Linux, OptiView Series II (by FlukeNetworks).6. How does HSRP work?7. What is the significance of the IP address 255.255.255.255? - The limited

broadcast address is utilized when an IP node must perform a one-to-everyonedelivery on the local network but the network ID is unknown.

Windows sysadmin interview questions

1. What are the required components of Windows Server 2003 for installingExchange 2003? - ASP.NET, SMTP, NNTP, W3SVC

2. What must be done to an AD forest before Exchange can be deployed? -Setup /forestprep3. What Exchange process is responsible for communication with AD? -

DSACCESS4. What 3 types of domain controller does Exchange access? - Normal Domain

Controller, Global Catalog, Configuration Domain Controller5. What connector type would you use to connect to the Internet, and what are

the two methods of sending mail over that connector? - SMTP Connector:Forward to smart host or use DNS to route to each address

6. How would you optimise Exchange 2003 memory usage on a Windows Server2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini

7. What would a rise in remote queue length generally indicate? - This meansmail is not being sent to other servers. This can be explained by outages orperformance issues with the network or remote servers.

8. What would a rise in the Local Delivery queue generally mean? - Thisindicates a performance issue or outage on the local server. Reasons could beslowness in consulting AD, slowness in handing messages off to local delivery orSMTP delivery. It could also be databases being dismounted or a lack of diskspace.

9. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAPand Global Catalog? - SMTP 25, POP3 110, IMAP4 143, RPC 135,LDAP 389, Global Catalog - 3268

10. Name the process names for the following: System Attendant? MAD.EXE,Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXE

11. What is the maximum amount of databases that can be hosted on Exchange2003 Enterprise? - 20 databases. 4 SGs x 5 DBs.

12. What are the disadvantages of circular logging? - In the event of a corruptdatabase, data can only be restored to the last backup.
http://www.techinterviews.com/?p=295http://www.techinterviews.com/?p=295


30/64

Q. What is TCP/IP

Ans. Transmission Control Protocol/Internet Protocol A protocol for communication

between computers, used as a standard for transmitting data over networks and as the

basis for standard Internet protocols.Or

Transmission Control Protocol/Internet Protocol. Communication protocol suite and

standard for all Internet-connected machines.

Types of backup

The Backup utility supports five methods of backing up data on your

computer or network.

Copy backup

A copy backup copies all the files you select, but does not mark each

file as having been backed up (in other words, the archive attribute is

not cleared). Copying is useful if you want to back up files betweennormal and incremental backups because copying does not affect

these other backup operations.

Daily backup

A daily backup copies all the files that you select that have been

modified on the day the daily backup is performed. The backed-up filesare not marked as having been backed up (in other words, the archiveattribute is not cleared).

Differential backup

A differential backup copies files that have been created or changedsince the last normal or incremental backup. It does not mark files as

having been backed up (in other words, the archive attribute is notcleared). If you are performing a combination of normal and

differential backups, restoring files and folders requires that you have

the last normal as well as the last differential backup.

Incremental backup

An incremental backup backs up only those files that have been

created or changed since the last normal or incremental backup. Itmarks files as having been backed up (in other words, the archive

attribute is cleared). If you use a combination of normal and


31/64

incremental backups, you will need to have the last normal backup setas well as all incremental backup sets to restore your data.

Normal backup

A normal backup copies all the files you select and marks each file ashaving been backed up (in other words, the archive attribute is

cleared). With normal backups, you only need the most recent copy of

the backup file or tape to restore all of the files. You usually perform anormal backup the first time you create a backup set.

Backing up your data using a combination of normal backups and

incremental backups requires the least amount of storage space and isthe quickest backup method. However, recovering files can be time-

consuming and difficult because the backup set might be stored onseveral disks or tapes.

Backing up your data using a combination of normal backups and

differential backups is more time-consuming, especially if your datachanges frequently, but it is easier to restore the data because the

backup set is usually stored on only a few disks or tapes.

