Windows Server 2003 interview questions

Windows Server 2003 interview  questions  How do you double-boot a Win 2003 server box? The Boot.ini file is set as read-only, system, and hidden to prevent unwanted editing. To change the Boot.ini timeout and default settings, use the System option in Control Panel from the Advanced tab and select Startup. What do you do if earlier application doesn’t run on Windows Server 2003? When an application that ran on an earlier legacy version of Windows cannot be loaded during the setup function or if it later malfunctions, you must run the compatibility mode function. This is accomplished by right-clicking the application or setup program and selecting Properties –> Compatibility –> selecting the previously supported operating system.  If you uninstall Windows Server 2003, which operating systems can you revert to? Win ME and Win 98. How do you get to Internet Firewall settings? Start –> Control Panel –> Network and Internet Connections –> Network Connections. What are the Windows Server 2003 keyboard shortcuts? Winkey opens or closes the Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next application in the taskbar. Winkey + SHIFT + TAB moves the focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer. Winkey + F opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimization. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer. What is Active Directory? Active Directory is a network-based object store and service that locates and manages resources, and makes these resources available to authorized users and groups. An underlying principle of the Active Directory is that everything is considered an object—people, servers, workstations, printers, documents, and devices. Each object has certain attributes and its own security access control list (ACL). Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003? The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory. How long does it take for security changes to be replicated among the domain controllers? Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA). What’s new in Windows Server 2003 regarding the DNS management? When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory. If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard. When should you create a forest? Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions. How can you authenticate between forests? Four types of authentication are used across forests: (1) Kerberos and NTLM network logon for remote access to a server in another forest; (2) Kerberos and NTLM interactive logon for physical logon outside the user’s home forest; (3) Kerberos delegation to N-tier application in another forest; and (4) user principal name (UPN) credentials. What snap-in administrative tools are available for Active Directory? Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from adminpak) What types of classes exist in Windows Server 2003 Active Directory?  Structural class. The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes. Abstract class. Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects. Auxiliary class. The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action. 88 class. The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments. How do you delete a lingering object? Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Active Directory.  What is Global Catalog? The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network. How is user account security established in Windows Server 2003? When an account is created, it is given a unique access number known as a security identifier (SID). Every group to which the user belongs has an associated SID. The user and related group SIDs together form the user account’s security token, which determines access levels to objects throughout the system and network. SIDs from the security token are mapped to the access control list (ACL) of any object the user attempts to access. If I delete a user and then create a new account with the same username and password, would the SID and permissions stay the same? No. If you delete a user account and attempt to recreate it with the same user name and password, the SID will be different.  What do you do with secure sign-ons in an organization with many roaming users? Credential Management feature of Windows Server 2003 provides a consistent single sign-on experience for users. This can be useful for roaming users who move between computer systems. The Credential Management feature provides a secure store of user credentials that includes passwords and X.509 certificates. Anything special you should do when adding a user that has a Mac? "Save password as encrypted clear text" must be selected on User Properties Account Tab Options, since the Macs only store their passwords that way. What remote access options does Windows Server 2003 support? Dial-in, VPN, dial-in with callback. Where are the documents and settings for the roaming profile stored? All the documents and environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all changes to the locally stored profile are copied to the shared server folder. Therefore, the first time a roaming user logs on to a new system the logon process may take some time, depending on how large his profile folder is. Where are the settings for all the users stored on a given machine? \Document and Settings\All Users

