Exam Reviews

Client-side Competence

The Windows 2000 Professional exam tests your knowledge of the desktop, the network, security-and your ability to read well.

• By Jill Gebelt
• 10/01/2001

Even if you spend your days setting up and tuning servers, nary giving a thought to client machines, you're still going to face the Windows 2000 Professional test. Consider it your blockade to earning your MCSE. That's why we're revisiting it in these pages. We originally reviewed the exam in its beta form back in our July 2000 issue. Then I touched on it again in my review of the Accelerated test in the June 2002 issue. Now it's time to look at the Win2K Pro exam in its live version. Over the next several months, I'll also review the other core tests to bring you up to date on what to expect when you get to the testing center.

I've heard some people say 70-210 is tougher than any of the Windows NT tests they've tried. In general, I found the questions on this exam to be less strange and tricky than some of the NT 4.0 exams. However, they're also longer; I'm talking about questions that go on for multiple paragraphs and require careful reading! It's easy to miss critical information when items get as long as these do. In addition to the usual multiple-choice questions, you're likely to have a few "Select and Place" questions on the Win2K exams. The question starts with a scenario that explains the task you need to complete. You then launch the "Select and Place" application, which consists of a graphic and a number of answer elements that you must drag to the correct location on the graphic (see Figure 1).

Figure 1. A select-and-place type of question consists of a graphic and a number of answer elements you must drag to the correction location on the graphic, based on the scenario presented.

Installation
The first set of objectives for the Win2K Pro exam covers installation. As always, before you start an installation, make sure the computer meets all hardware requirements.

You need to understand what occurs during each of the four stages of set-up: Setup Program, Setup Wizard, Install Windows Networking, and Complete Setup. The initial set-up stage is the text-based portion of Setup. The Win2K partition is created, you select the file system format, and set-up files are copied to the hard disk. If you have drivers for a custom HAL or third-party disk hardware, they're loaded during this stage. When the text-based portion of set-up is complete, the computer reboots and starts the graphical Setup Wizard, which asks for information such as user name, product key and regional settings. The next stage is to install Windows networking. By default, TCP/IP, Client for Microsoft Networks, and File and Print Sharing are installed. The default TCP/IP configuration is to obtain an IP address automatically. Once the networking components are installed, you can join a workgroup or a domain. If you want to join a Win2K domain, the network must be running Active Directory, and the client computer needs to be able to contact a DNS server that contains the records for your AD domain. The final installation stage completes set-up. The program copies files, configures the computer, saves the configuration, and removes the temporary files.

You must be able to perform attended and unattended installations. To start an attended installation, boot from the Win2K CD-ROM if the computer supports booting from the CD. If your computer doesn't support booting from the CD-ROM, make boot disks with makeboot.exe or makebt32.exe. You can also start an installation over the network. Set up a server with a file share containing the contents of the \i386 folder. Boot the client with a network boot disk and then connect to the shared folder. Start the installation by running Winnt.exe. Winnt.exe is used when you're running a 16-bit environment. This is typically the case when you create a network boot disk. If you're running a 32-bit environment, use Winnt32.exe.

For an unattended installation, use the Setup Manager Wizard to create an answer file. This file contains the information required by Setup, so you don't have to enter anything during the installation. You can perform an unattended installation when booting from the Win2K CD-ROM by connecting to a distribution server that contains the installation files or by using Remote Installation Services (RIS). To perform an unattended installation with the installation CD, save the answer file on a floppy with the name Winnt.sif. Boot from the CD and put the floppy in the drive. An unattended installation over the network is similar to an attended installation. Simply use the correct switch to specify the answer file when you start the installation (Winnt /u:answerfile or Winnt32 /unattend:answerfile).

RIS is new to Win2K. It's used to automate the installation of Win2K Pro. Before you can install clients, you must set up the RIS server, which requires AD, DNS and DHCP. Client images are stored on an NTFS partition on the RIS server. This partition can't be the system or boot partition. When you create the client image, you also associate an answer file with the image.

Tip: RIS clients need PXE-enabled network adapters. This type of NIC allows the client to boot from the network. If the client computers don't have PXE-enabled NICs, you may be able to create boot disks using the Remote Boot Floppy Generator tool, Rbfg.exe. Be aware that your NICs need to be supported by the Rbfg.exe tool.

When a PXE client boots, it uses DHCP to request an IP address and the IP address of the RIS server. DHCP broadcasts aren't necessarily routed, so you need to make sure clients can contact the DHCP server. RFC 1542-compliant routers can send on DHCP requests. If your routers don't support this, you can install a DHCP Relay Agent on the network segments without local DHCP servers.

Upgrading is another installation topic. You can upgrade directly to Win2K Pro from Windows 95, Windows 98, NT Workstation 3.51, and NT Workstation 4.0. If you're running NT Workstation 3.1 or 3.5, first upgrade to NT Workstation 3.51 or 4.0, then upgrade to Win2K. Before upgrading a computer to Win2K, run winnt32 /checkupgradeonly to generate an upgrade compatibility report. You can use the downloadable CHKUPGRD.EXE tool to verify the compatibility of the machine to be upgraded.

