Appendix A -- Questions and Answers

What is the major difference between a workgroup and a domain?

The major difference between a workgroup and a domain is where the user account information resides for user logon authentication. For a workgroup, user account information resides in the local security database on each computer in the workgroup. For the domain, the user
account information resides in the Active Directory database.

What are Active Directory directory services, and what do they provide?

Active Directory directory services comprise the Windows 2000 directory service. A directory service consists of a database that stores information about network resources, such as computers and printers, and the services that make this information available to users and applications.
Active Directory directory services also provide administrators with the capability to control access to resources.

What information must a user provide when he or she logs on to a computer?

A user name and a password.

What happens when a user logs on locally to a computer?

Windows 2000 authenticates the user during the logon process by comparing the user's logon information to the user's information in the local database and verifies the identity of the user. Only valid users can gain access to resources and data on a computer.

How do you use the Windows 2000 Security dialog box?

The Windows 2000 Security dialog box provides easy access to important security options, which include the ability to lock a computer, change a password, log off of a computer, stop programs that aren't responding, and shut down the computer.

Chapter 2

Your company has decided to install Windows 2000 Professional on all new computers that are purchased for desktop users. What should you do before you purchase new computers to ensure that Windows 2000 can be installed and run without difficulty?

Verify that the hardware components meet the minimum requirements for Windows 2000. Also, verify that all of the hardware components that are installed in the new computers are on the Windows 2000 HCL. If
a component is not listed, contact the manufacturer to verify that a
Windows 2000 driver is available.

You are attempting to install Windows 2000 Professional from a CD-ROM; however, you have discovered that your computer doesn't support booting from the CD-ROM drive. How can you install Windows 2000?

Start the computer by using the Setup boot disks. When prompted, insert the Windows 2000 Professional CD-ROM, and then continue setup.

You are installing Windows 2000 Server on a computer that will be a client in an existing Windows 2000 domain. You want to add the computer to the domain during installation. What information do you need, and which computers must be available on the network before you run the Setup program?

You need the DNS domain name of the domain that you are joining. You must also make sure that a computer account for the client exists in the domain, or you must have the user name and password of a user account in the domain with the authority to create computer accounts in the
domain. A server running the DNS service and a domain controller in
the domain you are joining must be available on the network.

You are using a CD-ROM to install Windows 2000 Professional on a computer that was previously running another operating system. How should you configure the hard disk to simplify the installation process?

Use a disk partitioning tool to remove any existing partitions, and then create and format a new partition for the Windows 2000 installation.

You are installing Windows 2000 Professional over the network. Before you install to a client computer, what must you do?

Locate the path to the shared installation files on the distribution server. Create a 500-MB FAT partition on the target computer (1 GB recommended). Create a client disk with a network client so that you can connect from the computer, without an operating system, to the distribution server.

Chapter 3

To remove extensions from a snap-in

Click Computer Management (Local), and then click the Extensions tab.

The MMC displays a list of available extensions for the Computer Management snap-in.

What option determines which extensions the MMC displays in the Available Extensions list in this dialog box?

The available extensions depend on which snap-in you select.

Review Questions

When and why would you use an extension?

You use an extension when specific snap-ins need additional
functionality—extensions are snap-ins that provide additional
administrative functionality to another snap-in.

You need to create a custom console for an administrator who needs to use only the Computer Management and Active Directory Users And Computers snap-ins. The administrator

Must not be able to add any additional snap-ins.

Needs full access to all snap-ins.

Must be able to navigate between snap-ins.

Which console mode would you use to configure the custom console?

User mode, Full Access.

What do you need to do to remotely administer a computer running Windows 2000 Server from a computer running Windows 2000 Professional?

Windows 2000 Professional doesn't include all snap-ins that are included with Windows 2000 Server. To enable remote administration of many Windows 2000 Server components from a computer running Windows 2000 Professional, you need to add the required snap-ins on the computer running Windows 2000 Professional.

You need to schedule a maintenance utility to automatically run once a week on your computer, which is running Windows 2000 Professional. How do you accomplish this?

Use Task Scheduler to schedule the necessary maintenance utilities to run at specific times.

Chapter 4

What should you do if you can't see any output on the secondary display?

If you can't see any output on the secondary display, try the following:

Activate the device in the Display Properties dialog box.

Confirm that you chose the correct video driver.

Restart the computer and check its status in Device Manager.

Switch the order of the display adapters on the motherboard.

You have configured recovery options on a computer running Windows 2000 Professional to write debugging information to a file if a system failure occurs. You notice, however, that the file isn't being created. What could be causing this problem?

The problem could be one or more of the following:

The paging file size could be set to less than the amount of physical RAM in your system.

The paging file might not be located on your system partition.

You might not have enough free space to create the Memory.dmp file.

How can you optimize virtual memory performance?

To optimize virtual memory, do the following:

If you have multiple hard disks, create a separate paging file on each hard disk.

Move the paging file off of the disk that contains the Windows 2000 system files.

Set the minimum size of the paging file to be equal to or greater than the amount of disk space that is allocated by Virtual Memory Manager when your system is operating under a typical load.

You installed a new network interface card (NIC) in your computer, but it doesn't seem to be working. Describe how you would troubleshoot this problem.

You would do the following to troubleshoot the problem:

Check Device Manager to determine whether Windows 2000 properly detected the network card.

If the card isn't listed in Device Manager, run the Add/Remove Hardware wizard to have Windows 2000 detect the new card. If the card is listed in Device Manager but the icon representing the new card contains either an exclamation mark or a stop sign, view the properties of the card for further details. You might need to reinstall the drivers for the card, or the card might be causing a resource conflict.

Chapter 5

To view information in the registry

Double-click the HARDWARE\DESCRIPTION\System subkey to expand it, and then answer the following questions:

What is the basic input/output system (BIOS) version of your computer and its date?

Answers will vary based on the contents of the SYSTEMBIOSVERSION and SYSTEMBIOSDATE entries.

What is the computer type of your local machine according to the Identifier entry?

Answers might vary; it will likely be AT/AT compatible.

Expand the SOFTWARE\Microsoft\Windows NT\CurrentVersion subkey, and then fill in the following information.

Review Questions

What is the registry and what does it do?

The registry is a hierarchical database that stores Windows 2000 hardware and software settings. The registry controls the Windows 2000
operating system by providing the appropriate initialization information to start applications and load components, such as device drivers and network protocols. The registry contains a variety of different types of data, including the hardware installed on the computer, the installed
device drivers, applications, network protocols, and network adapter card settings.

What is a hive?

