Exam Reviews

70-290: Under New Management

Been through exam 70-218? This exam covers a familiar mix of security, permissions, and backup topics, with a heaping scoop of Windows 2003-specific features thrown in.

Windows Server 2003 offers many new features and services beyond those found in Windows 2000 and the 70-290 exam reflects some of those differences. You'll find it similar to 70-218, Managing a Microsoft Windows 2000 Network Environment, where you were expected to prove your knowledge of AD, EFS, IIS, DNS and DCHP to name a few.

This new exam is similar in many respects as far as content, but includes additional topics such as the new DNS zone types offered in Windows Server 2003 and IAS and RRAS, which weren't as heavily tested in the Windows 2000 exam. This new exam concentrates on using Windows Server 2003 and network management. You'll need to demonstrate expertise in the areas of permissions, profiles, system backup, disk management and a familiarity with new product features such as Automated System Recovery (ASR) and Volume Shadow Copy. You'll also need to dive into security from a Microsoft perspective to prepare for this exam, since it's become more of a focus for the product.

What you probably won't be impressed with on this new exam is its engine. The text is lengthy, scroll bars are touchy and the screen is often split into three sections with lots of white space that you must scroll around in to move to the next question!

I tackled 70-290 in its beta form and won't know how I did until shortly after you've read this article. My intent in this review is to help you prepare for the test by covering some of the objectives listed in the exam preparation guide.

The table below spells out other core requirements for each credential. I suggest you start with the client exam then move in this order: 70-290, 70-291, 70-293, 70-294, 70-297 and 70-298, the same order recommended by Microsoft.

Table 1. Requirements for each of the certification paths. Exam 70-290 satisfies a core requirement for the MCSA-Windows 2003 and MCSE-Windows 2003.
Core Exams MCSA-Windows 2003 Core Exams MCSE-Windows 2003 Accelerated Path
MCSA-Windows 2000
Accelerated Path MCSE-Windows 2000 Normal Path MCSA-Windows 2000
70-290: Managing and Maintaining a Windows Server 2003 Environment 70-292: Managing and Maintaining a Windows Server 2003 Environment for an MCSE Certified on Windows 2000 70-293: Planning and Maintaining a Windows Server 2003 Network Infrastructure
70-291: Implementing, Managing and Maintaining a Windows Server 2003 Network Infrastructure
x 70-293: Planning and Maintaining a Windows Server 2003 Network Infrastructure No other core or elective requirements necessary for MCSA-Windows 2000. 70-296: Planning, Implementing and Maintaining a Windows Server 2003 Environment for an MCSE Certified on Windows 2000 70-294: Planning, implementing and Maintaining a Windows Server 2003 Active Directory Infrastructure
70-294: Planning, implementing and Maintaining a Windows Server 2003 Active Directory Infrastructure
Core Client (take one) No other core or elective requirements necessary for MCSE-Windows 2000. No additional Core Client Exam required.
70-210: Installing, Configuring and Administering Windows 2000 Professional
70-270: Installing, Configuring and Administering Windows XP Professional
xxx Core Design (take one) Core Design (take one)
70-297: Designing a Windows Server 2003 Active Directory and Network Infrastructure (Note: May be used as Design requirement or elective, but not both) 70-297: Designing a Windows Server 2003 Active Directory and Network Infrastructure (Note: May be used as Design requirement or elective, but not both)
70-298: Designing Security for a Windows Server 2003 Network (Note: May be used as Design requirement or elective, but not both) 70-298: Designing Security for a Windows Server 2003 Network (Note: May be used as Design requirement or elective, but not both)

Working with Devices
You'll need to demonstrate expertise with managing and maintaining physical and logical devices. As an administrator or engineer you should be expected to understand Basic and Dynamic disks, RAID configuration and troubleshooting, driver signing and the use of tools such as Device Manager and Hardware Troubleshooting Wizard.

