Talking Shop: Help with the Windows 2000 Professional MCP exam

The performance monitoring and optimization topics you should study for the Windows 2000 Professional MCP exam

Even if you know everything about installing Windows 2000 Professional and administering resources using the OS, and even if you dream about configuring device drivers and configuring the desktop environment, there's no guarantee you'll pass the Windows 2000 Professional MCP exam. In fact, if that's all the knowledge you have, you'll probably fail. You also must possess performance monitoring, tuning, and networking expertise.

In the final installment of this three-part series, I'll list the performance monitoring and optimization topics you should study, as well as the networking items you will need to know.

Did you miss the first two installments?
Don't try your hand at Microsoft Exam 70-210 until you've reviewed the first two articles in this series: ”Win2K Pro exam: The first list you need to study” ”Win2K Pro exam: Your second list to study”

Performance monitoring and optimization
You are sure to find several performance optimization questions on your Windows 2000 Professional exam. You should know the following:

Task Scheduler
One of the first performance optimization utilities you should master is the Task Scheduler. The Task Scheduler can be used to automate regular tasks, making administration more efficient. When creating scheduled tasks, a username and password must be provided for an account possessing the necessary permissions to execute the task. When tasks are moved between machines, or copied between systems, the task's account permissions must be reconfigured.

Offline file usage
Offline filesand folders are among the important new features in Windows 2000. Two actions must be taken to use the offline file option.
  • The laptop systems are often your best candidates for using offline files, but they must first be configured to use the feature. Enable offline files by selecting Folder Options from the Tools menu in Windows Explorer and clicking on the Offline Files tab. Select the Enable Offline Files check box.
  • The system that will permit offline caching of files must configure each shared folder by right-clicking on it and clicking Properties, clicking the Caching button, and selecting the Allow Caching Of Files In This Shared Folder check box.

Three types of caching can be configured:
  • Manual Caching For Documents—Users are permitted to specify particular files available for offline use.
  • Automatic Caching For Documents—All documents a user accesses are cached.
  • Automatic Caching For Programs—All executable programs a user accesses are cached.

It's likely you'll see a question on synchronization, too. Remember that you use the Synchronization Manager to specify which files, programs, and folders should be synchronized and when the synchronization should occur. If two users have edited the same file, you'll be presented with the following options:
  • Rename your copy of the file.
  • Overwrite your copy of the file with the network version.
  • Overwrite the network version (effectively deleting the changes made by the other user).

Performance console
You knew it as Performance Monitor in Windows NT. Be familiar with Windows 2000's Performance console, which plays a critical role in monitoring memory, processor, disk, network, and application performance.

You access the Performance console by clicking Start | Programs | Administrative Tools | Performance. You can also reach it by adding the Performancesnap-in using the Microsoft Management Console.

Be sure that you know the difference between objects and counters. Objects are components, such as a NIC, processor, and memory. Counters are instances or occurrences, such as pages/second for memory or disk queue length for disks.

Learning to set objects and counters is one thing. Tracking them is another. Know how to create logs in the Performance console. As I explained in ”NT's Perfmon and Sysmon are combined and enhanced in Win2K,” you record counter activity by right-clicking on Counter Logs under Performance Logs And Alerts and selecting New Log Settings.

Trace logsdiffer from counter logs in that trace logs are created when a specified event occurs. With counter logs, a continuous sampling occurs whether the event occurs or not.

You can create alerts by right-clicking on Alerts under Performance Logs And Alerts and selecting New Alert Settings. Once you've supplied a name for the alert, you'll need to specify the comment you want to receive when specific counter values are exceeded.

But what to look for in those logs?
Memorize the following memory-monitoring strategy: If Pages/sec is higher than 20, your system requires additional memory.

You need a faster processor when % Processor Time is higher than 80 percent or Processor Queue Length is greater than 2.

If Disk Queue Length is consistently more than 2, you need faster disk access. If % Disk Time is consistently higher than 90 percent, you need to move your paging file to another disk and use an additional disk controller. Move the paging file by clicking Start | Settings | Control Panel | System and clicking the Advanced tab, then click the Performance Options button followed by the Change button. Incidentally, your paging file should be at least 1.5 times the physical memory a system possesses.

Unlike in Windows NT, physical disk counters are now enabled by default. However, logical disk counters are not. You need to enable them manually by firing up a command line and typing diskperf -yv.

Hardware profiles
You'll likely be tested on hardware profile expertise as well. Know how to create and edit hardware profiles. Administer hardware profiles by clicking Start | Settings | Control Panel and selecting the System applet. Select the Hardware tab and click Hardware Profiles. Configure components to work in different profiles by enabling them using Device Manager.

Remember not to edit a profile before making a copy of a working profile. Should problems arise, you can always return to using the old profile.