Q. Difference between DNS and WINSAns:- WINS = Windows Internet Name Service "Windows" being key word.WINS resolves netbios computer names to IP address.DNS resolves hostnames to an ip address.

If you go through your network settings for the TCP/IP protocol,you will notice you can use a different "hostname" from "computername".WINS = MyComputer = 192.168.0.1DNS = MyComputer.MyDomain.Com = 192.168.0.1DNS is primarily used to resolve domain names to the IP addresses thatare held in Domain Name Servers. Without DNS servers, you would have totype and IP address to get to a web site. Servers use WINs to resolveNetbios 15 letter names to IP addresses. WINS is generally used on LANS,and not WANS. DNS is primarily used on WANS.

OSI MODEL

The OSI Model

Introduction


32/64

The IEEE formed the 802 committee in February 1980 with the aim of standardizing the LAN

architectures by defining the Open System Interconnection (OSI) model. Of the OSI model, the

Data Link layer was split into two, the Media Access Control (MAC) sub-layer and the 802.2

Logical Link Control (LLC) sub-layer.

You can make up expressions to remember the order of the 7 layers, for example, 'Angus Prefers

Sausages To Nibbling Dried Pork' or 'A Pretty Silly Trick Never Does Please'. I remember it best

using the natty expression 'Application, Presentation, Session, Transport, Network, Data link,

Physical'. It just rolls off the tongue!

The OSI protocol set is rarely used today, however the model that was developed serves as a

useful guide to refer other protocol stacks such as ATM, TCP/IP and SPX/IPX.

Application Layer 7

It is employed in software packages which implement client-server software. When an application

on one computer starts communicating with another computer, then the Application layer is used.

The header contains parameters that are agreed between applications. This header is often only


33/64

sent at the beginning of an application operation. Examples of services within the application

layer include:

FTP

DNS

SNMP

SMTP gateways

Web browser

Network File System (NFS)

Telnet and Remote Login (rlogin)

X.400

FTAM

Database software

Print Server Software

Presentation Layer 6

This provides function call exchange between host operating systems and software layers. It

defines the format of data being sent and any encryption that may be used. Examples of services

used are listed below:

MIDI

HTML

GIF

TIFF

JPEG

ASCII

EBCDIC


34/64

Session Layer 5

The Session layer defines how data conversations are started, controlled and finished. The

messages may be bidirectional and there may be many of them, the session layer manages

these conversations and creates notifications if some messages fail. Indications show whether a

packet is in the middle of a conversation flow or at the end. Only after a completed conversation

will the data be passed up to layer 6. Examples of Session layer protocols are listed below:

RPC

SQL

NetBIOS names

Appletalk ASP

DECnet SCP

Transport Layer 4

This layer is resonsible for the ordering and reassembly of packets that may have been broken up

to travel across certain media. Some protocols in this layer also perform error recovery. After error

recovery and reordering the data part is passed up to layer 5. Examples are:

TCP

UDP

SPX

Network Layer 3

This layer is responsible for the delivery of packets end to end and implements a logical

addressing scheme to help accomplish this. Routing packets through a network is also defined at

this layer plus a method to fragment large packets into smaller ones depending on MTUs for


35/64

different media (Packet Switching). Once the data from layer 2 has been received, layer 3

examines the destination address and if it is the address of its own end station, it passes the data

after the layer 3 header to layer 4. Examples of Layer 3 protocols include:

Appletalk DDP

IP

IPX

Data Link Layer 2

This layer deals with getting data across a specific medium and individual links by providing one

or more data link connections between two network entities. End points are specifically identified,

if required by the Network layer Sequencing. The frames are maintained in the correct sequence

and there are facilities for Flow control and Quality of Service parameters such as Throughput,

Service Availability and Transit Delay.

