MCSE Braindumps - free tests - study guides and mcse simulations are available for download. Looking for mcse braindumps mcse brain dumps or mcsa braindumps? You will find many links...  
MCSE Braindumps Home Members area to download MCSE Braindumps Signup to become member of Download the most latest MCSE Braindumps Need more information?
MCSE Braindumps
Download MCSE braindumps
MCSE Exam Information
MCSE 2000 Braindumps Free Download
MCSE 2003 Braindumps Free Download link
MCSE dumps free
Free braindumps
MCSE Exam Tips
Pass Guaranteed
Update News
MCSE Braindumps are  updated on

Special Offer

All Exams
for $69

read more..



MCSE 70-210 Study Guide

Installing, Configuring and Administering Windows 2000 Professional

120 minutes - 60 Questions - 620 Passing Score

Minimum requirements
Pentium 133 or greater.
64 MB RAM minimum (4GB Max)
650 MB Free disk space on partition that will contain the system files. (1 GB recommended)
Professional supports up to 2 processors.

replaces 95, 98 and Workstation as the business desktop. Professional supports upgrades of 95, 98 and NT4.0 meaning all applications and settings will be saved.

Administrative tools can be added by running Adminpak.msi from the Server CD.

No admin tools are available for NT or 9.x systems.

Increased Hardware Support (Plug and Play).  - Windows 2000 brings back Plug and Play with a more stable version than the one we see in Win9.x.

Dynamic Disks - Windows 2000 introduces dynamic disks.  All disks are basic disks on install,  You can upgrade your disks from basic to dynamic through the MMC.  You can't go from dynamic back to basic disks without repartitioning and losing your data.  Dynamic disks allow you to manage disks and volumes without having to reboot.  Dynamic disks are not readable to any other operating systems that are installed on the same box.

Lightweight Directory Access Protocol (LDAP) - Allows you to query an object in the active directory. This allows you to do things like search for a computer or a printer or a user.

Kerberos version 5 protocol - In Kerberos authentication, a client is authenticated when logging on to the network by a Key Distribution Center (KDC). When a client needs to access a resource, the owner of that resource contacts the KDC to verify that the client has permissions to access the resource. The KDC issues a session ticket. The next time the client accesses the resource, the owner of the resource is able to authenticate the client itself using this session ticket instead of going back to the KDC thus cutting down a lot of overhead on the authentication process.

Installation - Upon install, only the partition that will be used to install Windows 2000 should be created. All other partitions should be created later using the Disk Management Utilities as Windows 2000 has additional features that will be available to disks created with this utility.
No start up floppies are created during the install. If you wish to have the start-up floppies, you can run makeboot.exe from the setup CD. this will create 4 setup floppies.

As in NT4.0, both winnt and winnt32.exe are available. winnt is for straight DOS based machines. winnt32.exe is now used for win9.x as well as NT systems.

Win9.x and NT will upgrade to Windows 2000 and keep all settings.

Performs an installation of or upgrade to Windows 2000.

winnt [/s:sourcepath] [/t:tempdrive] [/u:answer file][/udf:id [,UDB_file]] [/r:folder][/rx:folder][/e:command][/a]

Specifies the source location of the Windows 2000 files. The location must be a full path of the form x:\[path] or \\server\share[\path].

Directs Setup to place temporary files on the specified drive and to install Windows 2000 on that drive. If you do not specify a location, Setup attempts to locate a drive for you.

/u:answer file
Performs an unattended Setup using an answer file. The answer file provides answers to some or all of the prompts that the end user normally responds to during Setup. You must also use /s.

/udf:id [,UDB_file]
Indicates an identifier (id) that Setup uses to specify how a Uniqueness Database (UDB) file modifies an answer file (see /u). The /udf parameter overrides values in the answer file, and the identifier determines which values in the UDB file are used. If no UDB_file is specified, Setup prompts you to insert a disk that contains the $Unique$.udb file.

Specifies an optional folder to be installed. The folder remains after Setup finishes.

Specifies an optional folder to be copied. The folder is deleted after Setup finishes.

Specifies a command to be executed at the end of GUI-mode Setup.

Enables accessibility options.

Sets up or upgrades Windows 2000 Server or Windows 2000 Professional. You can run the winnt32 command at a Windows 95, Windows 98, or Windows NT command prompt.

winnt32 [/s:sourcepath] [/tempdrive:drive_letter] [/unattend[num]:[answer_file]] [/copydir:folder_name] [/copysource:folder_name] [/cmd:command_line]
[/debug[level]:[filename]] [/udf:id[,UDF_file]] [/syspart:drive_letter] [/checkupgradeonly] [/cmdcons] [/m:folder_name] [makelocalsource] [/noreboot]

Specifies the source location of the Windows 2000 files. To simultaneously copy files from multiple servers, specify multiple /s sources. If you use multiple /s switches, the first specified server must be available or Setup will fail.