A hive is a discrete body of keys, subkeys, and entries. Each hive has
a corresponding registry file and a .LOG file located in systemroot\System32\Config. Windows 2000 uses the .LOG file to record changes and to ensure the integrity of the registry.

What is the recommended editor for viewing and modifying the registry?

Regedt32.exe is the recommended editor for viewing and modifying the registry.

What option should you enable when you are viewing the contents of the registry? Why?

Using Registry Editor incorrectly can cause serious, systemwide problems that could require reinstallation of Windows 2000. When using
Registry Editor to view data, save a backup copy of the registry file
before viewing and click Read Only Mode on the Options menu to prevent accidental updating or deleting of configuration data.

Chapter 6

To examine the new volume

Change the working directory to the root directory of drive C (if necessary) or to the root directory of the drive where you mounted your volume, type dir and then press Enter.

How much free space does the Dir command report?

Answer will vary.

Why is there a difference between the free space reported for drive C and the free space reported for C:\Mount? (If you mounted your volume on a drive other than drive C, replace C with the appropriate drive letter.)

The amount of free space reported for C:\Mount is the amount of free space available on the mounted volume.

Review Questions

You install a new 10-GB disk drive that you want to divide into five equal 2-GB sections. What are your options?

You can leave the disk as a basic disk and then create a combination of primary partitions (up to three) and logical drives in an extended partition; or, you can upgrade the disk to a dynamic disk and create five 2-GB simple volumes.

You are trying to create a striped volume on your Windows NT Server to improve performance. You confirm that you have enough unallocated disk space on two disks in your computer, but when you right-click an area of unallocated space on a disk, your only option is to create a partition. What is the problem and how would you resolve it?

You can create striped volumes only on dynamic disks. The option to
create a partition rather than a volume indicates that the disk you are trying to use is a basic disk. You will need to upgrade all of the disks
that you want to use in your striped volume to dynamic disks before you stripe them.

You add a new disk to your computer and attempt to extend an existing volume to include the unallocated space on the new disk, but the option to extend the volume isn't available. What is the problem and how would you resolve it?

The existing volume is not formatted with Microsoft Windows 2000 File System (NTFS). You can extend only NTFS volumes. You should back up any data on the existing volume, convert it to NTFS, and then extend the volume.

You dual boot your computer with Windows 98 and Windows 2000 Professional. You upgrade a second drive—which you are using to archive files—from basic storage to dynamic storage. The next time you try to access your archived files from Windows 98, you are unable to read the files. Why?

Only Windows 2000 can read dynamic storage.

Chapter 7

To test the static TCP/IP configuration

To verify that the IP address is working and configured for your adapter, type ping 127.0.0.1 and then press Enter.

What happens?

Four Reply from 127.0.0.l messages should appear.

If you have a computer that you are using to test connectivity, type ping ip_address (where ip_address is the IP address of the computer you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip to step 7.

What happens?

Four Reply from ip_address messages should appear.

Exercise 3: Configuring TCP/IP to Automatically Obtain an IP Address

To configure TCP/IP to automatically obtain an IP address

Click Obtain An IP Address Automatically.

Which IP address settings will the DHCP Service configure for your
computer?

IP address and subnet mask.

Exercise 4: Obtaining an IP Address by Using Automatic Private IP Addressing

To obtain an IP address by using Automatic Private IP Addressing

At the command prompt, type ipconfig /renew and then press Enter.

There will be a pause while Windows 2000 attempts to locate a DHCP server on the network.

What message appears, and what does it indicate?

DHCP Server Unreachable.

Your computer was not assigned an address from a DHCP server because there wasn't one available.

To test the TCP/IP configuration

At the command prompt, type ipconfig | more and then press Enter.

Pressing Spacebar as necessary, record the current TCP/IP settings for your local area connection in the following table.

Is this the same IP address assigned to your computer in Exercise 3? Why or why not?

No, the IP address isn't the same as the one assigned in Exercise 3. In this exercise, the Automatic Private IP Addressing feature of Windows 2000 assigned the IP address because a DHCP server wasn't available. In
Exercise 3, the DHCP Service assigned an IP address.

If you have a computer to test TCP/IP connectivity with your computer, type ping ip_address (where ip_address is the IP address of the computer that you are using to test connectivity), and then press Enter. If you don't have a computer to test connectivity, skip this step and proceed to Exercise 5.

Were you successful? Why or why not?

Answers will vary. If you don't have a computer that you can use to test your computer's connectivity, you can't do this exercise.

No, because the computer you are using to test your computer's connectivity is configured with a static IP address in another network and no default gateway is configured on your computer.

Yes, because the computer you are using to test your computer's connectivity is also configured with an IP address assigned by Automatic Private IP Addressing and it is on the same subnet so that a default gateway is unnecessary.

Lesson 2: NWLink

To install and configure NWLink

Click Protocol, and then click Add.

The Select Network Protocol dialog box appears.

Which protocols can you install?

AppleTalk, DLC, NetBEUI, Network Monitor Driver, and NWLink IPX/SPX/NetBIOS Compatible Transport Protocol.

Select NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and then click Properties.

Which type of frame detection is selected by default?

Auto frame type detection.

Lesson 4: Network Bindings

To change the protocol binding order

Maximize the Network And Dial-Up Connections window, and on the Advanced menu, click Advanced Settings.

The Advanced Settings dialog box appears.

What is the order of the protocols listed under Client For Microsoft Networks in the Bindings For Local Area Connection list?

The first protocol listed under Client For Microsoft Networks is NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and the second one is Internet Protocol (TCP/IP).

Review Questions

Your computer running Windows 2000 Client for Microsoft Networks was configured manually for TCP/IP. You can connect to any host on your own subnet, but you can't connect to or even ping any host on a remote subnet. What is the likely cause of the problem and how would you fix it?

The default gateway might be missing or incorrect. You specify the
default gateway in the Internet Protocol (TCP/IP) Properties dialog
box (under Network And Dial-Up Connections in My Network Places). Other possibilities are that the default gateway is offline or that the subnet mask is incorrect.

Your computer running Windows 2000 Professional can communicate with some, but not all, of the NetWare servers on your network. Some of the NetWare servers are running frame type 802.2 and some are running 802.3. What is the likely cause of the problem?

Although the NWLink implementation in Windows 2000 can automatically detect a frame type for IPX/SPX-compatible protocols, it can automatically detect only one frame type. This network uses two frame types; you must manually configure the additional frame type (802.3).

What are the limitations of the NetBEUI protocol?

NetBEUI can't be routed and therefore is not suitable for WANs.
Since NetBEUI isn't routable, you must connect computers running
Windows 2000 and NetBEUI by using bridges instead of routers.