Windows 2000 Professional includes a Backup utility. Know how to use it. Pay particular attention to the differences between a differential backup and an incremental backup, which flips the archive bit. Don't forget that differential and copy backups do not flip the archive bit.

Be sure that you know how to back up the Windows 2000 System State. Here's a hint: Select the System State check box on the Backup tab when creating backups.

The Windows 2000 Backup utility now includes a wizard. Execute it by clicking Start | Programs | Accessories | System Tools and selecting Backup. You can also call it by typing ntbackup at a command line.

Using the Backup wizard, you can back up data, restore a backup, or create an Emergency Repair Disk.

Recovery options
Know how to boot Windows 2000 using Safe Mode, reached by pressing the [F8] key when the system boots. Understand that a minimal set of drivers is loaded when Win2K boots using Safe Mode.

Know how to install the new Recovery Console, too. Follow these steps to install the Recovery Console:
  1. Boot the Windows 2000 system and insert the Windows 2000 CD-ROM.
  2. Close the Microsoft Windows 2000 CD screen (which will appear if autorun is enabled on the system).
  3. Open a command prompt by clicking Start | Run, typing cmd, and clicking OK.
  4. Type d:\i386\winnt32 /cmdcons. (Replace d with the drive letter for the CD-ROM drive holding the Windows 2000 CD.)
  5. When the Windows 2000 Setup dialog box asks whether you want to install the Recovery Console (which requires 7 MB of disk space), click Yes.
  6. After the necessary files have been installed, a dialog box will appear confirming that the Recovery Console was successfully installed. Click OK.

You can perform the following actions using the Recovery Console:
  • Disable and enable services
  • Add and delete partitions
  • Replace boot sectors
  • Fix the master boot record
  • Confirm which services are automatically started
  • Specify boot drives
  • Copy and delete files
  • Format disks
  • Rename files and folders
  • Create directories
  • Perform network administration

TCP/IP networking
You absolutely must understand most fundamental aspects of TCP/IP networking. You should know how to configure subnets and know the difference between WINS, DNS, and DHCP.

WINS, of course, resolves NetBIOS names to TCP/IP addresses, while DNS resolves host names (including Web addresses with fully qualified domain names) to TCP/IP addresses. DHCP, meanwhile, distributes TCP/IP address information automatically to systems on a network. Don't forget that a HOSTS file is a manual list that a system uses to resolve hosts to TCP/IP addresses, and LMHOSTS is a static list a that system uses to resolve NetBIOS names to TCP/IP addresses.

Remember that the ipconfig command is used to troubleshoot TCP/IP addressing errors. Ipconfig /all is a particularly helpful command/switch combination to use when trying to determine the cause of TCP/IP failures.

You should also study remote access and VPN protocols. Know the following:
  • Challenge Handshake Protocol (CHAP)—Encrypts account username and password during transmission
  • Extensible Authentication Protocol Transport Level Security (EAP-TLS)—Powers secure use of digital certificates and smart cards
  • Internet Protocol Security (IPSec)—Encrypts traffic using keys to protect data transmissions between TCP/IP nodes and can be used with L2TP to encrypt VPN traffic
  • Layer Two Tunneling Protocol (L2TP)—Creates a tunnel through the Internet but doesn't encrypt the traffic passing through the tunnel
  • Microsoft Challenge Handshake Protocol (MS-CHAP)—Encrypts an entire communication session, not just the transmission of account username and password information
  • Password Authentication Protocol (PAP)—Encrypts nothing; neither account username nor password is encrypted. Instead, they are passed as clear text.
  • Point to Point Tunneling Protocol (PPTP)—Creates an encrypted tunnel through the Internet

The Make New Connection wizard lets you create new inbound and outbound connections. Use it to create dial-up connections, inbound connections, VPNs, and even to link two computers directly.

Be intimately familiar with dial-up network settings, too. Remember that every network connection, dial-up and LAN alike, receives its own icon under Control Panel's Network And Dial-up Connections applet. Connection settings are configured using the respective connection's Properties dialog box.

Windows 2000 Professional also supports multilinking, which enables two or more modems to use multiple connections to increase available bandwidth for a single connection. You must appropriately configure a connection's settings, as well as the Remote Access Service (RAS), for multilinking to work properly.

Serial Line Internet Protocol (SLIP)is a dated technology used for dialing into UNIX systems. Point to Point Protocol (PPP) is likely to be the dial-up protocol used with Windows 2000 dial-up connections, as it supports dynamic addressing and encryption. PPP also supports multiple protocol use.

For more information on networking in Windows 2000, check out the following articles:

Security questions are likely to constitute a fair portion of your Win2K Pro exam. You should study everything from new security features to the use of security templates to the administration of user accounts.

