-
7/28/2019 Exam 70-270 Notes
1/27
Part 1: Getting started with Windows XP Pro
[1.1] Windows XP Professional hardware requirements
Processor minimum P233, recommended PII 300
RAM minimum 64Mb, recommended 128Mb
Disk Space minimum 1.5Gb, recommended 2Gb
Network needed if installing using it
Display minimum SVGA 800x600 or better
Peripheral devices: keyboard and mouse (or other pointing
device)
CD-ROM or DVD-ROM if installing from CD, recommended 12x or
faster
Floppy drive if you intend to use ASR (Automated System
Recovery)
Windows XP Professional supports up to 2 CPUs, while Windows XP
Home edition supports only 1 CPU,
there are not other hardware requirement differences between
Windows editions
[1.2] Windows XP Professional install steps
Collecting information
o Insert Windows XP CD and reboot the PC
o Setup program starts when you boot from the CD. Press F6 for
third party disk driver, F2 for
automatic recovery
o A welcome dialog box appears, press enter to install XP, R for
repair of XP installation, F3 to quit
o Licensing agreement, F8 to accept, ESC to refuse
o Partitions screen appears
o Copying of setup files
o Remove CD and reboot PC
Installing Windows
o Regional settings, choose locale (numbers, currencies, dates
and times view options) and
keyboard layouts
o User name and organization screen
o Product key screen, 25 character key
o Computer name
up to 15 bytes for NetBIOS compatibility
1 byte is 1 character in most languages (2 in say Chinese)
FQDN has a limit of 155 bytes for DC in Windows 2000/2003 (255
bytes in NT 4.0)
Computer name has a limit of 63 bytes
Computer name has to be unique on the network
o Administrative password
o If you have a plug and play modem, you set it up now
o Date and time
o Network settings
o Work group name or domain affiliation
o
Automated finishing tasks
[1.3] Install options
For clean install/upgrade on computers running win 3.x or DOS
(16 bit systems) use winnt.exe
For install/upgrade on computers running 32 bit OS use
winnt32.exe
[1.4] After installation
The default network setup is for the Windows XP to be a DHCP
client
You need to activate your product within 30 days unless you have
corporate licence
After 30 days you will not be able to logon to your PC without
activation if you log out or restart your PC
(you will still be able to access your PC in safe mode without
network support)
Activation can be done over the phone or online
There are three log files created after installationo
%systemdir%\setupact.log - installation actions log
o %systemdir%\setuperr.log - errors that occurred during
installation
o %systemdir%\netsetup.log - network related log (like domain
joining)
[1.5] Support for multiboot
Windows XP will configure multiboot automatically if it detect
compatible OS (i.e. Microsoft OS) and you
are using clean install option
Do not use dynamic disks or NTFS if the other OS doesn't support
it
Windows XP will not be able to read volumes compressed with
Windows NT4 compression
[1.6] Joining a domain
You can pre-authorize a computer in the AD
Or, you can enter user name and password of the domain user that
has 'Add computers to the domain'
permission to add computer to the AD
[1.7] Laptop special Windows XP features
-
7/28/2019 Exam 70-270 Notes
2/27
Credential manager
Clear type
Hot docking
[1.8] Other points
Hardware compatibility list (HCL) http://www.microsoft.com/hcl/
now Windows catalog
http://www.microsoft.com/windows/catalog/
If hardware is not found in the Windows catalog you will not get
any support from Microsoft
BIOS is preferred with ACPI (Advanced Configuration and Power
Interface) functionality, APM (AdvancedPower Management) is the API
for ACPI hardware
If you are upgrading from Windows 98/Me checks whatever there
are drivers for your hardware, since
98/Me drivers are VxDs (virtual device drivers) and don't work
on Windows XP
You can upgrade from Windows 98/Me/NT4/NT3.51/2000 Pro (due to a
bug win95 will qualify as upgrade
media but only for clean install)
System partition is the location of the files that are needed
for Windows XP to boot, vary little space,
default is the active partition
Boot partition is the location of Windows XP OS (all files)
Note that Microsoft changed the default directory for
installation from WINNT to WINDOWS
Installation files are in \I386 directory on the CD
WFP - Windows file protection is used to protect Windows system
DLL files from modification, files are
stored in %SystemRoot%\System32\Dllcache
Sfc.exe - scans and verifies the versions of all protected
system files when the computer is booting
Dynamic update runs during installation of Windows XP. You can
disable it with /dudisable switch of
winnt32, /duprepare:pathname to prepare network share for
dynamic update files, /dushare:pathname
to specify network share with dynamic update files.
Part 2: Automating installation
[2.1] Types of automated installation
Remote Installation Service (RIS) introduced in Windows 2000 -
for use with multiple PCs for automatic
deploy
Disk imaging (cloning) which uses reference PC - for use with
PCs that have similar hardware
Unattended installation - use when you have lots of PCs with
network cards that are not PXE-compliant
[2.2] Create answer files with Setup manager
Answer files are automated installation scripts used to answer
the questions that appear during a normal
Windows XP Professional installation
Answer files are used with all methods of unattended
installations. To create answer files you use Setup
manager (setupmgr)
To use setup manager you need to extract it from
\support\tools\deploy.cab found on installation CD
There is a sample answer file on the installation CD,
unattend.txt
Through answer file you can configure
o Mass storage devices
o Plug and Play devices
o HALs
o Set passwords
o Configure language, regional, and time zone settings
o Display settings
o Converting to NTFS
o Installing applications can choose from the following
options
Use cmdlines.txt to add applications during GUI portion of the
setup
Within answer file configure [GuiRunOnce] section to install an
application the first time
a user logs on
Create a batch file Use the Windows installer
Use sysdifftool to install applications that don't have
automated install procedures
[2.3] Using RIS (Remote Installation Service)
You can configure RIS server to distribute 2 types of
images:
o CD based image
Contains only Windows XP OS
Copies all files to the target PC before commencing installation
of the Windows XP OS
Created automatically during installation of RIS
o A Remote Installation Preparation (RIPrep) image
Can contain both Windows XP OS and applications
This images is based on pre-configured computer
Copies only files needed for installation on given PC, thus
faster than CD based image
which copies everything
-
7/28/2019 Exam 70-270 Notes
3/27
Can be deployed to the clients that have the same HAL and HD
controller
Must be created manually, not automatic like CD based image
For RIS you need DHCP, DNS and AD configured on your network
RIS server uses Boot information negotiation layer (BINL) for
initial contact, then TFTP is used to
transfer bootstrap image
RIS and DHCP server need to be authorized in AD, RIS server is
authorized through DHCP manager
The following services are run as part of RIS: BINL, SIS, SIS
Groveler, TFTP
To configure RIS server use risetup.exe
NTFS is required to store image files with at least 2Gb free
space on separate from OS partition
RIS template files are used to specify installation parameters,
default file is ristndrd.sif
You need following user rights to install images using RIS
o Create Computer accounts
o Logon as batch job (Administrator doesn't have this right by
default)
For non-PXE network cards use rbfg.exe utility to create RIS
boot disk (this utility doesn't support all
network cards)
[2.4] Using disk images
Uses reference computer HD image that needs to prepared first
with sysprep which needs to be extracted
from deploy.cab found in installation CD
Source and target computer must satisfy
o Both computers must have the same HD controller
o Both computers must have the same HAL
o Plug and Play devices may not be the same as long as there are
drivers for all of them
You will need to extract sysprep utility from the deploy.cab
Sysprep strips user personal data from the installation
image
After you copy the installation image to the destination PC a
mini wizard runs (unless you have an answer
file)
Sysprep modes:
o Audit: allows for the verification of hardware and software
installation by a system builder while
running in factory floor mode. Audit boots allow a system
builder to reboot after factory floor
mode has completed its automated pre-install customization, in
order to complete hardwareand software installation and
verification, if necessary.
o Factory: allows for the automated customization of a
pre-install on the factory floor by using a
Bill of Materials file to automate software installations,
software, and driver updates, updates tothe file system, the
registry, and INI files such as Sysprep.inf. This mode is invoked
via the"sysprep -factory" command.
o Reseal: is run after an original equipment manufacturer (OEM)
has run Sysprep in factory mode
and is ready to prepare the computer for delivery to a customer.
This mode is invoked via the
"sysprep -reseal" command.
o Clean: Sysprep will clean the critical device database. The
critical device database is a registry
listing of devices and services that have to start in order for
Windows XP to boot successfully.Upon setup completion, the devices
not physically present in the system are cleaned out of the
database, and the critical devices present are left in tact.
This mode is invoked via the "sysprep-clean" command.