Directs Setup to place temporary files on the specified partition and to install Windows 2000 on that partition.

Upgrades your previous version of Windows 2000, Windows NT 4.0, Windows 3.51, Windows 95, or Windows 98 in unattended Setup mode. All user settings are taken from the previous installation, so no user intervention is required during Setup.

Using the /unattend switch to automate Setup affirms that you have read and accepted the Microsoft License Agreement for Windows 2000. Before using this switch to install Windows 2000 on behalf of an organization other than your own, you must confirm that the end user (whether an individual, or a single entity) has received, read, and accepted the terms of the Windows 2000 Microsoft License Agreement. OEMs may not specify this key on machines being sold to end users.

Performs a fresh installation in unattended Setup mode. The answer file provides Setup with your custom specifications.
Num is the number of seconds between the time that Setup finishes copying the files and when it restarts your computer. You can use num on any computer running Windows NT or Windows 2000.
Answer_file is the name of the answer file.

Creates an additional folder within the folder in which the Windows 2000 files are installed. For example, if the source folder contains a folder called Private_drivers that has modifications just for your site, you can type

/copydir:Private_drivers to have Setup copy that folder to your installed Windows 2000 folder, making the new folder location C:\Winnt\Private_drivers. You can use /copydir to create as many additional folders as you want.

Creates a temporary additional folder within the folder in which the Windows 2000 files are installed. For example, if the source folder contains a folder called Private_drivers that has modifications just for your site, you can type /copysource:Private_drivers to have Setup copy that folder to your installed Windows 2000 folder and use its files during Setup, making the temporary folder location C:\Winnt\Private_drivers. Unlike the folders /copydir creates, /copysource folders are deleted after Setup completes.

Instructs Setup to carry out a specific command before the final phase of Setup. This would occur after your computer has restarted twice and after Setup has collected the necessary configuration information, but before Setup is complete.

Creates a debug log at the level specified, for example, /debug4:C:\Win2000.log. The default log file is C:\%Windir%\Winnt32.log, with the debug level set to 2. The log levels are as follows: 0-severe errors, 1-errors, 2-warnings, 3-information, and 4-detailed information for debugging. Each level includes the levels below it.

Indicates an identifier (id) that Setup uses to specify how a Uniqueness Database (UDB) file modifies an answer file (see the /unattend entry). The /udf parameter overrides values in the answer file, and the identifier determines which values in the UDB file are used. For example, /udf:RAS_user,Our_company.udb overrides settings specified for the RAS_user identifier in the Our_company.udb file. If no UDB_file is specified, Setup prompts the user to insert a disk that contains the $Unique$.udb file.

Specifies that you can copy Setup startup files to a hard disk, mark the disk as active, and then install the disk into another computer. When you start that computer, it automatically starts with the next phase of the Setup. You must always use the /tempdrive parameter with the /syspart parameter.

Checks your computer for upgrade compatibility with Windows 2000. For Windows 95 or Windows 98 upgrades, Setup creates a report named Upgrade.txt in the Windows installation folder. For Windows NT 3.51 or 4.0 upgrades, it saves the report to the Winnt32.log in the installation folder.

Adds to the operating system selection screen a Recovery Console option for repairing a failed installation. It is only used post-Setup.

Specifies that Setup copies replacement files from an alternate location. Instructs Setup to look in the alternate location first and if files are present, use them instead of the files from the default location.

Instructs Setup to copy all installation source files to your local hard disk. Use

/makelocalsource when installing from a CD to provide installation files when the CD is not available later in the installation.

Instructs Setup to not restart the computer after the file copy phase of winnt32 is completed so that you can execute another command.

Unattended Installs - Unattended install can be run using the /unattend switch as in NT4.0. 

Setup Manager will allow you to create the unattend.txt file and the UDF file. 
Sysdiff is still available for installing applications in an unattended setup. The same switches are used that were used in NT4.0. 

Sysdiff /snap takes a snapshot of an image.
Sysdiff /diff creates a difference file after installing applications.
Sysdiff /apply will apply the changes to the system that just got the unattended install.

Sysprep strips the uniqueness out of a machine (SID, Computer Name) so you can create an image. It adds a setup at the end of dumping the image to put in the specifics or you can use Sysprep to create an sysprep.inf file. You will still need identical hardware.

