The Windows 2000 Professional exam tests your
knowledge of the desktop, the network, security-and
your ability to read well.
Even if you spend your days setting up and tuning
servers, nary giving a thought to client machines,
you're still going to face the Windows 2000 Professional
test. Consider it your blockade to earning your
MCSE. That's why we're revisiting it in these
pages. We originally reviewed the exam in its
beta form back in our July 2000 issue. Then I
touched on it again in my review of the Accelerated
test in the June 2002 issue. Now it's time to
look at the Win2K Pro exam in its live version.
Over the next several months, I'll also review
the other core tests to bring you up to date on
what to expect when you get to the testing center.
I've heard some people say 70-210 is tougher
than any of the Windows NT tests they've tried.
In general, I found the questions on this exam
to be less strange and tricky than some of the
NT 4.0 exams. However, they're also longer; I'm
talking about questions that go on for multiple
paragraphs and require careful reading! It's easy
to miss critical information when items get as
long as these do. In addition to the usual multiple-choice
questions, you're likely to have a few "Select
and Place" questions on the Win2K exams. The question
starts with a scenario that explains the task
you need to complete. You then launch the "Select
and Place" application, which consists of a graphic
and a number of answer elements that you must
drag to the correct location on the graphic (see
|Figure 1. A select-and-place
type of question consists of a graphic and
a number of answer elements you must drag
to the correction location on the graphic,
based on the scenario presented.
The first set of objectives for the Win2K Pro
exam covers installation. As always, before you
start an installation, make sure the computer
meets all hardware requirements.
You need to understand what occurs during each
of the four stages of set-up: Setup Program, Setup
Wizard, Install Windows Networking, and Complete
Setup. The initial set-up stage is the text-based
portion of Setup. The Win2K partition is created,
you select the file system format, and set-up
files are copied to the hard disk. If you have
drivers for a custom HAL or third-party disk hardware,
they're loaded during this stage. When the text-based
portion of set-up is complete, the computer reboots
and starts the graphical Setup Wizard, which asks
for information such as user name, product key
and regional settings. The next stage is to install
Windows networking. By default, TCP/IP, Client
for Microsoft Networks, and File and Print Sharing
are installed. The default TCP/IP configuration
is to obtain an IP address automatically. Once
the networking components are installed, you can
join a workgroup or a domain. If you want to join
a Win2K domain, the network must be running Active
Directory, and the client computer needs to be
able to contact a DNS server that contains the
records for your AD domain. The final installation
stage completes set-up. The program copies files,
configures the computer, saves the configuration,
and removes the temporary files.
You must be able to perform attended and unattended
installations. To start an attended installation,
boot from the Win2K CD-ROM if the computer supports
booting from the CD. If your computer doesn't
support booting from the CD-ROM, make boot disks
with makeboot.exe or makebt32.exe. You can also
start an installation over the network. Set up
a server with a file share containing the contents
of the \i386 folder. Boot the client with a network
boot disk and then connect to the shared folder.
Start the installation by running Winnt.exe. Winnt.exe
is used when you're running a 16-bit environment.
This is typically the case when you create a network
boot disk. If you're running a 32-bit environment,
2000 Pro (70-210)
"I found the questions on this
exam to be less strange and
tricky than some of the NT 4.0
exams. However, they're also
Installing, Configuring, and
Administering Microsoft Windows
Live as of June 15, 2000
Who Should Take It?
Core credit for MCSE
What Classes Prepare You?
2151: Microsoft Windows
2000 Network and Operating System
2152: Implementing Microsoft
Windows 2000 Professional and
For an unattended installation, use the Setup
Manager Wizard to create an answer file. This
file contains the information required by Setup,
so you don't have to enter anything during the
installation. You can perform an unattended installation
when booting from the Win2K CD-ROM by connecting
to a distribution server that contains the installation
files or by using Remote Installation Services
(RIS). To perform an unattended installation with
the installation CD, save the answer file on a
floppy with the name Winnt.sif. Boot from the
CD and put the floppy in the drive. An unattended
installation over the network is similar to an
attended installation. Simply use the correct
switch to specify the answer file when you start
the installation (Winnt /u:answerfile or Winnt32
RIS is new to Win2K. It's used to automate the
installation of Win2K Pro. Before you can install
clients, you must set up the RIS server, which
requires AD, DNS and DHCP. Client images are stored
on an NTFS partition on the RIS server. This partition
can't be the system or boot partition. When you
create the client image, you also associate an
answer file with the image.