[2.5] Unattended installation
With this method you use a distribution server or Windows XP
installation CD on it to install Windows XP
on target PC
The distribution may have answer file
The target computer must be able to connect to the distribution
server over the network (if used)
End user interaction levels:
o Fully automated installation
o GUI attended installation
o Read only installation
o Hide pages installation
o Provide defaults installation
[2.6] Installing applications with Windows Installer
Packages
Microsoft installer (MSI) files - provided by software
vendor
Repackaged application (MSI) - do not include native Windows
installer packages, used to provide
applications that can be cleanly installed
ZAP files - used when you don't have MSI files and install
applications using native setup program
MSP files (modification files) - provide paths to installed
Microsoft software, must be assigned to MSI
file at deployment
Windows installed packages work as
o Published applications - not advertised, can be installed
through Add/Remove programs. They
can also be installed through opening of a document that uses
uninstalled published application.
o Assigned applications - advertised through programs menu,
installed next time user starts the
PC, before log on prompt appears
Please note that Windows Installer packages cannot be published
to computers in Windows XP, all other
options are OK, i.e. you can assign applications to computers
and assign/publish applications to users
-
7/28/2019 Exam 70-270 Notes
4/27
You can create your own MSI files using VERITAS Software Console
or WinINSTALL LE Discover
You create GPO for MSI package which is to be published or
assigned. If it is for a user, User
Configuration\Software Settings\Software, if it is a computer
ComputerConfiguration\Software Settings\Software
Using AD you can uninstall old application, upgrade on top of
old application. Computers can accept only
mandatory upgrades, users support both optional and mandatory
upgrades.
If you have multiple versions of the same software, you will
need to configure install order and/or
whatever it is a mandatory install
You need AD to deploy packages which are found on a share on a
file server
Msiexec.exe - provides the means to install, modify, and perform
operations on Windows Installer from
the command line. For example you can force end user to enter CD
key for the software that is beinginstalled
Part 3: Upgrading to Windows XP
[3.1] Upgrade general points
You can upgrade from Windows 98/Me/NT4/NT3.51/2000 Pro (Windows
Home edition can upgrade from
only 98/Me/2000) There is a bug on the CD allowing a clean
install provided Windows 95 CD.
Choose upgrade if you want to keep existing applications and
preserve current local users and groups
Clean install will allow you to multiboot
Upgrade from Windows NT/2000 Pro is easier than from 98/Me due
to their similarity to XP
You can generate Windows XP compatibility report winnt32
/checkupgradeonly
Upgrade your BIOS so you can use advanced power futures and
device configurations
Before the upgrade remove or disable any client software like
virus scanners or network services
If older applications fail to run on Windows XP due to security
issues, use compatws.inftemplate
Upgrade of Windows 98/Me can be undone using osuninst.exe or
through add and remove programs
control panel
For upgrade you have a choice ofExpress upgrade or Custom
upgrade
[3.2] Unsupported by upgrade Windows 9x software properties
File system applications
Custom plug and play solutions
Custom power management solutions
Third part disk compression utilities, defragmenters (Windows NT
and 2000 as well)
Partitions compressed with DriveSpace or DoubleSpace are not
supported
[3.3] Migrating user data
User state management tool (USMT) is used for migration of users
from one computer to another
ScanState.exe - collects user data and settings information
based on the configuration of the Migapp.inf,
Migsys.inf, Miguser.inf, sysFiles.inf
LoadState.exe - deposits information collected on the source
computer to a PC running copy of Windows
XP. Cannot be used on a computer that was upgraded to Windows
XP.
Supports Windows 95/98/Me/2000 to XP
F.A.S.T.
o Files and Settings Transfer Wizard (F.A.S.T.) It is one of the
least known new features in
Windows XP.
o Supports all Windows versions from Windows 95 (with IE4)
through Windows XP (XP as
destination only)
o Can be used as poor man's backup utility, creates a backup
files that can be stored to HD or CD-
RW
o Can move user accounts one at a time, good for single
users
Part 4: Configuring Windows XP Pro environment
[4.1] Windows image acquisition architecture
WIA is used to manage images between image capture devices and
computer software applications
Supported devices
o IEEE 1394
o USB
o SCSI
Devices connected through standard COM port or infrared
connection are not supported by WIA
[4.2] Support for digital audio and video
Multichannel audio output
Acoustic echo cancellation (AEC)
Global effects (GFX)
[4.3] Microsoft Management Console (MMC)
-
7/28/2019 Exam 70-270 Notes
5/27
The MMC is an utility used to create, save, and open collections
of administrative tools that are called
consoles
Access control options for MMC
o Author mode - full customization of the MMC console
o User mode-full access - as author mode, except that users
cannot add or remove snap-ins,
change console options, create Favorites, or create taskpads
o User mode-limited access, multiple windows - access only to
those parts of the console tree
that were visible when the console file was saved. Users can
create new windows but cannotclose any existing windows.
o User mode-limited access, single window - as 'user mode
limited access, multiple windows'
but users cannot create new windows
[4.4] Installing hardware
Plug and Play support
Non-plug and play devices can be installed using 'Add hardware
wizard'
DVDs regional settings can be changed up to 5 times (hardware
change, need new DVD-ROM after that)
[4.5] Device drivers
Accessed from 'Device manager'
You can update drivers
You can roll back drivers (new in Windows XP)
You can also uninstall driver
Driver signing:
o Harmful driver install prevention
o HCL - Hardware compatibility list, replaced by Windows
catalog
o Run d:\i386\winnt32 /checkupgradeonly from Windows XP CD to
check hardware
compatibility
o Command line sigverif.exe is used to check drivers from
command line
o By default system is set to warn user if he or she is
installing unsigned driver (other options are:
ignore and block)
o Driver signing can also be controlled from GP using object
settings for local computer (or
computer configuration for domain) choices are: Silently
succeed, Warn but allow installationand Do not allow
installation.
o Unsigned driver means that the driver was not tested by
Microsoft and is not supported by
Microsoft. For most part these drivers are still OK
o When driver is signed by Microsoft it and the hardware are
tested by Microsoft
Some older devices (like CD-ROM etc.) plug into LPT port on the
PC. You will need to set LPT port to
"Legacy plug and play support" on port settings tab for older
devices to work.
The easiest way to solve embedded device conflict with an add on
device is to disable the on board device.
For example, to use add on music card, you will need to disable
on board music card
Many problems are caused by incorrect drivers, for example
graphic card that displays only 800x600
resolution. Update driver to solve these problems.
Driver.cab on Windows XP CD contains all original Windows XP
drivers
[4.6] Multiple display support
To avoid flickering monitor resolution should be set to at least
72Hz
Maximum of 10 monitors per PC
When you install 2nd video card the build into the motherboard
card gets disabled and new card becomes
primary display adapter
Secondary adapter has to support multiple-displays
[4.7] Computer power states
Complete shutdown of PC
Hibernation - saves all of the desktop state into a file which
uses as much HD space as there is RAM in
the system, to go back to active mode press power button
Standby (three levels on ACPI compliant PC)
o Level one turns off the monitor and hard drives
o Level two turns off the CPU and cache as well
o Level three turns off everything but the RAM
Fully active PC
You configure standby through the Power options in Control
panel, Level 2 and 3 of standby are only
available if universal power supply (UPS) has been
configured
Through power options you can also configure alerts when system
is running on battery power and
behaviour of power button
[4.8] PCMCIA (Personal Computer Memory Card International
Association) Cards
Type I cards - are up to 3.3mm thick. Used for adding more RAM
to the PC
Type II cards - are up to 5.5mm thick. Used for modem and
network cards
Type III cards - are up to 10.5mm thick. Used for portable disk
drives
[4.9] Configuring I/O devices
-
7/28/2019 Exam 70-270 Notes
6/27
Through Keyboard properties you can configure typing delay and
cursor behaviour as well as keyboard
key layout
You need a keyboard in order to install Windows XP
Through Mouse properties you can configure mouse properties such
as: speed, buttons, wheel and
pointers
USB 2.0 supports up to 127 devices per root hub, up to 5 deep
nested external hubs, transfer speeds up
to 12Mbps. You can see power & bandwith usage by checking
out root properties.
USB supports two speeds, low and high, which use different
cables
USB controllers require that an IRQ be assigned in the computer
BIOS. Make sure you have newest BIOS
and/or firmware.
