Pages

Thursday, September 12, 2013

Active Directory -Part 4

101. How does system restore work?

    Windows XP periodically records a snapshot of your computer. These snapshots are called restore points. Windows XP also creates restore points at the time of significant system events (such as when an application or driver is installed) or you can create and name your own restore points at any time. If you have installed a program that has made your computer unstable, you can open system restore, choose a restore point, and return your computer to its previous stable state.

102. How you will create restore point?

      In windows XP  go to start menu ,Programs, accessories , system tools ,system restore  then we will get an option to create a restore point or when an application or driver is installed a system restore point will be created.

103. What is registry?

Microsoft Windows XP Professional stores hardware and software settings centrally in a hierarchical database called the registry.The registry contains a variety of different types of data, including the following:
  • The hardware installed on the computer, including the central processing unit (CPU), bus type, pointing device or mouse, and keyboard.
  • Installed device drivers.
  • Installed applications.
  • Installed network protocols.
  • Network adapter card settings
104. What is OSPF ?

       It is an Internet routing protocol that scales well, can route traffic along multiple paths, and uses knowledge of an Internet’s topology to make accurate routing decisions.
105. What is DiskQouta?

Windows XP Professional disk quotas track and control disk usage on a per-user, per-volume basis. Windows XP Professional tracks disk quotas for each volume, even if the volumes are on the same hard disk. Because quotas are tracked on a per-user basis, every user's disk space is tracked regardless of the folder in which the user stores files

106. What is the difference between a thread and process?

A process is a collection of virtual memory space, code, data, and system resources. A thread is code that is to be serially executed within a process. A processor executes threads, not processes, so each application has at least one process, and a process always has at least one thread of execution, known as the primary thread. A process can have multiple threads in addition to the primary thread. Prior to the introduction of multiple threads of execution, applications were all designed to run on a single thread of execution.
107. Tell the difference between assembler, loader, processor and linker?
Processor: performs all the functions for a program in execution i.e., ALU, MU, CU.
Assembler : converts High level to Assembly Language or Low level language.
Loader: Loads the program from hard disk to main memory for execution.
Linker:  (dynamic and static) most OS supports only static linking, in which system language libraries are treated like any other object module and are combined with the loader into the binary program image. And DYAMIC linking is links the library files at the run time.
108. Differentiate between hardware RAID and software RAID
RAID Hardware is always a disk controller to which you can cable up the disk drives. RAID Software is a set of kernel modules coupled together with management utilities that implement RAID in Software and require no additional hardware.
Software RAID is more flexible than Hardware RAID. Software RAID is also considerably less expensive. On the other hand, a Software RAID system requires more CPU cycles and power to run well than a comparable Hardware RAID System. Also, because Software RAID operates on a partition by partition basis where a number of individual disk partitions are grouped together as opposed to Hardware RAID systems which generally group together entire disk drives, Software RAID tends be slightly more complicated to run. This is because it has more available configurations and options. An added benefit to the slightly more expensive Hardware RAID solution is that many Hardware RAID systems incorporate features that are specialized for optimizing the performance of your system
there is very little difference between hardware and software RAID. Ultimately, the difference comes down to where the RAID processing is performed. It can either be performed in the host server's CPU (software RAID), or in an external CPU (hardware RAID). For hardware RAID, that CPU can be in a disk array or in a RAID controller.
Hardware RAID presents logical disks that are already configured to the system (or the SAN), mirrored and ready to go. Configuration is still required, but that configuration takes place outside the system. Under software RAID, that configuration is performed in the system.
Since hardware RAID work is done outside the system and the OS, it can support more kinds of systems. You could, theoretically, connect a disk array that does RAID to a Palm device, without the Palm knowing anything about RAID. (Don't try this at home, kids.) Software RAI The biggest difference you are likely to see between the two is that software RAID tends to be slower than hardware RAID. However, you are likely to find that putting an additional CPU in your server to speed up software RAID is less expensive than implementing hardware RAID on custom hardware.D is limited to OSes on which the disk management application can run.
109. What is mean by disk de fragmentation and chkdsk?
The process of finding and consolidating fragmented files and folders is called decrementing. Disk defragmenter locates fragmented files and folders and defrayments them by moving the pieces of each file or folder to one location so that each occupies a single, contiguous space on the hard disk consequently, your system can access and save files and folders more efficiently. By consolidating files and folders disk defragmenter also consolidates free space
Check disk attempts to repair file system errors, locate bad sectors, and recover readable information from those bad sectors. All files must be closed for this program to run. To access Check disk, select the drive you want to check in Windows Explorer or My Computer. Click the File menu, click Properties, click the Tools tab, and click Check Now. Select one of the options on the Check disk dialog box
110. What is the difference between router and gateway?
Routers send data to a specific location based on an address for the network segment. The benefit is the ability for a router to search routing tables and find the shortest path to the destination. The downside to routers is that they are protocol dependent and therefore can only route data between network segments using the same protocol. Today this is a moot because everyone uses TCP/IP and has an open architecture. This is why, for example, data can be sent between a Windows NT network and a Netware network.
Gateways are network points that act as an entrance to another network. On the Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company's network or at your local Internet service provider (ISP) are gateway nodes.

