NT Server (70-67) by Nel
Got a 981 on March 11, 1998.
Exam Cram, the braindumps and Transcender were all very helpful in
guiding my studies. I actually went through the Net Admin book
step by step, and about half the Tech Support book step by step.
I used the reskit and the 2 self-study books as resource materials
in looking up things that T**, braindumps and Exam Cram either did
not go into enough detail on, "didn't look right" (there May Be
one or two errors in NTS T**, several errors in Exam Cram, and, well, I
guess everyone knows by now not to trust answers on braindumps...), or
that I just wanted to know more about, for comfort's sake. This
approach is one I highly recommend if you don't have a year of NT
network admin experience. I also read everything about admin'ing RAS,
user profiles, system policies and backups, that I could find in the
above sources.
Summary: 8 or 9 questions mentioned Netware or Netware-related
technologies. Make sure you look at those parts of the books. You
need to know more than Exam Cram and T** tell you. Hit the reskit,
Technet, MOC's, whatever. There was a bit of overlap with workstation,
regarding install options and the like. I had NO scenarios. I read
MANY braindumps, and still saw maybe 7-8 questions that were totally
new to me, so don't ass-ume that a thorough background in "those who've
gone before" is all that you need.
Here are some selected explanations:
Q. You want to prevent anyone not in the Administrators group from
logging into the domain from a domain controller. How? Make sure
that only Administrators group has the right to logon locally. The
question has some potential choices that mention bogosity about
the Interactive group. If you've done your research and know what
this group is for, you know to ignore them.
Key factoid: Assigning this right from within User Manager for
Domains puts it into effect for all domain controllers. User
rights assigned in this way may not be available on all member
servers -- you may need to individually run User Manager for
Domains, choose "Select Domain", type in a COMPUTER NAME rather
than a domain, and set the right individually for each member
server for which you want the right to be in effect.
Q. You want RAS encryption for some users and not for others... how?
Configure encryption for some ports, and no encryption for others;
assign users to one set of RAS ports or the other depending on
whether or not they need their communication to be encrypted.
Key factoid: ** RAS ENCRYPTION IS SET PER PORT, NOT PER-USER **
Q. Question with exhibit showing import/export setup for PDC
computer in domain XYZZY. In the box for "Export To:", it
shows DOMAIN 1. To which machines will this machine export?
Any BDC, NT Server or NT Workstation that is configured to
import the directories being exported by this server.
Key factoids: Files aren't actually exported to any system
that doesn't explicitly import them. Think of it like customs and
importing/exporting in the real world. Different authorities
govern exporting (source country) and importing (destination
country), and just because one country let you leave with it, does
not mean that the other country automatically imports it. Also,
only NT-based systems can import. Win95 and Win3.x systems can't
participate in replication at all.
Q. Documents fail to print because the partition in which the spool
directory is located, is out of space. What do you do? Change
properties to point to a new spool directory location. There are
some bogus choices about using Disk Administrator to extend the
system partition.
Key factoids: If you want to change the system-wide spool directory,
you can do it through the NT GUI. If you want to change the spool
directory for one printer, you have to edit the registry. KNOW THE
DIFFERENCE!!!
Q. After installing GSNW, what do you do on an NT Server to allow
Win95 clients to access files on a Netware Server? USING GSNW
APPLICATION, go into "Configure Gateway", and add new shares and
drive letters that you wish to make available. ** I DON'T RECALL
THIS QUESTION FROM ANY OTHER BRAINDUMPS **
Key factoid: You add GSNW shares on your NT Server using the GSNW
application's "Configure Gateway" dialog. Specifically, you must
use the GSNW app!! Server Manager, Explorer, etc. ... none of
those are used for creating the initial Novell Server / drive
letter mappings. Look it up if you don't believe me, but in any
case, KNOW it.
Q. You have a server with 5 disks, each containing 2 partitions.
How do you optimize paging files across these disks? Distribute
equally among all partitions except the one containing the system
files, or Distribute equally among all spindles except the one
containing the system and boot files? I chose the second, figuring
that the location of the boot files was irrelevant.
Key factoids: It doesn't help to have page files on multiple disk
_partitions_, and in fact, it probably hurts performance, since the
head now has to zoom back and forth across the platter to different
areas of the disk. What you REALLY want to do with paging files
is distribute them across any _disks_ which (a) do not contain the
system files, and (b) are not striped with parity or mirrored.
You don't want the disk containing the system files to also be used
for paging, because that disk is already very busy, if at all possible.
Similarly, you want to spread the paging "load" across many disks so
that you can get as much benefit as possible from simultaneous I/O.
Q. To use RAS Autodial, what do you need? Phonebook entries for the
sites that you want to be able to autodial. (Other choices involved
DNS, and were bogus)
Key factoid: RAS Autodial does not depend on DNS. In order to
use RAS Autodial, you must have Phonebook entries set up for any
connection that you want to have auto-activated by RAS Autodial.
** This is logical -- if you don't do this, it won't know where
to dial out to. Think about it!
Q. You need to migrate files and user accounts frm NW to NT using
MS' Migration Tools. What needs to be installed on the NT machine
to do this? I GUESSED GSNW, but I'm not sure it's right, and I
can't find this addressed in any of the docs I listed above.