Remote Installation Services (RIS) - Allow you to do remote installs to systems that support network boot through the NIC card. This is better than imaging because it allows for plug and play so you don't have the strict hardware requirements. RIS is limited to installing Windows 2000 professional clients.  A RIS server will have to be available and you must have DNS, DHCP and Active Directory available.  Like DHCP, RIS servers need to be authorized by an Enterprise admin to run on the network.

File Systems - Windows 2000 supports FAT16, FAT32, NTFS.  Choose NTFS if you are only running Windows 2000 on your system as it has many security and performance improvements.

  • FAT16  is necessary to dual boot Windows 2000 with  DOS, Win3.x, WIN95 or Win98.
  • FAT32 could also be used to dual boot with Win2000 and Win98.
  • If you have an NT4 box that you want to dual boot with Windows 2000, make sure the  NT box has service pack 4 or later or it will not be able  to read an NTFS5 partition.

Windows 2000 NTFS advantages:
Disk Compression - NTFS5 offers disk compression.  2000 Professional can not read drives compressed with an earlier operating system so be sure to uncompress drives before upgrading.

Disk Quotas - Windows2000 features built-in disk quota management.  Users can be limited to a certain amount of disk space on the file server on a volume by volume basis.  You can customize how much space and can configure warnings when a certain amount is used.  You can also not allow the user to save any additional data when their limit is reached.

Encrypting File System (EFS) - allows files to be stored encrypted on the hard disk. This protects against people booting from a floppy or logging into a machine locally and gaining access to your files. They will be denied access to the files as they will not have the proper encryption key.  

  • Only files and folders on an NTFS volume can be encrypted.  
  • Compressed files or folders cannot be encrypted.  
  • Encrypted files cannot be shared.  
  • Encrypted files will become unencrypted if copied or moved to a non-NTFS volume.  
  • System files cannot be encrypted.
  • Other than the user that encrypted the files, only a designated recovery agent can  unencrypt the files.

Sharing Data:
The main reason we have networks is for the sharing of data and printers.  Lets take a look at data sharing.
When a folder is shared, permissions are given to users that need to access the folder.  The two types of permissions are Share level and NTFS permissions.  

Share Level Permissions:
By default, the everyone group is given full control permissions when a file is shared.  Share Level permissions are only in effect when a folder is accessed over the network.  If a user logs on locally, Share level permissions will have no effect., only NTFS permissions will be in effect.

  • Full Control - Allows user to change permissions, take ownership of NTFS files, Perform all tasks permitted by change permissions
  • Change - Create folders and add files, Manipulate data in files, change file attributes, Delete Folders and files, Perform all tasks permitted by the read permission.
  • Read - Display names of folders and files, Display data and attributes of files, Run program files, Manipulate subfolders.
  • These permissions can either be allowed or denied.

Share level permissions can be applied on a user or on a group level.  When a user attempts to access a shared folder, all of the permissions for that user are combined  If a user is in one group with Full Control, one group with Change and the user himself has read, The combined permissions will be the least restrictive or Full control.  Any time the user is explicitly denied access whether it is a user or group permission, this overrides all other permissions.  A user can be in one group with Full Control, one group which is denied access and the user himself can have Change permissions, the effective permissions will be no access as this overrides all of the other permissions.  Always assign the most restrictive permissions you can to a user.  You don't want them to be able to do anything more than they need to.  The easiest and most efficient way to assign permissions is to do it on a group basis.  If everyone in your accounting department needs certain permissions to several folders, assign the permissions to a group called accounting, then when a new employee joins the accounting team, all you have to do is place this employees user account in the accounting group and all of their permissions will be there.

Windows 2000 shares some folders by default for administrative purposes.  These shares will show up with a $ behind the name.  The dollar sign signifies that the share is hidden from the browse list,  these default administrative shares are only accessible by users with administrative rights.  If you want to hide any of the shares that you create, simply put a $ after the name (i.e. Share$)

NTFS Permissions:

When a volume is formatted with the NTFS file system, NTFS permissions can be used to secure resources.  NTFS permissions allow you to assign permissions at the folder and file level while Share permissions are limited to the folder level.   NTFS permissions are also a lot more granular than Share level permissions allowing you to permission such things as traverse folders, write attributes and much more.

Applying NTFS Permissions:

Users can be assigned permissions directly or can be put into groups that have permissions assigned.  All individual permissions and group permissions are combined to find out the users effective permissions.

No access overrides all other permissions.

File permissions take precedence over folder permissions.  If you have no access to  folder but have full control  to a file in that folder, you can still access the file using the full UNC path to that file.