Windows 2000 administration questions

1. Explain hidden shares. Hidden or administrative shares are share names with a dollar sign ($) appended to their names. Administrative shares are usually created automatically for the root of each drive letter. They do not display in the network browse list.
2. How do the permissions work in Windows 2000? What permissions does folder inherit from the parent? When you combine NTFS permissions based on users and their group memberships, the least restrictive permissions take precedence. However, explicit Deny entries always override Allow entries.
3. Why can’t I encrypt a compressed file on Windows 2000? You can either compress it or encrypt it, but not both.
4. If I rename an account, what must I do to make sure the renamed account has the same permissions as the original one? Nothing, it’s all maintained automatically.
5. What’s the most powerful group on a Windows system? Administrators.
6. What are the accessibility features in Windows 2000? StickyKeys, FilterKeys Narrator, Magnifier, and On-Screen Keyboard.
7. Why can’t I get to the Fax Service Management console? You can only see it if a fax had been installed.
8. What do I need to ensure before deploying an application via a Group Policy? Make sure it’s either an MSI file, or contains a ZAP file for Group Policy.
9. How do you configure mandatory profiles? Rename ntuser.dat to ntuser.man
10. I can’t get multiple displays to work in Windows 2000. Multiple displays have to use peripheral connection interface (PCI) or Accelerated Graphics Port (AGP) port devices to work properly with Windows 2000.
11. What’s a maximum number of processors Win2k supports? 2
12. I had some NTFS volumes under my Windows NT installation. What happened to NTFS after Win 2k installation? It got upgraded to NTFS 5.
13. How do you convert a drive from FAT/FAT32 to NTFS from the command line? convert c: /fs:ntfs
14. Explain APIPA. Auto Private IP Addressing (APIPA) takes effect on Windows 2000 Professional computers if no DHCP server can be contacted. APIPA assigns the computer an IP address within the range of 169.254.0.0 through 169.254.255.254 with a subnet mask of 255.255.0.0.
15. How does Internet Connection Sharing work on Windows 2000? Internet Connection Sharing (ICS) uses the DHCP Allocator service to assign dynamic IP addresses to clients on the LAN within the range of 192.168.0.2 through 192.168.0.254. In addition, the DNS Proxy service becomes enabled when you
    implement ICS.

Windows admin interview questions

1.     Describe how the DHCP lease is obtained. It’s a four-step process consisting of (a) IP request, (b) IP offer, © IP selection and (d) acknowledgement.

2.     I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my address is 169.254.*.*. What happened? The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).

3.     We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP leases off of it. The server must be authorized first with the Active Directory.

4.     How can you force the client to give up the dhcp lease if you have access to the client PC? ipconfig /release

5.     What authentication options do Windows 2000 Servers have for remote clients? PAP, SPAP, CHAP, MS-CHAP and EAP.

6.     What are the networking protocol options for the Windows clients if for some reason you do not want to use TCP/IP? NWLink (Novell), NetBEUI, AppleTalk (Apple).

7.     What is data link layer in the OSI reference model responsible for? Data link layer is located above the physical layer, but below the network layer. Taking raw data bits and packaging them into frames. The network layer will be responsible for addressing the frames, while the physical layer is reponsible for retrieving and sending raw data bits.

8.     What is binding order? The order by which the network protocols are used for client-server communications. The most frequently used protocols should be at the top.

9.     How do cryptography-based keys ensure the validity of data transferred across the network?  Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends, the data was modified or corrupted.

10.            Should we deploy IPSEC-based security or certificate-based security? They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of the packets. Certificate-based security ensures the validity of authenticated clients and servers.

11.            What is LMHOSTS file? It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.

12.            What’s the difference between forward lookup and reverse lookup in DNS? Forward lookup is name-to-address, the reverse lookup is address-to-name.

13.            How can you recover a file encrypted using EFS? Use the domain recovery agent.

14. What is a Firewall?
Firewalls are of two types:
-Hardware Firewall
-Software Firewall.
Firewall in simple manner is bascially the utility to provide the security over the network. These are the security measures that prevents the network’s in and out traffic to pass through the specific Security filters so that the unwanted and unsecure data can be stopped from entering into the network..
further… as a security measure it also depends on the network designer and implementer that how to use a Firewall mean to say the security measures like how to present the content filtering and Url filtering which type of firewall should be used and where to put it..

15. What a protocol actually means:
A Protocol is bascially set of rules designed and developed for the internetwork or can say intranetwork Communications. the need of Tcp had been rised in early years when like.. IBM Mainframe were not able to Communicate with the Burroughs mainframe.. means if you wish to connect 2 or more computers they should be same with everything from manufacturer to designer and implementer…then TCP imerged as a solution-for-ever..
EARLIER it was NCP( Network Control Protocal) but later it refined into TCP( Transmission Control Protocol) and IP(Internet Protocol)on jan.1,1983..
Some General roles of TCP/IP are:
1. Independence from particular vendor or network.
2. very low data overhead
3. good failure recovery.
and if the thinghs are taken seprately.. then
TCP is bascially responsible for proper data transmission by assuring data integrity it is a connection oriented protocol that follows the under scenerio
1. Handshaking.
2. Packect Sequencing
3. Flow Control.
4. Error handling.
IP : Since the data to be sent must be put somewhere the IP works here .. the required data is packaged in an IP packet.