In the network for an enterprise, a computer server acting as a gateway node is often also acting as a proxy server and a firewall server. A gateway is often associated with both a router, which knows where to direct a given packet of data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet.

111. What is Encapsulation?
In computer science, the principle of information hiding is the hiding of design decisions in a computer program that are most likely to change, thus protecting other parts of the program from change if the design decision is changed. Protecting a design decision involves providing a stable interface which shields the remainder of the program from the implementation (the details that are most likely to change).


113. How you will combine backups?
  • Normal and differential backups.  On Monday a normal backup is performed, and on Tuesday through Friday differential backups are performed. Differential backups do not clear markers, which mean that each backup includes all changes since Monday. If data becomes corrupt on Friday, you only need to restore the normal backup from Monday and the differential backup from Thursday. This strategy takes more time to back up but less time to restore.
  • Normal and incremental backups.  On Monday a normal backup is performed, and on Tuesday through Friday incremental backups are performed. Incremental backups clear markers, which mean that each backup includes only the files that changed since the previous backup. If data becomes corrupt on Friday, you need to restore the normal backup from Monday and all incremental backups, from Tuesday through Friday. This strategy takes less time to back up but more time to restore.
115. What is the difference between FAT and NTFS?
NTFS:  File and folder level security, Disk compression, Disk quota , Encryption
FAT:  No file and folder level security, Dual booting capability
117.what is the use of LDAP (X.500 standard?):  LDAP is a directory access protocol, which is used to exchange directory information from server to clients or from server to servers

118.what is the use of terminal services: Terminal services can be used as Remote Administration mode to administer remotely as well as Application Server Mode to run the application in one server and users can login to that server to user that application.

119.what is the protocol used for terminal services:   RDP

120. What are the problems that are generally come across DHCP
Scope is full with IP addresses no IP’s available for new machines, If scope options are not configured properly eg default gateway , Incorrect creation of scopes etc

121.What is the role responsible for time synchronization
PDC Emulator is responsible for time synchronization. Time synchronization is important because Kerberos authentication depends on time stamp information

122.How to take DNS and WINS,DHCP backup
%System root%/system32/dns
%System root%/system32/WINS
%System root%/system32/DHCP

123.What is recovery console
Recovery console is a utility used to recover the system when it is not booting properly or not at all booting. We can perform fallowing operations from recovery console
We can copy, rename, or replace operating system files and folders
Enable or disable service or device startup the next time that start computer
Repair the file system boot sector or the Master Boot Record
Create and format partitions on drives


124.what is DFS & its usage
DFS is a distributed file system used to provide common environment for users to access files and folders even when they are shared in different servers physically.
There are two types of DFS domain DFS and Stand alone DFS. We cannot provide redundancy for stand alone DFS in case of failure. Domain DFS is used in a domain environment which can be accessed by /domain name/root1 (root 1 is DFS root name). Stand alone DFS can be used in workgroup environment which can be accessed through /server name/root1 (root 1 is DFS root name). Both the cases we need to create DFS root ( Which appears like a shared folder for end users) and DFS links ( A logical link which is pointing to the server where the folder is physically shared)
The maximum number of Dfs roots per server is 1.
The maximum numbers of Dfs root replicas are 31.
The maximum number of Dfs roots per domain is unlimited.
The maximum number of Dfs links or shared folders in a Dfs root is 1,000

128. What is an ACL?
 An ACL is stored with every file and folder on an NTFS volume and contains a list of all user accounts or groups that have been assigned permissions to that file or folder. An ACE is an entry in an ACL that contains the operations that a user or group is allowed or specifically denied to perform on that file or folder.
129. What are Shadow copies?

        Microsoft Windows Server 2003 includes Shadow Copies of Shared Folders to help prevent inadvertent loss of data. Shadow Copies of Shared Folders helps alleviate data loss by creating shadow copies of files or folders that are stored on network file shares at predetermined time intervals. A shadow copy is essentially a previous version of the file or folder at a specific point in time.

131. What is the difference between DNS and WINS?

            WINS and DNS are both name resolution services for TCP/IP networks. While WINS resolves names in the NetBIOS namespace, DNS resolves names in the DNS domain namespace. WINS primarily supports clients that run older versions of Windows and applications that use NetBIOS. Windows 2000, Windows XP, and Windows Server 2003 use DNS names in addition to NetBIOS names. Environments that include some computers that use NetBIOS names and other computers that use domain names must include both WINS servers and DNS servers.

