Preparing for the 70-073, Windows NT Workstation 4.0 exam

If you're getting ready to tackle Microsoft's 70-073 exam, then you need to take a look at this Daily Drill Down. Troy Thompson discusses the topics that are included on the test and explains what you'll need to know in order to pass.

In this Daily Drill Down, I’ll focus on Microsoft’s 70-073 exam, which covers NT Workstation 4.0. I’ll provide an overview of the topics that are included on this exam. This Daily Drill down will explain what you need to know in order to pass the test.

Exam basics
The NT Workstation 4.0 exam is adaptive now. As a result, the exam is even more difficult. (Microsoft has lowered the passing score to 547.) The exam may consist of as few as 15 questions or as many as 25 questions. The questions are distributed, based on how you answered the previous question. You have 90 minutes to complete the exam.

The exam is divided into seven objective categories:
  • Planning
  • Installation and configuration
  • Managing resources
  • Connectivity
  • Running applications
  • Monitoring and optimization
  • Troubleshooting

These categories no longer appear on the Examination Score Report. You simply see a bar graph that shows you how well you did overall. In the following sections, we’ll look at these seven categories and what you must know in order to pass the exam. If you understand the concepts—rather than just memorize the facts—you’ll have no difficulty in passing the exam.
On the new adaptive exam, once you’ve marked an answer and moved on to the next question, you can’t return to that question. When you take the exam, read each question carefully and pace yourself. Keep in mind that you’ll probably have 25 questions and a total of 90 minutes to complete the exam. Therefore, you should try to spend an average of no more than 3.5 minutes on each question.
The minimum hardware requirements for Windows NT Workstation 4.0 are a 486DX/33 processor, 12 MB of RAM, and 120 MB of free disk space. You can configure NT to perform an unattended installation by running:

The Unattend.txt file provides automatic responses to prompts. If you have more than a single hardware platform (such as PCs and laptops), you’ll need additional Unattend.txt files.

In conjunction with Unattend.txt, you can have a uniqueness database file (UDF) that provides replacements for sections of Unattend.txt or gives additional information that’s unique to individual users. The command-line option for a UDF is as follows (where ID is the unique ID you use while installing NT on this computer and filename is the filename, including the full path, of the uniqueness database):
/UDF:ID, filename

The file Cmdlines.txt contains all of the commands that need to run after setup is complete. This file can include the Sysdiff utility. You use Sysdiff, not Windiff, to automate the installation of applications. Sysdiff consists of a three-step process. First, use it in /snap mode to take a snapshot of the system before applications are installed. Second, install your applications and run Sysdiff in /diff mode to record the differences afterwards. If the difference file created by Sysdiff is available during setup, the Setup program applies the differences automatically. The third mode is /inf, which incorporates the installation of the applications with unattended setup.

It’s important to remember that Unattend.txt, UDF files, and Sysdiff.exe are required to run unattended installation—including applications. The chances are high that the exam will include a question about unattended installation.

Installation and configuration
You can install NT Workstation on a FAT partition with WinNT or over a previous version of NT with WinNT32. Windows NT supports only FAT and NTFS. A FAT partition is required if you plan to dual-boot with Windows 95. Windows NT 4.0 doesn’t support OS/2’s HPFS file system. If you’re running NT 3.51 with an HPFS file system and you want to upgrade to NT 4.0, convert the file system to NTFS and then upgrade. If you choose to load Windows 95 and Windows NT on the same computer, the operating systems must be installed in different directories. There’s no upgrade path from Windows 95 to NT.
You can look in several places to determine which current Windows NT build and service pack is loaded onto your computer. This information appears at the top of the blue boot screen every time you start your computer. Also, you can run Winver.exe or Winmsd.exe from a command prompt. Finally, in Windows Explorer, you can choose About from the Help menu.
If you move a file between NTFS partitions, attributes of the target folder apply to the file. If you move a file within the same NTFS partition, the file keeps its attributes. When you copy a file, the permissions of the target directory are always assigned to the new file, regardless of whether it’s in the same partition or a different one. When you copy a file from an NTFS partition to a FAT partition, permissions are lost, but long filenames are kept.

