1 :: What is difference between Switch & Hub?
Switch:Switches operate at Layer 2 Data Link LayerAddress LearningForward / Filter decision using MAC addressLoop AvoidanceBreakup collision domainsSwitches create separate collision domains but a single broadcast domainHub:Hub operates at Layer 1 Physical LayerNo FilteringNo AddressingHub creates single collision domain and single broadcast domainMake forwarding to all the ports when signal is arrived
2 :: What is PING utility?
PING – Packet Internet GopherA utility that verifies connections to one or more remote hosts. The ping command uses the ICMP echo request and echo reply packets to determine whether a particular IP system on a network is functional. Ping is useful for diagnosing IP network or router failures.
3 :: What is a VLAN? What does VLAN provide?
VLAN – Virtual Local Area NetworkVlan is a logical grouping or segmenting a network connected to administratively defined ports on a switch, they provide Broadcast control, Security and Flexibility.
4 :: What is Subnetting? Why is it used?
Used in IP Networks to break up larger networks into smaller subnetworks. It is used to reduce network traffic, Optimized network performance, and simplify management i.e. to identify and isolate network problems.
5 :: Difference between the Communication and Transmission?
Communication is the process of sending and receiving data by means of a data cable that is connected externally.Transmission means the transfer of data from the source to the destination.
6 :: What is RAID in ccna?
A method used to standardize and categorize fault-tolerant disk systems. RAID levels provide various mixes of performance, reliability, and cost. Some servers provide three of the RAID levels: Level 0 (striping), Level 1 (mirroring), and Level 5 (striping & parity).
7 :: What are 10Base2, 10Base5 and 10BaseT Ethernet LANs?
10Base2 an Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses baseband signaling, with a contiguous cable segment length of 200 meters (185mts). Known as Thinnet.10Base5 an Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses baseband signaling, with a contiguous cable segment length of 500 meters. Known as Thicknet.10BaseT an Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses two pairs of twisted-pair baseband signaling, with a contiguous cable segment length of 100 meters.
8 :: What are the two types of Transmission Technology available in ccna?
Two types of Transmission Technology available in ccna are Point – to – Point and Broadcast 9 :: What is point-to-point protocol in ccna? An industry standard suite of protocols for the use of point-to-point links to transport multiprotocol datagrams.
10 :: What are the possible ways of data exchange in ccna?
Possible ways of data exchange in ccna are Simplex Half-duplexFull-duplex
11 :: What is difference between Baseband and Broadband Transmission in ccna?
In a baseband transmission, the entire bandwidth of the cable is consumed by a single signal. In broadband transmission, signals are sent on multiple frequencies, allowing multiple signals to be sent simultaneously.
12 :: What is Protocol Data Unit in ccna?
The processes at each layer of the OSI model.Layers----------PDUTransport-------SegmentsNetwork---------Packets/DatagramsData Link-------FramesPhysical--------Bits 13 :: What are major types of Networks and explain?
Peer-to-Peer NetworkComputers can act as both servers sharing resources and as clients using the resources.Server-based NetworkProvide centralized control of network resources and rely on server computers to provide security and network administration
14 :: What is Passive Topology in ccna?
When the computers on the network simply listen and receive the signal, they are referred to as passive because they don’t amplify the signal in any way.
15 :: What is the Mesh Network?
A network in which there are multiple network links between computers to provide multiple paths for data to travel. •
16 :: How network Gateway is different from Routers?
GatewayA device connected to multiple physical TCP/IP networks capable of routing or delivering IP packets between them.RouterIt’s a layer 3 device that connects 2 different networks and routes packets of data from one network to another. It breaks up Broadcast domain as well as Collision Domain.
17 :: What is the network Brouter?
It’s a Hybrid device that combines the features of both bridges and routers.
18 :: What is the network Subnet?
A subnet is the subdivision of an IP network.
19 :: What is the Frame relay, in which layer it comes?
Frame relay is an industry standard, shared access, switched Data Link Layer encapsulation that services multiple virtual circuits and protocols between connected mechanism.Frame relay is a packet-switched technology.
20 :: What is the Terminal Emulation, in which layer it comes?
The use of software, installed on PC or LAN server, that allows the PC to function as if it were dumb terminal directly attached to a particular type of mainframe.Telnet is also called as terminal emulation. It belongs to application layer
21 :: What is the Beaconing?
An FDDI frame or Token Ring frame that points to serious problem with the ring, such as a broken cable. The beacon frame carries the address of the station thought to be down.
22 :: What are the NetBIOS and NetBEUI?
NetBIOS – Network Basic Input / Output SystemAn application-programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send datagrams between nodes on a network.NetBEUI – NetBIOS Extended User InterfaceAn improved version of the NetBIOS protocol, a network protocol native to Microsoft Networking. It is usually used in small, department-size local area networks (LANs) of 1 to 200 clients. It can use Token Ring source routing as its only method of routing. 23 :: What is the Cladding?
A layer of a glass surrounding the center fiber of glass inside a fiber-optic cable.
24 :: What is the Attenuation?
In communication weakening or loss of signal energy, typically caused by distance.
25 :: What is the MAC address?
The address for a device as it is identified at the Media Access Control (MAC) layer in the network architecture. MAC address is usually stored in ROM on the network adapter card and is unique.
26 :: What is the ICMP protocol?
ICMP – Internet Control Message ProtocolIt is a Network Layer Internet protocol, which can report errors and status information. We can use the ping command to send ICMP echo request messages and record the receipt of ICMP echo reply messages. With these messages, we can detect network or host communication failures and troubleshoot common TCP/IP connectivity problems.
27 :: What is the difference between ARP and RARP?
ARP – Address Resolution ProtocolThe protocol that traces IP addresses to MAC addresses.RARP – Reverse Address Resolution ProtocolThe protocol within the TCP/IP stack that maps MAC addresses to IP addresses.
28 :: What is the difference between TFTP and FTP application layer protocols?
TFTP – Trivial File Transfer ProtocolA stripped down version of FTP, easy to use and fast. TFTP has no Directory browsing, no Authentication and insecure it can only send and receive files.FTP – File Transfer ProtocolThe TCP/IP protocol used for transmitting files between network nodes. FTP allows access to both Directories and files, manipulating directories, typing file contents and copying files between hosts.
29 :: Explain 5-4-3 rule?
In a Ethernet network, between any two points on the network, there can be no more than five network segments or four repeaters, and of those five segments only three of segments can be populated. 30 :: What is the MAU? MAU – Multistation Access Unit
26 :: What is the ICMP protocol?
ICMP – Internet Control Message ProtocolIt is a Network Layer Internet protocol, which can report errors and status information. We can use the ping command to send ICMP echo request messages and record the receipt of ICMP echo reply messages. With these messages, we can detect network or host communication failures and troubleshoot common TCP/IP connectivity problems.
27 :: What is the difference between ARP and RARP?
ARP – Address Resolution ProtocolThe protocol that traces IP addresses to MAC addresses.RARP – Reverse Address Resolution ProtocolThe protocol within the TCP/IP stack that maps MAC addresses to IP addresses.
28 :: What is the difference between TFTP and FTP application layer protocols?
TFTP – Trivial File Transfer ProtocolA stripped down version of FTP, easy to use and fast. TFTP has no Directory browsing, no Authentication and insecure it can only send and receive files.FTP – File Transfer ProtocolThe TCP/IP protocol used for transmitting files between network nodes. FTP allows access to both Directories and files, manipulating directories, typing file contents and copying files between hosts.
29 :: Explain 5-4-3 rule?
In a Ethernet network, between any two points on the network, there can be no more than five network segments or four repeaters, and of those five segments only three of segments can be populated.
30 :: What is the MAU?
MAU – Multistation Access Unit
31 :: What is the difference between routable and non- routable protocols?
Routable protocols can work with a router and can be used to build large networks. Non-Routable protocols are designed to work on small, local networks and cannot be used with a router.
32 :: What is the logical link control?
One of two sublayers of the data link layer of OSI reference model, as defined by the IEEE 802 standard. This sublayer is responsible for error detection but not correction, flow control and framing.
33 :: What is the Virtual Channel?
A logical circuit that is created by Virtual channel links. It carries data between two endpoints in a network.The other name for Virtual Channel is Virtual Circuit.
34 :: What is the Virtual Path?
Along any transmission path from a given source to a given destination, a group of virtual circuits can be grouped together into what is called path.
35 :: What is the multicast routing?
Sending a message to a group multicast address is called multicasting, and its routing algorithm is called multicast routing.
36 :: What is the IGP (Interior Gateway Protocol)?
Any protocol used by an internet work to exchange routing data within an autonomous system. E.g. RIP, IGRP and OSPF.
Sunday, June 21, 2009
MCSE INTERVIEW QUESTION
MCSE Questions and Answers:
1 :: What is the use of IGMP protocol?
Internet Group Management Protocol: - It allows internet hosts to participate in multicasting. The IGMP messages are used to learn which hosts is part of which multicast groups. The mechanism also allow a host to inform its local router, that it wants to receive messages.
2 :: What are Ping and Tracert?
Ping and tracert are the commands used to send information to some remote computers to receive some information. Information is sent and received by packets. Ping I particularly used to check if the system is in network or not. It also gives packet lost information. In windows ping command is written as ping ip_address Tracert is called as trace route. It is used to track or trace the path the packet takes from the computer where the command is given until the destination. In windows ping command is written as tracert ip_address
3 :: Explain RSVP. How does it work?
Resource Reservation protocol is used to reserve resources across a network. It is used for requesting a specific Quality of Service (QoS) from the network. This is done by carrying the request (that needs a reservation of the resource) of the host throughout the network. It visits each node in the network. RSVP used two local modules for reservation of resources. Admission control module confirms if there are sufficient available resources while policy module checks for the permission of making a reservation. RSVP offers scalability. On a successful completion of both checks RSVP uses the packet classifier and packet scheduler for the desired Qos requested.
4 :: Explain the concept of DHCP.
Dynamic Host Configuration Protocol is used assigning IP addresses to computers in a network. The IP addresses are assigned dynamically. Certainly, using DHCP, the computer will have a different IP address every time it is connected to the network. In some cases the IP address may change even when the computer is in network. This means that DHCP leases out the IP address to the computer for sometime. Clear advantage of DHCP is that the software can be used to manage IP address rather than the administrator.
5 :: What are the differences between a domain and a workgroup?
In a domain, one or more computer can be a server to manage the network. On the other hand in a workgroup all computers are peers having no control on each other. In a domain, user doesn’t need an account to logon on a specific computer if an account is available on the domain. In a work group user needs to have an account for every computer.
In a domain, Computers can be on different local networks. In a work group all computers needs to be a part of the same local network.
6 :: Explain how NAT works.
Network Address Translation translates and IP address used in a network to another IP address known within another network. A NAT table is maintained for global to local and local to mapping of IP’s. NAT can be statically defined or dynamically translate from a pool of addresses. The NAT router is responsible for translating traffic coming and leaving the network. NAT prevents malicious activity initiated by outside hosts from reaching local hosts by being dependent on a machine on the local network to initiate any connection to hosts on the other side of the router.
7 :: What is PPP protocol? Explain PPP packet format.
Point to Point protocol helps communication between 2 computers over a serial cable, phone line or other fiber optic lines. E.g. Connection between an Internet Service Provider and a host. PPP also provides authentication. PPP operates by sending Request packets and waiting for Acknowledge packets that accept, reject or try to change the request. The protocol is also used to negotiate on network address or compression options between the nodes.
Packet format:-
Flag field: 1 byte: - Indicates frames beginning or end
Address field: 1 byte: - Used for broadcast address (destination address)
Control field: 1 byte: - Used as a control byte
Protocol field: - 1 or 2 bytes: - Setting of protocol in information field (of datagram)
Information: - 0 or more bytes: - Datagram (whether it contains data or control information)
Padding: - 0 or more bytes: - optional padding
FCS: - 2 or more bytes: - error check sum
8 :: What is IP Spoofing and how can it be prevented?
IP spoofing is a mechanism used by attackers to gain unauthorized access to a system. Here, the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. This is done by forging the header so it contains a different address and make it appear that the packet was sent by a different machine.
Prevention:-
Packet filtering: - to allow packets with recognized formats to enter the network
Using special routers and firewalls.
Encrypting the session
9 :: Explain IP datagram, Fragmentation and MTU.
IP datagram can be used to describe a portion of IP data. Each IP datagram has set of fields arranged in an order. The order is specific which helps to decode and read the stream easily. IP datagram has fields like Version, header length, Type of service, Total length, checksum, flag, protocol, Time to live, Identification, source and destination ip address, padding, options and payload.
MTU:- Maximum Transmission Unit is the size of the largest packet that a communication protocol can pass. The size can be fixed by some standard or decided at the time of connection
Fragmentation is a process of breaking the IP packets into smaller pieces. Fragmentation is needed when the datagram is larger than the MTU. Each fragment becomes a datagram in itself and transmitted independently from source. When received by destination they are reassembled.
10 :: What is an application gateway?
An application gateway is an application program that runs on a firewall between two networks. An application gateway is used for establishing connection between client program and destination service. The client negotiates with the gateway to communicate with the service of destination. Here, gateway can be called as a proxy. Hence, two connections are made. One between client and proxy; other, between proxy and destination service. Connections take place behind the firewall
11 :: Explain Circuit Level Gateway.
A circuit level gateway is used to find if a session in TCP handshaking is legitimate or not. It can be considered as a layer between application layer and transport layer. They protect the information of the private network they protect. Circuit level gateways do not filter packets.
12 :: What is "Gateway Of Last Resort"?
A Gateway of Last Resort or Default gateway is a route used by the router when no other known route exists to transmit the IP packet. Known routes are present in the routing table. Hence, any route not known by the routing table is forwarded to the default route. Each router which receives this packet will treat the packet the same way, if the route is known, packet will be forwarded to the known route.
13 :: What is LAN?
LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a wide-area network (WAN). Most LANs connect workstations and personal computers. Each node (individual computer) in a LAN has its own CPU with which it executes programs, but it also is able to access data and devices anywhere on the LAN. This means that many users can share expensive devices, such as laser printers, as well as data. Users can also use the LAN to communicate with each other, by sending e-mail or engaging in chat sessions.
14 :: What is the difference Between an Intranet and the Internet?
There's one major distinction between an intranet and the Internet: The Internet is an open, public space, while an intranet is designed to be a private space. An intranet may be accessible from the Internet, but as a rule it's protected by a password and accessible only to employees or other authorized users.
From within a company, an intranet server may respond much more quickly than a typical Web site. This is because the public Internet is at the mercy of traffic spikes, server breakdowns and other problems that may slow the network. Within a company, however, users have much more bandwidth and network hardware may be more reliable. This makes it easier to serve high-bandwidth content, such as audio and video, over an intranet.
15 :: Define the term Protocol.
Protocol is a standard way of communicating across a network. A protocol is the "language" of the network. It is a method by which two dissimilar systems can communicate. TCP is a protocol which runs over a network
16 :: Define File Transfer Protocol.
File Transfer Protocol (FTP), a standard Internet protocol, is the simplest way to exchange files between computers on the Internet. Like the Hypertext Transfer Protocol (HTTP), which transfers displayable Web pages and related files, and the Simple Mail Transfer Protocol (SMTP), which transfers e-mail, FTP is an application protocol that uses the Internet's TCP/IP protocols. FTP is commonly used to transfer Web page files from their creator to the computer that acts as their server for everyone on the Internet. It's also commonly used to download programs and other files to your computer from other servers.
17 :: Explain the 7 Layers of OSI.
Layer 1: Physical layer
It represents all the electrical and physical specifications for devices.
Layer 2: Data link layer
It provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the Physical layer.
Layer 3: Network layer
The Network layer provides the functional and procedural means of transferring variable length data sequences from a source to a destination via one or more networks.
Layer 4: Transport layer
It provides transparent transfer of data between end users.
Layer 5: Session layer
It controls the sessions between computers. It connects, manages and terminates the connections between the local and remote application.
Layer 6: Presentation layer
It transforms data to provide a standard interface for the Application layer.
Layer 7: Application layer
It provides a means for the user to access information on the network through an application.
18 :: What is a network? What are the different kinds of network? Explain them.
A network is a group of computers or nodes connected together. They are connected with each other by communication paths.
Types of Networks:
LAN – Local Area Network connects a group of nodes covering a small physical area. LAN’s are most commonly seen in offices, building etc. LAN’s enable higher transfer rate of data, smaller coverage of area and hence less wiring.
WAN – Wide Area Network connects a group of nodes covering a wide area. WAN typically connects and allow communication between regions or national boundaries. The most common example of WAN is internet.
VPN – Virtual Private Network connects or links nodes in some larger area by open connections or virtual circuits in some larger network (e.g., the Internet) instead of by physical wires. It is used for secure communication through the public internet. VPN alone may not support explicit security features, such as authentication or content encryption.
Intranet – It is a set of networks under the control of a single administrative person. It can be considered as an internal network of an organization. If it is large, web servers are used to provide information to the users.
Extranet – It is a network that restricts itself within a single organization. It can be categorized as WAN, MAN etc. however; it cannot have a single LAN. It must have a connection (at least one) with external network.
19 :: What are network topologies? Explain Ring, Bus and Star topology.
A network topology describes the layout of a network. It describes how different nodes and elements are connected to each other. Different types of topology:
a. Ring:-
* All nodes connected with another in a loop.
* Each device is connected to one or more another device on either side.
b. Bus
* All nodes connected to a central and a common cable called as a back bone.
* In bus topology, the server is at one end and the clients are connected at different positions across the network.
* Easy to manage and install.
* If the backbone fails, the entire communication fails.
c. Star
* All nodes connected to a central hub.
* The communication between the nodes is through the hub.
* Relative requires more cables as compared to BUS. However if any node fails, it wont affect the entire LAN.
20 :: Explain IP, TCP and UDP.
TCP – Transmission control Protocol is used to establish communication between nodes or networks and exchange data packets. It guarantees delivery of data packets in the order they were sent. Hence it is most commonly used in all applications that require guaranteed delivery of data. It can handle both timeouts (if packets were delayed) and retransmission (if packets were lost). The stream of data is transmitted in segments. The segment header is 32 bit. it is a connectionless communication protocol at the third level (network) of the OSI model.
IP – Internet protocol is used for transmission of data over the internet. IP uses IP addresses to identity each machine uniquely. Message is sent using small packets. The packet contains both the sender and receivers address. IP does not guarantee the delivery in the same order as sent. This is because the packets are sent via different routes. It is a connectionless communication protocol at the third level (network) of the OSI model.
UDP – User Data Protocol is a communication protocol. It is normally used as an alternative for TCP/IP. However there are a number of differences between them. UDP does not divide data into packets. Also, UDP does not send data packets in sequence. Hence, the application program must ensure the sequencing. UDP uses port numbers to distinguish user requests. It also has a checksum capability to verify the data.
21 :: Explain the different classes of addresses supported by IP addressing.
Computers using the TCP/IP for communication are uniquely identified by a 32 bit address called as an IP address. The routers use the IP address information to forward the packet to the destination computer.
IP addresses are categorized as:
Private address: these IP addresses are used exclusively within a private network and not for public to see.
Public Address: these are registered IP addresses used for public.
Each IP address has a network address and a host address. IP addresses are expressed in four sets of three numbers, separated with dots. Each set is called as an octet because when converted to binary; it denotes eight binary
22 :: What is multicasting?
Multicasting allows a single message to be sent to a group of recipients. Emailing, teleconferencing, are examples of multicasting. It uses the network infrastructure and standards to send messages.
23 :: Explain the functionality of PING.
Ping Is particularly used to check if the system is in network or not. It also gives packet lost information. In windows ping command is written as ping ip_address. The output returns the data packets information. The number of packets sent, received and lost is returned by PING.
24 :: Explain the core naming mechanism, Domain Name System (DNS).
A Domain Name system is used to convert the names of the website on the internet to IP addresses. The domain names for each IP addresses are stored in a database that is distributed across different servers. A domain name space consists of a tree of domain names. The tree has zones. Zones consist of a collection of connected nodes. These nodes are served by a name server. A domain name is usually in the form of mydomain.com. Here, .com is the top level domain. Where as mydomain is the sub domain or subdivision. A host name is a domain name that has one or more IP addresses associated with it.
25 :: Describe Application layer.
The application layer is located at the top of the TCP/IP protocol layers. This one contains the network applications which make it possible to communicate using the lower layers. The software in this layer therefore communicates using one of the two protocols of the layer below (the transport layer), i.e. TCP or UDP. In computer networking, an application layer firewall is a firewall operating at the application layer of a protocol stack.[1] Generally it is a host using various forms of proxy servers to proxy traffic instead of routing it. As it works on the application layer, it may inspect the contents of the traffic, blocking what the firewall administrator views as inappropriate content, such as certain websites, viruses, and attempts to exploit known logical flaws in client software, and so forth. An application layer firewall does not route traffic on the network layer. All traffic stops at the firewall which may initiate its own connections if the traffic satisfies the rules.
26 :: Define DNS
The DNS translates Internet domain and host names to IP addresses. DNS automatically converts the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites. DNS implements a distributed database to store this name and address information for all public hosts on the Internet.
27 :: Define Telnet
Telnet is the main Internet protocol for creating a connection to a remote server.
28 :: Define SMTP
SMTP - Short for Simple Mail Transfer Protocol, a protocol for sending e-mail messages between servers.
29 :: What Is a MAC Address?
MAC (Media Access Control) addresses are globally unique addressed that are written into hardware at the time of manufacture. The MAC address is a unique value associated with a network adapter. MAC addresses are also known as hardware addresses or physical addresses. They uniquely identify an adapter on a LAN. MAC addresses are 12-digit hexadecimal numbers (48 bits in length).
30 :: MAC vs. IP Addressing
Whereas MAC addressing works at the data link layer, IP addressing functions at the network layer (layer 3). It's a slight oversimplification, but one can think of IP addressing as supporting the software implementation and MAC addresses as supporting the hardware implementation of the network stack. The MAC address generally remains fixed and follows the network device, but the IP address changes as the network device moves from one network to another.
31 :: Define Spanning-Tree Protocol (STP)
Spanning-Tree Protocol (STP) as defined in the IEEE 802.1D is a link management protocol that provides path redundancy while preventing undesirable loops in the network. For an Ethernet network to function properly, only one active path can exist between two stations. Loops occur in networks for a variety of reasons. The most common reason you find loops in networks is the result of a deliberate attempt to provide redundancy - in case one link or switch fails, another link or switch can take over.
32 :: What is VPN?
A VPN is a service that offers secure, reliable connectivity over a shared public network infrastructure such as the Internet. VPNs maintain the same security and management policies as a private network. They are the most cost effective method of establishing a virtual point-to-point connection between remote users and an enterprise customer's network.
33 :: Define broadcast domain.
It is a logical area in a computer network where any computer connected to the network can directly transmit to any other computer in the domain without having to go through a routing device.
34 :: Bridge vs switch.
A bridge connects two different LAN networks. A switch is something like you can connect many computers to a switch and then one computer can connect to another through the switch. Switch is a unicast one to one connection
35 :: What is a Router?
A router is a device or sometimes a software in a computer which decides the next network point to which a packet should be forwarded to reach its destination on Internet. It is usually included as part of the network switch and is located at a gateway, including each point-of-presence on the Internet. The router is connected to at least two networks and determines which way to send each information packet based on its understanding of the state of the networks it is connected to.
36 :: Define gateway.
A gateway is a network point that provides entrance into another network. On the Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company's network or at your local Internet service provider (ISP) are gateway nodes.
37 :: What is firewall?
A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and software, or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.
38 :: What are the types of firewalls?
Packet Filtering Firewall:
This type of Firewall detects packets and block unnecessary packets and makes network traffic release.
Screening Router Firewalls:
It's a software base firewall available in Router provides only light filtering.
Computer-based Firewall:
It's a firewall stored in server with an existing Operating System like Windows and UNIX.
Hardware base Firewall:
Its device like box allows strong security from public network. Mostly used by big networks.
Proxy Server:
Proxy server allows all clients to access Internet with different access limits. Proxy server has its own firewall which filters the all packet from web server.
39 :: What is Data encryption?
Data encryption ensures data safety and very important for confidential or critical data. It protect data from being read, altered or forged while transmission.
40 :: What is the Public Key Encryption?
Public key encryption use public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a message, a sender has to know recipient’s public key.
41 :: What is Digital Signatures?
Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the authenticity of the sender.
42 :: What is Ethernet technology?
Ethernet technology is a high speed broadcast bus technology. In this type, all the station shares a single ether channel and receives every single transmitted signal.
43 :: Explain the use of network interface card, NIC.
NIC is used to connect computer to an Ethernet network.
44 :: Explain token ring technology.
In this technology, all the devices are arranged in a circle. A token moves around the circular network. A device waits for the token before it sends its frame. Once it receives token, it initiates transmission of its frame.
45 :: What is CSMA and CD concept?
In CSDA (carrier sense multiple access), presence of any digital signal in a network is checked before transmission. Data transmission occurs only when no signal is sensed.
CD, Collision detection is responsible for monitoring carrier in order to avoid signal jam.
46 :: What is NetBIOS protocol?
NetBIOS (Network Basic Input/Output System) Protocol allows applications on separate computers to communicate over a LAN. It runs over TCP/IP giving each computer in the network a NetBIOS name and IP address. E.g. It can be used for computers running Windows 2000 (or before) to join a computer network running Windows 2000 (or later).
47 :: What is IGMP protocol?
Internet Group Management Protocol, allows internet hosts to multicast. i.e. to send messages to a group of computers. There may be a group of internet hosts interested to multicast. IGMP allows router to determine which host groups have members on a given network segment. It helps to establish group memberships. It is commonly used for streamlining videos and gaming. The protocol can be implemented both as a host side and router side. The host side is responsible to notify its membership in a group. The notification is made to a local router. This local router (router side) in turn sends out queries.
48 :: Explain PPP protocol.
Point to Point protocol helps communication between 2 computers over a serial cable, phone line or other fiber optic lines. E.g. Connection between an Internet Service Provider and a host. PPP also provides authentication. PPP operates by sending Request packets and waiting for Acknowledge packets that accept, reject or try to change the request.
The protocol is also used to negotiate on network address or compression options between the nodes. PPP has a number of phases as below:
* Link dead: - takes place when the connection fails.
* Link Establishment Phase: - Used to establish connection. If authentication is desired, it moves to next phase.
* Authentication Phase: - Allows the nodes to authenticate each other.
* Network-Layer Protocol Phase: - here, the network control protocols come into play. Data transport, closing of the protocols takes place in this phase.
* Link Termination Phase: - here, the connection is terminated.
49 :: What is TCP / IP protocol?
Transmission Control Protocol / Internet Protocol: - It is a family of protocols used for communication and connection between hosts on the internet. It is the most widely used standard for transmitting data over the internet. The four layers in the protocol are (from bottom to top):- Physical layer, Data link layer, Network layer, transport layer and application layer, also called as the OSI model. In TCP/IP , IP is responsible for forwarding packets while TCP ensures the correct delivery of data from client to server. TCP detects loss of data as well.
50 :: What is FTP (File Transfer Protocol)?
FTP is File Transfer Protocol. It used to exchange files on the internet. To enable the data transfer FTP uses TCP/IP, FTP is most commonly used to upload and download files from the internet. FTP can be invoked from the command prompt or some graphical user interface. FTP also allows to update (delete, rename, move, and copy) files at a server. It uses a reserved port no 21.
51 :: What is HTTP (Hypertext Transfer Protocol)?
HTTP or Hyper Text Transfer Protocol is provides a set of rules to transfer files, videos, images over the world wide web. When the web browser is opened, a HTTP request call is made. A web server contains a HTTP daemon. This daemon is used to wait for HTTP requests and handle them when they arrive. The web browser from where HTTP requests are made is called as a client. These requests are sent to the server. It uses a reserved port no 80.
52 :: What is NNTP (Network News Transfer Protocol)?
NNTP or Network News Transfer Protocol is used to manage the notes posted on Unset newsgroup (a collection of posted notes on a subject posted by different users). NNTP servers are responsible for managing Usenet newsgroup collected globally. A NTTP client is a part of the web browser also called as a news reader. It uses a reserver port no 119.
53 :: What is SMTP (Simple Mail Transfer Protocol)?
SMTP or Simple Mail Transfer Protocol is used to send email messages between servers. The messages are retrieved using email clients. SMTP is more commonly used to send messages from a mail client to a mail server. And hence the email client like POP needs to be configured. Hence, SMTP is used to send emails while POP or IMAP are used to receive messages. It is usually operated on port25 on the internet.
54 :: What is POP3 (Post Office Protocol 3)?
POP3 or Post Office Box 3 is used fro receiving emails. It is a client server protocol which holds the email. Once the email is downloaded from the server, POP3 deletes it from the server. Ordinal numbers are used to identify specific messages.
55 :: What is SNMP (Simple Network Management Protocol)?
SNMP or Simple Network Management Protocol is typically used for managing the network. Managing the network includes managing the nodes present in the network. These nodes may be server, routers, bridges and hubs. SNMP agents are used to achieve this. Managing the network is essential because it helps to monitor network performance, detect network faults or failures, audit network usage etc. the SNMP messages like TRAP, GET or SET may be invoked by network elements or network management system.
56 :: What are the basic components of routers?
Components of Router
Internal components:
* ROM:- Used to store the routers bootstrap details, operating system software.
* Flash memory: - holds the operating systems images. The content is retained when the router is restarted.
* RAM: - Used to store the Routing tables, configuration files, caching and buffering details. Content is lost when lost router is switched off or restarted.
* NVRAM:- Stores the routers startup config files. Data is non volatile.
* Network interfaces to connect router to network.
External components:
* Virtual terminals: For accessing routers
* Network management stations
57 :: What is Routing table?
A routing table stores the routes of the various nodes in a network. Nodes can be any electronic device connected to the network. The table is usually stored in a router or the network computer as a database or file. This information helps to fond the best possible path. The routing table has at least 3 fields: the destination network id, cost of the path, next hop or address to send the packet.
58 :: What is Routing Protocols?
Routing protocols are used to assist in achieving the basic purpose of routing. They specify the routers the method to communicate with each other. They help the routers select the best possible path between nodes. There are different types of protocols such as link-state routing protocols, path vector protocols and distance vector routing protocols. These protocols prevent routing loops to form or break if formed already. They help to decide preferred routes from a sequence of hop costs.
59 :: What is Distance Vector Routing Protocols?
The main goal of Distance Vector Routing Protocols Is to find out the best path for he data packet to reach the destination. Distance here could be the hops. The three different types of Distance Vector routing protocols include:- Routing Information Protocol (RIP v1 and v2) and Interior Gateway Routing Protocol. The protocol is easy to manage however not well scalable.
The Distance Vector protocol initially prepares a Routing table which is shared with other routers. This routing table is shared between routers present in the same network. A new routing table is prepared when some new information is received from some other router. Now, the bad routing paths are removed keeping only the smallest hop paths. This new table is then communicated to other routers.
60 :: Describe the basics of internet routing.
When a source sends a packet to a destination, this packet has a specific path or route it follows. Different routing protocols are used to find the shortest path to the destination. The protocols maintain routing tables. Routing tables consist of a set of rules used to determine where these packets will travel. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The packet keeps hopping until it reaches its destination
61 :: What is Data encryption?
Data encryption ensures data safety and very important for confidential or critical data. It protect data from being read, altered or forged while transmission.
62 :: What is the Public Key Encryption?
Public key encryption use public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a message, a sender has to know recipient’s public key.
63 :: What is the Digital Signatures?
Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the authenticity of the sender.
64 :: What is the firewall?
A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and software, or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.
65 :: Explain Transmission Control Protocol, TCP.
TCP ensures reliable and end to end delivery of segments of information. Segments are acknowledged to the source when received by the destination. Data is broken up into segments and sequenced properly before transmission. This arrangement of segments allows destination to trace lost data in transmission.
MCSE Questions and Answers:
•
66 :: Explain User Datagram Protocol, UDP.
The UDP is a connectionless, unreliable service. UDP messages can be lost and duplicated.
67 :: What is TCP windowing concept?
TCP windowing concept is primarily used to avoid congestion in the traffic. It controls the amount of unacknowledged data a sender can send before it gets an acknowledgment back from the receiver that it has received it.
68 :: What is TCP protocol?
Transmission control Protocol is used to establish communication between nodes or networks and exchange data packets. It guarantees delivery of data packets in the order they were sent. Hence it is most commonly used in all applications that require guaranteed delivery of data. It can handle both timeouts (if packets were delayed) and retransmission (if packets were lost). The stream of data is transmitted in segments. The segment header is 32 bit. it is a connectionless communication protocol at the third level (network) of the OSI model.
69 :: What is UDP protocol?
User Data Protocol is a communication protocol. It is normally used as an alternative for TCP/IP. However there are a number of differences between them. UDP does not divide data into packets. Also, UDP does not send data packets in sequence. Hence, the application program must ensure the sequencing. UDP uses port numbers to distinguish user requests. It also has a checksum capability to verify the data.
70 :: TCP vs. UDP.
TCP guarantees the delivery of data. UDP on the other hand, does not guarantee delivery of data. TCP delivers messages in the order they were sent. UDP has no ordering mechanisms. In TCP data is sent as a stream while UDP sends data as individual packets. UDP is faster than TCP. TCP is a connection oriented protocol while UDP is connectionless.
71 :: What is Trusted and Untrusted Networks?
Trusted networks:
Such Networks allow data to be transferred transparently. The machines using a trusted network are usually administered by an Administrator to ensure that private and secured data is not leaked. Access to this network is limited. Computers using trusted networks are more secured and confidential because of strong firewalls.
Untrusted networks:
Such networks are usually administered by the owners. They can allow improper access to sensitive or personal data. These machines are usually separate. Such machines could me more prone to attacks.
72 :: What is VPN (Virtual Private network)?
Virtual Private network is a network that used the public telecommunication infrastructure. This means that it used public wires to connect the nodes. E.g. Internet. VPN supports remote access to computers and allow data to be transmitted over this public network. Even though the data is transmitted over a public network, encryption and decrypting data to ensure security.
73 :: What are the different types of VPN?
* Remote Access VPN:- Also called as Virtual Private dial-up network (VPDN) is mainly used in scenarios where remote access to a network becomes essential. Remote access VPN allows data to be accessed between a company’s private network and remote users through a third party service provider; Enterprise service provider. E.g Sales team is usually present over the globe. Using Remote access VPN, the sales updates can be made.
* Site to Site VPN – Intranet based: This type of VPN can be used when multiple Remote locations are present and can be made to join to a single network. Machines present on these remote locations work as if they are working on a single network.
* Site to Site VPN – Extranet based: This type of VPN can be used when several different companies need to work in a shared environment. E.g. Distributors and service companies. This network is more manageable and reliable.
74 :: What are the different authentication methods used in VPNs?
The authentication method uses an authentication protocol. The methods are:
* EAP authentication method: Extensible authentication protocol authenticates remote access connection. The authentication mechanism is decided between the remote VPN client and authenticator (ISA). The mechanism is typical in which authenticator requests for authentication information and the responses are given by the remote VPN client.
* MS Chap Authentication method: Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) starts with the authenticator (Remote access server) challenge. The challenge to the remote access client sends a session identifier and challenge string. The client in response sends the nonreversible encryption of the string, the identifier and password. Authenticator checks the credentials and grants access on a successful authentication.
* Unencrypted passwords (PAP):- Uses plain text passwords. Does not involve encryption. Used for less secure clients.
* Shiva Password Authentication Protocol (SPAP):- It is a password authentication protocol. It is less secure as the same user password is always sent in the same reversibly encrypted form
75 :: What is Tunneling?
Tunneling is a mechanism provided to transfer data securely between two networks. The data is split into smaller packets and passed through the tunnel. The data passing through the tunnel has 3 layers of encryption. The data is encapsulated. Tunneling can be approached by Point to Point tunneling protocol.
76 :: What are voluntary and compulsory tunnels?
Voluntary Tunneling:
Users computer is an end point of the tunnel and acts as tunnel client. Here the client or user issues a request to configure and create a voluntary tunnel. They require a dial up or LAN connection. Example of dial up connection is internet at home where a call is made to the ISP and connection is obtained.
Compulsory tunneling:
In compulsory tunneling, instead of the user a vpn remote access server configures and creates a tunnel. Hence, the end point is the Remote sever not the user.
77 :: Explain static and dynamic tunnels.
Tunnels that are created manually are static tunnels. Tunnels that are auto discovered are dynamic tunnels. In dynamic tunneling, tcp connections can be checked dynamically. If no connections exist that are routed through the tunnel, a check for more suitable gateway can be done. Static tunneling may at times require dedicated equipments.
78 :: Describe the concept of Subneting.
Subneting is a process of breaking the network into smaller units. These units care called as subnets. Here a subnet could be several machines in a single LAN. Networks using IP can create sub networks of logical addresses. With every IP address there some of the bits in the machine can be used to identify a specific subnet. The IP address then contains three parts: the network number, the subnet number, and the machine number
79 :: Explain the advantages of using Subneting.
Advantages of using Subneting:-
* Easier network management and trouble shooting
* Routing table’s size is reduced which means faster network transfers
* Solves network congestion problems:- Since the complete network is divided into smaller networks
* Network addresses can be decentralized e.g. the administrator of the network can monitor the subnet
80 :: What is custom Subneting?
Subnets that can be customized; i.e. modifying the dividing point between subnet ID and host ID to suit the needs of our network. The subnet mask that we use when creating a customized subnet is, called a custom subnet mask. This custom subnet mask is used to find the customization.
81 :: Explain the importance of increasing and decreasing subnet bits.
Adding 1’s as a bit means increasing the subnets and decreasing the hosts. Removing or decreasing 1’s means decreasing subnets and increasing hosts. Hence by increasing or decreasing the subnet architecture can be decided as per needs.
82 :: Why do we need a subnet mask?
A subnet mask allows identification of host part and network part of an IP address. Subnet mask can be used to find if an IP address is present on a subnet or not.
83 :: What is RTP?
Real-Time Transfer Protocol lays a standard or a way to transfer or manage real time data over a network. It does not guarantee the delivery of data or provide any quality of service. However it helps to manage the data. Which means that RTP can be used deliver the necessary data to the application to make sure it can put the received packets in the correct order Real time data examples could be audio and video
84 :: What is RTP Multiplexing?
RTP multiplexing allows multiple media flows within a single RTP data payload between two points. This means that it can be used to carry multiple streams of data in one RTP packet. RTP multiplexing will reduce the bandwidth used. RTP multiplexing will also increase scalability.
85 :: Explain the use of RTP and RTCP protocols.
Use of RTP and RTCP:-
1. RTP can be used to transfer Real time data like voice packets.
2. RTP can be used with RTCP which makes it possible to monitor data.
3. Packet loss can be detected by RTP using Sequence number
RTCP provides Qos feedback :- Packets lost, round trip time
86 :: Describe the format of RTP and RTCP packets.
The 32 bits of RTP packet format is as follows:- (L to R)
Bit 0-1:- Indicates version, currently 2
Bit 2:- P- indicates padding bytes
Bit 3:- X- Indicates presence of extension header
Bit 4-7:- CC- Contains number of CSRC identifiers that follows the header
Bit 8:- M- Current data has some special relevance (if set)
Bit 9-15:- PT- Indicates format of payload
Bit 16-31:- Sequence number
Timestamp: - 32bits – time stamp of packet
SSRC- Synchronization source identifier uniquely identifies the source of a stream.
CSRC -Contributing source IDs enumerate contributing sources to a stream which has been generated from multiple sources
Extension header: - first 32 bit word contains profile specific identifier and length specifier
The 32 bits of RTCP header format is as follows:- (L to R)
Bit 0-1:- Indicates version, currently 2
Bit 2:- P- indicates padding bytes
Bit 3 to 7:- Count of number of reception report blocks
Bit 8 to 15:- Type: - Determined RTCP packet type. Type can take values from 0 to 255
16 to 31:- Length- Length of RTCP packet - 1
SR: - Sender Report for transmission and reception from active senders
RR: - Receiver report for reception from in active senders
SDES: - Source description items
BYE- indicates end of participation
APP: - Application specific functions
87 :: What is multicasting?
Multicasting allows a single message to be sent to a group of recipients. Emailing, teleconferencing, are examples of multicasting. It uses the network infrastructure and standards to send messages.
88 :: Define IP multicast.
IP multicast technology reduces traffic by sending stream of information to many recipients at one go. Video conferencing, stock quotas are the examples based on IP multicast.
89 :: Describe how the multicast protocol works.
Multicast protocol or Internet protocol delivers a singles message to multiple machines. One packet from the source is replicated and sent to the destination. Every multicast message requires a multi case group. The group defines the addresses which will receive the message. The group is defined by the class D address. Different routing protocols are used to find the multicast groups and build routes for them. Distance Vector Multicast protocol is one of them. The receiver, to whom the multicast packet is sent to, needs to ‘join’ the group. Joining the group is enabled and managed by IGMP. Multicast routers are used to transmit the messages from one network to another.
90 :: Describe how to control the scope of multicast transmissions.
Controlling the scope of multicast transmission restricts the range of group members. TTL (Time To Live) is one of the mechanisms to limit the scope. If the TTL value is small, packets would only be multicast to smaller distance destinations. More the value of TTL, more would be the scope of transmission to a larger number of machines. Administrative scoping is another mechanism. In this, transmission is restricted to a specific address space of an organization or a site.
91 :: Explain why use Multicasting.
* a. When the same message or packet needs to be sent to multiple destinations, multicasting is used.
* b. Within campus and offices, using multicasting file distribution can be done.
* c. System messages, news and videos can be sent at the same time.
* d. More commonly used for audio and video streaming.
92 :: What is the socket?
A socket is used to connect an application to a network protocol. A socket enables communication between a client and a server. The communication is started when the client is assigned a local port number, and binds a socket to it. The client writes on the socket and gets information from server by reading it.
93 :: Datagram vs. stream.
Stream can be considered as a pipe that allows full duplex connection. A datagram or a packet on the other hand, has a source and a destination. There is no connection. Stream is like a communication channel while datagram is completely self contained. Streams provide a reliable and sequenced communication. Datagram’s on the other hand are unreliable and no sequence maintained.
94 :: What is a stream socket?
A stream socket provides two way communications between a client and server. This communication is reliable and sequenced. Stream sockets are above TCP to run across any networks. They provide unduplicated flow of data and have well established mechanism for creating and destroying connections and for detecting errors.
95 :: How would you define IP address?
IP address or Internet Protocol address is the address of a device attached to an IP network (TCP/IP network). It is a must for every client, server and network device to have a unique IP address for each network connection (network interface). Every IP packet contains a source IP address and a destination IP address. As a device moves from one network to another, its IP address changes.
96 :: Difference between Static and Dynamic IP.
Static IP is also called as permanent address assigned to each device in a network, whereas Dynamic IP, a temporary address assigned to the device via DHCP software. IP address assigned to your service by your cable or DSL Internet provider is typically dynamic IP. In routers and operating systems, the default configuration for clients is dynamic IP
97 :: What is the difference between public and private IP?
A public IP address allows equipment accessible to everyone on the internet. A private IP address is for private use within the network and allows many more PCs to be connected. If you are using a private IP and wants VOIP, you need to change to a public IP address.
98 :: What is Network Address Translation?
Network Address Translation acts as an agent between the Internet and a local network. It is a dynamic method which is used to minimize Internet connectivity needs. Network address translation describes the rewriting of the Internet Protocol (IP) addresses of data packets so that multiple transmissions require only one IP address.
99 :: Define IP multicast.
IP multicast technology reduces traffic by sending stream of information to many recipients at one go. Video conferencing, stock quotas are the examples based on IP multicast.
100 :: What is subneting?
Subnet adds one level to the way IP address is represented. It logically organizes the network. For instance, it can logically group computers belongs to the finance department.
MCSE Questions and Answers:
•
101 :: What is Address Resolution Protocol (ARP)?
Address Resolution Protocol ARP, is responsible for mapping an IP address to its corresponding physical network address. It is mostly seen on Ethernet network.
102 :: Explain Maximum Transfer Unit, MTU.
MTU specifies the largest amount of data that can be transferred across a network.
103 :: What is Routing Protocol?
Routing protocol is the way to send routing information between any routers in an autonomous system.
104 :: Explain the structure and use of internet addresses.
Each IP address is 32 bit long. In human language the IP addresses are written in dotted decimal notation. These are then converted to binary by the computer. Each IP address has two parts: Network identifier or a network ID and host ID. The current internet protocol standard is IPV4. The IP addresses are divided into three classes: a class A network, a class B network, and a class C network. Class A being the largest. The four digit numbers in an IPV4 address, each network of class A will have different first number, and then its network will be addressed by the rest of the three numbers, or three bytes. The IP addresses identify a machine to deliver packets and load web pages.
105 :: Explain how names are translated (resolved) into IP address.
Domain Name server or DNS is used to resolve names into IP addresses. When a web address is entered into the browser, the DNS client sends a request to the DNS server to find the corresponding IP address for the name. The DNS server receives this request and searches for the corresponding IP address in the database. If at this point the resolution fails, this server sends this request to the parent server. The request keeps going up the hierarchy to the parent servers or the closest authoritative of the DNS server to resolve the address. If the request times out an error is retuned to the client. If the server is able to resolve the name requested, it passes the information back to the client. The next request sent by the client is to request for a web page for the IP address.
106 :: Describe the basics of the internet routing.
When a source sends a packet to a destination, this packet has a specific path or route it follows. Different routing protocols are used to find the shortest path to the destination. The protocols maintain routing tables. Routing tables consist of a set of rules used to determine where these packets will travel. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The packet keeps hopping until it reaches its destination.
107 :: What are the the core naming mechanism, Domain Name System (DNS)?
A Domain Name system is used to convert the names of the website on the internet to IP addresses. The domain names for each IP addresses are stored in a database that is distributed across different servers. A domain name space consists of a tree of domain names. The tree has zones. Zones consist of a collection of connected nodes. These nodes are served by a name server. A domain name is usually in the form of mydomain.com. Here, .com is the top level domain. Where as mydomain is the sub domain or subdivision. A host name is a domain name that has one or more IP addresses associated with it.
1 :: What is the use of IGMP protocol?
Internet Group Management Protocol: - It allows internet hosts to participate in multicasting. The IGMP messages are used to learn which hosts is part of which multicast groups. The mechanism also allow a host to inform its local router, that it wants to receive messages.
2 :: What are Ping and Tracert?
Ping and tracert are the commands used to send information to some remote computers to receive some information. Information is sent and received by packets. Ping I particularly used to check if the system is in network or not. It also gives packet lost information. In windows ping command is written as ping ip_address Tracert is called as trace route. It is used to track or trace the path the packet takes from the computer where the command is given until the destination. In windows ping command is written as tracert ip_address
3 :: Explain RSVP. How does it work?
Resource Reservation protocol is used to reserve resources across a network. It is used for requesting a specific Quality of Service (QoS) from the network. This is done by carrying the request (that needs a reservation of the resource) of the host throughout the network. It visits each node in the network. RSVP used two local modules for reservation of resources. Admission control module confirms if there are sufficient available resources while policy module checks for the permission of making a reservation. RSVP offers scalability. On a successful completion of both checks RSVP uses the packet classifier and packet scheduler for the desired Qos requested.
4 :: Explain the concept of DHCP.
Dynamic Host Configuration Protocol is used assigning IP addresses to computers in a network. The IP addresses are assigned dynamically. Certainly, using DHCP, the computer will have a different IP address every time it is connected to the network. In some cases the IP address may change even when the computer is in network. This means that DHCP leases out the IP address to the computer for sometime. Clear advantage of DHCP is that the software can be used to manage IP address rather than the administrator.
