Windows Server 2003 Network Planning MCSE 70-293

Download 70-293 exam questions&answers for FREE!

In this practice, you generate three RSoP queries.

Exercise 1: Creating an RSoP Query with the Resultant Set Of Policy Wizard Logging Mode

In this exercise, you create an RSoP query with the Resultant Set Of Policy Wizard Logging mode and view the results in the RSoP query console.

^      To create an RSoP query with Logging mode

1.      Log on to Serverl as Administrator.

2.      On Serverl, use the procedure provided earlier in this lesson to create an RSoP

query with the Resultant Set Of Policy Wizard Logging mode. Create the query for

the settings applied to User? on Serverl (this computer).

3.      View the results of the RSoP query on the RSoP query console in the User Configuration node, in the Administrative Templates node. The settings from the West

OU Desktop GPO are shown.

4.      Save the RSoP query console as User? RSoP.

5- Open the West OU Desktop GPO. In the User Configuration node, in the Administrative Templates node, in the Desktop node, configure the Hide My Network Places Icon On Desktop setting to Enabled.

6.      Open the User? RSoP console. Is the new setting in the West OU Desktop GPO

reflected in the RSoP? Why?

No, the new setting in the West OU Desktop GPO is not reflected in the User? RSoP because User? has not yet logged on since the new GPO settings were implemented.

7.      Log off as Administrator, then log on as User?. Is the My Network Places icon visible on the desktop? Why?

No, the My Network Places icon is not visible on the desktop because the West OU Desktop GPO setting hides the icon.

8.      Log off as User?, then log on as Administrator. Open the User? RSoP console. Is

the new setting in the West OU Desktop GPO reflected in the RSoP? Why?

Yes, the new setting in the West OU Desktop GPO is reflected in the User? RSoP because User? has logged on since the new GPO settings were implemented.

Download MCSE 70-293 Cert Flash Cards App to try out all the features of the app and sample a featured card pack. If you like it, you can buy the entire application and unlock all remaining packs through the convenient in-app purchase option.
The MCSE 70-293 Cert Flash Cards App provides a concise review of all objectives on the Windows Server 2003 exam 70-293: MCSE: Planning and Maintaining a Windows Server 2003 Network Infrastructure. This alternative learning format presents a unique approach that compliments other self-study formats like books and practice tests. Cert flash cards online consist of a custom flash card application loaded with 355 total questions that test your skills and enhance retention of exam topics.
Questions are organized by exam objective, allowing you to focus your study on selected topics. You can choose to view cards in order or at random, and you can create custom sets from the entire bank of cards. The engine provides you with the ability to mark each question correct or incorrect and provides a detailed score report by category at the end of the exam. You can even write notes on each question and then view or email a report of all your notes aligned to the relevant questions.
These robust features make this a truly unique learning tool:
• Test your knowledge by entering your own answers
• Grade your answers against the correct answer
• Create custom question sets
• View detailed score reports
• Enter notes on each question

After you create an RSoP query -with the Resultant Set Of Policy Wizard, you can save the RSoP query and you can save the RSoP query data. By saving the RSoP query, you can reuse it for processing another RSoP query later. The query is saved in the RSoP query console. By saving the RSoP query data, you can revisit the RSoP as it appeared for a particular query when the query was created. The query data is archived to an RSoP console, which you cannot use to process another RSoP query.

To save an RSoP query, complete the following steps:

1.      After you have created an RSoP query, on the console for the RSoP query, in the

File menu, select Save.

2.      In the Save As dialog box, in the File Name box, type the name you want to use

for the query console name, and then click Save. The saved RSoP query console

has an .msc file name extension and appears on the Administrative Tools menu.

If you created an RSoP query from the Active Directory Users And Computers or Active Directory Sites And Services consoles, you must remember to save the query to %Systemroot%\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools for the query to be available on the Administrative Tools menu.

To save the data from an RSoP query, complete the following steps:

1.      After you have created an RSoP query, on the console for the RSoP query, right-

click the user account-RSoP or the computer account-RSoP node, point to View,

and then select Archive Data In Console File.

2.      On the File menu, click Save.

3.      In the Save As dialog box, in the File Name box, type the name you want to use

for the RSoP console containing the archived data, and then click Save. The saved

RSoP console containing the archived data has an .msc file name extension and

appears on the Administrative Tools menu.