New security features
One of the most important new security features in Windows 2000 is the introduction of the Encrypted File System (EFS), which enables files on an NTFS partition to be encrypted using public key authentication. Know that EFS does not work on files or folders housed on a FAT partition. Only the user who encrypted a resource can decrypt it, with the exception of the administrator account, which possesses a recovery agent.

Don't forget that a file can't be both compressed and encrypted. A file can be one or the other, but not both. For more information on EFS, check out ”Protecting sensitive data is easy with EFS."

Be familiar with the cipher command, which is used to encrypt and decrypt files. Know its basic switches as well.

Security templates
Windows 2000 provides several preconfigured security templates. You can find them in the C:\systemroot\Security folder. You can create customized security templates or select one of the following:
  • Basic—The Basic security template sets a Win2K system to the Windows 2000 installation default. It can be used on workstations (basicwk.inf), domain controllers (basicdc.inf), and member servers (basicsv.inf).
  • Compatible—The Compatible template (compat*.inf) upgrades Windows 2000 users to the Power Users group to ensure that compatibility problems don't arise when working with Windows NT applications.
  • Secure—The Secure template (secure*.inf), which is available for workstations and domain controllers, provides a recommended level of security.
  • Highly Secure—The Highly Secure template (hisec*.inf) is available for workstations and domain controllers. It sets security settings for protecting network communications. Systems running the Highly Secure template can communicate only with other Win2K systems.

Security templates are configured using the Group Policy MMC snap-in. Load the Group Policy snap-in and navigate to Windows Settings beneath the Local Computer Policy folder. Right-click on Security Settings and click Import Policy.

User account administration
Local user accounts affect permissions on a system only when a user logs on locally. Local user permissions do not affect a user's permissions when connecting to a resource over the network. Domain user accounts live on domain controllers and override local system settings.

You configure user accounts using the Computer Management MMC snap-in. Generally, you should disable accounts rather than delete them if a user may return to work or be replaced by another individual needing the same permissions.

You should memorize the differences between share permissions, which can be placed on files and folders on FAT 16/32 and NTFS partitions:
  • Full Control—Users can take ownership and edit file access permissions, in addition to receiving all Change and Read permissions.
  • Change—Users can edit and create new files, in addition to receiving all Read permissions.
  • Read—Users can list and read files and execute programs.
  • No Access—Users receive no permissions; they can’t list, view, read, or change files and programs.

Ultimately, the permission a user receives to a file is a combination of their share and group permissions. Calculate a user's effective permission by taking the least restrictive share permission and least restrictive group permission and using the most restrictive of the two sets.

For example, if a user is a member of the Accountants group, which has Change permission, and accesses a folder that has Read share permission, the user's effective permission will be Read. Should No Access ever pop up, regardless of the user's other permissions, the user will be denied access to the resource.

Study the rights and privileges of built-in local groups and built-in system groups.

Review group policies and be familiar with the System Policy Editor, which can be called up from a command line by typing poledit.exe.

Also spend some time auditing different system events, such as failed logons, and ensure that you know how to find the log file when you begin auditing events. Auditing is notenabled by default.

To audit activities, you must complete two steps:
  1. Enable auditing for the local system.
  2. Configure auditing for each action you want to monitor.

Enable auditing on a local system by adding the Group Policy MMC snap-in, selecting the machine you want to audit, and navigating to the Computer Configuration | Windows Settings | Security Settings | Local Policies | Audit Policies folder. Next, select the auditing type you want to implement by double-clicking on it. Enable action audits by selecting the Failure and Success check boxes for the actions and events you want to monitor. Don't forget to run the secedit/refreshpolicy machine_policy command, which refreshes the registry immediately to begin auditing.

For more on auditing, read "Preempt problems with Windows 2000's auditing features" and "Creating a Windows 2000 audit policy" (TechProGuild premium subscription required; 30-day free trial available)."

Eckel's take
From installation and desktop configuration to user administration and security to networking and device management, there's much to know for the Windows 2000 Professional exam. Don't assume you're ready just because you've been working with the OS for a year or so.

Microsoft's exams are much harder than in the past, and exam designers have worked diligently to make the tests more representative of real-world problems. I recommend supplementing at least a year's worth of experience with the OS with quality time spent reading at least one Win2K Pro MCSE text. It wouldn't hurt you to sit down with a few practice tests, either.

Hopefully, this three-part series will point you in the right direction and get you started on studying the topics you must master. Once you've worked with the OS, studied up, and tried a few practice exams, give it a go. Best of luck.

Are you ready to take on the Win2K Pro exam?
What path are you taking for Windows 2000 certification? We look forward to getting your input and hearing about your experiences regarding this topic. Join the discussion below or send the editor an e-mail.


Editor's Picks