Tip: RIS clients need PXE-enabled network
adapters. This type of NIC allows the client to
boot from the network. If the client computers
don't have PXE-enabled NICs, you may be able to
create boot disks using the Remote Boot Floppy
Generator tool, Rbfg.exe. Be aware that your NICs
need to be supported by the Rbfg.exe tool.
When a PXE client boots, it uses DHCP to request
an IP address and the IP address of the RIS server.
DHCP broadcasts aren't necessarily routed, so
you need to make sure clients can contact the
DHCP server. RFC 1542-compliant routers can send
on DHCP requests. If your routers don't support
this, you can install a DHCP Relay Agent on the
network segments without local DHCP servers.
Upgrading is another installation topic. You
can upgrade directly to Win2K Pro from Windows
95, Windows 98, NT Workstation 3.51, and NT Workstation
4.0. If you're running NT Workstation 3.1 or 3.5,
first upgrade to NT Workstation 3.51 or 4.0, then
upgrade to Win2K. Before upgrading a computer
to Win2K, run winnt32 /checkupgradeonly to generate
an upgrade compatibility report. You can use the
downloadable CHKUPGRD.EXE tool to verify the compatibility
of the machine to be upgraded.
Make sure you understand that you can run Win2K
service packs against your shared network copies
of the Win2K installation files by invoking update.exe
with the -s option. In this way, after installing
new Win2K features you no longer have to reapply
the service pack.
Tip: Here are some useful Microsoft Knowledge
Base articles: Q237556, "How to Troubleshoot Win2K
Hardware Abstraction Layer Issues"; Q234772, "Windows
2000 Hangs at 'Setup Is Starting Windows 2000'
Message"; Q224294, "Rights Needed for Remote Installation
Server to Create Machine Accounts"; Q242920, How
the Remote Installation Boot Disk Works"; and
Q251335, "Domain Users Cannot Join Workstation
or Server to a Domain."
For resource management, make sure you know NTFS
and share permissions inside and out. When you
set permissions on a parent folder, new files
and subfolders in that folder inherit those permissions.
If you don't want a file or subfolder to inherit
permissions from the parent, you need to clear
the "Allow inheritable permissions from parent
to propagate to this object" check box. Know the
rules for copying and moving files on NTFS partitions.
When you copy a file or move a file to a different
partition, it inherits the permissions of the
destination folder. When you move a file to a
different folder on the same partition, it retains
Compression is an NTFS attribute, so when you
copy and move files, it behaves like NTFS permissions.
However, there are a couple of gotchas to be aware
of. Encryption and compression are mutually exclusive.
You can't compress an encrypted file and you can't
encrypt a compressed file. Also, it's an NTFS
attribute, so when you try to copy a compress
file to an FAT partition, it will be uncompressed.
Encryption is a little different from compression
in that when an encrypted file is copied or moved
to a different Win2K NTFS drive, it always remains
encrypted. This is even the case when copying
to an NTFS drive on a remote Win2K machine.
Printing hasn't changed much from NT 4.0. You
still need to know the basics of printer management
(such as printer installation), how to set permissions,
how to configure options such as printer priorities,
and how to change the location of the spool folder.
One new feature is Internet printing. If the print
server needs to be running IIS, you can connect
to a printer via a URL.
Tip: Use http://servername/printers to see
a list of all printers on that server. Use http://servername/printersharename
to go directly to the page for that printer.
Win2K supports FAT, FAT32, and NTFS. Keep in
mind that the Windows 9x platform doesn't support
NTFS. So if you're setting up a dual-boot system,
use FAT or FAT32 for any partition that needs
to be visible to both operating systems.
Microsoft offers both traditional
and adaptive format exams. A
traditional exam has a fixed
number of questions. You can
go back and forward in the exam,
so you can mark questions for
review. An adaptive exam varies
in length. The test starts with
an easy to moderate difficulty
question. If you answer the
question correctly, the next
question is more difficult.