Note If you created an RSoP query from the Active Directory Users And Computers or Active Directory Sites And Services consoles, you must remember to save the archived query data to %Systemroot%\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools for the archived query data to be available on the Administrative Tools menu.

Viewing RSoP Queries

After you create an RSoP query with the Resultant Set Of Policy Wizard and save it, the query information appears in the RSoP query console, which looks like a Group Policy Object Editor console. The RSoP query console contains four types of information that you can view. They are

•       Individual policy settings

•       A list of GPOs associated with the query

•       The scope of management associated with the query

•       GPO revision information

The 70-293 exam is a core exam for the MCSE Windows 2003 certification, and tests professionals on their ability to plan and maintain a Windows 2003 network infrastructure. As of January 2003 there were over 200,000 Microsoft Certified Professionals. Not only will the majority of these be looking to upgrade to their 2003 MCSE, but the exam is expected to grow with new users. This Training Guide offers in-depth coverage of exam topics and offers hands-on instruction that helps readers to pass the 70-293 exam. This book can be used as a sole study guide or it can be used with instructor-led classes, Exam Cram 2 books, and/or CBT training.

As you learned in Chapter 10, GPOs are cumulative as they are applied to a local computer, site, domain, and OU hierarchy. RSoP is the sum of the policies applied to a user or computer, including the application of filters, such as through security groups and Windows Management Instrumentation (WMI), and exceptions, such as No Override and Block Policy Inheritance. Because of the cumulative effects of GPOs, filters, and exceptions, determining a user or computer's RSoP can be difficult. However, the ability to generate RSoP queries in Windows Server 2003 makes determining RSoP easier. In Windows Server 2003, an RSoP query engine is available to poll existing GPOs and report the affects of GPOs on users and computers. The query engine also checks for security groups and WMI queries used to filter GPO scope, and checks Software Installation for any applications that are associated with a particular user or computer and reports the affects of these settings as -well. This information is gathered from the Common Information Management Object Model (CIMOM) database.

Note A detailed discussion of WMI is beyond the scope of this training kit. For detailed information about WMI, refer to the MSDN Library at http://msdn.microsoft.com/library. You can find information about WMI by pointing to Setup and System Information, Windows Management Instrumentation (WMI), and finally Technical Articles.

Windows Server 2003 provides the following three tools for generating RSoP queries:

•       Resultant Set Of Policy Wizard

•       Gpresult command-line tool

•       Advanced System Information-Policy tool

Each tool uses a different interface and provides different levels of RSoP query information, as discussed in the sections that follow.

MCSA/MCSE 70-293 Exam Cram, Second Edition is the perfect study guide if you need help passing the 70-293 exam. Among exam objectives, you must learn to use remote desktop for administration, manage IIS 6.0, revive a failed server, choose between forest and domain functional levels, and configure software update services. This new edition covers all these topics, includes two full practice exams, and has been updated against Microsoft's official courseware (MOC) that corresponds to this exam.  MCSA/MCSE 70-293 Exam Cram, Second Edition  is perfect for you if you need a refresher on important concepts as well as a guide to exam topics and objectives. You'll get test-taking strategies, time-saving study tips, a CD-ROM testing engine, and a special Cram Sheet that includes tips, acronyms, and memory joggers not available anywhere else.

Covers the critical information you’ll need to know to score higher on your 70-293 exam!

* Identify security requirements for different server roles
* Deploy security configurations based on server roles
* Plan a TCP/IP network infrastructure strategy
* Identify routing requirements
* Plan host name and NetBIOS name resolution strategies
* Implement secure access between private networks using IPSec
* Troubleshoot system performance using System Monitor
* Plan for high availability using Cluster Service and Network Load Balancing
* Deploy secure remote administration methods
* Implement a Public Key Infrastructure using Certificate Service
Jason Zandri currently holds the position of technical account manager at Microsoft Corporation and has worked as a technical trainer and consultant for a variety of corporate clients. He also has written a number of CompTIA and Microsoft prep tests for Boson Software as well as a number of published articles for 2000trainers.com,

MCMCSE.com, Serverwatch.com and Certification Magazine. Jason has obtained a large number of industry  certifications, some of which include: MCT, MCP, MCSA, MCSE, and CISSP.

Custom queuing prioritizes multiprotocol traffic. A maximum of 16 queues can be built with custom

queuing. Each queue is serviced sequentially until the number of bytes sent exceeds the configurable

byte count or the queue is empty. One important function of custom queuing is that if SNA traffic

uses only 20 percent of the link, the remaining 20 percent allocated to SNA can be shared by the

other traffic.