132. What is the difference between dynamic routing and Static routing?
    Static routing algorithms are hardly algorithms at all, but are table mappings established by the network administrator before the beginning of routing. These mappings do not change unless the network administrator alters them. Algorithms that use static routes are simple to design and work well in environments where network traffic is relatively predictable and where network design is relatively simple. Because static routing systems cannot react to network changes, they generally are considered unsuitable for today's large, constantly changing networks. Most of the dominant routing algorithms today are dynamic routing algorithms, which adjust to changing network circumstances by analyzing incoming routing update messages. If the message indicates that a network change has occurred, the routing software recalculates routes and sends out new routing update messages. These messages permeate the network, stimulating routers to rerun their algorithms and change their routing tables accordingly.
       Dynamic routing algorithms can be supplemented with static routes where appropriate. A router of last resort (a router to which all un routable packets are sent), for example, can be designated to act as a repository for all un routable packets, ensuring that all messages are at least handled in some way.
133. Tell about Windows 2003 family?
·         Windows Server 2003, Web Edition: This is a new type of server for Microsoft. This server is optimized for hosting Web sites and is the only Windows Server 2003 that installs IIS 6.0 as a default component.
·         Windows Server 2003, Standard Edition: This server is the same level of server as Windows 2000 — just a normal network server capable of establishing and managing a domain.
·         Windows Server 2003, Enterprise Edition: This server is a bit more robust. It demands more computing horsepower, but can return it in spades. Enterprise Edition is designed to support infrastructure servers that require high reliability and superior performance.
·         Windows Server 2003, Datacenter Edition: This is the granddaddy of all servers from Microsoft. It's designed to offer mission-critical fault-tolerance for demanding applications by providing a scalable clustering architecture that offers high availability.
134. What are the name resolution methods available in windows?
Windows 2000 Professional provides four methods for resolving names to IP addresses:
  • Domain Name System (DNS) for applications and services that require host-to-IP name resolution, such as Active Directory
  • Windows Internet Name Service (WINS), for compatibility with applications and services that require NetBIOS-to-IP name resolution, such as browsing functions of previous versions of Windows
  • Hosts and Lmhosts files, which provide host-to-IP and NetBIOS-to-IP name resolution via manually-maintained local files
  • b-node broadcasts, which can be used for NetBIOS name resolution within the local subnet.
135.What is the min and max no of disks participate in RAID 0, RAID 1 and RAID 5?
  • RAID 0 - 2 ,  RAID 1- 2, RAID 5-   3
136.What is IPSec?
IPSec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in a data stream. IPSec also includes protocols for cryptographic key establishment. There are two modes of IPSec operation: transport mode and tunnel mode. Transport mode is used for host-to-host communications. Tunnel mode is used for network-to-network communications.
137.Which are the ports to be blocked to ensure security over TCP/IP?
 TCP ports 135, 139, and 445, and
 UDP ports 135, 137, and 445 should be blocked as well as all the other unused ports

138.What is mean by Server Hardening?

Hardening the system means zero tolerance. Or Hardening is setting system config settings to make it more resilient to attack. Hardening is "configuring a system for better security." Deactivating unnecessary programs, using file permissions and ACL’s, and tweaking OS parameters to limit access to what's needed, Using Least Privilege: giving just what they need and a little bit more. Using Minimalism: turning stuff off you're not using. Hardening can be achieved through the following steps.

1. Use Firewalls
2. Applying Service Packs and security patches
3. Account Considerations for e.g. Create another Admin account with restricted privileges makes the intruder the job very difficult
4. Apply Antivirus (Don’t browse from servers, don’t download the patches or other software’s directly from servers and don’t install it directly to servers unless it is applied in the test lab)
5. Policies should be designed in such a way that user activity will be traced.
6. Strong Password practices
7. Disable unnecessary services running in the machine
8. File system should be secured type such as NTFS
9. Bios should be locked
10. Booting drive should be C drive
11. The system running IIS has to be installed on a separate network segment or with no network cable attached until the latest service packs are applied.


139. Procedure to apply patches in production servers
§  Updates obtained from a vendor are tightly controlled and managed. For example, they might be kept in a secure repository that few individuals in MIS are authorized to access. Copying or downloading updates into the repository might be subject to rigorous approval, scheduling, auditing, and logging procedures.
§  Updates are promoted to production systems in specific stages during which they are thoroughly tested. For example, an update might first be installed on a single machine, separated from the production environment, in which production applications are tested to ensure that the update works as expected and does not introduce regressions. Before being rolled out into the production environment, the updates may be tested in an intermediate staging area, where it is subject to loads that mimic expected usage in the production environment.
§  When an update is introduced into the production environment itself, all machines on which the update is installed must run the updated product software at precisely the same maintenance level. For example, the domain configuration, product version, and patch level of Web Logic Server 9.1 used in all machines is identical.
§  Machines in the production environment may not obtain updates from the Internet. In fact, the machines may not be connected to the Internet at all, and possibly not to the same Local Area Network shared by machines that have an Internet connection. Instead, updates are made available only from a specific location, or set of locations, in the enterprise. And the downloading of updates to the production machines are regulated by several business practices and procedures
140. What you will do if a virus affects your PC?
1.       Disable System Restore (Windows Me/XP).
2.       Update the virus definitions.
3.       Restart the computer in Safe mode or VGA mode.
4.       Run a full system scan and delete all the files detected by Virus..
5.       Edit the registry and look for references to the Trojan.
141. Difference between Router and Switch
•     Router understands IP head, and switch deal with MAC address
•     Router has its own IP address, and switch don’t
•     Router has an operating system running inside, and allow administrator to login into the system.
•     You must configure routing table to make it works.          Switch is usually ready to use.
•     Router has routing software running inside, including route discovery protocol.
•     Routing software know how to deal with different IP packet, such as ICMP and other IP option     functionality. Switches don’t.
•     Multiple routers can be connected together as a network. But we can’t connect multiple switches