Examples include:

IEEE 802.2

IEEE 802.3

802.5 - Token Ring

HDLC

Frame Relay

FDDI

ATM

PPP

The Data link layer performs the error check using the Frame Check Sequence (FCS) in the

trailer and discards the frame if an error is detected. It then looks at the addresses to see if it

needs to process the rest of the frame itself or whether to pass it on to another host. The data


36/64

between the header and the trailer is passed to layer 3. The MAC layer concerns itself with the

access control method and determines how use of the physical transmission is controlled and

provides the token ring protocols that define how a token ring operates. The LLC shields the

higher level layers from concerns with the specific LAN implementation.

Physical Layer 1

This layer deals with the physical aspects of the media being used to transmit the data. This

defines things like pinouts, electrical characteristics, modulation and encoding of data bits on

carrier signals. It ensures bit synchronisation and places the binary pattern that it receives into a

receive buffer. Once it decodes the bit stream, the physical layer notifies the data link layer that a

frame has been received and passes it up. Examples of specifications include:

V.24

V.35

EIA/TIA-232

EIA/TIA-449

FDDI

802.3

802.5

Ethernet

RJ45

NRZ

NRZI

You will notice that some protocols span a number of layers (e.g. NFS, 802.3 etc.). A benefit of

the seven layer model is that software can be written in a modular way to deal specifically with

one or two layers only, this is often called Modular Engineering.


37/64

Each layer has its own header containing information relevant to its role. This header is passed

down to the layer below which in turn adds its own header (encapsulates) until eventually the

Physical layer adds the layer 2 information for passage to the next device which understands the

layer 2 information and can then strip each of the layers' headers in turn to get at the data in the

right location. Each layer within an end station communicates at the same layer within another

end station.

OSI Model Layers

Application | Presentation | Session | Transport

Network | Data Link | Physical
http://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Applicationhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Presentationhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Sessionhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Transporthttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Networkhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Data%20Linkhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Physicalhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Applicationhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Presentationhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Sessionhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Transporthttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Networkhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Data%20Linkhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Physical


38/64

Layer Function Protocols NetworkComponents

Application

User Interface

used for applications

specifically written to run overthe network

allows access to networkservices that supportapplications;

directly represents the services

that directly support userapplications

handles network access, flow

control and error recovery

Example apps are file

transfer,e-mail, NetBIOS- based applications

DNS; FTP; TFTP;BOOTP;SNMP;RLOGIN;SMTP; MIME;NFS; FINGER;TELNET; NCP;APPC; AFP; SMB

Gateway

Presentation

Translation

Translates from application tonetwork format and vice-versa

all different formats from all

sources are made into acommon uniform format thatthe rest of the OSI model canunderstand

responsible for protocol

conversion, characterconversion,data encryption /decryption, expanding graphicscommands, data compression

sets standards for different

systems to provide seamlesscommunication from multipleprotocol stacks

not always implemented in a

network protocol

Gateway

Redirector

Session

"syncs and

sessions"

establishes, maintains and ends

sessions across the network

responsible for name

recognition (identification) soonly the designated parties canparticipate in the session

provides synchronizationservices by planning checkpoints in the data stream => ifsession fails, only data after themost recent checkpoint need betransmitted

manages who can transmit data

at a certain time and for howlong

Examples are interactive login

NetBIOS

Names Pipes

Mail Slots

RPC

Gateway


39/64

Windows sysadmin interview questions

1. What are the required components of Windows Server 2003 for installingExchange 2003? - ASP.NET, SMTP, NNTP, W3SVC

2. What must be done to an AD forest before Exchange can be deployed? -Setup /forestprep

3. What Exchange process is responsible for communication with AD? -DSACCESS

4. What 3 types of domain controller does Exchange access? - Normal DomainController, Global Catalog, Configuration Domain Controller

5. What connector type would you use to connect to the Internet, and what arethe two methods of sending mail over that connector? - SMTP Connector:Forward to smart host or use DNS to route to each address

6. How would you optimise Exchange 2003 memory usage on a Windows Server2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini

7. What would a rise in remote queue length generally indicate? - This meansmail is not being sent to other servers. This can be explained by outages orperformance issues with the network or remote servers.