Wireless devices, RF - Radio Frequency and IrDA - Infrared Data
Association
[4.10] Windows registry
Windows registry is a database used by the OS to store system
configuration
Regedit is used to edit the registry (regedit32 is just a
pointer to that file)
There are five default keys in the Windows registry:
o HKEY_CURRENT_USER- for user who is currently logged on the
computer
o HKEY_USERS - configuration data for all users of the PC
o HKEY_LOCAL_MACHINE - computer hardware and software
configuration, devices drivers and
startup options
o HKEY_CLASSES_ROOT - used by Windows explorer for file type to
application association,
software configuration data and OLE (object linking and
embedding) data
o HKEY_CURRENT_CONFIG - hardware profile that is used during
system startup
[4.11] Remote desktop
Remote desktop connection = terminal services client
In Windows XP terminal services service is limited to single
connection only. Service is disabled by default
and has to be enabled through system properties Remote tab
Remote desktop depends on terminal services service
Windows XP Home Edition does not allow connections to it using
Remote desktop, XP Pro allows only one
connection
[4.12] Remote assistance
Remote assistance is available with all editions of Windows
server 2003 and Windows XP
The person assisting the user has a concurrent session with
logged in user
Logged in user has to authorize access
You can send invitation from 'Help and Support' menu. You can
send invitations through e-mail using
MAPI enabled client, Microsoft messanger or using a file. You
need to supply a connection password.
You can also offer remote assistance to others (disabled in GP
by default)
You can chat using text or voice, you can send and receive
files
HelpAssistant account is used if help is given by another user,
support_XXXX account is used if help is
given by Microsoft staff
[4.13] Services
A service is a program, routine or a process that performs a
specific function
Service startup types: automatic, manual and disabled
You can choose the account service uses to log on
When service fails you can choose the OS to do one of the
following options
SC.exe used for communication with service control manager
o Take no action
o Restart the service
o Run a file
o Reboot the computer
[4.14] HAL - hardware abstraction layer
Computer driver which is the interface to BIOS, kernel is build
on top of this driver
You can choose HAL during install by pressing F5
Multiple processors - when installing a 2nd processor in a
single processor system (UP - uni processor)
you will need to update HAL for the CPU from single CPU to
multiple CPU (SMP - symmetric multiprocessor driver)
Do not upgrade from standard HAL to ACPI (advanced configuration
and power interface) HAL and vice
versa
[4.15] Hardware profiles
Hardware profile consists of a set of instructions that instruct
Windows as to which devices to start
when computer starts and/or which settings to use for each
device
By default you have hardware profile called Profile 1 (for
laptops, Docked Profile or Undocked Profile) is
created
You can designate a default profile. If you want the default
hardware profile to load automatically (without
showing you the list during startup), enter a 0 in seconds under
Hardware profiles selection. If you wantto see the list anyway
press the SPACEBAR during startup.
-
7/28/2019 Exam 70-270 Notes
7/27
Windows will ask you which profile to use every time you start
your computer if you have more then one
profile and you don't specify default profile with 0 wait
time
You can also use hardware profiles as a debuging tool. For
example, you can set up profiles that omit the
hardware devices you suspect of being defective.
[4.16] Other hardware
Fax service - is used for faxing support, controled through fax
applet in control panel when installed
Program compatability wizard - accessed from Accessories, used
to run programs in Windows 95,
98/Me, NT4, 2000 compatability mode
Part 5: Managing the Desktop
[5.1] Customizing desktop
You can configure start menu and taskbar through 'Taskbar and
Start menu properties'
'Start menu' modifications are done to Windows XP theme, while
'Classic start menu' modifications are
done to Windows 2000 theme
Display properties
o You can select a different theme
o You can display web page on your desktop or just a
picture(s)
o You can set up a screen saver
o In appearance you can change many aspect of the choosen
theme
o In settings you can change aspects of video display
adapter
Default Windows XP theme is also known as 'Luna'
Local profile is created when user logs on for the 1st time,
consists of following folders: Desktop, NetHood,
PrintHood, SendTo, Start Menu, Cookies, Favorites, Application
Data
Notification area was previously named system trey
[5.2] Multilanguage technology
Unicode - internationall standard that allows support for the
characters used in world's most common
languages
National language support API - is used to provide information
for locale, character mapping and
keyboard layout
Multilingual API - used to set up applications to support
keyboard input and fonts from various language
version of applications
Windows XP stores all language specific information in separate
files from the OS files
[5.3] Multilanguage support
Support for two technologies
o Multilangual editing and viewing which supports multiple
languages while user is viewing, editing
and printing documents
o Multilanguage user interface
Localized Windows XP - include fully localized user interface
for the language that was selected. This
version allows user to view, edit and print documents in more
than 60 languages. There is no support formultilangual user
interface.
Multilanguage Windows XP - provides user interfaces in several
different languages. You will need toinstall the following
files
o Language groups - contain fonts and files needed to process
specific language
o Windows XP multilanguage version files - contain language
content required by user
interface and help files, can be up to 45Mb in size
Use muiseteup.exe to setup default user interface
Multilanguage version of Windows XP is not available in retail,
need Windows volume licensing
On localized version of Windows XP you configure multiple
languages through 'Regional and language
options'
[5.4] Accessability options
Configured through 'Accessability options' in control panel
Keyboard settings:
o StickyKeys - allows user to enter key combinations one key at
a time
o FilterKeys - ignores brief repeated keystrokes
o ToggleKeys - user hears tones when togling CAPS LOCK/NUM
LOCK/SCROLL LOCK
o MouseKeys - allows you to use the numeric keypad to control
the mouse pointer
ShowSounds - instructs programs that convey information by sound
to also provide information visually
SoundSentry - allows you to change settings to generate visual
warnings
You can also set the time after which options are turned off and
when they are turned on (like on user log
on)
[5.5] Accessability utilities
Accessability wizard - adjust PC based on users vision, hearing
and mobility needs
Magnifier utility - makes portion of the screen bigger for
easier viewing
Narrator utility - employes text-to-speech technology to read
the contents of the screen
-
7/28/2019 Exam 70-270 Notes
8/27
On screen keyboard - has three different modes:
o Clicking mode - user clicks the on-screen keys to type
text
o Scanning mode - on-Screen keyboard highlights areas where you
can type characters
o Hovering mode - use a mouse or joystick to point to a key for
period of time to type character
Utility manager - start and stop accessability utilities, can
start/stop utilities on user log on or when PC
is locked
Part 6: Managing users and groups
[6.1] Built-in Accounts
Administrator - full control over the PC, even if disabled can
be accessed from safe mode, password
provided suring setup
Guest - for users that don't have username and password on the
system, disbled by default
Initial user - uses the name of the registered user and exists
only if the computer is member of a
workgroup not a domain, by default member of the administrative
group
HelpAssistant - new in Windows XP, used together with remote
assistance
Support_xxxxxxx - used by Microsoft for help and support
services, disabled by default
[6.2] Logging on
There are two type of users, local and domain
Local user credential are compared to local security database,
domain user credentials are checked agains
active directory stored on domain controller
When user logs onto the system an access token is created
Local user credentials cannot be used to access network
resources
[6.3] Managing users
You manage users through 'Local users and groups' MMC that can
be accessed in two ways
o Custom MMC
o By right clicking on My computer and selecting 'manage'
User account consist of:
o Name and password
o SID (security identifier) - consists of a domain SID, which is
the same for all SIDs created in the
domain, and a RID, which is unique for each SID created in the
domain. SIDs are unique in thenetwork.
o Can have other attributes, like group membership
User names can be up to 256 bytes (characters) long and must be
unique (different than other user
names and group names)
User names cannot contain *{}\/:;,=|+?" and cannot be made of
spaces and periods alone
User names are not case sensitive but passwords are
You can create users using net user
You have following user options:
o User name (required field)
o Full name (by default same as user name)
o Description
o Password textbox (up to 127 bytes (characters), 15 for
NTLM)
o Confirm password textbox
o User must change password at next logon checkbox
o User cannot change password checkbox
o Password never expires checkbox
o Account is disabled checkbox
You can set the following user properties
o User profile path - stored in 'Documents and
settings\%username%' folder, contains user
preferences, and file ntuser.dat. In Windows NT 4.0 the path was
\%systemdir%\profiles\
%username%o Logon script - files that are run every time user
logs into the PC
o Home folder - is where users commonly store their personal
files and documents
Password reset disk - use when user forgot their password. If
you just reset the user password access
to encrypted data will be lost.
Mandatory profiles can only be used with roaming profiles, they
don't work with local profiles. Mandatory
profiles can only be set up by an administrator
You can copy profiles using 'User profiles' tab of 'System
properties'
UNC path - is in the format //computer_name/share_name
Renaming an account maintains all group membership, permissions,
and privileges of the account.