143 Windows Registry
The Registry contains information that Windows continually references during operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can create, property sheet settings for folders and application icons, what hardware exists on the system, and the ports that are being used.
144. What is the difference between Regedit .exe and regedit32.exe?
Regedit.exe is the registration editor for 16-bit Windows. It is used to modify the Windows registration database. The database is located in the Windows directory as Reg.dat.
Regedt32.exe is the configuration editor for Windows NT. It is used to modify the Windows NT configuration database, or the Windows NT registry. This editor allows you to view or modify the Windows NT registry
145. How to backup and restore registry?
Click start, run, Regedit and Locate and then click the sub key that contains the value that you want to edit. On the file menu click export. In the save in box select the location you want to save the registration entries.
To restore registry sub keys that you exported, double-click the Registration Entries (.reg) file that you saved. To restore the whole registry, restore the system state from a backup.
146. What are the five keys in windows registry?
HKEY_CURRENT_USER
Contains the root of the configuration information for the user who is currently logged on. The user's folders, screen colors, and Control Panel settings are stored here.
HKEY_USERS
Contains all the actively loaded user profiles on the computer. HKEY_CURRENT_USER is a sub key of HKEY_USERS
HKEY_LOCAL_MACHINE
Contains configuration information particular to the computer
HKEY_CLASSES_ROOT
Is a sub key of HKEY_LOCAL_MACHINE\Software. The information stored here makes sure that the correct program opens when you open a file by using Windows Explorer
HKEY_CURRENT_CONFIG
Contains information about the hardware profile that is used by the local computer at system startup

147. What is clustering and whether windows 2000 supports clustering?
Connecting two or more computers together in such a way that they behave likes a single computer. Clustering is used for parallel processing, load balancing and fault tolerance

148.What is Quorum: A shared storage need to provide for all servers which keeps information about clustered application and session state and is useful in FAILOVER situation. This is very important if Quorum disk fails entire cluster will fails

149.What is Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to identify the status of other servers in cluster.

150.what is Active Directory De-fragmentation
De-fragmentation of AD means separating used space and empty space created by deleted objects and reduces directory size (only in offline De-fragmentation)

151.Difference between online and offline de-fragmentation
Online De-fragmentation will be performed by garbage collection process, which runs for every 12 hours by default which separate used space and white space (white space is the space created because of object deletion in AD eg User) and improves the efficiency of AD when the domain controller up and running

Offline defragmentation can be done manually by taking domain controller into Restoration mode. We can only reduce the file size of directory database where as the efficiency will be same as in online defragmentation

152.What is tombstone period
Tombstones are nothing but objects marked for deletion. After deleting an object in AD the objects will not be deleted permanently. It will be remain 60 days by default (which can be configurable) it adds an entry as marked for deletion on the object and replicates to all DC’s. After 60 days object will be deleted permanently from all Dc’s.

153.What is ASR (Automated System Recovery) and how to implement it

ASR is a two-part system; it includes ASR backup and ASR restore. The ASR Wizard, located in Backup, does the backup portion. The wizard backs up the system state, system services, and all the disks that are associated with the operating system components. ASR also creates a file that contains information about the backup, the disk configurations (including basic and dynamic volumes), and how to perform a restore.

You can access the restore portion by pressing F2 when prompted in the text-mode portion of setup. ASR reads the disk configurations from the file that it creates. It restores all the disk signatures, volumes, and partitions on (at a minimum) the disks that you need to start the computer. ASR will try to restore all the disk configurations, but under some circumstances it might not be able to. ASR then installs a simple installation of Windows and automatically starts a restoration using the backup created by the ASR Wizard.

154. What are the different levels that we can apply Group Policy
We can apply group policy at SITE level---Domain Level---OU level

155. What is Domain Policy, Domain controller policy, Local policy and Group policy?

Domain Policy will apply to all computers in the domain, because by default it will be associated with domain GPO, Where as Domain controller policy will be applied only on domain controller. By default domain controller security policy will be associated with domain controller GPO. Local policy will be applied to that particular machine only and effects to that computer only.

156. What is the use of SYSVOL folder
Policies and scripts saved in SYSVOL folder will be replicated to all domain controllers in the domain. FRS (File replication service) is responsible for replicating all policies and scripts

157.What is folder redirection?

Folder Redirection is a User group policy. Once you create the group policy and link it to the appropriate folder object, an administrator can designate which folders to redirect and where to do this, the administrator needs to navigate to the following location in the Group Policy Object:  User Configuration\Windows Settings\Folder Redirection
In the Properties of the folder, you can choose Basic or Advanced folder redirection and you can designate the server file system path to which the folder should be redirected.

The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to dynamically create a newly redirected folder for each user to whom the policy object applies.