5 :: What are the differences between a domain and a workgroup?
In a domain, one or more computer can be a server to manage the network. On the other hand in a workgroup all computers are peers having no control on each other. In a domain, user doesn’t need an account to logon on a specific computer if an account is available on the domain. In a work group user needs to have an account for every computer.
In a domain, Computers can be on different local networks. In a work group all computers needs to be a part of the same local network.
6 :: Explain how NAT works.
Network Address Translation translates and IP address used in a network to another IP address known within another network. A NAT table is maintained for global to local and local to mapping of IP’s. NAT can be statically defined or dynamically translate from a pool of addresses. The NAT router is responsible for translating traffic coming and leaving the network. NAT prevents malicious activity initiated by outside hosts from reaching local hosts by being dependent on a machine on the local network to initiate any connection to hosts on the other side of the router.
7 :: What is PPP protocol? Explain PPP packet format.
Point to Point protocol helps communication between 2 computers over a serial cable, phone line or other fiber optic lines. E.g. Connection between an Internet Service Provider and a host. PPP also provides authentication. PPP operates by sending Request packets and waiting for Acknowledge packets that accept, reject or try to change the request. The protocol is also used to negotiate on network address or compression options between the nodes.
Packet format:-
Flag field: 1 byte: - Indicates frames beginning or end
Address field: 1 byte: - Used for broadcast address (destination address)
Control field: 1 byte: - Used as a control byte
Protocol field: - 1 or 2 bytes: - Setting of protocol in information field (of datagram)
Information: - 0 or more bytes: - Datagram (whether it contains data or control information)
Padding: - 0 or more bytes: - optional padding
FCS: - 2 or more bytes: - error check sum
8 :: What is IP Spoofing and how can it be prevented?
IP spoofing is a mechanism used by attackers to gain unauthorized access to a system. Here, the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. This is done by forging the header so it contains a different address and make it appear that the packet was sent by a different machine.
Prevention:-
Packet filtering: - to allow packets with recognized formats to enter the network
Using special routers and firewalls.
Encrypting the session
9 :: Explain IP datagram, Fragmentation and MTU.
IP datagram can be used to describe a portion of IP data. Each IP datagram has set of fields arranged in an order. The order is specific which helps to decode and read the stream easily. IP datagram has fields like Version, header length, Type of service, Total length, checksum, flag, protocol, Time to live, Identification, source and destination ip address, padding, options and payload.
MTU:- Maximum Transmission Unit is the size of the largest packet that a communication protocol can pass. The size can be fixed by some standard or decided at the time of connection
Fragmentation is a process of breaking the IP packets into smaller pieces. Fragmentation is needed when the datagram is larger than the MTU. Each fragment becomes a datagram in itself and transmitted independently from source. When received by destination they are reassembled.
10 :: What is an application gateway?
An application gateway is an application program that runs on a firewall between two networks. An application gateway is used for establishing connection between client program and destination service. The client negotiates with the gateway to communicate with the service of destination. Here, gateway can be called as a proxy. Hence, two connections are made. One between client and proxy; other, between proxy and destination service. Connections take place behind the firewall
11 :: Explain Circuit Level Gateway.
A circuit level gateway is used to find if a session in TCP handshaking is legitimate or not. It can be considered as a layer between application layer and transport layer. They protect the information of the private network they protect. Circuit level gateways do not filter packets.
12 :: What is "Gateway Of Last Resort"?
A Gateway of Last Resort or Default gateway is a route used by the router when no other known route exists to transmit the IP packet. Known routes are present in the routing table. Hence, any route not known by the routing table is forwarded to the default route. Each router which receives this packet will treat the packet the same way, if the route is known, packet will be forwarded to the known route.
13 :: What is LAN?
LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a wide-area network (WAN). Most LANs connect workstations and personal computers. Each node (individual computer) in a LAN has its own CPU with which it executes programs, but it also is able to access data and devices anywhere on the LAN. This means that many users can share expensive devices, such as laser printers, as well as data. Users can also use the LAN to communicate with each other, by sending e-mail or engaging in chat sessions.
14 :: What is the difference Between an Intranet and the Internet?
There's one major distinction between an intranet and the Internet: The Internet is an open, public space, while an intranet is designed to be a private space. An intranet may be accessible from the Internet, but as a rule it's protected by a password and accessible only to employees or other authorized users.
From within a company, an intranet server may respond much more quickly than a typical Web site. This is because the public Internet is at the mercy of traffic spikes, server breakdowns and other problems that may slow the network. Within a company, however, users have much more bandwidth and network hardware may be more reliable. This makes it easier to serve high-bandwidth content, such as audio and video, over an intranet.
15 :: Define the term Protocol.
Protocol is a standard way of communicating across a network. A protocol is the "language" of the network. It is a method by which two dissimilar systems can communicate. TCP is a protocol which runs over a network
16 :: Define File Transfer Protocol.
File Transfer Protocol (FTP), a standard Internet protocol, is the simplest way to exchange files between computers on the Internet. Like the Hypertext Transfer Protocol (HTTP), which transfers displayable Web pages and related files, and the Simple Mail Transfer Protocol (SMTP), which transfers e-mail, FTP is an application protocol that uses the Internet's TCP/IP protocols. FTP is commonly used to transfer Web page files from their creator to the computer that acts as their server for everyone on the Internet. It's also commonly used to download programs and other files to your computer from other servers.
17 :: Explain the 7 Layers of OSI.
Layer 1: Physical layer
It represents all the electrical and physical specifications for devices.
Layer 2: Data link layer
It provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the Physical layer.
Layer 3: Network layer
The Network layer provides the functional and procedural means of transferring variable length data sequences from a source to a destination via one or more networks.
Layer 4: Transport layer
It provides transparent transfer of data between end users.
Layer 5: Session layer
It controls the sessions between computers. It connects, manages and terminates the connections between the local and remote application.
Layer 6: Presentation layer
It transforms data to provide a standard interface for the Application layer.
Layer 7: Application layer
It provides a means for the user to access information on the network through an application.
18 :: What is a network? What are the different kinds of network? Explain them.
A network is a group of computers or nodes connected together. They are connected with each other by communication paths.
Types of Networks:
LAN – Local Area Network connects a group of nodes covering a small physical area. LAN’s are most commonly seen in offices, building etc. LAN’s enable higher transfer rate of data, smaller coverage of area and hence less wiring.
WAN – Wide Area Network connects a group of nodes covering a wide area. WAN typically connects and allow communication between regions or national boundaries. The most common example of WAN is internet.
VPN – Virtual Private Network connects or links nodes in some larger area by open connections or virtual circuits in some larger network (e.g., the Internet) instead of by physical wires. It is used for secure communication through the public internet. VPN alone may not support explicit security features, such as authentication or content encryption.
Intranet – It is a set of networks under the control of a single administrative person. It can be considered as an internal network of an organization. If it is large, web servers are used to provide information to the users.
Extranet – It is a network that restricts itself within a single organization. It can be categorized as WAN, MAN etc. however; it cannot have a single LAN. It must have a connection (at least one) with external network.
19 :: What are network topologies? Explain Ring, Bus and Star topology.
A network topology describes the layout of a network. It describes how different nodes and elements are connected to each other. Different types of topology:
a. Ring:-
* All nodes connected with another in a loop.
* Each device is connected to one or more another device on either side.
b. Bus
* All nodes connected to a central and a common cable called as a back bone.
* In bus topology, the server is at one end and the clients are connected at different positions across the network.
* Easy to manage and install.
* If the backbone fails, the entire communication fails.
c. Star
* All nodes connected to a central hub.
* The communication between the nodes is through the hub.
* Relative requires more cables as compared to BUS. However if any node fails, it wont affect the entire LAN.
20 :: Explain IP, TCP and UDP.
TCP – Transmission control Protocol is used to establish communication between nodes or networks and exchange data packets. It guarantees delivery of data packets in the order they were sent. Hence it is most commonly used in all applications that require guaranteed delivery of data. It can handle both timeouts (if packets were delayed) and retransmission (if packets were lost). The stream of data is transmitted in segments. The segment header is 32 bit. it is a connectionless communication protocol at the third level (network) of the OSI model.
IP – Internet protocol is used for transmission of data over the internet. IP uses IP addresses to identity each machine uniquely. Message is sent using small packets. The packet contains both the sender and receivers address. IP does not guarantee the delivery in the same order as sent. This is because the packets are sent via different routes. It is a connectionless communication protocol at the third level (network) of the OSI model.
UDP – User Data Protocol is a communication protocol. It is normally used as an alternative for TCP/IP. However there are a number of differences between them. UDP does not divide data into packets. Also, UDP does not send data packets in sequence. Hence, the application program must ensure the sequencing. UDP uses port numbers to distinguish user requests. It also has a checksum capability to verify the data.
21 :: Explain the different classes of addresses supported by IP addressing.
Computers using the TCP/IP for communication are uniquely identified by a 32 bit address called as an IP address. The routers use the IP address information to forward the packet to the destination computer.
IP addresses are categorized as:
Private address: these IP addresses are used exclusively within a private network and not for public to see.
Public Address: these are registered IP addresses used for public.
Each IP address has a network address and a host address. IP addresses are expressed in four sets of three numbers, separated with dots. Each set is called as an octet because when converted to binary; it denotes eight binary
22 :: What is multicasting?
Multicasting allows a single message to be sent to a group of recipients. Emailing, teleconferencing, are examples of multicasting. It uses the network infrastructure and standards to send messages.
23 :: Explain the functionality of PING.
Ping Is particularly used to check if the system is in network or not. It also gives packet lost information. In windows ping command is written as ping ip_address. The output returns the data packets information. The number of packets sent, received and lost is returned by PING.
24 :: Explain the core naming mechanism, Domain Name System (DNS).
A Domain Name system is used to convert the names of the website on the internet to IP addresses. The domain names for each IP addresses are stored in a database that is distributed across different servers. A domain name space consists of a tree of domain names. The tree has zones. Zones consist of a collection of connected nodes. These nodes are served by a name server. A domain name is usually in the form of mydomain.com. Here, .com is the top level domain. Where as mydomain is the sub domain or subdivision. A host name is a domain name that has one or more IP addresses associated with it.
25 :: Describe Application layer.
The application layer is located at the top of the TCP/IP protocol layers. This one contains the network applications which make it possible to communicate using the lower layers. The software in this layer therefore communicates using one of the two protocols of the layer below (the transport layer), i.e. TCP or UDP. In computer networking, an application layer firewall is a firewall operating at the application layer of a protocol stack.[1] Generally it is a host using various forms of proxy servers to proxy traffic instead of routing it. As it works on the application layer, it may inspect the contents of the traffic, blocking what the firewall administrator views as inappropriate content, such as certain websites, viruses, and attempts to exploit known logical flaws in client software, and so forth. An application layer firewall does not route traffic on the network layer. All traffic stops at the firewall which may initiate its own connections if the traffic satisfies the rules.
26 :: Define DNS
The DNS translates Internet domain and host names to IP addresses. DNS automatically converts the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites. DNS implements a distributed database to store this name and address information for all public hosts on the Internet.
27 :: Define Telnet
Telnet is the main Internet protocol for creating a connection to a remote server.
28 :: Define SMTP
SMTP - Short for Simple Mail Transfer Protocol, a protocol for sending e-mail messages between servers.
29 :: What Is a MAC Address?
MAC (Media Access Control) addresses are globally unique addressed that are written into hardware at the time of manufacture. The MAC address is a unique value associated with a network adapter. MAC addresses are also known as hardware addresses or physical addresses. They uniquely identify an adapter on a LAN. MAC addresses are 12-digit hexadecimal numbers (48 bits in length).
30 :: MAC vs. IP Addressing
Whereas MAC addressing works at the data link layer, IP addressing functions at the network layer (layer 3). It's a slight oversimplification, but one can think of IP addressing as supporting the software implementation and MAC addresses as supporting the hardware implementation of the network stack. The MAC address generally remains fixed and follows the network device, but the IP address changes as the network device moves from one network to another.
31 :: Define Spanning-Tree Protocol (STP)
Spanning-Tree Protocol (STP) as defined in the IEEE 802.1D is a link management protocol that provides path redundancy while preventing undesirable loops in the network. For an Ethernet network to function properly, only one active path can exist between two stations. Loops occur in networks for a variety of reasons. The most common reason you find loops in networks is the result of a deliberate attempt to provide redundancy - in case one link or switch fails, another link or switch can take over.
32 :: What is VPN?
A VPN is a service that offers secure, reliable connectivity over a shared public network infrastructure such as the Internet. VPNs maintain the same security and management policies as a private network. They are the most cost effective method of establishing a virtual point-to-point connection between remote users and an enterprise customer's network.
33 :: Define broadcast domain.
It is a logical area in a computer network where any computer connected to the network can directly transmit to any other computer in the domain without having to go through a routing device.
34 :: Bridge vs switch.
A bridge connects two different LAN networks. A switch is something like you can connect many computers to a switch and then one computer can connect to another through the switch. Switch is a unicast one to one connection
35 :: What is a Router?
A router is a device or sometimes a software in a computer which decides the next network point to which a packet should be forwarded to reach its destination on Internet. It is usually included as part of the network switch and is located at a gateway, including each point-of-presence on the Internet. The router is connected to at least two networks and determines which way to send each information packet based on its understanding of the state of the networks it is connected to.
36 :: Define gateway.
A gateway is a network point that provides entrance into another network. On the Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company's network or at your local Internet service provider (ISP) are gateway nodes.
37 :: What is firewall?
A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and software, or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.
38 :: What are the types of firewalls?
Packet Filtering Firewall:
This type of Firewall detects packets and block unnecessary packets and makes network traffic release.
Screening Router Firewalls:
It's a software base firewall available in Router provides only light filtering.
Computer-based Firewall:
It's a firewall stored in server with an existing Operating System like Windows and UNIX.
Hardware base Firewall:
Its device like box allows strong security from public network. Mostly used by big networks.
Proxy Server:
Proxy server allows all clients to access Internet with different access limits. Proxy server has its own firewall which filters the all packet from web server.
39 :: What is Data encryption?
Data encryption ensures data safety and very important for confidential or critical data. It protect data from being read, altered or forged while transmission.
40 :: What is the Public Key Encryption?
Public key encryption use public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a message, a sender has to know recipient’s public key.
41 :: What is Digital Signatures?
Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the authenticity of the sender.
42 :: What is Ethernet technology?
Ethernet technology is a high speed broadcast bus technology. In this type, all the station shares a single ether channel and receives every single transmitted signal.
43 :: Explain the use of network interface card, NIC.
NIC is used to connect computer to an Ethernet network.
44 :: Explain token ring technology.
In this technology, all the devices are arranged in a circle. A token moves around the circular network. A device waits for the token before it sends its frame. Once it receives token, it initiates transmission of its frame.
45 :: What is CSMA and CD concept?
In CSDA (carrier sense multiple access), presence of any digital signal in a network is checked before transmission. Data transmission occurs only when no signal is sensed.
CD, Collision detection is responsible for monitoring carrier in order to avoid signal jam.
46 :: What is NetBIOS protocol?
NetBIOS (Network Basic Input/Output System) Protocol allows applications on separate computers to communicate over a LAN. It runs over TCP/IP giving each computer in the network a NetBIOS name and IP address. E.g. It can be used for computers running Windows 2000 (or before) to join a computer network running Windows 2000 (or later).
47 :: What is IGMP protocol?
Internet Group Management Protocol, allows internet hosts to multicast. i.e. to send messages to a group of computers. There may be a group of internet hosts interested to multicast. IGMP allows router to determine which host groups have members on a given network segment. It helps to establish group memberships. It is commonly used for streamlining videos and gaming. The protocol can be implemented both as a host side and router side. The host side is responsible to notify its membership in a group. The notification is made to a local router. This local router (router side) in turn sends out queries.
48 :: Explain PPP protocol.
Point to Point protocol helps communication between 2 computers over a serial cable, phone line or other fiber optic lines. E.g. Connection between an Internet Service Provider and a host. PPP also provides authentication. PPP operates by sending Request packets and waiting for Acknowledge packets that accept, reject or try to change the request.
The protocol is also used to negotiate on network address or compression options between the nodes. PPP has a number of phases as below:
* Link dead: - takes place when the connection fails.
* Link Establishment Phase: - Used to establish connection. If authentication is desired, it moves to next phase.
* Authentication Phase: - Allows the nodes to authenticate each other.
* Network-Layer Protocol Phase: - here, the network control protocols come into play. Data transport, closing of the protocols takes place in this phase.
* Link Termination Phase: - here, the connection is terminated.
49 :: What is TCP / IP protocol?
Transmission Control Protocol / Internet Protocol: - It is a family of protocols used for communication and connection between hosts on the internet. It is the most widely used standard for transmitting data over the internet. The four layers in the protocol are (from bottom to top):- Physical layer, Data link layer, Network layer, transport layer and application layer, also called as the OSI model. In TCP/IP , IP is responsible for forwarding packets while TCP ensures the correct delivery of data from client to server. TCP detects loss of data as well.
50 :: What is FTP (File Transfer Protocol)?
FTP is File Transfer Protocol. It used to exchange files on the internet. To enable the data transfer FTP uses TCP/IP, FTP is most commonly used to upload and download files from the internet. FTP can be invoked from the command prompt or some graphical user interface. FTP also allows to update (delete, rename, move, and copy) files at a server. It uses a reserved port no 21.
51 :: What is HTTP (Hypertext Transfer Protocol)?
HTTP or Hyper Text Transfer Protocol is provides a set of rules to transfer files, videos, images over the world wide web. When the web browser is opened, a HTTP request call is made. A web server contains a HTTP daemon. This daemon is used to wait for HTTP requests and handle them when they arrive. The web browser from where HTTP requests are made is called as a client. These requests are sent to the server. It uses a reserved port no 80.
52 :: What is NNTP (Network News Transfer Protocol)?
NNTP or Network News Transfer Protocol is used to manage the notes posted on Unset newsgroup (a collection of posted notes on a subject posted by different users). NNTP servers are responsible for managing Usenet newsgroup collected globally. A NTTP client is a part of the web browser also called as a news reader. It uses a reserver port no 119.
53 :: What is SMTP (Simple Mail Transfer Protocol)?
SMTP or Simple Mail Transfer Protocol is used to send email messages between servers. The messages are retrieved using email clients. SMTP is more commonly used to send messages from a mail client to a mail server. And hence the email client like POP needs to be configured. Hence, SMTP is used to send emails while POP or IMAP are used to receive messages. It is usually operated on port25 on the internet.
54 :: What is POP3 (Post Office Protocol 3)?
POP3 or Post Office Box 3 is used fro receiving emails. It is a client server protocol which holds the email. Once the email is downloaded from the server, POP3 deletes it from the server. Ordinal numbers are used to identify specific messages.
55 :: What is SNMP (Simple Network Management Protocol)?
SNMP or Simple Network Management Protocol is typically used for managing the network. Managing the network includes managing the nodes present in the network. These nodes may be server, routers, bridges and hubs. SNMP agents are used to achieve this. Managing the network is essential because it helps to monitor network performance, detect network faults or failures, audit network usage etc. the SNMP messages like TRAP, GET or SET may be invoked by network elements or network management system.
56 :: What are the basic components of routers?
Components of Router
Internal components:
* ROM:- Used to store the routers bootstrap details, operating system software.
* Flash memory: - holds the operating systems images. The content is retained when the router is restarted.
* RAM: - Used to store the Routing tables, configuration files, caching and buffering details. Content is lost when lost router is switched off or restarted.
* NVRAM:- Stores the routers startup config files. Data is non volatile.
* Network interfaces to connect router to network.
External components:
* Virtual terminals: For accessing routers
* Network management stations
57 :: What is Routing table?
A routing table stores the routes of the various nodes in a network. Nodes can be any electronic device connected to the network. The table is usually stored in a router or the network computer as a database or file. This information helps to fond the best possible path. The routing table has at least 3 fields: the destination network id, cost of the path, next hop or address to send the packet.
58 :: What is Routing Protocols?
Routing protocols are used to assist in achieving the basic purpose of routing. They specify the routers the method to communicate with each other. They help the routers select the best possible path between nodes. There are different types of protocols such as link-state routing protocols, path vector protocols and distance vector routing protocols. These protocols prevent routing loops to form or break if formed already. They help to decide preferred routes from a sequence of hop costs.
59 :: What is Distance Vector Routing Protocols?
The main goal of Distance Vector Routing Protocols Is to find out the best path for he data packet to reach the destination. Distance here could be the hops. The three different types of Distance Vector routing protocols include:- Routing Information Protocol (RIP v1 and v2) and Interior Gateway Routing Protocol. The protocol is easy to manage however not well scalable.
The Distance Vector protocol initially prepares a Routing table which is shared with other routers. This routing table is shared between routers present in the same network. A new routing table is prepared when some new information is received from some other router. Now, the bad routing paths are removed keeping only the smallest hop paths. This new table is then communicated to other routers.
60 :: Describe the basics of internet routing.
When a source sends a packet to a destination, this packet has a specific path or route it follows. Different routing protocols are used to find the shortest path to the destination. The protocols maintain routing tables. Routing tables consist of a set of rules used to determine where these packets will travel. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The packet keeps hopping until it reaches its destination
61 :: What is Data encryption?
Data encryption ensures data safety and very important for confidential or critical data. It protect data from being read, altered or forged while transmission.
62 :: What is the Public Key Encryption?
Public key encryption use public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a message, a sender has to know recipient’s public key.
63 :: What is the Digital Signatures?
Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the authenticity of the sender.
64 :: What is the firewall?
A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and software, or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.
65 :: Explain Transmission Control Protocol, TCP.
TCP ensures reliable and end to end delivery of segments of information. Segments are acknowledged to the source when received by the destination. Data is broken up into segments and sequenced properly before transmission. This arrangement of segments allows destination to trace lost data in transmission.
MCSE Questions and Answers:
•
66 :: Explain User Datagram Protocol, UDP.
The UDP is a connectionless, unreliable service. UDP messages can be lost and duplicated.
67 :: What is TCP windowing concept?
TCP windowing concept is primarily used to avoid congestion in the traffic. It controls the amount of unacknowledged data a sender can send before it gets an acknowledgment back from the receiver that it has received it.
68 :: What is TCP protocol?
Transmission control Protocol is used to establish communication between nodes or networks and exchange data packets. It guarantees delivery of data packets in the order they were sent. Hence it is most commonly used in all applications that require guaranteed delivery of data. It can handle both timeouts (if packets were delayed) and retransmission (if packets were lost). The stream of data is transmitted in segments. The segment header is 32 bit. it is a connectionless communication protocol at the third level (network) of the OSI model.
69 :: What is UDP protocol?
User Data Protocol is a communication protocol. It is normally used as an alternative for TCP/IP. However there are a number of differences between them. UDP does not divide data into packets. Also, UDP does not send data packets in sequence. Hence, the application program must ensure the sequencing. UDP uses port numbers to distinguish user requests. It also has a checksum capability to verify the data.
70 :: TCP vs. UDP.
TCP guarantees the delivery of data. UDP on the other hand, does not guarantee delivery of data. TCP delivers messages in the order they were sent. UDP has no ordering mechanisms. In TCP data is sent as a stream while UDP sends data as individual packets. UDP is faster than TCP. TCP is a connection oriented protocol while UDP is connectionless.
71 :: What is Trusted and Untrusted Networks?
Trusted networks:
Such Networks allow data to be transferred transparently. The machines using a trusted network are usually administered by an Administrator to ensure that private and secured data is not leaked. Access to this network is limited. Computers using trusted networks are more secured and confidential because of strong firewalls.
Untrusted networks:
Such networks are usually administered by the owners. They can allow improper access to sensitive or personal data. These machines are usually separate. Such machines could me more prone to attacks.
72 :: What is VPN (Virtual Private network)?
Virtual Private network is a network that used the public telecommunication infrastructure. This means that it used public wires to connect the nodes. E.g. Internet. VPN supports remote access to computers and allow data to be transmitted over this public network. Even though the data is transmitted over a public network, encryption and decrypting data to ensure security.
73 :: What are the different types of VPN?
* Remote Access VPN:- Also called as Virtual Private dial-up network (VPDN) is mainly used in scenarios where remote access to a network becomes essential. Remote access VPN allows data to be accessed between a company’s private network and remote users through a third party service provider; Enterprise service provider. E.g Sales team is usually present over the globe. Using Remote access VPN, the sales updates can be made.
* Site to Site VPN – Intranet based: This type of VPN can be used when multiple Remote locations are present and can be made to join to a single network. Machines present on these remote locations work as if they are working on a single network.
* Site to Site VPN – Extranet based: This type of VPN can be used when several different companies need to work in a shared environment. E.g. Distributors and service companies. This network is more manageable and reliable.
74 :: What are the different authentication methods used in VPNs?
The authentication method uses an authentication protocol. The methods are:
* EAP authentication method: Extensible authentication protocol authenticates remote access connection. The authentication mechanism is decided between the remote VPN client and authenticator (ISA). The mechanism is typical in which authenticator requests for authentication information and the responses are given by the remote VPN client.
* MS Chap Authentication method: Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) starts with the authenticator (Remote access server) challenge. The challenge to the remote access client sends a session identifier and challenge string. The client in response sends the nonreversible encryption of the string, the identifier and password. Authenticator checks the credentials and grants access on a successful authentication.
* Unencrypted passwords (PAP):- Uses plain text passwords. Does not involve encryption. Used for less secure clients.
* Shiva Password Authentication Protocol (SPAP):- It is a password authentication protocol. It is less secure as the same user password is always sent in the same reversibly encrypted form
75 :: What is Tunneling?
Tunneling is a mechanism provided to transfer data securely between two networks. The data is split into smaller packets and passed through the tunnel. The data passing through the tunnel has 3 layers of encryption. The data is encapsulated. Tunneling can be approached by Point to Point tunneling protocol.
76 :: What are voluntary and compulsory tunnels?
Voluntary Tunneling:
Users computer is an end point of the tunnel and acts as tunnel client. Here the client or user issues a request to configure and create a voluntary tunnel. They require a dial up or LAN connection. Example of dial up connection is internet at home where a call is made to the ISP and connection is obtained.
Compulsory tunneling:
In compulsory tunneling, instead of the user a vpn remote access server configures and creates a tunnel. Hence, the end point is the Remote sever not the user.
77 :: Explain static and dynamic tunnels.
Tunnels that are created manually are static tunnels. Tunnels that are auto discovered are dynamic tunnels. In dynamic tunneling, tcp connections can be checked dynamically. If no connections exist that are routed through the tunnel, a check for more suitable gateway can be done. Static tunneling may at times require dedicated equipments.
78 :: Describe the concept of Subneting.
Subneting is a process of breaking the network into smaller units. These units care called as subnets. Here a subnet could be several machines in a single LAN. Networks using IP can create sub networks of logical addresses. With every IP address there some of the bits in the machine can be used to identify a specific subnet. The IP address then contains three parts: the network number, the subnet number, and the machine number
79 :: Explain the advantages of using Subneting.
Advantages of using Subneting:-
* Easier network management and trouble shooting
* Routing table’s size is reduced which means faster network transfers
* Solves network congestion problems:- Since the complete network is divided into smaller networks
* Network addresses can be decentralized e.g. the administrator of the network can monitor the subnet
80 :: What is custom Subneting?
Subnets that can be customized; i.e. modifying the dividing point between subnet ID and host ID to suit the needs of our network. The subnet mask that we use when creating a customized subnet is, called a custom subnet mask. This custom subnet mask is used to find the customization.
81 :: Explain the importance of increasing and decreasing subnet bits.
Adding 1’s as a bit means increasing the subnets and decreasing the hosts. Removing or decreasing 1’s means decreasing subnets and increasing hosts. Hence by increasing or decreasing the subnet architecture can be decided as per needs.
82 :: Why do we need a subnet mask?
A subnet mask allows identification of host part and network part of an IP address. Subnet mask can be used to find if an IP address is present on a subnet or not.
83 :: What is RTP?
Real-Time Transfer Protocol lays a standard or a way to transfer or manage real time data over a network. It does not guarantee the delivery of data or provide any quality of service. However it helps to manage the data. Which means that RTP can be used deliver the necessary data to the application to make sure it can put the received packets in the correct order Real time data examples could be audio and video
84 :: What is RTP Multiplexing?
RTP multiplexing allows multiple media flows within a single RTP data payload between two points. This means that it can be used to carry multiple streams of data in one RTP packet. RTP multiplexing will reduce the bandwidth used. RTP multiplexing will also increase scalability.
85 :: Explain the use of RTP and RTCP protocols.
Use of RTP and RTCP:-
1. RTP can be used to transfer Real time data like voice packets.
2. RTP can be used with RTCP which makes it possible to monitor data.
3. Packet loss can be detected by RTP using Sequence number
RTCP provides Qos feedback :- Packets lost, round trip time
86 :: Describe the format of RTP and RTCP packets.
The 32 bits of RTP packet format is as follows:- (L to R)
Bit 0-1:- Indicates version, currently 2
Bit 2:- P- indicates padding bytes
Bit 3:- X- Indicates presence of extension header
Bit 4-7:- CC- Contains number of CSRC identifiers that follows the header
Bit 8:- M- Current data has some special relevance (if set)
Bit 9-15:- PT- Indicates format of payload
Bit 16-31:- Sequence number
Timestamp: - 32bits – time stamp of packet
SSRC- Synchronization source identifier uniquely identifies the source of a stream.
CSRC -Contributing source IDs enumerate contributing sources to a stream which has been generated from multiple sources
Extension header: - first 32 bit word contains profile specific identifier and length specifier
The 32 bits of RTCP header format is as follows:- (L to R)
Bit 0-1:- Indicates version, currently 2
Bit 2:- P- indicates padding bytes
Bit 3 to 7:- Count of number of reception report blocks
Bit 8 to 15:- Type: - Determined RTCP packet type. Type can take values from 0 to 255
16 to 31:- Length- Length of RTCP packet - 1
SR: - Sender Report for transmission and reception from active senders
RR: - Receiver report for reception from in active senders
SDES: - Source description items
BYE- indicates end of participation
APP: - Application specific functions
87 :: What is multicasting?
Multicasting allows a single message to be sent to a group of recipients. Emailing, teleconferencing, are examples of multicasting. It uses the network infrastructure and standards to send messages.
88 :: Define IP multicast.
IP multicast technology reduces traffic by sending stream of information to many recipients at one go. Video conferencing, stock quotas are the examples based on IP multicast.
89 :: Describe how the multicast protocol works.
Multicast protocol or Internet protocol delivers a singles message to multiple machines. One packet from the source is replicated and sent to the destination. Every multicast message requires a multi case group. The group defines the addresses which will receive the message. The group is defined by the class D address. Different routing protocols are used to find the multicast groups and build routes for them. Distance Vector Multicast protocol is one of them. The receiver, to whom the multicast packet is sent to, needs to ‘join’ the group. Joining the group is enabled and managed by IGMP. Multicast routers are used to transmit the messages from one network to another.
90 :: Describe how to control the scope of multicast transmissions.
Controlling the scope of multicast transmission restricts the range of group members. TTL (Time To Live) is one of the mechanisms to limit the scope. If the TTL value is small, packets would only be multicast to smaller distance destinations. More the value of TTL, more would be the scope of transmission to a larger number of machines. Administrative scoping is another mechanism. In this, transmission is restricted to a specific address space of an organization or a site.
91 :: Explain why use Multicasting.
* a. When the same message or packet needs to be sent to multiple destinations, multicasting is used.
* b. Within campus and offices, using multicasting file distribution can be done.
* c. System messages, news and videos can be sent at the same time.
* d. More commonly used for audio and video streaming.
92 :: What is the socket?
A socket is used to connect an application to a network protocol. A socket enables communication between a client and a server. The communication is started when the client is assigned a local port number, and binds a socket to it. The client writes on the socket and gets information from server by reading it.
93 :: Datagram vs. stream.
Stream can be considered as a pipe that allows full duplex connection. A datagram or a packet on the other hand, has a source and a destination. There is no connection. Stream is like a communication channel while datagram is completely self contained. Streams provide a reliable and sequenced communication. Datagram’s on the other hand are unreliable and no sequence maintained.
94 :: What is a stream socket?
A stream socket provides two way communications between a client and server. This communication is reliable and sequenced. Stream sockets are above TCP to run across any networks. They provide unduplicated flow of data and have well established mechanism for creating and destroying connections and for detecting errors.
95 :: How would you define IP address?
IP address or Internet Protocol address is the address of a device attached to an IP network (TCP/IP network). It is a must for every client, server and network device to have a unique IP address for each network connection (network interface). Every IP packet contains a source IP address and a destination IP address. As a device moves from one network to another, its IP address changes.
96 :: Difference between Static and Dynamic IP.
Static IP is also called as permanent address assigned to each device in a network, whereas Dynamic IP, a temporary address assigned to the device via DHCP software. IP address assigned to your service by your cable or DSL Internet provider is typically dynamic IP. In routers and operating systems, the default configuration for clients is dynamic IP
97 :: What is the difference between public and private IP?
A public IP address allows equipment accessible to everyone on the internet. A private IP address is for private use within the network and allows many more PCs to be connected. If you are using a private IP and wants VOIP, you need to change to a public IP address.
98 :: What is Network Address Translation?
Network Address Translation acts as an agent between the Internet and a local network. It is a dynamic method which is used to minimize Internet connectivity needs. Network address translation describes the rewriting of the Internet Protocol (IP) addresses of data packets so that multiple transmissions require only one IP address.
99 :: Define IP multicast.
IP multicast technology reduces traffic by sending stream of information to many recipients at one go. Video conferencing, stock quotas are the examples based on IP multicast.
100 :: What is subneting?
Subnet adds one level to the way IP address is represented. It logically organizes the network. For instance, it can logically group computers belongs to the finance department.
MCSE Questions and Answers:
•
101 :: What is Address Resolution Protocol (ARP)?
Address Resolution Protocol ARP, is responsible for mapping an IP address to its corresponding physical network address. It is mostly seen on Ethernet network.
102 :: Explain Maximum Transfer Unit, MTU.
MTU specifies the largest amount of data that can be transferred across a network.
103 :: What is Routing Protocol?
Routing protocol is the way to send routing information between any routers in an autonomous system.
104 :: Explain the structure and use of internet addresses.
Each IP address is 32 bit long. In human language the IP addresses are written in dotted decimal notation. These are then converted to binary by the computer. Each IP address has two parts: Network identifier or a network ID and host ID. The current internet protocol standard is IPV4. The IP addresses are divided into three classes: a class A network, a class B network, and a class C network. Class A being the largest. The four digit numbers in an IPV4 address, each network of class A will have different first number, and then its network will be addressed by the rest of the three numbers, or three bytes. The IP addresses identify a machine to deliver packets and load web pages.
105 :: Explain how names are translated (resolved) into IP address.
Domain Name server or DNS is used to resolve names into IP addresses. When a web address is entered into the browser, the DNS client sends a request to the DNS server to find the corresponding IP address for the name. The DNS server receives this request and searches for the corresponding IP address in the database. If at this point the resolution fails, this server sends this request to the parent server. The request keeps going up the hierarchy to the parent servers or the closest authoritative of the DNS server to resolve the address. If the request times out an error is retuned to the client. If the server is able to resolve the name requested, it passes the information back to the client. The next request sent by the client is to request for a web page for the IP address.
106 :: Describe the basics of the internet routing.
When a source sends a packet to a destination, this packet has a specific path or route it follows. Different routing protocols are used to find the shortest path to the destination. The protocols maintain routing tables. Routing tables consist of a set of rules used to determine where these packets will travel. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The packet keeps hopping until it reaches its destination.
107 :: What are the the core naming mechanism, Domain Name System (DNS)?
A Domain Name system is used to convert the names of the website on the internet to IP addresses. The domain names for each IP addresses are stored in a database that is distributed across different servers. A domain name space consists of a tree of domain names. The tree has zones. Zones consist of a collection of connected nodes. These nodes are served by a name server. A domain name is usually in the form of mydomain.com. Here, .com is the top level domain. Where as mydomain is the sub domain or subdivision. A host name is a domain name that has one or more IP addresses associated with it.
Wednesday, January 28, 2009
MCSE (PRACTICALS) window 2003
MICROSOFT CERTIFIED SYSTEM ENGINEER
MCSE (PRACTICALS) window 2003
1: HOW TO CREATE LOCAL USER?
Start>program>administrative tools>active directory users and computer>right click on users>new>user>give any name on two place>next>give password according to policy>next>finish.
2: HOW TO CREATE DOMAIN USER ACCOUNT?
Start>program>administrative tools>active directory user and computer>right click on domain>new>organizational unit>give any name>OK
Right click on organizational unit>new>user>give any name on two place>next>give password according to policy>next>finish.
Right click on user>properties>account
1-log on to
*The following computers
*All computers (as you like give permission)
If you will choose the following computers then you will give name of the computer>name of computer>OK.
2-log on hours>select time>log on denied>OK
Example for log on to:-
If you want to log on administrator then you will give name>administrator
If you want to log as a user>then give user name like User1.
3: MANAGING GROUPS
Group types 1-Security group
2-Distribution group
Group scope 1-Domain local
2-Global
3-Universal
Basic group category 1-Domain local groups
2-Global groups
How to create groups?
Start>program>administrative tools>active directory users and computers>right click on domain>new>organizational unit>new>group>give any name to group.
User add to a group
First create a user in organizational unit
Right click on user name>add to a group>advance>find now>select name of group>OK>OK>OK.
4: HOW TO CREATE ROAMING PROFILE?
First create a folder in any drive and share this after creating a user
Right click on user name>properties>profile>give profile path>\\computer name\folder name\user name>apply>OK
Log on to user>right click on my computer>properties>advance>user profile setting
(For seeing roaming and for changing the type of roaming)
Start>setting>control panel>double click on mouse>pointers>go to scheme and choose any windows>select cursor>apply>OK (change desktop create a folder on the desktop)
Log of user from this PC and log on any other PC of network. You will find all things on other PC.
Roaming-you will find same condition (desktop, mouse)on other PC of network.
5: MANDATORY
First create a folder and share>create user>right click on user>properties>profile>give path (\\computerr name\folder name\user name)>apply>OK>log on to user>right click on my computer>properties>advance>setting (you will find roaming)>go in folder>right click on user name>properties>security>remove system>add>administrator>full control>apply>OK>log on as administrator>go to in folder>go in user name folder>rename NTUSER.DAT to NTUSER.MAN>log on as a user>right click on my computer>properties>advance(you will find MANDATORY)
(In this way if you create a folder and after this you want to delete then you cannot delete. Only administrator has this permission and you will find same desktop when you log on log to user on other PC of network).
6: SHAIRNG AND SECURITY ON A FOLDER
First create a user and group. Add users in a group.
Create a folder in any drive and share>right click on folder>properties>security>advance>click on replace, remove all>add>advance>find now>select your group>OK>OK>OK.
This folder will be open by only your user not by any other user; this type of security is enabled on this folder.
7: MONITORING EVENT VIEWER
Start>program>administrative tools>event viewer>there you can see some files of
1-application, 2-security, 3-system, 4-directory service, 5-DNS server, 6-service file application.
8: MANAGING THE WINDOW 2003 ENVIORNMENT
Start>setting>control panel>accessibility option (This is the setting for keyboard)
Use sticky keys-For which people don’t listen normal.
Use filter keys-For changing writing speed of keyboard.
Use toggle keys-To enable the sound while pressing num lock, caps lock, scroll lock.
Display setting, sound setting, mouse setting and general setting.
9: MANAGING DATA STORAGE
Right click on my computer>select manager>1-Disk defragmenter is used to calculate the hard disc space>defragmenter>stop.2-disc management (to create partition).
10: TO COMPRESS FILE AND FOLDER
First create a folder in any drive>right click on that folder>properties>advance>click compress file and folder>OK>apply>OK.
If you compress any file and folder, then folder will take less space in a memory as early. If you copy and paste any other folder or file from outside in this compressed folder, then that folder or file will show a color and that folder which is compressed will also show color.
If you want that this folder does not show any type of color on compression then open my computer>tools>folder options>view>uncheck the check box which is indicating “Show encrypted or compressed file in color”>apply>OK.
11: TO ENCRYPT FOLDER
First create a user and log on by that user>create a folder in any drive>right click on that folder>advance>check the encrypt check box>OK.
This folder can be opened by this user only; any other user cannot open this folder except Administrator.
12: HOW TO ENABLE SHADOW COPY?
Firstly create a folder (from user side) and some file also inside this folder and share this folder>right click on that drive which is holding that folder>shadow copies>create now>Ok>after this go to other PC of network>my network places>go into your folder and delete any file then come back to your own PC (Administrator) and check that folder>go to entire network>go inside your folder>right click on you folder>previous version>select you deleted folder or files and press restore.
(If any user deletes your files from network then that time you can restore your files by using shadow copy).
13: DISK QUOTA
From Administrator side:
Firstly create a user>right click on any drive>quota>give user limit from this drive>quota entries>quota>click on quota>new quota entry>advance>select your user.
(Your user can use space from this drive according your permission fro checking quota work in that drive).
14: BACKUP FOLES AND FOLDERS
Start>program>system tools>backup file and folder>select your folder>give place to put or save backup>after this delete your folder>go to backup and restore (You will find your folder at your same place).
Command:
Start>run>ntbackup.
15: ENABLING OFFLINE:
Firstly create a folder in any PC of network and share it.
Go to any other PC to enable offline>open my computer>tools>folder option>offline files (check) enable offline files.
My network places>enable network>select your folder from network>right click on folder>make available offline>disable your network (you will this folder network after disabling it. You can this pc (laptop) anywhere where you want to do work in this folder. After this when you connect to this same network)>right click on folder>make available on line (you will find all data in a network).
16: HOW TO MAKE NETWORK:
First of all IP to both computers (User and DC)>connect them by crossover cable>right click on my network places>go to properties>select TCP/IP>give your IP address and subnet also>give the IP address to your Domain Controller (DC)>restart both computers>go to run command and write DCPROMO>OK>next>follow the wizard>give domain name>next.
Right click on my computer>properties>computer name>change>give domain name>OK>username-administrator>password (give any) >go to client PC>right click on my network place>properties>right click on LAN>properties>TCP\IP>give DNS IP>right click on my computer>properties>computer name>change>give domain name>OK (when will do start your PC select the domain name>OK).
17: SHARING BETWEEN ALL COMPUTERS WITHOUT GOING TO ANY OTHER PC
Right click on my computer>manage>right clock on my computer>management>connect any other PC>browse>advance>find now>select computer name>OK>double click on system tools>shared folder>right click on share>new share>next>finish>open my network places>entire network>select computer name (you will find your shared folder).
18: PASSWORD POLICY
Start>program>administrative tools>domain security policy>account policy>password policy>go to run>run the Gpupdate command (you can change according to yourself).
19: FIREWALL XP
Start>program>setting>control panel>security center>windows firewall>ON>, OFF (as you like) (if you will do ON firewall in any PC of network, that PC you will not found in network this all work will do only that operating system which have security center).
Firewall 2003:
My network place>open>properties>local area connection>click>advanced>click>restart my computer.
20: HOW TO CREATE DOMAIN CONTROLLER & ADDITIONAL DOMAIN CONTROLLER
Start>run>DCPROMO>OK>select domain controller or additional domain controller (whatever you want to do and follow the wizard)
21: DELEGATING ADMINISTRATIVE CONTROL
Firstly create an organizational unit and one user>log on to user>start>run>write MMC>click on file>add remove snap in>add>Active directory user and computers (as you like) and save this console on desktop (you can do create OU and user from this delegated user).
22: GROUP POLICY IMPLEMENTING
Firstly create an OU and a user>right click on OU>properties>group policy>new>give any name>edit>click on user configuration>administrative>templates>desktop>remove my computer icon from desktop (as you like) >enable>apply>OK
(In this policy you have some permission; if you will do use of this you can do more changes on users).
23: SOFTWARE INSTALLATION
Publish and software
First of all create a folder and share>copy software in this folder>create OU and user>right click on OU>properties>group policy>new>give any name>edit>user>configuration>software setting>right click on software installation>properties>browse>give location from network> (check) publish and assign (as you like) (if you will do publish then you will find software in control panel>add/remove program and if you will do assign then you will find software in start menu).you can install in client PC from both place.
24: WINDOWS SCRIPTS
Firstly create a notepad file>Wscript.echo”message”>file>save as>dev.vbs (like this only) in my documents>open my documents>copy file>create OU and user>right click on OU>properties>group policy>new>give any name>edit>user configuration>windows setting>scripts>log on, log off (as you like)>double click on log on>add>browse>paste file in log on or write a file name(dev.vbs)>open>OK>OK.
(We use this facility to give message when user log and log off then a user will this pop up message; in this message an administrator can write any thing whatever he wants.)
25: SECURITY CONFIGURATION:
Removing ALT+CTRL+DELETE
Start>run>MMC>file>add remove snap in>add>1-Security configuration>add>2-security templates>add>close>OK
Security templates>right click on C windows security templates>new templates>give any name(123)like this>OK>open 123>local policy>security option>double click on ALT+CTRL+DELETE(which you want to remove)>(check)define>enable>apply>OK>right click on 123>save>right click on security configuration>open database>123 (give file name) >open>select 123>open>right click on security configuration>analyze computer now>OK>right click on security configuration>configure computer now>OK>right click on security configuration>analyze computer now>OK>save this console on desktop>log on log off (to verify) (you will not find ALT+CTRL+DELETE).
Come back ALT+CTRL+DELETE
Open your console>right click on security configuration>import templates>securew.inf>open>right click on security configuration>configure computer now>OK>log on log off (to verify) (You will find ALT+CTRL+DELETE).
26: DISTRIBUTIVE FILE SYSTEM (DFS)
First create two folders and share them>start>program>administrative tools>distribute file system>right click on distribute file system>new root>next domain root>give domain name>next>browse>select computer name>OK>next>give any name and comments for root>next>give folder-1 path>finish>double click on domain name>right click on computer name>check status (you will find on time) >right click on domain name>new link>give any name>browse>entire network>select folder-2>OK>give any comment>Ok>right click on link>new target>browse select your folder>OK.
(In this line you can see your shared folder data).
27: DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)
First of all install DHCP in your system
Start>setting>control panel>add or remove program>networking services>details> (check) DHCP>OK>next>finish.
Start>program>administrative tools>DHCP>right click on DHCP>manage authorized server>authorize>give the server name>OK>OK>close>right click on server>yahoo>new scope>give any name of scope>next>give first and last IP>next>give exclude IP (number of IP which you want to exclude)>add>next>give number of days and minutes>next>next(if you have router then give router IP number or not) next>give server name>resolve>add>next (if you have win server then give IP or not)>next>finish.
Go to client PC>start>run>cmd>
C# ipconfig/all (to see all IP)
C# ipconfig/resolve (00000000 all IP)
C# ipconfig/renew (you will find your IP)
C# ipconfig/all (to see all IP)
(Use of DHCP gives IP address to the clients from server).
28: TO CONFIIGURE DOMAIN NAME SYSTEM (DNS)
First of all go to C drive>windows>system32>DNS>backup>-meds, yahoo.com (delete both files)>right click on my network>properties>right click on LAN>properties>double click on TCP/IP>delete DNS IP (if in network any computer have DNS you will do this) Start>run>DCPROMO>follow the wizard>give DNS name (iacm.com) like this>next>start>program>administrative tools>DNS forward lookup zone.
(Here you will find each and every one computer host name and IP.DNS will do this work automatically)
(It resolves the host name to IP & IP to host name). (To check DNS will do work properly or not go to C drive >windows>system32>DNS>backup>here if you will find both file then OK if not you will do again this whole step)
(It resolves the host name to IP and IP to host).