Copying a user account maintains group membership, permissions,
an privileges assigned to its groups,but doing so does not retain
permissions associated with the original user account. Deleting and
re-
creating an account with the same name loses all group
membership and permissions.
[6.4] Build-in local groups
Administrators - full control over the PC
-
7/28/2019 Exam 70-270 Notes
9/27
Backup operators - can only access file system through backup
utility
Network configuration operators (new) - network settings
Guests - limited privileges
Power users - can add/remove users, create non-administrative
shares, manage printers, start and stop
services that are not started automatically
Remote desktop users (new) - members can logon remotely
Replicator - for directory replication used by domain
servers
Users - run programs, print stuff, nothing special
HelpServices (new) - support through Microsoft Help services
[6.5] Special groups
Special groups are used by the system. Membership is automatic
based on special criteria. You cannot
manage these groups.
Creator Owner - the account that created or took ownership of an
object
Creator - the group that created or took ownership of an
object
Everyone - everyone that can possibly be accessing the PC,
doesn't include the anonymous group
Interactive - users who use resources interactively
(locally)
Network - users who access resources over the network
Authenticated users - users who access the PC using valid user
name and password
Anonymous logon - users who access the PC through anonymous
logon
Batch - user accounts that are only used to run a batch job
Dialup - users that logon to the network through dialup
connection
Service - user accounts that are used only to run a service
Local System - a system processes that uses resources as users
are members
Terminal server users - users who logon through terminal
services
[6.6] Managing groups
Groups can be up to 256 bytes (characters) long, have to be
unique and cannot contain '\'
Groups are used to manage and organize users. Add users to a
group and then assign permission to the
group
Part 7: Managing security
[7.1] Policies
Configured through 'Local computer policy' group policy,
gpedit.msc MMC
Account policies are used to control logon procedures. If you
want to control user after logging on, use
local policies
Local policies are made up of
o Audit policy - disabled by default
o User rights assignment - too many to list here, see
explanation underneath
o Security options - also too many to list
Local policies are set for all users of the computer, you cannot
single users out (you need AD for that)
[7.2] Password policy settings
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Complexity requirement
Store passwords using reversible encryption
[7.3] Account lockout policy
Account lockout duration
Account lockout threshold
Reset account lockout counter after X minutes
[7.4] Enabling auditing for files, folders and printers
You will need to enable auditing for object access policy
And you also need to enable auditing for individual files and
folders through NTFS security or through
printer security
Auditing data is placed into security log
[7.5] Auditing
Account logon events - success or failure of domain logon
Account management - events such as resetting passwords and
modifying user properties
Directory services - any time user access AD an event is
generated
-
7/28/2019 Exam 70-270 Notes
10/27
Logon events - success or failure of local logon or logon to a
share
Object access - file, folder or printer access
Policy change - success or failure of change of security
options, user rights, account policies and audit
policies. Both domain and local PC changes are tracked.
Process tracking - useful for applications
System events - system events such as shutting down PC or
clearing the logs
[7.6] User rights
Administrators can assign specific rights to group accounts or
to individual user accounts. If a user is amember of multiple
groups, the user's rights are cumulative, which means that the user
has more thanone set of rights. The only time that rights assigned
to one group might conflict with those assigned toanother is in the
case of certain logon rights.
There are too many user rights to list
There are two types of user rights:
o Privileges, such as the right to back up files and
directories
o Logon rights, such as the right to logon to a system
locally
[7.7] Security options
Security option policies are used to configure security for the
computer
These policies are applied to the computer, not to users and
groups
Security options are edited through computer part of 'Group
policy editor' GP object 'Local computerpolicy' MMC
Security options can also be viewed with secpol.msc
There are too many security options to list
[7.8] Security templates
secedit.exe is used to compare and analyzes system security by
comparing your current configuration to
at least one template
Security templates are stored in %systemroot%\security\templates
folder
Setup security.inf- default settings
Compatws.inf- used for backwards compatibility, so applications
not certified for Windows XP can work
Secure*.inf- implements recommended security in all areas except
files,folders and registry keys
Hisec*.inf- high security network communication, Windows XP can
communicate only with other XP or
2000 computers
Rootsec.inf- new root permissions introduced in XP are going to
be applied
Notssid.inf- removes default permissions granted to terminal
server SID
[7.9] Using local group policies
Normally GP are applied through AD, but they can also be applied
locally
When you use local group policies there can only be one GP
object
Policies that have been applied through AD will take precedence
over any local group policies
You administer local GP through Local group policy object
(gpedit.msc)
Rsop - resultant set of policies is the final set of policies
that is applied to the user and computer. Use
gpresult to display Rsop for current user in command line
format. Use rsop.msc to start Microsoftmanagement console that
displays Rsop.
[7.10] Using group policies with AD
When a DC is present you can have GPO in AD, they are stored in
%systemroot%/Sysvol folder on
every DC by default
When user logs into active directory, this is the order of
policy application:
o Local computer
o Site (group of domains)
o Domain
o OU (organizational unit)
The following options are available for overriding the default
policy application
o No override - enforce policy inheritance, you force all child
policy containers to inherit the
parent's policy, even if that policy conflicts with the child's
policy and even if Block Inheritancehas been set for the child.
This option is used by corporations that want to have corporate
levelsecurity and don't want low level administrators to be able to
override it. To set no overrideoption open properties screen of
domain or OU in the GPO Links list, r-click the GPO link thatyou
want to enforce, click No Override.
o Block inheritance - used if you don't want to inherit GP
settings from parent containers. You
can block policy inheritance at the domain or OU level by
opening the properties dialog box forthe domain or OU and selecting
the 'Block Policy inheritance' check box
Group Policy is not inherited from parent to child domains, i.e.
blah.boom.com does not inherit from
boom.com
The smallest unit you can apply GP to is an organizational unit
(OU)
[7.11] Other security issues
Both Windows XP Pro and Home Edition allow user accounts to
utilize blank passwords to log into their
local workstations, although in XP Pro, accounts with blank
passwords can no longer be used to log on tothe computer remotely
over the network
-
7/28/2019 Exam 70-270 Notes
11/27
In XP Home Edition all user accounts have administrative
privileges and no password by default
Windows XP Home Edition will not allow you to disable the Guest
account. When you disable the Guest
account via the Control Panel, it only removes the listing of
the Guest account from the Fast UserSwitching Welcome screen, and
the Log on Local right. The network credentials will remain intact
andguest users will still be able to connect to shared
resources.
The "Everyone" group has access to Printers assigned by
default
Remote desktop is not enabled by default on Windows XP Pro
Part 8: Managing disks
[8.1] File systems
FAT 16 bit (File Allocation Table)
FAT 32 bit
NTFS (New Technology File System)
To convert from FAT to NTFS use: convert x: /fs:NTFS. You cannot
use convert to convert to other file
systems.
[8.2] Disk drives
SCSI 15000RPM, 20Mbps transfer
IDE 7200RPM, 16.7Mbps transfer
SATA (similar to IDE)
Both SCSI and SATA support up to 15 drives on a single
controller
IDE drives have 'cable select' option on them which
automatically determines master and slave. It is best
practice to manually set jumpers for master and slave.
[8.3] ARC path designation (Advanced RISC computing)
ARC dates back to NT 3.5 days (in the form presented here,
otherwise NT 3.1)
The file boot.ini is used to find '\windows\' directory
Bootcfg.exe configures, queries, or changes Boot.ini file
settings
Msconfig can be used to change system startup options including
modification of boot.ini
Please note that Microsoft has changed the default install
directory from WINNT to WINDOWS for WindowsXP. For upgrades we will
still use WINNT directory.