158. RIS/RAS Concepts


A server that is dedicated to handling users those are not on a LAN but need remote access to it. The remote access server allows users to gain access to files and print services on the LAN from a remote location. For example, a user who dials into a network from home using an analog modem or an ISDN connection will dial into a remote access server. Once the user is authenticated he can access shared drives and printers as if he were physically connected to the office LAN.
159. What is metadata?
Schema Class objects and schema attribute objects are collectively known as metadata
160.What are the drawbacks of existing Backup?
·         It does not support writable DVD and CD formats
·         The target media be in a device physically attached to the system.(ie) we cannot backup data to a tape drive attached to a remote server
161.What are the restore options?
Original location , Alternate location, Single folder

162.What are  the media pool types?
Unrecognised : Tape media that is completely blank
Free : Newly formatted tape
Backup : Already backed up
Import : Contains media that are not catalogued
163.What are the advanced backup options?
Verify data after backup, If possible compress data to save space, Disable Volume Shadow Copy

IIS
164.What are the advanced options in IIS?
Front page server extension, FTP service, NNTP, SMTP
165.What is the physical path to Home directory?   C:\inetpub\wwwroot
166.What is the authentication method used in IIS?
1.       Anonymous authentication
2.       Basic authentication
3.       Digest authentication
4.       Advanced digest authentication
5.       Integrated windows authentication
6.       Certificate authentication
7.       Passport authentication
167 What are the services that run after the installation of Symantec Antivirus?
1.       SAV  ROM
2.       Symantec Antivirus
3.       Symantec Antivirus Defenition Watcher
4.       Symantec Event Manager
5.       Symantec Network Drivers Service
6.       Symantec Password Validation
7.       Symantec Settings Manager
168.How to troubleshoot a printer?
1.Check whether is it possible to print from other applications
2.Verify that print client can connect to print server
3.Verify that the printer is operational
4.verify that the printer is accessible from print server
5.Verify that print servers services are running
·         Commands used for starting the printee spooler service  are Net Start Spooler and Net Stop Spooler.
169. what is Software Update Services
SUS is a client server application that enables a server on the intranet to act as a point of administration for updates.We can approve updates which then download and install automatically without local administrator interaction.
169. What are the Installation requirements and steps?
SUS is not included in the Windows CD but it is a free download from Microsoft’s website.
Installation steps
Choose file locations
Partition should be NTFS and It needs 6 GB of free space.
It installs the following three components
The software updates synchronisation service which downloads the contents to the SUS server.
An IIS website that services update requests from Automatic update clients
An SUS administration webpagefrom which we can synchronise the SUS server and approve updates.
Administrative tasks related to SUS are: Configuring SUS settings, synchronizing the content, approving the content
These tasks are performed using the SUS website. this can be accessed by navigating to http://SUS_servername/SUSAdmin.
The configuration settings are as follows:
1.Proxy server configuration
2.DNS name of the SUS server
3.Content Source
4.New versions of approved updates
5.File storage.
170.What are the SUS topologies are given below
Multiple server topology: Each SUS server synchronises content from windows update, and manages its own list of approved updates.and each SUS server administrator have control over that servers list of approved updates.
Strict Parent Child topology: A Parent SUS server synchronises the content from windows update and stores update in a lcoal folder.The SUS administrator then approves the updates.Other SUS servers synchronise from the parent and are configured.
Loose Parent/Child topology: A parent server synchronises the content from windows update and stores update in a local folder.Other SUS servers synchronise from parent.Unlike the strict configuration these additional SUS servers do not synchronise the list of approved updates.so administrators of these servers can approve or disapprove the updates independently.
Test/Production topology: This model allows an organistion to create a testing or staging of updates.The parent SUS server downloads updates from windows update and an administrator approves the updates to be tested.
Synchronisation can be done in two ways:  Manual Synchronization and Automatic Scheduled Synchronisation.In case synchronisation fails it retries after 30 minutes.
Approving updates: To approve updates for distributing to client machines Click approve updates in the left navigation bar.If we are unsure about the applicatbility of the patch we can click the details link.
The automatic update client of Windows server 2003 is configured to connect automatically to the microsoft windows update server and downlaod updates and then prompt the user to install them.
Automatic updates support two behaviours: Automatic, Manual
If it is configured to notify the user before downloading updates, it registers the notification of an update in the system event log and to be logged on administrator.If an administrator is not logged on Automatic updates wait for the user with administrator credentials before offering notification by means of a balloon icon in the tray.
Installation behaviour, Notification and Automatic, We can monitor the SUS with the help of log files, Synchronisation log, Approval log, Windows update log, Wutrack.bin
171.Explain about backing up SUS
The backup should contain
1.       The folder that contains the SUS content
2.       The SUS administration website
3.       IIS metabase
First backup the metabase –an XML database containig the configuration of IIS.Using the IIS-MMC snap in select all tasks, then backup/restore configuration .Click create backup.then backup the following using Ntbackup
The default website located at C;/inetpub/wwwroot
The SUS administration website
The metabase backup directory.
Maximum number of users in a group =5000
Architectural limit of Objects in a forest=2^32
Maximum number of groups per user =32

Active Directory service Functionality

Organise, manage and control resources
Single point of administration

172.Active Directory supported technologies are given below
·         TCP/IP
·         DHCP
·         DNS
·         SNTP
·         LDAP
·         Kerberos

173.What is the physical structure of Active Directory?     Sites , Domain Controllers

174.What is the logical structure of Active Directory?  Domains, OU’s,  Trees and Forests

175.What are the Specific Domain Controller roles?    Global catalogue, Operation Masters

176.When you need to modify schema?
  • When we use active directory schema to create, modify or deactivate classes or attributes.
  • Write scripts to automate the schema modification
  • Install software applications that add classes or attributes

177.Is it possible to have two schema masters in a forest?  - No.