Combining Share and NTFS permissions.

When figuring permissions, look at share and NTFS separately.  Take the least restrictive share permission and the least restrictive NTFS permission.  Now take the most restrictive of the two and that is your effective permission.  

Joe is in Accounting Group and also in IT group.
Accounting Group has Full control on the share 'RedSox'
IT group has read access on the share 'RedSox
Joe's cumulative permissions on the share 'RedSox' would be full control.
Accounting Group has read access NTFS permissions on the directory 'RedSox
IT group has change access NTFS permissions on the directory 'stuff'
Joe's cumulative NTFS permissions on the directory 'RedSox' are Change
Now we take the most restrictive of the two results which is change which is the access Joe has when accessing 'RedSox' over the network.
Keep in mind that if Joe is logged on locally to the machine holding the 'RedSox' directory, you will only be using NTFS permissions and not regarding share permissions.  Share permissions are only used when coming across the network share.
Also keep in mind that if Joe is explicitly denied access anywhere, he automatically gets no access regardless of what other permissions he has elsewhere with the exception of no access to a folder but access to a file within the folder that can be accessed through a UNC path.

By default the everyone group is given full control.  This should be removed or else anyone who is able to log on locally to a system will have full control.

Permissions and Moving/Copying files on NTFS volumes:

When copying folders or files either from one partition to another or on the same partition, the permissions will be inherited from the target folder.

When moving files to another partition, the permissions will be inherited from the target folder.

When moving files or folders on the same partition, the permissions will remain intact.  This is the only time permissions are retained and not inherited.

One easy way to remember this is:  MRS - Move Retains Same (partition)

Whenever files are moved or copied to a fat partition, all permissions are lost as FAT does not support NTFS permissions.

Windows Installer - The msiexec program is a client side component of the Windows Installer used to install and upgrade software.  It works in conjunction with an .msi file which is the software package to be installed and .mst files which is a transform file.  The transform file is applied to the msi file at publication to make any changees to the file. can use an .mst file to define only a portion of an application.  Transforms are applied to the .msi file at initial assignment; they cannot be applied to an already installed application  Authenticated Users need the Read and Apply Group Policy ACEs (Access Control Entries) to be able to install from the software distribution point.

Internet Printing - Windows 2000 brings us Internet based printing.  The Print server must be running IIS (Internet Information Server) if it is a Windows 2000 Server or PWS (Peer Web Services) if it is running Windows 2000 professional.  IPP (Internet Printing Protocol) is used for Internet printing.  IPP is encapsulated within HTTP.  Basic Authentication must be used if you wish to support all clients.  Kerberos Authentication or Challenge/Response are supported by IE (Internet Explorer).  Printers can be managed by any browser running IE4 or higher.

Recovery and Protection:

Like NT Workstation, Windows 2000 professional does not offer fault tolerance.  Only 2000 Server and higher.

Recovery Console - Windows 2000 has a recovery console to help when you have trouble booting.  The recovery console is not installed by default.  Install the recovery console by running winnt32.exe /cmdcons from the I386 directory of the CD.  You will now see an option to enter the Windows 2000 recovery console at boot up. (or it can be run by booting from the setup floppies or CD and choosing repair)
The recovery console is limited to administrators (you will be authenticated when entering) and will allow you to do such things as:

  • Use, copy, rename or replace operating system files and folders.
  • Enable or disable services or devices from starting when you next start your computer.
  • Repair the file system boot sector or the Master Boot Record (MBR).
  • Create and format partitions on drives. 

You are fairly restricted as to what you are able to do.  You can't throw files on a floppy or removable media, only copy them to the hard drive from the floppy or removable media.

Emergency Repair Disk (ERD) - Windows 2000 ERD's are created through the backup program (you will see an option to create an ERD on the welcome screen).  RDISK (from NT4.0) is no longer available.  The repair process will attempt to repair system files, the partition boot sector on your system disk, and your startup environment if you have a dual boot system.  To run the repair process, boot either from the Windows 2000 CD or from the setup floppies.  Choose the 'repair or recover' option when prompted.  Fast repair will attempt to repair everything, manual repair will allow you to choose.

Driver Signing - Microsoft digitally signs all drivers that are qualified to run with Windows 2000.  You have the option to install only drivers that have been signed, see a warning when drivers haven't been signed so you can decide then, or never allow unsigned drivers to be installed.  This can be set from control panel, system on the hardware tab.

System File Checker - System File Checker (sfc.exe) is a command line utility that scans and verifies the versions of all protected system files after you restart your computer. If System File Checker discovers that a protected file has been overwritten, it retrieves the correct version of the file from the %systemroot%\system32\dllcache folder, and then replaces the incorrect file.