Make sure you understand that you can run Win2K service packs against your shared network copies of the Win2K installation files by invoking update.exe with the -s option. In this way, after installing new Win2K features you no longer have to reapply the service pack.

Tip: Here are some useful Microsoft Knowledge Base articles: Q237556, "How to Troubleshoot Win2K Hardware Abstraction Layer Issues"; Q234772, "Windows 2000 Hangs at 'Setup Is Starting Windows 2000' Message"; Q224294, "Rights Needed for Remote Installation Server to Create Machine Accounts"; Q242920, How the Remote Installation Boot Disk Works"; and Q251335, "Domain Users Cannot Join Workstation or Server to a Domain."

Resource Administration
For resource management, make sure you know NTFS and share permissions inside and out. When you set permissions on a parent folder, new files and subfolders in that folder inherit those permissions. If you don't want a file or subfolder to inherit permissions from the parent, you need to clear the "Allow inheritable permissions from parent to propagate to this object" check box. Know the rules for copying and moving files on NTFS partitions. When you copy a file or move a file to a different partition, it inherits the permissions of the destination folder. When you move a file to a different folder on the same partition, it retains its permissions.

Compression is an NTFS attribute, so when you copy and move files, it behaves like NTFS permissions. However, there are a couple of gotchas to be aware of. Encryption and compression are mutually exclusive. You can't compress an encrypted file and you can't encrypt a compressed file. Also, it's an NTFS attribute, so when you try to copy a compress file to an FAT partition, it will be uncompressed. Encryption is a little different from compression in that when an encrypted file is copied or moved to a different Win2K NTFS drive, it always remains encrypted. This is even the case when copying to an NTFS drive on a remote Win2K machine.

Printing hasn't changed much from NT 4.0. You still need to know the basics of printer management (such as printer installation), how to set permissions, how to configure options such as printer priorities, and how to change the location of the spool folder. One new feature is Internet printing. If the print server needs to be running IIS, you can connect to a printer via a URL.

Tip: Use http://servername/printers to see a list of all printers on that server. Use http://servername/printersharename to go directly to the page for that printer.

Win2K supports FAT, FAT32, and NTFS. Keep in mind that the Windows 9x platform doesn't support NTFS. So if you're setting up a dual-boot system, use FAT or FAT32 for any partition that needs to be visible to both operating systems.

Hardware Devices and Drivers
The hardware management section of this exam really relies on experience. If you've set up your share of computers, exam questions that cover these objectives will be pretty straightforward. If you haven't, get your hands on some hardware.

Win2K supports a new type of disk, called the dynamic disk. When you first install a hard drive, it's a basic disk. To upgrade to a dynamic disk, you need at least 1MB of unallocated space. Know the vocabulary for both types of disks. For example, you create partitions on basic disks and volumes on dynamic disks.

As a new feature, Win2K supports multiple monitors. You need a PCI or AGP video card for each monitor you want to install. After installing the second monitor, use Display properties to extend the desktop to that monitor.

Tip: A useful Knowledge Base article is Q238886, "How to Set Up and Troubleshoot Multiple Monitors in Win2K."

Many other hardware topics are fair game, too. Take a look at the different icons available in the Control Panel, including Modems, USB devices, IrDA devices, and PC Cards. See the official prep guide for a complete list of devices.

Tip: You can install many devices even if they're not connected to your computer. You don't have a modem? Open Phone and Modem Options in the Control Panel and simply add a standard modem. Then take a look at the configuration options on a typical modem!

You also need to know how to update drivers. Use Device Manager to open the properties for devices you want to update and use the Update Driver command. You should also be familiar with Windows Update on the Microsoft Web site.

System Performance and Reliability
Driver signing is new to Win2K. Microsoft has digitally signed drivers to help ensure quality. Drivers need to meet certain testing criteria before they can be signed. As an administrator, you can configure how the computer responds to signed and unsigned drivers. The default is to display a warning when it detects an unsigned driver. Other options include ignoring unsigned drivers and preventing their installation.

Know how to configure offline files. By default, Win2K Pro is enabled to use offline files while Server isn't. Even though Win2K Pro is enabled to use offline files, you still need to select the folders and files you want to make available offline. Use Synchronization Manager to control how those files synchronize with the network. You can synchronize files at log-on or log-off, when your computer is idle or according to a specific schedule. You can also create different synchronization rules, depending on the network connection the computer is currently using.

Optimizing your computer's performance is similar to the way it's done with NT 4.0. System Monitor is essentially Performance Monitor in new clothes-the MMC. Understand when you need an additional CPU or just more memory. Hardware profiles are also similar to NT. They're most often used with laptop computers to manage a docked vs. undocked environment.

Tip: Generally, you should disable devices you don't need under a specific profile.

