This latest NT test isn't like a summer rerun—there's
too much here you've never seen before. Yet it may be
the easiest elective you'll get on your way to a new MCSE.
We've heard it both ways. Some Windows NT
4.0 administrators consider 70-244 an easy elective to
blow through. Others are angry about the exam, believing
that they've earned it from past exams and should be given
credit for it, having already proven their knowledge of
NT 4.0. They simply don't want to retest on older knowledge.
So who's right?
Exam 70-244, Supporting and Maintaining a
Microsoft Windows NT Server 4.0 Network, is probably one
of the biggest shockers in the Windows 2000 track. It
draws upon older knowledge, which may lead some of you
to think this is a "gimme" test; yet it adds
the latest features and service pack information and extremely
realistic questions, making it a difficult exam. But I'll
be honest: If you're certified on NT 4.0, here's your
chance to grab an elective with minimal preparation.
The test goes through many of the older enterprise
issues: trust relationships, permissions and arc paths.
But you'll also stumble across roles with a whiff of Win2K;
trusts within an NT 4.0 domain; the new Security Configuration
Manager; utilities like syskey; Distributed File System
(not new with Win2K, but released in NT 4.0's later service
packs); and a smattering of IIS 4.0. In addition, you'll
find a strong dose of TCP/IP questions relating to WINS,
DHCP and DNS, which we all used to expect on the TCP/IP
exam. Make sure you have a strong background in these
All About NT Servers
When it comes to the topic of maintaining,
optimizing and troubleshooting NT servers, test questions
become more interesting when you can implement solutions
with service packs. Likewise, this time around, you'd
better know how to back out of a hotfix or service pack
install if incompatibilities arise. You should also be
aware of the various problems involved with hardware,
like how to configure a single-processor server to use
two processors (hint: Check out uptomp.exe).
Server 4.0 Network
"This one rolls up NT Server 4.0,
NT Server 4.0 in the Enterprise, TCP/IP
and IIS 4.0 into a single exam with
a real-world twist to bring tears to
Supporting and Maintaining a Microsoft
Windows NT Server 4.0 Network
Live as of April 2001.
Who Should Take
Elective credit for the MCSE.
What Classes Prepare
No single course. However, these classes
offer training on technologies referenced
in the exam:
- 803: Administering NT 4.0; three
- 922: Supporting NT 4.0 Core Technologies;
- 689: Supporting NT 4.0, Enterprise
Technologies; five days.
- 688: Internetworking Microsoft
TCP/IP on Microsoft Windows NT 4.0;
If you're new to NT 4.0 but have experience
supporting TCP/IP-based networks, consider:
- 983: Accelerated Training for Microsoft
Windows NT 4.0; five days.
- 934: Accelerated Training for NT
4.0 Enterprise Technologies and TCP/IP;
We're all old friends with failed disks,
and that means most of us already know how to handle RAID
failures and how to recover. You also probably know how
to create a boot disk that changes the boot.ini file to
point off to the correct system partition by changing
the arc path. You would want to know pagefile manipulation
that takes into consideration the best scenario under
the most extreme circumstances.
It's imperative that you use your knowledge
of WAN connections and domain controller placement, especially
concerning the proper location of backup domain controllers
(BDCs) in your network. Remember that users get an access
token from the PDC itself or from a strategically placed
BDC. In the case of a network with multiple locations
using limited WAN bandwidth between locations, it's wise
to place a BDC at each location for faster logon times
and to reduce traffic over the WAN link.
Backup and restore issues are important for
NT experts to understand. If the budget allows, you'd
want to shy away from using NTBACKUP, the default backup
application within NT Server; but as an administrator
you should be familiar with the different types of backup
you can perform, like Normal (Full), Incremental or Differential,
and what to do in the middle of a backup cycle if the
server does stop working. Likewise, to help you justify
the purchase of that third-party backup solution, you
should understand the limitations of NTBACKUP as well
as its workarounds.
Tip: Don't let the real-world aspects of a question
throw you off. If you're asked about a particular type
of hardware or a specific backup drive or library, just
consider this spice in the question. Don't let it interfere
with what you already know. Remember, Microsoft is a software
company. Hardware details are there to confuse you (just
like in real life).
Users and Groups
A good portion of information about users
and groups is familiar to NT admins, but perhaps a bit
more confusing to those who have only studied Win2K. An
example is the trust relationships involved in allowing
a user from one domain to access another domain. Because
Win2K allows for two-way transitive trust relationships,
don't forget that NT doesn't. You can't have two-way trusts,
only two one-way trusts. Transitive isn't a possibility
for NT domains either. When you combine NT and Win2K domains,
the NT abilities are what come through.
Tip: NT used circles to represent domains, and
Win2K uses triangles. Don't let the type of object used
to describe a domain confuse you. Draw the design out
on paper using circles if that makes you feel better.)
You need to be aware of the NT account policies
that can be created to structure password security on
user accounts. In addition to password information, you
need to be familiar with the creation of user accounts
based on templates to perform user creations quickly and
efficiently. Likewise, understand profiles (local, roaming
or mandatory) and know how to create a customized domain
profile. Make sure you know where to place logon scripts
and how to replicate those scripts.
These days, a lot of us are confused about
local and global groups and user placement within those
groups. With Win2K you can do all sorts of new things
with groups, including nesting them within each other
in a native domain. Remember: Users can go into global
or local groups. Global groups can only be nested into
local groups but not into each other in an NT 4.0 environment.
Local groups can't be nested into any other group.
Tip: Because universal groups don't exist in
NT 4.0, you can't use them in any type of cross-domain
trust relationship between a Win2K and NT 4.0 domain.