29: IMPLEMENTING WEB SERVICES
First of all we will Save the programming language of the website in any shared folder or we can search the programming language of the web site from search by typing .htm there you will get the lots of programming language files. You can also take from here.
(If you have not install IIS then install from control panel from application server)
Start>program>administrative tools>IIS>server>website>right click on default>new website>next>give any name (cool.com) >right click on cool.com>properties>documents>remove all files and add your file name (123.HTML) >OK.
Start>program>administrative tools>DNS>right click on forward>new zone>next-3>give zone name (cool.com) >next>finish.
Right click on cool.com>new host>give server name>give IP to your PC>add host>done>right click on cool.com>new alias>give www>browse>give full path to your site.
Go to internet explorer>provide your site name (www.cool.com)
(You will find your notepad on this site).
30: COMMANDS
C# netstat –e (Inter face static)
C# netstat –a (Display all listening connection)
C# netstat –r (Routing table interface)
C# netstat –s (Information of IP, UDP, ICMP Protocol statistic)
C# netstat –p IP (For active connection)
C# netstat –p TCP (For active connection)
C# nslookup (Used for DNS trouble shooting problem)
C# exit (come back)
Start>program>administrative tools>DNS>right click on reverse look up>new zone>next>give IP class only (192.168.100.1) >right click on space>new pointer>give computer IP and name (192.168.100.n.1, 2, 3, 4) (Server, Server1, XP) like this.
Start>run>cmd
C# nslookup
>Server
>Server1
>XP (Give computer name to see computer IP and domain IP).
31: DISK MIRRORING
First right click on My computer>manage>Disk management>right click on disk -0>convert to dynamic>OK>yes>(Automatically computer restart)>right click on disk -2>convert to dynamic>right click on disk-2(which you want to make mirror) >add mirror>select disk-2>add mirror>OK>restart computer>go to BIOS (To verify disable disk-0 and boot by disk-2) (in this if your disk get corrupted that time you can boot by mirroring disk. This is facility by this mirroring).
32: RAID-5
Requirement
Minimum 3 hard disk and all should be in dynamic.
Right click on any hard disk free space>new volume> (check) raid>next>select all available disk & add>give space (100 MB) as you like>next-3>finish.
(You will find raid in every disk, if you create folder in any disk that folder you will find in every disk).
33: IP SECURITY POLICY
Firstly ping both computers
Start>run>ping 192.168.100.2
Start>run>mmc>file>add remove snap in>add>IP security policy management>add>finish>close>OK>right click on IP security policy. Create IP security policy>next>give any name>next> (uncheck) active default response role>next>finish>(uncheck) user add wizard>add(uncheck)user add wizard>give any name(11)>add>select a specific IP address from source>give our PC IP address>select a specific IP address from destination give second PC IP address>OK>OK select(11) >apply>OK>filter action>add>add>O>apply>OK>select new filter action>apply>authentication method>add>(check)use this string key (give any number) 01 >OK>apply>remove>Kerberos>OK>close.
Go to second PC and does same process like first PC but key number should be same (01) (right click on your policy and assign. You will find negotiating pinging use of this for making a secure connection).
34: VPN (Virtual Private Network)
Start>program>administrative tools>routing and remote access>right click on server (computer name) >configure and enable routing and remote access>next>select remote access VPN>next>dial up>next-3>finish>OK>open server(computer name)>create user>right click on user>properties>dialing>select allow access>go to second PC>right click on my network>properties>right click on new connection>add new connection>next>give any name>next>give host name>next>my use only>next>select add a shortcut>finish.
Open shortcut>give user name>connect.
MCSE (PRACTICALS) window 2003
1: HOW TO CREATE LOCAL USER?
Start>program>administrative tools>active directory users and computer>right click on users>new>user>give any name on two place>next>give password according to policy>next>finish.
2: HOW TO CREATE DOMAIN USER ACCOUNT?
Start>program>administrative tools>active directory user and computer>right click on domain>new>organizational unit>give any name>OK
Right click on organizational unit>new>user>give any name on two place>next>give password according to policy>next>finish.
Right click on user>properties>account
1-log on to
*The following computers
*All computers (as you like give permission)
If you will choose the following computers then you will give name of the computer>name of computer>OK.
2-log on hours>select time>log on denied>OK
Example for log on to:-
If you want to log on administrator then you will give name>administrator
If you want to log as a user>then give user name like User1.
3: MANAGING GROUPS
Group types 1-Security group
2-Distribution group
Group scope 1-Domain local
2-Global
3-Universal
Basic group category 1-Domain local groups
2-Global groups
How to create groups?
Start>program>administrative tools>active directory users and computers>right click on domain>new>organizational unit>new>group>give any name to group.
User add to a group
First create a user in organizational unit
Right click on user name>add to a group>advance>find now>select name of group>OK>OK>OK.
4: HOW TO CREATE ROAMING PROFILE?
First create a folder in any drive and share this after creating a user
Right click on user name>properties>profile>give profile path>\\computer name\folder name\user name>apply>OK
Log on to user>right click on my computer>properties>advance>user profile setting
(For seeing roaming and for changing the type of roaming)
Start>setting>control panel>double click on mouse>pointers>go to scheme and choose any windows>select cursor>apply>OK (change desktop create a folder on the desktop)
Log of user from this PC and log on any other PC of network. You will find all things on other PC.
Roaming-you will find same condition (desktop, mouse)on other PC of network.
5: MANDATORY
First create a folder and share>create user>right click on user>properties>profile>give path (\\computerr name\folder name\user name)>apply>OK>log on to user>right click on my computer>properties>advance>setting (you will find roaming)>go in folder>right click on user name>properties>security>remove system>add>administrator>full control>apply>OK>log on as administrator>go to in folder>go in user name folder>rename NTUSER.DAT to NTUSER.MAN>log on as a user>right click on my computer>properties>advance(you will find MANDATORY)
(In this way if you create a folder and after this you want to delete then you cannot delete. Only administrator has this permission and you will find same desktop when you log on log to user on other PC of network).
6: SHAIRNG AND SECURITY ON A FOLDER
First create a user and group. Add users in a group.
Create a folder in any drive and share>right click on folder>properties>security>advance>click on replace, remove all>add>advance>find now>select your group>OK>OK>OK.
This folder will be open by only your user not by any other user; this type of security is enabled on this folder.
7: MONITORING EVENT VIEWER
Start>program>administrative tools>event viewer>there you can see some files of
1-application, 2-security, 3-system, 4-directory service, 5-DNS server, 6-service file application.
8: MANAGING THE WINDOW 2003 ENVIORNMENT
Start>setting>control panel>accessibility option (This is the setting for keyboard)
Use sticky keys-For which people don’t listen normal.
Use filter keys-For changing writing speed of keyboard.
Use toggle keys-To enable the sound while pressing num lock, caps lock, scroll lock.
Display setting, sound setting, mouse setting and general setting.
9: MANAGING DATA STORAGE
Right click on my computer>select manager>1-Disk defragmenter is used to calculate the hard disc space>defragmenter>stop.2-disc management (to create partition).
10: TO COMPRESS FILE AND FOLDER
First create a folder in any drive>right click on that folder>properties>advance>click compress file and folder>OK>apply>OK.
If you compress any file and folder, then folder will take less space in a memory as early. If you copy and paste any other folder or file from outside in this compressed folder, then that folder or file will show a color and that folder which is compressed will also show color.
If you want that this folder does not show any type of color on compression then open my computer>tools>folder options>view>uncheck the check box which is indicating “Show encrypted or compressed file in color”>apply>OK.
11: TO ENCRYPT FOLDER
First create a user and log on by that user>create a folder in any drive>right click on that folder>advance>check the encrypt check box>OK.
This folder can be opened by this user only; any other user cannot open this folder except Administrator.
12: HOW TO ENABLE SHADOW COPY?
Firstly create a folder (from user side) and some file also inside this folder and share this folder>right click on that drive which is holding that folder>shadow copies>create now>Ok>after this go to other PC of network>my network places>go into your folder and delete any file then come back to your own PC (Administrator) and check that folder>go to entire network>go inside your folder>right click on you folder>previous version>select you deleted folder or files and press restore.
(If any user deletes your files from network then that time you can restore your files by using shadow copy).
13: DISK QUOTA
From Administrator side:
Firstly create a user>right click on any drive>quota>give user limit from this drive>quota entries>quota>click on quota>new quota entry>advance>select your user.
(Your user can use space from this drive according your permission fro checking quota work in that drive).
14: BACKUP FOLES AND FOLDERS
Start>program>system tools>backup file and folder>select your folder>give place to put or save backup>after this delete your folder>go to backup and restore (You will find your folder at your same place).
Command:
Start>run>ntbackup.
15: ENABLING OFFLINE:
Firstly create a folder in any PC of network and share it.
Go to any other PC to enable offline>open my computer>tools>folder option>offline files (check) enable offline files.
My network places>enable network>select your folder from network>right click on folder>make available offline>disable your network (you will this folder network after disabling it. You can this pc (laptop) anywhere where you want to do work in this folder. After this when you connect to this same network)>right click on folder>make available on line (you will find all data in a network).
16: HOW TO MAKE NETWORK:
First of all IP to both computers (User and DC)>connect them by crossover cable>right click on my network places>go to properties>select TCP/IP>give your IP address and subnet also>give the IP address to your Domain Controller (DC)>restart both computers>go to run command and write DCPROMO>OK>next>follow the wizard>give domain name>next.
Right click on my computer>properties>computer name>change>give domain name>OK>username-administrator>password (give any) >go to client PC>right click on my network place>properties>right click on LAN>properties>TCP\IP>give DNS IP>right click on my computer>properties>computer name>change>give domain name>OK (when will do start your PC select the domain name>OK).
17: SHARING BETWEEN ALL COMPUTERS WITHOUT GOING TO ANY OTHER PC
Right click on my computer>manage>right clock on my computer>management>connect any other PC>browse>advance>find now>select computer name>OK>double click on system tools>shared folder>right click on share>new share>next>finish>open my network places>entire network>select computer name (you will find your shared folder).
18: PASSWORD POLICY
Start>program>administrative tools>domain security policy>account policy>password policy>go to run>run the Gpupdate command (you can change according to yourself).
19: FIREWALL XP
Start>program>setting>control panel>security center>windows firewall>ON>, OFF (as you like) (if you will do ON firewall in any PC of network, that PC you will not found in network this all work will do only that operating system which have security center).
Firewall 2003:
My network place>open>properties>local area connection>click>advanced>click>restart my computer.
20: HOW TO CREATE DOMAIN CONTROLLER & ADDITIONAL DOMAIN CONTROLLER
Start>run>DCPROMO>OK>select domain controller or additional domain controller (whatever you want to do and follow the wizard)
21: DELEGATING ADMINISTRATIVE CONTROL
Firstly create an organizational unit and one user>log on to user>start>run>write MMC>click on file>add remove snap in>add>Active directory user and computers (as you like) and save this console on desktop (you can do create OU and user from this delegated user).
22: GROUP POLICY IMPLEMENTING
Firstly create an OU and a user>right click on OU>properties>group policy>new>give any name>edit>click on user configuration>administrative>templates>desktop>remove my computer icon from desktop (as you like) >enable>apply>OK
(In this policy you have some permission; if you will do use of this you can do more changes on users).
23: SOFTWARE INSTALLATION
Publish and software
First of all create a folder and share>copy software in this folder>create OU and user>right click on OU>properties>group policy>new>give any name>edit>user>configuration>software setting>right click on software installation>properties>browse>give location from network> (check) publish and assign (as you like) (if you will do publish then you will find software in control panel>add/remove program and if you will do assign then you will find software in start menu).you can install in client PC from both place.
24: WINDOWS SCRIPTS
Firstly create a notepad file>Wscript.echo”message”>file>save as>dev.vbs (like this only) in my documents>open my documents>copy file>create OU and user>right click on OU>properties>group policy>new>give any name>edit>user configuration>windows setting>scripts>log on, log off (as you like)>double click on log on>add>browse>paste file in log on or write a file name(dev.vbs)>open>OK>OK.
(We use this facility to give message when user log and log off then a user will this pop up message; in this message an administrator can write any thing whatever he wants.)
25: SECURITY CONFIGURATION:
Removing ALT+CTRL+DELETE
Start>run>MMC>file>add remove snap in>add>1-Security configuration>add>2-security templates>add>close>OK
Security templates>right click on C windows security templates>new templates>give any name(123)like this>OK>open 123>local policy>security option>double click on ALT+CTRL+DELETE(which you want to remove)>(check)define>enable>apply>OK>right click on 123>save>right click on security configuration>open database>123 (give file name) >open>select 123>open>right click on security configuration>analyze computer now>OK>right click on security configuration>configure computer now>OK>right click on security configuration>analyze computer now>OK>save this console on desktop>log on log off (to verify) (you will not find ALT+CTRL+DELETE).
Come back ALT+CTRL+DELETE
Open your console>right click on security configuration>import templates>securew.inf>open>right click on security configuration>configure computer now>OK>log on log off (to verify) (You will find ALT+CTRL+DELETE).
26: DISTRIBUTIVE FILE SYSTEM (DFS)
First create two folders and share them>start>program>administrative tools>distribute file system>right click on distribute file system>new root>next domain root>give domain name>next>browse>select computer name>OK>next>give any name and comments for root>next>give folder-1 path>finish>double click on domain name>right click on computer name>check status (you will find on time) >right click on domain name>new link>give any name>browse>entire network>select folder-2>OK>give any comment>Ok>right click on link>new target>browse select your folder>OK.
(In this line you can see your shared folder data).
27: DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)
First of all install DHCP in your system
Start>setting>control panel>add or remove program>networking services>details> (check) DHCP>OK>next>finish.
Start>program>administrative tools>DHCP>right click on DHCP>manage authorized server>authorize>give the server name>OK>OK>close>right click on server>yahoo>new scope>give any name of scope>next>give first and last IP>next>give exclude IP (number of IP which you want to exclude)>add>next>give number of days and minutes>next>next(if you have router then give router IP number or not) next>give server name>resolve>add>next (if you have win server then give IP or not)>next>finish.
Go to client PC>start>run>cmd>
C# ipconfig/all (to see all IP)
C# ipconfig/resolve (00000000 all IP)
C# ipconfig/renew (you will find your IP)
C# ipconfig/all (to see all IP)
(Use of DHCP gives IP address to the clients from server).
28: TO CONFIIGURE DOMAIN NAME SYSTEM (DNS)
First of all go to C drive>windows>system32>DNS>backup>-meds, yahoo.com (delete both files)>right click on my network>properties>right click on LAN>properties>double click on TCP/IP>delete DNS IP (if in network any computer have DNS you will do this) Start>run>DCPROMO>follow the wizard>give DNS name (iacm.com) like this>next>start>program>administrative tools>DNS forward lookup zone.
(Here you will find each and every one computer host name and IP.DNS will do this work automatically)
(It resolves the host name to IP & IP to host name). (To check DNS will do work properly or not go to C drive >windows>system32>DNS>backup>here if you will find both file then OK if not you will do again this whole step)
(It resolves the host name to IP and IP to host).
29: IMPLEMENTING WEB SERVICES
First of all we will Save the programming language of the website in any shared folder or we can search the programming language of the web site from search by typing .htm there you will get the lots of programming language files. You can also take from here.
(If you have not install IIS then install from control panel from application server)
Start>program>administrative tools>IIS>server>website>right click on default>new website>next>give any name (cool.com) >right click on cool.com>properties>documents>remove all files and add your file name (123.HTML) >OK.
Start>program>administrative tools>DNS>right click on forward>new zone>next-3>give zone name (cool.com) >next>finish.
Right click on cool.com>new host>give server name>give IP to your PC>add host>done>right click on cool.com>new alias>give www>browse>give full path to your site.
Go to internet explorer>provide your site name (www.cool.com)
(You will find your notepad on this site).
30: COMMANDS
C# netstat –e (Inter face static)
C# netstat –a (Display all listening connection)
C# netstat –r (Routing table interface)
C# netstat –s (Information of IP, UDP, ICMP Protocol statistic)
C# netstat –p IP (For active connection)
C# netstat –p TCP (For active connection)
C# nslookup (Used for DNS trouble shooting problem)
C# exit (come back)
Start>program>administrative tools>DNS>right click on reverse look up>new zone>next>give IP class only (192.168.100.1) >right click on space>new pointer>give computer IP and name (192.168.100.n.1, 2, 3, 4) (Server, Server1, XP) like this.
Start>run>cmd
C# nslookup
>Server
>Server1
>XP (Give computer name to see computer IP and domain IP).
31: DISK MIRRORING
First right click on My computer>manage>Disk management>right click on disk -0>convert to dynamic>OK>yes>(Automatically computer restart)>right click on disk -2>convert to dynamic>right click on disk-2(which you want to make mirror) >add mirror>select disk-2>add mirror>OK>restart computer>go to BIOS (To verify disable disk-0 and boot by disk-2) (in this if your disk get corrupted that time you can boot by mirroring disk. This is facility by this mirroring).
32: RAID-5
Requirement
Minimum 3 hard disk and all should be in dynamic.
Right click on any hard disk free space>new volume> (check) raid>next>select all available disk & add>give space (100 MB) as you like>next-3>finish.
(You will find raid in every disk, if you create folder in any disk that folder you will find in every disk).
33: IP SECURITY POLICY
Firstly ping both computers
Start>run>ping 192.168.100.2
Start>run>mmc>file>add remove snap in>add>IP security policy management>add>finish>close>OK>right click on IP security policy. Create IP security policy>next>give any name>next> (uncheck) active default response role>next>finish>(uncheck) user add wizard>add(uncheck)user add wizard>give any name(11)>add>select a specific IP address from source>give our PC IP address>select a specific IP address from destination give second PC IP address>OK>OK select(11) >apply>OK>filter action>add>add>O>apply>OK>select new filter action>apply>authentication method>add>(check)use this string key (give any number) 01 >OK>apply>remove>Kerberos>OK>close.
Go to second PC and does same process like first PC but key number should be same (01) (right click on your policy and assign. You will find negotiating pinging use of this for making a secure connection).
34: VPN (Virtual Private Network)
Start>program>administrative tools>routing and remote access>right click on server (computer name) >configure and enable routing and remote access>next>select remote access VPN>next>dial up>next-3>finish>OK>open server(computer name)>create user>right click on user>properties>dialing>select allow access>go to second PC>right click on my network>properties>right click on new connection>add new connection>next>give any name>next>give host name>next>my use only>next>select add a shortcut>finish.
Open shortcut>give user name>connect.
Microsoft 2000 Question and Answare
Questions and Answers
Chapter 1
Review Questions
What is the major difference between a workgroup and a domain?
The major difference between a workgroup and a domain is where the user account information resides for user logon authentication. For a workgroup, user account information resides in the local security database on each computer in the workgroup. For the domain, the user account information resides in the Active Directory database.
What are Active Directory directory services, and what do they provide?
Active Directory directory services comprise the Windows 2000 directory service. A directory service consists of a database that stores information about network resources, such as computers and printers, and the services that make this information available to users and applications. Active Directory directory services also provide administrators with the capability to control access to resources.
What information must a user provide when he or she logs on to a computer?
A user name and a password.
What happens when a user logs on locally to a computer?
Windows 2000 authenticates the user during the logon process by comparing the user's logon information to the user's information in the local database and verifies the identity of the user. Only valid users can gain access to resources and data on a computer.
How do you use the Windows 2000 Security dialog box?
The Windows 2000 Security dialog box provides easy access to important security options, which include the ability to lock a computer, change a password, log off of a computer, stop programs that aren't responding, and shut down the computer.
Chapter 2
Review Questions
Your company has decided to install Windows 2000 Professional on all new computers that are purchased for desktop users. What should you do before you purchase new computers to ensure that Windows 2000 can be installed and run without difficulty?
Verify that the hardware components meet the minimum requirements for Windows 2000. Also, verify that all of the hardware components that are installed in the new computers are on the Windows 2000 HCL. If a component is not listed, contact the manufacturer to verify that a Windows 2000 driver is available.
You are attempting to install Windows 2000 Professional from a CD-ROM; however, you have discovered that your computer doesn't support booting from the CD-ROM drive. How can you install Windows 2000?
Start the computer by using the Setup boot disks. When prompted, insert the Windows 2000 Professional CD-ROM, and then continue setup.
You are installing Windows 2000 Server on a computer that will be a client in an existing Windows 2000 domain. You want to add the computer to the domain during installation. What information do you need, and which computers must be available on the network before you run the Setup program?
You need the DNS domain name of the domain that you are joining. You must also make sure that a computer account for the client exists in the domain, or you must have the user name and password of a user account in the domain with the authority to create computer accounts in the domain. A server running the DNS service and a domain controller in the domain you are joining must be available on the network.
You are using a CD-ROM to install Windows 2000 Professional on a computer that was previously running another operating system. How should you configure the hard disk to simplify the installation process?
Use a disk partitioning tool to remove any existing partitions, and then create and format a new partition for the Windows 2000 installation.
You are installing Windows 2000 Professional over the network. Before you install to a client computer, what must you do?
Locate the path to the shared installation files on the distribution server. Create a 500-MB FAT partition on the target computer (1 GB recommended). Create a client disk with a network client so that you can connect from the computer, without an operating system, to the distribution server.
Chapter 3
Practice Questions
Lesson 2: Using Consoles
Practice: Creating a Customized Microsoft Management Console
· To remove extensions from a snap-in
Click Computer Management (Local), and then click the Extensions tab.
The MMC displays a list of available extensions for the Computer Management snap-in.
What option determines which extensions the MMC displays in the Available Extensions list in this dialog box?
The available extensions depend on which snap-in you select.
Review Questions
When and why would you use an extension?
You use an extension when specific snap-ins need additional functionality—extensions are snap-ins that provide additional administrative functionality to another snap-in.
You need to create a custom console for an administrator who needs to use only the Computer Management and Active Directory Users And Computers snap-ins. The administrator
Must not be able to add any additional snap-ins.
Needs full access to all snap-ins.
Must be able to navigate between snap-ins.
Which console mode would you use to configure the custom console?
User mode, Full Access.
What do you need to do to remotely administer a computer running Windows 2000 Server from a computer running Windows 2000 Professional?
Windows 2000 Professional doesn't include all snap-ins that are included with Windows 2000 Server. To enable remote administration of many Windows 2000 Server components from a computer running Windows 2000 Professional, you need to add the required snap-ins on the computer running Windows 2000 Professional.
You need to schedule a maintenance utility to automatically run once a week on your computer, which is running Windows 2000 Professional. How do you accomplish this?
Use Task Scheduler to schedule the necessary maintenance utilities to run at specific times.
Chapter 4
Review Questions
What should you do if you can't see any output on the secondary display?
If you can't see any output on the secondary display, try the following:
Activate the device in the Display Properties dialog box.
Confirm that you chose the correct video driver.
Restart the computer and check its status in Device Manager.
Switch the order of the display adapters on the motherboard.
You have configured recovery options on a computer running Windows 2000 Professional to write debugging information to a file if a system failure occurs. You notice, however, that the file isn't being created. What could be causing this problem?
The problem could be one or more of the following:
The paging file size could be set to less than the amount of physical RAM in your system.
The paging file might not be located on your system partition.
You might not have enough free space to create the Memory.dmp file.
How can you optimize virtual memory performance?
To optimize virtual memory, do the following:
If you have multiple hard disks, create a separate paging file on each hard disk.
Move the paging file off of the disk that contains the Windows 2000 system files.
Set the minimum size of the paging file to be equal to or greater than the amount of disk space that is allocated by Virtual Memory Manager when your system is operating under a typical load.
You installed a new network interface card (NIC) in your computer, but it doesn't seem to be working. Describe how you would troubleshoot this problem.
You would do the following to troubleshoot the problem:
Check Device Manager to determine whether Windows 2000 properly detected the network card.
If the card isn't listed in Device Manager, run the Add/Remove Hardware wizard to have Windows 2000 detect the new card. If the card is listed in Device Manager but the icon representing the new card contains either an exclamation mark or a stop sign, view the properties of the card for further details. You might need to reinstall the drivers for the card, or the card might be causing a resource conflict.
Chapter 5
Practice Questions
Lesson 2: Using Registry Editor
Practice: Using Registry Editor
Exercise 1: Exploring the Registry
· To view information in the registry
Double-click the HARDWARE\DESCRIPTION\System subkey to expand it, and then answer the following questions:
What is the basic input/output system (BIOS) version of your computer and its date?
Answers will vary based on the contents of the SYSTEMBIOSVERSION and SYSTEMBIOSDATE entries.
What is the computer type of your local machine according to the Identifier entry?
Answers might vary; it will likely be AT/AT compatible.
Expand the SOFTWARE\Microsoft\Windows NT\CurrentVersion subkey, and then fill in the following information.
Software configuration
Value and string
Current build number
2195 (for Evaluation Software)
Current version
5
Registered organization
Answers will vary.
Registered owner
Answers will vary.
Review Questions
What is the registry and what does it do?
The registry is a hierarchical database that stores Windows 2000 hardware and software settings. The registry controls the Windows 2000 operating system by providing the appropriate initialization information to start applications and load components, such as device drivers and network protocols. The registry contains a variety of different types of data, including the hardware installed on the computer, the installed device drivers, applications, network protocols, and network adapter card settings.
What is a hive?
A hive is a discrete body of keys, subkeys, and entries. Each hive has a corresponding registry file and a .LOG file located in systemroot\System32\Config. Windows 2000 uses the .LOG file to record changes and to ensure the integrity of the registry.
What is the recommended editor for viewing and modifying the registry?
Regedt32.exe is the recommended editor for viewing and modifying the registry.
What option should you enable when you are viewing the contents of the registry? Why?
Using Registry Editor incorrectly can cause serious, systemwide problems that could require reinstallation of Windows 2000. When using Registry Editor to view data, save a backup copy of the registry file before viewing and click Read Only Mode on the Options menu to prevent accidental updating or deleting of configuration data.
Chapter 6
Practice Questions
Lesson 2: Common Disk Management Tasks
Practice: Working with Dynamic Storage
Exercise 2: Extending a Volume
· To examine the new volume
Change the working directory to the root directory of drive C (if necessary) or to the root directory of the drive where you mounted your volume, type dir and then press Enter.
How much free space does the Dir command report?
Answer will vary.
Why is there a difference between the free space reported for drive C and the free space reported for C:\Mount? (If you mounted your volume on a drive other than drive C, replace C with the appropriate drive letter.)
The amount of free space reported for C:\Mount is the amount of free space available on the mounted volume.
Review Questions
You install a new 10-GB disk drive that you want to divide into five equal 2-GB sections. What are your options?
You can leave the disk as a basic disk and then create a combination of primary partitions (up to three) and logical drives in an extended partition; or, you can upgrade the disk to a dynamic disk and create five 2-GB simple volumes.
You are trying to create a striped volume on your Windows NT Server to improve performance. You confirm that you have enough unallocated disk space on two disks in your computer, but when you right-click an area of unallocated space on a disk, your only option is to create a partition. What is the problem and how would you resolve it?
You can create striped volumes only on dynamic disks. The option to create a partition rather than a volume indicates that the disk you are trying to use is a basic disk. You will need to upgrade all of the disks that you want to use in your striped volume to dynamic disks before you stripe them.
You add a new disk to your computer and attempt to extend an existing volume to include the unallocated space on the new disk, but the option to extend the volume isn't available. What is the problem and how would you resolve it?
The existing volume is not formatted with Microsoft Windows 2000 File System (NTFS). You can extend only NTFS volumes. You should back up any data on the existing volume, convert it to NTFS, and then extend the volume.
You dual boot your computer with Windows 98 and Windows 2000 Professional. You upgrade a second drive—which you are using to archive files—from basic storage to dynamic storage. The next time you try to access your archived files from Windows 98, you are unable to read the files. Why?
Only Windows 2000 can read dynamic storage.
Chapter 7
Practice Questions
Lesson 1: TCP/IP
Practice: Installing and Configuring TCP/IP
Exercise 2: Configuring TCP/IP to Use a Static IP Address
· To test the static TCP/IP configuration
To verify that the IP address is working and configured for your adapter, type ping 127.0.0.1 and then press Enter.
What happens?
Four Reply from 127.0.0.l messages should appear.
If you have a computer that you are using to test connectivity, type ping ip_address (where ip_address is the IP address of the computer you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip to step 7.
What happens?
Four Reply from ip_address messages should appear.
Exercise 3: Configuring TCP/IP to Automatically Obtain an IP Address
· To configure TCP/IP to automatically obtain an IP address
Click Obtain An IP Address Automatically.
Which IP address settings will the DHCP Service configure for your computer?
IP address and subnet mask.
Exercise 4: Obtaining an IP Address by Using Automatic Private IP Addressing
· To obtain an IP address by using Automatic Private IP Addressing
At the command prompt, type ipconfig /renew and then press Enter.
There will be a pause while Windows 2000 attempts to locate a DHCP server on the network.
What message appears, and what does it indicate?
DHCP Server Unreachable.
Your computer was not assigned an address from a DHCP server because there wasn't one available.
· To test the TCP/IP configuration
At the command prompt, type ipconfig more and then press Enter.
Pressing Spacebar as necessary, record the current TCP/IP settings for your local area connection in the following table.
Setting
Value
IP address
Answer will vary.
Subnet mask
Answer will vary.
Default gateway
Answer will vary.
Is this the same IP address assigned to your computer in Exercise 3? Why or why not?
No, the IP address isn't the same as the one assigned in Exercise 3. In this exercise, the Automatic Private IP Addressing feature of Windows 2000 assigned the IP address because a DHCP server wasn't available. In Exercise 3, the DHCP Service assigned an IP address.
If you have a computer to test TCP/IP connectivity with your computer, type ping ip_address (where ip_address is the IP address of the computer that you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip this step and proceed to Exercise 5.
Were you successful? Why or why not?
Answers will vary. If you don't have a computer that you can use to test your computer's connectivity, you can't do this exercise.
No, because the computer you are using to test your computer's connectivity is configured with a static IP address in another network and no default gateway is configured on your computer.
Yes, because the computer you are using to test your computer's connectivity is also configured with an IP address assigned by Automatic Private IP Addressing and it is on the same subnet so that a default gateway is unnecessary.
Lesson 2: NWLink
Practice: Installing and Configuring NWLink
· To install and configure NWLink
Click Protocol, and then click Add.
The Select Network Protocol dialog box appears.
Which protocols can you install?
AppleTalk, DLC, NetBEUI, Network Monitor Driver, and NWLink IPX/SPX/NetBIOS Compatible Transport Protocol.
Select NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and then click Properties.
Which type of frame detection is selected by default?
Auto frame type detection.
Lesson 4: Network Bindings
Practice: Working with Network Bindings
Exercise 1: Changing the Binding Order of a Protocol
· To change the protocol binding order
Maximize the Network And Dial-Up Connections window, and on the Advanced menu, click Advanced Settings.
The Advanced Settings dialog box appears.
What is the order of the protocols listed under Client For Microsoft Networks in the Bindings For Local Area Connection list?
The first protocol listed under Client For Microsoft Networks is NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and the second one is Internet Protocol (TCP/IP).
Review Questions
Your computer running Windows 2000 Client for Microsoft Networks was configured manually for TCP/IP. You can connect to any host on your own subnet, but you can't connect to or even ping any host on a remote subnet. What is the likely cause of the problem and how would you fix it?
The default gateway might be missing or incorrect. You specify the default gateway in the Internet Protocol (TCP/IP) Properties dialog box (under Network And Dial-Up Connections in My Network Places). Other possibilities are that the default gateway is offline or that the subnet mask is incorrect.
Your computer running Windows 2000 Professional can communicate with some, but not all, of the NetWare servers on your network. Some of the NetWare servers are running frame type 802.2 and some are running 802.3. What is the likely cause of the problem?
Although the NWLink implementation in Windows 2000 can automatically detect a frame type for IPX/SPX-compatible protocols, it can automatically detect only one frame type. This network uses two frame types; you must manually configure the additional frame type (802.3).
What are the limitations of the NetBEUI protocol?
NetBEUI can't be routed and therefore is not suitable for WANs. Since NetBEUI isn't routable, you must connect computers running Windows 2000 and NetBEUI by using bridges instead of routers.
The NetBEUI protocol relies on broadcasts for many of its functions, such as name registration and discovery, so it creates more broadcast traffic than other protocols.
What is the primary function of the DLC protocol?
DLC provides connectivity to IBM mainframes and to LAN print devices that are directly attached to the network.
What is the significance of the binding order of network protocols?
You specify the binding order to optimize network performance. For example, a computer running Windows 2000 Workstation has NetBEUI, NWLink IPX/SPX, and TCP/IP installed. However, most of the servers to which this computer connects are running only TCP/IP. You would adjust the binding order so that the workstation binding to TCP/IP is listed before the workstation bindings for the other protocols. In this way, when a user attempts to connect to a server, Client for Microsoft Networks first attempts to use TCP/IP to establish the connection.
Chapter 8
Review Questions
What is the function of the following DNS components?
Domain name space
The domain name space provides the hierarchical structure for the DNS distributed database.
Zones
Zones are used to divide the domain name space into administrative units.
Name servers
Name servers store the zone information and perform name resolution for their authoritative domain name spaces.
Why would you want to have multiple name servers?
Installing multiple name servers provides redundancy, reduces the load on the server that stores the primary zone database file, and allows for faster access speed for remote locations.
What's the difference between a forward lookup query and a reverse lookup query?
A forward lookup query resolves a name to an IP address. A reverse lookup query resolves an IP address to a name.
When would you configure your connection to obtain a DNS server address automatically?
Configure your connection to obtain a DNS server address automatically only if you have a functioning DHCP server on the network that can provide the IP address of functioning DNS servers on the network.
Chapter 9
Review Questions
What are four major features of Active Directory directory services?
Active Directory directory services offer simplified administration, scaleability, open standards support, and support for standard name formats.
What are sites and domains, and how are they different?
A site is a combination of one or more IP subnets that should be connected by a high-speed link.
A domain is a logical grouping of servers and other network resources organized under a single name.
A site is a component of Active Directory directory services' physical structure, while a domain is a component of the logical structure.
What is the schema, and how can you extend it?
The schema contains a formal definition of the contents and structure of Active Directory directory services, including all attributes, classes, and class properties. You can extend the schema by using the Schema Manager snap-in or the Active Directory Services Interface (ADSI).
Which Windows 2000 products provide Active Directory directory services?
Only the Windows 2000 Server products, which include Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter, provide Active Directory directory services. Windows 2000 Professional doesn't provide Active Directory directory services, but clients running Windows 2000 Professional that are members of a domain can use Active Directory directory services.
Chapter 10
Review Questions
Where does Windows 2000 create local user accounts?
When you create a local user account, Windows 2000 creates the account only in that computer's security database.
What different capabilities do domain user accounts and local user accounts provide to users?
A domain user account allows a user to log on to the domain from any computer in the network and to gain access to resources anywhere in the domain, provided the user has permission to access these resources. A local user account allows the user to log on at and gain access to resources on only the computer where you create the local user account.
What should you consider when you plan new user accounts?
A naming convention that ensures unique but consistent user account names.
Whether you or the user will determine the user account password.
Whether the user account should be disabled.
What information is required to create a local user account?
A user name.
What are built-in user accounts and what are they used for?
Windows 2000 automatically creates accounts called built-in accounts. Two commonly used built-in accounts are Administrator and Guest. You use the built-in Administrator account to manage the overall computer (for example, creating and modifying user accounts and groups, and setting account properties on user accounts). You use the built-in Guest account to give occasional users the ability to log on and gain access to resources.
Chapter 11
Review Questions
Why should you use groups?
Use groups to simplify administration by granting rights and assigning permissions once to the group rather than multiple times to each individual member.
How do you create a local group?
Start the Computer Management snap-in and expand Local Users And Groups. Right-click Groups, and then click New Group. Fill in the appropriate fields and then click Create.
Are there any consequences to deleting a group?
When you delete a group, the unique identifier that the system uses to represent the group is lost. Even if you create a second group with the same name, the group will not have the same identifier, so you must grant the group any permissions or rights that it once had, and you must add back the users who need to be a member of that group.
What's the difference between built-in local groups and local groups?
You create local groups and assign the appropriate permissions to them.
Windows 2000 Professional comes with precreated built-in local groups. You can't create built-in local groups. Built-in local groups give rights to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system resources.
Chapter 12
Review Questions
What's the difference between a printer and a print device?
A printer is the software interface between the operating system and the print device. The print device is the hardware device that produces printed documents.
A print server can connect to two different types of print devices. What are these two types of print devices, and what are the differences?
The two types are local and network-interface print devices. A local print device is connected directly to a physical port of the print server. A network-interface print device is connected to the print server through the network. Also, a network-interface print device requires a network interface card.
You have added and shared a printer. What must you do to set up client computers running Windows 2000 so that users can print, and why?
You (or the user) must make a connection to the printer from the client computer. When you make a connection to the printer from the client computer, Windows 2000 automatically copies the printer driver to the client computer.
What advantages does connecting to a printer by using http://server_name/printers provide for users?
It allows a user to make a connection to a printer without having to use the Add Printer wizard. It makes a connection to a Web site, which displays all of the printers for which the user has permission. The Web site also provides information on the printers to help the user make the correct selection. Also, a Web designer can customize this Web page, such as by displaying a floor plan that shows the location of print devices, which makes it easier for users to choose a print device.
Why would you connect multiple printers to one print device?
To set priorities between the printers so that users can send critical documents to the printer with the highest priority. These documents will always print before documents that are sent from printers with lower priorities.
Why would you create a printer pool?
To speed up printing. Users can print to one printer that has several print devices so that documents do not wait in the print queue. It also simplifies administration; it's easier to manage one printer for several print devices than it is to manage one printer for each print device.
Chapter 13
Practice Questions
Lesson 2: Managing Printers
Practice: Performing Printer Management
Exercise 3: Taking Ownership of a Printer
· To take ownership of a printer
On the Security tab, click Advanced, and then click the Owner tab.
Who currently owns the printer?
The Administrators group.
Lesson 3: Managing Documents
Practice: Managing Documents
· To set a notification
In the printer's window, select README.txt, and then click Properties on the Document menu.
Windows 2000 displays the README.txt Document Properties dialog box with the General tab active.
Which user is specified in the Notify box? Why?
The Notify box currently displays the user Administrator because Administrator printed the document.
· To increase the priority of a document
In the README.txt Document Properties dialog box, on the General tab, notice the default priority.
What is the current priority? Is it the lowest or highest priority?
The current priority is the default of 1, which is the lowest priority.
Review Questions
For which printer permission does a user need to change the priority on another user's document?
The Manage Documents permission.
In an environment where many users print to the same print device, how can you help reduce the likelihood of users picking up the wrong documents?
Create a separator page that identifies and separates printed documents.
Can you redirect a single document?
No. You can change the configuration of the print server only to send documents to another printer or print device, which redirects all documents on that printer.
A user needs to print a large document. How can the user print the job after hours, without being present while the document prints?
You can control print jobs by setting the printing time. You set the printing time for a document on the General tab of the Properties dialog box for the document. To open the Properties dialog box for a document, select the document in the printer's window, click the Document menu, and then click Properties. Click Only From in the Schedule section of the Properties dialog box, and then set the Only From hour to the earliest time you want the document to begin printing after regular business hours. Set the To time to a couple of hours before normal business hours start. To set the printing time for a document, you must be the owner of the document or have the Manage Documents permission for the appropriate printer.
What are the advantages of using a Web browser to administer printing?
You can administer any printer on a Windows 2000 print server on the intranet by using any computer running a Web browser, regardless of whether the computer is running Windows 2000 or has the correct printer driver installed. Additionally, a Web browser provides a summary page and reports real-time print device status, and you can customize the interface.
Chapter 14
Practice Questions
Lesson 3: Assigning NTFS Permissions
Practice: Planning and Assigning NTFS Permissions
Exercise 1: Planning NTFS Permissions
When you apply custom permissions to a folder or file, which default permission entry should you remove?
The Full Control permission for the Everyone group.
Complete the following table to plan and record your permissions:
Path
User account or group
NTFS permissions
Block inheritance (yes/no)
Apps
Administrators group
Full Control
No
Apps\WordProcessing
Users group
Read & Execute
No
Apps\Spreadsheet
Accounting group Managers groupExecutives group
Read & ExecuteRead & ExecuteRead & Execute
No
Apps\Database
Accounting groupManagers groupExecutives group
Read & ExecuteRead & ExecuteRead & Execute
No
Public
Administrators group CreatorOwnerUsers group
Full ControlFull Control Write
No
Public\Library
Administrators group Users group
Full ControlRead & Execute
Yes
Public\Manuals
Administrators groupUsers group User81
Full Control Read & Execute Full Control
Yes
Exercise 2: Assigning NTFS Permissions for the Public Folder
· To remove permissions from the Everyone group
Click the Security tab to display the permissions for the Public folder.
Windows 2000 displays the Public Properties dialog box with the Security tab active.
What are the existing folder permissions?
The Everyone group has Full Control.
Notice that the current allowed permissions can't be modified.
Under Name, select the Everyone group, and then click Remove.
What do you see?
Windows 2000 displays a message box indicating that you can't remove "Everyone" because the folder is inheriting the permissions for the Everyone group from its parent folder. To change permissions for Everyone, you must first block inheritance.
Click Remove.
What are the existing folder permissions?
No permissions are currently assigned.
· To assign permissions to the Users group for the Public folder
Click OK to return to the Public Properties dialog box.
What are the existing allowed folder permissions?
The Users group has the following permissions: Read & Execute, List Folder Contents, and Read. These are the default permissions that Windows 2000 assigns when you add a user account or group to the list of permissions.
· To assign permissions to the CREATOR OWNER group for the Public folder
Under Permission Entries, select CREATOR OWNER if necessary.
Which permissions are assigned to CREATOR OWNER, and where do these permissions apply?
Full Control permission is applied to subfolders and files only. Permissions that are assigned to the CREATOR OWNER group are not applied to the folder but only to new files and folders that are created within the folder.
· To test the folder permissions that you assigned for the Public folder
In the Public folder, attempt to create a text file named User81.
Were you successful? Why or why not?
Yes, because the Users group is assigned the Write permission for the Public folder.
Exercise 4: Testing NTFS Permissions
· To test permissions for the Misc folder while logged on as User81
Attempt to create a file in the Misc folder.
Were you successful? Why or why not?
No, because only User82 has NTFS permissions to create and modify files in the Misc folder.
· To test permissions for the Misc folder while logged on as User82
Attempt to create a file in the Misc folder.
Were you successful? Why or why not?
Yes, because User82 has the Modify permission for the folder.
· To test permissions for the Manuals folder while logged on as Administrator
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
Yes, because the Administrators group has the Full Control permission for the Manuals folder.
· To test permissions for the Manuals folder while logged on as User81
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
No, because User81 has only the Read & Execute permission for the Manuals folder.
· To test permissions for the Manuals folder while logged on as User82
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
Yes, because User82 is a member of the Manuals group, which has been assigned the Modify permission for the Sales folder.
Lesson 6: Solving Permissions Problems
Practice: Managing NTFS Permissions
Exercise 1: Taking Ownership of a File
· To determine the permissions for a file
Click the Security tab to display the permissions for the Owner.txt file.
What are the current allowed permissions for Owner.txt?
The Administrators group has the Full Control permission.
The Users group has the Read & Execute permission.
Click the Owner tab.
Who is the current owner of the Owner.txt file?
The Administrators group.
· To take ownership of a file
Click Advanced to display the Access Control Settings For Owner dialog box, and then click the Owner tab.
Who is the current owner of Owner.txt?
The Administrators group.
In the Change Owner To box, select User84, and then click Apply.
Who is the current owner of Owner.txt?
User84.
Exercise 2: Copying and Moving Folders
· To create a folder while logged on as a user
While you are logged on as User84, in Windows Explorer, in drive C, create a folder named Temp1.
What are the permissions that are assigned to the folder?
The Everyone group has Full Control.
Who is the owner? Why?
User84 is the owner because the person who creates a folder or file is the owner.
· To create a folder while logged on as Administrator
In drive C, create the following two folders: Temp2 and Temp3.
What are the permissions for the folders that you just created?
The Everyone group has the Full Control permission.
Who is the owner of the Temp2 and Temp3 folders? Why?
The Administrators group is the owner of the Temp2 and Temp3 folders because a member of the Administrators group created these folders.
· To copy a folder to another folder within a Windows 2000 NTFS volume
Select C:\Temp1\Temp2, and then compare the permissions and ownership with C:\Temp2.
Who is the owner of C:\Temp1\Temp2 and what are the permissions? Why?
The owner is still the Administrators group because you are logged on as Administrator. When a folder or file is copied within an NTFS volume, the person who copies the folder or file becomes the owner.
The Everyone group has the Full Control permission because when a folder or file is copied within an NTFS volume, the folder or file inherits the permissions of the folder into which it is copied.
· To move a folder within the same NTFS volume
In Windows Explorer, select C:\Temp3, and then move it to C:\Temp1.
What happens to the permissions and ownership for C:\Temp1\Temp3? Why?
The Backup Operators group has Read & Execute permission and the Users group has Full Control. The Administrators group is the owner of C:\Temp1\Temp3.
C:\Temp1\Temp3 retains the original permissions as C:\Temp3. This is because when a file or folder is moved within the same NTFS volume, the file or folder retains its original permissions. Even though User84 did the moving, the folder's creator remains the owner.
Exercise 3: Deleting a File With All Permissions Denied
· To view the result of the Full Control permission for a folder
In Windows Explorer, double-click Noaccess.txt in the Fullaccess folder to open the file.
Were you successful? Why or why not?
No. The Everyone group has been denied the Full Control permission for C:\ FullControl\Noaccess.txt. The Administrator user account is a member of the Everyone group.
Delete Noaccess.txt.
Were you successful? Why or why not?
Yes, because Full Control includes the Delete Subfolders and Files special permission for POSIX compliance. This special permission allows a user to delete files in the root of a folder to which the user has been assigned the Full Control permission. This permission overrides the file permissions.
How would you prevent users with Full Control permission for a folder from deleting a file in that folder for which they have been denied the Full Control permission?
Allow users all of the individual permissions, and then deny users the Delete Subfolders and Files special permission.
Review Questions
What is the default permission when a volume is formatted with NTFS? Who has access to the volume?
The default permission is Full Control. The Everyone group has access to the volume.
If a user has Write permission for a folder and is also a member of a group with Read permission for the folder, what are the user's effective permissions for the folder?
The user has both Read permission and Write permission for the folder because NTFS permissions are cumulative.
If you assign the Modify permission to a user account for a folder and the Read permission for a file, and then you copy the file to that folder, which permission does the user have for the file?
The user can modify the file because the file inherits the Modify permission from the folder.
What happens to permissions that are assigned to a file when the file is moved from one folder to another folder on the same NTFS volume? What happens when the file is moved to a folder on another NTFS volume?
When the file is moved from one folder to another folder on the same NTFS volume, the file retains its permissions. When the file is moved to a folder on a different NTFS volume, the file inherits the permissions of the destination folder.
If an employee leaves the company, what must you do to transfer ownership of his or her files and folders to another employee?
You must be logged on as Administrator to take ownership of the employee's folders and files. Assign the Take Ownership special access permission to another employee to allow that employee to take ownership of the folders and files. Notify the employee to whom you assigned Take Ownership to take ownership of the folders and files.
What three details should you check when a user can't gain access to a resource?
Check the permissions that are assigned to the user account and to groups in which the user is a member.