Multi
o Identifies the controller physical disk is on
o Multi(x) syntax of the ARC path is only used on x86-based
computers
o For IDE or pure SCSI disks when OS is on the 1st or 2nd SCSI
drive
o The Multi(x) syntax indicates to Windows NT that it should
rely on the computers BIOS to load
system files. This means that the operating system will be using
interrupt (INT) 13 BIOS callsto find and load NTOSKRNL.EXE and any
other files needed to boot Windows NT.
o Numbering starts at 0, for example Multi(0), due to technical
reasons it should always be 0
o In a pure IDE system, the Multi(x) syntax will work for up to
the 4 drives on the primary and
secondary channels of a dual-channel controller
o
In a pure SCSI system, the Multi(x) syntax will work for the
first 2 drives on the first SCSIcontroller (that is, the controller
whose BIOS loads first)
o In a mixed SCSI and IDE system, the Multi(x) syntax will work
only for the IDE drives on the first
controller
SCSI
o Identifies the controller physical disk is on
o The SCSI(x) syntax is used on both RISC and x86-based
computers
o Using SCSI() notation indicates that Windows NT will load a
boot device driver and use that
driver to access the boot partition
o On an x86-based computer, the device driver used is
NTBOOTDD.SYS, on a RISC computer, the
driver is built into the firmware
o Numbering starts at 0, for example SCSI(0)
o Windows NT Setup always uses Multi(x) syntax for the first two
drives Disk
o Identifies the physical disk attached to controller
o 0 if Multi(x) present, Disk is only for SCSI
o For SCSI value of Disk(x) is the SCSI ID and can be 0-15 Note:
one channel is always reserved
for the controller itself
o Numbering starts at 0, for example Disk(0)
Rdisk
o Identifies the physical disk attached to controller
o Almost always 0 if SCSI(x) is present, Rdisk is for Multi(x),
ordinal for the disk, usually number
0-3
o Numbering starts at 0, for example Rdisk(0)
Partition
o Refers to the partition on the hard disk where Windows system
folder is located on
-
7/28/2019 Exam 70-270 Notes
12/27
o All partitions receive a number except for type 5 (MS-DOS
Extended) and type 0 (unused)
partitions, with primary partitions being numbered first and
then logical drives
o A partition is a logical definition of hard drive space
o Numbering starts at 1, for example Partition(1)
Signature
o Used when system BIOS or controller hosting the boot partition
cannot use INT-13 Extensions
o The signature() syntax is equivalent to the scsi() syntax
o Using the signature() syntax instructs Ntldr to locate the
drive whose disk signature matches the
value in the parentheses, no matter which SCSI controller number
the drive is connected to
o The signature() value is extracted from the physical disk's
Master Boot Record (MBR)
[8.4] Easy way to memorize ARC
There are 5 letters in the word 'Multi' and 5 letters in the
word 'Rdisk'
There are 4 letters in the word 'SCSI' and 4 letters in the word
'Disk'
'SCSI' works together with 'Disk' while 'Multi' works together
with 'Rdisk'
When system uses Multi(x) it uses BIOS INT-13 Extensions, so on
board BIOS has to be enabled
[8.5] Disk Management MMC snap-in
To activate: start -> all programs -> administrative tools
-> computer management -> disk management
tree node
Another ways is to r-click on My computer and select 'manage'
from the list
Finally you can just create a custom MMC snap in
Using disk management, among other things, you can:
o Initialize new disks
o Create new volumes and partitions
If you r-click and select properties -> general tab you can
see location heading with a number. That
number is the ARC number of the HD.
If you need a disk formatted in FAT or FAT32 you cannot do it
from disk manager, you need to use:
format x: /fs:FAT32 Note Windows can format FAT 32 disks up to
maximum of 32Gb but can readhigher capacity drives
DiskPart.exe - you can create scripts to automate tasks, such as
creating volumes or converting disks to
dynamic.
Fsutil.exe - perform many NTFS file system related tasks, such
as managing disk quotas, dismounting a
volume, or querying volume information.
Mountvol.exe to mount a volume at an NTFS folder or unmount the
volume from the NTFS folder.
[8.6] Remote management
Computer management is not just for the local machine, you can
also manage other PCs, to activate r-
click on computer management (local) and select 'connect to
another pc'
By default Domain Admins are part of local administrators group
and you need these right to connect and
administer remote PCs
If you cannot access Device Manager from the Computer Management
extension snap-ins on a remote
computer, ensure that the Remote Registry service is started on
the remote computer.
Computer Management does not support remote access to computers
that are running Windows 95.
In remote management 'Device Manager' is in read only mode
[8.7] Basic Disks
Primary partition is the only one that is bootable and there is
a maximum of 4 primary partitions
Extended partitions are not bootable
Logical drives are created in extended partitions. There are no
limits as to the number of logical drives
each extended partition may have.
Primary partitions and logical drives are assigned drive
letters
Basic Disk FAT is located on the first sector of the hard disk;
space is shared with the MBR
[8.8] Dynamic disks
Fault tolerance better than basic disks, due to multiple storage
places for information. 1Mb database is
placed at the end of each physical hard disk containing
information about all dynamic disk located in thisparticular
system, this creates multiple storage spaces of the same data.
Can be one of the following:
o Simple volume:
Single disk
No fault tolerance
Can be NTFS or FAT
o Spanned volume:
maximum of 32 disks
Cannot extend spanned volumes, need to delete and recreate
No fault tolerance
o Mirror volume:
Also known as RAID 1
Windows XP Pro does not support mirror volumes
-
7/28/2019 Exam 70-270 Notes
13/27
Can be NTFS or FAT
Fault tolerance, data is the same on both disks
To replace the failed mirror in a mirrored volume, right-click
the failed mirror and then
click Remove Mirror, and then right-click the other volume and
click Add Mirror tocreate a new mirror on another disk
Variation of mirroring called duplexing uses HD connected to
different controllers for
even more fault tolerance
o Striped volume:
Also known as RAID 0
Maximum of 32 disks
Breaks data into 64Kb chunks for writing to different disks that
make up the stripe
It is recommended to use same type of hard drives for member
drive
Windows XP cannot be installed on software RAID 0
You cannot extend striped volume, need to recreate it
No fault tolerance
o RAID 5:
Made up of three disks with each storing parity information
Fault tolerance when one disk fails
Maximum of 32 disks, minimum of 3 Not available in Windows XP
professional
To replace the failed disk region in a RAID-5 volume,
right-click the RAID-5 volume and
then click Repair Volume
Only in Windows XP Professional, Windows 2000 Professional and
Windows 2003 server (all editions) you
can use dynamic disks
Note: if disk fails for which ARC path is in boot.ini system
will not boot. You should have a disk with
modified boot.ini
Mounted volumes - can mount HD as a NTFS folder
Uninstall disks prior to moving them, Re-scan disk when you
attach it
Dynamic disks can be re-configured without re-boot
When your boot disk is also a dynamic disk, then you will not be
able to dual boot into OS that is notdynamic disk capable
Dynamic disks are not supported on laptops due to luck of
advantage over basic disks in this scenario
Dynamic disk partition table types:
o dynamic GUID partition table (GPT) disks, for 64bit editions
of Windows
o dynamic MBR disks, for 32 and 64bit editions of Windows
The Foreign status occurs when you move a dynamic disk to the
local computer from another computer
You can have a maximum of 2000 volumes on a dynamic disk,
recommended maximum is 32
Volumes created after the 26th drive letter has been used must
be accessed using volume mount points
Hard drives that are connected to the Pc using USB or IEEE 1394
can not be converted to dynamic
volumes
Extending simple volume:
o Similar to spanned volume but uses the same physical HD with
simple volume
o You can extend a simple volume only if it does not have a file
system or if it is formatted using
the NTFS file system. You also need free space on HD and the
volume could not have beenoriginally a basic disk partition.
o You cannot extend volumes formatted using FAT or FAT32
o You cannot extend a system volume, boot volume, striped
volume, mirrored volume, or RAID-5
volume
[8.9] Volume status descriptions
Failed - basic or dynamic volume cannot be started automatically
or the disk is damaged
Failed Redundancy - data on a mirrored or RAID-5 volume is no
longer fault tolerant because one of the
underlying disks is not online, has substatus information
Formatting - occurs only while a volume is being formatted with
a file system
Healthy - normal volume status on both basic and dynamic
volumes, no known problems, has substatus
information
Regenerating - occurs when a missing disk in a RAID-5 volume is
reactivated
Resynching - occurs when creating a mirror or restarting a
computer with a mirrored volume
Unknown - occurs when the boot sector for the volume is
corrupted
Data Incomplete - displayed in the Foreign Disk Volumes dialog
box, and occurs when data spans
multiple disks, but not all of the disks were moved.
Data Not Redundant - displayed in the Foreign Disk Volumes
dialog box when you import all but one of
the disks in a mirrored or RAID-5 volume
Stale Data - displayed in the Foreign Disk Volumes dialog box,
and occurs when a mirrored or RAID-5
volume has stale mirror information, stale parity information,
or I/O errors
[8.10] Converting to dynamic disk and back to basic disk
-
7/28/2019 Exam 70-270 Notes
14/27
If you convert a boot disk, or if a volume or partition is in
use on the disk you attempt to convert, you
must restart the computer for the conversion to succeed.
The conversion may fail if you change the disk layout of a disk
to be converted or if the disk has I/O errors
during the conversion.
After you convert a basic disk into a dynamic disk, any existing
partitions on the basic disk become
(dynamic) simple volumes.