Keeping Things Secure
A new topic in the Win2K exams involves the
Security Configuration Editor (SCE), a tool that was released
in more recent NT service packs. The SCE is an MMC snap-in
that allows you to configure security for your NT network
and then perform periodic analyses of the system to ensure
that the configuration remains intact. The SCE provides
a graphical analysis of what the recommended security
settings should be, based on a selected default template
of your choice (your options range from basic security
to highly secure). The SCE will show you where your settings
currently reside. You should know which options you want
to change to meet the level of security you desire.
Tip: Get comfortable with the SCE and how it
works, with the one column indicating the template setting
and the other indicating what your system is set at.
Even experienced administrators may be unfamiliar
with syskey, but you should know what it does to round
out your knowledge of security. It was released with Service
Pack 3 as a means of providing 128-bit encryption of the
SAM. Once enabled, the only way to back out of syskey
configurations is through a strategically created Emergency
Repair Disk (ERD) process.
SMB signing, also released in Service Pack
3, is another topic to understand. You enable SMB signing
through the registry. It verifies each packet sent between
a client and server to prevent man-in-the-middle attacks
on your network traffic or to stop active message attacks.
In addition, you should have a working knowledge
of the different versions of NT LAN Manager. NTLM, NT
4.0's term for Microsoft's challenge/response authentication,
was intended to increase security on the network. With
the release of Service Pack 4, NTLMv2 was included to
increase the security authentication mechanisms.
Tip: For more great information on NTLM v1 and
v2, consider the TechNet article, "How to Disable
LM Authentication on Windows NT" at www.microsoft.
Pay special attention to the exam objective
of auditing. How do you track down a user who's changing
permissions and account passwords? How do you track a
person who's locking out the administrators account? How
do you manage auditing with logs? How do you audit the
start-up of services or who creates trust relationships?
You might be caught off-guard by the depth of understanding
you should have before Microsoft considers you an expert
in NT Server support and maintenance.
Access to Resources
Permissions on objects are big in any NT
Server scenario. Remember the standards: No Access is
always no access, whether or not a person has Full Control
by being in another group. Memorize this formula: down,
down, across. In other words, add up share permissions,
add up NTFS permissions, and then combine the two across
and take the more restrictive of the two, as shown in
|Figure 1. When you're trying
to sort out permissions on objects, remember: Add
up share permissions, add up NTFS permissions, and
then combine the two across and take the more restrictive
of the two.
Looking at this example, if John is a Manager
and you want to determine his remote permissions on an
object, you would add up his Full Control with Change
and come up with Full Control permissions through the
Share. You would add Change and Change on the NTFS side
and come up with Change. But then going across you would
combine Full Control through the share with Change on
the NTFS side and be left with Change permissions remotely.
(Remember, if John were also in the Sales department,
No Access would take precedence.)
Distributed file system configuration and
troubleshooting should be a comfortable topic if you have
Dfs experience with Win2K. One type of configuration problem
you might want to practice and figure out involves a structure
wherein users should be able to connect to multiple Dfs
servers that have copies of the same folder, but for some
reason they can only connect to the root.
Print solutions have always been a strong
part of NT objectives in the past and continue to be.
Administrators should know how to allow one group to print
ahead of another using priorities. You should know how
to print large documents at night and what to do if jobs
don't print. In addition, be aware of what to do if you
need to move the spooler to a partition or drive with
IIS 4.0 isn't initially installed with NT
Server; it's an add-on with the NT Option Pack. Yet, it's
still an important part of NT administration. Brush up
on your Web and ftp configuration options, port numbers
and security settings. Index Server is another aspect
of IIS to study, including ways to prevent words from
being indexed through the noise.enu file in the System32
Tip: For review, pick up an IIS book that thoroughly
covers the subject and work with it a bit to get the concepts
down—especially if you have little experience with
this set of services.
|Because this NT maintenance
test is new, there isn't a lot of information
out there on it. Yet, because we've seen
many of the topics on the test covered
elsewhere, there's a ton of information
out to help you prepare. We suggest you
go through the exam objectives posted
on Microsoft's Web site at www.microsoft.com/
asp?PageID=70-244 and make sure you
know these topics.
If you've been in the network business for
a while, you probably know the important networking concepts,
for example, how to handle TCP/IP addressing and subnetting
and where to place DHCP servers. In addition, spend time
reviewing how to troubleshoot DNS and WINS issues and
use utilities like PING, IPCONFIG, TRACERT and NSLOOKUP
to track down network problems.
Tip: Don't forget some of those traditional
network concepts like Gateway Services for NetWare and
Binding orders. Review material on these topics to fully
round out your knowledge of network configuration.
To troubleshoot your Windows network, Event
Viewer is your first stop for looking into problems. If
your system starts to falter, you can use Performance
Monitor to look into it. The standard troubles revolve
around a lack of memory, a motherboard or processor bottleneck,
or a hard disk problem. You can log your monitoring events
over a period of time and read the results or import them
into an Excel spreadsheet for analysis documentation.
If you want to monitor the network itself and peer into
packets, Network Monitor is included within NT 4.0 (although
in real life you'd probably want a stronger tool on hand
If you're currently an NT administrator who
has passed at least some of the NT 4.0 exams (especially
NT Server 4.0 in the Enterprise), then you might just
need to brush up on some of your older material, look
into the topics I've mentioned, go through the exam guide
from Microsoft, and tackle the test. If you've never worked
with NT 4.0, I advise you to consider another elective,
since this one won't be easy for you.
I don't consider this exam an instant point
toward anybody's Win2K MCSE credential. In fact I'd certainly
call it a challenge worth pursuing. Yet, it's the closest
you'll come to an "easy" elective in the scheme
of things. If you've been out of exam-taking mode for
a while, think about starting here. It'll get you warmed
up for the long haul.
I wish you success!