Requirements Spelled Out

Exam 70-290 is a core requirement for anyone wanting to be certified as an MCSA or MCSE on Windows Server 2003. Of course, if you're already certified on Windows 2000, you can bypass this one and go straight to 70-292 for the MCSA upgrade or 70-292 and 70-296 for the MCSE upgrade. These exams won't encompass a beta testing period since they'll include questions from other Windows 2003 exams such as this one.

As a reminder, basic disks can be converted to dynamic with no data loss but require backup and restore to revert back to basic. Dynamic disks are required for Disk Striping, mirroring and striping with parity.

Tip: When repair is necessary for a RAID 1 member, the mirror is first removed, failed member disk replaced, and the mirror recreated.

When updating drivers with Device Manager, the system driver signing includes the options for Ignore, Warn (the default) and Block. Familiarize yourself with Device Manager and the warning and disabled icons found when problems are present on installed devices.

A New Type of Question

Exam 70-290 includes a new question type from Microsoft (see figure). The screen is split into three areas with the question at the top, pick-and-place items on the bottom left and configuration screens on the bottom right.

Hot Area Question Type
A new question type splits the screen in three sections, which will require considerable scrolling action on small displays. (Click image to view larger version.)

The areas are resizable just like frames of a Web page. This means you may have to do lots of scrolling and careful reading during the exam since many testing centers have smaller monitors that we're accustomed to on our desks. Many of the questions require selecting the correct button or checkbox on a simulated product screenshot.

Microsoft offers a demo of all the new question types at http://www.microsoft.com/traincert/mcpexams/faq/innovations.asp.

Users, Computers and Groups
The next objective, 'Managing Users, Computers and Groups,' includes many topics, so you should be prepared to face many questions that fall into this category.

Taking the 70-210 or 70-270 client OS exam before 70-290 will help. That ensures you'll have a healthy introduction to profile management, user and group accounts, permissions and troubleshooting.

The difference for this exam is you'll need to think more on a server and network level rather than from the lone client desktop perspective.

Tip: These new exams include topics not necessarily on the list of official exam objectives as posted from Microsoft. Better get used to it! For example, although there's no mention of printers in the official exam objectives, you should be prepared! After all, printers are bound to be part of a production Windows 2003 network.

70-290: Managing and Maintaining
Windows Server 2003

Exam Title
70-290: Managing and Maintaining a Microsoft Windows Server 2003 Environment

Status
Expected to go live in August 2003.

Reviewer's Rating
"This exam is 'wordy' and requires expertise with Windows permissions, profiles, system backup, disk management and a familiarity with a few new server management features, ASR and Volume Shadow Copy."

Who Should Take It
Core for MCSA and MCSE on Windows Server 2003.

Exam Guidelines
www.microsoft.com/traincert/
exams/70-290.asp

ADUC, Active Directory Users and Computers, is the MMC snap-in used to create user and group accounts, manage user profiles and group membership. It includes the Delegation of Control Wizard, which is used to assign administrative permission at the Organizational Unit (OU) level.

Windows 2000 and 2003 both include two types of groups, Security and Distribution. Security groups are used in the traditional sense to group users for permissions to network resources. Distribution groups are used for e-mail only.

Tip: Remember AGUDLP If you're not familiar with the way Windows is designed for managing folder and file permissions, you need to study! Accounts are placed into Global Groups, which are placed into Universal Groups, which are placed into Domain Local Groups where Permissions are assigned. Accounts can also be placed directly into DL groups.

Active Directory objects such as user, group and computer accounts all have permissions assigned that can be inherited from higher levels or removed by using Block Inheritance.

If you've worked with Windows 2000, then you know that Group Policies enable centralized management of user and computer settings throughout the network. GP Objects or GPOs can be used to perform a variety of administrative tasks, including configuration of desktop settings, control of security settings, assignment of scripts, redirection of folders and software distribution. Group Policies are inherited by child domains from sites or child OUs within domains unless you enable Block Policy Inheritance, which can be reversed with No Override at a higher level. You can also filter inheritance with Read and Apply Group Policy permissions at the user or group level.

