Subject: 70-068 NT4 in the Enterprise Brain Dump
Just passed yesterday with 921 points, all I had was 3 years experience and
braindumps, I even had 57 minutes left, I was so hungry I decided not to
review and just submit it immediately.
TIPS:
====
1. A lot on trust relationships, remember these pointers and you can easily
get the tricky questions (a) the trusting domain shares resources (and
preferably in Microsoft way, no user accounts), (b) the trusted domain
contains the user accounts and have no resources to share, (c) MKTG trust
CORP, if you logon to CORP via the MKTG (ie pass-through authentication)
domain, its like your logging on directly to CORP domain, all the access
you'll ever get is the one granted to "CORP/domain users", (d) only local
groups can contain global groups and users, global groups can only contain
users, (e) local groups should be created in the trusting (i.e. resource)
domain and assigned to shared resources while global groups are created in
the trusted (i.e. user) domain, then global groups are made members of the
local groups.
2. Scenario question where a "master-domain" model was used with Chicago in
the center and about 6 other cities (Caracas, Rome, Seattle, etc..) trusting
the Chicago domain. The first solution did not produced the required result
(w/c was to reduce the logon validation traffic on the WAN links) simply
because all the PDC/BDCs were located only on the Chicago domain. The
second solution I think did meet the required and all optional results.
3. A PDC or BDC cannot change domains, reinstallation is the only option.
Setting up a new BDC requires physical connectivity to the PDC. Setting up
a server-only doesn't need connectivity to the domain, configure it to use
workgroup first then let it join a domain later on.
4. There are two ways for an NT server/workstation to join a domain, (1) let
the domain administrator create a computer account using Server Manager then
set the domain name in the Identification tab of the Network applet in the
Control Panel; (2) set the domain name in the Identification tab of the
Network applet in the Control Panel and check the "create a computer
account" and type in the domain administrator name and password.
5. A scenario question on backing up domain conrtrollers, member servers,
and NT workstations. A global group was assigned "backup/restore files"
rights, this only allows the members of the group to backup the domain
controllers. That same global group must be assigned the "Backup Operators"
local group of all the member servers, and alll the NT workstations for the
members of that group to be able to backup all of them.
6. A WinNT server has two NICs and connected to two different subnet. They
want the DHCP server on one subnet to service the other subnet. My asnwers
is to install a DHCP relay agent.
7. To monitor overall processor counter (in case you have two or more CPUs)
use the %Sytem object, this will show only one line in the chart. Use the
%LogicalDisk for monitoring partitions. Use %PhysicalDisk to monitor the
disk itself and use "diskperf -y" then reboot so that the counters will not
show all zeroes.
Not sure tips:
==========
1. There was a question on system policies when one user belongs to two or
more groups and those two or more groups each have thier own system policy.
My answer to this is that you can assign relative priorities to each of the
group policy files.