Windows Backup is your basic tool for backing up data and the system state data. The system state data on a Win2K Pro computer includes the registry, boot files, and COM objects. Be aware that you can back up and restore data locally or remotely. Backup or restoration of the system state data must be done locally.

There are new options for troubleshooting boot problems. Safe mode loads a minimal driver set during start up. You can also boot to the command line Recovery Console. The Recovery Console can be used to start and stop services, read and write data on a local drive, and format disks.

The Desktop Environment
New desktop options include Regional Options, Faxing, and Accessibility Options. Take a look at each of these topics. With Regional Options, you can configure the computer to read and write documents in multiple languages. Fax tools include Fax Queue, which is used to view, cancel, resume or pause a sent fax, and Fax Service Management, which is used to configure your fax device.

Another important topic: Windows Installer packages. This includes knowledge of AD, because Windows Installer packages can be deployed to users or computers through Group Policy.

Tip: Although you don't need an in-depth understanding of AD to pass this exam, you do need to a basic understanding of its features, including domains, trees, forests, OUs and group policy.

Know the file types associated with a Windows Installer package and the use for each type of file. .MSI files are Windows installer packages; .MST files transform an installation. Make sure you understand the difference between assigning an application to a user or a computer and publishing an application to a user. When you publish an application, it appears in Add/ Remove Programs in Control Panel, and the application will automatically install if the user tries to open a document supported by that application (document invocation).

What's the difference between assigning an application to a user and publishing an application to a user? Assigning creates shortcuts to the application in the user's Start menu, which will automatically install the application the first time a user attempts to use it; publishing doesn't. Also, applications that don't support the new Windows Installer format can't be assigned; they can only be published. Applications assigned to computers are automatically installed the next time the computer boots.

Network Protocols and Services
If you've taken the NT 4.0 Workstation exam or one of the Windows 9x exams, you may be surprised by the amount of networking knowledge needed to pass this test. In the preparation guide, Microsoft states that this exam is intended for people who have at least a year of experience working with desktop operating systems in a network environment. As a result, you need a solid understanding of TCP/IP and network services. For example, while you may not be asked how to configure a DHCP server, you certainly need to understand how DHCP works and how to troubleshoot a DHCP client.

Dial-up networking is alphabet soup. You need to know authentication protocols backwards and forwards, including EAP, MS CHAP v2, MS CHAP v1, CHAP, SPAP, and PAP. You also need to know the PPTP and L2TP VPN protocols. When you create a dial-up connection, you can share it with ICS, Internet Connection Sharing. Understand how to set up ICS and how it works. This is a really neat feature for connecting a small network, like the one in your house, to the Internet.

Security
EFS, the Encrypting File System, is a new feature of NTFS. Be aware that you can't compress encrypted files. Only the person who encrypted a file or the designated Recovery Agent can decrypt that file. Note that this will cause problems if you try to share an encrypted file! Only the owner of the file or Recovery Agent will be able to open it. Because EFS is an NTFS feature, encrypted files and folders are decrypted if you copy them to FAT or FAT32 volumes. Also, be careful when you copy encrypted files and folders to a different computer. The encryption certificate and private key that are used to decrypt the files are needed on that computer. If not, you won't be able to open the files.

Be aware that the test objectives mention both local and domain user accounts. Local user accounts are stored on the local computer and typically used in a workgroup environment. Domain user accounts are stored in AD and allow the user access to domain resources. This may "only" be the Pro exam, but you still need to spend a little time looking into AD accounts.

Other security topics include auditing, account policy and user rights. These are configured on the local computer through Local Security Policy. Account policy includes password settings, such as the minimum password length, and lockout settings, such as the number of failed logon attempts before the system locks you out. User rights include items such as the rights to back up files and directories and to shut down the system. When you create an audit policy, be aware that auditing files, folders or printers requires two things: you need to audit object access, and configure auditing on the specific file, folder or printer you want to audit.

Finally, take a look at security templates. You use them to apply security settings to the computer. There are standard templates for basic, secure and high security installations (basicws.inf, securews.inf and hisecws.inf, respectively). Don't use the hisec templates unless you have a Win2K-only environment. Computers running the hisec templates can't communicate with older Windows clients!

Tip: You'll find these Knowledge Base articles useful: Q234926, "Windows 2000 Security Templates Are Incremental," and Q223316, "Best Practices for Encrypting File System."

A Few Final Exam Tips
When you're facing your exam, remember to read carefully. Questions tend to be long. It's easy to miss the one sentence in the middle of the question that changes everything. Also, know both how things work and the recommended approach. One question may ask the best way to perform a task. When you read the set of possible answers, more than one answer will always satisfy the requirements of the question. In this case, you need to choose the best answer. Another question may simply ask you to choose the correct answer. The list of possible answers doesn't provide the best possible solution, but one of the answers does solve the problem.

This exam is a great starting point for your Win2K certifications. Good luck!