Check whether the user account, or a group of which the user is a member, has been denied permission for the file or folder.
Check whether the folder or file has been copied to any other file or folder or moved to another volume. If it has, the permissions will have changed.
Chapter 15
Practice Questions
Lesson 1: Understanding Shared Folders
Practice: Applied Permissions
User101 is a member of Group1, Group2, and Group3. Group1 has Read permission and Group3 has Full Control permission for FolderA. Group2 has no permissions assigned for FolderA. What are User101's effective permissions for FolderA?
Since User101 gets the permissions of all groups, User101's effective permission for FolderA is Full Control, which also includes all capabilities of the Read permission.
User101 is also a member of the Sales group, which has the Read permission for FolderB. User101 has been denied the shared folder permission Full Control for FolderB as an individual user. What are User101's effective permissions for FolderB?
User101 has no access to FolderB. Even though User101 is a member of the Sales group, which has Read permission for FolderB, User101 has been denied Full Control access to FolderB. Denied permissions override all other permissions.
Lesson 4: Combining Shared Folder Permissions and NTFS Permissions
Practice: Managing Shared Folders
Exercise 1: Combining Permissions
In the first example, the Data folder is shared. The Sales group has the shared folder Read permission for the Data folder and the NTFS Full Control permission for the Sales subfolder.
What are the Sales group's effective permissions for the Sales subfolder when they gain access to the Sales subfolder by making a connection to the Data shared folder?
The Sales group has the Read permission for the Sales subfolder because when shared folder permissions are combined with NTFS permissions, the more restrictive permission applies.
In the second example, the Users folder contains user home folders. Each user home folder contains data that is accessible only to the user for whom the folder is named. The Users folder has been shared, and the Users group has the shared folder Full Control permission for the Users folder. User1 and User2 have the NTFS Full Control permission for only their home folder and no NTFS permissions for other folders. These users are all members of the Users group.
What permissions does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder? What are User1's permissions for the User2 subfolder?
User1 has the Full Control permission for the User1 subfolder because both the shared folder permission and the NTFS permission allow Full Control. User1 can't access the User2 subfolder because she or he has no NTFS permissions to gain access to it.
Exercise 2: Planning Shared Folders
Record your answers in the table.
You have two choices for permissions. You can rely entirely on NTFS permissions and assign Full Control for all shared folders to the Everyone group, or you can use shared folder permissions according to resource needs. The following suggested shared folders include required permissions if you decide to assign shared folder permissions.
Share Management Guidelines as MgmtGd. Assign the Full Control permission to the Managers group.
Share Data as Data. Assign the Full Control permission to the Administrators built-in group.
Share Data\Customer Service as CustServ. Assign the Change permission to the Customer Service group.
Share Data\Public as Public. Assign the Change permission to the Users built-in group.
Share Applications as Apps. Assign the Read permission to the Users built-in group and the Full Control permission to the Administrators built-in group.
Share Project Management as ProjMan. Assign the Change permission to the Managers group and the Full Control permission to the Administrators built-in group.
Share Database\Customers as CustDB. Assign the Change permission to the CustomerDBFull group, the Read permission to the CustomerDBRead group, and the Full Control permission to the Administrators built-in group.
Share Users as Users. Create a folder for every employee below this folder. Assign the Full Control permission to each employee for his or her own folder. Preferably, have Windows 2000 create the folder and assign permissions automatically when you create each user account.
Exercise 4: Assigning Shared Folder Permissions
· To assign Full Control to the Administrators group
Click OK.
Windows 2000 adds Administrators to the list of names with permissions.
Which type of access does Windows 2000 assign to Administrators by default?
The Read permission.
In the Permissions box, under Allow, click the Full Control check box.
Why did Windows Explorer also select the Change permission for you?
Full Control includes both the Change permission and the Read permission.
Exercise 5 (Optional): Connecting to a Shared Folder
· To connect a network drive to a shared folder by using the Map Network Drive command
To complete the connection, click Finish.
Windows 2000 displays the MktApps On 'PRO1' (P:) window.
How does Windows Explorer indicate that this drive points to a remote shared folder?
Windows Explorer uses an icon that shows a network cable attached to the drive. The network cable icon indicates a mapped network drive.
Exercise 8 (Optional): Testing NTFS and Shared Folder Permissions
· To test permissions for the Manuals folder when a user logs on locally
In the Manuals folder, attempt to create a file.
Were you successful? Why or why not?
No. Only Administrators have the NTFS permission to create and modify files in the Manuals folder.
· To test permissions for the Manuals folder when a user makes a connection over the network
In the Manuals window, attempt to create a file.
Were you successful? Why or why not?
No. Although the Users group has the Full Control shared folder permission for \\PRO1\MktApps, only Administrators have the NTFS permission to create and modify files in the Manuals folder.
· To test permissions for the Manuals folder when a user logs on over the network as Administrator
In the Manuals window, attempt to create a file.
Were you successful? Why or why not?
Yes. Administrator has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Manuals.
· To test permissions for the Public folder when a user makes a connection over the network
In the Public window, attempt to create a file.
Were you successful? Why or why not?
Yes. User1 has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Public.
Review Questions
When a folder is shared on a FAT volume, what does a user with the Full Control shared folder permissions for the folder have access to?
All folders and files in the shared folder.
What are the shared folder permissions?
Full Control, Change, and Read.
By default, what are the permissions that are assigned to a shared folder?
The Everyone group is assigned the Full Control permission.
When a folder is shared on an NTFS volume, what does a user with the Full Control shared folder permissions for the folder have access to?
Only the folder, but not necessarily any of the folder's contents. The user would also need NTFS permissions for each file and subfolder in the shared folder to gain access to those files and subfolders.
When you share a public folder, why should you use centralized data folders?
Centralized data folders enable data to be backed up easily.
What is the best way to secure files and folders that you share on NTFS partitions?
Put the files that you want to share in a shared folder and keep the default shared folder permission (the Everyone group with the Full Control permission for the shared folder). Assign NTFS permissions to users and groups to control access to all contents in the shared folder or to individual files.
Chapter 16
Review Questions
What two tasks must you perform to audit access to a file?
Set the audit policy for object access and configure the file for the type of access to audit.
Who can set up auditing for a computer?
By default, only members of the Administrators group can set up and administer auditing. You can also give other users the Manage Auditing and Security log user right, which is required to configure an audit policy and review audit logs.
When you view a security log, how do you determine whether an event failed or succeeded?
Successful events appear with a key icon; unsuccessful events appear with a lock icon.
If you click the Do Not Overwrite Events option in the Properties dialog box for an audit log, what happens when the log file becomes full?
Windows 2000 will stop. You must clear the log manually.
Chapter 17
Practice Questions
Lesson 1: Configuring Account Policies
Practice: Configuring Account Policies
Exercise 2: Configuring and Testing Additional Account Policies Settings
· To configure Account Policies settings
Use the Group Policy snap-in to configure the following Account Policies settings:
A user should have at least five different passwords before he or she accesses a previously used password.
After changing a password, a user must wait 24 hours before changing it again.
A user should change his or her password every three weeks.
Which settings did you use for each of the three listed items?
Set Enforce Password History to 5 so that a user must have at least five different passwords before he or she can access a previously used password.
Set Minimum Password Age to one day so that a user must wait 24 hours before he or she can change it again.
Set Maximum Password Age to 21 days so that a user must change his/her password every three weeks.
· To test Account Policies settings
Change your password to waters.
Were you successful? Why or why not?
You were successful because the minimum password length is set to 6, and the password waters contains six characters.
Change your password to papers.
Were you successful? Why or why not?
You weren't successful because you must wait 24 hours (one day) before you can change your password a second time. A Change Password dialog box appeared indicating that you can't change the password at this time.
Exercise 3: Configuring Account Lockout Policy
· To configure the Account Lockout Policy settings
Use Account Lockout Policy settings to do the following:
Lock out a user account after four failed logon attempts.
Lock out user accounts until the administrator unlocks the user account.
Which Account Lockout Policy settings did you use for each of the two conditions?
Set Account Lockout Threshold to 4 to lock out a user account after four failed logon attempts. When you set one of the three Account Lockout Policy options and the other two options have not been set, a dialog box appears indicating that the other two options will be set to default values.
Set Account Lockout Duration to 0 to have locked accounts remain locked until the administrator unlocks them.
Review Questions
Why would you want to force users to change passwords?
Forcing users to change passwords regularly will decrease the chances of an unauthorized person breaking into your computer. If a user account and password combination for your computer falls into unauthorized hands, forcing users to change their passwords regularly will cause the user account and password combination to fail and secure the computer.
Why would you want to control the length of the passwords used on your computers?
Longer passwords are more difficult to figure out because there are more characters to discover. In general, you want to do what you can to make it difficult to get unauthorized access to your computers.
Why would you want to lock out a user account?
If a user forgets his or her password, he or she can ask the administrator to reset the password. If someone repeatedly enters an incorrect password, the person is probably trying to gain unauthorized access to your computer. Setting a limit on the number of failed logon attempts and locking out any user account that exceeds this number makes it more difficult for someone to gain unauthorized access to your computers.
Why would you want to force users to press Ctrl+Alt+Delete before they can log on to your computers?
To increase security on your computers, you can force users to press Ctrl+Alt+Delete before they can log on. This key combination is recognized only by Windows and ensures that only Windows is receiving the password and not a Trojan horse program waiting to capture your password.
How do you prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box?
To prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box, click the Local Policies node in the console tree of the Local Security Settings window, and then click Security Options. In the details pane, right-click Do Not Display Last User Name In Logon Screen, click Security, and then disable this feature.
Chapter 18
Practice Questions
Lesson 1: Managing NTFS Compression
Practice: Managing NTFS Compression
Exercise 1: Compressing Files in an NTFS Partition
· To view the capacity and free space for drive C
Right-click drive C, and then click Properties.
Windows 2000 displays the Local Disk (C:) Properties dialog box with the General tab active.
What is the capacity of drive C?
Answers will vary.
What is the free space on drive C?
Answers will vary.
· To uncompress a folder
Click OK to close the CompTest2 Properties dialog box.
Since the CompTest2 folder is empty, Windows 2000 doesn't display the Confirm Attributes Changes dialog box asking you to specify whether to uncompress only this folder or this folder and all subfolders.
What indication do you have that the CompTest2 folder is no longer compressed?
The CompTest2 folder name is displayed in black.
Exercise 2: Copying and Moving Files
· To create a compressed file
Type Text1 and then press Enter.
How can you verify that Text1 is compressed?
The name of the file is displayed in blue. You could also check the properties for the file.
· To copy a compressed file to an uncompressed folder
Examine the properties for Text1 in the CompTest2 folder.
Is the Text1.txt file in the CompTest\CompTest2 folder compressed or uncompressed? Why?
Uncompressed. A new file inherits the compression attribute of the folder in which it is created.
· To move a compressed file to an uncompressed folder
Examine the properties of the Text1.txt file in the CompTest folder.
Is Text1.txt compressed or uncompressed?
Compressed.
Examine the properties of Text1.txt in the CompTest2 folder.
Is Text1.txt compressed or uncompressed? Why?
Compressed. When a file is moved to a new folder on the same partition, its compression attribute doesn't change.
Lesson 2: Managing Disk Quotas
Practice: Enabling and Disabling Disk Quotas
Exercise 1: Configuring Quota Management Settings
· To configure default quota management settings
On the Quota tab, click the Enable Quota Management check box.
What is the default disk space limit for new users?
1 KB.
· To configure quota management settings for a user
On the Quota tab of the Local Disk (C:) Properties dialog box, click the Quota Entries button.
Windows 2000 displays the Quota Entries For Local Disk (C:) window.
Are any user accounts listed? Why or why not?
Yes. The accounts listed are those that have logged on and gained access to drive C.
Click OK.
Windows 2000 displays the Add New Quota Entry dialog box.
What are the default settings for the user you just set a quota limit for?
Limit disk space to 10 MB and Set the warning level to 6 MB. These are the default settings that are selected for drive C.
· To test quota management settings
Copy the i386 folder from your CD-ROM to the User5 folder.
Windows 2000 Professional begins copying files from the i386 folder on the CD-ROM to a new i386 folder in the User5 folder on drive C. After copying several files, however, Windows 2000 displays the Error Copying File Or Folder dialog box indicating that there isn't enough room on the disk.
Why did you get this error message?
You have exceeded your quota limit and since the Deny Disk Space To Users Exceeding Quota Limit check box is selected, once you exceed your quota limit, you can't use more disk space.
Lesson 3: Increasing Security with EFS
Practice: Encrypting and Decrypting Files
Exercise 2: Testing the Encrypted Files
· To test an encrypted file
Start Windows Explorer and open the file File1.txt in the Secret folder.
What happens?
A Notepad dialog box appears indicating that Access Is Denied.
Review Questions
You are the administrator for a computer running Windows 2000 Professional. You want to restrict users to 25 MB of available storage space. How do you configure the volumes on the computer?
Format all volumes with NTFS and enable disk quotas for all of the volumes. Specify a limit of 25 MB and select the Deny Disk Space To Users Exceeding Quota Limit check box.
The Sales department archives legacy sales data on a network computer running Windows 2000 Professional. Several other departments share the computer. You have begun to receive complaints from users in other departments that the computer has little remaining disk space. What can you do to alleviate the problem?
Compress the folders that the Sales department uses to store archive data.
Your department has recently archived several gigabytes of data from a computer running Windows 2000 Professional to CD-ROMs. As users have been adding files to the computer, you have noticed that the computer has been taking longer than usual to gain access to the hard disk. How can you increase disk access time for the computer?
Use Disk Defragmenter to defragment files on the computer's hard disk.
Chapter 19
Practice Questions
Lesson 2: Backing Up Data
Practice: Backing Up Files
Exercise 1: Starting a Backup Job
· To back up files by using Backup wizard
Click Replace The Data On The Media With This Backup.
When is it appropriate to select the check box labeled Allow Only The Owner And The Administrator Access To The Backup Data And To Any Backups Appended To This Media?
Unless the data that is being backed up will be restored by anyone other than the person doing the backing up or an administrator, you should consider selecting this check box if you want to minimize the risk of unauthorized access to your data.
Exercise 2: Creating and Running an Unattended Backup Job
· To verify that the backup job was performed
Start Microsoft Windows Explorer and click drive C.
Does the Backup2.bkf file exist?
Yes.
Lesson 3: Restoring Data
Practice: Restoring Files
· To verify that the data was restored
Start Windows Explorer and expand drive C.
Does the Restored Data folder exist?
Yes.
What are the contents of the Restored Data folder?
The file Boot.ini.
Review Questions
If you want a user to perform backups, what do you need to do?
Make sure that the user is a member of the Administrators or Backup Operators groups.
You performed a normal backup on Monday. For the remaining days of the week, you want to back up only files and folders that have changed since the previous day. What backup type do you select?
Incremental. The incremental backup type backs up changes since the last markers were set and then clears the markers. Thus, for Tuesday through Friday, you back up only changes since the previous day.
What are the considerations for using tapes as your backup media?
Tapes are a less expensive medium and are more convenient for large backups because of their higher storage capacity. However, the medium deteriorates with time and thus has a limited lifespan.
You are restoring a file that has the same name as a file on the volume to which you are restoring. You aren't sure which is the most current version. What do you do?
Do not replace the file. Restore the file to another location, and then compare the two files.
Chapter 20
Review Questions
Why would you want to monitor access to network resources?
For performing maintenance tasks that require making resources unavailable, you want to notify users before making the resource unavailable. To maintain a network's security, you need to monitor which users are gaining access to which resources. For planning purposes, you want to determine which resources are being used and how often they are being used.
What can you monitor on a network with the Computer Management snap-in or the Shared Folders snap-in?
You can monitor the number of users who have a current connection to the computer that you are monitoring, the files to which users are currently gaining access and which users are currently gaining access to each file, the shared folders to which users are currently gaining access on the network, and how many users have a connection to each folder. You can monitor all this information on the computer where you are physically located or on a remote computer.
Why would you send an administrative message to users with current connections?
To inform the users that you are about to disconnect them from the resource so that you can perform a backup or restore operation, upgrade software or hardware, or shut down the computer.
What can you do to prevent a user from reconnecting to a shared folder after you have disconnected the user from the shared folder?
To prevent all users from reconnecting, stop sharing the folder. To prevent only one user from reconnecting, change the permissions for the folder so that the user no longer has access, and then disconnect the user from the shared folder.
How can you create and manage shares on a remote computer?
To create and manage shares on a remote folder, use the MMC to create a custom console and add the Shared Folders snap-in to it. When you add the Shared Folders snap-in, you specify the remote computer on which you want to create and manage shares. When adding the Shared Folders snap-in to the console, you can also select the Allow The Selected Computer To Be Changed When Launching From The Command Line check box so that you can choose the remote computer on which you want to create and manage shares.
Chapter 21
Review Questions
What are the advantages of using L2TP over using PPTP?
L2TP supports more types of internetworks, it supports header compression, and it cooperates with IPSec for encryption.
While you're using the Network Connection wizard, you must configure two new settings regarding sharing the connection. Describe the difference between these two settings.
The settings are whether you want to allow others that use the computer to use the connection (access to the connection) and whether you want to allow other computers to access resources through this port (sharing the connection once it is established).
What is callback and when might you want to enable it?
The callback feature causes the remote server to disconnect and call back the client attempting to access the remote server. By using callback, you can have the bill for the phone call charged to your phone number rather than to the phone number of the user who called in. You can also use callback to increase security by specifying the callback number. Even if an unauthorized user calls in, the system calls back at the number you specified, not the number of the unauthorized user.
Chapter 22
Practice Questions
Lesson 5: Using the Recovery Console
Practice: Using the Windows 2000 Recovery Console
Exercise 1: Troubleshooting a Windows 2000 Installation
· To create a system boot failure
Restart the computer.
What error do you receive when attempting to restart the computer?
NTLDR is missing. Press Ctrl+Alt+Del to restart.
Review Questions
What are the five major phases of the boot process for Intel-based computers?
The boot process for Intel-based computers includes the preboot sequence, boot sequence, kernel load, kernel initialization, and logon phases.
What are the various Safe Mode advanced boot options for booting Windows 2000, and how do they differ?
The Safe Mode option loads only the basic devices and drivers required to start the system, including the mouse, keyboard, mass storage devices, base video, and the standard/default set of system services.
The Safe Mode With Networking option loads the devices and drivers loaded with the Safe Mode option, but it also loads the services and drivers required for networking.
The Safe Mode With Command Prompt option is identical to the Safe Mode option, but it launches a command prompt instead of Windows Explorer.
What are the two sections of the Boot.ini file, and what information does each section contain?
The two sections of the Boot.ini file are [boot loader] and [operating systems]. The [boot loader] section of Boot.ini specifies the default operating system and provides a timeout value.
The [operating systems] section of Boot.ini contains the list of operating systems that appear in the Boot Loader Operating System Selection menu. Each entry includes the path to the operating system and the name that appears in the Boot Loader Operating System Selection menu (the text between the quotation marks). Each entry can also contain optional parameters.
You install a new device driver for a SCSI adapter in your computer. When you restart the computer, however, Windows 2000 stops responding after the kernel load phase. How can you get Windows 2000 to restart successfully?
Select the Last Known Good Configuration option to use the LastKnownGood configuration control to start Windows 2000 because it doesn't contain any reference to the new, and possibly faulty, driver.
Chapter 23
Review Questions
How do you install the Windows 2000 deployment tools, such as the Setup Manager Wizard and the System Preparation tool?
To install the Windows 2000 Setup Tools, display the contents of the Deploy.cab file, which is located in the Support\Tools folder on the Windows 2000 CD-ROM. Select all the files you want to extract, right-click a selected file, and then select Extract from the menu. You will be prompted for a destination, the location and name of a folder, for the extracted files.
Which five resources are required to use Remote Installation Services to install Windows 2000 Professional?
A Windows 2000 Server with RIS installed, a DNS server available on the network, a DHCP server available on the network, a Windows 2000 domain to provide Active Directory directory services, and client computers that meet the Net PC specification or have a boot floppy to connect to the RIS server.
Which utility is provided to create boot floppies and how do you access it?
Windows 2000 ships with the Windows 2000 Remote Boot Disk Generator, rbfg.exe, which is used to create boot disks. It is found on the RIS Server in the folder where the Windows 2000 Professional installation files are stored. The path is RemoteInst\Admin\i386\rbfg.exe.
You are planning on installing 45 computers with Windows 2000 Professional. You have determined that these 45 computers have seven different network adapter cards. How can you determine whether these seven different types of network adapter cards are supported by the boot floppies you created?
The boot floppies created using Rbfg only support the PCI-based network adapters listed in the Adapters List. Start Rbfg.exe and then click the Adapter List button to see the list of supported adapters.
You have a laptop running Windows 95 and you want to upgrade it to Windows 2000. The computer has 16 MB of RAM, and this can be upgraded to 24 MB. Can you upgrade this computer to Windows 2000? If not, how would you make it so this computer was able to access Active Directory directory services?
No, Windows 2000 Professional requires at least 32 MB of memory. You can install the Directory Service Client for Windows 95 or 98. The laptop would then be able to access Active Directory directory services.
Name at least two problems the System Preparation tool resolves that makes creating and copying a master disk image to other computers much simpler to do.
The System Preparation tool adds a system service to the master image that will create a unique local domain security ID (SID) the first time the computer to which the master image is copied is started.
The System Preparation tool adds a Mini-Setup wizard to the master disk image that runs the first time the computer to which the master image is copied is started. It guides the user through entering the user-specific information such as the end-user license agreement, the Product ID, user name, company name, and time zone selection.
The System Preparation tool causes the master image to force the computer on which the master image is copied to run a full Plug and Play device detection, so that peripherals, such as the network adapter, the video adapter, and sound cards on the computer on which the disk image was copied need not be identical to the ones on the computer on which the image was generated.
Chapter 24
Review Questions
A friend of yours just installed Windows 2000 Professional on his home computer. He called you to help him configure APM, and when you told him to double-click Power Options in Control Panel and click on the APM tab, he told you he did not have an APM tab. What is the most likely reason there is no APM tab?
The most likely reason there is no APM is that his computer does not have an APM-based BIOS installed. When Windows 2000 does not detect an APM-based BIOS, Setup does not install APM and there is no APM tab in the Power Options Properties dialog box.
A user calls the help desk in a panic. She spent 15 hours editing a proposal as an offline file at her house. Over the weekend, her boss came in and spent about four hours editing the same proposal. She needs to synchronize the files, but she doesn't want to lose her edits or those made by her boss. What can she do?
If both her cached offline copy of the file and the network copy of the file are edited, she should rename her version of the file so that both copies will exist on her hard disk and on the network. She could then compare the two and edit her version, adding any edits made by her boss.
Many commercial airlines require you to turn off portable computers during certain portions of a flight. Does placing your computer in Hibernate mode comply with these airline requirements? Why or why not?
No. Hibernate mode makes your computer appear to be turned off, but it is not. You must shut down your computer to comply with these airline requirements.
Chapter 25
Practice Questions
Lesson 1: Using Device Manager and System Information
Practice: Using Device Manager and System Information
Exercise 2: Using System Information
· To use System Information
In the details pane, double-click Hardware Resources, and then double-click IRQs.
Are there any IRQs being shared?
Answer will vary.
Review Questions
Your boss has started to manually assign resource settings to all devices, including Plug and Play devices, and wants you to finish the job. What should you do?
Explain to your boss that it is not a good idea to manually change or assign resource settings for Plug and Play devices. Windows 2000 arbitrates resources, but if you manually assign them, then Windows 2000 will not be able to arbitrate the assigned resources if requested by another Plug and Play device.
Once you have convinced your boss that this is not a good idea, start Device Manager. Plug and Play devices have a Resources tab on their Properties page. You can free the resource settings that were manually assigned and allow Windows 2000 to again arbitrate the resources by selecting the Use Automatic Settings check box on the Resources tab.
What benefits do you gain by Microsoft digitally signing all system files?
Windows 2000 drivers and operating system files are digitally signed by Microsoft to ensure the files have not been tampered with. Some applications overwrite existing operating files as part of their installation process. These files may cause system errors that are difficult to troubleshoot. Device Manager allows you to look at the Driver tab and verify that the digital signer of the installed driver is correct. This can save you many frustrating hours of trying to resolve problems caused by a file that replaced one or more original operating system drivers.
What are three ways Microsoft has provided to help you make sure the files on your system have the correct digital signature?
Windows 2000 provides Device Manager, which allows you to verify that the digital signer of the installed driver is correct. Windows 2000 also provides two utilities to verify the digital signatures. The first utility is the File Signature Verification utility, sigverif. Windows 2000 also provides System File Checker (SFC), a command-line utility that you can use to check the digital signature of files.
You receive a call at the Help desk from a user who is trying to configure her fax settings, and she tells you that she does not have an Advanced Options tab. What could the problem be?
For the Advanced Options tab to display, the user must be logged on as Administrator or have administrator privileges.
[Previous] [Next]
Appendix B -- Creating Setup Boot Disks
Unless your computer supports booting from a CD-ROM drive, you must have the four Windows 2000 Professional Setup disks to complete the installation of Microsoft Windows 2000 Professional. To create these Setup disks, complete the following procedure.
Label the four 1.44 MB disks with the appropriate product name, as follows:
Windows 2000 Professional Setup Boot Disk
Windows 2000 Professional Setup Disk #2
Windows 2000 Professional Setup Disk #3
Windows 2000 Professional Setup Disk #4
Insert the Microsoft Windows 2000 Professional CD-ROM into the CD-ROM drive.
If the Windows 2000 CD-ROM dialog box appears prompting you to upgrade to Windows 2000, click No.
Open a Command Prompt window.
At the command prompt, change to your CD-ROM drive. For example, if your CD-ROM drive letter is E, type e: and press Enter.
At the command prompt, change to the Bootdisk folder by typing cd bootdisk and pressing Enter.
With Bootdisk as the active folder, type makeboot a: (where a: is the floppy disk drive) and then press Enter.
Windows 2000 displays a message indicating that this script creates the four Windows 2000 Setup disks for installing from a CD-ROM. It also indicates that four blank formatted floppy disks are required.
Press any key to continue.
Windows 2000 displays a message prompting you to insert the disk labeled Disk 1. (This is the disk you labeled Windows 2000 Professional Setup Boot Disk.)
Insert the blank formatted disk labeled Windows 2000 Professional Setup Boot Disk into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 2.
Remove Disk 1, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #2 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 3.
Remove Disk #2, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #3 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 4.
Remove Disk 3, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #4 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message indicating that the imaging process is done.
At the command prompt, type exit and then press Enter.
Remove the disk from drive A and the CD-ROM from the CD-ROM drive.
[Previous] [Next]
Appendix C -- Understanding the DHCP Service
The Dynamic Host Configuration Protocol (DHCP) Service in Microsoft Windows 2000 centralizes and manages the allocation of Microsoft Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information by assigning Internet Protocol (IP) addresses automatically to computers that are configured as DHCP clients. Implementing the DHCP Service can eliminate many of the configuration problems associated with configuring TCP/IP manually.
To introduce you to DHCP, the following six topics are covered in this appendix:
The Bootstrap Protocol (BOOTP)
Manual versus automatic TCP/IP configuration
The requirements for a server running the DHCP Service
The requirements for DHCP clients
The DHCP lease process
IP lease renewal and release
The Bootstrap Protocol
The Bootstrap Protocol, based on the User Datagram Protocol/Internet Protocol (UDP/IP), enables a booting host to configure itself dynamically. DHCP is an extension of BOOTP, which enables diskless clients to start up and automatically configure TCP/IP. Each time that a DHCP client starts, it requests IP addressing information from a DHCP server, including the following:
An IP address
A subnet mask
Optional values, such as the following:
A default gateway address
A Domain Name System (DNS) server address
A Windows Internet Name Service (WINS) server address
When a DHCP server receives a request for an IP address, it selects IP addressing information from a pool of addresses that are defined in its database and offers the IP addressing information to the DHCP client, as shown in Figure C.1. If the client accepts the offer, the DHCP server leases the IP addressing information to the client for a specified period of time.
Figure C.1 A DHCP server provides IP addresses to DHCP clients
Manual Versus Automatic TCP/IP Configuration
To understand why the DHCP Service is beneficial for configuring TCP/IP on clients, it is useful to contrast the manual method of configuring TCP/IP with the automatic method using DHCP, as shown in Table C.1.
Table C.1 Configuring TCP/IP Manually Versus Using the DHCP Service
Configuring TCP/IP manually
Configuring TCP/IP using DHCP
Users can pick an IP address randomly rather than obtaining a valid IP address from the network administrator. Using incorrect addresses can lead to network problems that can be difficult to trace to the source.
Users no longer need to acquire IP addressing information from an administrator to configure TCP/IP. The DHCP Service supplies all the necessary configuration information to all the DHCP clients.
Typing the IP address, subnet mask, or default gateway can lead to problems ranging from difficulty communicating, if the default gateway or subnet mask is incorrect, to problems associated with a duplicate IP address.
Correct configuration information ensures correct configuration, which eliminates most difficult-to-trace network problems.
There is administrative overhead for networks if you frequently move computers from one subnet to another. For example, you must change the IP address and default gateway address for a client to communicate from a new location.
Having servers running the DHCP Service on each subnet eliminates the overhead of having to manually reconfigure IP addresses, subnet masks, and default gateways when you move computers from one subnet to another.
To implement DHCP, you must install and configure the DHCP Service on at least one computer running Windows 2000 Server within the TCP/IP network. The computer can be configured as a domain controller or as a stand-alone server. In addition, for DHCP to function properly, you must configure the server and all of the clients.
Requirements for a Server Running the DHCP Service
A DHCP server requires a computer running Windows 2000 Server that is configured with the following:
The DHCP Service.
A static IP address (it can't be a DHCP client itself), subnet mask, default gateway (if necessary), and other TCP/IP parameters.
A DHCP scope. A scope is a range of IP addresses that are available for lease or assignment to clients.
Requirements for DHCP Clients
A DHCP client requires a computer that is DHCP-enabled and running any of the following supported operating systems:
Windows 2000, Windows NT Server version 3.51 or later, or Windows NT Workstation version 3.51 or later.
Microsoft Windows 95 or later.
Windows for Workgroups version 3.11 running Microsoft TCP/IP-32, which is included on the Windows 2000 Server CD-ROM.
Microsoft Network Client version 3 for Microsoft MS-DOS with the real-mode TCP/IP driver, which is included on the Windows 2000 Server CD-ROM.
LAN Manager version 2.2c, which is included on the Windows 2000 Server CD-ROM. LAN Manager 2.2c for OS/2 is not supported.
The DHCP Lease Process
To understand the DHCP lease process, you must first understand when the lease process occurs. The DHCP lease process occurs when one of the following events happens:
TCP/IP is initialized for the first time on a DHCP client.
A client requests a specific IP address and is denied, possibly because the DHCP server dropped the lease.
A client previously leased an IP address but released the IP address and requires a new one.
DHCP uses a four-phase process to lease IP addressing information to a DHCP client for a specific period of time: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK. (See Figure C.2.)
Figure C.2 The DHCP lease process
The DHCPDISCOVER Phase
The first phase in the DHCP lease process is DHCPDISCOVER. To begin the DHCP lease process, a client initializes a limited version of TCP/IP and broadcasts a DHCPDISCOVER message requesting the location of a DHCP server and IP addressing information. Because the client doesn't know the IP address of a DHCP server, the client uses 0.0.0.0 as the source address and 255.255.255.255 as the destination address.
The DHCPDISCOVER message contains the client's hardware address and computer name so that the DHCP servers can determine which client sent the request.
The DHCPOFFER Phase
The second phase in the DHCP lease process is DHCPOFFER. All DHCP servers that receive the IP lease request and have a valid client configuration broadcast a DHCPOFFER message that includes the following information:
The client's hardware address
An offered IP address
A subnet mask
The length of the lease
A server identifier (the IP address of the offering DHCP server)
The DHCP server sends a broadcast because the client doesn't yet have an IP address. The DHCP client selects the IP address from the first offer that it receives. The DHCP server that is issuing the IP address reserves the address so that it can't be offered to another DHCP client.
The DHCPREQUEST Phase
The third phase in the DHCP lease process occurs after the client receives a DHCPOFFER from at least one DHCP server and selects an IP address. The client broadcasts a DHCPREQUEST message to all DHCP servers, indicating that it has accepted an offer. The DHCPREQUEST message includes the server identifier (IP address) of the server whose offer it accepted. All other DHCP servers then retract their offers and retain their IP addresses for the next IP lease request.
The DHCPACK Phase
The final phase in a successful DHCP lease process occurs when the DHCP server issuing the accepted offer broadcasts a successful acknowledgment to the client in the form of a DHCPACK message. This message contains a valid lease for an IP address and possibly other configuration information.
When the DHCP client receives the acknowledgment, TCP/IP is completely initialized and the client is considered a bound DHCP client. Once bound, the client can use TCP/IP to communicate on the network.
The DHCPNACK Message
If the DHCPREQUEST is not successful, the DHCP server broadcasts a negative acknowledgement (DHCPNACK). A DHCP server broadcasts a DHCPNACK if
The client is trying to lease its previous IP address, and the IP address is no longer available.
The IP address is invalid because the client physically has been moved to a different subnet.
When the client receives an unsuccessful acknowledgment, it resumes the DHCP lease process.
NOTE
If a computer has multiple network adapters that are bound to TCP/IP, the DHCP process occurs separately over each adapter. The DHCP Service assigns a unique IP address to each adapter in the computer that is bound to TCP/IP.
IP Lease Renewal and Release
All DHCP clients attempt to renew their lease when 50 percent of the lease time has expired. To renew its lease, a DHCP client sends a DHCPREQUEST message directly to the DHCP server from which it obtained the lease. If the DHCP server is available, it renews the lease and sends the client a DHCPACK message with the new lease time and any updated configuration parameters, as shown in Figure C.3. The client updates its configuration when it receives the acknowledgment.
Figure C.3 Renewing an IP lease
NOTE
Each time a DHCP client restarts, it attempts to lease the same IP address from the original DHCP server. If the lease request is unsuccessful and lease time is still available, the DHCP client continues to use the same IP address until the next attempt to renew the lease.
If a DHCP client can't renew its lease with the original DHCP server at the 50 percent interval, the client broadcasts a DHCPREQUEST to contact any available DHCP server when 87.5 percent of the lease time has expired. Any DHCP server can respond with a DHCPACK message (renewing the lease) or a DHCPNACK message (forcing the DHCP client to reinitialize and obtain a lease for a different IP address).
If the lease expires, or if a DHCPNACK message is received, the DHCP client must immediately discontinue using that IP address. The DHCP client then begins the DHCP lease process to lease a new IP address.
Using Ipconfig to Renew a Lease
Use the ipconfig command with the /renew switch to send a DHCPREQUEST message to the DHCP server to receive updated options and lease time. If the DHCP server is unavailable, the client continues using the current DHCP- supplied configuration options.
Using Ipconfig to Release a Lease
Use the ipconfig command with the /release switch to cause a DHCP client to send a DHCPRELEASE message to the DHCP server and to release its lease. This is useful when you are moving a client to a different network and the client will not need its previous lease. TCP/IP communications with the client will stop after you issue this command.
Microsoft DHCP clients don't initiate DHCPRELEASE messages when shutting down. If a client remains shut down for the length of its lease (and the lease is not renewed), the DHCP server might assign that client's IP address to a different client after the lease expires. A client has a better chance of receiving the same IP address during initialization if it doesn't send a DHCPRELEASE message.
[Previous] [Next]
Appendix D -- Managing Backup Tapes
If you use tapes as your backup medium, consider the distinction between rotating tapes and archiving tapes. Rotating tapes means reusing them when the data stored on them is no longer viable for restoring. This common practice helps to lower the cost of backing up data. Archiving tapes means storing the tape to keep a record of the data rather than as prevention against data loss. When you archive a tape, you remove that tape from the tape rotation. Archived tapes are useful for maintaining a record of data for a specific date and time, such as employee records at the end of a fiscal year.
Rotating and Archiving Tapes
The following two examples provide strategies for rotating and archiving tapes.
Rotation and Archive Example 1
The following table illustrates one strategy for rotating and archiving tapes and is explained below.
Monday
Tuesday
Wednesday
Thursday
Friday
Week 1
Tape 1
Tape 2
Tape 3
Tape 4
Tape 5(Archive)
Week 2
Tape 1(Replace or Append)
Tape 2(Replace or Append)
Tape 3(Replace or Append)
Tape 4(Replace or Append)
Tape 6(Archive)
Week 1. The backup job for each day of the week is on a different tape. The backup tape for Friday is archived and removed from rotation.
Week 2. For this week, you reuse the tapes for the same day of the week (the Monday backup job is on the previous Monday tape 1). You can either replace or append to the existing backup job. However, on Friday, use a new tape that you archive and remove from rotation.
Rotation and Archive Example 2
The following table illustrates another strategy for rotating and archiving tapes and is explained below.
Monday
Tuesday
Wednesday
Thursday
Friday
Week 1
Tape 1
Tape 1(Append)
Tape 1(Append)
Tape 1(Append)
Tape 2(Archive)
Week 2
Tape 1
Tape 1(Append)
Tape 1(Append)
Tape 1(Append)
Tape 3(Archive)
Week 1. The backup job for each day of the week, except Friday, is on the same tape. The backup tape for Friday is archived and removed from rotation. Use the same tape for the Monday through Thursday backup jobs and append each new backup job to the previous one. The Friday backup job is on a different tape (tape 2) that you archive and remove from rotation.
Week 2. For this week, reuse the tape from the previous week (tape 1) for all backup jobs. The Friday backup job is on a tape (tape 3) that is different from the one that you used the previous Friday. You archive and remove this tape from rotation.
Determining the Number of Tapes Required
When determining the number of tapes you need, consider the tape rotation and archival schedule, the amount of the data that you back up, and the tape life cycle.
The life cycle of a tape depends on the tape itself and storage conditions. Follow the tape manufacturer's usage guidelines. If your company doesn't have a suitable storage facility, consider using a third-party company that specializes in offsite storage for backup media.
[Previous] [Next]
Glossary
A
access control entry (ACE) The entries on the access control list (ACL) that control user account or group access to a resource. The entry must allow the type of access that is requested (for example, Read access) for the user to gain access. If no ACE exists in the ACL, the user can't gain access to the resource or folder on an NTFS partition.
access control list (ACL) The ACL contains a list of all user accounts and groups that have been granted access for the file or folder on an NTFS partition or volume, as well as the type of access that they have been granted. When a user attempts to gain access to a resource, the ACL must contain an entry, called an access control entry (ACE), for the user account or group to which the user belongs. See alsoaccess control entry.
access permissions Features that control access to shared resources in Windows 2000.
Account See user account.
account lockout A Windows 2000 security feature that locks a user account if a number of failed logon attempts occur within a specified amount of time, based on account policy lockout settings. (Locked accounts can't log on.) Account policy controls how passwords must be used by all user accounts in an individual computer or in a domain.
ACE See access control entry.
ACL See access control list.
Active Directory directory services The directory services included in Windows 2000 Server products. These directory services identify all resources on a network and make them accessible to users and applications.
Address Resolution Protocol (ARP) A protocol that determines hardware addresses (MAC addresses) that correspond to an IP address.
ADSL See asymmetric digital subscriber line (ADSL).
agent A program that performs a background task for a user and reports to the user when the task is done or when some expected event has taken place.
American National Standards Institute (ANSI) An organization of American industry and business groups dedicated to the development of trade and communications standards. ANSI is the American representative to the International Organization for Standardization (ISO). See also International Organization for Standardization (ISO).
American Standard Code for Information Interchange (ASCII) A coding scheme that assigns numeric values to letters, numbers, punctuation marks, and certain other characters. By standardizing the values used for these characters, ASCII enables computers and computer programs to exchange information.
ANSI See American National Standards Institute (ANSI).
application layer The top (seventh) layer of the OSI reference model. This layer serves as the window that application processes use to access network services. It represents the services that directly support user applications, such as software for file transfers, database access, and e-mail.
application programming interface (API) A set of routines that an application program uses to request and carry out lower-level services performed by the operating system.
application protocol A protocol that works at the higher end of the OSI reference model, providing application-to-application interaction and data exchange. Popular application protocols include File Transfer Access and Management (FTAM), a file access protocol; Simple Mail Transfer Protocol (SMTP), a TCP/IP protocol for transferring e-mail; Telnet, a TCP/IP protocol for logging on to remote hosts and processing data locally; and NetWare Core Protocol (NCP), the primary protocol used to transmit information between a NetWare server and its clients.
ARP See Address Resolution Protocol (ARP).
asymmetric digital subscriber line (ADSL) A recent modem technology that converts existing twisted-pair telephone lines into access paths for multimedia and high-speed data communications. These new connections can transmit more than 8 Mbps to the subscriber and up to 1 Mbps from the subscriber. ADSL is recognized as a physical layer transmission protocol for unshielded twisted-pair media.
asynchronous transfer mode (ATM) An advanced implementation of packet switching that provides high-speed data transmission rates to send fixed-size cells over broadband LANs or WANs. Cells are 53 bytes—48 bytes of data with five additional bytes of address. ATM accommodates voice, data, fax, real-time video, CD-quality audio, imaging, and multimegabit data transmission. ATM uses switches as multiplexers to permit several computers to put data on a network simultaneously. Most commercial ATM boards transmit data at about 155 Mbps, but theoretically, a rate of 1.2 gigabits per second is possible.
asynchronous transmission A form of data transmission in which information is sent one character at a time, with variable time intervals between characters. Asynchronous transmission doesn't rely on a shared timer that allows the sending and receiving units to separate characters by specific time periods. Therefore, each transmitted character consists of a number of data bits (that compose the character itself), preceded by a start bit and ending in an optional parity bit followed by a 1-, 1.5-, or 2-stop bit.
ATM See asynchronous transfer mode (ATM).
auditing A process that tracks network activities by user accounts and a routine element of network security. Auditing can produce records or list users who have accessed—or attempted to access—specific resources; help administrators identify unauthorized activity; and track activities such as logon attempts, connection and disconnection from designated resources, changes made to files and directories, server events and modifications, password changes, and logon parameter changes.
audit policy A policy that defines the types of security events that Windows 2000 records in the security log on each computer.
authentication A verification based on user name, passwords, and time and account restrictions.
B
back end In a client/server application, the part of the program that runs on the server.
backup A duplicate copy of a program, a disk, or data, made to secure valuable files from loss.
backup job A single process of backing up data.
Bandwidth Allocation Protocol (BAP) A PPP control protocol that helps provide bandwidth on demand. BAP dynamically controls the use of multilinked lines and is an efficient mechanism for controlling connection costs while dynamically providing optimum bandwidth.
BAP See Bandwidth Allocation Protocol (BAP).
base I/O port A port that specifies a channel through which information is transferred between a computer's hardware, such as the network interface card (NIC), and its CPU.
base memory address A setting that defines the address of the location in a computer's memory (RAM) that is used by the NIC. This setting is sometimes called the RAM start address.
baud A measure of data-transmission speed named after the French engineer and telegrapher Jean-Maurice-Emile Baudot. It is a measure of the speed of oscillation of the sound wave on which a bit of data is carried over telephone lines. Because baud was originally used to measure the transmission speed of telegraph equipment, the term sometimes refers to the data-transmission speed of a modem. However, current modems can send at a speed higher than 1-bit per oscillation, so baud is being replaced by the more accurate bps (bits per second) as a measure of modem speed.
baud rate The speed at which a modem can transmit data. Often confused with bps (the number of bits per second transmitted), baud rate actually measures the number of events, or signal changes, that occur in one second. Because one event can actually encode more than one bit in high-speed digital communication, baud rate and bps are not always synonymous, and the latter is the more accurate term to apply to modems. For example, the 9600-baud modem that encodes 4-bits per event actually operates at 2400 baud but transmits at 9600 bps (2400 events times 4-bits per event), and thus should be called a 9600-bps modem.
binary synchronous communications protocol (bisync) A communications protocol developed by IBM. Bisync transmissions are encoded in either ASCII or EBCDIC. Messages can be of any length and are sent in units called frames that are optionally preceded by a message header. Because bisync uses synchronous transmission, in which message elements are separated by a specific time interval, each frame is preceded and followed by special characters that enable the sending and receiving machines to synchronize their clocks.
bind A term used to describe the association of two pieces of information with one another.
binding A process that establishes the communication channel between network components on different levels to enable communication between those components. For example, the binding of a protocol driver (such as TCP/IP) and a network adapter.
bit A short word for binary digit: either 1 or 0 in the binary number system. In processing and storage, a bit is the smallest unit of information handled by a computer. It is represented physically by an element such as a single pulse sent through a circuit or a small spot on a magnetic disk capable of storing either a 1 or 0. Eight bits make a byte.
bits per second (bps) A measure of the speed at which a device can transfer data. See also baud rate.
bit time The time it takes for each station to receive and store a bit.
boot-sector virus A type of virus that resides in the first sector of a floppy disk or hard disk. When the computer is booted, the virus executes. In this common method of transmitting viruses from one floppy disk to another, the virus replicates itself onto the new disk each time a new disk is inserted and accessed.
bottleneck A device or program that significantly degrades network performance. Poor network performance results when a device uses noticeably more CPU time than it should, consumes too much of a resource, or lacks the capacity to handle the load. Potential bottlenecks can be found in the CPU, memory, NIC, and other components.
Bps See bits per second (bps).
broadcast A transmission sent simultaneously to more than one recipient. In communication and on networks, a broadcast message is one distributed to all stations or computers on the network.
broadcast storm An event that occurs when so many broadcast messages are on the network that they approach or surpass the capacity of the network bandwidth. This can happen when one computer on the network transmits a flood of frames saturating the network with traffic so it can no longer carry messages from any other computer. Such a broadcast storm can shut down a network.
buffer A reserved portion of RAM in which data is held temporarily, pending an opportunity to complete its transfer to or from a storage device or another location in memory.
built-in groups One type of group account used by Microsoft Windows 2000. Built-in groups, as the name implies, are included with the network operating system. Built-in groups have been granted useful collections of rights and built-in abilities. In most cases, a built-in group provides all the capabilities needed by a particular user. For example, if a user account belongs to the built-in Administrators group, logging on with that account gives the user administrative capabilities. See also user account.
Bus Parallel wires or cabling that connect components in a computer.
Byte A unit of information consisting of 8 bits. In computer processing or storage, a byte is equivalent to a single character, such as a letter, numeral, or punctuation mark. Because a byte represents only a small amount of information, amounts of computer memory are usually given in kilobytes (1,024 bytes, or 2 raised to the 10th power), megabytes (1,048,576 bytes, or 2 raised to the 20th power), gigabytes (1,024 megabytes), terabytes (1,024 gigabytes), petabytes (1,024 terabytes), or exabytes (1,024 petabytes).
C
cache A special memory subsystem or part of RAM in which frequently used data values are duplicated for quick access. A memory cache stores the contents of frequently accessed RAM locations and the addresses where these data items are stored. When the processor references an address in memory, the cache checks to See whether it holds that address. If it does hold the address, the data is returned to the processor; if it doesn't, regular memory access occurs. A cache is useful when RAM accesses are slow as compared to the microprocessor speed.
callback A Windows 2000 feature that you can set to cause the remote server to disconnect and call back the client attempting to access the remote server. This reduces the client's phone bill by having the call charged to the remote server's phone number. The callback feature can also improve security by calling back the phone number that you specified.
central processing unit (CPU) The computational and control unit of a computer, the device that interprets and carries out instructions. Single-chip CPUs, called microprocessors, made personal computers possible. Examples include the 80286, 80386, 80486, and Pentium processors.
client A computer that accesses shared network resources provided by another computer, called a server.
client/server A network architecture designed around the concept of distributed processing in which a task is divided between a back end (server), which stores and distributes data, and a front end (client), which requests specific data from the server.
codec (compressor/decompressor) A compression/decompression technology for digital video and stereo audio.
companion virus A virus that uses the name of a real program but has a different file extension from that of the program. The virus is activated when its companion program is opened. The companion virus uses a .COM file extension, which overrides the .EXE file extension and activates the virus.
compression state The state of each file and folder on an NTFS volume. the compression state that can be either compressed or uncompressed.