Windows File Protection - runs in the background and watches for applications trying to replace your system files such as .sys, .dll, .ocx, .ttf, .fon, and .exe files.  If an application attempts to replace a system file with one that is not signed, Windows file protection replaces it back with one stored in dllcache and logs the attempt in the Event log.  There are 4 instances where File protection will allow the files to be replaced:

  • Windows 2000 Service Packs using Update.exe
  • Hotfix distributions using Hotfix.exe
  • Operating system upgrades using Winnt32.exe
  • Windows Update 

Task Scheduler - allows you to automate running commands, scripts or programs at a set time.  This is accessed through the scheduled tasks folder in control panel.  It offers the ability to choose a user account for each task.

Offline Files - Windows 2000 offers the ability to use files offline.  Any files that you set up to have available offline will be there when you disconnect from the network.  Your permissions will be the same as if you were connected to the network.  When you connect back to the network, the files are synchronized with the network.

  • Performance Monitor - This chart shows some of the common counters and their acceptable ranges.
Resource Object\ Counter Suggested threshold Comments
Disk PhysicalDisk\ % Disk Time 90%  
Disk PhysicalDisk\ Disk Reads/sec, PhysicalDisk\ Disk Writes/sec Depends on manufacturer's specifications Check the specified transfer rate for your disks to verify that this rate doesn't exceed the specifications. In general, Ultra Wide SCSI disks can handle 50 I/O operations per second.
Disk Physical Disk\ Current Disk Queue Length Number of spindles plus 2 This is an instantaneous counter; observe its value over several intervals. For an average over time, use Physical Disk\ Avg. Disk Queue Length.
Memory Memory\ Available Bytes Less than 4 MB Research memory usage and add memory if needed.
Memory Memory\ Pages/sec 20 Research paging activity.
Network Network Segment\ % Net Utilization Depends on type of network You must determine the threshold based on the type of network you are running. For Ethernet networks, for example, 30% is the recommended threshold.
Paging File Paging File\ % Usage 99% Review this value in conjunction with Available Bytes and Pages/sec to understand paging activity on your computer.
Processor Processor\ % Processor Time 85% Find the process that is using a high percentage of processor time. Upgrade to a faster processor or install an additional processor.
Processor Processor\ Interrupts/sec Depends on processor. A dramatic increase in this counter value without a corresponding increase in system activity indicates a hardware problem. Identify the network adapter causing the interrupts.

Transmission Control Protocol/Internetworking protocol (TCP/IP) - TCP/IP is the default protocol used with Windows 2000.  In the NT 4.0 world, TCP/IP was a separate topic and exam.  In the Windows 2000 world it was incorporated into the core exams so expect to see it in every exam you sit.

History - Protocol suite designed for Wide Area Networks (WAN's)
Originally used by the department of defense back in the late 60's, TCP/IP is now the common Protocol used for the Internet.  All major operating systems offer support for TCP/IP. 

The standards for TCP/IP are published in a series of documents called Request for Comments (RFC's). 

TCP/IP utilities
FTP - File Transfer Protocol - provides file transfers between TCP/IP hosts with one running FTP software.
Telnet - Provides Terminal Emulation to a TCP/IP host running Telnet server software.
RSH - Remote Shell - runs commands on a UNIX host.
REXEC - Remote Execution - Runs a process on a remote computer.
LPR - Line Printer Remote - Prints a file to a host running the LPD Service.
LPQ - Line Printer Queue - Obtain status of a print queue on a host running the LPD Service.
LPD - Line Printer Daemon - Services LPR requests and submits print jobs to a printer device.
PING - Packet Internet Groper - Verifies that TCP/IP is configured correctly and that another host is available.
IPCONFIG - Verifies TCP/IP information.  with a /all switch will give DHCP, DNS and WINS addresses.  WINIPCFG is used in Win9.x
NSlookup - examines entries in the DNS database pertaining to a particular host or domain.
Hostname - returns the local computers host name.
Netstat - Displays Protocol statistics and the current state of TCP/IP connections.
NBTstat - Checks the state of current NetBIOS over TCP/IP connections, updates LMHOSTS cache, determines registered name.
Route - views or modifies the local routing table.
Tracert - verifies the route used from the local host to the remote host.
ARP - Address Resolution Protocol - displays a cache of locally resolved IP addresses to Media Access Control(MAC) addresses. 
Finger - Retrieves system info from a remote computer that supports the TCP/IP finger service.

TCP/IP Address Properties.

