MCSE Braindumps - free tests - study guides and mcse simulations are available for download. Looking for mcse braindumps mcse brain dumps or mcsa braindumps? You will find many links...  
MCSE Braindumps Home Members area to download MCSE Braindumps Signup to become member of Download the most latest MCSE Braindumps Need more information?
MCSE Braindumps
Download MCSE braindumps
MCSE Exam Information
MCSE 2000 Braindumps Free Download
MCSE 2003 Braindumps Free Download link
MCSE dumps free
Free braindumps
MCSE Exam Tips
Pass Guaranteed
Update News
MCSE Braindumps are  updated on

Special Offer

All Exams
for $69

read more..



MCSE 70-218 Study Guide

Managing a Microsoft Windows 2000 Network Environment


This Guide has been created to aid you in the basics of preparing for the new MCSA title from Microsoft. As with all study guides, never use one guide as your sole source of study.

Preparation Tools: 

In addition to your hands-on experience working with the product, you may want to use the following tools and training to help you prepare for this exam:

Step-by-Step Guide to Preparing for a Microsoft Certified Professional Exam

The Step-by-Step Guide describes a concise, six-step approach to preparing for an MCP exam, and is also a compendium of MCP exam-preparation resources.

Microsoft Official Curriculum

The Microsoft Official Curriculum (MOC) consists of courses designed by Microsoft product groups that support the certification exam process. You can choose from instructor-led classroom training, self-paced training kits, and online training.

Microsoft Press

Visit Microsoft Press, your online bookstore, for books and CD-ROMs to help you get the most out of Microsoft products. Microsoft Press offers a full line of study materials for MCP exams.

Practice Tests

Practice tests offered by Microsoft Approved Practice Test Providers enable you to assess and receive feedback on your level of knowledge and exam-readiness prior to taking a certification exam. Although your score on a practice test doesn't necessarily indicate what your score will be on a certification exam, a practice test gives you the opportunity to answer questions that are similar to those on the certification exam and can help you identify your areas of greatest strength and weakness.

Audience Profile:

Candidates for this exam work in medium to very large computing environments that use Microsoft Windows 2000 network and directory services. Candidates have at least six months of experience administering and supporting Windows 2000 server and client operating systems that use Active Directory services in environments that have the following characteristics.

q       From 200 to 26,000 users are supported.

q       From two to 100 physical locations are included.

q       Typical network services and resources include messaging, file and print, proxy server or firewall, Internet and intranet, remote access, and client computer management.

q       Connectivity needs include connecting branch offices and individual users at remote locations to the corporate network and connecting corporate networks to the Internet.


Active Directory Links


o       How to Deploy Active Directory

o       Best Practice Active Directory Deployment for Managing Windows Networks

o       Guide to Active Directory Design

o       Active Directory Architecture

o       Building the Active Directory Tree

o       Extending Active Directory Schema and Preparing Forest for Exchange Deployment

o       Active Directory Diagnostics, Troubleshooting and Recovery

o       Best Practices for Designing the Active Directory Structure

o       How to Analyze and Manage Active Directory Replication Network Traffic on Your Windows 2000 Server

o       How to Deploy a Windows 2000 Server Active Directory in Your Organization

o         IT Resources: Active Directory Branch Office Guide Series



Study Notes:


Creating, Configuring, Managing, Securing, and Troubleshooting File, Print, and Web Resources


q       Publish resources in Active Directory. Types of resources include printers and shared folders.

o       You can publish any shared network folder, including a distributed file system (Dfs) folder, in Active Directory. Creating a Shared folder object in Active Directory does not automatically share the folder. It is a two-step process; you must first share the folder, and then publish it in Active Directory

o       Publishing a Shared Folder in Windows 2000 Active Directory (Q234582)

o       To publish a legacy printer in Active Directory you can go to the following link to find step by step directions: Here

o       To publish a Normal printer in Active Directory you can go to the following link to find step by step directions: Here

q       Perform a search in Active Directory Users and Computers.

o       Know how to search for objects within the Directory for the exam.

q       Configure a printer object.

o        Know how to create a print object (which is pretty easy) in the directory. Also know how to use Group Policy for print object control. You can find a large amount of information on how to do this with the following Q article

o        Using Group Policies to Control Printers in Active Directory (Q234270)

q       Manage data storage. Considerations include file systems, permissions, and quotas.