CPU See central processing unit (CPU).
D
database management system (DBMS) A layer of software between the physical database and the user. The DBMS manages all requests for database action from the user, including keeping track of the physical details of file locations and formats, indexing schemes, and so on. In addition, a DBMS permits centralized control of security and data integrity requirements.
data encryption See encryption.
data encryption standard (DES) A commonly used, highly sophisticated algorithm developed by the U.S. National Bureau of Standards for encrypting and decoding data. See also encryption.
data frames Logical, structured packages in which data can be placed. Data being transmitted is segmented into small units and combined with control information such as message-start and message-end indicators. Each package of information is transmitted as a single unit, called a frame. The data-link layer packages raw bits from the physical layer into data frames. The exact format of the frame used by the network depends on the topology. See also frame.
data-link layer The second layer in the OSI reference model. This layer packages raw bits from the physical layer into data frames. See also Open Systems Interconnection (OSI) reference model.
data stream An undifferentiated, byte-by-byte flow of data.
DBMS See database management system (DBMS).
defragmenting The process of finding and consolidating fragmented files and folders. Defragmenting involves moving the pieces of each file or folder to one location so that each file or folder occupies a single, contiguous space on the hard disk. The system can then gain access to files and folders and save them more efficiently.
DES See data encryption standard (DES).
device A generic term for a computer subsystem. Printers, serial ports, and disk drives are referred to as devices.
DHCP See Dynamic Host Configuration Protocol (DHCP).
digital A system that encodes information numerically, such as 0 and 1, in a binary context. Computers use digital encoding to process data. A digital signal is a discrete binary state, either on or off.
digital line A communication line that carries information only in binary-encoded (digital) form. To minimize distortion and noise interference, a digital line uses repeaters to regenerate the signal periodically during transmission.
digital video disc (DVD) Also known as a digital versatile disc, an optical storage medium with higher capacity and bandwidth than a compact disc. A DVD can hold a full-length film with up to 133 minutes of high-quality video, in MPEG-2 format, and audio.
direct memory access (DMA) Memory access that doesn't involve the microprocessor, frequently employed for data transfer directly between memory and an "intelligent" peripheral device such as a disk drive.
direct memory access (DMA) channel A channel for direct memory access that doesn't involve the microprocessor, providing data transfer directly between memory and a disk drive.
Directory A storage space for information about network resources, as well as all the services that make the information available and useful. The resources stored in the Directory, such as user data, printers, servers, databases, groups, computers, and security policies, are known as objects. The Directory is part of Active Directory directory services.
directory service A network service that identifies all resources on a network and makes them accessible to users and applications.
disk duplexing See disk mirroring; fault tolerance.
disk duplicating See disk mirroring.
diskless computers Computers that have neither a floppy disk nor a hard disk. Diskless computers depend on special ROM to provide users with an interface through which they can log on to the network.
disk mirroring A technique, also known as disk duplicating, in which all or part of a hard disk is duplicated onto one or more hard disks, each of which ideally is attached to its own controller. With disk mirroring, any change made to the original disk is simultaneously made to the other disk or disks. Disk mirroring is used in situations in which a backup copy of current data must be maintained at all times. See also disk striping; fault tolerance.
disk striping A technique that divides data into 64 K blocks and spreads it equally in a fixed rate and order among all disks in an array. However, disk striping doesn't provide any fault tolerance because there is no data redundancy. If any partition in the set fails, all data is lost. See also disk mirroring; fault tolerance.
distribution server A server that stores the distribution folder structure, which contains the files needed to install a product—for example, Windows 2000.
DMA See direct memory access (DMA).
DMA channel See direct memory access (DMA) channel.
DNS See Domain Name System (DNS).
domain For Microsoft networking, a collection of computers and users that share a common database and security policy that are stored on a computer running Windows 2000 Server and configured as a domain controller. Each domain has a unique name. See also workgroup.
domain controller For Microsoft networking, the Windows 2000 Server-based computer that authenticates domain logons and maintains the security policy and master database for a domain.
domain name space The naming scheme that provides the hierarchical structure for the DNS database.
Domain Name System (DNS) A general-purpose, distributed, replicated data-query service used primarily on the Internet for translating host names into Internet addresses.
downtime The amount of time a computer system or associated hardware remains nonfunctional. Although downtime can occur because hardware fails unexpectedly, it can also be a scheduled event, such as when a network is shut down to allow time for maintaining the system, changing hardware, or archiving files.
driver A software component that permits a computer system to communicate with a device. For example, a printer driver is a device driver that translates computer data into a form understood by the target printer. In most cases, the driver also manipulates the hardware to transmit the data to the device.
dual in-line package (DIP) switch One or more small rocker or sliding switches that can be set to one of two states—closed or open—to control options on a circuit board.
DVD See digital video disc (DVD).
Dynamic Host Configuration Protocol (DHCP) A protocol for automatic TCP/IP configuration that provides static and dynamic address allocation and management. See also Transport Control Protocol/Internet Protocol (TCP/IP).
E
EAP See Extensible Authentication Protocol (EAP).
EBCDIC See Extended Binary Coded Decimal Interchange Code (EBCDIC).
effective permissions The sum of the NTFS permissions assigned to the user account and to all of the groups to which the user belongs. If a user has Read permission for a folder and is a member of a group with Write permission for the same folder, then the user has both Read and Write permission for the folder.
EISA See Extended Industry Standard Architecture (EISA).
encryption The process of making information indecipherable to protect it from unauthorized viewing or use, especially during transmission or when the data is stored on a transportable magnetic medium. A key is required to decode the information. See also data encryption standard (DES).
Enhanced Small Device Interface (ESDI) A standard that can be used with high-capacity hard disks and tape drives to enable high-speed communication with a computer. ESDI drivers typically transfer data at about 10 Mbps.
ESDI See Enhanced Small Device Interface (ESDI).
event An action or occurrence to which a program might respond. Examples of events are mouse clicks, key presses, and mouse movements. Also, any significant occurrence in the system or in a program that requires users to be notified or an entry to be added to a log.
exabyte See byte.
Extended Binary Coded Decimal Interchange Code (EBCDIC) A coding scheme developed by IBM for use with IBM mainframes and PCs as a standard method of assigning binary (numeric) values to alphabetic, numeric, punctuation, and transmission-control characters.
Extended Industry Standard Architecture (EISA) A 32-bit bus design for x86-based computers introduced in 1988. EISA was specified by an industry consortium of nine computer-industry companies (AST Research, Compaq, Epson, Hewlett-Packard, NEC, Olivetti, Tandy, Wyse, and Zenith). An EISA device uses cards that are upwardly compatible from ISA. See also Industry Standard Architecture (ISA).
Extensible Authentication Protocol (EAP) An extension to the Point-to-Point Protocol (PPP) that works with Dial-Up, PPTP, and L2TP clients. EAP allows for an arbitrary authentication mechanism to validate a dial-in connection. The exact authentication method to be used is negotiated by the dial-in client and the remote access server.
F
fault tolerance The ability of a computer or an operating system to respond to an event such as a power outage or a hardware failure in such a way that no data is lost and any work in progress is not corrupted.
Fiber Distributed Data Interface (FDDI) A standard developed by ANSI for high-speed, fiber-optic local area networks. FDDI provides specifications for transmission rates of 100 Mbps on networks based on the Token Ring standard.
file infector A type of virus that attaches itself to a file or program and activates any time the file is used. Many subcategories of file infectors exist. See also companion virus; macro virus; polymorphic virus; stealth virus.
File Transfer Protocol (FTP) A process that provides file transfers between local and remote computers. FTP supports several commands that allow bidirectional transfer of binary and ASCII files between computers. The FTP client is installed with the TCP/IP connectivity utilities. See also American Standard Code for Information Interchange (ASCII), Transport Control Protocol/Internet Protocol (TCP/IP).
firewall A security system, usually a combination of hardware and software, intended to protect a network against external threats coming from another network, including the Internet. Firewalls prevent an organization's networked computers from communicating directly with computers that are external to the network, and vice versa. Instead, all incoming and outgoing communication is routed through a proxy server outside the organization's network. Firewalls also audit network activity, recording the volume of traffic and information about unauthorized attempts to gain access. See also proxy server.
firmware Software routines stored in ROM. Unlike RAM, ROM stays intact even in the absence of electrical power. Startup routines and low-level I/O instructions are stored in firmware.
flow control The regulation of the flow of data through routers to ensure that no segment becomes overloaded with transmissions.
forest A grouping or hierarchical arrangement of one or more domain trees that form a disjointed namespace.
frame A package of information transmitted on a network as a single unit. Frame is a term most often used with Ethernet networks. A frame is similar to the packet used in other networks. See also data frames; packet.
frame preamble Header information, added to the beginning of a data frame in the physical layer of the OSI reference model.
frame relay An advanced, fast-packet, variable-length digital packet-switching technology. It is a point-to-point system that uses a private virtual circuit (PVC) to transmit variable-length frames at the data-link layer of the OSI reference model. Frame relay networks can also provide subscribers with bandwidth, as needed, that allows users to make nearly any type of transmission.
front end In a client/server application, refers to the part of the program carried out on the client computer.
FTP See File Transfer Protocol (FTP).
full-duplex transmission Communication that takes place simultaneously, in both directions. Also called duplex transmission. See also half-duplex transmission.
G
gateway A device used to connect networks using different protocols so that information can be passed from one system to the other. Gateways functions at the network layer of the OSI reference model.
Gb See gigabit.
GB See gigabyte.
gigabit A unit of measure that equals 1,073,741,824 bits. Also referred to as 1 billion bits.
gigabyte A unit of measure that commonly refers to 1 thousand megabytes. However, the precise meaning often varies with the context. A gigabyte is 1 billion bytes. In the context of computing, bytes are often expressed in multiples of powers of 2. Therefore, a gigabyte can also be either 1,000 megabytes or 1,024 megabytes, where a megabyte is considered to be 1,048,576 bytes (2 raised to the 20th power).
global catalog A service and a physical storage location that contains a replica of selected attributes for every object in Active Directory directory services.
global group One type of group account used by Microsoft Windows 2000. Used across an entire domain, global groups are created on domain controllers in the domain in which the user accounts reside. Global groups can contain user accounts only from the domain in which the global group is created. Members of global groups obtain resource permissions when the global group is added to a local group. See also group.
group In networking, an account containing other accounts that are called members. The permissions and rights granted to a group are also provided to its members; thus, groups offer a convenient way to grant common capabilities to collections of user accounts. For Windows 2000, groups are managed with the Computer Management snap-in. For Windows 2000 Server, groups are managed with the Active Directory Users and Computers snap-in.
H
half-duplex transmission Communication that takes place in either direction, but not both directions at the same time. See also full-duplex transmission.
handshaking A term applied to modem-to- modem communication. Refers to the process by which information is transmitted between the sending and receiving devices to maintain and coordinate data flow between them. Proper handshaking ensures that the receiving device will be ready to accept data before the sending device transmits.
hard disk One or more inflexible platters coated with material that allows the magnetic recording of computer data. A typical hard disk rotates at up to 7,200 revolutions per minute (RPM), and the read/write heads ride over the surface of the disk on a cushion of air 10 to 25 millionths of an inch deep. A hard disk is sealed to prevent contaminants from interfering with the close head-to-disk tolerances. Hard disks provide faster access to data than floppy disks and are capable of storing much more information. Because platters are rigid, they can be stacked so that one hard-disk drive can access more than one platter. Most hard disks have between two and eight platters.
hardware The physical components of a computer system, including any peripheral equipment such as printers, modems, and mouse devices.
hardware compatibility list (HCL) A list of computers and peripherals that have been tested and have passed compatibility testing with the product for which the HCL is being developed. For example, the Windows 2000 HCL lists the products that have been tested and found to be compatible with Windows 2000.
hardware loopback A connector on a computer that is useful for troubleshooting hardware problems, allowing data to be transmitted to a line and then returned as received data. If the transmitted data doesn't return, the hardware loopback detects a hardware malfunction.
HCL See hardware compatibility list (HCL).
HDLC See High-Level Data Link Control (HDLC).
header In network data transmission, one of the three sections of a packet component. It includes an alert signal to indicate that the packet is being transmitted, the source address, the destination address, and clock information to synchronize transmission.
hertz (Hz) The unit of frequency measurement. Frequency measures how often a periodic event occurs, such as the manner in which a wave's amplitude changes with time. One hertz equals one cycle per second. Frequency is often measured in kilohertz (KHz, 1000 Hz), megahertz (MHz), gigahertz (GHz, 1000 MHz), or terahertz (THz, 10,000 GHz).
High-Level Data Link Control (HDLC) A widely accepted international protocol developed by the International Organization for Standardization (ISO) that governs information transfer. HDLC is a bit-oriented, synchronous protocol that applies to the data-link (message packaging) layer of the OSI reference model. Under the HDLC protocol, data is transmitted in frames, each of which can contain a variable amount of data, but which must be organized in a particular way. See also data frames; frame.
host See server.
hot fixing See sector sparing.
HTML See Hypertext Markup Language (HTML).
Hypertext Markup Language (HTML) A language developed for writing pages for the World Wide Web. HTML allows text to include codes that define fonts, layout, embedded graphics, and hypertext links. Hypertext provides a method for presenting text, images, sound, and videos that are linked together in a nonsequential web of associations.
Hypertext Transport Protocol (HTTP) The method by which World Wide Web pages are transferred over the network.
I
ICM See Image Color Management (ICM) 2.
ICMP See Internet Control Message Protocol (ICMP).
IDE See Integrated Device Electronics (IDE).
IEEE See Institute of Electrical and Electronics Engineers (IEEE).
IEEE Project 802 A networking model developed by the IEEE and named for the year and month it began (February 1980). Project 802 defines LAN standards for the physical and data-link layers of the OSI reference model. Project 802 divides the data-link layer into two sublayers: media access control (MAC) and logical link control (LLC).
Image Color Management (ICM) 2 An operating system API that helps ensure that the colors you see on your monitor match those on your scanner and printer.
Industry Standard Architecture (ISA) An unofficial designation for the bus design of the IBM Personal Computer (PC) PC/XT. It allows various adapters to be added to the system by inserting plug-in cards into expansion slots. Commonly, ISA refers to the expansion slots themselves; such slots are called 8-bit slots or 16-bit slots. See also Extended Industry Standard Architecture (EISA); Micro Channel Architecture.
infrared transmission Electromagnetic radiation with frequencies in the electromagnetic spectrum in the range just below that of visible red light. In network communications, infrared technology offers extremely high transmission rates and wide bandwidth in line-of-sight communications.
Institute of Electrical and Electronics Engineers (IEEE) An organization of engineering and electronics professionals, noted in networking for developing the IEEE 802.x standards for the physical and data-link layers of the OSI reference model, applied in a variety of network configurations.
Integrated Device Electronics (IDE) A type of disk-drive interface in which the controller electronics reside on the drive itself, eliminating the need for a separate network interface card. The IDE interface is compatible with the Western Digital ST-506 controller.
Integrated Services Digital Network (ISDN) A worldwide digital communication network that evolved from existing telephone services. The goal of the ISDN is to replace current telephone lines, which require digital-to-analog conversions, with completely digital switching and transmission facilities capable of carrying data ranging from voice to computer transmissions, music, and video. The ISDN is built on two main types of communications channels: B channels, that carry voice, data, or images at a rate of 64 Kbps (kilobits per second), and a D channel, that carries control information, signaling, and link-management data at 16 Kbps. Standard ISDN Basic Rate desktop service is called 2B+D. Computers and other devices connect to ISDN lines through simple standardized interfaces.
interfaces Boundaries that separate the layers from each other. For example, in the OSI reference model, each layer provides some service or action that prepares the data for delivery over the network to another computer.
International Organization for Standardization (ISO) An organization made up of standards- setting groups from various countries. For example, the United States member is the American National Standards Institute (ANSI). The ISO works to establish global standards for communications and information exchange. Primary among its accomplishments is development of the widely accepted OSI reference model. Note that the ISO is often wrongly identified as the International Standards Organization, probably because of the abbreviation ISO; however, ISO is derived from isos, which means equal in Greek, rather than an acronym.
Internet Control Message Protocol (ICMP) A protocol used by IP and higher-level protocols to send and receive status reports about information being transmitted.
Internet Protocol (IP) The TCP/IP protocol for packet forwarding. See also Transport Control Protocol/Internet Protocol (TCP/IP).
Internet Protocol Security (IPSec) A framework of open standards for ensuring secure private communications over IP networks by using cryptographic security services.
Internetworking The intercommunication in a network that is made up of smaller networks.
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) A protocol stack that is used in Novell networks. IPX is the NetWare protocol for packet forwarding and routing. It is a relatively small and fast protocol on a LAN, is a derivative of Xerox Network System (XNS), and supports routing. SPX is a connection-oriented protocol used to guarantee the delivery of the data being sent. NWLink is the Microsoft implementation of the IPX/SPX protocol.
Interoperability The ability of components in one system to work with components in other systems.
interrupt request (IRQ) An electronic signal sent to a computer's CPU to indicate that an event has taken place that requires the processor's attention.
IP See Internet Protocol (IP). See also Transport Control Protocol/Internet Protocol (TCP/IP).
ipconfig A diagnostic command that displays all current TCP/IP network configuration values. It is of particular use on systems running DHCP because it allows users to determine which TCP/IP configuration values have been configured by the DHCP server. See also winipcfg.
IPSec See Internet Protocol Security (IPSec).
IPX/SPX See Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/SPX).
IRQ See interrupt request (IRQ).
ISA See Industry Standard Architecture (ISA).
ISDN See Integrated Services Digital Network (ISDN).
ISO See International Organization for Standardization (ISO).
J
jumper A small plastic-and-metal plug or wire for connecting different points in an electronic circuit. Jumpers are used to select a particular circuit or option from several possible configurations. You can use jumpers on network interface cards to select the type of connection through which the card will transmit, either DIX or BNC.
K
Kevlar A brand name of the DuPont Corporation for the fibers in the reinforcing layer of plastic that surrounds each glass strand of a fiber-optic connector. The name is sometimes used generically.
key In database management, an identifier for a record or group of records in a data file. Most often, the key is defined as the contents of a single field, called the key field in some database management programs and the index field in others. Keys are maintained in tables and are indexed to speed record retrieval. Keys also refer to code that deciphers encrypted data.
kilo (K) A measurement that refers to 1,000 in the metric system. In computing terminology, because computing is based on powers of 2, kilo is most often used to mean 1,024 (2 raised to the 10th power). To distinguish between the two contexts, a lowercase k is often used to indicate 1,000 and an uppercase K is used for 1,024. A kilobyte is 1,024 bytes.
kilobit (Kbit) A measurement that equals 1,024 bits. See also bit; kilo (K).
kilobyte (KB) A measurement that refers to 1,024 bytes. See also byte; kilo (K).
L
L2TP See Layer-Two Tunneling Protocol (L2TP).
LAN See local area network (LAN).
LAN requester See requester (LAN requester).
laser transmission A wireless network that uses a laser beam to carry data between devices.
LAT See local area transport (LAT).
layering The coordination of various protocols in a specific architecture that allows the protocols to work together to ensure that the data is prepared, transferred, received, and acted upon as intended.
Layer-Two Tunneling Protocol (L2TP) A protocol whose primary purpose is to create an encrypted tunnel through an untrusted network. L2TP is similar to PPTP in that it provides tunneling, but it doesn't provide encryption. L2TP provides a secure tunnel by cooperating with other encryption technologies such as IPSec. L2TP functions with IPSec to provide a secure virtual private network solution.
link The communication system that connects two LANs. Equipment that provides the link, including bridges, routers, and gateways.
local area network (LAN) Computers connected in a geographically confined network, such as in the same building, campus, or office park.
local area transport (LAT) A nonroutable protocol from Digital Equipment Corporation.
local group One type of group account used by Microsoft Windows 2000. Implemented in each local computer's account database, local groups contain user accounts and other global groups that need to have access, rights, and permissions assigned to a resource on a local computer. Local groups can't contain other local groups.
local user The user at the computer.
logical link control (LLC) sublayer One of two sublayers created by the IEEE Project 802 out of the data-link layer of the OSI reference model. The LLC is the upper sublayer that manages data-link communication and defines the use of logical interface points, called service access points (SAPs), used by computers to transfer information from the LLC sublayer to the upper OSI layers. See also media access control (MAC) sublayer; service access point (SAP).
M
macro virus A file-infector virus named because it is written as a macro for a specific application. Macro viruses are difficult to detect and they are becoming more common, often infecting widely used applications, such as word-processing programs. When an infected file is opened, the virus attaches itself to the application and then infects any files accessed by that application. See also file infector.
Mb See megabit (Mb).
MB See megabyte (MB).
Mbps See millions of bits per second (Mbps).
media The cable or wire that connects the vast majority of LANs today, which acts as the LAN transmission medium and carries data between computers.
media access control (MAC) driver The device driver located at the media access control sublayer of the OSI reference model. This driver is also known as the NIC driver. It provides low-level access to NICs by providing data-transmission support and some basic NIC management functions. These drivers also pass data from the physical layer to transport protocols at the network and transport layers.
media access control (MAC) sublayer One of two sublayers created by the IEEE Project 802 out of the data-link layer of the OSI reference model. The MAC sublayer communicates directly with the network interface card and is responsible for delivering error-free data between two computers on the network. See also logical link control (LLC) sublayer.
megabit (Mb) A measurement that is usually 1,048,576 bits; sometimes interpreted as 1 million bits. See also bit.
megabyte (MB) A measurement that is usually 1,048,576 bytes (2 raised to the 20th power); sometimes interpreted as 1 million bytes. See also byte.
Micro Channel Architecture The design of the bus in IBM PS/2 computers (except models 25 and 30). The Micro Channel is electrically and physically incompatible with the IBM PC/AT bus. Unlike the PC/AT bus, the Micro Channel functions as either a 16-bit or 32-bit bus. The Micro Channel can also be driven independently by multiple bus master processors. See also Extended Industry Standard Architecture (EISA); Industry Standard Architecture (ISA).
Microcom Network Protocol (MNP) The standard for asynchronous data-error control developed by Microcom Systems. The method works so well that other companies have adopted not only the initial version of the protocol, but later versions as well. Currently, several modem vendors incorporate MNP Classes 2, 3, 4, and 5.
Microsoft Technical Information Network (TechNet) A network that provides informational support for all aspects of networking, with an emphasis on Microsoft products.
millions of bits per second (Mbps) The unit of measurement of supported transmission rates on the following physical media: coaxial cable, twisted-pair cable, and fiber-optic cable. See also bit.
MNP See Microcom Network Protocol (MNP).
mobile computing A technique that incorporates wireless adapters using cellular telephone technology to connect portable computers with the cabled network.
modem A communication device that enables a computer to transmit information over a standard telephone line. Because a computer is digital, it works with discrete electrical signals representing binary 1 and binary 0. A telephone is analog and carries a signal that can have many variations. Modems are needed to convert digital signals to analog and back. When transmitting, modems impose (modulate) a computer's digital signals onto a continuous carrier frequency on the telephone line. When receiving, modems sift out (demodulate) the information from the carrier and transfer it in digital form to the computer.
multitasking A mode of operation offered by an operating system in which a computer works on more than one task at a time. The two primary types of multitasking are preemptive and nonpreemptive. In preemptive multitasking, the operating system can take control of the processor without the task's cooperation. In nonpreemptive multitasking, the processor is never taken from a task. The task itself decides when to give up the processor. A true multitasking operating system can run as many tasks as it has processors. When there are more tasks than processors, the computer must "time slice" so that the available processors devote a certain amount of time to one task and then move on to the next task, alternating between tasks until all the tasks are completed.
N
Name Binding Protocol (NBP) An Apple protocol responsible for keeping track of entities on the network and matching names with Internet addresses. It works at the transport layer of the OSI reference model.
namespace Any bounded area in which a name can be resolved. Name resolution is the process of translating a name into some object or information that the name represents. The Active Directory namespace is based on the DNS naming scheme, which allows for interoperability with Internet technologies.
NBP See Name Binding Protocol (NBP).
nbtstat A diagnostic command that displays protocol statistics and current TCP/IP connections using NetBIOS over TCP/IP (NetBT). This command is available only if the TCP/IP protocol has been installed. See also netstat.
NDIS See Network Driver Interface Specification (NDIS).
NetBIOS Enhanced User Interface (NetBEUI) A protocol supplied with all Microsoft network products. NetBEUI advantages include small stack size (important for MS-DOS-based computers), speed of data transfer on the network medium, and compatibility with all Microsoft-based networks. The major drawback of NetBEUI is that it is a LAN transport protocol and therefore does not support routing. It is also limited to Microsoft-based networks.
netstat A diagnostic command that displays protocol statistics and current TCP/IP network connections. This command is available only if the TCP/IP protocol has been installed. See also nbtstat.
NetWare Core Protocol (NCP) A protocol that defines the connection control and service- request encoding that make it possible for clients and servers to interact. This is the protocol that provides transport and session services. NetWare security is also provided within this protocol.
network In the context of computers, a system in which a number of independent computers are linked together to share data and peripherals, such as hard disks and printers.
network adapter card See network interface card (NIC).
network basic input/output system (NetBIOS) An application programming interface (API) that can be used by application programs on a LAN consisting of IBM-compatible microcomputers running MS-DOS, OS/2, or some version of UNIX. Primarily of interest to programmers, NetBIOS provides application programs with a uniform set of commands for requesting the lower-level network services required to conduct sessions between nodes on a network and transmit information between them.
Network Driver Interface Specification (NDIS) A standard that defines an interface for communication between the media access control (MAC) sublayer and protocol drivers. NDIS allows for a flexible environment of data exchange. It defines the software interface, called the NDIS interface, which is used by protocol drivers to communicate with the network interface card. The advantage of NDIS is that it offers protocol multiplexing so that multiple protocol stacks can be used at the same time. See also Open Data-Link Interface (ODI).
network interface card (NIC) An expansion card installed in each computer and server on the network. The NIC acts as the physical interface or connection between the computer and the network cable.
network layer The third layer in the OSI reference model. This layer is responsible for addressing messages and translating logical addresses and names into physical addresses. This layer also determines the route from the source to the destination computer. It determines which path the data should take based on network conditions, priority of service, and other factors. It also manages traffic problems such as switching, routing, and controlling the congestion of data packets on the network. See also Open Systems Interconnection (OSI) reference model.
network monitors Monitors that track all or a selected part of network traffic. They examine frame-level packets and gather information about packet types, errors, and packet traffic to and from each computer.
NIC See network interface card (NIC).
node On a LAN, a device that is connected to the network and is capable of communicating with other network devices. For example, clients, servers, and repeaters are called nodes.
nonpreemptive multitasking A form of multitasking in which the processor is never taken from a task. The task itself decides when to give up the processor. Programs written for nonpreemptive multitasking systems must include provisions for yielding control of the processor. No other program can run until the nonpreemptive program gives up control of the processor. See also multitasking; preemptive multitasking.
Novell NetWare One of the leading network architectures.
O
Object A distinct, named set of attributes that represent a network resource. Object attributes are characteristics of objects in the Directory. For example, the attributes of a user account might include the user's first and last names, department, and e-mail address.
ODI See Open Data-Link Interface (ODI).
ohm The unit of measurement for electrical resistance. A resistance of 1 ohm will pass 1 ampere of current when a voltage of 1 volt is applied. A 100-watt incandescent bulb has a resistance of approximately 130 ohms.
Open Data-Link Interface (ODI) A specification defined by Novell and Apple to simplify driver development and to provide support for multiple protocols on a single network interface card. Similar to NDIS in many respects, ODI allows Novell NetWare drivers to be written without concern for the protocol that will be used on top of them.
Open Shortest Path First (OSPF) A routing protocol for IP networks, such as the Internet, that allows a router to calculate the shortest path to each node for sending messages.
Open Systems Interconnection (OSI) reference model A seven-layer architecture that standardizes levels of service and types of interaction for computers exchanging information through a network. It is used to describe the flow of data between the physical connection to the network and the end-user application. This model is the best-known and most widely used model for describing networking environments. Following is the OSI seven-layer focus from highest to lowest level:
7. application layer. Program-to-program transfer of information
6. presentation layer. Text formatting and display-code conversion
5. session layer. Establishing, maintaining, and coordinating communication
4. transport layer. Accurate delivery and service quality
3. network layer. Transport routes, message handling, and transfer
2. data-link layer. Coding, addressing, and transmitting information
1. physical layer. Hardware connections
organizational unit (OU) A container that you use to organize objects within a domain into logical administrative groups. An OU can contain objects such as user accounts, groups, computers, printers, applications, file shares, and so on.
OSI See Open Systems Interconnection (OSI) reference model.
OSPF See Open Shortest Path First (OSPF).
P
packet A unit of information transmitted as a whole from one device to another on a network. In packet-switching networks, a packet is defined more specifically as a transmission unit of fixed maximum size that consists of binary digits representing data; a header containing an identification number, source, and destination addresses; and sometimes error-control data. See also frame.
packet assembler/disassembler (PAD) A device that breaks large chunks of data into packets, usually for transmissions over an X.25 network, and reassembles them at the other end. See also packet switching.
Packet Internet Groper (ping) A simple utility that tests whether a network connection is complete, from the server to the workstation, by sending a message to the remote computer. If the remote computer receives the message, it responds with a reply message. The reply consists of the remote workstation's IP address, the number of bytes in the message, how long it took to reply-given in milliseconds (ms)-and the length of Time to Live (TTL) in seconds. Ping works at the IP level and will often respond even when higher level TCP-based services cannot.
packet switching A message delivery technique in which small units of information (packets) are relayed through stations in a computer network along the best route available between the source and the destination. Data is broken into smaller units and then repacked in a process called packet assembler/disassembler (PAD). Although each packet can travel along a different path, and the packets composing a message can arrive at different times or out of sequence, the receiving computer reassembles the original message. Packet-switching networks are considered fast and efficient. Standards for packet switching on networks are documented in the CCITT recommendation X.25.
PAD See packet assembler/disassembler (PAD).
page-description language (PDL) A language that communicates to a printer how printed output should appear. The printer uses the PDL to construct text and graphics to create the page image. PDLs are like blueprints in that they set parameters and features such as type sizes and fonts, but they leave the drawing to the printer.
paging file A special file on one or more of the hard disks of a computer running Windows 2000. Windows 2000 uses virtual memory to store some of the program code and other information in RAM and to temporarily store some of the program code and other information on the computer's hard disks. This increases the amount of available memory on the computer.
parity An error-checking procedure in which the number of 1s must always be the same—either odd or even—for each group of bits transmitted without error. Parity is used for checking data transferred within a computer or between computers.
partition A portion of a physical disk that functions as if it were a physically separate unit.
password-protected share The access to a shared resource that is granted when a user enters the appropriate password.
PDA See personal digital assistant (PDA).
PDL See page-description language (PDL).
PDN See public data network (PDN).
peer-to-peer network A network that has no dedicated servers or hierarchy among the computers. All computers are equal and, therefore, known as peers. Generally, each computer functions as both client and server.
peripheral A term used for devices such as disk drives, printers, modems, mouse devices, and joysticks that are connected to a computer and controlled by its microprocessor.
Peripheral Component Interconnect (PCI) A 32-bit local bus used in most Pentium computers and in the Apple Power Macintosh that meets most of the requirements for providing Plug and Play functionality.
permanent virtual circuit (PVC) A permanent logical connection between two nodes on a packet-switching network; similar to leased lines that are permanent and virtual, except that with PVC, the customer pays for only the time the line is used. This type of connection service is gaining importance because both frame relay and ATM use it. See also packet switching; virtual circuit.
permissions See access permissions.
personal digital assistant (PDA) A type of handheld computer that provides functions including personal organization features—like a calendar, note taking, database manipulation, calculator, and communications. For communication, a PDA uses cellular or wireless technology that is often built into the system but that can be supplemented or enhanced by means of a PC Card.
petabyte See byte.
phase change rewritable (PCR) A type of rewritable optical technology in which the optical devices come from one manufacturer (Matsushita/Panasonic) and the media comes from two (Panasonic and Plasmon).
physical layer The first (bottommost) layer of the OSI reference model. This layer addresses the transmission of the unstructured raw bit stream over a physical medium (the networking cable). The physical layer relates the electrical/optical, mechanical, and functional interfaces to the cable and also carries the signals that transmit data generated by all of the higher OSI layers. See also Open Systems Interconnection (OSI) reference model.
ping See Packet Internet Groper (ping).
Plug and Play (PnP) A capability that enables a computer system to automatically configure a device added to it. Plug and Play capability exists in Macintoshes based on the NuBus and, since Windows 95, on PC-compatible computers. Also refers to specifications developed by Intel and Microsoft that allow a PC to configure itself automatically to work with peripherals such as monitors, modems, and printers.
point-to-point configuration Dedicated circuits that are also known as private, or leased, lines. They are the most popular WAN communication circuits in use today. The carrier guarantees full-duplex bandwidth by setting up a permanent link from each endpoint, using bridges and routers to connect LANs through the circuits. See also Point-to-Point Protocol (PPP); Point-to-Point Tunneling Protocol (PPTP).
Point-to-Point Protocol (PPP) A data-link protocol for transmitting TCP/IP packets over dial-up telephone connections, such as between a computer and the Internet. PPP was developed by the Internet Engineering Task Force in 1991.
Point-to-Point Tunneling Protocol (PPTP) An extension of the Point-to-Point Protocol that is used for communications on the Internet. Microsoft developed PPTP to support virtual private networks (VPNs), which allow individuals and organizations to use the Internet as a secure means of communication. PPTP supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection. See also virtual private network (VPN).
polymorphic virus A variant of a file-infector virus that is named for the fact that it changes its appearance each time it is replicated. This makes it difficult to detect because no two versions of the virus are exactly the same. See also file infector.
polyvinyl chloride (PVC) The material most commonly used for insulating and jacketing cable.
preemptive multitasking A form of multitasking (the ability of a computer's operating system to work on more than one task at a time). With preemptive multitasking—as opposed to nonpreemptive multitasking—the operating system can take control of the processor without the task's cooperation. See also nonpreemptive multitasking.
presentation layer The sixth layer of the OSI reference model. This layer determines the form used to exchange data between networked computers. At the sending computer, this layer translates data from a format sent down from the application layer into a commonly recognized, intermediary format. At the receiving end, this layer translates the intermediary format into a format useful to that computer's application layer. The presentation layer manages network security issues by providing services such as data encryption, provides rules for data transfer, and performs data compression to reduce the number of bits that need to be transmitted. See also Open Systems Interconnection (OSI) reference model.
print device The hardware device that produces printed documents.
print queue A buffer in which a print job is held until the printer is ready to print it.
print server The computer on which the printers that are associated with local and network- interface print devices reside. The print server receives and processes documents from client computers. You set up and share network printers on print servers.
printer The software interface between the operating system and the print device. The printer defines where a document will go to reach the print device, when it will go, and how various other aspects of the printing process will be handled.
printer driver One or more files containing information that Windows 2000 requires to convert print commands into a specific printer language, such as PostScript. A printer driver is specific to each print device model.
printer pool A printer that is connected to multiple print devices through multiple ports on a print server. The print server can be local or network-interface print devices. Print devices should be identical; however, you can use print devices that are not identical but use the same printer driver.
printer port The software interface through which a computer communicates with a print device by means of a locally attached interface. These supported interfaces include LPT, COM, USB, and network-attached devices such as the HP JetDirect and Intel NetPort.
Private Branch Exchange (PBX) or Private Auto-mated Branch Exchange (PABX) A switching telephone network that allows callers within an organization to place intraorganizational calls without going through the public telephone system.
protocol The system of rules and procedures that govern communication between two or more devices. Many varieties of protocols exist, and not all are compatible, but as long as two devices are using the same protocol, they can exchange data. Protocols exist within protocols, as well, governing different aspects of communication. Some protocols, such as the RS-232 standard, affect hardware connections. Other standards govern data transmission, including the parameters and handshaking signals such as XON/OFF used in asynchronous (typically, modem) communications, as well as such data-coding methods as bit- and byte-oriented protocols. Still other protocols, such as the widely used Xmodem, govern file transfer, and others, such as CSMA/CD, define the methods by which messages are passed around the stations on a LAN. Protocols represent attempts to ease the complex process of enabling computers of different makes and models to communicate. Additional examples of protocols include the OSI model, IBM's SNA, and the Internet suite, including TCP/IP. See also Systems Network Architecture (SNA); Transport Control Protocol/Internet Protocol (TCP/IP).
protocol driver The driver responsible for offering four or five basic services to other layers in the network, while "hiding" the details of how the services are actually implemented. Services performed include session management, datagram service, data segmentation and sequencing, acknowledgment, and possibly routing across a WAN.
protocol stack A layered set of protocols that work together to provide a set of network functions.
proxy server A firewall component that manages Internet traffic to and from a local area network (LAN). The proxy server decides whether it is safe to let a particular message or file pass through to the organization's network, providing access control to the network, and filters and discards requests as specified by the owner, including requests for unauthorized access to proprietary data. See also firewall.
public data network (PDN) A commercial packet-switching or circuit-switching WAN service provided by local and long-distance telephone carriers.
PVC See permanent virtual circuit (PVC).
R
RADIUS See Remote Authentication Dial-In User Service.
RAID See redundant array of independent disks (RAID).
random access memory (RAM) Semiconductor-based memory that can be read and written to by the microprocessor or other hardware devices. The storage locations can be accessed in any order. Note that the various types of ROM memory are also capable of random access. However, the term RAM is generally understood to refer to volatile memory, which can be written as well as read. See also read-only memory (ROM).
read-only memory (ROM) Semiconductor-based memory that contains instructions or data that can be read but not modified. See also random access memory (RAM).
redirector Networking software that accepts I/O requests for remote files, named pipes, or mail slots and sends (redirects) the requests to a network service on another computer.
reduced instruction set computing (RISC) A type of microprocessor design that focuses on rapid and efficient processing of a relatively small set of instructions. RISC design is based on the premise that most of the instructions that a computer decodes and executes are simple. As a result, RISC architecture limits the number of instructions that are built into the microprocessor but optimizes each so it can be carried out rapidly, usually within a single clock cycle. RISC chips execute simple instructions faster than microprocessors designed to handle a much wider array of instructions. However, they are slower than general-purpose complex instruction set computing (CISC) chips when executing complex instructions, which must be broken down into many machine instructions before they can be carried out by RISC microprocessors.
redundancy system A fault-tolerant system that protects data by duplicating it in different physical sources. Data redundancy allows access to data even if part of the data system fails. See also fault tolerance.
redundant An array of inexpensive disks (RAID). See also redundant array of independent disks (RAID).
redundant array of independent disks (RAID) A standardization of fault-tolerant options in five levels. The levels offer various combinations of performance, reliability, and cost. Formerly known as redundant array of inexpensive disks.
Remote Authentication Dial-In User Service (RADIUS) A security authentication protocol widely used by Internet Service Providers (ISPs). RADIUS provides authentication and accounting services for distributed dial-up networking.
remote-boot programmable read-only memory (PROM) A special chip in the network interface card that contains the hardwired code that starts the computer and connects the user to the network, used in computers for which there are no hard disks or floppy drives. See also diskless computers.
remote installation The process of connecting to a server running Remote Installation Services (RIS), called the RIS server, and then starting an automated installation of Windows 2000 Professional on a local computer.
remote user A user who dials in to the server over modems and telephone lines from a remote location.
requester (LAN requester) Software that resides in a computer and forwards requests for network services from the computer's application programs to the appropriate server. See also redirector.
resources Any part of a computer system. Users on a network can share computer resources, such as hard disks, printers, modems, CD-ROM drives, and even the processor.
rights The authorization with which a user is entitled to perform certain actions on a computer network. Rights apply to the system as a whole, whereas permissions apply to specific objects. For example, a user might have the right to back up an entire computer system, including the files that the user doesn't have permission to access. See also access permissions.
RISC See reduced instruction set computing (RISC).
ROM See read-only memory (ROM).
routable protocols The protocols that support multipath LAN-to-LAN communications. See also protocol.
router A device used to connect networks of different types, such as those using different architectures and protocols. Routers work at the network layer of the OSI reference model. This means they can switch and route packets across multiple networks, which they do by exchanging protocol-specific information between separate networks. Routers determine the best path for sending data and filter broadcast traffic to the local segment.
Routing Information Protocol (RIP) A protocol that uses distance-vector algorithms to determine routes. With RIP, routers transfer information among other routers to update their internal routing tables and use that information to determine the best routes based on hop counts between routers. TCP/IP and IPX support RIP.
RS-232 standard An industry standard for serial communication connections adopted by the Electrical Industries Association (EIA). This recommended standard defines the specific lines and signal characteristics used by serial communications controllers to standardize the transmission of serial data between devices.
S
SAP See service access point (SAP); Service Advertising Protocol (SAP).
schema A database description to the database management system that contains a formal definition of the contents and structure of Active Directory directory services, including all attributes, classes, and class properties. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which object class can be a parent of the current object class.
SCSI See Small Computer System Interface (SCSI).
SDLC See Synchronous Data Link Control (SDLC).
sector A portion of the data-storage area on a disk. A disk is divided into sides (top and bottom), tracks (rings on each surface), and sectors (sections of each ring). Sectors are the smallest physical storage units on a disk and are of fixed size—typically capable of holding 512 bytes of information apiece.
sector sparing A fault-tolerant system also called hot fixing. It automatically adds sector-recovery capabilities to the file system during operation. If bad sectors are found during disk I/O, the fault-tolerant driver will attempt to move the data to a good sector and map out the bad sector. If the mapping is successful, the file system is not alerted. It is possible for SCSI devices to perform sector sparing, but AT devices (ESDI and IDE) cannot.
security The act of making computers and data stored on them safe from harm or unauthorized access.
Security log A log that records security events. For example, valid and invalid logon attempts and events relating to creating, opening, or deleting files or other objects.
segment The length of cable on a network between two terminators. A segment can also refer to messages that have been broken up into smaller units by the protocol driver.
Sequenced Packet Exchange (SPX) Part of Novell's IPX/SPX protocol suite for sequenced data. See also Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/SPX).
Serial Line Internet Protocol (SLIP) As defined in RFC 1055, an internet protocol that is normally used on Ethernet over a serial line—for example, an RS-232 serial port connected to a modem.
serial transmission A one-way data transfer. The data travels on a network cable with one bit following another.
server A computer that provides shared resources to network users. See also client.
server-based network A network in which resource security and most other network functions are provided by dedicated servers. Server-based networks have become the standard model for networks serving more than 10 users. See also peer-to-peer network.
server message block (SMB) The protocol developed by Microsoft, Intel, and IBM that defines a series of commands used to pass information between network computers. The redirector packages SMB requests into a network control block (NCB) structure that can be sent over the network to a remote device. The network provider listens for SMB messages destined for it and removes the data portion of the SMB request so that it can be processed by a local device.
service access point (SAP) The interface between each of the seven layers in the OSI protocol stack that has connection points, similar to addresses, used for communication between layers. Any protocol layer can have multiple SAPs active at one time.
Service Advertising Protocol (SAP) A protocol that allows service-providing nodes (including file, printer, gateway, and application servers) to advertise their services and addresses.
session A connection or link between stations on the network.
session layer The fifth layer of the OSI reference model. This layer allows two applications on different computers to establish, use, and end a connection called a session. This layer performs name recognition and functions, such as security, needed to allow two applications to communicate over the network. The session layer provides synchronization between user tasks. This layer also implements dialog control between communicating processes, regulating which side transmits, when, for how long, and so on. See also Open Systems Interconnection (OSI) reference model.
session management The process that establishes, maintains, and terminates connections between stations on the network.
sharing The means by which files or folders are publicly posted on a network for access by anyone on the network.
shell A piece of software, usually a separate program, that provides direct communication between the user and the operating system. This usually takes the form of a command-line interface. Examples of shells are Macintosh Finder and the MS-DOS command interface program Command.com.
Simple Mail Transfer Protocol (SMTP) A TCP/IP protocol for transferring e-mail. See also application protocol; Transport Control Protocol/Internet Protocol (TCP/IP).
Simple Network Management Protocol (SNMP) A TCP/IP protocol for monitoring networks. SNMP uses a request and response process. In SNMP, short utility programs, called agents, monitor the network traffic and behavior in key network components to gather statistical data, which they put into a management information base (MIB). To collect the information into a usable form, a special management console program regularly polls the agents and downloads the information in their MIBs. If any of the data falls either above or below parameters set by the manager, the management console program can present signals on the monitor locating the trouble and notify designated support staff by automatically dialing a pager number.
simultaneous peripheral operation online (spool) A process that facilitates the process of moving a print job from the network into a printer.
site A combination of one or more IP subnets, typically connected by a high-speed link.
Small Computer System Interface (SCSI) Pronounced "skuzzy," a standard, high-speed parallel interface defined by ANSI. A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and LANs.
SMB See server message block (SMB).
SMP See symmetric multiprocessing (SMP).
SMTP See Simple Mail Transfer Protocol (SMTP).
SNMP See Simple Network Management Protocol (SNMP).
software Computer programs or sets of instructions that allow the hardware to work. Software can be grouped into four categories: system software, such as operating systems, which control the workings of the computer; application software, such as word-processing programs, spreadsheets, and databases, which perform the tasks for which people use computers; network software, which enables groups of computers to communicate; and language software, which provides programmers with the tools they need to write programs.
SONET See Synchronous Optical Network (SONET).
spanning tree algorithm (STA) An algorithm (mathematical procedure) implemented to eliminate redundant routes and to avoid situations in which multiple LANs are joined by more than one path by the IEEE 802.1 Network Management Committee. Under STA, bridges exchange certain control information in an attempt to find redundant routes. The bridges determine which would be the most efficient route and then use that one and disable the others. Any of the disabled routes can be reactivated if the primary route becomes unavailable.
SPX See Sequenced Packet Exchange (SPX).
SQL See structured query language (SQL).
STA See spanning tree algorithm (STA).
stand-alone computer A computer that isn't connected to any other computers and isn't part of a network.
stand-alone environment A work environment in which each user has a personal computer but works independently, unable to share files and other important information that would be readily available through server access in a networking environment.
stealth virus A variant of a file-infector virus. This virus is so named because it attempts to hide from detection. When an antivirus program attempts to find it, the stealth virus tries to intercept the probe and return false information indicating that it does not exist.
stripe set A form of fault tolerance that combines multiple areas of unformatted free space into one large logical drive, distributing data storage across all drives simultaneously. In Windows 2000, a stripe set requires at least two physical drives and can use up to 32 physical drives. Stripe sets can combine areas on different types of drives, such as Small Computer System Interface (SCSI), Enhanced Small Device Interface (ESDI), and Integrated Device Electronics (IDE) drives.
structured query language (SQL) A standard language for creating, updating, and querying relational database management systems.