IP Address - 32 bit address used to uniquely identify a TCP/IP host.   The address has two parts.  The network ID and the host ID.  The network ID identifies all hosts that are on the same logical network.  The host ID identifies the host.  Hosts can be workstations, Servers, Routers, ex..  A sample IP address is
Lets compare this to the Calendar.  We have 12 Networks:   January, February, March.... On each Network, we have hosts: 1,2,3,4...
January 1 and January 14 are unique hosts on the same network.   March 4 and June 17 are on different networks.

Subnet Mask - Blocks part of the IP address to distinguish the network ID from the Host ID.  This will determine if the TCP/IP clients are on the same network or on a remote network.  An example of a subnet mask is   An improper Subnet mask can cause connectivity problems.

Default Gateway - If a packet is determined not to be on the same network, it is sent to the default gateway.  This is usually a router.  An incorrect default gateway will produce errors when trying to communicate outside of your network.

A TCP/IP client must at least have an IP address and a subnet mask for communications to work.

A TCP/IP client must have a minimum of IP address, Subnet mask and default gateway for TCP/IP to work through a router.
Hosts communicate by Media Access Control (MAC) address.  If a MAC address is not known then an ARP broadcast is sent out.  The destination hardware will respond with its MAC address and its IP address and these are stored in the ARP cache.  The ARP cache is always checked before doing an ARP broadcast.

IP Addresses dissected.

The 32 bit IP Address is broken down into 4 8-bit fields called octets separated by a period.  Each octet represents a number between 0 and 255.

To understand the addresses you must look at them in binary form.  

Bit 1 1 1 1 1 1 1 1
Decimal(powers of 2) 128 64 32 16 8 4 2 1

Lets look at IP address

In binary form this would translate to:

24=00011000(the bits at 16 + 8 are turned on)

128=10000000(the bit at 128 is turned on)

102=01100110(the bits at 64+32+4+2 are turned on)

7=00000111(the bits at 4+2+1 are turned on)

00011000 . 10000000 . 01100110 . 00000111

The Network portion of the IP is on the left side.  The host portion of the ID is on the right side.

Which part is the Network and which is the Host? 

In the early days things were simple and IP addresses fell into classes.  Let's start with the default classful IP addresses.  Class A or /8(pronounced slash 8) network, Class B or /16 network, Class C or /24 network.

Class A or /8 network.

The first 8 bits to the left (the first octet) are the network ID and the next 24 bits(3 octets) are the host ID.  The first bit in a class A address is always set to zero which actually leaves us 7 bits to toggle for the network ID. 

This leaves our first octet as 00000001 to 01111111or 1 to 127. 

The 127 addresses are reserved for the loopback addresses thus leaving us 1 to 126.

Class B or /16 network.

The first 16 bits(2 octets) to the left are the network ID and the next 16 bits(2 octets) are the host ID.  The first two bits in a class B address are always set to 1-0 which actually leaves us 14 bits to toggle for our Network ID.

This leaves our first octet as 10000000 to 10111111or 128 to 191.

Class C or /24 network.

The first 24 bits(3 octets) to the left are the network ID and the next 8 bits(1octet) are the host ID.  The first three bits in a class C address are always set to 1-1-0 which actually leaves us 21 bits to toggle for our network ID.

This leaves our first octet as 11000000 to 11011111or 192 to 223..

Class D network.  Class D addresses are reserved for multicasting.  The first four bits in a class D address are always set to 1-1-1-0.

This leaves our first octet as 11100000 to 11101111or 224 to 239..

Class E network.  Class E addresses are reserved for future and experimental use.  The first four bits in a class E address are always set to 1-1-1-1.

This leaves our first octet as 11110000 to 11111111or 240 to 255..

IP Address Class Decimal Range # Networks available 2^x-2 # Hosts available 2^y-2
Class A (/8) 1 to 126 126 16777214
Class B (/16) 128 to 191 16382 65534
Class C (/24) 192 to 223 2097150 254
Class D 224 to 239    
Class E 240 to 255    

(1) - Number of available networks is determined by using powers of 2.  There are 2 possible positions for a bit.  On(1)and Off(0).  Keeping in mind that the first bit is always set to 0, we have 7 bits left to toggle.  This means that there are 2^7 networks available for a Class A.  By rule (because some older routers can't route them) the all(0)'s and all (1)'s networks are not used which leaves us with 2^7-2 Networks available for the Class A.  Using this same 2^x-2 formula we can determine the number of networks for Class B and Class C.  Remember that in Class B, the first two bits are always set to 1-0 giving us 14 bits to toggle for a formula of 2^14-2.   Remember that in Class C, the first three bits are always set to 1-1-0 giving us 21 bits to toggle for a formula of 2^21-2. 