Custom queuing is designed for environments that want to ensure a minimum level of service for all

protocols. In today’s multiprotocol internetwork environment, this important feature allows

protocols of different characteristics to share the media.

Weighted Fair Queuing

Weighted fair queuing is a traffic priority management algorithm that uses the time-division

multiplexing (TDM) model to divide the available bandwidth among clients that share the same

interface. In time-divisionmultiplexing, each client is allocated a time slice in a round-robin fashion.

In weighted fair queuing, the bandwidth is distributed evenly among clients so that each client gets

a fair share if every one has the same weighting. You can assign a different set of weights, for

example through type-of-service, so that more bandwidth is allocated.

If every client is allocated the same bandwidth independent of the arrival rates, the low volume traffic

has effective priority over high volume traffic. The use of weighting allows time-delay-sensitive

traffic to obtain additional bandwidth, thus consistent response time is guaranteed under heavy

traffic. There are different types of data stream converging on a wire, as shown in Figure 2-7.

The 70-293 exam preparation advice, practice tests, questions of the day, and
discussion groups on.
In addition, you might find any or all of the following materials useful in your
quest for Windows Server 2003 expertise:
. Microsoft training kits—Microsoft Learning offers a training kit that
specifically targets Exam 70-293. For more information, visit
http://www.microsoft.com/learning/books/. This training kit contains
information that you will find useful in preparing for the test.
. Its offerings include product facts, technical
notes, tools and utilities, and information on how to access the
Seminars Online training materials for Windows Server 2003 and the
Windows Server System line of products.
. Study guides—Several publishers—including Que Publishing—offer
Windows Server 2003, Windows Vista, Windows XP, and Windows
2000 titles. Que Publishing offers the following:
. The Exam Cram series—These books give you insights about the
material that you need to know to successfully pass the certification
tests.
. The MCSE Exam Prep series—These books provide a greater level of
detail than the Exam Cram books and are designed to teach you
everything you need to know about the subject covered by an exam.
Together, these two series make a perfect pair.
. Classroom training—CTECs, online partners, and third-party training
companies (such as Wave Technologies, New Horizons, and Global
Knowledge) all offer classroom training on Windows Server 2003,Windows Vista, Windows XP, and Windows 2000. These companies aim
to help you prepare to pass Exam 70-293 as well as several others.
Although this type of training tends to be pricey, most of the individuals
lucky enough to attend find this training to be quite worthwhile.
. Other publications—There’s no shortage of materials available about
Windows Server 2003. The “Need to Know More?” resource sections at
the end of each chapter in this book give you an idea of where we think
you should look for further discussion.
This set of required and recommended materials represents an unparalleled collection
of sources and resources for Windows Server 2003 and related topics.
We anticipate that you’ll find this book belongs in this company.
About This Book
Each topical Exam Cram chapter follows a regular structure and contains graphical
cues about important or useful information. Here’s the structure of a typical
chapter:
. Opening hotlists—Each chapter begins with a list of the terms, tools, and
techniques that you must learn and understand before you can be fully
conversant with that chapter’s subject matter. The hotlists are followed
with one or two introductory paragraphs to set the stage for the rest of
the chapter.
. Topical coverage—After the opening hotlists and introductory text, each
chapter covers a series of topics related to the chapter’s subject.
Throughout that section, we highlight topics or concepts that are likely
to appear on a test, using a special element called an alert.

This is what an alert looks like. Normally, an alert stresses concepts, terms, software,
or activities that are likely to relate to one or more certification-test questions. For
that reason, we think any information in an alert is worthy of unusual attentiveness on
your part.
You should pay close attention to material flagged in Exam Alerts;
although all the information in this book pertains to what you need to
know to pass the exam, Exam Alerts contain information that is really
important. You’ll find what appears in the meat of each chapter to be

After you design the revocation process, you can design the auditing process. As you design the auditing process, think about the following things:

•       Consider the configuration of auditing.

Q Auditing of CA activity requires configuration in the Certification Authority console, but it is dependent on the establishment of object access auditing in the Windows Settings, Security Settings, Local Policies, Audit policy of the appropriate Group Policy Object (GPO).