o       If you are a member of the Administrators group, you can enable quotas on NTFS volumes that already contain files, Windows calculates the disk space used by all users who have copied, saved, or taken ownership of files on the volume up to that point. The quota limit and warning level are then applied to all current users based on those calculations, and to users who begin using the volume from that point on. You can then set different quotas, or disable quotas, for individual or multiple users. You can also set quotas for specific users who have not yet copied, saved, or taken ownership of files on the volume. For example, you might want to set a quota limit of 50 megabytes (MB) for all users of \\server\share, while making sure two users who work with larger files on the server have a 100 MB limit. If both of these users already have files stored on \\server\share, you can select both users and set their quota limit to 100 MB. However, if one or both users do not have files stored on the server when you enable quotas, you need to select the users in the Quota Entries window and then set their quota limit to a value higher than the default for new users.

q       Implement NTFS and FAT file systems.

o       Comparing FAT and NTFS File Systems

o       Clusters cannot be 64 kilobytes (KB) or larger. If clusters were 64 KB or larger, some programs (such as Setup programs) might calculate disk space incorrectly.

o       A volume must contain at least 65,527 clusters to use the FAT32 file system. You cannot increase the cluster size on a volume using the FAT32 file system so that it ends up with less than 65,527 clusters.

o       The maximum possible number of clusters on a volume using the FAT32 file system is 268,435,445. With a maximum of 32 KB per cluster with space for the file allocation table (FAT), this equates to a maximum disk size of approximately 8 terabytes (TB).

o       Limitations of FAT32 File System (Q184006)

o       Windows 2000 contain new features that are available only with the NTFS file system. This article outlines the features and advantages of converting to the NTFS file system with Windows 2000. These features require on-disk data structures that make these volumes unavailable to Windows NT 4.0-based computers. In anticipation of dual- boot scenarios, upgrade Windows NT 4.0 to SP4 before starting the Windows 2000 installation. Windows NT 4.0 cannot interpret the version of NTFS included with Windows 2000 correctly. However, there is an updated Ntfs.sys driver in Windows NT 4.0 Service Pack 4 that enables Windows NT 4.0 to read from and write to NTFS volumes in Windows 2000.

·        Disk quotas. Administrators can limit the amount of disk space users can consume on a per-volume basis. The three quota levels are: Off, Tracking, and Enforced.

·        Encryption. The NTFS file system can automatically encrypt and decrypt file data as it is read and written to the disk.

·        Reparse points. Programs can trap open operations against objects in the file system and run their own code before returning file data. This feature can be used to extend file system features such as mount points, which you can use to redirect data read and written from a folder to another volume or physical disk.

·        Sparse files. This feature allows programs to create very large files, but to consume disk space only as needed.

·        USN Journal. This feature provides a persistent log of all changes made to files on the volume. This feature is one of the reasons that Windows 2000 domain controller must use an NTFS partition as the system volume.

q       Implement and configure Encrypting File System (EFS).

o       How to Encrypt Data Using EFS in Windows 2000 (Q230520)

o       You can use the Windows 2000 EFS to encrypt files to prevent unauthorized individuals from viewing the contents of the files. To encrypt and decrypt files, a user must have a file encryption certificate. If the file encryption certificate is lost or damaged, access to the files is lost.

o       Data recovery is possible through the use of a recovery agent. A user account of a trusted individual can be designated as a Recovery Agent so that a business can retrieve files in the event of a lost or damaged file encryption certificate or to recover data from an employee that has left the company.

o       One of the many advantages of using Windows 2000 domains is that you can configure a domain EFS recovery policy. In a default Windows 2000 installation, when the first domain controller (DC) is set up, the domain administrator is the specified recovery agent for the domain. The domain administrator can log on to the first DC in the domain, and then change the recovery policy for the domain.

o       If you want to create additional recovery agents, the user accounts must have a file recovery certificate. If available, a certificate can be requested from an enterprise CA that can provide certificates for your domain. However, EFS does not require a CA to issue certificates, and EFS can generate its own certificates to user and to default recovery agent accounts.

q       Configure volumes and basic and dynamic disks.

o       HOW TO: Use Disk Management to Manage Basic and Dynamic Disks in Windows 2000 (Q308209)

o       Basic disk storage supports partition-oriented disks. A basic disk is a physical disk that contains basic volumes (primary partitions, extended partitions, or logical drives). If you upgraded your computer to Windows 2000 from Microsoft Windows NT 4.0, basic disks may also contain spanned, mirrored, striped, and RAID-5 volumes if they were present in the previous operating system. You can create up to four primary partitions on a basic disk, or up to three primary partitions and one extended partition. You can also use free space on an extended partition to create logical drives.