If you are using shadow copies and they are stored on a
different disk then original you must first
dismount and take offline the volume containing the original
files before you convert the disk containingshadow copies to a
dynamic disk.
If you are converting disks form dynamic to basic the disk being
converted must not have any volumes on
it nor contain any data before you can change it back to a basic
disk. If you want to keep your data,back it up before you convert
the disk to a basic disk.
[8.11] Disk quotas
Disk quota applies to everyone using the volume except
administrators
Remember that every user needs few Mb (min 2) for storage of the
profile which is needed for logging in
Quota entry can be created per user but not per group, only
volumes and users have quota entries
Quota limit is calculated using the uncompressed file size, thus
compressing files will not create more
space
The default quota entry is for all users of given volume. You
can add additional quota entries on per user
basis only.
Once again, quota entries are per user per volume, no groups are
allowed.
Remember that once a user uses a volume with quota set on it an
entry is automatically added. Thus, if
you had a general entry for all users and later on some users
run out of space and need more youmodify quota entries not add new
ones.
Disk quota is only applied to the files that are being added
after the quota entry got created, it doesn't
apply to files that were already there
Each file can contain up to 64kb of metadata that is not applied
towards users quota limit
Fsutil is used to manage quota from command line
To free some space run disk cleanup, from command prompt:
cleanmgr.exe (note it doesn't clear
internet temporary files)
[8.12] Defragmenting
You will need at least 15% of free HD space in order to
defragment
You may need to repeat the process several times in order to
achieve planned results
Defragmenting should be done on every volume every 1 to 2
months
You cannot schedule defragmenting task (unless you use custom
scripts)
Windows defragmenter works with FAT16, FAT32 and NTFS
On modern computer systems that use NTFS and don't use the file
system extensively (desktops) the
benefits of defragmenting a hard drive are measurable but not
noticeable for the end user. Thusdefragmenting is only significant
performance tool for file servers.
[8.13] Encryption:
Only users who created the files, users whom owner gave access
to view the file (new in Windows XP,
additional users need to already be issued certificates) and
recovery agents can decrypt the file
When moving encrypted file from one volume to another volume, it
stays encrypted. When copying file it
also stays encrypted. This behaviour is unique for
encryption!
Note that user which has NTFS permissions to an encrypted file
can delete that file, even if he/she cannot
view that file. They can also move the file around on the same
NTFS volume (different volume wouldmean a copy operation and
possible decryption).
Cannot encrypt and compress at the same time (due to encryption
process using pseudo random salt
which cannot be further compressed due to its nature)
You can zip 1st using winzip or other 3rd party compression
tool, then encrypt to get encrypted and
compressed file
Executable file cipher.exe is a command line encryption
utility
By default, the recovery agent is the Administrator account on
the 1st DC, there is no default for stand
alone server/workstation
For encryption property, moving/copying a file to a FAT system
decrypts file without warning
It is recommended to store recovery agent certificate on a
floppy disk in secured location. It is also
recommended to copy their file to be recovered to the recovery
agent PC where it will be recovered.
User needs correct certificate to perform action on a file that
would result in that file being decrypted
[8.14] How EFS (encrypted file system) works
When the user chooses to encrypt a file, a file encryption key
is generated
This encryption key, together with encryption algorithm is used
to encrypt the contents of the file
The file encryption key is encrypted itself using user's public
key and stored together with the encrypted
file. The file encryption key is also protected by the public
key of each additional EFS user that has beenauthorized to decrypt
the file and each recovery agent.
File can only be decrypted by using user's private key, by using
private key of users given permission to
view the file and private key of recovery agent
Private/public pair is created using user's certificate
On stand alone machines user's certificate is created the 1st
time he or she tries to encrypt a file
-
7/28/2019 Exam 70-270 Notes
15/27
For domain user certificate is issued by the certification
authority - user needs permission to get a
certificate
Files marked with the System attribute cannot be encrypted, nor
can files in the systemroot directory
structure.
Before users can encrypt or decrypt files and folders that
reside on a remote server, an administrator
must designate the remote server as trusted for delegation.
If you open the encrypted file over the network, the data that
is transmitted over the network by this
process is not encrypted.
Users can use EFS remotely only when both computers are members
of the same Windows Server 2003family forest
Encrypted files are not accessible from Macintosh clients
Encrypting File System (EFS) no longer requires a recovery
agent
[8.15] Compression (NTFS)
When you compress a whole folder:
o All files are compressed automatically when added but not
current folder occupants
o OR
o Compression can also be applied to current files and
subfolders
Decompression is a reverse process of compression
Moving a file on the same volume means that the file location is
moved in MFT only, not the physical file
itself.
When you copy a file, no matter whatever on the same volume or
not, the destination file will inherit the
destination folder's permissions
When you move a file on the same volume, it keeps its original
permissions. When you move a file to
another volume, the move is treated as a copy operation and the
file permissions are inherited from thedestination folder.
All file attributes behave in the same way with the exception of
encryption
File compression is supported only on NTFS volumes with cluster
sizes 4 KB and smaller
For command line use compact.exe, it can display and modify
compression attributes but it works only
on NTFS
Part 9: Accessing files and folders
[9.1] General folder options
General folder options:
o Windows classic or web content in the folders
o Whatever folders are opened all in the same window or separate
windows
o Opening with single or double mouse click
Folder view options:
o Configure things that you see once you open files and
folders
o There are too many options to list
File type options are used to associate file extensions with
application file types
[9.2] Offline folder options
Offline folder options, you can store network files offline
On the client side:
o The first step is to enable (enabled by default) offline file
support on the client under Folder
options -> Offline files and is available only on Windows XP
and above
o In the folder options for offline files you can set:
You can set synchronization options: manually synchronize,
automatic synchronization
(log on or log off) and reminder at certain time intervals
You can also set up an option for how much disk space will be
used for temporary
network files and whatever these will be encrypted
o When offline files are enabled connect to a shared folder,
right click it and select 'Make available
offline' this will bring settings dialog box and start
synchronizationo When the folder is set up as available offline
when you right click on it you will have an option to
synchronize
o Folders that are synchronized appear with a small blue arrow
pointing down in the lower left
corner of the folder icon
On the server side:
o SMB are used for communication between networked computers,
for offline file sharing any SMB
PC will do as a server
o You can disable and enable (default) client's ability to use
offline content by changing the options
in Share properties -> Caching on the server computer
[9.3] ACL - access control list
Every object in AD (and on a stand alone PC) has ACL
ACE - access control entries
ACL is a list of ACEs. Each ACE has deny or accept action and an
associated SID (security identifier).
The process of checking user access is preformed in this
way:
-
7/28/2019 Exam 70-270 Notes
16/27
o User SID is checked against ACE on ACL list of the resource
user wants to access
o Also groups that the user belongs to (group SID) is checked
against ACE in ACL
o If there is no entry, then access is denied
o Accept if ACE = SIDs in ACL and associated ACE action is
accept
o Windows resolves SID and presents name as ACE
o Deny right takes precedence over allow right in group and user
security context. This is true even
for Administrator and object owner.
[9.4] General NTFS permissions for files
Read
o List files attributes
o Read data in the file
o Read permissions
Write
o Change file attributes
o Create new files and write data to files
o Append data to files
Read and execute = 'Read' + execute file permission
Modify = 'Read and Execute' + 'Write' + delete permission
Full control = all of above permissions + 'Change Permissions'
permission + 'Take Ownership' permission
[9.5] General NTFS permissions for folders
Read
o List folder attributes
o List folder
o Read permissions
Write
o Change folder attributes
o Create folders
Read and execute
Modify = 'Read and Execute' + 'Write' + delete permission
List folder contents (only permission for a folder)
o Traverse folders
o List the contents of a folder
o See folder's or file attribute
Full control = all of above permissions + 'Change Permissions'
permission + 'Take Ownership' permission
[9.6] Share permissions
Only applicable for folders, no share permissions for files
Read = read file data, file names and subfolder names + execute
(default assigned to everyone group)
Change = read permission + delete files and subfolders +
write
Full control = all of above permissions + change of share
permissions right only
Share permissions do not apply to users that are logged into the
OS interactively (i.e. locally)
NTFS general permissions always apply, even for a share i.e.
user needs two read permissions in order to
access a file over the network
Use NTFS permissions to tighten security
To add share form command prompt: net share 'folder
name'='path'
To delete share form command prompt: net delete 'folder
name'
To connect to a share from command prompt use: net use
\\computer_name\share_name
When a share name ends in $ it is hidden and cannot be browsed
to, full name needs to be typed in
Share permissions are not included in a backup or restore of a
data volume
Share permissions do not replicate through the File Replication
service
When both NTFS and share permissions are applied to a resource
the system looks at the effective
permissions for NTFS and share permissions and applies to the
object the most restrictive set ofcumulative permissions
Be default, simple file sharing is enabled in Windows XP if you
are not connected to a domain.