178.Is it possible to apply GPO to a forest? -  Yes.

179.Is it possible to apply Group Policies to a forest?:  Basically in Windows 2000 and 2003 it is possible to create a group policy object that can be used anywhere in the forest. Group policy settings are linked to Coputers,sites ,domains and OU’s.
180.What is the Maximum size of pst file ?   - 2 GB.
181.What is the default size of pst file?  - 32 KB (Office 2000)
182. What are Lingering Objects?
When you restore AD from an expired backup, a lingering object is a deleted AD object that re-appears (“lingers”) on the restored domain controller (DC) in its local copy of Active Directory. This can happen if, after the backup was made, the object was deleted on another DC more than than 60 (or 180) days ago.
When a DC deletes an object it replaces the object with a tombstone object. The tombstone object is a placeholder that represents the deleted object. When replication occurs, the tombstone object is transmitted to the other DCs, which causes them to delete the AD object as well.
Tombstone objects are kept for 60 (or 180) days, after which they are garbage-collected and removed.
If a DC is restored from a backup that contains an object deleted elsewhere, the object will re-appear on the restored DC. Because the tombstone object on the other DCs has been removed, the restored DC will not receive the tombstone object (via replication), and so it will never be notified of the deletion. The deleted object will “linger” in the restored local copy of Active Directory.
183.How to Remove Lingering Objects
Windows Server 2003 has the ability to manually remove lingering objects using the repadmin console utility from the Windows Server 2003 Support Tools, located on the Windows Server CD. Use the option /removelingeringobjects. See below for more information.
184. What is the difference between multicast and broadcast?
Broadcast: To all connected recipients
Multicast: To the designated recepients
185. What are the object data problems you will face in active directory?
1) Lingering Objects:
If a domain controller remains disconnected for a longer period than the tombstone lifetime, an object that has been deleted from the directory can remain on the disconnected domain controller. For this reason, such objects are called "lingering objects.
2) Lost objects:
If an object is created on one domain controller, and the container in which it was created is deleted on another domain controller before the object has a chance to replicate, it becomes a lost object. Lost objects are automatically placed in a domain container where you can find them and either move or delete them.

Troubleshooting Lost Domain Objects

In some cases, an administrator might create or move an object into a container on one domain controller and another administrator might delete that same container on a different domain controller before the object is replicated. In such cases, the object is added to the LostAndFound container for the domain. The LostAndFoundConfig container in the configuration directory partition serves the same purpose for forest-wide objects.
1)      Object name conflicts:
If an object is created on one domain controller and an object with the same name is created in the same container on another domain controller before replication occurs, it creates an object name conflict. Active Directory automatically changes the relative distinguished name of the object with the earlier timestamp to a unique name.  Active Directory supports multi master replication of directory objects between all domain controllers in the domain. When replication of objects results in name conflicts (two objects have the same name within the same container), the system automatically renames one of these accounts to a unique name. For example, object ABC is renamed to be *CNF:guid, where "*" represents a reserved character, "CNF" is a constant that indicates a conflict resolution, and "guid" represents a printable representation of the objectGuid attribute value. 
186.What is RPC?
RPC is a powerful technique for constructing distributed, client-server based applications. It is based on extending the notion of conventional, or local procedure calling, so that the called procedure need not exist in the same address space as the calling procedure. The two processes may be on the same system, or they may be on different systems with a network connecting them. By using RPC, programmers of distributed applications avoid the details of the interface with the network. The transport independence of RPC isolates the application from the physical and logical elements of the data communications mechanism and allows the application to use a variety of transports.
187.What is a Service Pack?
Service pack is a consolidate package of critical updates, security rollups, hit fixes, driver updates, and feature enhancements.
188.Explain ATA,SATA,SCSI
ATA is Advanced Technology Attachment: It is used for connecting storage devices such as Hard disk and CD ROM.
IDE is a synonym for that .The length of the cable is 46 Cms. ATA connector

SATA : Serial Advacned Technology attachment.

It defines cables using 7 conductors.(of which 4 are active data lines).They are easier to fit and do not obstruct the air cooling but chances of accidental unplugging of the cable is more compare to PATA.It also specifies a new power connector.


A 7-pin Serial ATA data cable.


The Accelerated Graphics Port (also called Advanced Graphics Port, often shortened to AGP) is a high-speed point-to-point channel for attaching a graphics card to a computer's motherboard, primarily to assist in the acceleration of 3D computer graphics. Some motherboards have been built with multiple independent AGP slots
 Slot with Brown color is AGP

The Peripheral Component Interconnect, or PCI Standard (in practice almost always shortened to PCI) specifies a computer bus for attaching peripheral devices to a computer motherboard. These devices can take any one of the following forms

SCSI
 (Small Computer System Interface) is a set of standards for physically connecting and transferring data between computers and peripheral devices. The SCSI standards define commands, protocols, and electrical and optical interfaces. SCSI is most commonly used for hard disks and tape drives, but it can connect a wide range of other devices, including scanners, printers, and optical drives (CD, DVD, etc.).