The NetBEUI protocol relies on broadcasts for many of its functions, such as name registration and discovery, so it creates more broadcast traffic than other protocols.

What is the primary function of the DLC protocol?

DLC provides connectivity to IBM mainframes and to LAN print devices that are directly attached to the network.

What is the significance of the binding order of network protocols?

You specify the binding order to optimize network performance. For
example, a computer running Windows 2000 Workstation has NetBEUI, NWLink IPX/SPX, and TCP/IP installed. However, most of the servers
to which this computer connects are running only TCP/IP. You would
adjust the binding order so that the workstation binding to TCP/IP is listed before the workstation bindings for the other protocols. In this
way, when a user attempts to connect to a server, Client for Microsoft Networks first attempts to use TCP/IP to establish the connection.

Chapter 8

What is the function of the following DNS components?

Domain name space

The domain name space provides the hierarchical structure for the DNS distributed database.

Zones

Zones are used to divide the domain name space into administrative units.

Name servers

Name servers store the zone information and perform name resolution for their authoritative domain name spaces.

Why would you want to have multiple name servers?

Installing multiple name servers provides redundancy, reduces the load on the server that stores the primary zone database file, and allows for faster access speed for remote locations.

What's the difference between a forward lookup query and a reverse lookup query?

A forward lookup query resolves a name to an IP address. A reverse lookup query resolves an IP address to a name.

When would you configure your connection to obtain a DNS server address automatically?

Configure your connection to obtain a DNS server address automatically only if you have a functioning DHCP server on the network that can provide the IP address of functioning DNS servers on the network.

Chapter 9

What are four major features of Active Directory directory services?

Active Directory directory services offer simplified administration, scaleability, open standards support, and support for standard name
formats.

What are sites and domains, and how are they different?

A site is a combination of one or more IP subnets that should be connected by a high-speed link.

A domain is a logical grouping of servers and other network resources organized under a single name.

A site is a component of Active Directory directory services' physical structure, while a domain is a component of the logical structure.

What is the schema, and how can you extend it?

The schema contains a formal definition of the contents and structure
of Active Directory directory services, including all attributes, classes, and class properties. You can extend the schema by using the Schema Manager snap-in or the Active Directory Services Interface (ADSI).

Which Windows 2000 products provide Active Directory directory services?

Only the Windows 2000 Server products, which include Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter, provide Active Directory directory services. Windows 2000 Professional doesn't provide Active Directory directory services, but clients running Windows 2000 Professional that are members of a domain can use Active Directory directory services.

Chapter 10

Where does Windows 2000 create local user accounts?

When you create a local user account, Windows 2000 creates the account only in that computer's security database.

What different capabilities do domain user accounts and local user accounts provide to users?

A domain user account allows a user to log on to the domain from any computer in the network and to gain access to resources anywhere in
the domain, provided the user has permission to access these resources.
A local user account allows the user to log on at and gain access to
resources on only the computer where you create the local user account.

What should you consider when you plan new user accounts?

A naming convention that ensures unique but consistent user account names.

Whether you or the user will determine the user account password.

Whether the user account should be disabled.

What information is required to create a local user account?

A user name.

What are built-in user accounts and what are they used for?

Windows 2000 automatically creates accounts called built-in accounts. Two commonly used built-in accounts are Administrator and Guest. You use the built-in Administrator account to manage the overall computer (for example, creating and modifying user accounts and groups, and
setting account properties on user accounts). You use the built-in Guest account to give occasional users the ability to log on and gain access to resources.

Chapter 11

Why should you use groups?

Use groups to simplify administration by granting rights and assigning permissions once to the group rather than multiple times to each individual member.

How do you create a local group?

Start the Computer Management snap-in and expand Local Users And Groups. Right-click Groups, and then click New Group. Fill in the appropriate fields and then click Create.

Are there any consequences to deleting a group?

When you delete a group, the unique identifier that the system uses to represent the group is lost. Even if you create a second group with the same name, the group will not have the same identifier, so you must grant the group any permissions or rights that it once had, and you must add back the users who need to be a member of that group.

What's the difference between built-in local groups and local groups?

You create local groups and assign the appropriate permissions to them.

Windows 2000 Professional comes with precreated built-in local groups. You can't create built-in local groups. Built-in local groups give rights
to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system
resources.

Chapter 12

What's the difference between a printer and a print device?

A printer is the software interface between the operating system and
the print device. The print device is the hardware device that produces printed documents.

A print server can connect to two different types of print devices. What are these two types of print devices, and what are the differences?

The two types are local and network-interface print devices. A local
print device is connected directly to a physical port of the print server.
A network-interface print device is connected to the print server through the network. Also, a network-interface print device requires a network interface card.

You have added and shared a printer. What must you do to set up client computers running Windows 2000 so that users can print, and why?

You (or the user) must make a connection to the printer from the client computer. When you make a connection to the printer from the client computer, Windows 2000 automatically copies the printer driver to the client computer.

What advantages does connecting to a printer by using http://server_name/printers provide for users?

It allows a user to make a connection to a printer without having to use the Add Printer wizard. It makes a connection to a Web site, which displays all of the printers for which the user has permission. The Web site also provides information on the printers to help the user make the correct selection. Also, a Web designer can customize this Web page, such as by displaying a floor plan that shows the location of print devices, which makes it easier for users to choose a print device.

Why would you connect multiple printers to one print device?

To set priorities between the printers so that users can send critical documents to the printer with the highest priority. These documents will always print before documents that are sent from printers with lower priorities.

Why would you create a printer pool?

To speed up printing. Users can print to one printer that has several print devices so that documents do not wait in the print queue. It also simplifies administration; it's easier to manage one printer for several print devices than it is to manage one printer for each print device.

Chapter 13

To take ownership of a printer

On the Security tab, click Advanced, and then click the Owner tab.

Who currently owns the printer?

The Administrators group.

Lesson 3: Managing Documents

To set a notification

In the printer's window, select README.txt, and then click Properties on the Document menu.

Windows 2000 displays the README.txt Document Properties dialog box with the General tab active.

Which user is specified in the Notify box? Why?

The Notify box currently displays the user Administrator because
Administrator printed the document.

To increase the priority of a document

In the README.txt Document Properties dialog box, on the General tab, notice the default priority.

What is the current priority? Is it the lowest or highest priority?

The current priority is the default of 1, which is the lowest priority.

Review Questions

For which printer permission does a user need to change the priority on another user's document?

The Manage Documents permission.