Resources
The objective Managing and Maintaining Access to Resources encompasses shared folder permissions and Terminal Services, among other topics.

Administrators and Server operators have the default rights to create and manage shared folders. Read, Change and Full Control are still present and cumulative. NTFS permissions are also cumulative but the most restrictive prevails when combined with shared folder permissions. Deny overrides all other permissions!

Files and folders can be encrypted with EFS, which requires NTFS. Don't forget to brush up on how folder and file permissions can change or stay the same when copying or moving within a drive or between drives.

The names have changed slightly. Windows 2000 Terminal Services remote administration mode is called Remote Desktop for Administration in Windows Server 2003. There have been many improvements made to Terminal Services, but it still operates the same, and daily administration hasn't changed much. However, expect coverage on the exam around such areas as licensing and remote connection management.

The Server Environment
In the objective Managing and Maintaining a Server Environment you'll find coverage of topics such as Event Viewer, System Monitor, software updates (including the functionality of Microsoft's Software Update Service or SUS), Remote Assistance, disk quotas, print queues, performance objects and IIS 6.0.

Event Viewer is the first resource most administrators refer to when checking, monitoring and troubleshooting application, security and system events. It allows you to filter displayed logged events by date, time, user and many other options.

System Monitor is the tool of choice when monitoring system activity in real time. Make sure you understand the most popular object counters such as % Processor Time, % Disk Time, Pages/Second and Page/Faults for memory objects.

New to the Windows Server 2003 exams is SUS. Although it's an add-on component in a Windows network, it's required these days for deploying and managing client and server critical updates. Through the Automatic Updates option built in since Windows 2000, client computers can be redirected to internal SUS servers instead of windowsupdate.microsoft.com. This allows administrators to better plan, test and track changes.

Tip: SUS requires IIS!

Speaking of IIS, another new version has arrived: 6.0. It's more secure by design and out of the box. In the course of your studies and experimentation, remember: This exam is about server and network administration. Spend time understanding IIS topics around Web sites, Virtual and physical directories, files and host and cname records in DNS.

Tip: Multiple Web sites can be hosted on a single IIS server with unique IP addresses, port numbers or host headers.

Disaster Recovery
Included in the final objective on the list, Managing and Implementing Disaster Recovery, you'll find coverage of ASR, VSS, backing up files and system state data, configuring security for backup operators, verifying backup jobs, managing media, restoring and scheduling backups and recovering from server hardware failures.

Automated System Recovery (ASR) allows you quickly and automatically to bring a non-bootable machine to a state where you can run a restore program to recover data. ASR will configure the new storage devices and restore the operating system, all applications and settings. The process for recovering a system using ASR is as follows:

  1. Boot from a Windows Server CD and choose Automated System Recovery.
  2. Provide access to the backup media and a pre-prepared ASR floppy.
  3. Take a break. You'll come back to a working server with the operating system.

To use ASR, you have to prepare an ASR backup first. An ASR backup is a regular system backup plus the ASR floppy disk. This disk contains important configuration information about the server's storage system as well as information on how to restore the backup.

When you boot from the product CD and press the F8 key, you'll enter the ASR bootstrap program. The ASR code in Windows setup knows how to read the ASR floppy disk to reconfigure the server's storage system. ASR will automatically invoke the restore program to restore the rest of the data from the ASR backup.

Volume Shadow Copy Service (VSS) is another new feature, which allows administrators to create a point-in-time copy of user files that the user can access and restore when previous versions are needed. These snapshots can save both IT staff and users a whole lot of time usually spent waiting for manual restore operations of accidentally deleted files from tape. As the server administrator you can schedule the copy time-for instance twice a day at 0700 and 1200 hours, five days a week. If the amount of user data is great and changes often, you can even store this data on alternate server volumes!

