QUIZ CHAPTER 16-23

Windows 2000 Professional

Chapter 16

Auditing is a tool for maintaining network security that allows you to track user activities

and system wide events.

Auditing allows you to track both user activities and Windows 2000 activities which are

called events, on a computer.

The security log maintains a record of valid and invalid logon attempts and events related to

creating, opening, or deleting files or other objects.

Audit the Everyone group, instead of the Users group.
Auditing is turned off by default.
There are three logs, application, security, and system. The Application contains errors or

warnings. The Security log contains information about the success or failure of audited events.

The System log contains errors warnings, and information that Windows 2000 generates.

Start/Programs/Administrative Tools/Event Viewer/Console Tree/Security Log.
You can use the Filter and Find commands in Event Viewer to locate specific events or types of

events.

Start/Programs/Administrative Tools/Local Security Policy/in Local Security Settings/ Local

Policies/Audit Policy.

Chapter 17

Password policy allows you to improve security on your computer by controlling how

passwords are created and managed.

The Security Options node lives under the Local Policies node. Close to 40 additional

security options are available here that allow you to increase the effective security on your

computer.

By default Windows 2000 Professional doesn’t require a user to be logged on to the

computer to shut it down. Security Options allow you to disable this feature and force

users to log on the computer before it can be shut down.

By default, Windows 2000 Professional requires users to press Ctrl+Alt+Delete to

log on to the computer.

By default, Windows 2000 Professional doesn’t clear the virtual memory pagefile when

the system is shut down.

By default, Windows 2000 Professional displays the last user name to log on to the

computer in the Windows Security or Log on To Windows dialog box.

Chapter 18

Microsoft Windows 2000 File system (NTFS) compression enables you to compress

files and folders. Compressed files and folders occupy less space on an NTFS-formatted

volume, which enables you to store more data. Each file and folder on an NTFS volume

has a compression state, which is either compressed or uncompressed.

Compressed files can be read and written to by any Microsoft Windows-based or MS-DOS

based application without first being uncompressed by another program.

NTFS allocates disk space based on the uncompressed file size. If you copy a compressed

file to an NTFS volume with enough space for the compressed file but not enough space for

the uncompressed file, you might get an error message stating that there is not enough disk

space for the file. The file will not be copied to the volume.

If you want to set the compression state of folder or file, right-click the folder or file in Windows

Explorer, Click Properties, and then click Advanced button.

If you select Encryption, you cannot select Compression of a file or folder. NTFS encryption

and compression are mutually exclusive.

To change the compression state for a file or folder, you must have Write permission for that

file or folder.

Windows 2000 doesn’t support NTFS compression for cluster sizes larger than 4KB because

compression on large clusters causes performance degradation.

You can set alternative colour for compressed files in Windows Explorer/Tools/Folder

Options/View tab/Display Compressed Files and Folders with Alternate Color.

Disk Quotas allow you to allocate disk space usage based on the files and folders that

user own.

Windows 2000 tracks disk quotas for each volume, even if the volumes are on the same

hard disk.

By default, only members of the Administrators group can view and change quota settings.
Red = quota disabled, yellow = quota rebuilding, green = quota is active.
EFS allows user to encrypt NTFS files by using a strong public key-based cryptographic

scheme that encrypts all files in a folder.

Files remain encrypted if you move or rename them, and encryption isn’t defeated by

temporary files created during editing and file unencrypted in the paging file or in a temporary

file.

EFS is implemented either from Windows Explorer or from the Command Prompt.
It can be enabled or disabled for a computer, domain, or OU by resetting recovery

policy in the Group Policy console in the MMC.

To set group policy for the domain or for an OU, your computer must be part of a

Windows 2000 domain.

Compressed files can’t be encrypted, and encrypted files can’t be compressed.
After you encrypt the folder, when you save a file in that folder, the file is encrypted by

using file encryption keys, which are fast symmetric keys designed for bulk encryption.

By default, encryption provided by EFS is standard 56-bit encryption. For additional

security, North American users can obtain 128-bit encryption by ordering the Enhanced

CryptoPAK from Microsoft. Files encrypted by the CryptoPAK cannot be decrypted,

accessed, or recovered on a system that supports only 56-bit encryption.

Encrypted files can’t be shared, obviously.!!
Disk Defragmenter can be defragment FAT, FAT32 and NTFS volumes.