In an environment where many users print to the same print device, how can you help reduce the likelihood of users picking up the wrong documents?

Create a separator page that identifies and separates printed documents.

Can you redirect a single document?

No. You can change the configuration of the print server only to send documents to another printer or print device, which redirects all documents on that printer.

A user needs to print a large document. How can the user print the job after hours, without being present while the document prints?

You can control print jobs by setting the printing time. You set the printing time for a document on the General tab of the Properties dialog box for the document. To open the Properties dialog box for a document,
select the document in the printer's window, click the Document menu, and then click Properties. Click Only From in the Schedule section of the Properties dialog box, and then set the Only From hour to the earliest time you want the document to begin printing after regular business hours. Set the To time to a couple of hours before normal business hours start. To set the printing time for a document, you must be the owner of the document or have the Manage Documents permission for the appropriate printer.

What are the advantages of using a Web browser to administer printing?

You can administer any printer on a Windows 2000 print server on the intranet by using any computer running a Web browser, regardless of whether the computer is running Windows 2000 or has the correct printer driver installed. Additionally, a Web browser provides a summary page and reports real-time print device status, and you can customize the interface.

Chapter 14

When you apply custom permissions to a folder or file, which default permission entry should you remove?

The Full Control permission for the Everyone group.

Complete the following table to plan and record your permissions:

Exercise 2: Assigning NTFS Permissions for the Public Folder

To remove permissions from the Everyone group

Click the Security tab to display the permissions for the Public folder.

Windows 2000 displays the Public Properties dialog box with the Security tab active.

What are the existing folder permissions?

The Everyone group has Full Control.

Notice that the current allowed permissions can't be modified.

Under Name, select the Everyone group, and then click Remove.

What do you see?

Windows 2000 displays a message box indicating that you can't remove "Everyone" because the folder is inheriting the permissions for the
Everyone group from its parent folder. To change permissions for Everyone, you must first block inheritance.

Click Remove.

What are the existing folder permissions?

No permissions are currently assigned.

To assign permissions to the Users group for the Public folder

Click OK to return to the Public Properties dialog box.

What are the existing allowed folder permissions?

The Users group has the following permissions: Read & Execute, List Folder Contents, and Read. These are the default permissions that
Windows 2000 assigns when you add a user account or group to the list of permissions.

To assign permissions to the CREATOR OWNER group for the Public folder

Under Permission Entries, select CREATOR OWNER if necessary.

Which permissions are assigned to CREATOR OWNER, and where do these permissions apply?

Full Control permission is applied to subfolders and files only. Permissions that are assigned to the CREATOR OWNER group are not applied to the folder but only to new files and folders that are created within the folder.

To test the folder permissions that you assigned for the Public folder

In the Public folder, attempt to create a text file named User81.

Were you successful? Why or why not?

Yes, because the Users group is assigned the Write permission for the Public folder.

Exercise 4: Testing NTFS Permissions

To test permissions for the Misc folder while logged on as User81

Attempt to create a file in the Misc folder.

Were you successful? Why or why not?

No, because only User82 has NTFS permissions to create and modify files in the Misc folder.

To test permissions for the Misc folder while logged on as User82

Attempt to create a file in the Misc folder.

Were you successful? Why or why not?

Yes, because User82 has the Modify permission for the folder.

To test permissions for the Manuals folder while logged on as Administrator

Attempt to create a file in the Manuals folder.

Were you successful? Why or why not?

Yes, because the Administrators group has the Full Control permission for the Manuals folder.

To test permissions for the Manuals folder while logged on as User81

Attempt to create a file in the Manuals folder.

Were you successful? Why or why not?

No, because User81 has only the Read & Execute permission for the Manuals folder.

To test permissions for the Manuals folder while logged on as User82

Attempt to create a file in the Manuals folder.

Were you successful? Why or why not?

Yes, because User82 is a member of the Manuals group, which has been assigned the Modify permission for the Sales folder.

Lesson 6: Solving Permissions Problems

To determine the permissions for a file

Click the Security tab to display the permissions for the Owner.txt file.

What are the current allowed permissions for Owner.txt?

The Administrators group has the Full Control permission.

The Users group has the Read & Execute permission.

Click the Owner tab.

Who is the current owner of the Owner.txt file?

The Administrators group.

To take ownership of a file

Click Advanced to display the Access Control Settings For Owner dialog box, and then click the Owner tab.

Who is the current owner of Owner.txt?

The Administrators group.

In the Change Owner To box, select User84, and then click Apply.

Who is the current owner of Owner.txt?

User84.

Exercise 2: Copying and Moving Folders

To create a folder while logged on as a user

While you are logged on as User84, in Windows Explorer, in drive C, create a folder named Temp1.

What are the permissions that are assigned to the folder?

The Everyone group has Full Control.

Who is the owner? Why?

User84 is the owner because the person who creates a folder or file is the owner.

To create a folder while logged on as Administrator

In drive C, create the following two folders: Temp2 and Temp3.

What are the permissions for the folders that you just created?

The Everyone group has the Full Control permission.

Who is the owner of the Temp2 and Temp3 folders? Why?

The Administrators group is the owner of the Temp2 and Temp3 folders because a member of the Administrators group created these folders.

To copy a folder to another folder within a Windows 2000 NTFS volume

Select C:\Temp1\Temp2, and then compare the permissions and ownership with C:\Temp2.

Who is the owner of C:\Temp1\Temp2 and what are the permissions? Why?

The owner is still the Administrators group because you are logged on as Administrator. When a folder or file is copied within an NTFS volume, the person who copies the folder or file becomes the owner.

The Everyone group has the Full Control permission because when a folder or file is copied within an NTFS volume, the folder or file inherits the permissions of the folder into which it is copied.

To move a folder within the same NTFS volume

In Windows Explorer, select C:\Temp3, and then move it to C:\Temp1.

What happens to the permissions and ownership for C:\Temp1\Temp3? Why?

The Backup Operators group has Read & Execute permission and the Users group has Full Control. The Administrators group is the owner of C:\Temp1\Temp3.

C:\Temp1\Temp3 retains the original permissions as C:\Temp3. This is because when a file or folder is moved within the same NTFS volume, the file or folder retains its original permissions. Even though User84 did the moving, the folder's creator remains the owner.

Exercise 3: Deleting a File With All Permissions Denied

To view the result of the Full Control permission for a folder

In Windows Explorer, double-click Noaccess.txt in the Fullaccess folder to open the file.

Were you successful? Why or why not?

No. The Everyone group has been denied the Full Control permission for C:\ FullControl\Noaccess.txt. The Administrator user account is a member of the Everyone group.