Switched Multimegabit Data Services (SMDS) A high-speed, switched-packet service that can provide speeds of up to 34 Mbps.
switched virtual circuit (SVC) A logical connection between end computers that uses a specific route across the network. Network resources are dedicated to the circuit, and the route is maintained until the connection is terminated. These are also known as point-to-multipoint connections. See also virtual circuit.
symmetric multiprocessing (SMP) A system that uses any available processor on an as-needed basis. With this approach, the system load and application needs can be distributed evenly across all available processors.
synchronous A form of communication that relies on a timing scheme coordinated between two devices to separate groups of bits and transmit them in blocks called frames. Special characters are used to begin the synchronization and check its accuracy periodically. Because the bits are sent and received in a timed, controlled (synchronized) fashion, start and stop bits are not required. Transmission stops at the end of one transmission and starts again with a new one. It is a start/stop approach, and more efficient than asynchronous transmission. If an error occurs, the synchronous error detection and correction scheme implements a retransmission. However, because more sophisticated technology and equipment is required to transmit synchronously, it is more expensive than asynchronous transmission.
Synchronous Data Link Control (SDLC) The data link (data transmission) protocol most widely used in networks conforming to IBM's SNA. SDLC is a communications guideline that defines the format in which information is transmitted. As its name implies, SDLC applies to synchronous transmissions. SDLC is also a bit-oriented protocol and organizes information in structured units called frames.
Synchronous Optical Network (SONET) A fiber-optic technology that can transmit data at more than one gigabit per second. Networks based on this technology are capable of delivering voice, data, and video. SONET is a standard for optical transport formulated by the Exchange Carriers Standards Association (ECSA) for ANSI.
Systems Network Architecture (SNA) An IBM-proprietary high-level networking protocol standard for IBM and IBM-compatible mainframe systems. See also protocol.
T
TCO See total cost of ownership (TCO).
TCP See Transmission Control Protocol (TCP).
TCP/IP See Transport Control Protocol/Internet Protocol (TCP/IP).
TDI See transport driver interface (TDI).
TechNet See Microsoft Technical Information Network (TechNet).
Telnet The command and program used to log in from one Internet site to another. The Telnet command and program brings the user to the login prompt of another host.
terabyte See byte.
throughput A measure of the data transfer rate through a component, connection, or system. In networking, throughput is a good indicator of the system's total performance because it defines how well the components work together to transfer data from one computer to another. In this case, the throughput would indicate how many bytes or packets the network could process per second.
topology The arrangement or layout of computers, cables, and other components on a network. Topology is the standard term that most network professionals use when referring to the network's basic design.
total cost of ownership (TCO) The total amount of money and time associated with purchasing computer hardware and software, and deploying, configuring, and maintaining the hardware and software. It includes hardware and software updates, training, maintenance and administration, and technical support. One other major factor is lost productivity due to user errors, hardware problems, software upgrades, and retraining.
tracert A Traceroute command-line utility that shows every router interface through which a TCP/IP packet passes on its way to a destination.
trailer One of the three sections of a packet component. The exact content of the trailer varies depending on the protocol, but it usually includes an error-checking component, or cyclical redundancy check (CRC).
transceiver A device that connects a computer to the network. The term is derived from transmitter/receiver; thus, a transceiver is a device that receives and transmits signals. It switches the parallel data stream used on the computer's bus into a serial data stream used in the cables connecting the computers.
Transmission Control Protocol (TCP) The TCP/IP protocol for sequenced data. See also Transport Control Protocol/Internet Protocol (TCP/IP).
Transport Control Protocol/Internet Protocol (TCP/IP) An industry standard suite of protocols providing communications in a heterogeneous environment. In addition, TCP/IP provides a routable enterprise networking protocol and access to the Internet and its resources. It is a transport layer protocol that actually consists of several other protocols in a stack that operates at the session layer. Most networks support TCP/IP as a protocol.
transport driver interface (TDI) An interface that works between the file-system driver and the transport protocols, allowing any protocol written to TDI to communicate with the file-system drivers.
transport layer The fourth layer of the OSI reference model. It ensures that messages are delivered error free, in sequence, and without losses or duplications. This layer repackages messages for efficient transmission over the network. At the receiving end, the transport layer unpacks the messages, reassembles the original messages, and sends an acknowledgment of receipt. See also Open Systems Interconnection (OSI) reference model.
transport protocols Protocols that provide for communication sessions between computers and ensure that data is able to move reliably between computers.
tree A grouping of hierarchical arrangements of one or more Windows 2000 domains that share a contiguous namespace.
Trojan horse virus A type of virus that appears to be a legitimate program that might be found on any system. The Trojan horse virus can destroy files and cause physical damage to disks.
trust relationship A link between domains that enables pass-through authentication, in which a user has only one user account in one domain, yet can access the entire network. User accounts and global groups defined in a trusted domain can be given rights and resource permissions in a trusting domain even though those accounts don't exist in the trusting domain's database. A trusting domain honors the logon authentication of a trusted domain.
U
UART See universal asynchronous receiver transmitter (UART).
UDP See User Datagram Protocol (UDP).
Uniform Resource Locator (URL) An address for a resource on the Internet that provides the hypertext links between documents on the World Wide Web (WWW). Every resource on the Internet has its own location identifier, or URL, that specifies the server to access as well as the access method and the location. URLs can use various protocols including FTP and HTTP.
uninterruptible power supply (UPS) A device connected between a computer or another piece of electronic equipment and a power source, such as an electrical outlet. The UPS ensures that the electrical flow to the computer is not interrupted because of a blackout and, in most cases, protects the computer against potentially damaging events such as power surges and brownouts. Different UPS models offer different levels of protection. All UPS units are equipped with a battery and loss-of-power sensor. If the sensor detects a loss of power, it immediately switches over to the battery so that users have time to save their work and shut off the computer. Most higher-end models have features such as power filtering, sophisticated surge protection, and a serial port so that an operating system capable of communicating with a UPS (such as Windows 2000) can work with the UPS to facilitate automatic system shutdown.
universal asynchronous receiver transmitter (UART) A module, usually composed of a single integrated circuit, that contains both the receiving and transmitting circuits required for asynchronous serial communication. Two computers, each equipped with a UART, can communicate over a simple wire connection. The operation of the sending and receiving units are not synchronized by a common clock signal, so the data stream itself must contain information about when packets of information (usually bytes) begin and end. This information about the beginning and ending of a packet is provided by the start and stop bits in the data stream. A UART is the most common type of circuit used in personal-computer modems.
universal serial bus (USB) A serial bus with a data transfer rate of 12 megabits per second (Mbps) for connecting peripherals to a microcomputer. USB can connect up to 127 peripheral devices to the system through a single, general-purpose port. This is accomplished by daisy chaining peripherals together. USB is designed to support the ability to automatically add and configure new devices and the ability to add such devices without having to shut down and restart the system.
UPS See uninterruptible power supply (UPS).
URL See Uniform Resource Locator (URL).
USB See universal serial bus (USB).
user account An account that consists of all of the information that defines a user on a network. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the system and accessing its resources.
User Datagram Protocol (UDP) A connectionless protocol, responsible for end-to-end data transmission.
user groups Groups of users who meet online or in person to discuss installation, administration, and other network challenges for the purpose of sharing and drawing on each other's expertise in developing ideas and solutions.
V
virtual circuit A series of logical connections between a sending computer and a receiving computer. The connection is made after both computers exchange information and agree on communication parameters that establish and maintain the connection, including maximum message size and path. Virtual circuits incorporate communication parameters such as acknowledgments, flow control, and error control to ensure reliability. They can be either temporary, lasting only as long as the conversation, or permanent, lasting as long as the users keep the communication channel open.
virtual memory The space on one or more of a computer's hard disks used by Windows 2000 as if it were RAM. This space on the hard disks is known as a paging file. The benefit of virtual memory is being able to run more applications at one time than would be possible by using just the RAM (physical memory) on the computer.
virtual private network (VPN) A set of computers on a public network such as the Internet that communicate among themselves using encryption technology. In this way, their messages are safe from being intercepted and understood by unauthorized users. VPNs operate as if the computers were connected by private lines.
virus Computer programming, or code, that hides in computer programs or on the boot sector of storage devices such as hard-disk drives and floppy-disk drives. The primary purpose of a virus is to reproduce itself as often as possible; a secondary purpose is to disrupt the operation of the computer or the program.
volume set A collection of hard-disk partitions that are treated as a single partition, thus increasing the disk space available in a single drive letter. Volume sets are created by combining between 2 and 32 areas of unformatted free space on one or more physical drives. These spaces form one large logical volume set that is treated like a single partition.
VPN See virtual private network (VPN).
W
wide area network (WAN) A computer network that uses long-range telecommunication links to connect networked computers across long distances.
winipcfg A diagnostic command specific to Microsoft Windows 95 and 98. Although this graphical user interface utility (GUI) duplicates the functionality of ipconfig, its GUI makes it easier to use. See also ipconfig.
workgroup A collection of computers grouped for sharing resources such as data and peripherals over a LAN. Each workgroup is identified by a unique name. See also domain; peer-to-peer network.
World Wide Web (the Web, or WWW) The Internet multimedia service that contains a vast storehouse of hypertext documents written in HTML. See also Hypertext Markup Language (HTML).
WORM See Write-Once Read-Many (WORM).
Write-Once Read-Many (WORM) Any type of storage medium to which data can be written only once but can be read any number of times. Typically, this is an optical disc whose surface is permanently etched using a laser to record information.
Z
Zone A discrete portion of the domain name space. Zones provide a way to partition the domain name space into discrete manageable sections.
Chapter 1
Review Questions
What is the major difference between a workgroup and a domain?
The major difference between a workgroup and a domain is where the user account information resides for user logon authentication. For a workgroup, user account information resides in the local security database on each computer in the workgroup. For the domain, the user account information resides in the Active Directory database.
What are Active Directory directory services, and what do they provide?
Active Directory directory services comprise the Windows 2000 directory service. A directory service consists of a database that stores information about network resources, such as computers and printers, and the services that make this information available to users and applications. Active Directory directory services also provide administrators with the capability to control access to resources.
What information must a user provide when he or she logs on to a computer?
A user name and a password.
What happens when a user logs on locally to a computer?
Windows 2000 authenticates the user during the logon process by comparing the user's logon information to the user's information in the local database and verifies the identity of the user. Only valid users can gain access to resources and data on a computer.
How do you use the Windows 2000 Security dialog box?
The Windows 2000 Security dialog box provides easy access to important security options, which include the ability to lock a computer, change a password, log off of a computer, stop programs that aren't responding, and shut down the computer.
Chapter 2
Review Questions
Your company has decided to install Windows 2000 Professional on all new computers that are purchased for desktop users. What should you do before you purchase new computers to ensure that Windows 2000 can be installed and run without difficulty?
Verify that the hardware components meet the minimum requirements for Windows 2000. Also, verify that all of the hardware components that are installed in the new computers are on the Windows 2000 HCL. If a component is not listed, contact the manufacturer to verify that a Windows 2000 driver is available.
You are attempting to install Windows 2000 Professional from a CD-ROM; however, you have discovered that your computer doesn't support booting from the CD-ROM drive. How can you install Windows 2000?
Start the computer by using the Setup boot disks. When prompted, insert the Windows 2000 Professional CD-ROM, and then continue setup.
You are installing Windows 2000 Server on a computer that will be a client in an existing Windows 2000 domain. You want to add the computer to the domain during installation. What information do you need, and which computers must be available on the network before you run the Setup program?
You need the DNS domain name of the domain that you are joining. You must also make sure that a computer account for the client exists in the domain, or you must have the user name and password of a user account in the domain with the authority to create computer accounts in the domain. A server running the DNS service and a domain controller in the domain you are joining must be available on the network.
You are using a CD-ROM to install Windows 2000 Professional on a computer that was previously running another operating system. How should you configure the hard disk to simplify the installation process?
Use a disk partitioning tool to remove any existing partitions, and then create and format a new partition for the Windows 2000 installation.
You are installing Windows 2000 Professional over the network. Before you install to a client computer, what must you do?
Locate the path to the shared installation files on the distribution server. Create a 500-MB FAT partition on the target computer (1 GB recommended). Create a client disk with a network client so that you can connect from the computer, without an operating system, to the distribution server.
Chapter 3
Practice Questions
Lesson 2: Using Consoles
Practice: Creating a Customized Microsoft Management Console
· To remove extensions from a snap-in
Click Computer Management (Local), and then click the Extensions tab.
The MMC displays a list of available extensions for the Computer Management snap-in.
What option determines which extensions the MMC displays in the Available Extensions list in this dialog box?
The available extensions depend on which snap-in you select.
Review Questions
When and why would you use an extension?
You use an extension when specific snap-ins need additional functionality—extensions are snap-ins that provide additional administrative functionality to another snap-in.
You need to create a custom console for an administrator who needs to use only the Computer Management and Active Directory Users And Computers snap-ins. The administrator
Must not be able to add any additional snap-ins.
Needs full access to all snap-ins.
Must be able to navigate between snap-ins.
Which console mode would you use to configure the custom console?
User mode, Full Access.
What do you need to do to remotely administer a computer running Windows 2000 Server from a computer running Windows 2000 Professional?
Windows 2000 Professional doesn't include all snap-ins that are included with Windows 2000 Server. To enable remote administration of many Windows 2000 Server components from a computer running Windows 2000 Professional, you need to add the required snap-ins on the computer running Windows 2000 Professional.
You need to schedule a maintenance utility to automatically run once a week on your computer, which is running Windows 2000 Professional. How do you accomplish this?
Use Task Scheduler to schedule the necessary maintenance utilities to run at specific times.
Chapter 4
Review Questions
What should you do if you can't see any output on the secondary display?
If you can't see any output on the secondary display, try the following:
Activate the device in the Display Properties dialog box.
Confirm that you chose the correct video driver.
Restart the computer and check its status in Device Manager.
Switch the order of the display adapters on the motherboard.
You have configured recovery options on a computer running Windows 2000 Professional to write debugging information to a file if a system failure occurs. You notice, however, that the file isn't being created. What could be causing this problem?
The problem could be one or more of the following:
The paging file size could be set to less than the amount of physical RAM in your system.
The paging file might not be located on your system partition.
You might not have enough free space to create the Memory.dmp file.
How can you optimize virtual memory performance?
To optimize virtual memory, do the following:
If you have multiple hard disks, create a separate paging file on each hard disk.
Move the paging file off of the disk that contains the Windows 2000 system files.
Set the minimum size of the paging file to be equal to or greater than the amount of disk space that is allocated by Virtual Memory Manager when your system is operating under a typical load.
You installed a new network interface card (NIC) in your computer, but it doesn't seem to be working. Describe how you would troubleshoot this problem.
You would do the following to troubleshoot the problem:
Check Device Manager to determine whether Windows 2000 properly detected the network card.
If the card isn't listed in Device Manager, run the Add/Remove Hardware wizard to have Windows 2000 detect the new card. If the card is listed in Device Manager but the icon representing the new card contains either an exclamation mark or a stop sign, view the properties of the card for further details. You might need to reinstall the drivers for the card, or the card might be causing a resource conflict.
Chapter 5
Practice Questions
Lesson 2: Using Registry Editor
Practice: Using Registry Editor
Exercise 1: Exploring the Registry
· To view information in the registry
Double-click the HARDWARE\DESCRIPTION\System subkey to expand it, and then answer the following questions:
What is the basic input/output system (BIOS) version of your computer and its date?
Answers will vary based on the contents of the SYSTEMBIOSVERSION and SYSTEMBIOSDATE entries.
What is the computer type of your local machine according to the Identifier entry?
Answers might vary; it will likely be AT/AT compatible.
Expand the SOFTWARE\Microsoft\Windows NT\CurrentVersion subkey, and then fill in the following information.
Software configuration
Value and string
Current build number
2195 (for Evaluation Software)
Current version
5
Registered organization
Answers will vary.
Registered owner
Answers will vary.
Review Questions
What is the registry and what does it do?
The registry is a hierarchical database that stores Windows 2000 hardware and software settings. The registry controls the Windows 2000 operating system by providing the appropriate initialization information to start applications and load components, such as device drivers and network protocols. The registry contains a variety of different types of data, including the hardware installed on the computer, the installed device drivers, applications, network protocols, and network adapter card settings.
What is a hive?
A hive is a discrete body of keys, subkeys, and entries. Each hive has a corresponding registry file and a .LOG file located in systemroot\System32\Config. Windows 2000 uses the .LOG file to record changes and to ensure the integrity of the registry.
What is the recommended editor for viewing and modifying the registry?
Regedt32.exe is the recommended editor for viewing and modifying the registry.
What option should you enable when you are viewing the contents of the registry? Why?
Using Registry Editor incorrectly can cause serious, systemwide problems that could require reinstallation of Windows 2000. When using Registry Editor to view data, save a backup copy of the registry file before viewing and click Read Only Mode on the Options menu to prevent accidental updating or deleting of configuration data.
Chapter 6
Practice Questions
Lesson 2: Common Disk Management Tasks
Practice: Working with Dynamic Storage
Exercise 2: Extending a Volume
· To examine the new volume
Change the working directory to the root directory of drive C (if necessary) or to the root directory of the drive where you mounted your volume, type dir and then press Enter.
How much free space does the Dir command report?
Answer will vary.
Why is there a difference between the free space reported for drive C and the free space reported for C:\Mount? (If you mounted your volume on a drive other than drive C, replace C with the appropriate drive letter.)
The amount of free space reported for C:\Mount is the amount of free space available on the mounted volume.
Review Questions
You install a new 10-GB disk drive that you want to divide into five equal 2-GB sections. What are your options?
You can leave the disk as a basic disk and then create a combination of primary partitions (up to three) and logical drives in an extended partition; or, you can upgrade the disk to a dynamic disk and create five 2-GB simple volumes.
You are trying to create a striped volume on your Windows NT Server to improve performance. You confirm that you have enough unallocated disk space on two disks in your computer, but when you right-click an area of unallocated space on a disk, your only option is to create a partition. What is the problem and how would you resolve it?
You can create striped volumes only on dynamic disks. The option to create a partition rather than a volume indicates that the disk you are trying to use is a basic disk. You will need to upgrade all of the disks that you want to use in your striped volume to dynamic disks before you stripe them.
You add a new disk to your computer and attempt to extend an existing volume to include the unallocated space on the new disk, but the option to extend the volume isn't available. What is the problem and how would you resolve it?
The existing volume is not formatted with Microsoft Windows 2000 File System (NTFS). You can extend only NTFS volumes. You should back up any data on the existing volume, convert it to NTFS, and then extend the volume.
You dual boot your computer with Windows 98 and Windows 2000 Professional. You upgrade a second drive—which you are using to archive files—from basic storage to dynamic storage. The next time you try to access your archived files from Windows 98, you are unable to read the files. Why?
Only Windows 2000 can read dynamic storage.
Chapter 7
Practice Questions
Lesson 1: TCP/IP
Practice: Installing and Configuring TCP/IP
Exercise 2: Configuring TCP/IP to Use a Static IP Address
· To test the static TCP/IP configuration
To verify that the IP address is working and configured for your adapter, type ping 127.0.0.1 and then press Enter.
What happens?
Four Reply from 127.0.0.l messages should appear.
If you have a computer that you are using to test connectivity, type ping ip_address (where ip_address is the IP address of the computer you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip to step 7.
What happens?
Four Reply from ip_address messages should appear.
Exercise 3: Configuring TCP/IP to Automatically Obtain an IP Address
· To configure TCP/IP to automatically obtain an IP address
Click Obtain An IP Address Automatically.
Which IP address settings will the DHCP Service configure for your computer?
IP address and subnet mask.
Exercise 4: Obtaining an IP Address by Using Automatic Private IP Addressing
· To obtain an IP address by using Automatic Private IP Addressing
At the command prompt, type ipconfig /renew and then press Enter.
There will be a pause while Windows 2000 attempts to locate a DHCP server on the network.
What message appears, and what does it indicate?
DHCP Server Unreachable.
Your computer was not assigned an address from a DHCP server because there wasn't one available.
· To test the TCP/IP configuration
At the command prompt, type ipconfig more and then press Enter.
Pressing Spacebar as necessary, record the current TCP/IP settings for your local area connection in the following table.
Setting
Value
IP address
Answer will vary.
Subnet mask
Answer will vary.
Default gateway
Answer will vary.
Is this the same IP address assigned to your computer in Exercise 3? Why or why not?
No, the IP address isn't the same as the one assigned in Exercise 3. In this exercise, the Automatic Private IP Addressing feature of Windows 2000 assigned the IP address because a DHCP server wasn't available. In Exercise 3, the DHCP Service assigned an IP address.
If you have a computer to test TCP/IP connectivity with your computer, type ping ip_address (where ip_address is the IP address of the computer that you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip this step and proceed to Exercise 5.
Were you successful? Why or why not?
Answers will vary. If you don't have a computer that you can use to test your computer's connectivity, you can't do this exercise.
No, because the computer you are using to test your computer's connectivity is configured with a static IP address in another network and no default gateway is configured on your computer.
Yes, because the computer you are using to test your computer's connectivity is also configured with an IP address assigned by Automatic Private IP Addressing and it is on the same subnet so that a default gateway is unnecessary.
Lesson 2: NWLink
Practice: Installing and Configuring NWLink
· To install and configure NWLink
Click Protocol, and then click Add.
The Select Network Protocol dialog box appears.
Which protocols can you install?
AppleTalk, DLC, NetBEUI, Network Monitor Driver, and NWLink IPX/SPX/NetBIOS Compatible Transport Protocol.
Select NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and then click Properties.
Which type of frame detection is selected by default?
Auto frame type detection.
Lesson 4: Network Bindings
Practice: Working with Network Bindings
Exercise 1: Changing the Binding Order of a Protocol
· To change the protocol binding order
Maximize the Network And Dial-Up Connections window, and on the Advanced menu, click Advanced Settings.
The Advanced Settings dialog box appears.
What is the order of the protocols listed under Client For Microsoft Networks in the Bindings For Local Area Connection list?
The first protocol listed under Client For Microsoft Networks is NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and the second one is Internet Protocol (TCP/IP).
Review Questions
Your computer running Windows 2000 Client for Microsoft Networks was configured manually for TCP/IP. You can connect to any host on your own subnet, but you can't connect to or even ping any host on a remote subnet. What is the likely cause of the problem and how would you fix it?
The default gateway might be missing or incorrect. You specify the default gateway in the Internet Protocol (TCP/IP) Properties dialog box (under Network And Dial-Up Connections in My Network Places). Other possibilities are that the default gateway is offline or that the subnet mask is incorrect.
Your computer running Windows 2000 Professional can communicate with some, but not all, of the NetWare servers on your network. Some of the NetWare servers are running frame type 802.2 and some are running 802.3. What is the likely cause of the problem?
Although the NWLink implementation in Windows 2000 can automatically detect a frame type for IPX/SPX-compatible protocols, it can automatically detect only one frame type. This network uses two frame types; you must manually configure the additional frame type (802.3).
What are the limitations of the NetBEUI protocol?
NetBEUI can't be routed and therefore is not suitable for WANs. Since NetBEUI isn't routable, you must connect computers running Windows 2000 and NetBEUI by using bridges instead of routers.
The NetBEUI protocol relies on broadcasts for many of its functions, such as name registration and discovery, so it creates more broadcast traffic than other protocols.
What is the primary function of the DLC protocol?
DLC provides connectivity to IBM mainframes and to LAN print devices that are directly attached to the network.
What is the significance of the binding order of network protocols?
You specify the binding order to optimize network performance. For example, a computer running Windows 2000 Workstation has NetBEUI, NWLink IPX/SPX, and TCP/IP installed. However, most of the servers to which this computer connects are running only TCP/IP. You would adjust the binding order so that the workstation binding to TCP/IP is listed before the workstation bindings for the other protocols. In this way, when a user attempts to connect to a server, Client for Microsoft Networks first attempts to use TCP/IP to establish the connection.
Chapter 8
Review Questions
What is the function of the following DNS components?
Domain name space
The domain name space provides the hierarchical structure for the DNS distributed database.
Zones
Zones are used to divide the domain name space into administrative units.
Name servers
Name servers store the zone information and perform name resolution for their authoritative domain name spaces.
Why would you want to have multiple name servers?
Installing multiple name servers provides redundancy, reduces the load on the server that stores the primary zone database file, and allows for faster access speed for remote locations.
What's the difference between a forward lookup query and a reverse lookup query?
A forward lookup query resolves a name to an IP address. A reverse lookup query resolves an IP address to a name.
When would you configure your connection to obtain a DNS server address automatically?
Configure your connection to obtain a DNS server address automatically only if you have a functioning DHCP server on the network that can provide the IP address of functioning DNS servers on the network.
Chapter 9
Review Questions
What are four major features of Active Directory directory services?
Active Directory directory services offer simplified administration, scaleability, open standards support, and support for standard name formats.
What are sites and domains, and how are they different?
A site is a combination of one or more IP subnets that should be connected by a high-speed link.
A domain is a logical grouping of servers and other network resources organized under a single name.
A site is a component of Active Directory directory services' physical structure, while a domain is a component of the logical structure.
What is the schema, and how can you extend it?
The schema contains a formal definition of the contents and structure of Active Directory directory services, including all attributes, classes, and class properties. You can extend the schema by using the Schema Manager snap-in or the Active Directory Services Interface (ADSI).
Which Windows 2000 products provide Active Directory directory services?
Only the Windows 2000 Server products, which include Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter, provide Active Directory directory services. Windows 2000 Professional doesn't provide Active Directory directory services, but clients running Windows 2000 Professional that are members of a domain can use Active Directory directory services.
Chapter 10
Review Questions
Where does Windows 2000 create local user accounts?
When you create a local user account, Windows 2000 creates the account only in that computer's security database.
What different capabilities do domain user accounts and local user accounts provide to users?
A domain user account allows a user to log on to the domain from any computer in the network and to gain access to resources anywhere in the domain, provided the user has permission to access these resources. A local user account allows the user to log on at and gain access to resources on only the computer where you create the local user account.
What should you consider when you plan new user accounts?
A naming convention that ensures unique but consistent user account names.
Whether you or the user will determine the user account password.
Whether the user account should be disabled.
What information is required to create a local user account?
A user name.
What are built-in user accounts and what are they used for?
Windows 2000 automatically creates accounts called built-in accounts. Two commonly used built-in accounts are Administrator and Guest. You use the built-in Administrator account to manage the overall computer (for example, creating and modifying user accounts and groups, and setting account properties on user accounts). You use the built-in Guest account to give occasional users the ability to log on and gain access to resources.
Chapter 11
Review Questions
Why should you use groups?
Use groups to simplify administration by granting rights and assigning permissions once to the group rather than multiple times to each individual member.
How do you create a local group?
Start the Computer Management snap-in and expand Local Users And Groups. Right-click Groups, and then click New Group. Fill in the appropriate fields and then click Create.
Are there any consequences to deleting a group?
When you delete a group, the unique identifier that the system uses to represent the group is lost. Even if you create a second group with the same name, the group will not have the same identifier, so you must grant the group any permissions or rights that it once had, and you must add back the users who need to be a member of that group.
What's the difference between built-in local groups and local groups?
You create local groups and assign the appropriate permissions to them.
Windows 2000 Professional comes with precreated built-in local groups. You can't create built-in local groups. Built-in local groups give rights to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system resources.
Chapter 12
Review Questions
What's the difference between a printer and a print device?
A printer is the software interface between the operating system and the print device. The print device is the hardware device that produces printed documents.
A print server can connect to two different types of print devices. What are these two types of print devices, and what are the differences?
The two types are local and network-interface print devices. A local print device is connected directly to a physical port of the print server. A network-interface print device is connected to the print server through the network. Also, a network-interface print device requires a network interface card.
You have added and shared a printer. What must you do to set up client computers running Windows 2000 so that users can print, and why?
You (or the user) must make a connection to the printer from the client computer. When you make a connection to the printer from the client computer, Windows 2000 automatically copies the printer driver to the client computer.
What advantages does connecting to a printer by using http://server_name/printers provide for users?
It allows a user to make a connection to a printer without having to use the Add Printer wizard. It makes a connection to a Web site, which displays all of the printers for which the user has permission. The Web site also provides information on the printers to help the user make the correct selection. Also, a Web designer can customize this Web page, such as by displaying a floor plan that shows the location of print devices, which makes it easier for users to choose a print device.
Why would you connect multiple printers to one print device?
To set priorities between the printers so that users can send critical documents to the printer with the highest priority. These documents will always print before documents that are sent from printers with lower priorities.
Why would you create a printer pool?
To speed up printing. Users can print to one printer that has several print devices so that documents do not wait in the print queue. It also simplifies administration; it's easier to manage one printer for several print devices than it is to manage one printer for each print device.
Chapter 13
Practice Questions
Lesson 2: Managing Printers
Practice: Performing Printer Management
Exercise 3: Taking Ownership of a Printer
· To take ownership of a printer
On the Security tab, click Advanced, and then click the Owner tab.
Who currently owns the printer?
The Administrators group.
Lesson 3: Managing Documents
Practice: Managing Documents
· To set a notification
In the printer's window, select README.txt, and then click Properties on the Document menu.
Windows 2000 displays the README.txt Document Properties dialog box with the General tab active.
Which user is specified in the Notify box? Why?
The Notify box currently displays the user Administrator because Administrator printed the document.
· To increase the priority of a document
In the README.txt Document Properties dialog box, on the General tab, notice the default priority.
What is the current priority? Is it the lowest or highest priority?
The current priority is the default of 1, which is the lowest priority.
Review Questions
For which printer permission does a user need to change the priority on another user's document?
The Manage Documents permission.
In an environment where many users print to the same print device, how can you help reduce the likelihood of users picking up the wrong documents?
Create a separator page that identifies and separates printed documents.
Can you redirect a single document?
No. You can change the configuration of the print server only to send documents to another printer or print device, which redirects all documents on that printer.
A user needs to print a large document. How can the user print the job after hours, without being present while the document prints?
You can control print jobs by setting the printing time. You set the printing time for a document on the General tab of the Properties dialog box for the document. To open the Properties dialog box for a document, select the document in the printer's window, click the Document menu, and then click Properties. Click Only From in the Schedule section of the Properties dialog box, and then set the Only From hour to the earliest time you want the document to begin printing after regular business hours. Set the To time to a couple of hours before normal business hours start. To set the printing time for a document, you must be the owner of the document or have the Manage Documents permission for the appropriate printer.
What are the advantages of using a Web browser to administer printing?
You can administer any printer on a Windows 2000 print server on the intranet by using any computer running a Web browser, regardless of whether the computer is running Windows 2000 or has the correct printer driver installed. Additionally, a Web browser provides a summary page and reports real-time print device status, and you can customize the interface.
Chapter 14
Practice Questions
Lesson 3: Assigning NTFS Permissions
Practice: Planning and Assigning NTFS Permissions
Exercise 1: Planning NTFS Permissions
When you apply custom permissions to a folder or file, which default permission entry should you remove?
The Full Control permission for the Everyone group.
Complete the following table to plan and record your permissions:
Path
User account or group
NTFS permissions
Block inheritance (yes/no)
Apps
Administrators group
Full Control
No
Apps\WordProcessing
Users group
Read & Execute
No
Apps\Spreadsheet
Accounting group Managers groupExecutives group
Read & ExecuteRead & ExecuteRead & Execute
No
Apps\Database
Accounting groupManagers groupExecutives group
Read & ExecuteRead & ExecuteRead & Execute
No
Public
Administrators group CreatorOwnerUsers group
Full ControlFull Control Write
No
Public\Library
Administrators group Users group
Full ControlRead & Execute
Yes
Public\Manuals
Administrators groupUsers group User81
Full Control Read & Execute Full Control
Yes
Exercise 2: Assigning NTFS Permissions for the Public Folder
· To remove permissions from the Everyone group
Click the Security tab to display the permissions for the Public folder.
Windows 2000 displays the Public Properties dialog box with the Security tab active.
What are the existing folder permissions?
The Everyone group has Full Control.
Notice that the current allowed permissions can't be modified.
Under Name, select the Everyone group, and then click Remove.
What do you see?
Windows 2000 displays a message box indicating that you can't remove "Everyone" because the folder is inheriting the permissions for the Everyone group from its parent folder. To change permissions for Everyone, you must first block inheritance.
Click Remove.
What are the existing folder permissions?
No permissions are currently assigned.
· To assign permissions to the Users group for the Public folder
Click OK to return to the Public Properties dialog box.
What are the existing allowed folder permissions?
The Users group has the following permissions: Read & Execute, List Folder Contents, and Read. These are the default permissions that Windows 2000 assigns when you add a user account or group to the list of permissions.
· To assign permissions to the CREATOR OWNER group for the Public folder
Under Permission Entries, select CREATOR OWNER if necessary.
Which permissions are assigned to CREATOR OWNER, and where do these permissions apply?
Full Control permission is applied to subfolders and files only. Permissions that are assigned to the CREATOR OWNER group are not applied to the folder but only to new files and folders that are created within the folder.
· To test the folder permissions that you assigned for the Public folder
In the Public folder, attempt to create a text file named User81.
Were you successful? Why or why not?
Yes, because the Users group is assigned the Write permission for the Public folder.
Exercise 4: Testing NTFS Permissions
· To test permissions for the Misc folder while logged on as User81
Attempt to create a file in the Misc folder.
Were you successful? Why or why not?
No, because only User82 has NTFS permissions to create and modify files in the Misc folder.
· To test permissions for the Misc folder while logged on as User82
Attempt to create a file in the Misc folder.
Were you successful? Why or why not?
Yes, because User82 has the Modify permission for the folder.
· To test permissions for the Manuals folder while logged on as Administrator
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
Yes, because the Administrators group has the Full Control permission for the Manuals folder.
· To test permissions for the Manuals folder while logged on as User81
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
No, because User81 has only the Read & Execute permission for the Manuals folder.
· To test permissions for the Manuals folder while logged on as User82
Attempt to create a file in the Manuals folder.
Were you successful? Why or why not?
Yes, because User82 is a member of the Manuals group, which has been assigned the Modify permission for the Sales folder.
Lesson 6: Solving Permissions Problems
Practice: Managing NTFS Permissions
Exercise 1: Taking Ownership of a File
· To determine the permissions for a file
Click the Security tab to display the permissions for the Owner.txt file.
What are the current allowed permissions for Owner.txt?
The Administrators group has the Full Control permission.
The Users group has the Read & Execute permission.
Click the Owner tab.
Who is the current owner of the Owner.txt file?
The Administrators group.
· To take ownership of a file
Click Advanced to display the Access Control Settings For Owner dialog box, and then click the Owner tab.
Who is the current owner of Owner.txt?
The Administrators group.
In the Change Owner To box, select User84, and then click Apply.
Who is the current owner of Owner.txt?
User84.
Exercise 2: Copying and Moving Folders
· To create a folder while logged on as a user
While you are logged on as User84, in Windows Explorer, in drive C, create a folder named Temp1.
What are the permissions that are assigned to the folder?
The Everyone group has Full Control.
Who is the owner? Why?
User84 is the owner because the person who creates a folder or file is the owner.
· To create a folder while logged on as Administrator
In drive C, create the following two folders: Temp2 and Temp3.
What are the permissions for the folders that you just created?
The Everyone group has the Full Control permission.
Who is the owner of the Temp2 and Temp3 folders? Why?
The Administrators group is the owner of the Temp2 and Temp3 folders because a member of the Administrators group created these folders.
· To copy a folder to another folder within a Windows 2000 NTFS volume
Select C:\Temp1\Temp2, and then compare the permissions and ownership with C:\Temp2.
Who is the owner of C:\Temp1\Temp2 and what are the permissions? Why?
The owner is still the Administrators group because you are logged on as Administrator. When a folder or file is copied within an NTFS volume, the person who copies the folder or file becomes the owner.
The Everyone group has the Full Control permission because when a folder or file is copied within an NTFS volume, the folder or file inherits the permissions of the folder into which it is copied.
· To move a folder within the same NTFS volume
In Windows Explorer, select C:\Temp3, and then move it to C:\Temp1.
What happens to the permissions and ownership for C:\Temp1\Temp3? Why?
The Backup Operators group has Read & Execute permission and the Users group has Full Control. The Administrators group is the owner of C:\Temp1\Temp3.
C:\Temp1\Temp3 retains the original permissions as C:\Temp3. This is because when a file or folder is moved within the same NTFS volume, the file or folder retains its original permissions. Even though User84 did the moving, the folder's creator remains the owner.
Exercise 3: Deleting a File With All Permissions Denied
· To view the result of the Full Control permission for a folder
In Windows Explorer, double-click Noaccess.txt in the Fullaccess folder to open the file.
Were you successful? Why or why not?
No. The Everyone group has been denied the Full Control permission for C:\ FullControl\Noaccess.txt. The Administrator user account is a member of the Everyone group.
Delete Noaccess.txt.
Were you successful? Why or why not?
Yes, because Full Control includes the Delete Subfolders and Files special permission for POSIX compliance. This special permission allows a user to delete files in the root of a folder to which the user has been assigned the Full Control permission. This permission overrides the file permissions.
How would you prevent users with Full Control permission for a folder from deleting a file in that folder for which they have been denied the Full Control permission?
Allow users all of the individual permissions, and then deny users the Delete Subfolders and Files special permission.
Review Questions
What is the default permission when a volume is formatted with NTFS? Who has access to the volume?
The default permission is Full Control. The Everyone group has access to the volume.
If a user has Write permission for a folder and is also a member of a group with Read permission for the folder, what are the user's effective permissions for the folder?
The user has both Read permission and Write permission for the folder because NTFS permissions are cumulative.
If you assign the Modify permission to a user account for a folder and the Read permission for a file, and then you copy the file to that folder, which permission does the user have for the file?
The user can modify the file because the file inherits the Modify permission from the folder.
What happens to permissions that are assigned to a file when the file is moved from one folder to another folder on the same NTFS volume? What happens when the file is moved to a folder on another NTFS volume?
When the file is moved from one folder to another folder on the same NTFS volume, the file retains its permissions. When the file is moved to a folder on a different NTFS volume, the file inherits the permissions of the destination folder.
If an employee leaves the company, what must you do to transfer ownership of his or her files and folders to another employee?
You must be logged on as Administrator to take ownership of the employee's folders and files. Assign the Take Ownership special access permission to another employee to allow that employee to take ownership of the folders and files. Notify the employee to whom you assigned Take Ownership to take ownership of the folders and files.
What three details should you check when a user can't gain access to a resource?
Check the permissions that are assigned to the user account and to groups in which the user is a member.
Check whether the user account, or a group of which the user is a member, has been denied permission for the file or folder.
Check whether the folder or file has been copied to any other file or folder or moved to another volume. If it has, the permissions will have changed.
Chapter 15
Practice Questions
Lesson 1: Understanding Shared Folders
Practice: Applied Permissions
User101 is a member of Group1, Group2, and Group3. Group1 has Read permission and Group3 has Full Control permission for FolderA. Group2 has no permissions assigned for FolderA. What are User101's effective permissions for FolderA?
Since User101 gets the permissions of all groups, User101's effective permission for FolderA is Full Control, which also includes all capabilities of the Read permission.
User101 is also a member of the Sales group, which has the Read permission for FolderB. User101 has been denied the shared folder permission Full Control for FolderB as an individual user. What are User101's effective permissions for FolderB?
User101 has no access to FolderB. Even though User101 is a member of the Sales group, which has Read permission for FolderB, User101 has been denied Full Control access to FolderB. Denied permissions override all other permissions.
Lesson 4: Combining Shared Folder Permissions and NTFS Permissions
Practice: Managing Shared Folders
Exercise 1: Combining Permissions
In the first example, the Data folder is shared. The Sales group has the shared folder Read permission for the Data folder and the NTFS Full Control permission for the Sales subfolder.
What are the Sales group's effective permissions for the Sales subfolder when they gain access to the Sales subfolder by making a connection to the Data shared folder?
The Sales group has the Read permission for the Sales subfolder because when shared folder permissions are combined with NTFS permissions, the more restrictive permission applies.
In the second example, the Users folder contains user home folders. Each user home folder contains data that is accessible only to the user for whom the folder is named. The Users folder has been shared, and the Users group has the shared folder Full Control permission for the Users folder. User1 and User2 have the NTFS Full Control permission for only their home folder and no NTFS permissions for other folders. These users are all members of the Users group.
What permissions does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder? What are User1's permissions for the User2 subfolder?
User1 has the Full Control permission for the User1 subfolder because both the shared folder permission and the NTFS permission allow Full Control. User1 can't access the User2 subfolder because she or he has no NTFS permissions to gain access to it.
Exercise 2: Planning Shared Folders
Record your answers in the table.
You have two choices for permissions. You can rely entirely on NTFS permissions and assign Full Control for all shared folders to the Everyone group, or you can use shared folder permissions according to resource needs. The following suggested shared folders include required permissions if you decide to assign shared folder permissions.
Share Management Guidelines as MgmtGd. Assign the Full Control permission to the Managers group.
Share Data as Data. Assign the Full Control permission to the Administrators built-in group.
Share Data\Customer Service as CustServ. Assign the Change permission to the Customer Service group.
Share Data\Public as Public. Assign the Change permission to the Users built-in group.
Share Applications as Apps. Assign the Read permission to the Users built-in group and the Full Control permission to the Administrators built-in group.
Share Project Management as ProjMan. Assign the Change permission to the Managers group and the Full Control permission to the Administrators built-in group.
Share Database\Customers as CustDB. Assign the Change permission to the CustomerDBFull group, the Read permission to the CustomerDBRead group, and the Full Control permission to the Administrators built-in group.
Share Users as Users. Create a folder for every employee below this folder. Assign the Full Control permission to each employee for his or her own folder. Preferably, have Windows 2000 create the folder and assign permissions automatically when you create each user account.
Exercise 4: Assigning Shared Folder Permissions
· To assign Full Control to the Administrators group
Click OK.
Windows 2000 adds Administrators to the list of names with permissions.
Which type of access does Windows 2000 assign to Administrators by default?
The Read permission.
In the Permissions box, under Allow, click the Full Control check box.
Why did Windows Explorer also select the Change permission for you?
Full Control includes both the Change permission and the Read permission.
Exercise 5 (Optional): Connecting to a Shared Folder
· To connect a network drive to a shared folder by using the Map Network Drive command
To complete the connection, click Finish.
Windows 2000 displays the MktApps On 'PRO1' (P:) window.
How does Windows Explorer indicate that this drive points to a remote shared folder?
Windows Explorer uses an icon that shows a network cable attached to the drive. The network cable icon indicates a mapped network drive.
Exercise 8 (Optional): Testing NTFS and Shared Folder Permissions
· To test permissions for the Manuals folder when a user logs on locally
In the Manuals folder, attempt to create a file.
Were you successful? Why or why not?
No. Only Administrators have the NTFS permission to create and modify files in the Manuals folder.
· To test permissions for the Manuals folder when a user makes a connection over the network
In the Manuals window, attempt to create a file.
Were you successful? Why or why not?
No. Although the Users group has the Full Control shared folder permission for \\PRO1\MktApps, only Administrators have the NTFS permission to create and modify files in the Manuals folder.
· To test permissions for the Manuals folder when a user logs on over the network as Administrator
In the Manuals window, attempt to create a file.
Were you successful? Why or why not?
Yes. Administrator has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Manuals.
· To test permissions for the Public folder when a user makes a connection over the network
In the Public window, attempt to create a file.
Were you successful? Why or why not?
Yes. User1 has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Public.
Review Questions
When a folder is shared on a FAT volume, what does a user with the Full Control shared folder permissions for the folder have access to?
All folders and files in the shared folder.
What are the shared folder permissions?
Full Control, Change, and Read.
By default, what are the permissions that are assigned to a shared folder?
The Everyone group is assigned the Full Control permission.
When a folder is shared on an NTFS volume, what does a user with the Full Control shared folder permissions for the folder have access to?
Only the folder, but not necessarily any of the folder's contents. The user would also need NTFS permissions for each file and subfolder in the shared folder to gain access to those files and subfolders.
When you share a public folder, why should you use centralized data folders?
Centralized data folders enable data to be backed up easily.
What is the best way to secure files and folders that you share on NTFS partitions?
Put the files that you want to share in a shared folder and keep the default shared folder permission (the Everyone group with the Full Control permission for the shared folder). Assign NTFS permissions to users and groups to control access to all contents in the shared folder or to individual files.
Chapter 16
Review Questions
What two tasks must you perform to audit access to a file?
Set the audit policy for object access and configure the file for the type of access to audit.
Who can set up auditing for a computer?
By default, only members of the Administrators group can set up and administer auditing. You can also give other users the Manage Auditing and Security log user right, which is required to configure an audit policy and review audit logs.
When you view a security log, how do you determine whether an event failed or succeeded?
Successful events appear with a key icon; unsuccessful events appear with a lock icon.
If you click the Do Not Overwrite Events option in the Properties dialog box for an audit log, what happens when the log file becomes full?
Windows 2000 will stop. You must clear the log manually.
Chapter 17
Practice Questions
Lesson 1: Configuring Account Policies
Practice: Configuring Account Policies
Exercise 2: Configuring and Testing Additional Account Policies Settings
· To configure Account Policies settings
Use the Group Policy snap-in to configure the following Account Policies settings:
A user should have at least five different passwords before he or she accesses a previously used password.
After changing a password, a user must wait 24 hours before changing it again.
A user should change his or her password every three weeks.
Which settings did you use for each of the three listed items?
Set Enforce Password History to 5 so that a user must have at least five different passwords before he or she can access a previously used password.
Set Minimum Password Age to one day so that a user must wait 24 hours before he or she can change it again.
Set Maximum Password Age to 21 days so that a user must change his/her password every three weeks.
· To test Account Policies settings
Change your password to waters.
Were you successful? Why or why not?
You were successful because the minimum password length is set to 6, and the password waters contains six characters.
Change your password to papers.
Were you successful? Why or why not?
You weren't successful because you must wait 24 hours (one day) before you can change your password a second time. A Change Password dialog box appeared indicating that you can't change the password at this time.
Exercise 3: Configuring Account Lockout Policy
· To configure the Account Lockout Policy settings
Use Account Lockout Policy settings to do the following:
Lock out a user account after four failed logon attempts.
Lock out user accounts until the administrator unlocks the user account.
Which Account Lockout Policy settings did you use for each of the two conditions?
Set Account Lockout Threshold to 4 to lock out a user account after four failed logon attempts. When you set one of the three Account Lockout Policy options and the other two options have not been set, a dialog box appears indicating that the other two options will be set to default values.
Set Account Lockout Duration to 0 to have locked accounts remain locked until the administrator unlocks them.
Review Questions
Why would you want to force users to change passwords?
Forcing users to change passwords regularly will decrease the chances of an unauthorized person breaking into your computer. If a user account and password combination for your computer falls into unauthorized hands, forcing users to change their passwords regularly will cause the user account and password combination to fail and secure the computer.
Why would you want to control the length of the passwords used on your computers?
Longer passwords are more difficult to figure out because there are more characters to discover. In general, you want to do what you can to make it difficult to get unauthorized access to your computers.
Why would you want to lock out a user account?
If a user forgets his or her password, he or she can ask the administrator to reset the password. If someone repeatedly enters an incorrect password, the person is probably trying to gain unauthorized access to your computer. Setting a limit on the number of failed logon attempts and locking out any user account that exceeds this number makes it more difficult for someone to gain unauthorized access to your computers.
Why would you want to force users to press Ctrl+Alt+Delete before they can log on to your computers?
To increase security on your computers, you can force users to press Ctrl+Alt+Delete before they can log on. This key combination is recognized only by Windows and ensures that only Windows is receiving the password and not a Trojan horse program waiting to capture your password.
How do you prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box?
To prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box, click the Local Policies node in the console tree of the Local Security Settings window, and then click Security Options. In the details pane, right-click Do Not Display Last User Name In Logon Screen, click Security, and then disable this feature.