(2) - Number of Hosts is derived using the same formula as the number of networks.   Class A network uses 8 bits for the Network ID leaving us 24 bits for the Host ID.   Using our formula 2^24-2, we get 16777214.  We can calculate the Hosts for Class B and Class C the same way.

I have two IP Addresses.  Are they on the same network?

To decide whether or not two IP addresses are on the same network, we use a subnet mask.  This is used to mask the network portion of the IP Address.  The network portion of the IP address has a 1 in the corresponding bit of the subnet mask.  The host portion of the IP has a 0 in the corresponding bit of the subnet mask.  Lets take a look at the subnet mask in binary form.

Class A addressing.

01110111 . 00100010 . 00010100 . 00010101 =

11111111 . 00000000 . 00000000 . 00000000 = - This is the default Subnet Mask for Class A networks.

01110111 . 00111000 . 00101011. 01000000 =

In the above example, 119 is the network ID because it corresponds with the bits turned on in the subnet mask.  Both of the above IP's are on the same network.

Dynamic Host Configuration Protocol (DHCP) – automatically assigns TCP/IP addresses and information to client computers. The client requests an IP from the DHCP server at startup. The DHCP server chooses an IP from a pool and offers it to the client, along with the subnet mask, default gateway, and many other optional items. If the client accepts the offer the IP will be leased for a specified period of time.  A DHCP server must have a static IP address. Windows 2000 introduces us to authorized DHCP servers in which an administrator has to give the OK for a DHCP server to run or it will shut down its services.  This prevents anyone from setting up a DHCP server and handing out addresses that you don't want.  A scope is set up which is a range of valid IP addresses that a DHCP server can assign. If you have multiple DHCP servers, they must each have a unique scope to avoid assigning duplicate IP addresses. You can have multiple scopes on a DHCP server.

For redundancy, you should share part of your scope with another DHCP server.

Ex. You have the subnet 222.222.222.x. You can give a scope of to to your primary DHCP server and a scope of to to a secondary server. This will allow clients to obtain a lease if the primary DHCP server is down but will avoid the leasing of duplicate IP’s. Microsoft’s recommendation is to have 80% of the addresses in the primary and 20% in the secondary. DHCP can also hand out many other pieces of information including Routers, DNS Servers, and WINS Servers… These can be configures on a global level, scope level or client level.

Automatic Private IP addressing (APIPA) - This is a feature that Windows 2000 offers that is similar to a mini DHCP server.  If a computer is set up to use DHCP and a DHCP server is not available, Windows 2000 assigns an IP address from the private range - with a subnet mask of  This can be quite useful in a home office or small company as there is no need to set up a DHCP server.  It is quite limited though in that you don't get a default gateway so it is useless in a routed environment.  Another downside is that in a network in which the DHCP server is unavailable a client will log on and wont get any error messages so it might make troubleshooting a bit more difficult when they can't access network resources.

Windows Internet Name Service (WINS) - WINS is responsible for resolving NetBIOS names to IP addresses. When a WINS client boots up it announces itself to the WINS server. The WINS server stores the name and IP of the client in the database to hand out on future requests. This enables you to connect to a server named Appsserver by name instead of having to remember Appsserver’s IP address. The WINS database is dynamic.

DNS (Domain Name System)

DNS is used to resolve fully qualified domain names (FQDN) to IP addresses. i.e. resolves to  
Windows 2000 uses DNS as its primary means of resolution including locating domain controllers.

Lookup Zone Files 
Forward Lookup Zone - resolves hostname to IP address
Reverse Lookup Zone - resolves IP address to hostname.

Host File - manually updated text file that contains IP address to host name combinations. This is how it was done before DNS.

DDNS (Dynamic DNS) - Windows 2000 includes DNS that is dynamically updated to prevent having to manually keep the DNS database current. When a Windows 2000 client boots up, it will send its info straight to the DNS server to be added. Windows9.x and NT clients can not pass their information directly to the DNS server so the DHCP server forwards their information along to allow them to take advantage of the Dynamic DNS. Dynamic updates are configured at the zone level so you can choose to update one or more zones manually if you choose.

RAS (Remote Access Service)

Windows 2000 supports several remote access protocols including:
PPP (Point to Point Protocol) - most common Remote Access protocol.  Allows for multivendor environments.
SLIP Serial Line Internet Protocol) - not supported on the server, only the client.  Mostly used for telnet.
Microsoft RAS - Clients must use NetBEUI.  Server acts as gateway to connect to NetBEUI, TCP/IP, or IPX/SPX.
ARAP (AppleTalk Remote Access Protocol) - A windows 2000 server running ARAP can accept connections from MAC clients.