Delete Noaccess.txt.

Were you successful? Why or why not?

Yes, because Full Control includes the Delete Subfolders and Files
special permission for POSIX compliance. This special permission allows a user to delete files in the root of a folder to which the user has been
assigned the Full Control permission. This permission overrides the file permissions.

How would you prevent users with Full Control permission for a folder from deleting a file in that folder for which they have been denied the Full Control permission?

Allow users all of the individual permissions, and then deny users the
Delete Subfolders and Files special permission.

Review Questions

What is the default permission when a volume is formatted with NTFS? Who has access to the volume?

The default permission is Full Control. The Everyone group has access to the volume.

If a user has Write permission for a folder and is also a member of a group with Read permission for the folder, what are the user's effective permissions for the folder?

The user has both Read permission and Write permission for the folder because NTFS permissions are cumulative.

If you assign the Modify permission to a user account for a folder and the Read permission for a file, and then you copy the file to that folder, which permission does the user have for the file?

The user can modify the file because the file inherits the Modify permission from the folder.

What happens to permissions that are assigned to a file when the file is moved from one folder to another folder on the same NTFS volume? What happens when the file is moved to a folder on another NTFS volume?

When the file is moved from one folder to another folder on the same NTFS volume, the file retains its permissions. When the file is moved to a folder on a different NTFS volume, the file inherits the permissions of the destination folder.

If an employee leaves the company, what must you do to transfer ownership of his or her files and folders to another employee?

You must be logged on as Administrator to take ownership of the employee's folders and files. Assign the Take Ownership special access permission to another employee to allow that employee to take ownership of the folders and files. Notify the employee to whom you assigned Take Ownership to take ownership of the folders and files.

What three details should you check when a user can't gain access to a resource?

Check the permissions that are assigned to the user account and to groups in which the user is a member.

Check whether the user account, or a group of which the user is a member, has been denied permission for the file or folder.

Check whether the folder or file has been copied to any other file or folder or moved to another volume. If it has, the permissions will have changed.

Chapter 15

User101 is a member of Group1, Group2, and Group3. Group1 has Read permission and Group3 has Full Control permission for FolderA. Group2 has no permissions assigned for FolderA. What are User101's effective permissions for FolderA?

Since User101 gets the permissions of all groups, User101's effective permission for FolderA is Full Control, which also includes all capabilities of the Read permission.

User101 is also a member of the Sales group, which has the Read permission for FolderB. User101 has been denied the shared folder permission Full Control for FolderB as an individual user. What are User101's effective permissions for FolderB?

User101 has no access to FolderB. Even though User101 is a member of the Sales group, which has Read permission for FolderB, User101 has been denied Full Control access to FolderB. Denied permissions override all other permissions.

Lesson 4: Combining Shared Folder Permissions and NTFS Permissions

In the first example, the Data folder is shared. The Sales group has the shared folder Read permission for the Data folder and the NTFS Full Control permission for the Sales subfolder.

What are the Sales group's effective permissions for the Sales subfolder when they gain access to the Sales subfolder by making a connection to the Data shared folder?

The Sales group has the Read permission for the Sales subfolder because when shared folder permissions are combined with NTFS permissions, the more restrictive permission applies.

In the second example, the Users folder contains user home folders. Each user home folder contains data that is accessible only to the user for whom the folder is named. The Users folder has been shared, and the Users group has the shared folder Full Control permission for the Users folder. User1 and User2 have the NTFS Full Control permission for only their home folder and no NTFS permissions for other folders. These users are all members of the Users group.

What permissions does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder? What are User1's permissions for the User2 subfolder?

User1 has the Full Control permission for the User1 subfolder because both the shared folder permission and the NTFS permission allow Full Control. User1 can't access the User2 subfolder because she or he has no NTFS permissions to gain access to it.

Exercise 2: Planning Shared Folders

Record your answers in the table.

You have two choices for permissions. You can rely entirely on NTFS permissions and assign Full Control for all shared folders to the Everyone group, or you can use shared folder permissions according to resource needs. The following suggested shared folders include required permissions if you decide to assign shared folder permissions.

Share Management Guidelines as MgmtGd. Assign the Full Control permission to the Managers group.

Share Data as Data. Assign the Full Control permission to the Administrators built-in group.

Share Data\Customer Service as CustServ. Assign the Change permission to the Customer Service group.

Share Data\Public as Public. Assign the Change permission to the Users built-in group.

Share Applications as Apps. Assign the Read permission to the Users built-in group and the Full Control permission to the Administrators built-in group.

Share Project Management as ProjMan. Assign the Change permission to the Managers group and the Full Control permission to the Administrators built-in group.

Share Database\Customers as CustDB. Assign the Change permission to the CustomerDBFull group, the Read permission to the CustomerDBRead group, and the Full Control permission to the Administrators built-in group.

Share Users as Users. Create a folder for every employee below this folder. Assign the Full Control permission to each employee for his or her own folder. Preferably, have Windows 2000 create the folder and assign permissions automatically when you create each user account.

Exercise 4: Assigning Shared Folder Permissions

To assign Full Control to the Administrators group

Click OK.

Windows 2000 adds Administrators to the list of names with permissions.

Which type of access does Windows 2000 assign to Administrators by
default?

The Read permission.

In the Permissions box, under Allow, click the Full Control check box.

Why did Windows Explorer also select the Change permission for you?

Full Control includes both the Change permission and the Read
permission.

Exercise 5 (Optional): Connecting to a Shared Folder

To connect a network drive to a shared folder by using the Map Network Drive command

To complete the connection, click Finish.

Windows 2000 displays the MktApps On 'PRO1' (P:) window.

How does Windows Explorer indicate that this drive points to a remote shared folder?

Windows Explorer uses an icon that shows a network cable attached to the drive. The network cable icon indicates a mapped network drive.

Exercise 8 (Optional): Testing NTFS and Shared Folder Permissions

To test permissions for the Manuals folder when a user logs on locally

In the Manuals folder, attempt to create a file.

Were you successful? Why or why not?

No. Only Administrators have the NTFS permission to create and modify files in the Manuals folder.

To test permissions for the Manuals folder when a user makes a connection over the network

In the Manuals window, attempt to create a file.

Were you successful? Why or why not?

No. Although the Users group has the Full Control shared folder permission for \\PRO1\MktApps, only Administrators have the NTFS permission to create and modify files in the Manuals folder.

To test permissions for the Manuals folder when a user logs on over the network as Administrator

In the Manuals window, attempt to create a file.

Were you successful? Why or why not?

Yes. Administrator has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Manuals.