Therefore, the Security tab and the advanced options for
permissions are not available. In Windows XPHome edition you have
to use simple file sharing.
You can not disable simple file sharing in Microsoft Windows XP
Home Edition, in Windows XP Pro you use
folder options to disable simple file sharing
[9.7] Explicit permissions and inherited permissions for files
and folders
There are two types of permissions: explicit permissions and
inherited permissions.
Explicit permissions are those that are set by default when the
object is created, by user action.
Inherited permissions are those that are propagated to an object
from a parent object. Inherited
permissions ease the task of managing permissions and ensure
consistency of permissions among allobjects within a given
container.
-
7/28/2019 Exam 70-270 Notes
17/27
Explicit permissions take precedence over inherited permissions,
even inherited Deny permissions. This
has nothing to do with user and group security context.
[9.8] Inherited permissions (file and folders)
All files and folders inherit their permissions from the parent
folder by default
There are three ways to make changes to inherited
permissions:
o Make the changes to the parent folder, and then the file or
folder will inherit these permissions.
Remember this is not related to user and group security!
o Select the opposite permission (Allow or Deny) to override the
inherited permission.
o Clear the 'Allow inheritable permissions from the parent to
propagate to this object and all child
objects. Include these with entries explicitly defined here'
check box. You can then makechanges to the permissions or remove
the user or group from the permissions list. However,the file or
folder will no longer inherit permissions from the parent folder.
You be presented witha confirmation dialog that has these
options
You can 'copy' permission entries making all entries explicit
(convert inherited entries
into explicit)
Or you can remove all inherited permissions and keep only the
current explicit
permissions
You cannot change parent permissions inside a child object -
they show as grayed out if inheritance is on.
If the object is inheriting conflicting settings from different
parents then the setting inherited from the
parent closest to the object in the subtree will have
precedence.
Only inheritable permissions are inherited by child objects.
When setting permissions on the parent object,you can decide
whether folders or subfolders can inherit them with Apply onto.
[9.9] Special shares
drive letter$ - shared resource that enables administrators to
connect to the root directory of a drive
ADMIN$ - resource that is used during remote administration of a
computer. The path of this resource is
always the path to the system root (ex. c:\windows)
IPC$ - resource that shares the named pipes that are essential
for communication between programs.
You use IPC$ during remote administration of a computer and when
you view a computer's sharedresources. You cannot delete this
resource.
NETLOGON - required resource that is used on domain
controllers
SYSVOL - required resource that is used on domain
controllers
PRINT$ - resource that is used during remote administration of
printers FAX$ - shared folder on a server that is used by fax
clients in the process of sending a fax
You cannot browse to $ shares (cannot see them in Explorer)
[9.10] Moving and copying of files
Moving a file on the same volume means that the file location is
moved in MFT only, not the physical file
itself.
When you copy a file, no matter whatever on the same volume or
not, the destination file will inherit the
destination folder's permissions (destination folder and file
permission will be the same)
When you move a file on the same volume, it keeps its all of its
original permissions, explicit and inherited
from original folder. Assign the following names: the file, call
it F, new folder call it A, original folder, callit B. When you
move F from B to A and then make some permissions changes on folder
A, they will beinherited by the file F (unless inheritance is
blocked on F), old inherited permissions (the one's from
folder B) will be removed. However, the file F will keep all
explicit permissions, which is different thencopy operation, where
explicit permissions are removed after copy.
When you move a file to another volume, the move is treated as a
copy operation. The file permissions
are inherited from the destination folder in the same way
regular copy operation permission areinherited.
[9.11] Other points
Groups or users granted Full Control on a folder can delete any
files in that folder regardless of the
permissions protecting the file
Every general permission has 'Synchronize' permission
Read attributes permission includes 'Read Extended Attributes'
permission
Everyone group is no longer granted full control by default to
shares, only read access (as of service pack
1, original had full access)
The Anonymous Logon security group has been removed from the
Everyone security group
Windows XP and 2000 need installation of client software,
twcli32.msi to take advantage ofVolume
Shadow Service (VSS) that is run on Windows Server 2003
computer
Part 10: Managing network connections
[10.1] Installing a network adapter
Make sure you install the latest driver
If you have a combo network card (that has two network
connectors) make sure you configure speed and
cable type
70 to 80 percent of network problems are due to faulty
cabling
If you have a combo network card make sure that the speed and
cable type are configured correctly
[10.2] Configuring TCP/IP
-
7/28/2019 Exam 70-270 Notes
18/27
TCP/IP (transmission control protocol/internet protocol)
developed in 1970's
o Installed by default on Windows XP, most common protocol
supported by almost all OSs
o TCP/IP is scalable, it is a routed protocol
o TCP/IP is a fault tolerant protocol that will dynamically
reroute pockets if network is down and
alternate links exist
o Companion services such as DNS and DHCP exist
o This is the most popular protocol and is the basis of the
internet
IP address uniquely identifies computers on the network, it has
32 bits in it
The loopback IP address is 127.0.0.1, this is your localhost
address. The first address in your network is
for the network itself, the last address is for the network
broadcast.
IP class assignments
o Class A 1-126.x.x.x, hosts supported 16777214, with mask
255.0.0.0
o Class B 128-191.x.x.x, hosts supported 65534, with mask
255.255.0.0
o Class C 192-223.x.x.x, hosts supported 254, with mask
255.255.255.0
Subnet mask is used to specify which part of the IP address is
the network address and which part of the
address is the host part
Default gateway is the location where pockets are sent which are
not destined for your network (you
need routers). Metrics are used to calculate optimal paths to
gateways.
Router is a device that connects two or more network segments
together
Ipconfig is used to show PCs IP configuration
Ping is used to send ICMP echo request packets
Nbtstat is used to display NetBIOS over TCP/IP connection
statistics, also known as NBT
Alternate configuration you can specify what happens when there
is no DHCP server on the network
o Automatic Private IP Addressing (APIPA) - assigns PC address
from the range 169.254.0.1
to 169.254.255.254, in use since Windows 98
o Manual configuration of alternative settings
[10.3] DHCP
DHCP server is used for automatic IP assignment to hosts, here
is the whole process:
o Client seeking IP address brodcasts on the network
DHCPDISCOVER message
o Any DHCP server that receives the message and has available IP
addresses sends a DHCPOFFERfor a period of time called lease
o Client selects one of the offers and brodcasts DHCPREQUEST
indicating its selection
o DHCP server sends DHCPACK message to the client with possible
configuration information like
DNS server IPs
DHCP server must be authorized in AD if part of a domain
If there is no DHCP server on your network segment you can use
DHCP server on another network
segment, provided that the other DHCP server is configured to
give out addresses to PC on othersegments and the router that joins
segments acts as a DHCP relay agent
[10.4] DNS
DNS servers are used for name to IP and IP to name (reverse DNS)
address resolution
HOSTS file is used to resolve nicknames or domain names entries,
located in
systemroot\System32\Drivers\Etc
DNS settings:
o DNS server addresses, in order of use - which DNS server will
be used first to resolve a query
o Append primary and connection-specific DNS suffixes -
specifies how unqualified domain
names are resolved by DNS, for example if primary suffix is
microsoft.com and you enter blah,DNS will try
blah.microsoft.com
o Append parent suffixes of the primary DNS suffix - whatever
name resolution includes the
parent suffix for the primary DNS suffix, up to second level of
the domain name, for examplegiven primary suffix win.ms.com and you
enter blah, DNS will 1st try blah.win.ms.com thenblah.ms.com
o Append these DNS suffixes - additional suffixes that will be
used to resolve unqualified name
o DNS suffix for this connection - DNS suffix for the PC, can
override data supplied by DNS
server
o Register this connection's address in DNS - dynamic
registration using PC name
o Use this connection's DNS suffix in DNS registration
[10.5] WINS
NetBIOS (Basic Input/Output System) resolution to an IP address
can be done in 3 ways
o WINS servers are used for NetBIOS name to IP address
resolution, this server is for backward
compatibility with NT4
o Through broadcast (same network segment)
o LMHOSTS file is a static mapping if IP addresses to NetBIOS
computer names, it is located in
%systemroot%\System32\Drivers\Etc folder
WINS settings:
o WINS addresses, in order of use
o Enable LMHOSTS lookup
o Enable/Disable NetBIOS over TCP/IP
o Use NetBIOS settings from the DHCP server
-
7/28/2019 Exam 70-270 Notes
19/27
NetBEUI - NetBIOS Enhanced User Interface
AppleTalk - is not supported by Windows XP (was supported
before)
[10.6] TCP/IP filtering
Through filtering you can specify for your PC:
o Which TCP ports are permitted
o Which UDP ports are permitted
o Which protocols are permitted
This is set for all adapters at once and is separate from
firewall
It is set up from Network connections -> connection ->
TCP/IP properties -> advanced button -> options
tab
[10.7] Configuring NWLink IPX/SPX/NetBIOS
NWLink IPX/SPX/NetBIOS is Microsoft implementation of Novell
IPX/SPX (Internetwork Packet
Exchange/Sequenced Packet Exchange)
This is just a transport protocol that is routable, if you want
to access Novell servers you need to install
client software
Internal network number - used to identify file servers,
normally leave as is
Frame type - specifies how the data is packaged for
transmission
[10.8] Network access authentication
Network access control using IEEE 802.1X - you choose a method,
password/certificate/smart card
Authenticate as computer when computer information is
available
Authenticate as guest when user or computer information is
unavailable
Part of connection properties
[10.9] Advanced options
Bindings are used to attach protocols to a network adapter. You
can improve performance by binding
common protocols higher in binding order
Part 11: Managing printing
[11.1] Printing related definitions Printer - this is how we
call a piece of software on your PC
Print device - this is the actual hardware printer
Print server - PC to which a local printer is connected - any
Windows PC. It is the computer that sends
print jobs to the print device. For a network printer you send
jobs to the server as well.