On Intel-based computers,the path to each NT installation is described in a single line in the Boot.ini file. Boot.ini contains two sections—Boot Loader and Operating Systems, as in the following example:
[boot loader]
default=multi(0)disk(0)rdisk(0) partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Workstation Version 4.00"
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Workstation Version 4.00 [VGA mode]" /basevideo /sos

The Boot Loader section defines the default operating system and the amount of time in seconds that it waits before loading. By changing the time-out parameter to 0, you hide the Boot menu, and the computer will always boot the default. If you make the time-out parameter ­1, you force the Boot menu to appear until the user makes a choice. The Operating Systems section of Boot.ini contains choices for the operating systems and modes in which you can boot.

RISC-based computers don’t use a Boot.ini file. Instead, four lines in the computer firmware’s Boot options point to a single NT installation.

You must use the Multimedia applet in Control Panel to install a MIDI device. If you plan to install an FTP server, you must also install Microsoft Peer Web Service.

Managing resources
To audit printers on your workstation, you must enable Auditing Of File And Object Access events in User Manager. When you change a system policy, users must log off and back on before the new policy takes effect. System policies override settings that are stored in local, mandatory, or roaming user profiles. Individual system policies override system policies for groups. If a conflict occurs between the account policy and a user’s individual account policy, the user’s individual account policy settings will be used.

You need to replicate logon scripts from the \Winnt_Root\System32\Repl\Export\Scripts directory on a domain controller to the \Winnt_Root\System32\Repl\Import\Scripts directories on the other domain controllers. You can create a roaming user profile from an NT Workstation computer by using either the System option in Control Panel or User Manager in Administrative Tools.

The Client Service for NetWare main window allows a user to set three printing options: Add Form Feed, Notify When Printed, and Print Banner. To use a separator page, select the Print Banner option in Client Services for NetWare. The Add Form Feed option ejects a blank page after each print job.

In order for two users to log on to the same NT Workstation computer and have control over their individual environments, you must set up a user account for each user. The first time that a user logs on, NT automatically creates a user profile for that user. The use of logon scripts is entirely optional.

Shared folder permissions refer to remote resource access, whereas NTFS permissions control access to resources both locally and remotely. When NTFS and shared folder permissions are combined, the most restrictive set of permissions takes precedence. When users log on locally, the users’ least restrictive levels of access—the levels of permission that the users have for accessing NTFS folders locally—determines the levels of access for folders. When you combine the No Access permission with any other permission, an access level of No Access is always the result. If a folder on a Windows NT workstation has Special Access (RWX)(R) NTFS permissions, users will have Read, Write, and Execute access for the directory and Read access for newly created files in the directory. All files created in that directory inherit the permission that was specified by the second set of parentheses.

Event Viewer lets you view the security, system, and application log files. In order to view the security log, you must be a member of the Administrators local group. The system log file records events that were logged by the NT systems components: the failure of a driver, the failure of another system component to load during startup, etc. The application log file contains events that applications logged. The security log records security events that NT logged. The Device.log file is created when you troubleshoot RAS connections. The NTConfig.pol file stores system policy files. When a user logs on, if the file NTConfig.pol exists in the primary domain controller’s (PDC) or backup domain controller’s (BDC) Netlogon folder, the HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE hives in the local registry are overwritten with entries that are found there.
No, the primary domain controller (PDC)/backup domain controller (BDC) registry is different from that of a stand-alone server. You must perform a reinstallation to create a stand-alone server.
User Manager for Domains exists only on NT Servers. To create accounts on an NT Workstation, you must use the User Manager Utility. Only members of the Administrators and Power Users groups can share folders in NT Workstation. You can set a priority for spooled jobs when printers are shared. (Higher priority jobs always print first.)

If you’re installing NT Workstation and you don’t have your network interface card (but you still want to install and configure network protocols in advance), select the loop-back adapter and bind protocols to it. The default protocol for NT includes an implementation of the Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP refers collectively to a suite of protocols, including TCP, UDP, IP, ICMP, and ARP. TCP/IP provides compatibility with the Internet.