16. Ip Address Ranges:
    Class A: 0-126. 127 is a Broadcast
    Class B: 128-191
    Class C: 192-223
    Class D: 224-239
    Class E: 240-255.

17.  What is the difference between TCP and UDP

TCP is a connection oriented protocol, which means that everytime a packet is sent say from host A to B, we will get an acknowledgement. Whereas UDP on the other hand, is a connection less protocol.

Where will it be used : TCP -> Say you have a file transfer and you need to ensure that the file reaches intact, and time is not a factor, in such a case we can use TCP.

UDP-> Media Streaming, question is say you are watching a movie…would you prefer that your movie comes..perfectly….but u need to wait a long time before you see the next frame ?..or would you prefer the movie to keep streaming…Yes…The second option is definely better….This is when we need UDP

18. Main differences between Exchange 2000 and 2003.

       Improved security, including all those of IIS v 6.0.

       HTTP over RPC means you do not need to configure a VPN for OWA.

       Up to 8 node Active / Passive clustering.

       Volume Shadow Copy for backup.

       Super upgrade tools like ExDeploy.

       pfMigrate utility to move public folders from legacy systems.

       An attempt to control Junk email both on the client and the server.

18. FSMO ?

      Flexible Single Master Operations

The Five FSMO Roles

There are just five operations where the usual multiple master model breaks down, and the Active Directory task must only be carried out on one Domain Controller.

1.      PDC Emulator - Most famous for backwards compatibility with NT 4.0 BDC's.  However, there are two other roles which operate even in Windows 2003 Native Domains, synchronizing the W32Time service and creating group policies.  I admit that it is confusing that these two jobs have little to do with PDCs and BDCs. 
 

2.      RID Master - Each object must have a globally unique number (GUID).  The RID master makes sure each domain controller issues unique numbers when you create objects such as users or computers.  For example DC one is given RIDs 1-4999 and DC two is given RIDs 5000 - 9999.
 

3.      Infrastructure Master - Responsible for checking objects in other other domains.  Universal group membership is the most important example.  To me, it seems as though the operating system is paranoid that, a) You are a member of a Universal Group in another domain and b) that group has been assigned Deny permissions.  So if the Infrastructure master could not check your Universal Groups there could be a security breach.
 

4.      Domain Naming Master - Ensures that each child domain has a unique name.  How often do child domains get added to the forest?  Not very often I suggest, so the fact that this is a FSMO does not impact on normal domain activity.  My point is it's worth the price to confine joining and leaving the domain operations to one machine, and save the tiny risk of getting duplicate names or orphaned domains.
 

5.      Schema Master - Operations that involve expanding user properties e.g. Exchange 2003 / forestprep which adds mailbox properties to users.  Rather like the Domain naming master, changing the schema is a rare event.  However if you have a team of Schema Administrators all experimenting with object properties, you would not want there to be a mistake which crippled your forest.  So its a case of Microsoft know best, the Schema Master should be a Single Master Operation.

19. DNS (Domain Name System)

Active Directory absolutely relies on DNS, this is why you must become an expert on configuring DNS.  Once DNS is setup, it runs itself thanks to the new dynamic component hence DDNS.  TCP/IP knowledge plus understanding of how DNS works is essential when troubleshooting connectivity problems.

What DNS does is enable client machines to resolve servers IP addresses.  Once the client finds the server, Active Directory uses LDAP to locate services like Kerberos, Global Catalog that clients request.

Your first domain controller can be tricky to setup.  To begin with plan then check the Computer Name found in the System Icon.  Before you run DCPROMO make sure you have the correct Primary DNS Suffix, drill down through the More.. button.

My tactic is to do as little configuring of the forward lookup zone as possible and leave it all to the DCPROMO wizard.  Once Active Directory creates the forward lookup zone, I configure Active Directory integration to to replicate DNS records to the other servers.  Then I manually create the reverse lookup zone, add PTR records and check with NSLOOKUP.

20. DHCP (Dynamic Host Control Protocol)

I used to think you needed a DHCP server on every Subnet, but now I recommend just two DHCP servers to share each scope, with a DHCP relay agent on each subnet.  DHCP fits in well with DNS and domain controllers, so I would install DHCP on selected domain controllers.

Once you have installed DHCP, there is much configuration work. But before you do anything else, you must Authorize the DHCP servers in Active Directory.  I believe this authorization is a device to make you stop and think 'do I need another DHCP server?'  Officially the authorization is to prevent rogue techies installing an extra DHCP server when it takes their fancy.