Fundamentals of Administering Windows Server 2008

  1. What's MMC (Microsoft Management Console)?
    • MMC is a Windows-based multiple document interface (MDI) application.
    • Utilizes Internet technologies to create a common presentation service for management applications.
    • Provides a framework for customized management and a common host environment for snap-ins. You can use MMC to create custom consoles to manage servers on an organizational network.
  2. What are the main functionalities of MMC?
    • Framework for management tools
    • Snap-ins for additional functionality
    • Custom consoles
  3. What's framework for management tool functionality?
    You can use the framework of MMC to create special tools to delegate specific administrative tasks to users or groups.
  4. What are snap-ins?
    • MMC hosts administrative tools and displays these tools as consoles.
    • These tools, consisting of one or more applications, are built with modules called snap-ins.
    • A snap-in is a program that you can use to perform specific administrative tasks.
    • You can manage Windows Server 2008 by using the snap-ins that are included with Windows Server 2008.
    • Other snap-ins are added when you install additional software components.
    • For example, the snap-ins for managing Microsoft Exchange Server 2007 are added when you install Exchange Server 2007.
  5. What's the Custom Console functionality?
    By using MMC, you can create custom consoles to manage the servers on the organizational network. When you create a custom console, you can configure the console with the capabilities that you require as part of your job role. After you create a console, you can save the console to a network location. You can then share the console with other administrators.
  6. What Is Problem Reports and Solutions?
    Problem Reports and Solutions is a Control Panel applet that you can use to monitor and resolve system issues. This applet keeps a record of all system and application issues, monitors system crashes, and presents a list of possible resolutions to system issues. If no resolution exists, Problem Reports and Solutions continues to track the issues and informs you when a resolution is available.
  7. What Is Server Manager?
    Server Manager in Windows Server 2008 provides a single source to manage the identity and the system information of a server. Server Manager is an MMC that contains several snap-ins. These snap-ins display server status, identify problems with server role configuration, and manage the roles installed on the server. This helps to simplify the administration of the server on an organizational network.
  8. What are the tasks performed by task manager?
    • Adding or removing server roles
    • Adding or removing server features
    • Monitoring system events
    • Managing devices
    • Scheduling tasks
    • Managing local users and groups
    • Configuring Windows Firewall
    • Configuring storage
    • Performing backups
  9. What's Computer Management?
    • Computer Management is a collection of administrative tools included with operating systems since Windows 2000 Server.
    • You can use Computer Management to manage a single local or remote computer.
    • Computer Management combines several administrative utilities into a console tree to provide easy access to administrative properties and tools.
    • Computer Management is an MMC console that contains several snap-ins to manage Windows Server 2008.
    • Computer Management does not include roles and features. However, by using Computer Management, you can manage Routing and Remote Access and shared folders.
  10. Computer Management contains the Device Manager snap-in, which you can use to perform the following tasks:
    • View and manage hardware information.
    • Check the status of devices for a computer.
    • View information about resources such as memory addresses or interrupt requests that are used by a device.
    • Activate and deactivate devices during troubleshooting.
    • Configure device settings.
    • Update device drivers that are used by the operating system to communicate with devices such as network adapters or video adapters.
  11. You can use it to manage shared folders:
    a) Server Management
    b)Computer Management
    Ans: B
  12. Help you to view hardware status:
    a)Device Manager
    b)Problem Reports and Solutions
    Ans: A
  13. You can create custom MMC by using:
    a)Server Manager
    Ans: B
  14. Includes roles and features:
    a)Server Management
    b)Computer Management
    Ans: A
  15. Routing and Remote Access is a snap-in included in:
    a)Computer Management
    b)Server Management
    Ans: A
  16. You are an IT administrator at Woodgrove Bank. You need to manage the shared folders on a computer running Windows Server 2008. Which of the following utilities will you use to manage shared folders?
    a) Server Management
    b) Computer Management
    c) Event Viewer
    d) Disk Management
    Ans: B
  17. Which of the following tasks can you perform by using Server Manager?
    a) Manage Local Disk
    b) View and Manage Hardware Information
    c) Record the details of a System Problem
    d) Configure Windows Firewall
    Ans: D
  18. What Is Reliability Monitor?
    Reliability Monitor is a utility that you can use to track system stability over time.
  19. To monitor system stability, Reliability Monitor tracks the following events:
    • Software installation and removals.
    • This event includes operating system components, Windows updates, drivers, and applications.
    • Application failures. This event includes the termination of nonresponding applications.
    • Hardware failures. This event includes disk and memory failures.
    • Windows failures. This event includes operating system and system initialization failures.
    • Miscellaneous failures. This event includes unexpected operating system shutdowns. Miscellaneous failures also include events that are not included in other categories.
    • By using Reliability Monitor, you can calculate a stability index from recorded events. When calculating a stability index, recent failures are given more credence than past failures. If Reliability Monitor does not obtain enough information to calculate a stability index, then a dotted line is displayed in the graph of the stability index
  20. Show the disk activity for each process:
    a) Resource Overview
    b) Reliability Monitor
    a) Resource Overview
  21. Is used to view logged data:
    a) Reliability Monitor
    b) Performance Monitor
    b) Performance Monitor
  22. Tracks Hardware Failure:
    a) Reliability Monitor
    b) Performance Monitor
    a) Reliability Monitor
  23. Is calculated from recorded events:
    a)  System Stability
    b) Performance Counters
    a) System Stability
  24. Record users that are logged on to the system:
    a) Task Manager
    b) Resource Overview
    a) Task Manager
  25. Display a stability rating:
    a) Reliability Monitor
    b) Performance Monitor
    a) Reliability Monitor
  26. Can trigger a task to run:
    a) Counters
    b) Alerts
    b) Alerts
  27. Is used to create log files and create alerts:
    a) Performance Counter
    b) Data Collector Set
    b) Data Collector Set
  28. Allows you to view the graph of the value of system counters:
    a) Performance Monitor
    b) Reliability Monitor
    a) Performance Monitor
  29. Which of the following tabs in Task Manager displays software that are running as an application or a service and also displays the CPU utilization details?