If you have hosts other than Windows Server 2003 such as XP, Windows 2000 with SP3 or Windows 98, you'll need to install the shadow copy volume component available on the XP product CD (%Windir%\System32\Clients\Twclient\X86 or download it from http://www.microsoft.com) to enable the use of previous file access and restore. Once configured per volume, users will find the Previous Versions tab in the properties selection for files and folders on a network shares. Users can then select View, Copy or Restore; they'll be presented with a list of read-only file and folder copies they can access. For more information see the white paper, "Introduction to Shadow Copies of Shared Folders," at www.microsoft.com/windowsserver2003/docs/SCR.doc.

10 Things To Practice
  1. Configure and troubleshoot shared folders permissions-again, and again and again. Create different scenarios for your family and friends group accounts. Be the network administrator!
  2. Configure Volume Shadow Copy Service on your server and don't turn it off. (This has got to be one of the coolest new features of Windows Server 2003!) Load the client component and restore previously deleted files.
  3. Run Automated System Recovery, even if you don't want to simulate a dead server. Be sure to follow the steps I outline in the main article and in the help files.
  4. Download and install Software Update Services on your server. Download the latest Windows updates and configure the client to use your SUS server.
  5. Run server backups if only to a file as the destination. Just as important, restore the backups and verify EFS, compression and NTFS permissions remain the same.
  6. Create and assign permissions to printer users and change them for fun! Find out what happens when you stop the printer spooler service.
  7. Create a few group policies and explore the different computer and user settings available. Link a GPO to a parent OU and view the results of computer and user accounts changes within child OUs with and without Block Policy Inheritance and No Override.
  8. Create user accounts in Active Directory for your family and friends. Add them to groups and log on with their accounts from a client or a second server. Change group scope and membership, practice using the AGUDLP.
  9. Configure inheritance and inheritance blocking with AD objects. Set permissions and view their effects when accessed by different family members and friends.
  10. Configure and recover RAID arrays. Get at least three small hard drives and create a stripe, mirror and stripe set with parity configuration. Disconnect one of the RAID 1 or 5 drives and reconnect for a recovery scenario. Watch how Windows 2003 behaves and the warning and error messages it displays.

Data and system backups are still a must with Windows 2003 even with all the new file management services. Make sure you understand the nuances of backup, such as which is the fastest backup type (full, incremental or differential) and which is the fastest to restore or uses the fewest number of tapes? The answers to these questions are the same as they've always been! Incremental is the fastest but starts with a full backup. Differential offers the fastest restore, but full backup use the least amount of tape per backup cycle.

Tip: Backup of the System State includes the system files, the registry, Component Services and the Active Directory database Certificate Services.

Running the backup program still requires either Administrator or Backup operator permission. To run the backup program using Task Scheduler, you'll need to be a member of the administrator, backup operator or server operator group.

Server hardware failures happen! Windows 2003 offers ASR, but that doesn't address all troubleshooting and repair needs an administrator may have. Other resources include Performance console, Task Manager and Recovery Console. Make sure you understand which tool to use when the fatal time comes as well as how each serves a different purpose. Be sure to study each one and get the hands-on necessary to show your expertise!

Additional Information

The exam guidelines are available here: www.microsoft.com/traincert/exams/70-290.asp.

Study resources for Windows Server 2003 can be found within the help and documentation of the product. Of course, you'll also want as much hands-on practice as you can obtain. If your company hasn't made the move yet, work with the 180-day evaluation, available here: www.microsoft.com/windowsserver2003/evaluation/trial/default.mspx.

There's also a lot of information available online from Microsoft such as at the Windows Server Community: www.microsoft.com/windowsserver2003/community/default.asp.

I would expect self-study guides from sources such as Microsoft Press, New Riders, Sybex and others to start appearing in late August or early September.

You can also take the Microsoft official training course at your local CTEC from an MCT. The course numbers are 2274 and 2275.