If you answer the question incorrectly,
the next question is easier.
This process continues until
the test determines your ability
level. From the tester's perspective,
one of the most noticeable features
of the adaptive exam is that
you can't go back to review
questions. Once you answer a
question, it's graded and you
go on to the next.
At the time I took Exam 70-210,
it was in a traditional format
exam. But Microsoft reserves
the right to change the testing
format at any time. That means,
by the time you read these words,
70-210 could be an adaptive
test. Make sure to read what's
in the opening screens of the
exam, because that's where you'll
Hardware Devices and Drivers
The hardware management section of this exam really
relies on experience. If you've set up your share
of computers, exam questions that cover these
objectives will be pretty straightforward. If
you haven't, get your hands on some hardware.
Win2K supports a new type of disk, called the
dynamic disk. When you first install a hard drive,
it's a basic disk. To upgrade to a dynamic disk,
you need at least 1MB of unallocated space. Know
the vocabulary for both types of disks. For example,
you create partitions on basic disks and volumes
on dynamic disks.
As a new feature, Win2K supports multiple monitors.
You need a PCI or AGP video card for each monitor
you want to install. After installing the second
monitor, use Display properties to extend the
desktop to that monitor.
Tip: A useful Knowledge Base article is Q238886,
"How to Set Up and Troubleshoot Multiple Monitors
Many other hardware topics are fair game, too.
Take a look at the different icons available in
the Control Panel, including Modems, USB devices,
IrDA devices, and PC Cards. See the official prep
guide for a complete list of devices.
Tip: You can install many devices even if they're
not connected to your computer. You don't have
a modem? Open Phone and Modem Options in the Control
Panel and simply add a standard modem. Then take
a look at the configuration options on a typical
You also need to know how to update drivers.
Use Device Manager to open the properties for
devices you want to update and use the Update
Driver command. You should also be familiar with
Windows Update on the Microsoft Web site.
System Performance and Reliability
Driver signing is new to Win2K. Microsoft
has digitally signed drivers to help ensure quality.
Drivers need to meet certain testing criteria
before they can be signed. As an administrator,
you can configure how the computer responds to
signed and unsigned drivers. The default is to
display a warning when it detects an unsigned
driver. Other options include ignoring unsigned
drivers and preventing their installation.
Know how to configure offline files. By default,
Win2K Pro is enabled to use offline files while
Server isn't. Even though Win2K Pro is enabled
to use offline files, you still need to select
the folders and files you want to make available
offline. Use Synchronization Manager to control
how those files synchronize with the network.
You can synchronize files at log-on or log-off,
when your computer is idle or according to a specific
schedule. You can also create different synchronization
rules, depending on the network connection the
computer is currently using.
Optimizing your computer's performance is similar
to the way it's done with NT 4.0. System Monitor
is essentially Performance Monitor in new clothes-the
MMC. Understand when you need an additional CPU
or just more memory. Hardware profiles are also
similar to NT. They're most often used with laptop
computers to manage a docked vs. undocked environment.
Tip: Generally, you should disable devices
you don't need under a specific profile.
Windows Backup is your basic tool for backing
up data and the system state data. The system
state data on a Win2K Pro computer includes the
registry, boot files, and COM objects. Be aware
that you can back up and restore data locally
or remotely. Backup or restoration of the system
state data must be done locally.
There are new options for troubleshooting boot
problems. Safe mode loads a minimal driver set
during start up. You can also boot to the command
line Recovery Console. The Recovery Console can
be used to start and stop services, read and write
data on a local drive, and format disks.
The Desktop Environment
New desktop options include Regional Options,
Faxing, and Accessibility Options. Take a look
at each of these topics. With Regional Options,
you can configure the computer to read and write
documents in multiple languages. Fax tools include
Fax Queue, which is used to view, cancel, resume
or pause a sent fax, and Fax Service Management,
which is used to configure your fax device.
Another important topic: Windows Installer packages.
This includes knowledge of AD, because Windows
Installer packages can be deployed to users or
computers through Group Policy.