Chapter 19

A backup job is a single process of backing up data.
Start/Programs/Accessories/System Tools/Backup OR at the RUN type ntbackup.
Backup Markers are known as archive attributes, which mark a file as having changed.
There are 5 types of backups: Normal or Full, Copy, Incremental, Differential, Daily.
Start/Programs/Administrative Tools/Computer Management/Action/All Tasks/Send

Console Message.

Chapter 20

Windows 2000 includes the Computer Management and Shared Folder snap-ins so that you

can easily monitor access to network resources and send administrative message to users.

There are three reasons to assess management: Maintenance, Security, Planning.
Windows 2000 Professional, the maximum is 10 concurrent or simultaneous users accessing a file.
Disconnecting users from open files can result in data loss.

Chapter 21

Windows 2000 includes Extensible Authentication Protocol (EAP), Remote Authentication

Dial-in User Service (RADIUS), Internet Protocol Security (IPSec), Layer-Two Tunneling

Protocol (L2TP) and Bandwidth Allocation Protocol (BAP).

RADIUS is scaleable, no limit to growth.
RADIUS support in Windows 2000 facilitates this kind of user authentication, while

providing highly scaleable authentication designs for performance and fault-tolerant

designs for reliability.

Both PPTP and L2TP use PPP to provide an initial envelope for the data and then append

additional headers for transport through the transit internetwork.

L2TP supports header compression; PPTP does not.
PPTP uses PPP encryption. L2TP requires IPSec for encryption.
L2TP operates with 4 bytes of overhead, as compared with 6 bytes for PPTP.
PAP, CHAP, MS-CHAP, SPAP, and PPTP which provides tunneling capabilities.

Chapter 22

Boot sequence has four phases: initial boot loader, operating system selection, hardware detection,

and configuration selection.

Windows 2000 modifies the boot sector during installation so that ntldr loads during system startup.
If the boot.ini file isn’t present, Ntldr attempts to load Windows 2000 from the Winnt folder on the

first partition of the first disk, typically C:\Winnt

If you select an operating system other than Windows 2000, such as Windows 98, Ntldr loads

and executes Bootsect.dos. Bootsect.dos is a copy of the boot sector that was on the system

partition at the time that Windows 2000 was installed.

Control set contains configuration data used to control the system, such as a list of the device

drivers and services to load and start.

Windows 2000 startup is not considered good until a user successfully logs on to the system.

After a successful logon, the system copies the Clone control set to the LastKnownGood

control set.

There are 5 states of the Windows 2000 Intel-based boot process: Preboot sequence, Boot

sequence, Kernel load, Kernel initialization, and logon.

The current control set is stored in the Registry under HKEY_LOCAL-MACHINE\SYSTEM\Select.
Windows 2000 provides two configurations to load a driver and have problems rebooting,

you can use the last known good process to recover your working configuration or the Default.

The boot.ini file is located on the active partition.
If your computer is not equipped with a CD-ROM drive that is capable of booting from a

CD-ROM, then also insert your Windows 2000 Setup Boot disk into your floppy disk drive.

Chapter 23

You can use the Setup Manager to create the Unattend.txt files that are necessary for scripted

installations.

The new Windows 2000 Setup Manager Wizard allows you to quickly create a script for a customized

installation of Windows 2000 without concern for cryptic text file syntax.

The Sysdiff.exe utility is often used in conjunction with the Setup Manager to install Windows using

different files. The use of Sysdiff.exe has not changed from Windows NT 4.

The Setup Manager Wizard creates a Sysprep folder at the root of drive image and places

Sysprep.inf in this folder. The Mini-Setup wizard checks fro Sysprep.inf in the Setup folder at the

root of the drive in which Windows 2000 is being installed.

When you use disk duplication, the mass storage controllers and HALs for the test computer and

all destination computer must be identical.

The Administrator Group doesn’t have the right to log on to the batch job by default and

thus will need to be assigned this right prior to attempting a remote installation.

You run Rbfg.exe for the remote install, and it is located in Remote Install\Admin\I386 folder on

the Remote Installation Server.

Windows 95 or Windows 98 computers that don’t meet the hardware compatibility requirements

can still take advantage of Active Directory Directory services by using Directory Service Client.

You must first upgrade computers running Windows NT3.1 or Windows NT 3.5 to Windows

NT 3.51 or Windows NT 4, and then you can upgrade them to Windows 2000 Professional.