** I think this is a new topic on the test **
Q. You want to implement fault tolerance on a system with 3 disks. NT
is installed on C:. What fault tolerance mechanism do you use:
disk striping, disk striping with parity, or mirror set? Use a
mirror set.
Key factoids: The disk on which NT is installed CANNOT be part of
a stripe set or volume set. Logic: "NT Sever is Not That Smart."
Look at the intitials. Get it? When NT starts up, its fancy
'combine-multiple-disks-into-1' code is not yet running. In order
to read that code off the disk, it has to be able to get to the
disk to begin with, which it can only do, if the code is stored on
a single NTFS or FAT volume. So, that means you can only stripe
with 2 disks. That means "with parity" is out, because it requires
3. "Disk striping" itself is out, because although it only needs
2 disks, it is NOT fault tolerant and doesn't satisfy the requirement.
That leaves mirror set, which you can do.
Q. A stripe set without parity fails. How do you recover? Restore
from backup.
Key factoid: Since a stripe set without parity does not offer any
fault tolerance (just improved performance), to recover data lost
when it fails, you have to restore from backup.
Q. You want to find out the OS and role of each NT-based computer in
the domain. What tool do you use to do this? Server Manager.
Key factoid: Server Manager can be used to find out what role a
machine has in the network (PDC, BDC, member server, workstation),
and which version of NT it's running.
Q. How to speed up NETBIOS name resolution across a RAS link? Put
an LMHOSTS file on the RAS client.
Key factoids: NETBIOS name resolution uses LMHOSTS, and TCP/IP
domain name resolution uses HOSTS. Use your brain to reason out
whether the file goes on the client or server side of the modem.
The client is the one making the name resolution queries. So,
hardcoding names on the server side still requires a net round-trip
for the client to look them up, so that won't speed things
up as much as hardcoding the names on the host that's dialing in.
Misc key factoids:
- Repeat after me: "DISK STRIPING IS NOT FAULT TOLERANT." It is only
fault tolerant if you see "with parity" after those words.
- If you don't backup at least one other file on the volume containing
the registry, the registry WILL NOT get backed up even if you tell NT
to do so. You tell NT to back up the registry by using the /b switch
on the NTBACKUP command (NOT THE "r" SWITCH, which restricts access
to the data on the tape), or by selecting the checkbox in the GUI.
- Gateway addresses are only used for routed networks. Windows NT does
not make ANY assumptions about default subnet masks, and TCP/IP doesn't
know how to grab the "host" bits out of the IP address, to properly find
the host on this network to send a packet to, unless you tell it where
the host bits are, but specifying a subnet mask.
- You give clients running Client for MS Networks access to files on a
Netware server by installing GSNW on the NT Server.
- NWLink gives you the ability to be the client or server for an app; it
does not give you any apps like file or print sharing, by itself,
although it is required for machines that run apps like GSNW (on servers)
or CSNW (on workstations) which communicate with other machines running
NWlink or IPX, and the other side of those apps. Think of NWlink like
the x2 protocol on your fast modem, or like TCP/IP. It gives you a
channel over which you can run stuff, but by itself, has no end-user
functionality.
- The place you install video drivers in NT is NOT the same place you
install them in Win95. Just remember Control Panel -> Display.
- If you've installed the NT admin tools for Win95, you can use them to
remotely perform various interesting activities on a server, like
sharing a CD-ROM. Some people have said that you would use Explorer
to do it. This works if you want to share a device which is located
on your local computer, but if the device does not already have a share
name and is not already shared, and the device is located on a remote
system, Explorer won't let you get to it, so you can't use Explorer to
do anything with it. Again: Use what you know. You KNOW the only
remote resources you can see in Explorer are ones that already have a
sharename....
- MS must truly be in cahoots with the memory manufacturers. They want
you to know that adding more RAM is a way to reduce excessive paging.
- SNMP needs to be installed on any machine whose TCP/IP performance
counters you want to monitor using Perfmon. SNMP does NOT need to be
installed on the machine you're running Perfmon on, unless you want
to monitor its TCP/IP counters, too.
- LFN's get retained when copying to NTFS or VFAT partitions. Permissions
are ONLY retained if you MOVE files on an NTFS partition to another
directory on the same NTFS partition. If you COPY the files, even if
it's on the same partition, the files inherit permissions from the
parent directory. If you get a question about permissions being
retained, READ IT CAREFULLY. MORE THAN ONCE. If it meets the tests
of "MOVE" "to and from the same NTFS partition", the permissions are
retained. Otherwise, they're not.
- If you've ever used MS-DOS, you know that its file system doesn't
support individual file permissions. NT doesn't change that. Use what
you know.
- One of the main things replication is used for, is to distribute login
scripts to all domain controllers. The scripts are customarily kept in
the Scripts subdirectory of the export/ import directory. They MUST be
kept in a subdirectory of the export directory, to get exported. Any
files placed in the export directory itself WILL NOT get exported.
- Changes in group membership are effective the next time the user logs
in, NOT IMMEDIATELY AFTER THEY ARE CHANGED, and NOT
IMMEDIATELY AFTER THE PDC AND BDC SYNCHRONIZE.