Final report
In my next article, I help you prepare for exam 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, which I don't consider nearly as tough as the 70-216, the Windows 2000 edition of this exam! Good luck!

comments powered by Disqus

Reader Comments:

Thu, Apr 24, 2008 kwill Anonymous

The review is right on. The one thing i wish is that instead of taking a multiple choice test, Microsoft should have it setup where you can prove your skills with any operating system or program by, Having you come to the testing center and they give you one client computer and one server. They give you a scenario for what they want, and you complete this. And depending on how you do determins if you get it. I am not a book worm and I think hands-on shows your ability.

Fri, Jul 27, 2007 Digerati Anonymous

I took this exam last month and failed by 3%. It was very tricky but have studyed the whole book since then and am very confident Ill pass again. This article has helped me understand it a bit better.

Mon, Oct 30, 2006 Joel Singapore

just passed comptia network cert this morning and planning to take 70-290 within the next month. very informative article here, i hope i can pass it with one try.

Tue, Sep 19, 2006 Anonymous Anonymous

Yay passed heres 2 tips:

You got pleanty of time, so insted of trying to find the right answer got through each answer and decide why it is wrong or right.

And I also go recomend to go to www.testking.in appently there stuff helps a bunch

Tue, Sep 19, 2006 crez Anonymous

Yeah i agree with everyone else, I worked my ass off did 2 courses to end up with exam purely on System backup and restore with a few detailed VB questions and windows 2000 server questions. Ended up failing with 678. ANyway read this review just befor sitting the exam agian, I belive I know in depth everything he said you need to know to pass the exam. I'll tell you how i went when i get back.

Wed, Apr 12, 2006 dYaiTa Malaysia

MCSE 070-290 QUESTION PAPER

Wed, Apr 12, 2006 dYaiTa Malaysia

MCSE 070-290 QUESTION PAPER

Tue, Mar 14, 2006 Anonymous Anonymous

hi

Thu, Sep 15, 2005 Jamie Perth

I took and failed this exam as well. I think with microsoft trying to revamp the the MS cert image of being just a worthless paper cert they have gone about there new testing produres the wrong way. Questions for win2k3 exams should only involve the core compnents of the system and not the optional extras that yes we may all use but have nothing to do with how well we know our win2k3 shit. I think taking and passing 6/7 exams to get your MSCE is enough to show you know your stuff but not in the format they have now.

Wed, Aug 31, 2005 Anonymous Anonymous

Hmmm...
Just a few years ago eh ?
How about almost 9 ! :-)

Sat, Jul 23, 2005 brian illinois

290 is a very frustrating exam. MS has revamped their testing structure not to
"protect the integrity of their tests"
but to generate a profit from failing test takers!!! I took this test twice (note: this is why VUE/ThompsonPro are offering free second shot exams no charge). THIS IS A BULLSHIT EXAM!!!! SAVE YOUR MONEY AND GET REAL EXPERIENCE. The questions have no relevant answers and their no study guides to prepare for the real exam.
Again, BS MS!!! I studied a month and read Sybex twice-still failed!!! I am not just complaining because I failed...I have worked in the industry for 5 years on NT, 2000 servers and I am very familiar with the 2003 server OS. This test was aimed at -never seen before- product knowledge and simulations that only allow "the microsoft way" with bugs and errors in the software!!!

Mon, Apr 25, 2005 erik Anonymous

After studying another 25 hours and taking extra attention to IIS and TS, I tried it again and passed with 887 points! I'm glad I passed it this time.

Thu, Apr 7, 2005 erik Anonymous

Last week I just failed this exam with 678 points. I found the exam having too many unclear, not complete questions. On some questions you just had to guess how Microsoft wants to see the answer.

Wed, Jan 5, 2005 upset ny

just failed by the hair of my chinny chin chin. unbelievable. i hate MS. their exams are stuipd, I had only 40 question and thought I did real good and I found I I almost passed. this is very upsetting... anyway im back to studing again.

Wed, Dec 15, 2004 amir egy

hi

Sun, Oct 10, 2004 guy england

Having failed this swine of an exam twice, both times 1% off the pass mark, i agree the exam is a hard one, but hopefully having read this guide, ill pass this time

Tue, Sep 21, 2004 Anonymous Anonymous

excellent

Mon, Jul 19, 2004 Eric Los Angeles

Passed today by the hair of my Chinny Chin Chin.