Q If object access auditing is not turned on, specific CA activity will not be recorded in the Security event log. If the CA exists on a member server, the Audit policy should be set using Group Policy. The GPO should be linked to the domain or organizational unit (OU) that the CA computer is a member of. (The design of Group Policy is discussed in Chapter 5 and Chapter 8.)

•       Consider the events that can be audited. These are configured from the CA audit

properties page as shown in Figure 2-17.

Q Back Up And Restore Of The CA Database. Auditing these events provides a solid record of backup. Checking for successful backup is always a sound activity. In addition, an unexpected restore of the CA database located by the audit might be an indication of tampering and should be investigated.

Q Change CA Configuration. Auditing these events allows for the tracking of successful and unsuccessful changes to configuration against planned and approved changes and provides a record of proper maintenance. Possible tampering can also be confirmed. Configuration events audited include adding and removing templates, configuration of the CRL publication schedule, configuration of the CDPs and AIAs, changes to policy modules, and key archival and recovery.

Q Change CA Security Settings. These events include the configuration of CA roles for role-based administration, setting of restrictions on Certificate Managers, and the configuration of auditing. It's important to note that these configuration events are not recorded by turning on the Changes In Configuration settings— you must turn on Changes In CA Security Settings Auditing.

Q Issue And Manage Certificate Requests. Auditing these events will record successful and failed attempts at issuance of certificates and their management. A record can be produced for each certificate requested, issued, or imported.

Q Revoke Certificates And Publish CRL. Auditing these events will record successful and failed attempts to revoke certificates and publish CRLs.

Q Store And Retrieve Archived Keys. If key archival is configured, auditing these events will record successful or failed attempts at storage and retrieval. Access to archived keys should be performed only according to strict policy to ensure that only authorized administrators retrieve the keys and that they are returned to the correct owner. There are technical controls to ensure this; however, checking the audit of the process against documented approved need will enable discovery of unauthorized attempts and compromised keys.

Q Start And Stop Certificate Services. Stopping and starting certificate services is necessary to accomplish some configuration and policy changes, as well as CA key renewal. The actual events should always be audited against approved maintenance.

Consider which events to audit.

Q To decide which events to audit, determine how much knowledge is needed. The amassing of large volumes of records that might never be examined is counterproductive. The policy, and therefore the design, of the audit should keep these things in mind. One way to make a determination is to examine the impact of auditing each event and make decisions based on impact vs. value.

Q You should also "work with your organization's legal department to determine whether auditing certain types of events are required by law or regulation and what the retention period is for keeping records of those events.

Q The first attempt at decision making can be based on which audited events produce few records and yet provide valuable and critical security information. Items such as the stopping and starting of Certificate Services, storage and retrieval of archived keys, backup and restore, and configuration changes should not overwhelm event logs with activity, and all provide information that is critical to understanding the security status of the CA and being able to reconstruct major CA security policy operations.

Q Gathering the events just listed costs little but produces a large benefit. However, recording each certificate request, issuance, and revocation and each CRL publication might have little value in many environments and the current information can be found in the Certification Authority console. Collecting such information in the security log would seem to be useful only for reconstruction of events and for keeping permanent records of activity. Collecting the information in the security log will vastly increase the amount of records and thus the amount of space needed to maintain logs and log archives. It might also overwhelm those whose responsibility it is to review the logs. Important events can be hidden in a sea of ordinary activity.

•       Consider using correct auditing techniques or ways to review the information.

Q Using correct techniques can counter the negative effects of massive logs. When events are filtered according to their importance, critical events are easily discernible.

Q In addition, while reviewing large amounts of ordinary activity is often fruit-less, examining the trends shown in the collected information can be valuable. If knowledge of what is ordinary exists, the abnormal can trigger further investigation. What, for example, is the meaning of a sudden large increase in revocation? Or in certificate request denial? These trends are not observable via simple viewing of the CA console.

•       Write a security log review process. Collection of records is an exercise in futility

if records are not reviewed.

•       Before CA-specific auditing events will be recorded, object auditing must be

turned on in the Audit Policy portion of Group Policy. Consider where this should

be done. The offline root CA will require object auditing to be turned on to cap¬

ture local information. The other CAs should be placed in a designated OU so that

the entire security baseline for CAs can be easily applied. A GPO can be linked to

this OU, and the GPO's audit policy can be set to audit object access for success

and failure.

See Also Careful consideration of the meaning of events will enable the development of the best audit design for each CA implementation. For more information about designing audits in general, see Chapter 9.