o       Dynamic disk storage supports volume-oriented disks. A dynamic disk is a physical disk that contains dynamic volumes. With dynamic disks, you have the ability to create simple volumes, volumes that span multiple disks (spanned and striped volumes), and fault-tolerant volumes (mirrored and RAID-5 volumes). Dynamic disks can contain an unlimited number of volumes.

q       Manage a domain-based distributed file system (DFS).

o       How to Install Distributed File System (DFS) on Windows 2000 (Q241452)

o       Distributed file system (DFS) is used to make files distributed across multiple servers appear to users as if they reside in one place on the network. Because of this, users no longer need to know or specify the actual physical location of files in order to obtain access to them. Dfs can be implemented as stand-alone or domain-based. Domain-based Dfs has the following advantages:

o       Windows 2000 automatically publishes the Dfs topology in the Active Directory, making it visible to users on all servers in the domain.

o       The administrator has the ability to replicate the Dfs roots and shared folders to multiple servers in the domain. By doing so users are permitted to obtain access to their files even if one of the physical servers on which the files reside becomes unavailable.

q       Manage file and folder compression.

o       HOW TO: Compress and Expand Files and Folders in Windows 2000 (Q314958)

o       Compact.exe is the command-line version of the file and folder compression feature in Windows 2000. Use Compact to compress, to decompress, or to display the compression state of files and folders on NTFS file system-formatted volumes.

o       Compress.exe is a command-line utility that you can use to compress one or more files. This tool is included in the Microsoft Windows 2000 Resource Kit.

o       When you use Compress to compress files, you must use Expand.exe to expand the compressed file before you can open it.

q       Create shared resources and configure access rights. Shared resources include printers, shared folders, and Web folders.

o       Know how to share objects out. Then assign Rights to them

o       Know how to share folders and enable Web sharing

q       Configure and troubleshoot Internet Information Services (IIS).

o       IT Resources for Supporting and Maintaining IIS

o       Deploying Microsoft IIS

o       Deploying Windows 2000 with IIS 5.0 for Dot Coms: Best Practices

q       Configure virtual directories and virtual servers.

o       Internet Information Server 5.0 Resource Kit

o       Internet Information Server 4.0 Resource Kit

q       Troubleshoot Internet browsing from client computers.

o       Know how to troubleshoot the Internet Explorer client inside and out. Know how to check the proxy settings if using a proxy server and how they should be configured.  Know the basic error codes you would get from the web server if not reachable like 400 and 500 errors

q       Troubleshoot intranet browsing from client computers.

o       Same as above. Know how to configure the browser to bypass the proxy for Intranet servers

q       Configure authentication and SSL for Web sites.

o       SSL will be configured within the IIS web server properties to have Secure Socket Layer transmission

o       HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000 (Q310344)

o       Anonymous access: When Anonymous access is enabled, no credentials are required to access the site unless NTFS permissions are placed on the Web site folders to control access. To edit the properties of the anonymous user account, click Edit in the Anonymous access box.

o       Basic authentication: If Basic authentication is enabled, the user credentials are sent in clear text. This format provides a low level of security because almost all protocol analyzers can read the password. However, it is compatible with the widest number of Web clients. If Basic authentication is enabled, you can click Edit and set a default domain for user accounts.

o       Digest authentication: Digest authentication works for Internet Explorer 5.0 and later Web clients and for Web servers that belong to a Windows 2000 domain. It has the advantage of not sending user credentials in clear text.

o       Integrated Windows authentication: Integrated Windows authentication can use both the Kerberos v5 authentication protocols and its own challenge/response authentication protocol. This option is a more secure authentication option. However, it only works for Internet Explorer 2.0 or later and Kerberos authentication does not work over HTTP connections.

q       Configure FTP services.

o       Know how to configure basic FTP services within IIS

q       Configure access permissions for intranet Web servers.

o       Secure Internet Information Services 5 Checklist

q       Monitor and manage network security. Actions include auditing and detecting security breaches.

o       HOW TO: Enable and Apply Security Auditing in Windows 2000 (Q300549)

o       It is important that you protect your information and service resources from people who should not have access to them, and at the same time make those resources available to authorized users. This article describes how to use Windows 2000 security features to audit access to resources.

o       You can configure the security logs to record information about either directory and file access or server events. You can set this level of auditing by using Audit Polices in Microsoft Management Console (MMC). These events are logged in the Windows Security log. The Security log can record security events, such as valid and invalid logon attempts, as well as events that are related to resource use, such as creating, opening, or deleting files. You need to log on as an administrator to control what events are audited and displayed in the Security log.

o        IMPORTANT: Before Windows 2000 can audit access to files and folders, you must use the Group Policy snap-in to enable the Audit Object Access setting in the Audit Policy. If you do not, you receive an error message when you set up auditing for files and folders, and no files or folders are audited. After you enable auditing in Group Policy, view the Security log in Event Viewer to review successful or failed attempts to access the audited files and folders.