    D) Processes tab
  30. What Are Local Built-in Groups?
    • There are two types of built-in groups—local groups and Active Directory groups—that are created automatically during the installation of Windows Server 2008.
    • Member servers in a local domain have a local security database that contains user accounts and group accounts. The local users and groups can be assigned permissions only on the local computer. Domain controllers do not have a local security database. Therefore, domain controllers require built-in groups that are located in Active Directory Domain Services (AD DS). These built-in groups are called domain built-in groups.
  31. The local built-in groups are automatically assigned rights to perform system tasks. To provide users with rights to perform these system tasks, you can add them as members of any of the following built-in groups:
    • Administrators. Members of the Administrators group have complete and unrestricted access to the local computer.
    • Backup Operators. Members of the Backup Operators group can override security restrictions for the sole purpose of backing up or restoring files.
    • Certificate Service DCOM Access. Members of the Certificate Service Distributed Component Object Model (DCOM) Access group are allowed to connect to Certification Authorities (CAs) in the enterprise.
    • Cryptographic Operators. Members of the Cryptographic Operators group are authorized to perform cryptographic operations.
    • DCOM Users. Members of the DCOM Users group are allowed to launch, activate, and use DCOM objects on the local computer.
    • Event Log Readers. Members of the Event Log Readers group can read event logs from the local computer.
    • Guests. Members of the Guests group have the same access as members of the Users group. However, the Guest account has fewer privileges than the Guests group.
    • IIS_IUSRS. The IIS_IUSRS built-in group is used by Internet Information Services (IIS).
    • Network Configuration Operators.
    • Members of the Network Configuration Operators group have administrative privileges to manage configuration of networking features.
    • Performance Log Users. Members of the Performance Log Users group can schedule logging of performance counters, enable trace providers, and collect event traces both locally and through remote access to the computer.
    • Performance Monitor Users. Members of the Performance Monitor Users group can access performance counter data locally and remotely.
    • Power Users. Members of the Power Users group are included for backwards compatibility and possess limited administrative powers.
    • Print Operators. Members of the Print Operators group can administer local printers.
    • Remote Desktop Users. Members of the Remote Desktop Users group are granted the right to log on remotely.
    • Replicator. Members of the Replicator group can perform file replication in a domain.
    • Users. Members of the Users group are prevented from making system-wide changes, but can run most applications.
  32. What are the tasks performed by Built-in Active Directory Groups?
    • Any user who is a member of a domain built-in group is given rights to all domain controllers in the domain.
    • The domain built-in groups are similar to the local built-in groups, with the following additional groups:
    • Account Operators. Members of the Account Operators group can administer domain user and group accounts.
    • Incoming Forest Trust Builders. Members of the Incoming Forest Trust Builders group can create incoming, one-way trusts to this forest.
    • Pre-Windows 2000 Compatible Access. Members of the Pre-Windows 2000 Compatible Access group, which is a backward compatibility group, can allow read access on all users and groups in the domain.
    • Server Operators. Members of the Server Operators group can administer domain servers.
    • Terminal Service License Servers. Members of the Terminal Service License Servers group can update user accounts in Active Directory. They can update user accounts by using the information about license issuance for the purpose of tracking and reporting Terminal Services Per User client access licenses (TS Per User CALs) usage.Windows Authorization Access Group.
    • Members of Windows Authorization Access Group have access to the computed token Groups Global And Universal attribute on user objects.
  33. What are user rights?
    • User rights control the ability of specific users and groups to perform system tasks.
    • By default, built-in groups are assigned user rights during installation. However, you can modify the rights that are assigned to the built-in groups.
    • You can also create your own custom groups and assign users to those groups.
  34. How can you configure user rights?
    • Editing the local security policy.
    • Assigning user rights by using Group Policy.
  35. What's a commonly required user right?
    • A commonly required user right is the Log on locally user right.
    • All users have the ability to log on locally to member servers and workstations.
    • However, only administrators can log on locally to domain controllers.
  36. What are other examples of user rights?
    • Change time zone.
    • Load and unload device drivers.
    • Restore files and directories.
    • Shut down the system.
  37. What are the methods for elevating privileges for administration?
    For security reasons, you must log on to a system as a standard user for most tasks. When you need to perform administrative tasks, you can log on by using a user account that has additional administrative privileges.