Chapter 18
Practice Questions
Lesson 1: Managing NTFS Compression
Practice: Managing NTFS Compression
Exercise 1: Compressing Files in an NTFS Partition
· To view the capacity and free space for drive C
Right-click drive C, and then click Properties.
Windows 2000 displays the Local Disk (C:) Properties dialog box with the General tab active.
What is the capacity of drive C?
Answers will vary.
What is the free space on drive C?
Answers will vary.
· To uncompress a folder
Click OK to close the CompTest2 Properties dialog box.
Since the CompTest2 folder is empty, Windows 2000 doesn't display the Confirm Attributes Changes dialog box asking you to specify whether to uncompress only this folder or this folder and all subfolders.
What indication do you have that the CompTest2 folder is no longer compressed?
The CompTest2 folder name is displayed in black.
Exercise 2: Copying and Moving Files
· To create a compressed file
Type Text1 and then press Enter.
How can you verify that Text1 is compressed?
The name of the file is displayed in blue. You could also check the properties for the file.
· To copy a compressed file to an uncompressed folder
Examine the properties for Text1 in the CompTest2 folder.
Is the Text1.txt file in the CompTest\CompTest2 folder compressed or uncompressed? Why?
Uncompressed. A new file inherits the compression attribute of the folder in which it is created.
· To move a compressed file to an uncompressed folder
Examine the properties of the Text1.txt file in the CompTest folder.
Is Text1.txt compressed or uncompressed?
Compressed.
Examine the properties of Text1.txt in the CompTest2 folder.
Is Text1.txt compressed or uncompressed? Why?
Compressed. When a file is moved to a new folder on the same partition, its compression attribute doesn't change.
Lesson 2: Managing Disk Quotas
Practice: Enabling and Disabling Disk Quotas
Exercise 1: Configuring Quota Management Settings
· To configure default quota management settings
On the Quota tab, click the Enable Quota Management check box.
What is the default disk space limit for new users?
1 KB.
· To configure quota management settings for a user
On the Quota tab of the Local Disk (C:) Properties dialog box, click the Quota Entries button.
Windows 2000 displays the Quota Entries For Local Disk (C:) window.
Are any user accounts listed? Why or why not?
Yes. The accounts listed are those that have logged on and gained access to drive C.
Click OK.
Windows 2000 displays the Add New Quota Entry dialog box.
What are the default settings for the user you just set a quota limit for?
Limit disk space to 10 MB and Set the warning level to 6 MB. These are the default settings that are selected for drive C.
· To test quota management settings
Copy the i386 folder from your CD-ROM to the User5 folder.
Windows 2000 Professional begins copying files from the i386 folder on the CD-ROM to a new i386 folder in the User5 folder on drive C. After copying several files, however, Windows 2000 displays the Error Copying File Or Folder dialog box indicating that there isn't enough room on the disk.
Why did you get this error message?
You have exceeded your quota limit and since the Deny Disk Space To Users Exceeding Quota Limit check box is selected, once you exceed your quota limit, you can't use more disk space.
Lesson 3: Increasing Security with EFS
Practice: Encrypting and Decrypting Files
Exercise 2: Testing the Encrypted Files
· To test an encrypted file
Start Windows Explorer and open the file File1.txt in the Secret folder.
What happens?
A Notepad dialog box appears indicating that Access Is Denied.
Review Questions
You are the administrator for a computer running Windows 2000 Professional. You want to restrict users to 25 MB of available storage space. How do you configure the volumes on the computer?
Format all volumes with NTFS and enable disk quotas for all of the volumes. Specify a limit of 25 MB and select the Deny Disk Space To Users Exceeding Quota Limit check box.
The Sales department archives legacy sales data on a network computer running Windows 2000 Professional. Several other departments share the computer. You have begun to receive complaints from users in other departments that the computer has little remaining disk space. What can you do to alleviate the problem?
Compress the folders that the Sales department uses to store archive data.
Your department has recently archived several gigabytes of data from a computer running Windows 2000 Professional to CD-ROMs. As users have been adding files to the computer, you have noticed that the computer has been taking longer than usual to gain access to the hard disk. How can you increase disk access time for the computer?
Use Disk Defragmenter to defragment files on the computer's hard disk.
Chapter 19
Practice Questions
Lesson 2: Backing Up Data
Practice: Backing Up Files
Exercise 1: Starting a Backup Job
· To back up files by using Backup wizard
Click Replace The Data On The Media With This Backup.
When is it appropriate to select the check box labeled Allow Only The Owner And The Administrator Access To The Backup Data And To Any Backups Appended To This Media?
Unless the data that is being backed up will be restored by anyone other than the person doing the backing up or an administrator, you should consider selecting this check box if you want to minimize the risk of unauthorized access to your data.
Exercise 2: Creating and Running an Unattended Backup Job
· To verify that the backup job was performed
Start Microsoft Windows Explorer and click drive C.
Does the Backup2.bkf file exist?
Yes.
Lesson 3: Restoring Data
Practice: Restoring Files
· To verify that the data was restored
Start Windows Explorer and expand drive C.
Does the Restored Data folder exist?
Yes.
What are the contents of the Restored Data folder?
The file Boot.ini.
Review Questions
If you want a user to perform backups, what do you need to do?
Make sure that the user is a member of the Administrators or Backup Operators groups.
You performed a normal backup on Monday. For the remaining days of the week, you want to back up only files and folders that have changed since the previous day. What backup type do you select?
Incremental. The incremental backup type backs up changes since the last markers were set and then clears the markers. Thus, for Tuesday through Friday, you back up only changes since the previous day.
What are the considerations for using tapes as your backup media?
Tapes are a less expensive medium and are more convenient for large backups because of their higher storage capacity. However, the medium deteriorates with time and thus has a limited lifespan.
You are restoring a file that has the same name as a file on the volume to which you are restoring. You aren't sure which is the most current version. What do you do?
Do not replace the file. Restore the file to another location, and then compare the two files.
Chapter 20
Review Questions
Why would you want to monitor access to network resources?
For performing maintenance tasks that require making resources unavailable, you want to notify users before making the resource unavailable. To maintain a network's security, you need to monitor which users are gaining access to which resources. For planning purposes, you want to determine which resources are being used and how often they are being used.
What can you monitor on a network with the Computer Management snap-in or the Shared Folders snap-in?
You can monitor the number of users who have a current connection to the computer that you are monitoring, the files to which users are currently gaining access and which users are currently gaining access to each file, the shared folders to which users are currently gaining access on the network, and how many users have a connection to each folder. You can monitor all this information on the computer where you are physically located or on a remote computer.
Why would you send an administrative message to users with current connections?
To inform the users that you are about to disconnect them from the resource so that you can perform a backup or restore operation, upgrade software or hardware, or shut down the computer.
What can you do to prevent a user from reconnecting to a shared folder after you have disconnected the user from the shared folder?
To prevent all users from reconnecting, stop sharing the folder. To prevent only one user from reconnecting, change the permissions for the folder so that the user no longer has access, and then disconnect the user from the shared folder.
How can you create and manage shares on a remote computer?
To create and manage shares on a remote folder, use the MMC to create a custom console and add the Shared Folders snap-in to it. When you add the Shared Folders snap-in, you specify the remote computer on which you want to create and manage shares. When adding the Shared Folders snap-in to the console, you can also select the Allow The Selected Computer To Be Changed When Launching From The Command Line check box so that you can choose the remote computer on which you want to create and manage shares.
Chapter 21
Review Questions
What are the advantages of using L2TP over using PPTP?
L2TP supports more types of internetworks, it supports header compression, and it cooperates with IPSec for encryption.
While you're using the Network Connection wizard, you must configure two new settings regarding sharing the connection. Describe the difference between these two settings.
The settings are whether you want to allow others that use the computer to use the connection (access to the connection) and whether you want to allow other computers to access resources through this port (sharing the connection once it is established).
What is callback and when might you want to enable it?
The callback feature causes the remote server to disconnect and call back the client attempting to access the remote server. By using callback, you can have the bill for the phone call charged to your phone number rather than to the phone number of the user who called in. You can also use callback to increase security by specifying the callback number. Even if an unauthorized user calls in, the system calls back at the number you specified, not the number of the unauthorized user.
Chapter 22
Practice Questions
Lesson 5: Using the Recovery Console
Practice: Using the Windows 2000 Recovery Console
Exercise 1: Troubleshooting a Windows 2000 Installation
· To create a system boot failure
Restart the computer.
What error do you receive when attempting to restart the computer?
NTLDR is missing. Press Ctrl+Alt+Del to restart.
Review Questions
What are the five major phases of the boot process for Intel-based computers?
The boot process for Intel-based computers includes the preboot sequence, boot sequence, kernel load, kernel initialization, and logon phases.
What are the various Safe Mode advanced boot options for booting Windows 2000, and how do they differ?
The Safe Mode option loads only the basic devices and drivers required to start the system, including the mouse, keyboard, mass storage devices, base video, and the standard/default set of system services.
The Safe Mode With Networking option loads the devices and drivers loaded with the Safe Mode option, but it also loads the services and drivers required for networking.
The Safe Mode With Command Prompt option is identical to the Safe Mode option, but it launches a command prompt instead of Windows Explorer.
What are the two sections of the Boot.ini file, and what information does each section contain?
The two sections of the Boot.ini file are [boot loader] and [operating systems]. The [boot loader] section of Boot.ini specifies the default operating system and provides a timeout value.
The [operating systems] section of Boot.ini contains the list of operating systems that appear in the Boot Loader Operating System Selection menu. Each entry includes the path to the operating system and the name that appears in the Boot Loader Operating System Selection menu (the text between the quotation marks). Each entry can also contain optional parameters.
You install a new device driver for a SCSI adapter in your computer. When you restart the computer, however, Windows 2000 stops responding after the kernel load phase. How can you get Windows 2000 to restart successfully?
Select the Last Known Good Configuration option to use the LastKnownGood configuration control to start Windows 2000 because it doesn't contain any reference to the new, and possibly faulty, driver.
Chapter 23
Review Questions
How do you install the Windows 2000 deployment tools, such as the Setup Manager Wizard and the System Preparation tool?
To install the Windows 2000 Setup Tools, display the contents of the Deploy.cab file, which is located in the Support\Tools folder on the Windows 2000 CD-ROM. Select all the files you want to extract, right-click a selected file, and then select Extract from the menu. You will be prompted for a destination, the location and name of a folder, for the extracted files.
Which five resources are required to use Remote Installation Services to install Windows 2000 Professional?
A Windows 2000 Server with RIS installed, a DNS server available on the network, a DHCP server available on the network, a Windows 2000 domain to provide Active Directory directory services, and client computers that meet the Net PC specification or have a boot floppy to connect to the RIS server.
Which utility is provided to create boot floppies and how do you access it?
Windows 2000 ships with the Windows 2000 Remote Boot Disk Generator, rbfg.exe, which is used to create boot disks. It is found on the RIS Server in the folder where the Windows 2000 Professional installation files are stored. The path is RemoteInst\Admin\i386\rbfg.exe.
You are planning on installing 45 computers with Windows 2000 Professional. You have determined that these 45 computers have seven different network adapter cards. How can you determine whether these seven different types of network adapter cards are supported by the boot floppies you created?
The boot floppies created using Rbfg only support the PCI-based network adapters listed in the Adapters List. Start Rbfg.exe and then click the Adapter List button to see the list of supported adapters.
You have a laptop running Windows 95 and you want to upgrade it to Windows 2000. The computer has 16 MB of RAM, and this can be upgraded to 24 MB. Can you upgrade this computer to Windows 2000? If not, how would you make it so this computer was able to access Active Directory directory services?
No, Windows 2000 Professional requires at least 32 MB of memory. You can install the Directory Service Client for Windows 95 or 98. The laptop would then be able to access Active Directory directory services.
Name at least two problems the System Preparation tool resolves that makes creating and copying a master disk image to other computers much simpler to do.
The System Preparation tool adds a system service to the master image that will create a unique local domain security ID (SID) the first time the computer to which the master image is copied is started.
The System Preparation tool adds a Mini-Setup wizard to the master disk image that runs the first time the computer to which the master image is copied is started. It guides the user through entering the user-specific information such as the end-user license agreement, the Product ID, user name, company name, and time zone selection.
The System Preparation tool causes the master image to force the computer on which the master image is copied to run a full Plug and Play device detection, so that peripherals, such as the network adapter, the video adapter, and sound cards on the computer on which the disk image was copied need not be identical to the ones on the computer on which the image was generated.
Chapter 24
Review Questions
A friend of yours just installed Windows 2000 Professional on his home computer. He called you to help him configure APM, and when you told him to double-click Power Options in Control Panel and click on the APM tab, he told you he did not have an APM tab. What is the most likely reason there is no APM tab?
The most likely reason there is no APM is that his computer does not have an APM-based BIOS installed. When Windows 2000 does not detect an APM-based BIOS, Setup does not install APM and there is no APM tab in the Power Options Properties dialog box.
A user calls the help desk in a panic. She spent 15 hours editing a proposal as an offline file at her house. Over the weekend, her boss came in and spent about four hours editing the same proposal. She needs to synchronize the files, but she doesn't want to lose her edits or those made by her boss. What can she do?
If both her cached offline copy of the file and the network copy of the file are edited, she should rename her version of the file so that both copies will exist on her hard disk and on the network. She could then compare the two and edit her version, adding any edits made by her boss.
Many commercial airlines require you to turn off portable computers during certain portions of a flight. Does placing your computer in Hibernate mode comply with these airline requirements? Why or why not?
No. Hibernate mode makes your computer appear to be turned off, but it is not. You must shut down your computer to comply with these airline requirements.
Chapter 25
Practice Questions
Lesson 1: Using Device Manager and System Information
Practice: Using Device Manager and System Information
Exercise 2: Using System Information
· To use System Information
In the details pane, double-click Hardware Resources, and then double-click IRQs.
Are there any IRQs being shared?
Answer will vary.
Review Questions
Your boss has started to manually assign resource settings to all devices, including Plug and Play devices, and wants you to finish the job. What should you do?
Explain to your boss that it is not a good idea to manually change or assign resource settings for Plug and Play devices. Windows 2000 arbitrates resources, but if you manually assign them, then Windows 2000 will not be able to arbitrate the assigned resources if requested by another Plug and Play device.
Once you have convinced your boss that this is not a good idea, start Device Manager. Plug and Play devices have a Resources tab on their Properties page. You can free the resource settings that were manually assigned and allow Windows 2000 to again arbitrate the resources by selecting the Use Automatic Settings check box on the Resources tab.
What benefits do you gain by Microsoft digitally signing all system files?
Windows 2000 drivers and operating system files are digitally signed by Microsoft to ensure the files have not been tampered with. Some applications overwrite existing operating files as part of their installation process. These files may cause system errors that are difficult to troubleshoot. Device Manager allows you to look at the Driver tab and verify that the digital signer of the installed driver is correct. This can save you many frustrating hours of trying to resolve problems caused by a file that replaced one or more original operating system drivers.
What are three ways Microsoft has provided to help you make sure the files on your system have the correct digital signature?
Windows 2000 provides Device Manager, which allows you to verify that the digital signer of the installed driver is correct. Windows 2000 also provides two utilities to verify the digital signatures. The first utility is the File Signature Verification utility, sigverif. Windows 2000 also provides System File Checker (SFC), a command-line utility that you can use to check the digital signature of files.
You receive a call at the Help desk from a user who is trying to configure her fax settings, and she tells you that she does not have an Advanced Options tab. What could the problem be?
For the Advanced Options tab to display, the user must be logged on as Administrator or have administrator privileges.
[Previous] [Next]
Appendix B -- Creating Setup Boot Disks
Unless your computer supports booting from a CD-ROM drive, you must have the four Windows 2000 Professional Setup disks to complete the installation of Microsoft Windows 2000 Professional. To create these Setup disks, complete the following procedure.
Label the four 1.44 MB disks with the appropriate product name, as follows:
Windows 2000 Professional Setup Boot Disk
Windows 2000 Professional Setup Disk #2
Windows 2000 Professional Setup Disk #3
Windows 2000 Professional Setup Disk #4
Insert the Microsoft Windows 2000 Professional CD-ROM into the CD-ROM drive.
If the Windows 2000 CD-ROM dialog box appears prompting you to upgrade to Windows 2000, click No.
Open a Command Prompt window.
At the command prompt, change to your CD-ROM drive. For example, if your CD-ROM drive letter is E, type e: and press Enter.
At the command prompt, change to the Bootdisk folder by typing cd bootdisk and pressing Enter.
With Bootdisk as the active folder, type makeboot a: (where a: is the floppy disk drive) and then press Enter.
Windows 2000 displays a message indicating that this script creates the four Windows 2000 Setup disks for installing from a CD-ROM. It also indicates that four blank formatted floppy disks are required.
Press any key to continue.
Windows 2000 displays a message prompting you to insert the disk labeled Disk 1. (This is the disk you labeled Windows 2000 Professional Setup Boot Disk.)
Insert the blank formatted disk labeled Windows 2000 Professional Setup Boot Disk into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 2.
Remove Disk 1, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #2 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 3.
Remove Disk #2, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #3 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message prompting you to insert the disk labeled Disk 4.
Remove Disk 3, insert the blank formatted disk labeled Windows 2000 Professional Setup Disk #4 into drive A, and then press any key to continue.
After Windows 2000 creates the disk image, it displays a message indicating that the imaging process is done.
At the command prompt, type exit and then press Enter.
Remove the disk from drive A and the CD-ROM from the CD-ROM drive.
[Previous] [Next]
Appendix C -- Understanding the DHCP Service
The Dynamic Host Configuration Protocol (DHCP) Service in Microsoft Windows 2000 centralizes and manages the allocation of Microsoft Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information by assigning Internet Protocol (IP) addresses automatically to computers that are configured as DHCP clients. Implementing the DHCP Service can eliminate many of the configuration problems associated with configuring TCP/IP manually.
To introduce you to DHCP, the following six topics are covered in this appendix:
The Bootstrap Protocol (BOOTP)
Manual versus automatic TCP/IP configuration
The requirements for a server running the DHCP Service
The requirements for DHCP clients
The DHCP lease process
IP lease renewal and release
The Bootstrap Protocol
The Bootstrap Protocol, based on the User Datagram Protocol/Internet Protocol (UDP/IP), enables a booting host to configure itself dynamically. DHCP is an extension of BOOTP, which enables diskless clients to start up and automatically configure TCP/IP. Each time that a DHCP client starts, it requests IP addressing information from a DHCP server, including the following:
An IP address
A subnet mask
Optional values, such as the following:
A default gateway address
A Domain Name System (DNS) server address
A Windows Internet Name Service (WINS) server address
When a DHCP server receives a request for an IP address, it selects IP addressing information from a pool of addresses that are defined in its database and offers the IP addressing information to the DHCP client, as shown in Figure C.1. If the client accepts the offer, the DHCP server leases the IP addressing information to the client for a specified period of time.
Figure C.1 A DHCP server provides IP addresses to DHCP clients
Manual Versus Automatic TCP/IP Configuration
To understand why the DHCP Service is beneficial for configuring TCP/IP on clients, it is useful to contrast the manual method of configuring TCP/IP with the automatic method using DHCP, as shown in Table C.1.
Table C.1 Configuring TCP/IP Manually Versus Using the DHCP Service
Configuring TCP/IP manually
Configuring TCP/IP using DHCP
Users can pick an IP address randomly rather than obtaining a valid IP address from the network administrator. Using incorrect addresses can lead to network problems that can be difficult to trace to the source.
Users no longer need to acquire IP addressing information from an administrator to configure TCP/IP. The DHCP Service supplies all the necessary configuration information to all the DHCP clients.
Typing the IP address, subnet mask, or default gateway can lead to problems ranging from difficulty communicating, if the default gateway or subnet mask is incorrect, to problems associated with a duplicate IP address.
Correct configuration information ensures correct configuration, which eliminates most difficult-to-trace network problems.
There is administrative overhead for networks if you frequently move computers from one subnet to another. For example, you must change the IP address and default gateway address for a client to communicate from a new location.
Having servers running the DHCP Service on each subnet eliminates the overhead of having to manually reconfigure IP addresses, subnet masks, and default gateways when you move computers from one subnet to another.
To implement DHCP, you must install and configure the DHCP Service on at least one computer running Windows 2000 Server within the TCP/IP network. The computer can be configured as a domain controller or as a stand-alone server. In addition, for DHCP to function properly, you must configure the server and all of the clients.
Requirements for a Server Running the DHCP Service
A DHCP server requires a computer running Windows 2000 Server that is configured with the following:
The DHCP Service.
A static IP address (it can't be a DHCP client itself), subnet mask, default gateway (if necessary), and other TCP/IP parameters.
A DHCP scope. A scope is a range of IP addresses that are available for lease or assignment to clients.
Requirements for DHCP Clients
A DHCP client requires a computer that is DHCP-enabled and running any of the following supported operating systems:
Windows 2000, Windows NT Server version 3.51 or later, or Windows NT Workstation version 3.51 or later.
Microsoft Windows 95 or later.
Windows for Workgroups version 3.11 running Microsoft TCP/IP-32, which is included on the Windows 2000 Server CD-ROM.
Microsoft Network Client version 3 for Microsoft MS-DOS with the real-mode TCP/IP driver, which is included on the Windows 2000 Server CD-ROM.
LAN Manager version 2.2c, which is included on the Windows 2000 Server CD-ROM. LAN Manager 2.2c for OS/2 is not supported.
The DHCP Lease Process
To understand the DHCP lease process, you must first understand when the lease process occurs. The DHCP lease process occurs when one of the following events happens:
TCP/IP is initialized for the first time on a DHCP client.
A client requests a specific IP address and is denied, possibly because the DHCP server dropped the lease.
A client previously leased an IP address but released the IP address and requires a new one.
DHCP uses a four-phase process to lease IP addressing information to a DHCP client for a specific period of time: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK. (See Figure C.2.)
Figure C.2 The DHCP lease process
The DHCPDISCOVER Phase
The first phase in the DHCP lease process is DHCPDISCOVER. To begin the DHCP lease process, a client initializes a limited version of TCP/IP and broadcasts a DHCPDISCOVER message requesting the location of a DHCP server and IP addressing information. Because the client doesn't know the IP address of a DHCP server, the client uses 0.0.0.0 as the source address and 255.255.255.255 as the destination address.
The DHCPDISCOVER message contains the client's hardware address and computer name so that the DHCP servers can determine which client sent the request.
The DHCPOFFER Phase
The second phase in the DHCP lease process is DHCPOFFER. All DHCP servers that receive the IP lease request and have a valid client configuration broadcast a DHCPOFFER message that includes the following information:
The client's hardware address
An offered IP address
A subnet mask
The length of the lease
A server identifier (the IP address of the offering DHCP server)
The DHCP server sends a broadcast because the client doesn't yet have an IP address. The DHCP client selects the IP address from the first offer that it receives. The DHCP server that is issuing the IP address reserves the address so that it can't be offered to another DHCP client.
The DHCPREQUEST Phase
The third phase in the DHCP lease process occurs after the client receives a DHCPOFFER from at least one DHCP server and selects an IP address. The client broadcasts a DHCPREQUEST message to all DHCP servers, indicating that it has accepted an offer. The DHCPREQUEST message includes the server identifier (IP address) of the server whose offer it accepted. All other DHCP servers then retract their offers and retain their IP addresses for the next IP lease request.
The DHCPACK Phase
The final phase in a successful DHCP lease process occurs when the DHCP server issuing the accepted offer broadcasts a successful acknowledgment to the client in the form of a DHCPACK message. This message contains a valid lease for an IP address and possibly other configuration information.
When the DHCP client receives the acknowledgment, TCP/IP is completely initialized and the client is considered a bound DHCP client. Once bound, the client can use TCP/IP to communicate on the network.
The DHCPNACK Message
If the DHCPREQUEST is not successful, the DHCP server broadcasts a negative acknowledgement (DHCPNACK). A DHCP server broadcasts a DHCPNACK if
The client is trying to lease its previous IP address, and the IP address is no longer available.
The IP address is invalid because the client physically has been moved to a different subnet.
When the client receives an unsuccessful acknowledgment, it resumes the DHCP lease process.
NOTE
If a computer has multiple network adapters that are bound to TCP/IP, the DHCP process occurs separately over each adapter. The DHCP Service assigns a unique IP address to each adapter in the computer that is bound to TCP/IP.
IP Lease Renewal and Release
All DHCP clients attempt to renew their lease when 50 percent of the lease time has expired. To renew its lease, a DHCP client sends a DHCPREQUEST message directly to the DHCP server from which it obtained the lease. If the DHCP server is available, it renews the lease and sends the client a DHCPACK message with the new lease time and any updated configuration parameters, as shown in Figure C.3. The client updates its configuration when it receives the acknowledgment.
Figure C.3 Renewing an IP lease
NOTE
Each time a DHCP client restarts, it attempts to lease the same IP address from the original DHCP server. If the lease request is unsuccessful and lease time is still available, the DHCP client continues to use the same IP address until the next attempt to renew the lease.
If a DHCP client can't renew its lease with the original DHCP server at the 50 percent interval, the client broadcasts a DHCPREQUEST to contact any available DHCP server when 87.5 percent of the lease time has expired. Any DHCP server can respond with a DHCPACK message (renewing the lease) or a DHCPNACK message (forcing the DHCP client to reinitialize and obtain a lease for a different IP address).
If the lease expires, or if a DHCPNACK message is received, the DHCP client must immediately discontinue using that IP address. The DHCP client then begins the DHCP lease process to lease a new IP address.
Using Ipconfig to Renew a Lease
Use the ipconfig command with the /renew switch to send a DHCPREQUEST message to the DHCP server to receive updated options and lease time. If the DHCP server is unavailable, the client continues using the current DHCP- supplied configuration options.
Using Ipconfig to Release a Lease
Use the ipconfig command with the /release switch to cause a DHCP client to send a DHCPRELEASE message to the DHCP server and to release its lease. This is useful when you are moving a client to a different network and the client will not need its previous lease. TCP/IP communications with the client will stop after you issue this command.
Microsoft DHCP clients don't initiate DHCPRELEASE messages when shutting down. If a client remains shut down for the length of its lease (and the lease is not renewed), the DHCP server might assign that client's IP address to a different client after the lease expires. A client has a better chance of receiving the same IP address during initialization if it doesn't send a DHCPRELEASE message.
[Previous] [Next]
Appendix D -- Managing Backup Tapes
If you use tapes as your backup medium, consider the distinction between rotating tapes and archiving tapes. Rotating tapes means reusing them when the data stored on them is no longer viable for restoring. This common practice helps to lower the cost of backing up data. Archiving tapes means storing the tape to keep a record of the data rather than as prevention against data loss. When you archive a tape, you remove that tape from the tape rotation. Archived tapes are useful for maintaining a record of data for a specific date and time, such as employee records at the end of a fiscal year.
Rotating and Archiving Tapes
The following two examples provide strategies for rotating and archiving tapes.
Rotation and Archive Example 1
The following table illustrates one strategy for rotating and archiving tapes and is explained below.
Monday
Tuesday
Wednesday
Thursday
Friday
Week 1
Tape 1
Tape 2
Tape 3
Tape 4
Tape 5(Archive)
Week 2
Tape 1(Replace or Append)
Tape 2(Replace or Append)
Tape 3(Replace or Append)
Tape 4(Replace or Append)
Tape 6(Archive)
Week 1. The backup job for each day of the week is on a different tape. The backup tape for Friday is archived and removed from rotation.
Week 2. For this week, you reuse the tapes for the same day of the week (the Monday backup job is on the previous Monday tape 1). You can either replace or append to the existing backup job. However, on Friday, use a new tape that you archive and remove from rotation.
Rotation and Archive Example 2
The following table illustrates another strategy for rotating and archiving tapes and is explained below.
Monday
Tuesday
Wednesday
Thursday
Friday
Week 1
Tape 1
Tape 1(Append)
Tape 1(Append)
Tape 1(Append)
Tape 2(Archive)
Week 2
Tape 1
Tape 1(Append)
Tape 1(Append)
Tape 1(Append)
Tape 3(Archive)
Week 1. The backup job for each day of the week, except Friday, is on the same tape. The backup tape for Friday is archived and removed from rotation. Use the same tape for the Monday through Thursday backup jobs and append each new backup job to the previous one. The Friday backup job is on a different tape (tape 2) that you archive and remove from rotation.
Week 2. For this week, reuse the tape from the previous week (tape 1) for all backup jobs. The Friday backup job is on a tape (tape 3) that is different from the one that you used the previous Friday. You archive and remove this tape from rotation.
Determining the Number of Tapes Required
When determining the number of tapes you need, consider the tape rotation and archival schedule, the amount of the data that you back up, and the tape life cycle.
The life cycle of a tape depends on the tape itself and storage conditions. Follow the tape manufacturer's usage guidelines. If your company doesn't have a suitable storage facility, consider using a third-party company that specializes in offsite storage for backup media.
[Previous] [Next]
Glossary
A
access control entry (ACE) The entries on the access control list (ACL) that control user account or group access to a resource. The entry must allow the type of access that is requested (for example, Read access) for the user to gain access. If no ACE exists in the ACL, the user can't gain access to the resource or folder on an NTFS partition.
access control list (ACL) The ACL contains a list of all user accounts and groups that have been granted access for the file or folder on an NTFS partition or volume, as well as the type of access that they have been granted. When a user attempts to gain access to a resource, the ACL must contain an entry, called an access control entry (ACE), for the user account or group to which the user belongs. See alsoaccess control entry.
access permissions Features that control access to shared resources in Windows 2000.
Account See user account.
account lockout A Windows 2000 security feature that locks a user account if a number of failed logon attempts occur within a specified amount of time, based on account policy lockout settings. (Locked accounts can't log on.) Account policy controls how passwords must be used by all user accounts in an individual computer or in a domain.
ACE See access control entry.
ACL See access control list.
Active Directory directory services The directory services included in Windows 2000 Server products. These directory services identify all resources on a network and make them accessible to users and applications.
Address Resolution Protocol (ARP) A protocol that determines hardware addresses (MAC addresses) that correspond to an IP address.
ADSL See asymmetric digital subscriber line (ADSL).
agent A program that performs a background task for a user and reports to the user when the task is done or when some expected event has taken place.
American National Standards Institute (ANSI) An organization of American industry and business groups dedicated to the development of trade and communications standards. ANSI is the American representative to the International Organization for Standardization (ISO). See also International Organization for Standardization (ISO).
American Standard Code for Information Interchange (ASCII) A coding scheme that assigns numeric values to letters, numbers, punctuation marks, and certain other characters. By standardizing the values used for these characters, ASCII enables computers and computer programs to exchange information.
ANSI See American National Standards Institute (ANSI).
application layer The top (seventh) layer of the OSI reference model. This layer serves as the window that application processes use to access network services. It represents the services that directly support user applications, such as software for file transfers, database access, and e-mail.
application programming interface (API) A set of routines that an application program uses to request and carry out lower-level services performed by the operating system.
application protocol A protocol that works at the higher end of the OSI reference model, providing application-to-application interaction and data exchange. Popular application protocols include File Transfer Access and Management (FTAM), a file access protocol; Simple Mail Transfer Protocol (SMTP), a TCP/IP protocol for transferring e-mail; Telnet, a TCP/IP protocol for logging on to remote hosts and processing data locally; and NetWare Core Protocol (NCP), the primary protocol used to transmit information between a NetWare server and its clients.
ARP See Address Resolution Protocol (ARP).
asymmetric digital subscriber line (ADSL) A recent modem technology that converts existing twisted-pair telephone lines into access paths for multimedia and high-speed data communications. These new connections can transmit more than 8 Mbps to the subscriber and up to 1 Mbps from the subscriber. ADSL is recognized as a physical layer transmission protocol for unshielded twisted-pair media.
asynchronous transfer mode (ATM) An advanced implementation of packet switching that provides high-speed data transmission rates to send fixed-size cells over broadband LANs or WANs. Cells are 53 bytes—48 bytes of data with five additional bytes of address. ATM accommodates voice, data, fax, real-time video, CD-quality audio, imaging, and multimegabit data transmission. ATM uses switches as multiplexers to permit several computers to put data on a network simultaneously. Most commercial ATM boards transmit data at about 155 Mbps, but theoretically, a rate of 1.2 gigabits per second is possible.
asynchronous transmission A form of data transmission in which information is sent one character at a time, with variable time intervals between characters. Asynchronous transmission doesn't rely on a shared timer that allows the sending and receiving units to separate characters by specific time periods. Therefore, each transmitted character consists of a number of data bits (that compose the character itself), preceded by a start bit and ending in an optional parity bit followed by a 1-, 1.5-, or 2-stop bit.
ATM See asynchronous transfer mode (ATM).
auditing A process that tracks network activities by user accounts and a routine element of network security. Auditing can produce records or list users who have accessed—or attempted to access—specific resources; help administrators identify unauthorized activity; and track activities such as logon attempts, connection and disconnection from designated resources, changes made to files and directories, server events and modifications, password changes, and logon parameter changes.
audit policy A policy that defines the types of security events that Windows 2000 records in the security log on each computer.
authentication A verification based on user name, passwords, and time and account restrictions.
B
back end In a client/server application, the part of the program that runs on the server.
backup A duplicate copy of a program, a disk, or data, made to secure valuable files from loss.
backup job A single process of backing up data.
Bandwidth Allocation Protocol (BAP) A PPP control protocol that helps provide bandwidth on demand. BAP dynamically controls the use of multilinked lines and is an efficient mechanism for controlling connection costs while dynamically providing optimum bandwidth.
BAP See Bandwidth Allocation Protocol (BAP).
base I/O port A port that specifies a channel through which information is transferred between a computer's hardware, such as the network interface card (NIC), and its CPU.
base memory address A setting that defines the address of the location in a computer's memory (RAM) that is used by the NIC. This setting is sometimes called the RAM start address.
baud A measure of data-transmission speed named after the French engineer and telegrapher Jean-Maurice-Emile Baudot. It is a measure of the speed of oscillation of the sound wave on which a bit of data is carried over telephone lines. Because baud was originally used to measure the transmission speed of telegraph equipment, the term sometimes refers to the data-transmission speed of a modem. However, current modems can send at a speed higher than 1-bit per oscillation, so baud is being replaced by the more accurate bps (bits per second) as a measure of modem speed.
baud rate The speed at which a modem can transmit data. Often confused with bps (the number of bits per second transmitted), baud rate actually measures the number of events, or signal changes, that occur in one second. Because one event can actually encode more than one bit in high-speed digital communication, baud rate and bps are not always synonymous, and the latter is the more accurate term to apply to modems. For example, the 9600-baud modem that encodes 4-bits per event actually operates at 2400 baud but transmits at 9600 bps (2400 events times 4-bits per event), and thus should be called a 9600-bps modem.
binary synchronous communications protocol (bisync) A communications protocol developed by IBM. Bisync transmissions are encoded in either ASCII or EBCDIC. Messages can be of any length and are sent in units called frames that are optionally preceded by a message header. Because bisync uses synchronous transmission, in which message elements are separated by a specific time interval, each frame is preceded and followed by special characters that enable the sending and receiving machines to synchronize their clocks.
bind A term used to describe the association of two pieces of information with one another.
binding A process that establishes the communication channel between network components on different levels to enable communication between those components. For example, the binding of a protocol driver (such as TCP/IP) and a network adapter.
bit A short word for binary digit: either 1 or 0 in the binary number system. In processing and storage, a bit is the smallest unit of information handled by a computer. It is represented physically by an element such as a single pulse sent through a circuit or a small spot on a magnetic disk capable of storing either a 1 or 0. Eight bits make a byte.
bits per second (bps) A measure of the speed at which a device can transfer data. See also baud rate.
bit time The time it takes for each station to receive and store a bit.
boot-sector virus A type of virus that resides in the first sector of a floppy disk or hard disk. When the computer is booted, the virus executes. In this common method of transmitting viruses from one floppy disk to another, the virus replicates itself onto the new disk each time a new disk is inserted and accessed.
bottleneck A device or program that significantly degrades network performance. Poor network performance results when a device uses noticeably more CPU time than it should, consumes too much of a resource, or lacks the capacity to handle the load. Potential bottlenecks can be found in the CPU, memory, NIC, and other components.
Bps See bits per second (bps).
broadcast A transmission sent simultaneously to more than one recipient. In communication and on networks, a broadcast message is one distributed to all stations or computers on the network.
broadcast storm An event that occurs when so many broadcast messages are on the network that they approach or surpass the capacity of the network bandwidth. This can happen when one computer on the network transmits a flood of frames saturating the network with traffic so it can no longer carry messages from any other computer. Such a broadcast storm can shut down a network.
buffer A reserved portion of RAM in which data is held temporarily, pending an opportunity to complete its transfer to or from a storage device or another location in memory.
built-in groups One type of group account used by Microsoft Windows 2000. Built-in groups, as the name implies, are included with the network operating system. Built-in groups have been granted useful collections of rights and built-in abilities. In most cases, a built-in group provides all the capabilities needed by a particular user. For example, if a user account belongs to the built-in Administrators group, logging on with that account gives the user administrative capabilities. See also user account.
Bus Parallel wires or cabling that connect components in a computer.
Byte A unit of information consisting of 8 bits. In computer processing or storage, a byte is equivalent to a single character, such as a letter, numeral, or punctuation mark. Because a byte represents only a small amount of information, amounts of computer memory are usually given in kilobytes (1,024 bytes, or 2 raised to the 10th power), megabytes (1,048,576 bytes, or 2 raised to the 20th power), gigabytes (1,024 megabytes), terabytes (1,024 gigabytes), petabytes (1,024 terabytes), or exabytes (1,024 petabytes).
C
cache A special memory subsystem or part of RAM in which frequently used data values are duplicated for quick access. A memory cache stores the contents of frequently accessed RAM locations and the addresses where these data items are stored. When the processor references an address in memory, the cache checks to See whether it holds that address. If it does hold the address, the data is returned to the processor; if it doesn't, regular memory access occurs. A cache is useful when RAM accesses are slow as compared to the microprocessor speed.
callback A Windows 2000 feature that you can set to cause the remote server to disconnect and call back the client attempting to access the remote server. This reduces the client's phone bill by having the call charged to the remote server's phone number. The callback feature can also improve security by calling back the phone number that you specified.
central processing unit (CPU) The computational and control unit of a computer, the device that interprets and carries out instructions. Single-chip CPUs, called microprocessors, made personal computers possible. Examples include the 80286, 80386, 80486, and Pentium processors.
client A computer that accesses shared network resources provided by another computer, called a server.
client/server A network architecture designed around the concept of distributed processing in which a task is divided between a back end (server), which stores and distributes data, and a front end (client), which requests specific data from the server.
codec (compressor/decompressor) A compression/decompression technology for digital video and stereo audio.
companion virus A virus that uses the name of a real program but has a different file extension from that of the program. The virus is activated when its companion program is opened. The companion virus uses a .COM file extension, which overrides the .EXE file extension and activates the virus.
compression state The state of each file and folder on an NTFS volume. the compression state that can be either compressed or uncompressed.
CPU See central processing unit (CPU).
D
database management system (DBMS) A layer of software between the physical database and the user. The DBMS manages all requests for database action from the user, including keeping track of the physical details of file locations and formats, indexing schemes, and so on. In addition, a DBMS permits centralized control of security and data integrity requirements.
data encryption See encryption.
data encryption standard (DES) A commonly used, highly sophisticated algorithm developed by the U.S. National Bureau of Standards for encrypting and decoding data. See also encryption.
data frames Logical, structured packages in which data can be placed. Data being transmitted is segmented into small units and combined with control information such as message-start and message-end indicators. Each package of information is transmitted as a single unit, called a frame. The data-link layer packages raw bits from the physical layer into data frames. The exact format of the frame used by the network depends on the topology. See also frame.
data-link layer The second layer in the OSI reference model. This layer packages raw bits from the physical layer into data frames. See also Open Systems Interconnection (OSI) reference model.
data stream An undifferentiated, byte-by-byte flow of data.
DBMS See database management system (DBMS).
defragmenting The process of finding and consolidating fragmented files and folders. Defragmenting involves moving the pieces of each file or folder to one location so that each file or folder occupies a single, contiguous space on the hard disk. The system can then gain access to files and folders and save them more efficiently.
DES See data encryption standard (DES).
device A generic term for a computer subsystem. Printers, serial ports, and disk drives are referred to as devices.
DHCP See Dynamic Host Configuration Protocol (DHCP).
digital A system that encodes information numerically, such as 0 and 1, in a binary context. Computers use digital encoding to process data. A digital signal is a discrete binary state, either on or off.
digital line A communication line that carries information only in binary-encoded (digital) form. To minimize distortion and noise interference, a digital line uses repeaters to regenerate the signal periodically during transmission.
digital video disc (DVD) Also known as a digital versatile disc, an optical storage medium with higher capacity and bandwidth than a compact disc. A DVD can hold a full-length film with up to 133 minutes of high-quality video, in MPEG-2 format, and audio.
direct memory access (DMA) Memory access that doesn't involve the microprocessor, frequently employed for data transfer directly between memory and an "intelligent" peripheral device such as a disk drive.
direct memory access (DMA) channel A channel for direct memory access that doesn't involve the microprocessor, providing data transfer directly between memory and a disk drive.
Directory A storage space for information about network resources, as well as all the services that make the information available and useful. The resources stored in the Directory, such as user data, printers, servers, databases, groups, computers, and security policies, are known as objects. The Directory is part of Active Directory directory services.
directory service A network service that identifies all resources on a network and makes them accessible to users and applications.
disk duplexing See disk mirroring; fault tolerance.
disk duplicating See disk mirroring.
diskless computers Computers that have neither a floppy disk nor a hard disk. Diskless computers depend on special ROM to provide users with an interface through which they can log on to the network.
disk mirroring A technique, also known as disk duplicating, in which all or part of a hard disk is duplicated onto one or more hard disks, each of which ideally is attached to its own controller. With disk mirroring, any change made to the original disk is simultaneously made to the other disk or disks. Disk mirroring is used in situations in which a backup copy of current data must be maintained at all times. See also disk striping; fault tolerance.
disk striping A technique that divides data into 64 K blocks and spreads it equally in a fixed rate and order among all disks in an array. However, disk striping doesn't provide any fault tolerance because there is no data redundancy. If any partition in the set fails, all data is lost. See also disk mirroring; fault tolerance.
distribution server A server that stores the distribution folder structure, which contains the files needed to install a product—for example, Windows 2000.
DMA See direct memory access (DMA).
DMA channel See direct memory access (DMA) channel.
DNS See Domain Name System (DNS).
domain For Microsoft networking, a collection of computers and users that share a common database and security policy that are stored on a computer running Windows 2000 Server and configured as a domain controller. Each domain has a unique name. See also workgroup.
domain controller For Microsoft networking, the Windows 2000 Server-based computer that authenticates domain logons and maintains the security policy and master database for a domain.
domain name space The naming scheme that provides the hierarchical structure for the DNS database.
Domain Name System (DNS) A general-purpose, distributed, replicated data-query service used primarily on the Internet for translating host names into Internet addresses.
downtime The amount of time a computer system or associated hardware remains nonfunctional. Although downtime can occur because hardware fails unexpectedly, it can also be a scheduled event, such as when a network is shut down to allow time for maintaining the system, changing hardware, or archiving files.
driver A software component that permits a computer system to communicate with a device. For example, a printer driver is a device driver that translates computer data into a form understood by the target printer. In most cases, the driver also manipulates the hardware to transmit the data to the device.
dual in-line package (DIP) switch One or more small rocker or sliding switches that can be set to one of two states—closed or open—to control options on a circuit board.
DVD See digital video disc (DVD).
Dynamic Host Configuration Protocol (DHCP) A protocol for automatic TCP/IP configuration that provides static and dynamic address allocation and management. See also Transport Control Protocol/Internet Protocol (TCP/IP).
E
EAP See Extensible Authentication Protocol (EAP).
EBCDIC See Extended Binary Coded Decimal Interchange Code (EBCDIC).
effective permissions The sum of the NTFS permissions assigned to the user account and to all of the groups to which the user belongs. If a user has Read permission for a folder and is a member of a group with Write permission for the same folder, then the user has both Read and Write permission for the folder.
EISA See Extended Industry Standard Architecture (EISA).
encryption The process of making information indecipherable to protect it from unauthorized viewing or use, especially during transmission or when the data is stored on a transportable magnetic medium. A key is required to decode the information. See also data encryption standard (DES).
Enhanced Small Device Interface (ESDI) A standard that can be used with high-capacity hard disks and tape drives to enable high-speed communication with a computer. ESDI drivers typically transfer data at about 10 Mbps.
ESDI See Enhanced Small Device Interface (ESDI).
event An action or occurrence to which a program might respond. Examples of events are mouse clicks, key presses, and mouse movements. Also, any significant occurrence in the system or in a program that requires users to be notified or an entry to be added to a log.
exabyte See byte.
Extended Binary Coded Decimal Interchange Code (EBCDIC) A coding scheme developed by IBM for use with IBM mainframes and PCs as a standard method of assigning binary (numeric) values to alphabetic, numeric, punctuation, and transmission-control characters.
Extended Industry Standard Architecture (EISA) A 32-bit bus design for x86-based computers introduced in 1988. EISA was specified by an industry consortium of nine computer-industry companies (AST Research, Compaq, Epson, Hewlett-Packard, NEC, Olivetti, Tandy, Wyse, and Zenith). An EISA device uses cards that are upwardly compatible from ISA. See also Industry Standard Architecture (ISA).
Extensible Authentication Protocol (EAP) An extension to the Point-to-Point Protocol (PPP) that works with Dial-Up, PPTP, and L2TP clients. EAP allows for an arbitrary authentication mechanism to validate a dial-in connection. The exact authentication method to be used is negotiated by the dial-in client and the remote access server.
F
fault tolerance The ability of a computer or an operating system to respond to an event such as a power outage or a hardware failure in such a way that no data is lost and any work in progress is not corrupted.
Fiber Distributed Data Interface (FDDI) A standard developed by ANSI for high-speed, fiber-optic local area networks. FDDI provides specifications for transmission rates of 100 Mbps on networks based on the Token Ring standard.
file infector A type of virus that attaches itself to a file or program and activates any time the file is used. Many subcategories of file infectors exist. See also companion virus; macro virus; polymorphic virus; stealth virus.
File Transfer Protocol (FTP) A process that provides file transfers between local and remote computers. FTP supports several commands that allow bidirectional transfer of binary and ASCII files between computers. The FTP client is installed with the TCP/IP connectivity utilities. See also American Standard Code for Information Interchange (ASCII), Transport Control Protocol/Internet Protocol (TCP/IP).
firewall A security system, usually a combination of hardware and software, intended to protect a network against external threats coming from another network, including the Internet. Firewalls prevent an organization's networked computers from communicating directly with computers that are external to the network, and vice versa. Instead, all incoming and outgoing communication is routed through a proxy server outside the organization's network. Firewalls also audit network activity, recording the volume of traffic and information about unauthorized attempts to gain access. See also proxy server.
firmware Software routines stored in ROM. Unlike RAM, ROM stays intact even in the absence of electrical power. Startup routines and low-level I/O instructions are stored in firmware.
flow control The regulation of the flow of data through routers to ensure that no segment becomes overloaded with transmissions.
forest A grouping or hierarchical arrangement of one or more domain trees that form a disjointed namespace.
frame A package of information transmitted on a network as a single unit. Frame is a term most often used with Ethernet networks. A frame is similar to the packet used in other networks. See also data frames; packet.
frame preamble Header information, added to the beginning of a data frame in the physical layer of the OSI reference model.
frame relay An advanced, fast-packet, variable-length digital packet-switching technology. It is a point-to-point system that uses a private virtual circuit (PVC) to transmit variable-length frames at the data-link layer of the OSI reference model. Frame relay networks can also provide subscribers with bandwidth, as needed, that allows users to make nearly any type of transmission.
front end In a client/server application, refers to the part of the program carried out on the client computer.