To test permissions for the Public folder when a user makes a connection over the network

In the Public window, attempt to create a file.

Were you successful? Why or why not?

Yes. User1 has the Full Control NTFS permission for the folder and Full Control Shared folder permissions for \\PRO1\MktApps\Public.

Review Questions

When a folder is shared on a FAT volume, what does a user with the Full Control shared folder permissions for the folder have access to?

All folders and files in the shared folder.

What are the shared folder permissions?

Full Control, Change, and Read.

By default, what are the permissions that are assigned to a shared folder?

The Everyone group is assigned the Full Control permission.

When a folder is shared on an NTFS volume, what does a user with the Full Control shared folder permissions for the folder have access to?

Only the folder, but not necessarily any of the folder's contents. The user would also need NTFS permissions for each file and subfolder in the shared folder to gain access to those files and subfolders.

When you share a public folder, why should you use centralized data folders?

Centralized data folders enable data to be backed up easily.

What is the best way to secure files and folders that you share on NTFS partitions?

Put the files that you want to share in a shared folder and keep the
default shared folder permission (the Everyone group with the Full
Control permission for the shared folder). Assign NTFS permissions to users and groups to control access to all contents in the shared folder or to individual files.

Chapter 16

What two tasks must you perform to audit access to a file?

Set the audit policy for object access and configure the file for the type of access to audit.

Who can set up auditing for a computer?

By default, only members of the Administrators group can set up and
administer auditing. You can also give other users the Manage Auditing and Security log user right, which is required to configure an audit policy and review audit logs.

When you view a security log, how do you determine whether an event failed or succeeded?

Successful events appear with a key icon; unsuccessful events appear with a lock icon.

If you click the Do Not Overwrite Events option in the Properties dialog box for an audit log, what happens when the log file becomes full?

Windows 2000 will stop. You must clear the log manually.

Chapter 17

To configure Account Policies settings

Use the Group Policy snap-in to configure the following Account Policies settings:

A user should have at least five different passwords before he or she accesses a previously used password.

After changing a password, a user must wait 24 hours before changing it again.

A user should change his or her password every three weeks.

Which settings did you use for each of the three listed items?

Set Enforce Password History to 5 so that a user must have at least five different passwords before he or she can access a previously used password.

Set Minimum Password Age to one day so that a user must wait 24 hours
before he or she can change it again.

Set Maximum Password Age to 21 days so that a user must change his/her password every three weeks.

To test Account Policies settings

Change your password to waters.

Were you successful? Why or why not?

You were successful because the minimum password length is set to 6, and the password waters contains six characters.

Change your password to papers.

Were you successful? Why or why not?

You weren't successful because you must wait 24 hours (one day) before you can change your password a second time. A Change Password dialog box appeared indicating that you can't change the password at this time.

Exercise 3: Configuring Account Lockout Policy

To configure the Account Lockout Policy settings

Use Account Lockout Policy settings to do the following:

Lock out a user account after four failed logon attempts.

Lock out user accounts until the administrator unlocks the user account.

Which Account Lockout Policy settings did you use for each of the two
conditions?

Set Account Lockout Threshold to 4 to lock out a user account after four failed logon attempts. When you set one of the three Account Lockout Policy options and the other two options have not been set, a dialog box appears indicating that the other two options will be set to default values.

Set Account Lockout Duration to 0 to have locked accounts remain locked until the administrator unlocks them.

Review Questions

Why would you want to force users to change passwords?

Forcing users to change passwords regularly will decrease the chances of an unauthorized person breaking into your computer. If a user account and password combination for your computer falls into unauthorized hands, forcing users to change their passwords regularly will cause the user account and password combination to fail and secure the computer.

Why would you want to control the length of the passwords used on your computers?

Longer passwords are more difficult to figure out because there are more characters to discover. In general, you want to do what you can to make it difficult to get unauthorized access to your computers.

Why would you want to lock out a user account?

If a user forgets his or her password, he or she can ask the administrator to reset the password. If someone repeatedly enters an incorrect password, the person is probably trying to gain unauthorized access to your computer. Setting a limit on the number of failed logon attempts and locking out any user account that exceeds this number makes it more
difficult for someone to gain unauthorized access to your computers.

Why would you want to force users to press Ctrl+Alt+Delete before they can log on to your computers?

To increase security on your computers, you can force users to press Ctrl+Alt+Delete before they can log on. This key combination is recognized only by Windows and ensures that only Windows is receiving the password and not a Trojan horse program waiting to capture your password.

How do you prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box?

To prevent the last user name from being displayed in the Windows Security or Log On To Windows dialog box, click the Local Policies node in the console tree of the Local Security Settings window, and then click
Security Options. In the details pane, right-click Do Not Display Last User Name In Logon Screen, click Security, and then disable this feature.

Chapter 18

To view the capacity and free space for drive C

Right-click drive C, and then click Properties.

Windows 2000 displays the Local Disk (C:) Properties dialog box with the General tab active.

What is the capacity of drive C?

Answers will vary.

What is the free space on drive C?

Answers will vary.

To uncompress a folder

Click OK to close the CompTest2 Properties dialog box.

Since the CompTest2 folder is empty, Windows 2000 doesn't display the
Confirm Attributes Changes dialog box asking you to specify whether to uncompress only this folder or this folder and all subfolders.

What indication do you have that the CompTest2 folder is no longer
compressed?

The CompTest2 folder name is displayed in black.

Exercise 2: Copying and Moving Files

To create a compressed file

Type Text1 and then press Enter.

How can you verify that Text1 is compressed?

The name of the file is displayed in blue. You could also check the properties for the file.

To copy a compressed file to an uncompressed folder

Examine the properties for Text1 in the CompTest2 folder.

Is the Text1.txt file in the CompTest\CompTest2 folder compressed or uncompressed? Why?

Uncompressed. A new file inherits the compression attribute of the folder in which it is created.

To move a compressed file to an uncompressed folder

Examine the properties of the Text1.txt file in the CompTest folder.

Is Text1.txt compressed or uncompressed?

Compressed.

Examine the properties of Text1.txt in the CompTest2 folder.

Is Text1.txt compressed or uncompressed? Why?

Compressed. When a file is moved to a new folder on the same partition, its compression attribute doesn't change.

Lesson 2: Managing Disk Quotas

To configure default quota management settings

On the Quota tab, click the Enable Quota Management check box.

What is the default disk space limit for new users?

1 KB.

To configure quota management settings for a user

On the Quota tab of the Local Disk (C:) Properties dialog box, click the Quota Entries button.

Windows 2000 displays the Quota Entries For Local Disk (C:) window.