Tip: Although you don't need an in-depth understanding
of AD to pass this exam, you do need to a basic
understanding of its features, including domains,
trees, forests, OUs and group policy.
Know the file types associated with a Windows
Installer package and the use for each type of
file. .MSI files are Windows installer packages;
.MST files transform an installation. Make sure
you understand the difference between assigning
an application to a user or a computer and publishing
an application to a user. When you publish an
application, it appears in Add/ Remove Programs
in Control Panel, and the application will automatically
install if the user tries to open a document supported
by that application (document invocation).
What's the difference between assigning an application
to a user and publishing an application to a user?
Assigning creates shortcuts to the application
in the user's Start menu, which will automatically
install the application the first time a user
attempts to use it; publishing doesn't. Also,
applications that don't support the new Windows
Installer format can't be assigned; they can only
be published. Applications assigned to computers
are automatically installed the next time the
Network Protocols and Services
If you've taken the NT 4.0 Workstation
exam or one of the Windows 9x exams, you may be
surprised by the amount of networking knowledge
needed to pass this test. In the preparation guide,
Microsoft states that this exam is intended for
people who have at least a year of experience
working with desktop operating systems in a network
environment. As a result, you need a solid understanding
of TCP/IP and network services. For example, while
you may not be asked how to configure a DHCP server,
you certainly need to understand how DHCP works
and how to troubleshoot a DHCP client.
Dial-up networking is alphabet soup. You need
to know authentication protocols backwards and
forwards, including EAP, MS CHAP v2, MS CHAP v1,
CHAP, SPAP, and PAP. You also need to know the
PPTP and L2TP VPN protocols. When you create a
dial-up connection, you can share it with ICS,
Internet Connection Sharing. Understand how to
set up ICS and how it works. This is a really
neat feature for connecting a small network, like
the one in your house, to the Internet.
EFS, the Encrypting File System, is a new feature
of NTFS. Be aware that you can't compress encrypted
files. Only the person who encrypted a file or
the designated Recovery Agent can decrypt that
file. Note that this will cause problems if you
try to share an encrypted file! Only the owner
of the file or Recovery Agent will be able to
open it. Because EFS is an NTFS feature, encrypted
files and folders are decrypted if you copy them
to FAT or FAT32 volumes. Also, be careful when
you copy encrypted files and folders to a different
computer. The encryption certificate and private
key that are used to decrypt the files are needed
on that computer. If not, you won't be able to
open the files.
Be aware that the test objectives mention both
local and domain user accounts. Local user accounts
are stored on the local computer and typically
used in a workgroup environment. Domain user accounts
are stored in AD and allow the user access to
domain resources. This may "only" be the Pro exam,
but you still need to spend a little time looking
into AD accounts.
Other security topics include auditing, account
policy and user rights. These are configured on
the local computer through Local Security Policy.
Account policy includes password settings, such
as the minimum password length, and lockout settings,
such as the number of failed logon attempts before
the system locks you out. User rights include
items such as the rights to back up files and
directories and to shut down the system. When
you create an audit policy, be aware that auditing
files, folders or printers requires two things:
you need to audit object access, and configure
auditing on the specific file, folder or printer
you want to audit.
Finally, take a look at security templates. You
use them to apply security settings to the computer.
There are standard templates for basic, secure
and high security installations (basicws.inf,
securews.inf and hisecws.inf, respectively). Don't
use the hisec templates unless you have a Win2K-only
environment. Computers running the hisec templates
can't communicate with older Windows clients!
Tip: You'll find these Knowledge Base articles
useful: Q234926, "Windows 2000 Security Templates
Are Incremental," and Q223316, "Best Practices
for Encrypting File System."
A Few Final Exam Tips
When you're facing your exam, remember to read
carefully. Questions tend to be long. It's easy
to miss the one sentence in the middle of the
question that changes everything. Also, know both
how things work and the recommended approach.
One question may ask the best way to perform a
task. When you read the set of possible answers,
more than one answer will always satisfy the requirements
of the question. In this case, you need to choose
the best answer. Another question may simply ask
you to choose the correct answer. The list of
possible answers doesn't provide the best possible
solution, but one of the answers does solve the
This exam is a great starting point for your
Win2K certifications. Good luck!