Windows 2000 RAS supports several LAN protocols including:

Permissions can be set to allow access, deny access or control through Remote Access Policy. (control through RAS policy only available in native mode)
Caller ID can be enabled to check for a specific number before accepting connection. (only available in native mode)
RAS can be configured to call user back at a specific number to complete connection.
RAS can be set to assign a static IP address if a client requires a specific IP.
Windows 2000 RAS supports multilink in which several connections can be combined to increase bandwidth.  Both client and server need to have multilink enabled.
BAP (bandwidth Allocation Protocol) - works with multilink to provide bandwidth on demand by adding or dropping links as needed.

Remote Access Authentication Protocols:
PAP (Password Authentication Protocol) - uses clear text passwords. provides little security.

SPAP - (Shiva Password Authentication Protocol) - more secure than PAP. use to connect to Shiva LANRover to Windows 2000. Medium Security.

CHAP - (Challenge Handshake Authentication Protocol) - uses the industry standard MD5 1-way encryption scheme to encrypt the response.  Highly Secure.

MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)- 1-way encrypted password.  This is enabled by default on a windows 2000 server running RAS.  Highly Secure.

MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol v2)- Strong encryption.  Windows 2000 clients use this by default for dialup.  Windows 2000,NT4 and Win98 clients use this by default for VPN.  Highly Secure.

EAP (Extensible Authentication Protocol) - Client and server negotiate the Authentication method to include MD5 username and password encryption, smart-cards, token cards, retina or fingerprint scanners and other third party authentication technologies.

Remote Access Data Encryption Protocols:

MPPE (Microsoft Point to Point Encryption) - Encrypts data moving between a PPTP connection and a VPN server.  Can use 128-bit, 56-bit or 40-bit encryption.

IPSec (Internet Protocol Security)  - IPSec encrypts data traveling across the network. The systems communicating via IPSec use keys to decipher data that has been encrypted using algorithms. The key can be generated using algorithms on the systems communicating so that the key does not have to travel across the network. Key lengths can be varied depending on how secure the data needs to be. Keys can also be dynamically changed during a session in case a key is captured and deciphered then the rest of the data will be encrypted using a different key. IPSec can be forced on users by using policies. IPSec communication can be assigned on a group to group basis.

IP Addressing - RAS can hand out IP addresses using 3 methods:

Static IP address - IP address is configured on the client.  Not recommended because of the administration.

IP address Range - assign a range of addressees to the RAS server to be able to give out.

DHCP addressing - RAS will get addresses for its clients from a DHCP server.  Highly recommended as there is only one pool of IP addresses to maintain.

Remote Access Policies - RAS Policies consist of Conditions, permissions and profile.

Conditions - Conditions include things like time, user groups, IP addresses, caller ID's that must be matched for client to connect.

Permissions - RAS policy permissions work in conjunction with a user's dial-in permissions in Active Directory.  Dial-n permissions will override RAS Policy permissions.  i.e. The sales group is a granted remote access through a policy from 9:00 to 5:00.  John, a member of the sales group is given 24 hour access in active directory.  John will have 24 hour access.

Profiles - This contains settings such as time limits, authentication and encryption protocols.

IAS (Internet Authentication Service) - IAS in conjunction with Routing and Remote Access Service provide support for RADIUS (Remote Authentication Dial-in User Service).  RADIUS is used for authentication of users outside of the internal network.  IAS also allows for tracking of connections for things like usage for billing purposes and auditing for security purposes.

VPN (Virtual Private Networks)
A VPN is a tunnel between two systems. The data that passes between the systems is encrypted. This allows for secure communication across a public network such as the Internet.  
VPN's use either PPTP or L2TP encryption.

PPTP (point to point tunneling protocol) - only works on IP network. Uses built-in PPP encryption
L2TP (Layer 2 Tunneling Protocol)- works on IP, Frame Relay, X.25 or ATM.  Uses IPSec encryption

Disclaimer: Sure2Pass Tests and MCSE Braindumps are based solely on published objectives of various exams, which cover concepts that are necessary for various networking professional certification designations. Links to other sites are published for the benefit/information of our visitors and we are not responsible for their contents. Our MCSE Study Guides, practice tests, and/or material is not sponsored by, endorsed by or affiliated with Microsoft. Microsoft, MCSE, MCSA, MCSD, the Microsoft logo are trademarks or registered trademarks of Microsoft in the United States and certain other countries. All other trademarks are trademarks of their respective owners