189.Run menu Commands
  1. Add Hardware Wizard - hdwwiz.cpl
  2. Add/Remove Programs  - appwiz.cpl
  3. Administrative Tools - control admintools
  4. Automatic Updates - wuaucpl.cpl
  5. Certificate Manager - certmgr.msc
  6. Clipboard Viewer - clipbrd
  7. Computer Management - compmgmt.msc
  8. Date and Time Properties - timedate.cpl
  9. Device Manager - devmgmt.msc
  10. Direct X Troubleshooter - dxdiag
  11. Disk Cleanup Utility - cleanmgr
  12. Disk Defragment - dfrg.msc
  13. Disk Management - diskmgmt.msc
  14. Disk Partition Manager - diskpart
  15. Display Properties - control desktop
  16. Driver Verifier Utility - verifier
  17. Event Viewer - eventvwr.msc
  18. Folders Properties - control folders
  19. Internet Connection Wizard - icwconn1
  20. Internet Explorer - iexplore
  21. Internet Properties - inetcpl.cpl
  22. Local Security Settings - secpol.msc
  23. Local Users and Groups - lusrmgr.msc
  24. Logs You Out Of Windows - logoff
  25. Malicious Software Removal Tool - mrt
  26. Network Connections - control netconnections
  27. Network Connections - ncpa.cpl
  28. Network Setup Wizard - netsetup.cpl
  29. Outlook Express - msimn
  30. Performance Monitor - perfmon
  31. Phone and Modem Options - telephon.cpl
  32. Regional Settings  - intl.cpl
  33. Registry Editor - regedit32
  34. Remote Desktop - mstsc
  35. Removable Storage - ntmsmgr.msc
  36. Removable Storage Operator Requests - ntmsoprq.msc
  37. Resultant Set of Policy (for xp professional) - rsop.msc
  38. Shared Folders - fsmgmt.msc
  39. Shuts Down Windows - shutdown
  40. Sounds and Audio - mmsys.cpl
  41. System Configuration Editor - sysedit
  42. System Information - msinfo32
  43. System Properties - sysdm.cpl
  44. Task Manager - taskmgr
  45. Wordpad - write
191.Explain Terminal Services.
Terminal Services or Terminal Server Edition (TSE) is a component of Microsoft Windows operating systems (both client and server versions) that allows a user to access applications or data stored on a remote computer over a network connection. Terminal Services is Microsoft's take on server centric computing. Based on the Remote Desktop Protocol (RDP), Terminal Services was first introduced in Windows NT 4.0 (Terminal Server Edition). The products Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server and Windows Server 2003 have introduced several improvements and new features. Microsoft used Terminal Services in Windows XP to allow someone to assist the user (Remote Assistance) and to allow a user to take control of his/her computer remotely (Remote Desktop). Remote Assistance works in all editions of Windows XP, while Remote Desktop requires Professional Edition or Media Center Edition 2005 or earlier.
Microsoft provides the client software Remote Desktop Connection (formerly called Terminal Services Client), available for most 32-bit versions of their Windows operating systems and Apple's Mac OS X, that allows a user to connect to a server running Terminal Services. Third-party developers have created client software for other platforms, including the open source rdesktop client for common Unix platforms. Both Terminal Services and Remote Desktop Protocol use TCP port 3389 by default, which is editable in the Windows registry.
User must be a member of Administrator or Remote desktop users grou to successfully connect to the server using Remote desktop administration. Service Packs  Service Packs are consolidation of  critical updates,security roll ups,hot fixes,driver updates and feature enhancements.

192.Explain about Configure Your Server Wizard

If we select Typical configuration For a first server “Configure your server wizard”will promote the server to a domain cpntroller in a new domain,installs active directory services and if neededDNS,DHCP adnd Routing and Remote access services.
If we select Custom Configuration the  configure your server wizard can configure the following roles.
1.File Server: Disk quota management,Indexing services.
2.Print Server
3.Application Server: IIS 6.0,ASP.NET,and COM+
4.Mail Server:POP3,SMTP
5.Terminal Server
6.Domain controller
7.DNS Server
8.DHCP Server

193. Automated System recovery Wizard

 Automated System recovery wizard is a new feature in windows server 2003 that replaces Emergency repair disk feature of previous versions of Windows.

The prompt will be displayed to press F2 at the time of booting from CD to continue with ASR.

During Set up of Windows server 2003 we need to press F8 to accept the Licence agreement.
  • Manage your server   :Administrative tools
 The default account policies in Windows server 2003 domain set the default policy requires complex passwords that have min 7 characters.Also the password must contain 3 of 4 character types.Uppercase,lowercase,numeric,non-alpha numeric.

194 MMC’s

What is a MMC?

That provides a standardized, common interface for one or more applications, called snap ins,that is used to configure the elements of the environment.

MMC consoles run on Server 2003, 2000, NT4, XP and 98.

There are two type of snap-ins
Stand alone : they are provided by the developer of an application.
Extension snap ins : are designed to work with one or more stand alone snap ins based on the functionality of the stand alone.