8. What would a rise in the Local Delivery queue generally mean? - Thisindicates a performance issue or outage on the local server. Reasons could beslowness in consulting AD, slowness in handing messages off to local delivery orSMTP delivery. It could also be databases being dismounted or a lack of diskspace.

9. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAPand Global Catalog? - SMTP 25, POP3 110, IMAP4 143, RPC 135,LDAP 389, Global Catalog - 3268

10. Name the process names for the following: System Attendant? MAD.EXE,Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXE

11. What is the maximum amount of databases that can be hosted on Exchange2003 Enterprise? - 20 databases. 4 SGs x 5 DBs.

12. What are the disadvantages of circular logging? - In the event of a corruptdatabase, data can only be restored to the last backup.

Networking questions

1. What is a default gateway? - The exit-point from one network and entry-wayinto another network, often the router of the network.

2. How do you set a default route on an IOS Cisco router? - ip route 0.0.0.00.0.0.0 x.x.x.x [where x.x.x.x represents the destination address]

3. What is the difference between a domain local group and a global group? -Domain local groups grant permissions to objects within the domain in which thereside. Global groups contain grant permissions tree or forest wide for any objectswithin the Active Directory.

4. What is LDAP used for? - LDAP is a set of protocol used for providing access toinformation directories.
http://www.techinterviews.com/?p=295http://www.techinterviews.com/?p=304http://www.techinterviews.com/?p=295http://www.techinterviews.com/?p=304


40/64

5. What tool have you used to create and analyze packet captures? - NetworkMonitor in Win2K / Win2K3, Ethereal in Linux, OptiView Series II (by FlukeNetworks).

6. How does HSRP work?7. What is the significance of the IP address 255.255.255.255? - The limited

broadcast address is utilized when an IP node must perform a one-to-everyonedelivery on the local network but the network ID is unknown.

Q. What is the default domain functional level in Windows Server 2003Ans. Default Domain functional level Mix mode

Domain Functional Level

Domain functionality activates features that affect the whole domain and that domain only.The four domain functional levels, their corresponding features, and supported domaincontrollers are as follows:

Windows 2000 mixed (default)

Supported domain controllers: Microsoft Windows NT 4.0, Windows 2000, Windows Server 2003Activated features: local and global groups, global catalog support

Windows 2000 native

Supported domain controllers: Windows 2000, Windows Server 2003

Activated features: group nesting, universal groups, SidHistory, converting groupsbetween security groups anddistribution groups, you can raise domain levels byincreasing the forest level settings

Features of Exchange server 2007

Ans. Anti-spam and Antivirus

Feature New orUpdated in

SP1

Description

Edge Transport server role This server role is for perimeter network deployment. It suppoSimple Mail Transfer Protocol (SMTP) routing, provides anti-spam filtering technologies and support for antivirusextensibility. The Edge Transport server should be isolated fro

the Active Directory directory services, but can still leverageActive Directory for recipient filtering by using Active DirectoApplication Mode (ADAM). EdgeSync in Exchange Server2007 publishes pertinent organization information, encrypted, the Edge Transport server for use in robust recipient filtering arespects Microsoft Outlook safe sender lists on the Edge.Communications between the Edge Transport server and the


41/64

Feature New orUpdated inSP1

Description

internal network in an Exchange Server 2007 organization areencrypted by default.

Edge Transport includes anti-spam technologies that protect atmany layers.

Anti-spam: Connection

Filtering

Exchange Server 2007 provides an integrated, IP based block-and-all

list based on sender reputation. Lists are automatically updated as ne

versions become available. Administrators can establish additional IP

allow-or-deny lists as needed.

Anti-spam: Sender and

Recipient Filtering

Sender reputation is dynamically analyzed and updated. When the Ed

Transport server spots specific trends from a given domain, it can

impose certain actions to either quarantine or reject incoming

messages. Sender ID is also used to verify t

20369427 windows questions desktop engineer questions system admin

Documents