To configure TCP/IP, you’ll need an IP address, a subnet mask, and a default gateway (which is optional). An IP address is a logical 32-bit address that uniquely identifies a TCP/IP host. The subnet mask determines whether a host is on the same network or on a different one. The default gateway is an optional setting that identifies the address of the router that’s used to reach hosts not on the local network.

Windows Internet Name Service (WINS) translates NetBIOS names to IP addresses. A Domain Name System (DNS) server resolves names and identifies TCP/IP hosts on the Internet. A Dynamic Host Configuration Protocol (DHCP) server automatically configures TCP/IP on the clients.

To access files or printers on a NetWare network, you must install Microsoft Client Service for NetWare Networks (CSNW) onto the NT Workstation. If you need NetWare clients in order to access files and printers on an NT server, you must install Microsoft File and Print Services (FPSNW) on an NT 4.0 server. Although FPSNW is available from Microsoft, it isn’t included in the NT core product.

Gateway Services for NetWare (GSNW) allows workstation clients to access a NetWare network through the NT server. A major reason why a client may be unable to connect to a NetWare server is incorrect frame type. CSNW can detect two NetWare frame types: 802.2 and 802.3.To change the password of a NetWare server, you can use [Ctrl][Alt][Del] or the Setpass command.

Remote Access Service (RAS) works with TCP/IP, NWLink, or NetBEUI protocols for dial-in and dial-out connections, whereas RAS Autodial works only with NetBEUI or TCP/IP. TCP/IP is always best for Internet compatibility. RAS supports three modem protocols: RAS, PPP, and SLIP. SLIP requires far less overhead than PPP does, but SLIP offers no error checking or security.

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks. PPTP is a low-cost method of providing Internet access to users, and it allows RAS clients to run applications with Remote Procedure Calls, Windows Socket APIs, and named pipes. The multilink option for RAS allows a user to connect with multiple modems. If it’s enabled on your NT Workstation, you can’t use callback security on a RAS server. (If an exam question asks how you can use multilink and callback security to dial into a RAS with three modems, the answer is: “It can’t be done.”) An NT RAS server supports 64 simultaneous connections, but NT Workstation is limited to one RAS session at a time. The three possible settings are Dial Out Only, Receive Calls Only, and Dial Out And Receive Calls. Dial Out Only is the default setting.

NT Server includes the Internet Information Server (IIS), but NT Workstation includes Peer Web Services (PWS). The two products function similarly, but IIS allows for an unlimited number of connections. PWS is limited to ten.
To force a domain synchronization, run net accounts /sync.
Running applications
DOS applications are run in individual NT Virtual Device Managers (NTVDM). An NTVDM prevents the failure of a single DOS application from affecting other applications that are running. Windows 16-bit applications run in a single Win16 NTVDM. Therefore, if a Windows 16-bit application fails, it can affect other Windows 16-bit applications.

You can force a Windows 16-bit application to run in a separate NTVDM by using the /separate switch. Applications that run in the Win16 NTVDM are preemptively multitasked, and they share a common address space. The default memory for 16-bit Windows applications is separate and shared. Applications can be started with varying priorities. The syntax is as follows:
START [Start parameters] ApplicationName [Application parameters]

Some of the start parameters include: /low, /normal, /high, /realtime, /min (for minimized), /max (for maximized), and /separate (for starting in a separate NTVDM). If you want to run an application (like Program.exe) minimized and in its own memory space, type:
START /min /separate Program.exe

Similarly, if you want to start a command (like ntbackup /r/e) minimized and low priority, type:
START /min /low ntbackup /r/e

The CONFIG.SYS and AUTOEXEC.BAT files that were used in DOS still exist in NT—but with different names (CONFIG.NT and AUTOEXEC.NT, respectively). You can load a DOS Terminate Stay Resident (TSR) program in the Autoexec.nt file.