2 modes:Author mode(Default) and User mode:
Author mode : Enable full access to all of the MMC functionality includes.
Adding or removing snap ins
Creating windows
Saving consoles etc

User modes:

If we are planning to distribute an MMC with specific functions you can set the desired user mode then save the console.
Terminal Services trouble shooting
1. Network failure
2. DNS failure
3. Terminal services port in client machine is  mis configured
4. Credentials
5. Policy
6. Too many concurrent connections.

195. How many simultaneous connections are possible to terminal server running in the remote administration mode?
Three.  Two remote connections and one at the console.

196.Tell me about Password Policies

1.Enforce password history: When this policy is enabled the active directory maintains a list of recently used passwords and will not allow a user to create a password that matches a password in that history.the users wont be able to use the same password while changing the password.The maximum value is 24 and many organizations use 6 to 12.
2.Maximum Password Age : This policy determines when users will be forced to change their password.Passwords that are unchanged or infrequently changed are more vulnerable to attacks.The default is 42 days .Most of the companies set it as 30 to 90 days.
3.Minimum Password age: This policy  prevents the frequent change of password Specified number of days must pass between password changes. Of course a password can be reset at any time in Active Directory by an administrator or support person with sufficient permissions.
4.Minimum Password length: In Windows 2003 default is 7 characters.
5.Complexity requirements.

The default password filter in windows 2003 (Passfilt.dll)requires a password
1. Is not based on user account name
2. at least 6 characters long
3. Contains  uppercase, lower case, numeric ,special character
1. Account lock out policy
After several logon attempts system assumes that the hacker is trying different passwords and it will trigger the account lock out,
2 .Account lockout threshold: This configures the no of invalid logon attempts, Value is 0 to 999. A value of 0 will result in accounts never being locked out.
3 .Account lockout duration

This policy determines the period of time that must pass after a lock out before active directory will automatically unlock a user’s account. Ranges from 0 99999minutes.But normally 5 to 15 minutes is enough.

Windows 95, 98 and ME supports only 14 characters and Windows 2000, XP Professional, 2003 support 127 characters,
Active Directory client can be downloaded from Microsoft website and to participate in many active directory features available to other operating systems such as  Site awareness ADSI, Dfs

197.what are the modifications that can be done to a user account

1. Disabling and enabling a user account
2. Deleting a user
3. Renaming a user: - We will rename a user if the user changes their name or replacing that user with a user who want to maintain the same rights, permissions, group memberships and most of the user properties of the previous user.

198.How to set password policy?

1. Open AD users and computers.
2. Select domain node
3. From the action menu choose properties
4. On the group policy tab select default domain policy and then click edit.
5. Navigate to computer configuration, Windows settings, Security settings, Account policies and finally account lock out policy.

  199. GROUPS
Windows server 2003 has two group types.Security and distribution.
Security groups are used to assign permissions for access to network resources
Distribution groups are used to combine users for E-mail distribution lists.Security groups can be added as  a distribution groups but distribution groups cannot be used as security groups

200. What is group scope?

Group scope defines how permissions are assigned to the group members. Windows Server 2003 groups, both security and distribution groups are classifieds into one of three group scopes.
  • Domain local
  • Global
  • Universal.

Local groups

Local are used primarily for backward compatibility with Windows NT4.Domain controllers do not use local groups.
Local groups can include members from any domain within a forest.
The local group has only machine wide scope. It can grant permissions only on the machine on which it exists.
Domain local groups

Domain local groups are used primarily to assign access permissions to global groups for local domain resources.
Exists in all mixed ,native and interim afunctional level domains and forests.
Can be used to grant resource permission for members on the domain in which the group exists.

Global groups

Global groups are used primarily to provide categorized member ship in domain local groups for individual security principals or for direct permission assignment.
Can only include members from within their domain
Can be granted permission in any domain, Can contain global groups.
Universal groups

Used primarily to grant access to resources in all trusted domains but can be used only as security principals.
Universal groups can include members from any domain in the forest.
In windows 2000 native or Windows server 2003 domain functional level, universal groups can be granted permissions in any domain, including domains in other forests with which a trust exists.

Group conversion

In windows 2000 native or windows server 2003 domain fuctional level domain,domain local and global groups can be converted to universal groups if the groups are not members of other groups of the same scope

Special identities
There are some special groups called special identities,that are managed by operating system.The special identities cant be created or deleted.nor can their memberships modified by administrators.Special identities do not appear in the acitive directory users and computers snap in or in any other computer management tool.But can be assigned permissions in an ACL.

Everyone: Represent all network users including guest and users from other domains. When ever a user logs on to the network the user is automatically added to everyone group.

Network: represents users currently accessing a given resource over the network. Whenever a user accesses a given resources over the network, the user is automatically added to the network group.

Interactive: Represents all users currently logged into a particular computer and accessing a given resource located on that computer.

Anonymous logon: Any user who uses network resource but didn’t go through authentication process.

Authenticated users: It includes all users who are authenticated into the network by using a valid user account. When assigning permissions we can use the authenticated users group in place of everyone group to prevent anonymous access to resources.

Creator owner: It represents the user who created or who took owner ship of the resource

  • We cannot change the type and scope of the group if the domain is in mixed or Windows Server 2003 interim domain functional level.
  • Command to find the groups in which the user is a member:

                            Dsget user UserDN –member of [-expand]


at

No comments:

Post a Comment