FTP See File Transfer Protocol (FTP).
full-duplex transmission Communication that takes place simultaneously, in both directions. Also called duplex transmission. See also half-duplex transmission.
G
gateway A device used to connect networks using different protocols so that information can be passed from one system to the other. Gateways functions at the network layer of the OSI reference model.
Gb See gigabit.
GB See gigabyte.
gigabit A unit of measure that equals 1,073,741,824 bits. Also referred to as 1 billion bits.
gigabyte A unit of measure that commonly refers to 1 thousand megabytes. However, the precise meaning often varies with the context. A gigabyte is 1 billion bytes. In the context of computing, bytes are often expressed in multiples of powers of 2. Therefore, a gigabyte can also be either 1,000 megabytes or 1,024 megabytes, where a megabyte is considered to be 1,048,576 bytes (2 raised to the 20th power).
global catalog A service and a physical storage location that contains a replica of selected attributes for every object in Active Directory directory services.
global group One type of group account used by Microsoft Windows 2000. Used across an entire domain, global groups are created on domain controllers in the domain in which the user accounts reside. Global groups can contain user accounts only from the domain in which the global group is created. Members of global groups obtain resource permissions when the global group is added to a local group. See also group.
group In networking, an account containing other accounts that are called members. The permissions and rights granted to a group are also provided to its members; thus, groups offer a convenient way to grant common capabilities to collections of user accounts. For Windows 2000, groups are managed with the Computer Management snap-in. For Windows 2000 Server, groups are managed with the Active Directory Users and Computers snap-in.
H
half-duplex transmission Communication that takes place in either direction, but not both directions at the same time. See also full-duplex transmission.
handshaking A term applied to modem-to- modem communication. Refers to the process by which information is transmitted between the sending and receiving devices to maintain and coordinate data flow between them. Proper handshaking ensures that the receiving device will be ready to accept data before the sending device transmits.
hard disk One or more inflexible platters coated with material that allows the magnetic recording of computer data. A typical hard disk rotates at up to 7,200 revolutions per minute (RPM), and the read/write heads ride over the surface of the disk on a cushion of air 10 to 25 millionths of an inch deep. A hard disk is sealed to prevent contaminants from interfering with the close head-to-disk tolerances. Hard disks provide faster access to data than floppy disks and are capable of storing much more information. Because platters are rigid, they can be stacked so that one hard-disk drive can access more than one platter. Most hard disks have between two and eight platters.
hardware The physical components of a computer system, including any peripheral equipment such as printers, modems, and mouse devices.
hardware compatibility list (HCL) A list of computers and peripherals that have been tested and have passed compatibility testing with the product for which the HCL is being developed. For example, the Windows 2000 HCL lists the products that have been tested and found to be compatible with Windows 2000.
hardware loopback A connector on a computer that is useful for troubleshooting hardware problems, allowing data to be transmitted to a line and then returned as received data. If the transmitted data doesn't return, the hardware loopback detects a hardware malfunction.
HCL See hardware compatibility list (HCL).
HDLC See High-Level Data Link Control (HDLC).
header In network data transmission, one of the three sections of a packet component. It includes an alert signal to indicate that the packet is being transmitted, the source address, the destination address, and clock information to synchronize transmission.
hertz (Hz) The unit of frequency measurement. Frequency measures how often a periodic event occurs, such as the manner in which a wave's amplitude changes with time. One hertz equals one cycle per second. Frequency is often measured in kilohertz (KHz, 1000 Hz), megahertz (MHz), gigahertz (GHz, 1000 MHz), or terahertz (THz, 10,000 GHz).
High-Level Data Link Control (HDLC) A widely accepted international protocol developed by the International Organization for Standardization (ISO) that governs information transfer. HDLC is a bit-oriented, synchronous protocol that applies to the data-link (message packaging) layer of the OSI reference model. Under the HDLC protocol, data is transmitted in frames, each of which can contain a variable amount of data, but which must be organized in a particular way. See also data frames; frame.
host See server.
hot fixing See sector sparing.
HTML See Hypertext Markup Language (HTML).
Hypertext Markup Language (HTML) A language developed for writing pages for the World Wide Web. HTML allows text to include codes that define fonts, layout, embedded graphics, and hypertext links. Hypertext provides a method for presenting text, images, sound, and videos that are linked together in a nonsequential web of associations.
Hypertext Transport Protocol (HTTP) The method by which World Wide Web pages are transferred over the network.
I
ICM See Image Color Management (ICM) 2.
ICMP See Internet Control Message Protocol (ICMP).
IDE See Integrated Device Electronics (IDE).
IEEE See Institute of Electrical and Electronics Engineers (IEEE).
IEEE Project 802 A networking model developed by the IEEE and named for the year and month it began (February 1980). Project 802 defines LAN standards for the physical and data-link layers of the OSI reference model. Project 802 divides the data-link layer into two sublayers: media access control (MAC) and logical link control (LLC).
Image Color Management (ICM) 2 An operating system API that helps ensure that the colors you see on your monitor match those on your scanner and printer.
Industry Standard Architecture (ISA) An unofficial designation for the bus design of the IBM Personal Computer (PC) PC/XT. It allows various adapters to be added to the system by inserting plug-in cards into expansion slots. Commonly, ISA refers to the expansion slots themselves; such slots are called 8-bit slots or 16-bit slots. See also Extended Industry Standard Architecture (EISA); Micro Channel Architecture.
infrared transmission Electromagnetic radiation with frequencies in the electromagnetic spectrum in the range just below that of visible red light. In network communications, infrared technology offers extremely high transmission rates and wide bandwidth in line-of-sight communications.
Institute of Electrical and Electronics Engineers (IEEE) An organization of engineering and electronics professionals, noted in networking for developing the IEEE 802.x standards for the physical and data-link layers of the OSI reference model, applied in a variety of network configurations.
Integrated Device Electronics (IDE) A type of disk-drive interface in which the controller electronics reside on the drive itself, eliminating the need for a separate network interface card. The IDE interface is compatible with the Western Digital ST-506 controller.
Integrated Services Digital Network (ISDN) A worldwide digital communication network that evolved from existing telephone services. The goal of the ISDN is to replace current telephone lines, which require digital-to-analog conversions, with completely digital switching and transmission facilities capable of carrying data ranging from voice to computer transmissions, music, and video. The ISDN is built on two main types of communications channels: B channels, that carry voice, data, or images at a rate of 64 Kbps (kilobits per second), and a D channel, that carries control information, signaling, and link-management data at 16 Kbps. Standard ISDN Basic Rate desktop service is called 2B+D. Computers and other devices connect to ISDN lines through simple standardized interfaces.
interfaces Boundaries that separate the layers from each other. For example, in the OSI reference model, each layer provides some service or action that prepares the data for delivery over the network to another computer.
International Organization for Standardization (ISO) An organization made up of standards- setting groups from various countries. For example, the United States member is the American National Standards Institute (ANSI). The ISO works to establish global standards for communications and information exchange. Primary among its accomplishments is development of the widely accepted OSI reference model. Note that the ISO is often wrongly identified as the International Standards Organization, probably because of the abbreviation ISO; however, ISO is derived from isos, which means equal in Greek, rather than an acronym.
Internet Control Message Protocol (ICMP) A protocol used by IP and higher-level protocols to send and receive status reports about information being transmitted.
Internet Protocol (IP) The TCP/IP protocol for packet forwarding. See also Transport Control Protocol/Internet Protocol (TCP/IP).
Internet Protocol Security (IPSec) A framework of open standards for ensuring secure private communications over IP networks by using cryptographic security services.
Internetworking The intercommunication in a network that is made up of smaller networks.
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) A protocol stack that is used in Novell networks. IPX is the NetWare protocol for packet forwarding and routing. It is a relatively small and fast protocol on a LAN, is a derivative of Xerox Network System (XNS), and supports routing. SPX is a connection-oriented protocol used to guarantee the delivery of the data being sent. NWLink is the Microsoft implementation of the IPX/SPX protocol.
Interoperability The ability of components in one system to work with components in other systems.
interrupt request (IRQ) An electronic signal sent to a computer's CPU to indicate that an event has taken place that requires the processor's attention.
IP See Internet Protocol (IP). See also Transport Control Protocol/Internet Protocol (TCP/IP).
ipconfig A diagnostic command that displays all current TCP/IP network configuration values. It is of particular use on systems running DHCP because it allows users to determine which TCP/IP configuration values have been configured by the DHCP server. See also winipcfg.
IPSec See Internet Protocol Security (IPSec).
IPX/SPX See Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/SPX).
IRQ See interrupt request (IRQ).
ISA See Industry Standard Architecture (ISA).
ISDN See Integrated Services Digital Network (ISDN).
ISO See International Organization for Standardization (ISO).
J
jumper A small plastic-and-metal plug or wire for connecting different points in an electronic circuit. Jumpers are used to select a particular circuit or option from several possible configurations. You can use jumpers on network interface cards to select the type of connection through which the card will transmit, either DIX or BNC.
K
Kevlar A brand name of the DuPont Corporation for the fibers in the reinforcing layer of plastic that surrounds each glass strand of a fiber-optic connector. The name is sometimes used generically.
key In database management, an identifier for a record or group of records in a data file. Most often, the key is defined as the contents of a single field, called the key field in some database management programs and the index field in others. Keys are maintained in tables and are indexed to speed record retrieval. Keys also refer to code that deciphers encrypted data.
kilo (K) A measurement that refers to 1,000 in the metric system. In computing terminology, because computing is based on powers of 2, kilo is most often used to mean 1,024 (2 raised to the 10th power). To distinguish between the two contexts, a lowercase k is often used to indicate 1,000 and an uppercase K is used for 1,024. A kilobyte is 1,024 bytes.
kilobit (Kbit) A measurement that equals 1,024 bits. See also bit; kilo (K).
kilobyte (KB) A measurement that refers to 1,024 bytes. See also byte; kilo (K).
L
L2TP See Layer-Two Tunneling Protocol (L2TP).
LAN See local area network (LAN).
LAN requester See requester (LAN requester).
laser transmission A wireless network that uses a laser beam to carry data between devices.
LAT See local area transport (LAT).
layering The coordination of various protocols in a specific architecture that allows the protocols to work together to ensure that the data is prepared, transferred, received, and acted upon as intended.
Layer-Two Tunneling Protocol (L2TP) A protocol whose primary purpose is to create an encrypted tunnel through an untrusted network. L2TP is similar to PPTP in that it provides tunneling, but it doesn't provide encryption. L2TP provides a secure tunnel by cooperating with other encryption technologies such as IPSec. L2TP functions with IPSec to provide a secure virtual private network solution.
link The communication system that connects two LANs. Equipment that provides the link, including bridges, routers, and gateways.
local area network (LAN) Computers connected in a geographically confined network, such as in the same building, campus, or office park.
local area transport (LAT) A nonroutable protocol from Digital Equipment Corporation.
local group One type of group account used by Microsoft Windows 2000. Implemented in each local computer's account database, local groups contain user accounts and other global groups that need to have access, rights, and permissions assigned to a resource on a local computer. Local groups can't contain other local groups.
local user The user at the computer.
logical link control (LLC) sublayer One of two sublayers created by the IEEE Project 802 out of the data-link layer of the OSI reference model. The LLC is the upper sublayer that manages data-link communication and defines the use of logical interface points, called service access points (SAPs), used by computers to transfer information from the LLC sublayer to the upper OSI layers. See also media access control (MAC) sublayer; service access point (SAP).
M
macro virus A file-infector virus named because it is written as a macro for a specific application. Macro viruses are difficult to detect and they are becoming more common, often infecting widely used applications, such as word-processing programs. When an infected file is opened, the virus attaches itself to the application and then infects any files accessed by that application. See also file infector.
Mb See megabit (Mb).
MB See megabyte (MB).
Mbps See millions of bits per second (Mbps).
media The cable or wire that connects the vast majority of LANs today, which acts as the LAN transmission medium and carries data between computers.
media access control (MAC) driver The device driver located at the media access control sublayer of the OSI reference model. This driver is also known as the NIC driver. It provides low-level access to NICs by providing data-transmission support and some basic NIC management functions. These drivers also pass data from the physical layer to transport protocols at the network and transport layers.
media access control (MAC) sublayer One of two sublayers created by the IEEE Project 802 out of the data-link layer of the OSI reference model. The MAC sublayer communicates directly with the network interface card and is responsible for delivering error-free data between two computers on the network. See also logical link control (LLC) sublayer.
megabit (Mb) A measurement that is usually 1,048,576 bits; sometimes interpreted as 1 million bits. See also bit.
megabyte (MB) A measurement that is usually 1,048,576 bytes (2 raised to the 20th power); sometimes interpreted as 1 million bytes. See also byte.
Micro Channel Architecture The design of the bus in IBM PS/2 computers (except models 25 and 30). The Micro Channel is electrically and physically incompatible with the IBM PC/AT bus. Unlike the PC/AT bus, the Micro Channel functions as either a 16-bit or 32-bit bus. The Micro Channel can also be driven independently by multiple bus master processors. See also Extended Industry Standard Architecture (EISA); Industry Standard Architecture (ISA).
Microcom Network Protocol (MNP) The standard for asynchronous data-error control developed by Microcom Systems. The method works so well that other companies have adopted not only the initial version of the protocol, but later versions as well. Currently, several modem vendors incorporate MNP Classes 2, 3, 4, and 5.
Microsoft Technical Information Network (TechNet) A network that provides informational support for all aspects of networking, with an emphasis on Microsoft products.
millions of bits per second (Mbps) The unit of measurement of supported transmission rates on the following physical media: coaxial cable, twisted-pair cable, and fiber-optic cable. See also bit.
MNP See Microcom Network Protocol (MNP).
mobile computing A technique that incorporates wireless adapters using cellular telephone technology to connect portable computers with the cabled network.
modem A communication device that enables a computer to transmit information over a standard telephone line. Because a computer is digital, it works with discrete electrical signals representing binary 1 and binary 0. A telephone is analog and carries a signal that can have many variations. Modems are needed to convert digital signals to analog and back. When transmitting, modems impose (modulate) a computer's digital signals onto a continuous carrier frequency on the telephone line. When receiving, modems sift out (demodulate) the information from the carrier and transfer it in digital form to the computer.
multitasking A mode of operation offered by an operating system in which a computer works on more than one task at a time. The two primary types of multitasking are preemptive and nonpreemptive. In preemptive multitasking, the operating system can take control of the processor without the task's cooperation. In nonpreemptive multitasking, the processor is never taken from a task. The task itself decides when to give up the processor. A true multitasking operating system can run as many tasks as it has processors. When there are more tasks than processors, the computer must "time slice" so that the available processors devote a certain amount of time to one task and then move on to the next task, alternating between tasks until all the tasks are completed.
N
Name Binding Protocol (NBP) An Apple protocol responsible for keeping track of entities on the network and matching names with Internet addresses. It works at the transport layer of the OSI reference model.
namespace Any bounded area in which a name can be resolved. Name resolution is the process of translating a name into some object or information that the name represents. The Active Directory namespace is based on the DNS naming scheme, which allows for interoperability with Internet technologies.
NBP See Name Binding Protocol (NBP).
nbtstat A diagnostic command that displays protocol statistics and current TCP/IP connections using NetBIOS over TCP/IP (NetBT). This command is available only if the TCP/IP protocol has been installed. See also netstat.
NDIS See Network Driver Interface Specification (NDIS).
NetBIOS Enhanced User Interface (NetBEUI) A protocol supplied with all Microsoft network products. NetBEUI advantages include small stack size (important for MS-DOS-based computers), speed of data transfer on the network medium, and compatibility with all Microsoft-based networks. The major drawback of NetBEUI is that it is a LAN transport protocol and therefore does not support routing. It is also limited to Microsoft-based networks.
netstat A diagnostic command that displays protocol statistics and current TCP/IP network connections. This command is available only if the TCP/IP protocol has been installed. See also nbtstat.
NetWare Core Protocol (NCP) A protocol that defines the connection control and service- request encoding that make it possible for clients and servers to interact. This is the protocol that provides transport and session services. NetWare security is also provided within this protocol.
network In the context of computers, a system in which a number of independent computers are linked together to share data and peripherals, such as hard disks and printers.
network adapter card See network interface card (NIC).
network basic input/output system (NetBIOS) An application programming interface (API) that can be used by application programs on a LAN consisting of IBM-compatible microcomputers running MS-DOS, OS/2, or some version of UNIX. Primarily of interest to programmers, NetBIOS provides application programs with a uniform set of commands for requesting the lower-level network services required to conduct sessions between nodes on a network and transmit information between them.
Network Driver Interface Specification (NDIS) A standard that defines an interface for communication between the media access control (MAC) sublayer and protocol drivers. NDIS allows for a flexible environment of data exchange. It defines the software interface, called the NDIS interface, which is used by protocol drivers to communicate with the network interface card. The advantage of NDIS is that it offers protocol multiplexing so that multiple protocol stacks can be used at the same time. See also Open Data-Link Interface (ODI).
network interface card (NIC) An expansion card installed in each computer and server on the network. The NIC acts as the physical interface or connection between the computer and the network cable.
network layer The third layer in the OSI reference model. This layer is responsible for addressing messages and translating logical addresses and names into physical addresses. This layer also determines the route from the source to the destination computer. It determines which path the data should take based on network conditions, priority of service, and other factors. It also manages traffic problems such as switching, routing, and controlling the congestion of data packets on the network. See also Open Systems Interconnection (OSI) reference model.
network monitors Monitors that track all or a selected part of network traffic. They examine frame-level packets and gather information about packet types, errors, and packet traffic to and from each computer.
NIC See network interface card (NIC).
node On a LAN, a device that is connected to the network and is capable of communicating with other network devices. For example, clients, servers, and repeaters are called nodes.
nonpreemptive multitasking A form of multitasking in which the processor is never taken from a task. The task itself decides when to give up the processor. Programs written for nonpreemptive multitasking systems must include provisions for yielding control of the processor. No other program can run until the nonpreemptive program gives up control of the processor. See also multitasking; preemptive multitasking.
Novell NetWare One of the leading network architectures.
O
Object A distinct, named set of attributes that represent a network resource. Object attributes are characteristics of objects in the Directory. For example, the attributes of a user account might include the user's first and last names, department, and e-mail address.
ODI See Open Data-Link Interface (ODI).
ohm The unit of measurement for electrical resistance. A resistance of 1 ohm will pass 1 ampere of current when a voltage of 1 volt is applied. A 100-watt incandescent bulb has a resistance of approximately 130 ohms.
Open Data-Link Interface (ODI) A specification defined by Novell and Apple to simplify driver development and to provide support for multiple protocols on a single network interface card. Similar to NDIS in many respects, ODI allows Novell NetWare drivers to be written without concern for the protocol that will be used on top of them.
Open Shortest Path First (OSPF) A routing protocol for IP networks, such as the Internet, that allows a router to calculate the shortest path to each node for sending messages.
Open Systems Interconnection (OSI) reference model A seven-layer architecture that standardizes levels of service and types of interaction for computers exchanging information through a network. It is used to describe the flow of data between the physical connection to the network and the end-user application. This model is the best-known and most widely used model for describing networking environments. Following is the OSI seven-layer focus from highest to lowest level:
7. application layer. Program-to-program transfer of information
6. presentation layer. Text formatting and display-code conversion
5. session layer. Establishing, maintaining, and coordinating communication
4. transport layer. Accurate delivery and service quality
3. network layer. Transport routes, message handling, and transfer
2. data-link layer. Coding, addressing, and transmitting information
1. physical layer. Hardware connections
organizational unit (OU) A container that you use to organize objects within a domain into logical administrative groups. An OU can contain objects such as user accounts, groups, computers, printers, applications, file shares, and so on.
OSI See Open Systems Interconnection (OSI) reference model.
OSPF See Open Shortest Path First (OSPF).
P
packet A unit of information transmitted as a whole from one device to another on a network. In packet-switching networks, a packet is defined more specifically as a transmission unit of fixed maximum size that consists of binary digits representing data; a header containing an identification number, source, and destination addresses; and sometimes error-control data. See also frame.
packet assembler/disassembler (PAD) A device that breaks large chunks of data into packets, usually for transmissions over an X.25 network, and reassembles them at the other end. See also packet switching.
Packet Internet Groper (ping) A simple utility that tests whether a network connection is complete, from the server to the workstation, by sending a message to the remote computer. If the remote computer receives the message, it responds with a reply message. The reply consists of the remote workstation's IP address, the number of bytes in the message, how long it took to reply-given in milliseconds (ms)-and the length of Time to Live (TTL) in seconds. Ping works at the IP level and will often respond even when higher level TCP-based services cannot.
packet switching A message delivery technique in which small units of information (packets) are relayed through stations in a computer network along the best route available between the source and the destination. Data is broken into smaller units and then repacked in a process called packet assembler/disassembler (PAD). Although each packet can travel along a different path, and the packets composing a message can arrive at different times or out of sequence, the receiving computer reassembles the original message. Packet-switching networks are considered fast and efficient. Standards for packet switching on networks are documented in the CCITT recommendation X.25.
PAD See packet assembler/disassembler (PAD).
page-description language (PDL) A language that communicates to a printer how printed output should appear. The printer uses the PDL to construct text and graphics to create the page image. PDLs are like blueprints in that they set parameters and features such as type sizes and fonts, but they leave the drawing to the printer.
paging file A special file on one or more of the hard disks of a computer running Windows 2000. Windows 2000 uses virtual memory to store some of the program code and other information in RAM and to temporarily store some of the program code and other information on the computer's hard disks. This increases the amount of available memory on the computer.
parity An error-checking procedure in which the number of 1s must always be the same—either odd or even—for each group of bits transmitted without error. Parity is used for checking data transferred within a computer or between computers.
partition A portion of a physical disk that functions as if it were a physically separate unit.
password-protected share The access to a shared resource that is granted when a user enters the appropriate password.
PDA See personal digital assistant (PDA).
PDL See page-description language (PDL).
PDN See public data network (PDN).
peer-to-peer network A network that has no dedicated servers or hierarchy among the computers. All computers are equal and, therefore, known as peers. Generally, each computer functions as both client and server.
peripheral A term used for devices such as disk drives, printers, modems, mouse devices, and joysticks that are connected to a computer and controlled by its microprocessor.
Peripheral Component Interconnect (PCI) A 32-bit local bus used in most Pentium computers and in the Apple Power Macintosh that meets most of the requirements for providing Plug and Play functionality.
permanent virtual circuit (PVC) A permanent logical connection between two nodes on a packet-switching network; similar to leased lines that are permanent and virtual, except that with PVC, the customer pays for only the time the line is used. This type of connection service is gaining importance because both frame relay and ATM use it. See also packet switching; virtual circuit.
permissions See access permissions.
personal digital assistant (PDA) A type of handheld computer that provides functions including personal organization features—like a calendar, note taking, database manipulation, calculator, and communications. For communication, a PDA uses cellular or wireless technology that is often built into the system but that can be supplemented or enhanced by means of a PC Card.
petabyte See byte.
phase change rewritable (PCR) A type of rewritable optical technology in which the optical devices come from one manufacturer (Matsushita/Panasonic) and the media comes from two (Panasonic and Plasmon).
physical layer The first (bottommost) layer of the OSI reference model. This layer addresses the transmission of the unstructured raw bit stream over a physical medium (the networking cable). The physical layer relates the electrical/optical, mechanical, and functional interfaces to the cable and also carries the signals that transmit data generated by all of the higher OSI layers. See also Open Systems Interconnection (OSI) reference model.
ping See Packet Internet Groper (ping).
Plug and Play (PnP) A capability that enables a computer system to automatically configure a device added to it. Plug and Play capability exists in Macintoshes based on the NuBus and, since Windows 95, on PC-compatible computers. Also refers to specifications developed by Intel and Microsoft that allow a PC to configure itself automatically to work with peripherals such as monitors, modems, and printers.
point-to-point configuration Dedicated circuits that are also known as private, or leased, lines. They are the most popular WAN communication circuits in use today. The carrier guarantees full-duplex bandwidth by setting up a permanent link from each endpoint, using bridges and routers to connect LANs through the circuits. See also Point-to-Point Protocol (PPP); Point-to-Point Tunneling Protocol (PPTP).
Point-to-Point Protocol (PPP) A data-link protocol for transmitting TCP/IP packets over dial-up telephone connections, such as between a computer and the Internet. PPP was developed by the Internet Engineering Task Force in 1991.
Point-to-Point Tunneling Protocol (PPTP) An extension of the Point-to-Point Protocol that is used for communications on the Internet. Microsoft developed PPTP to support virtual private networks (VPNs), which allow individuals and organizations to use the Internet as a secure means of communication. PPTP supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection. See also virtual private network (VPN).
polymorphic virus A variant of a file-infector virus that is named for the fact that it changes its appearance each time it is replicated. This makes it difficult to detect because no two versions of the virus are exactly the same. See also file infector.
polyvinyl chloride (PVC) The material most commonly used for insulating and jacketing cable.
preemptive multitasking A form of multitasking (the ability of a computer's operating system to work on more than one task at a time). With preemptive multitasking—as opposed to nonpreemptive multitasking—the operating system can take control of the processor without the task's cooperation. See also nonpreemptive multitasking.
presentation layer The sixth layer of the OSI reference model. This layer determines the form used to exchange data between networked computers. At the sending computer, this layer translates data from a format sent down from the application layer into a commonly recognized, intermediary format. At the receiving end, this layer translates the intermediary format into a format useful to that computer's application layer. The presentation layer manages network security issues by providing services such as data encryption, provides rules for data transfer, and performs data compression to reduce the number of bits that need to be transmitted. See also Open Systems Interconnection (OSI) reference model.
print device The hardware device that produces printed documents.
print queue A buffer in which a print job is held until the printer is ready to print it.
print server The computer on which the printers that are associated with local and network- interface print devices reside. The print server receives and processes documents from client computers. You set up and share network printers on print servers.
printer The software interface between the operating system and the print device. The printer defines where a document will go to reach the print device, when it will go, and how various other aspects of the printing process will be handled.
printer driver One or more files containing information that Windows 2000 requires to convert print commands into a specific printer language, such as PostScript. A printer driver is specific to each print device model.
printer pool A printer that is connected to multiple print devices through multiple ports on a print server. The print server can be local or network-interface print devices. Print devices should be identical; however, you can use print devices that are not identical but use the same printer driver.
printer port The software interface through which a computer communicates with a print device by means of a locally attached interface. These supported interfaces include LPT, COM, USB, and network-attached devices such as the HP JetDirect and Intel NetPort.
Private Branch Exchange (PBX) or Private Auto-mated Branch Exchange (PABX) A switching telephone network that allows callers within an organization to place intraorganizational calls without going through the public telephone system.
protocol The system of rules and procedures that govern communication between two or more devices. Many varieties of protocols exist, and not all are compatible, but as long as two devices are using the same protocol, they can exchange data. Protocols exist within protocols, as well, governing different aspects of communication. Some protocols, such as the RS-232 standard, affect hardware connections. Other standards govern data transmission, including the parameters and handshaking signals such as XON/OFF used in asynchronous (typically, modem) communications, as well as such data-coding methods as bit- and byte-oriented protocols. Still other protocols, such as the widely used Xmodem, govern file transfer, and others, such as CSMA/CD, define the methods by which messages are passed around the stations on a LAN. Protocols represent attempts to ease the complex process of enabling computers of different makes and models to communicate. Additional examples of protocols include the OSI model, IBM's SNA, and the Internet suite, including TCP/IP. See also Systems Network Architecture (SNA); Transport Control Protocol/Internet Protocol (TCP/IP).
protocol driver The driver responsible for offering four or five basic services to other layers in the network, while "hiding" the details of how the services are actually implemented. Services performed include session management, datagram service, data segmentation and sequencing, acknowledgment, and possibly routing across a WAN.
protocol stack A layered set of protocols that work together to provide a set of network functions.
proxy server A firewall component that manages Internet traffic to and from a local area network (LAN). The proxy server decides whether it is safe to let a particular message or file pass through to the organization's network, providing access control to the network, and filters and discards requests as specified by the owner, including requests for unauthorized access to proprietary data. See also firewall.
public data network (PDN) A commercial packet-switching or circuit-switching WAN service provided by local and long-distance telephone carriers.
PVC See permanent virtual circuit (PVC).
R
RADIUS See Remote Authentication Dial-In User Service.
RAID See redundant array of independent disks (RAID).
random access memory (RAM) Semiconductor-based memory that can be read and written to by the microprocessor or other hardware devices. The storage locations can be accessed in any order. Note that the various types of ROM memory are also capable of random access. However, the term RAM is generally understood to refer to volatile memory, which can be written as well as read. See also read-only memory (ROM).
read-only memory (ROM) Semiconductor-based memory that contains instructions or data that can be read but not modified. See also random access memory (RAM).
redirector Networking software that accepts I/O requests for remote files, named pipes, or mail slots and sends (redirects) the requests to a network service on another computer.
reduced instruction set computing (RISC) A type of microprocessor design that focuses on rapid and efficient processing of a relatively small set of instructions. RISC design is based on the premise that most of the instructions that a computer decodes and executes are simple. As a result, RISC architecture limits the number of instructions that are built into the microprocessor but optimizes each so it can be carried out rapidly, usually within a single clock cycle. RISC chips execute simple instructions faster than microprocessors designed to handle a much wider array of instructions. However, they are slower than general-purpose complex instruction set computing (CISC) chips when executing complex instructions, which must be broken down into many machine instructions before they can be carried out by RISC microprocessors.
redundancy system A fault-tolerant system that protects data by duplicating it in different physical sources. Data redundancy allows access to data even if part of the data system fails. See also fault tolerance.
redundant An array of inexpensive disks (RAID). See also redundant array of independent disks (RAID).
redundant array of independent disks (RAID) A standardization of fault-tolerant options in five levels. The levels offer various combinations of performance, reliability, and cost. Formerly known as redundant array of inexpensive disks.
Remote Authentication Dial-In User Service (RADIUS) A security authentication protocol widely used by Internet Service Providers (ISPs). RADIUS provides authentication and accounting services for distributed dial-up networking.
remote-boot programmable read-only memory (PROM) A special chip in the network interface card that contains the hardwired code that starts the computer and connects the user to the network, used in computers for which there are no hard disks or floppy drives. See also diskless computers.
remote installation The process of connecting to a server running Remote Installation Services (RIS), called the RIS server, and then starting an automated installation of Windows 2000 Professional on a local computer.
remote user A user who dials in to the server over modems and telephone lines from a remote location.
requester (LAN requester) Software that resides in a computer and forwards requests for network services from the computer's application programs to the appropriate server. See also redirector.
resources Any part of a computer system. Users on a network can share computer resources, such as hard disks, printers, modems, CD-ROM drives, and even the processor.
rights The authorization with which a user is entitled to perform certain actions on a computer network. Rights apply to the system as a whole, whereas permissions apply to specific objects. For example, a user might have the right to back up an entire computer system, including the files that the user doesn't have permission to access. See also access permissions.
RISC See reduced instruction set computing (RISC).
ROM See read-only memory (ROM).
routable protocols The protocols that support multipath LAN-to-LAN communications. See also protocol.
router A device used to connect networks of different types, such as those using different architectures and protocols. Routers work at the network layer of the OSI reference model. This means they can switch and route packets across multiple networks, which they do by exchanging protocol-specific information between separate networks. Routers determine the best path for sending data and filter broadcast traffic to the local segment.
Routing Information Protocol (RIP) A protocol that uses distance-vector algorithms to determine routes. With RIP, routers transfer information among other routers to update their internal routing tables and use that information to determine the best routes based on hop counts between routers. TCP/IP and IPX support RIP.
RS-232 standard An industry standard for serial communication connections adopted by the Electrical Industries Association (EIA). This recommended standard defines the specific lines and signal characteristics used by serial communications controllers to standardize the transmission of serial data between devices.
S
SAP See service access point (SAP); Service Advertising Protocol (SAP).
schema A database description to the database management system that contains a formal definition of the contents and structure of Active Directory directory services, including all attributes, classes, and class properties. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which object class can be a parent of the current object class.
SCSI See Small Computer System Interface (SCSI).
SDLC See Synchronous Data Link Control (SDLC).
sector A portion of the data-storage area on a disk. A disk is divided into sides (top and bottom), tracks (rings on each surface), and sectors (sections of each ring). Sectors are the smallest physical storage units on a disk and are of fixed size—typically capable of holding 512 bytes of information apiece.
sector sparing A fault-tolerant system also called hot fixing. It automatically adds sector-recovery capabilities to the file system during operation. If bad sectors are found during disk I/O, the fault-tolerant driver will attempt to move the data to a good sector and map out the bad sector. If the mapping is successful, the file system is not alerted. It is possible for SCSI devices to perform sector sparing, but AT devices (ESDI and IDE) cannot.
security The act of making computers and data stored on them safe from harm or unauthorized access.
Security log A log that records security events. For example, valid and invalid logon attempts and events relating to creating, opening, or deleting files or other objects.
segment The length of cable on a network between two terminators. A segment can also refer to messages that have been broken up into smaller units by the protocol driver.
Sequenced Packet Exchange (SPX) Part of Novell's IPX/SPX protocol suite for sequenced data. See also Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/SPX).
Serial Line Internet Protocol (SLIP) As defined in RFC 1055, an internet protocol that is normally used on Ethernet over a serial line—for example, an RS-232 serial port connected to a modem.
serial transmission A one-way data transfer. The data travels on a network cable with one bit following another.
server A computer that provides shared resources to network users. See also client.
server-based network A network in which resource security and most other network functions are provided by dedicated servers. Server-based networks have become the standard model for networks serving more than 10 users. See also peer-to-peer network.
server message block (SMB) The protocol developed by Microsoft, Intel, and IBM that defines a series of commands used to pass information between network computers. The redirector packages SMB requests into a network control block (NCB) structure that can be sent over the network to a remote device. The network provider listens for SMB messages destined for it and removes the data portion of the SMB request so that it can be processed by a local device.
service access point (SAP) The interface between each of the seven layers in the OSI protocol stack that has connection points, similar to addresses, used for communication between layers. Any protocol layer can have multiple SAPs active at one time.
Service Advertising Protocol (SAP) A protocol that allows service-providing nodes (including file, printer, gateway, and application servers) to advertise their services and addresses.
session A connection or link between stations on the network.
session layer The fifth layer of the OSI reference model. This layer allows two applications on different computers to establish, use, and end a connection called a session. This layer performs name recognition and functions, such as security, needed to allow two applications to communicate over the network. The session layer provides synchronization between user tasks. This layer also implements dialog control between communicating processes, regulating which side transmits, when, for how long, and so on. See also Open Systems Interconnection (OSI) reference model.
session management The process that establishes, maintains, and terminates connections between stations on the network.
sharing The means by which files or folders are publicly posted on a network for access by anyone on the network.
shell A piece of software, usually a separate program, that provides direct communication between the user and the operating system. This usually takes the form of a command-line interface. Examples of shells are Macintosh Finder and the MS-DOS command interface program Command.com.
Simple Mail Transfer Protocol (SMTP) A TCP/IP protocol for transferring e-mail. See also application protocol; Transport Control Protocol/Internet Protocol (TCP/IP).
Simple Network Management Protocol (SNMP) A TCP/IP protocol for monitoring networks. SNMP uses a request and response process. In SNMP, short utility programs, called agents, monitor the network traffic and behavior in key network components to gather statistical data, which they put into a management information base (MIB). To collect the information into a usable form, a special management console program regularly polls the agents and downloads the information in their MIBs. If any of the data falls either above or below parameters set by the manager, the management console program can present signals on the monitor locating the trouble and notify designated support staff by automatically dialing a pager number.
simultaneous peripheral operation online (spool) A process that facilitates the process of moving a print job from the network into a printer.
site A combination of one or more IP subnets, typically connected by a high-speed link.
Small Computer System Interface (SCSI) Pronounced "skuzzy," a standard, high-speed parallel interface defined by ANSI. A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and LANs.
SMB See server message block (SMB).
SMP See symmetric multiprocessing (SMP).
SMTP See Simple Mail Transfer Protocol (SMTP).
SNMP See Simple Network Management Protocol (SNMP).
software Computer programs or sets of instructions that allow the hardware to work. Software can be grouped into four categories: system software, such as operating systems, which control the workings of the computer; application software, such as word-processing programs, spreadsheets, and databases, which perform the tasks for which people use computers; network software, which enables groups of computers to communicate; and language software, which provides programmers with the tools they need to write programs.
SONET See Synchronous Optical Network (SONET).
spanning tree algorithm (STA) An algorithm (mathematical procedure) implemented to eliminate redundant routes and to avoid situations in which multiple LANs are joined by more than one path by the IEEE 802.1 Network Management Committee. Under STA, bridges exchange certain control information in an attempt to find redundant routes. The bridges determine which would be the most efficient route and then use that one and disable the others. Any of the disabled routes can be reactivated if the primary route becomes unavailable.
SPX See Sequenced Packet Exchange (SPX).
SQL See structured query language (SQL).
STA See spanning tree algorithm (STA).
stand-alone computer A computer that isn't connected to any other computers and isn't part of a network.
stand-alone environment A work environment in which each user has a personal computer but works independently, unable to share files and other important information that would be readily available through server access in a networking environment.
stealth virus A variant of a file-infector virus. This virus is so named because it attempts to hide from detection. When an antivirus program attempts to find it, the stealth virus tries to intercept the probe and return false information indicating that it does not exist.
stripe set A form of fault tolerance that combines multiple areas of unformatted free space into one large logical drive, distributing data storage across all drives simultaneously. In Windows 2000, a stripe set requires at least two physical drives and can use up to 32 physical drives. Stripe sets can combine areas on different types of drives, such as Small Computer System Interface (SCSI), Enhanced Small Device Interface (ESDI), and Integrated Device Electronics (IDE) drives.
structured query language (SQL) A standard language for creating, updating, and querying relational database management systems.
Switched Multimegabit Data Services (SMDS) A high-speed, switched-packet service that can provide speeds of up to 34 Mbps.
switched virtual circuit (SVC) A logical connection between end computers that uses a specific route across the network. Network resources are dedicated to the circuit, and the route is maintained until the connection is terminated. These are also known as point-to-multipoint connections. See also virtual circuit.
symmetric multiprocessing (SMP) A system that uses any available processor on an as-needed basis. With this approach, the system load and application needs can be distributed evenly across all available processors.
synchronous A form of communication that relies on a timing scheme coordinated between two devices to separate groups of bits and transmit them in blocks called frames. Special characters are used to begin the synchronization and check its accuracy periodically. Because the bits are sent and received in a timed, controlled (synchronized) fashion, start and stop bits are not required. Transmission stops at the end of one transmission and starts again with a new one. It is a start/stop approach, and more efficient than asynchronous transmission. If an error occurs, the synchronous error detection and correction scheme implements a retransmission. However, because more sophisticated technology and equipment is required to transmit synchronously, it is more expensive than asynchronous transmission.
Synchronous Data Link Control (SDLC) The data link (data transmission) protocol most widely used in networks conforming to IBM's SNA. SDLC is a communications guideline that defines the format in which information is transmitted. As its name implies, SDLC applies to synchronous transmissions. SDLC is also a bit-oriented protocol and organizes information in structured units called frames.
Synchronous Optical Network (SONET) A fiber-optic technology that can transmit data at more than one gigabit per second. Networks based on this technology are capable of delivering voice, data, and video. SONET is a standard for optical transport formulated by the Exchange Carriers Standards Association (ECSA) for ANSI.
Systems Network Architecture (SNA) An IBM-proprietary high-level networking protocol standard for IBM and IBM-compatible mainframe systems. See also protocol.
T
TCO See total cost of ownership (TCO).
TCP See Transmission Control Protocol (TCP).
TCP/IP See Transport Control Protocol/Internet Protocol (TCP/IP).
TDI See transport driver interface (TDI).
TechNet See Microsoft Technical Information Network (TechNet).
Telnet The command and program used to log in from one Internet site to another. The Telnet command and program brings the user to the login prompt of another host.
terabyte See byte.
throughput A measure of the data transfer rate through a component, connection, or system. In networking, throughput is a good indicator of the system's total performance because it defines how well the components work together to transfer data from one computer to another. In this case, the throughput would indicate how many bytes or packets the network could process per second.
topology The arrangement or layout of computers, cables, and other components on a network. Topology is the standard term that most network professionals use when referring to the network's basic design.
total cost of ownership (TCO) The total amount of money and time associated with purchasing computer hardware and software, and deploying, configuring, and maintaining the hardware and software. It includes hardware and software updates, training, maintenance and administration, and technical support. One other major factor is lost productivity due to user errors, hardware problems, software upgrades, and retraining.
tracert A Traceroute command-line utility that shows every router interface through which a TCP/IP packet passes on its way to a destination.
trailer One of the three sections of a packet component. The exact content of the trailer varies depending on the protocol, but it usually includes an error-checking component, or cyclical redundancy check (CRC).
transceiver A device that connects a computer to the network. The term is derived from transmitter/receiver; thus, a transceiver is a device that receives and transmits signals. It switches the parallel data stream used on the computer's bus into a serial data stream used in the cables connecting the computers.
Transmission Control Protocol (TCP) The TCP/IP protocol for sequenced data. See also Transport Control Protocol/Internet Protocol (TCP/IP).
Transport Control Protocol/Internet Protocol (TCP/IP) An industry standard suite of protocols providing communications in a heterogeneous environment. In addition, TCP/IP provides a routable enterprise networking protocol and access to the Internet and its resources. It is a transport layer protocol that actually consists of several other protocols in a stack that operates at the session layer. Most networks support TCP/IP as a protocol.
transport driver interface (TDI) An interface that works between the file-system driver and the transport protocols, allowing any protocol written to TDI to communicate with the file-system drivers.
transport layer The fourth layer of the OSI reference model. It ensures that messages are delivered error free, in sequence, and without losses or duplications. This layer repackages messages for efficient transmission over the network. At the receiving end, the transport layer unpacks the messages, reassembles the original messages, and sends an acknowledgment of receipt. See also Open Systems Interconnection (OSI) reference model.
transport protocols Protocols that provide for communication sessions between computers and ensure that data is able to move reliably between computers.
tree A grouping of hierarchical arrangements of one or more Windows 2000 domains that share a contiguous namespace.
Trojan horse virus A type of virus that appears to be a legitimate program that might be found on any system. The Trojan horse virus can destroy files and cause physical damage to disks.
trust relationship A link between domains that enables pass-through authentication, in which a user has only one user account in one domain, yet can access the entire network. User accounts and global groups defined in a trusted domain can be given rights and resource permissions in a trusting domain even though those accounts don't exist in the trusting domain's database. A trusting domain honors the logon authentication of a trusted domain.
U
UART See universal asynchronous receiver transmitter (UART).
UDP See User Datagram Protocol (UDP).
Uniform Resource Locator (URL) An address for a resource on the Internet that provides the hypertext links between documents on the World Wide Web (WWW). Every resource on the Internet has its own location identifier, or URL, that specifies the server to access as well as the access method and the location. URLs can use various protocols including FTP and HTTP.
uninterruptible power supply (UPS) A device connected between a computer or another piece of electronic equipment and a power source, such as an electrical outlet. The UPS ensures that the electrical flow to the computer is not interrupted because of a blackout and, in most cases, protects the computer against potentially damaging events such as power surges and brownouts. Different UPS models offer different levels of protection. All UPS units are equipped with a battery and loss-of-power sensor. If the sensor detects a loss of power, it immediately switches over to the battery so that users have time to save their work and shut off the computer. Most higher-end models have features such as power filtering, sophisticated surge protection, and a serial port so that an operating system capable of communicating with a UPS (such as Windows 2000) can work with the UPS to facilitate automatic system shutdown.
universal asynchronous receiver transmitter (UART) A module, usually composed of a single integrated circuit, that contains both the receiving and transmitting circuits required for asynchronous serial communication. Two computers, each equipped with a UART, can communicate over a simple wire connection. The operation of the sending and receiving units are not synchronized by a common clock signal, so the data stream itself must contain information about when packets of information (usually bytes) begin and end. This information about the beginning and ending of a packet is provided by the start and stop bits in the data stream. A UART is the most common type of circuit used in personal-computer modems.
universal serial bus (USB) A serial bus with a data transfer rate of 12 megabits per second (Mbps) for connecting peripherals to a microcomputer. USB can connect up to 127 peripheral devices to the system through a single, general-purpose port. This is accomplished by daisy chaining peripherals together. USB is designed to support the ability to automatically add and configure new devices and the ability to add such devices without having to shut down and restart the system.
UPS See uninterruptible power supply (UPS).
URL See Uniform Resource Locator (URL).
USB See universal serial bus (USB).
user account An account that consists of all of the information that defines a user on a network. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the system and accessing its resources.
User Datagram Protocol (UDP) A connectionless protocol, responsible for end-to-end data transmission.
user groups Groups of users who meet online or in person to discuss installation, administration, and other network challenges for the purpose of sharing and drawing on each other's expertise in developing ideas and solutions.
V
virtual circuit A series of logical connections between a sending computer and a receiving computer. The connection is made after both computers exchange information and agree on communication parameters that establish and maintain the connection, including maximum message size and path. Virtual circuits incorporate communication parameters such as acknowledgments, flow control, and error control to ensure reliability. They can be either temporary, lasting only as long as the conversation, or permanent, lasting as long as the users keep the communication channel open.
virtual memory The space on one or more of a computer's hard disks used by Windows 2000 as if it were RAM. This space on the hard disks is known as a paging file. The benefit of virtual memory is being able to run more applications at one time than would be possible by using just the RAM (physical memory) on the computer.
virtual private network (VPN) A set of computers on a public network such as the Internet that communicate among themselves using encryption technology. In this way, their messages are safe from being intercepted and understood by unauthorized users. VPNs operate as if the computers were connected by private lines.
virus Computer programming, or code, that hides in computer programs or on the boot sector of storage devices such as hard-disk drives and floppy-disk drives. The primary purpose of a virus is to reproduce itself as often as possible; a secondary purpose is to disrupt the operation of the computer or the program.
volume set A collection of hard-disk partitions that are treated as a single partition, thus increasing the disk space available in a single drive letter. Volume sets are created by combining between 2 and 32 areas of unformatted free space on one or more physical drives. These spaces form one large logical volume set that is treated like a single partition.
VPN See virtual private network (VPN).
W
wide area network (WAN) A computer network that uses long-range telecommunication links to connect networked computers across long distances.
winipcfg A diagnostic command specific to Microsoft Windows 95 and 98. Although this graphical user interface utility (GUI) duplicates the functionality of ipconfig, its GUI makes it easier to use. See also ipconfig.
workgroup A collection of computers grouped for sharing resources such as data and peripherals over a LAN. Each workgroup is identified by a unique name. See also domain; peer-to-peer network.
World Wide Web (the Web, or WWW) The Internet multimedia service that contains a vast storehouse of hypertext documents written in HTML. See also Hypertext Markup Language (HTML).
WORM See Write-Once Read-Many (WORM).
Write-Once Read-Many (WORM) Any type of storage medium to which data can be written only once but can be read any number of times. Typically, this is an optical disc whose surface is permanently etched using a laser to record information.
Z
Zone A discrete portion of the domain name space. Zones provide a way to partition the domain name space into discrete manageable sections.
Subscribe to:
Posts (Atom)