Print spooler - also referred to as print queue this is a
directory on print server where jobs are being
stored prior to being printed
Print processor - also known as rendering is the process that
determines whatever a print job needs
further processing once job has been sent to the spooler
Printer pool - configuration that allows to use one printer for
multiple print devices
Print driver - piece of software that understands your print
device codes
Physical port - port through which a printer is directly
connected to the computer, COM or LPT
Logical port - port through which a printer with a network card
is attached to network, much faster than
a physical port
Local printer - printer that uses a physical port and has not
been shared
Network printer - printer that is available to local and network
users, can use either physical or logical
port
[11.2] Printer and print device configurations
1 printer per 1 print device
1 printer for many print devices (print pooling)
Many printers for 1 print device - used usually for print
scheduling
[11.3] Windows print process
When user chooses to print the document, request is sent to
Graphics Device Interface (GDI) which calls
print driver
Print job is sent to a local print spooler which sends the job
to the print server
The print spooler on the print server saves the job to disk
Print processor analyzes the print job to determine whatever
extra processing is needed, separator page is
called if needed
Job is passed to the print manager which directs job to the
right port at the right time
Print device prints the job
[11.4] Printer information
You can use UNIX (LPR) protocol, for this you will need to add
LPR port. LPR is included in "print services"
for UNIX, which is installed as a separate component of Windows
XP You can also have print services for Macintosh and for
Netware
Whenever you hear anything that deals with: LPR, LPD, LPQ think
UNIX
-
7/28/2019 Exam 70-270 Notes
20/27
You can set printer priority (1-99) as well as printer
availability (which means when the printer will be
available timewise) to different user groups as well as access
to the print device itself to different usergroups and individual
users.
For example to use different print priority for two groups you
need to setup two print devices, restrict their
use and set priority on them
If you want to know printer utilization track print queue object
in system monitor
%systemdir%\system32\spool\printers\ is the default location of
the spool folder. You should
change it if your server serves many printers.
A port is defined as the interface that allows the PC to
communicate with the print device
Print.exe - sends a text file to a printer
Net Print - displays information about a specified printer
queue, displays information about a specified
print job, or controls a specified print job
Bidirectional support - option on ports tab that allows printer
to communicate with the computer, for
example print errors
[11.5] Spooling
Spooling is the process of saving the jobs to disk in a queue
before they are sent to the print device
You have the option of:
o Start printing after the last page is spooled - small jobs
that enter the queue after large jobs
may print before large jobs finish spooling
o Start printing immediately - strict order of entry into the
queue determines who gets printed1st
o Print directly to the printer - good for troubleshooting the
print device
You can change location of print spooler
[11.6] Print processor
There are 5 print processors in Windows XP
o RAW - makes no change to the job
o RAW (FF appended) - always adds form feed character
o RAW (FF auto) - tries to determine whatever form feed
character needs to be added
o NT EMF - for use with other Windows XP clients, multiple
versions
o TEXT - interprets all data as plain text
[11.7] Printer Pooling One printer, multiple print devices
Think of it as load balancing for printers, used in larger
enterprises
Need to use the same driver for all print devices that are
member of the pool. Many newer printer devices
will work with older driver, use driver that is the newest for
the oldest printer.
It is enabled with a check box found at the bottom of the ports
tab
When one print device fails the print job gets redirected to
another print device in the pool
[11.8] Redirecting print jobs
You can redirect print jobs provided both printers use the same
driver
When user placed into a queue a request to print a document on a
print device which failed to print
BEFORE commencement of printing you can redirect printing to
another printer To redirect a print job select print device you
want jobs redirected from
If the new printer is on this print server, just select new port
to which the new printer is attached,
otherwise
Click on 'ports' tab
Click on 'add port', select local printer and click on 'new
port'
Type in UNC share name of the printer you want the job
redirected to, in format
\\other_print_server\share_name
Check the check box next to the port you just created
[11.9] Separator pages
Separator pages are used in multi user environments, sample
files are found in %systemroot/system32/
folder with .sep ending
Pcl.sep - used to send a separator page on printers supporting
PCL (Printer Control Language), which is a
common standard
Pscript.sep - doesn't send a separator page but switches the
computer to PostScript printing mode
Sysprint.sep - used by PostScript printers to send separator
pages
Sysprintj.sep - same as sysprint.sep but with support for
Japanese characters
[11.10] Managing printers
To manage printer, right click it, you have following
options:
o Set as Default Printer - jobs will by default be sent to this
printer
o Printing preferences - settings like page layout
o Pause printer - jobs can still be submitted, but will not
print
o Use printer offline - pauses the printer and saves the print
queue so documents in it are
available even after PC reboot
o Other options: Rename, Sharing, Delete
-
7/28/2019 Exam 70-270 Notes
21/27
You can also manage documents with following options:
Pause,Restart,Resume,Cancel,Properties
[11.11] Sharing
When you share a printer it becomes a Network printer
If you don't share your printer it is a Local printer
You cannot share a Fax printer
You can specify print drivers for following systems:
o Alpha Windows NT 4.0
o IA64 Windows XP
o Intel Windows 95/98/Me/NT 4.0/2000/XP
[11.12] Security
There are three print related permissions:
o Print - users can send print jobs to a printer
o Manage Printers - administration of printer consisting of: can
pause,restart printer, change
spool settings, share/unshare printer, change print
permissions
o Manage documents - pause/restart/resume and delete queued
documents, no control over the
printer itself
o Special permissions - used to customize the print options with
allow or deny access with: Print,
Manage Printers, Manage Documents, Read Permissions, Change
Permissions and TakeOwnership
Administrators and Power users can do all tasks
Creator Owner group can Manage Documents only
Everyone group can Print only
Advanced security settings:
o Permissions - list all users, computers and groups that have
been given permissions to the
printer
o Auditing - tracks who is using the printer and what type of
access is being used
o Owner - owner of the printer
o Effective permissions
Part 12: Dial-up networking and Internet
[12.1] Configuring a modem
General: speaker volume, maximum port speed, wait for dial tone
before dialing check box
Selection of country and extra initialization string
Advanced port settings allow to set buffer size
Hardware settings like Data bits, Parity, Stop bits and
Modulation
Data connection settings like Port speed, data protocol,
compression and flow control
You can run diagnostics of your modem
[12.2] Connecting to a Remote access server (RAS)
You can connect to a RAS server using a modem, ISDN or a null
modem cable
Both client and server must use the same connectivity
settings
RAS security settings
o Allow unsecured passwords
o Require secured password
o Use smart card (you will need EAP)
Logon security protocols
o MS-chap (Microsoft Challenge Handshake Authentication
Protocol) still supports NTLM (but not
by default) Same encryption key is used for all connections,
both authentication and connection
data are encrypted
o MS-chap v2 no NTLM and stronger encryption (like salting
passed encrypted password strings)
both MS-chap protocols are the only ones that can change
passwords during the authenticationprocess. New key is used for
each connection and direction.
o Chap - need to enable storage of a reversibly encrypted us