Pretty good test.

Fri, Jun 18, 2004 Anonymous Anonymous

TestKing exams definitely have incorrect answers for alot of the questions - best advice would be if using TestKing, investigate answers yourself - failed 690 first time, passed 720 second time but thought I had at least got 900 as TestKing questions were 75% in exam

Tue, May 11, 2004 Rex Anonymous

I would have to agree with 8-19-03 comments this test was written with detail in a way that no study guide covered. Questions should have a blank to write in the correct answer since the four choices did not fit or is that the test?

Tue, May 11, 2004 Luis Fernández Madrid - Spain

I found this article very helpful. I tried this exam twice in the last three weeks and fail (665, 674), it is very tricky and desapointed. I agree with Pete, I understimate the test, but somebody is getting rich with my money. Microsoft cheat at us with long questions, not mentioning the appaling structure. I though the key of all this certification business was to learn and to develop a career.

Mon, May 3, 2004 Anonymous Anonymous

Hope to help me in taking my exam next month

Fri, Apr 23, 2004 Anonymous Anonymous

This exam iscrap. The books (Sybex , Exam Cram) do not teach you the information you need to take this test. The questions are mostly MS trick type scenario questions. My score 685 , big FAIL and I know my shit. One question has to to with VB scripting and another was about NT4 and W2k machines only (no 2003)- hey I thought this was a w2k3 exam. VERY Bullshit exam. This exam will however test your skill at answering the MS trick questions

Sat, Mar 20, 2004 susika SL

I have preparing 70-290 exam

any one have a braidumps

Tue, Jan 27, 2004 ashish india

good

Fri, Dec 19, 2003 JBA Germany

I failed the 70290 exam the second time. I prepaired for the test with 800 (!) questions.

Tue, Dec 9, 2003 Marco Maus Germany

Hello,

I also worked very Hard for this Exam and daily worked in an very great infrastructure in a windows 2000 domain.
I failed for two times and be very frustated. One Exam I failed with 678 Points. Damned.

I think Microsoft want to be only long year experts to be certified.

Poor Microsoft

Fri, Dec 5, 2003 Mahmoud uae

None

Wed, Oct 15, 2003 Pete Philly

Wow I underestimated this exam. It was Hard! I failed it with a 653 (embarrased) just got in very long and takes the whole time~

Wed, Oct 1, 2003 Jan Norway

Good place to start... If you do what Andy tells you here. You are garanteed to pass the exam. It helped me! Thanks Andy (Tip: Dont look for "braindumps", just work, work and work with the material until you know it by heart!)

Sat, Sep 20, 2003 Anonymous Lexington, KY

I found this article very informative. NOTHING beats a first-hand account of an exam. Thanks!
P.S. Too bad this site isn't more clear on whether we're rating this article or the test itself. Seems everyone likes the article but not the test!

Fri, Aug 29, 2003 Anonymous Anonymous

Great Job!

Fri, Aug 22, 2003 Patrizia Pittsburgh

Excellent jumpstart to start studying for the exam.

Wed, Aug 20, 2003 Anonymous Anonymous

Thanks for the detailed feedback, I'm sure it will be helpful

Wed, Aug 20, 2003 Anonymous Anonymous

Fantastic piece of work - well done!

Tue, Aug 19, 2003 Anonymous Anonymous

The 070-290 is a piece of shit! Although certified since 1997, and doing heavy lerning for this exam, I failed two times yet. A lot of money lost... :-(
The reason? You'll see when you take the exam. Questions and answeres don't match. You read the case text, have an idea what you would do to fix it, but these options are not given as possible answers.
I expect the not pass quota of this exam to be close to that of 70-240.

Andy, did you pass?

Tue, Aug 19, 2003 Anonymous Anonymous

helped me pass

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.