Are any user accounts listed? Why or why not?

Yes. The accounts listed are those that have logged on and gained access to drive C.

Click OK.

Windows 2000 displays the Add New Quota Entry dialog box.

What are the default settings for the user you just set a quota limit for?

Limit disk space to 10 MB and Set the warning level to 6 MB. These are the default settings that are selected for drive C.

To test quota management settings

Copy the i386 folder from your CD-ROM to the User5 folder.

Windows 2000 Professional begins copying files from the i386 folder on the CD-ROM to a new i386 folder in the User5 folder on drive C. After copying several files, however, Windows 2000 displays the Error Copying File Or Folder dialog box indicating that there isn't enough room on the disk.

Why did you get this error message?

You have exceeded your quota limit and since the Deny Disk Space To Users Exceeding Quota Limit check box is selected, once you exceed your quota limit, you can't use more disk space.

Lesson 3: Increasing Security with EFS

To test an encrypted file

Start Windows Explorer and open the file File1.txt in the Secret folder.

What happens?

A Notepad dialog box appears indicating that Access Is Denied.

Review Questions

You are the administrator for a computer running Windows 2000 Professional. You want to restrict users to 25 MB of available storage space. How do you configure the volumes on the computer?

Format all volumes with NTFS and enable disk quotas for all of the volumes. Specify a limit of 25 MB and select the Deny Disk Space To Users Exceeding Quota Limit check box.

The Sales department archives legacy sales data on a network computer running Windows 2000 Professional. Several other departments share the computer. You have begun to receive complaints from users in other departments that the computer has little remaining disk space. What can you do to alleviate the problem?

Compress the folders that the Sales department uses to store archive data.

Your department has recently archived several gigabytes of data from a computer running Windows 2000 Professional to CD-ROMs. As users have been adding files to the computer, you have noticed that the computer has been taking longer than usual to gain access to the hard disk. How can you increase disk access time for the computer?

Use Disk Defragmenter to defragment files on the computer's hard disk.

Chapter 19

To back up files by using Backup wizard

Click Replace The Data On The Media With This Backup.

When is it appropriate to select the check box labeled Allow Only The Owner And The Administrator Access To The Backup Data And To Any Backups
Appended To This Media?

Unless the data that is being backed up will be restored by anyone other than the person doing the backing up or an administrator, you should consider selecting this check box if you want to minimize the risk of
unauthorized access to your data.

Exercise 2: Creating and Running an Unattended Backup Job

To verify that the backup job was performed

Start Microsoft Windows Explorer and click drive C.

Does the Backup2.bkf file exist?

Yes.

Lesson 3: Restoring Data

To verify that the data was restored

Start Windows Explorer and expand drive C.

Does the Restored Data folder exist?

Yes.

What are the contents of the Restored Data folder?

The file Boot.ini.

Review Questions

If you want a user to perform backups, what do you need to do?

Make sure that the user is a member of the Administrators or Backup Operators groups.

You performed a normal backup on Monday. For the remaining days of the week, you want to back up only files and folders that have changed since the previous day. What backup type do you select?

Incremental. The incremental backup type backs up changes since the last markers were set and then clears the markers. Thus, for Tuesday through Friday, you back up only changes since the previous day.

What are the considerations for using tapes as your backup media?

Tapes are a less expensive medium and are more convenient for large backups because of their higher storage capacity. However, the medium deteriorates with time and thus has a limited lifespan.

You are restoring a file that has the same name as a file on the volume to which you are restoring. You aren't sure which is the most current version. What do you do?

Do not replace the file. Restore the file to another location, and then compare the two files.

Chapter 20

Why would you want to monitor access to network resources?

For performing maintenance tasks that require making resources unavailable, you want to notify users before making the resource unavailable. To maintain a network's security, you need to monitor which users are gaining access to which resources. For planning purposes, you want to determine which resources are being used and how often they are being used.

What can you monitor on a network with the Computer Management snap-in or the Shared Folders snap-in?

You can monitor the number of users who have a current connection to the computer that you are monitoring, the files to which users are currently gaining access and which users are currently gaining access to each file, the shared folders to which users are currently gaining access on the network, and how many users have a connection to each folder. You can monitor all this information on the computer where you are physically located or on a remote computer.

Why would you send an administrative message to users with current connections?

To inform the users that you are about to disconnect them from the
resource so that you can perform a backup or restore operation, upgrade software or hardware, or shut down the computer.

What can you do to prevent a user from reconnecting to a shared folder after you have disconnected the user from the shared folder?

To prevent all users from reconnecting, stop sharing the folder. To prevent only one user from reconnecting, change the permissions for the folder so that the user no longer has access, and then disconnect the user from the shared folder.

How can you create and manage shares on a remote computer?

To create and manage shares on a remote folder, use the MMC to create a custom console and add the Shared Folders snap-in to it. When you add the Shared Folders snap-in, you specify the remote computer on which you want to create and manage shares. When adding the Shared Folders snap-in to the console, you can also select the Allow The Selected Computer To Be Changed When Launching From The Command Line check box so that you can choose the remote computer on which you want to create and manage shares.

Chapter 21

What are the advantages of using L2TP over using PPTP?

L2TP supports more types of internetworks, it supports header compression, and it cooperates with IPSec for encryption.

While you're using the Network Connection wizard, you must configure two new settings regarding sharing the connection. Describe the difference between these two settings.

The settings are whether you want to allow others that use the computer to use the connection (access to the connection) and whether you want to allow other computers to access resources through this port (sharing the connection once it is established).

What is callback and when might you want to enable it?

The callback feature causes the remote server to disconnect and call back the client attempting to access the remote server. By using callback, you can have the bill for the phone call charged to your phone number rather than to the phone number of the user who called in. You can also use callback to increase security by specifying the callback number. Even if an unauthorized user calls in, the system calls back at the number you specified, not the number of the unauthorized user.

Chapter 22

To create a system boot failure

Restart the computer.

What error do you receive when attempting to restart the computer?

NTLDR is missing.
Press Ctrl+Alt+Del to restart.

Review Questions

What are the five major phases of the boot process for Intel-based computers?

The boot process for Intel-based computers includes the preboot sequence, boot sequence, kernel load, kernel initialization, and logon phases.

What are the various Safe Mode advanced boot options for booting Windows 2000, and how do they differ?

The Safe Mode option loads only the basic devices and drivers required to start the system, including the mouse, keyboard, mass storage devices, base video, and the standard/default set of system services.

The Safe Mode With Networking option loads the devices and drivers loaded with the Safe Mode option, but it also loads the services and drivers required for networking.