    By doing so, you limit the ability of malicious software to damage or control your computer systems.You should elevate administrative privileges for an individual application rather than completely logging off and logging on again.

    For example, you can open Active Directory Users and Computers with administrative privileges while you are logged on as a user without administrative privileges.You can elevate administrative privileges for an application by performing the following steps:

    1 In a graphical user interface (GUI), you need to right-click the appropriate application icon, and then click Run As Administrator.

    2 At the command prompt, you need to use the runas command.
  38. How many connections Remote Desktop for Administration allow?
  39. User rights give users permissions to:
    a) Perform System Tasks
    b) Modify Files
    a) Perform System Tasks
  40. Domain members use a:
    a) Local Security Database
    b) Remote Security Database
    a) Local Security Database
  41. The Built-in groups required by domain controllers are located in:
    a) AD DS
    b) AD FS
    a) AD DS
  42. Members of the account operators group can administer:
    a) Domain Users
    b) Local Users
    a) Domain Users
  43. By defaul all USERS can logon locally to domain controllers:
    a) True
    b) False
    b) False, only Administrators can logon locally to domain controllers.
  44. Built in groups are used to:
    a) assign user rights
    b) access permissions to files
    a) assign user rights
  45. Support Network Level Authentication:
    a) All RDP clients
    b) Only RDP 6.0 clients
    a) All RDP clients
  46. Members of the Printer Operator Group can administer:
    a) Network printers
    b) Local printers
    b) Local printers
  47. You are an IT administrator at Woodgrove Bank. You have to provide users with rights to perform system tasks. You need to add some new employees as members of the appropriate built-in groups. One of the employees requires the rights to override security restrictions for the purpose of restoring files. In which built-in group will you add the employee?

    • B) Backup Operator
    • Members of the Backup Operators group can override security restrictions for the sole purpose of backing up or restoring files.
  48. Which of the following groups is granted access to a remote server by default?

    • C) Administrators
    • The administrators group is granted access to remote servers by default.
Card Set
Fundamentals of Administering Windows Server 2008
Fundamentals of Administering Windows Server 2008