Monitoring and optimization
Performance Monitor and Task Manager are the monitoring tools that you use in NT. Performance Monitor lets you monitor system and network resources, including memory usage. It offers four views that let you work with data in different ways.
  • Chart view: Provides a real-time view of current activity in graph form
  • Alert view: Records an alert message when a counter exceeds the value you specify
  • Log view: Records activity logs that can be exported to spreadsheet or database programs
  • Report view: Displays a report on the objects and counters that you specify

You must log on as Administrator and run Diskperf to make physical-disk counters visible in Performance Monitor. You must install the Network Monitor Agent to view network-performance monitors. TCP/IP statistics aren’t visible until Simple Network Management Protocol (SNMP) has been installed.

You can get to Task Manager by right-clicking the taskbar or by pressing [Ctrl][Alt]Del]. This toolmakes it easy to monitor performance, switch to applications, or terminate processes. If you want to monitor NT Servers remotely from your NT workstation, you must install SNMP on each server.

If you’re experiencing excessive paging and you notice that the processor utilization is high (over 90 percent), then you need to add more RAM. You can fix excessive paging by moving the paging file from the boot partition or by creating multiple paging files (one for each physical disk except the boot partition). The paging file should be equal to the amount of RAM in your computer plus 12 MB.

To configure the paging file, click the Performance tab in the System applet in Control Panel. Then, click Change to open a properties sheet in which you can change information regarding the paging file.

To configure NT in such a way that it will create a crash dump file when an application error occurs, you must specify the recovery option in Dr. Watson. You can use Dr. Watson to detect and diagnose application errors and to log diagnostic information.

If NT doesn’t boot properly after you install a new device driver, the quickest and easiest troubleshooting approach is to invoke the Last Known Good Configuration at the prompt during startup. You may receive a message that says, “Windows NT could not start because the following file is missing or corrupt: Ntoskrnl.Exe.” The solution lies in the hidden, read-only Boot.ini file. In this case, Boot.ini is corrupt or missing, NT Workstation wasn’t installed in the default directory (\WinNT), or the ARC pathname to the NT boot partition is incorrect in Boot.ini.
Both Regedit and Regedit32 work under Windows NT, but they differ in several ways. Regedit doesn’t support the full regedit data types, such as REG_MULTI_SZ. So, if you edit this type of data with Regedit, the utility will change the data’s type. Regedit has a search feature that isn’t found in Regedit32. But Regedit32 has an important advantage: It lets you look at your registry in Read Only Mode. (Choose Read Only Mode from the Options menu.) This mode will prevent you from inadvertently making any undesired changes.
You need the IP address and printer name to connect to a TCP/IP printer. If you’re having problems with an HP printer on your network, DLC probably isn’t loaded. If you need to reprint a document because it jammed in the printer, choose Restart from the Document menu in Print Manager. Running the emergency repair process can verify NT system files, inspect the startup environment, and inspect the boot sector.

If you’ve recently replaced a video card in your computer and the machine displays a blue screen when you boot now, restart the computer and choose the VGA Mode version of NT Workstation. Doing so will let you boot and reconfigure the display settings.

If you think hackers are trying to break into your system with valid user IDs, you can select Account Lockout in the Policy menu in User Manager. Doing so will cause an account to lock if too many failed logon attempts are made within a specified amount of time.

The fact that the 70-073 exam is adaptive makes it more of a challenge. This exam presents some new and difficult concepts, such as unattended installs, 16-bit applications versus DOS applications, and Performance Monitor versus Task Manager. Be sure to study and understand the hierarchy of profiles and policies. If you study thoroughly before you take this exam, however, you won’t have any problems.

Troy Thompson, MCSE+Internet, has worked in the automation field for 15 years and has dealt with a variety of systems, including Wang OIS, Unisys BTOS, UNIX, Windows 3.11, Novell NetWare, Windows NT 3.51, and Windows NT 4.0. He’s worked as an administrator of a Novell and an NT network and as a systems analyst for an IBM mainframe. Currently, Troy is the information systems security officer at the Information Management shop at Fort Knox. If you’d like to contact Troy, send him an e-mail.

The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks

Free Newsletters, In your Inbox