The Safe Mode With Command Prompt option is identical to the Safe Mode option, but it launches a command prompt instead of Windows
Explorer.

What are the two sections of the Boot.ini file, and what information does each section contain?

The two sections of the Boot.ini file are [boot loader] and [operating systems]. The [boot loader] section of Boot.ini specifies the default operating system and provides a timeout value.

The [operating systems] section of Boot.ini contains the list of operating systems that appear in the Boot Loader Operating System Selection menu. Each entry includes the path to the operating system and the name that appears in the Boot Loader Operating System Selection menu (the text between the quotation marks). Each entry can also contain optional parameters.

You install a new device driver for a SCSI adapter in your computer. When you restart the computer, however, Windows 2000 stops responding after the kernel load phase. How can you get Windows 2000 to restart successfully?

Select the Last Known Good Configuration option to use the LastKnownGood configuration control to start Windows 2000 because it doesn't contain any reference to the new, and possibly faulty, driver.

Chapter 23

How do you install the Windows 2000 deployment tools, such as the Setup Manager Wizard and the System Preparation tool?

To install the Windows 2000 Setup Tools, display the contents of the Deploy.cab file, which is located in the Support\Tools folder on the
Windows 2000 CD-ROM. Select all the files you want to extract, right-click a selected file, and then select Extract from the menu. You will be prompted for a destination, the location and name of a folder, for the
extracted files.

Which five resources are required to use Remote Installation Services to install Windows 2000 Professional?

A Windows 2000 Server with RIS installed, a DNS server available on
the network, a DHCP server available on the network, a Windows 2000 domain to provide Active Directory directory services, and client computers that meet the Net PC specification or have a boot floppy to connect to the RIS server.

Which utility is provided to create boot floppies and how do you access it?

Windows 2000 ships with the Windows 2000 Remote Boot Disk Generator, rbfg.exe, which is used to create boot disks. It is found on the RIS Server in the folder where the Windows 2000 Professional installation files are stored. The path is RemoteInst\Admin\i386\rbfg.exe.

You are planning on installing 45 computers with Windows 2000 Professional. You have determined that these 45 computers have seven different network adapter cards. How can you determine whether these seven different types of network adapter cards are supported by the boot floppies you created?

The boot floppies created using Rbfg only support the PCI-based network adapters listed in the Adapters List. Start Rbfg.exe and then click the Adapter List button to see the list of supported adapters.

You have a laptop running Windows 95 and you want to upgrade it to Windows 2000. The computer has 16 MB of RAM, and this can be upgraded to 24 MB. Can you upgrade this computer to Windows 2000? If not, how would you make it so this computer was able to access Active Directory directory services?

No, Windows 2000 Professional requires at least 32 MB of memory. You can install the Directory Service Client for Windows 95 or 98. The laptop would then be able to access Active Directory directory services.

Name at least two problems the System Preparation tool resolves that makes creating and copying a master disk image to other computers much simpler to do.

The System Preparation tool adds a system service to the master image that will create a unique local domain security ID (SID) the first time the computer to which the master image is copied is started.

The System Preparation tool adds a Mini-Setup wizard to the master disk image that runs the first time the computer to which the master
image is copied is started. It guides the user through entering the user-specific information such as the end-user license agreement, the Product ID, user name, company name, and time zone selection.

The System Preparation tool causes the master image to force the computer on which the master image is copied to run a full Plug and Play
device detection, so that peripherals, such as the network adapter, the video adapter, and sound cards on the computer on which the disk image was copied need not be identical to the ones on the computer on which the image was generated.

Chapter 24

A friend of yours just installed Windows 2000 Professional on his home computer. He called you to help him configure APM, and when you told him to double-click Power Options in Control Panel and click on the APM tab, he told you he did not have an APM tab. What is the most likely reason there is no APM tab?

The most likely reason there is no APM is that his computer does not have an APM-based BIOS installed. When Windows 2000 does not detect an APM-based BIOS, Setup does not install APM and there is no APM tab in the Power Options Properties dialog box.

A user calls the help desk in a panic. She spent 15 hours editing a proposal as an offline file at her house. Over the weekend, her boss came in and spent about four hours editing the same proposal. She needs to synchronize the files, but she doesn't want to lose her edits or those made by her boss. What can she do?

If both her cached offline copy of the file and the network copy of the file are edited, she should rename her version of the file so that both copies will exist on her hard disk and on the network. She could then compare the two and edit her version, adding any edits made by her boss.

Many commercial airlines require you to turn off portable computers during certain portions of a flight. Does placing your computer in Hibernate mode comply with these airline requirements? Why or why not?

No. Hibernate mode makes your computer appear to be turned off, but it is not. You must shut down your computer to comply with these airline requirements.

Chapter 25

To use System Information

In the details pane, double-click Hardware Resources, and then double-click IRQs.

Are there any IRQs being shared?

Answer will vary.

Review Questions

Your boss has started to manually assign resource settings to all devices, including Plug and Play devices, and wants you to finish the job. What should you do?

Explain to your boss that it is not a good idea to manually change or
assign resource settings for Plug and Play devices. Windows 2000 arbitrates resources, but if you manually assign them, then Windows 2000 will not be able to arbitrate the assigned resources if requested by
another Plug and Play device.

Once you have convinced your boss that this is not a good idea, start Device Manager. Plug and Play devices have a Resources tab on their Properties page. You can free the resource settings that were manually assigned and allow Windows 2000 to again arbitrate the resources by selecting the Use Automatic Settings check box on the Resources tab.

What benefits do you gain by Microsoft digitally signing all system files?

Windows 2000 drivers and operating system files are digitally signed
by Microsoft to ensure the files have not been tampered with. Some
applications overwrite existing operating files as part of their installation process. These files may cause system errors that are difficult to troubleshoot. Device Manager allows you to look at the Driver tab and verify that the digital signer of the installed driver is correct. This can save you many frustrating hours of trying to resolve problems caused by a file that replaced one or more original operating system drivers.

What are three ways Microsoft has provided to help you make sure the files on your system have the correct digital signature?

Windows 2000 provides Device Manager, which allows you to verify that the digital signer of the installed driver is correct. Windows 2000 also provides two utilities to verify the digital signatures. The first utility is the File Signature Verification utility, sigverif. Windows 2000 also provides System File Checker (SFC), a command-line utility that you can use to check the digital signature of files.

You receive a call at the Help desk from a user who is trying to configure her fax settings, and she tells you that she does not have an Advanced Options tab. What could the problem be?

For the Advanced Options tab to display, the user must be logged on as Administrator or have administrator privileges.