Configuring, Administering, and Troubleshooting the Network Infrastructure


q       Troubleshoot routing. Diagnostic utilities include the tracert command, the ping command, and the ipconfig command.

o       To test a TCP/IP configuration by using the ping command

o       To quickly obtain the TCP/IP configuration of a computer, open Command Prompt, and then type ipconfig. From the display of the ipconfig command, ensure that the network adapter for the TCP/IP configuration you are testing is not in a Media disconnected state.

o       At the command prompt, ping the loopback address by typing ping

o       Ping the IP address of the computer.

o       Ping the IP address of the default gateway.

o       If the ping command fails, verify that the default gateway IP address is correct and that the gateway (router) is operational.

o       Ping the IP address of a remote host (a host that is on a different subnet).

o       If the ping command fails, verify that the remote host IP address is correct, that the remote host is operational, and that all of the gateways (routers) between this computer and the remote host are operational.

o       Ping the IP address of the DNS server

o       If the ping command fails, verify that the DNS server IP address is correct, that the DNS server is operational, and that all of the gateways (routers) between this computer and the DNS server are operational.

o       To display the basic TCP/IP configuration: ipconfig

o       To display the full TCP/IP configuration for all adapters, type: ipconfig /all

o       To renew a DHCP-assigned IP address configuration for only the Local Area Connection adapter, type: ipconfig /release and /renew

o       To flush the DNS resolver cache when troubleshooting DNS name resolution problems, type: ipconfig /flushdns














q       Configure and troubleshoot TCP/IP on servers and client computers. Considerations include subnet masks, default gateways, network IDs, and broadcast addresses.

o        You need to know the basics of troubleshooting here. Know how to configure IP on a workstation or a server, subnet it, put a mask on it and know the basic fundamentals of what makes up an IP address.

q       Configure, administer, and troubleshoot DHCP on servers and client computers.

q       Dynamic Host Configuration Protocol for Windows 2000

q       Chapter 4 - Dynamic Host Configuration Protocol (Resource Kit Chapter)

q       Windows 2000 Infrastructure Services Design and Deployment: DNS, DHCP, and WINS Deployment within Microsoft

q       Managing TCP/IP Addresses On Your Network With DHCP

q       Windows 2000 Server Documentation - DHCP

q       Detect unauthorized DHCP servers on a network.

o       Unauthorized DHCP Server Detection

o       The Microsoft DHCP server for Windows 2000 is designed to prevent unauthorized DHCP servers from creating address assignment conflicts. This solves problems that could otherwise occur if naïve users created unauthorized DHCP servers that could assign improper or unintended IP addresses to clients elsewhere on the network. For example, a user could create what was intended to be a local DHCP server, using non-unique Net 10 addresses that could lease the addresses to unintended clients requesting addresses from elsewhere on the network. This is one reason to keep the number of DHCP servers deployed at a minimum, as described in Best Practices, below. However, most of these events are accidental, where a second DHCP server is installed by someone who is unaware of other DHCP servers already active on the network

o       The DHCP server for Windows 2000 has management features to prevent unauthorized deployments and to detect existing unauthorized DHCP servers. In the past, anyone could bring up a DHCP server on a network. Today, an authorization step is required. These authorized personnel are usually the administrator of the domain that the Windows 2000 Server platform belongs to or someone to whom they have delegated the task of managing the DHCP servers.

o       Protecting Against Unauthorized DHCP Servers

o       Active Directory is now used to store records of authorized DHCP servers. When a DHCP server comes up, the directory can now be used to verify the status of that server. If that server is unauthorized, no response is returned to DHCP requests. A network manager with the proper access rights has to respond. The domain administrator can assign access to the DHCP folder holding configuration data, to allow only authorized personnel to add DHCP servers to the approved list.

o       The list of authorized servers can be created in the Active Directory through the DHCP snap-in. When it first comes up, the DHCP server tries to find out if it is part of the directory domain. If it is, it tries to contact the directory to see if it is in the list of authorized servers. If it succeeds, it sends out DHCPINFORM to find out if there are other directory services running and makes sure that it is valid in others, as well. If it cannot connect the directory, it assumes that it is not authorized and does not respond to client requests. Likewise, if it does reach the directory but does not find itself in the authorized list, it does not respond to clients. If it does find itself in the authorized list, it starts to service client requests.

q       Configure client computers to use dynamic IP addressing.

o       Know how to set up a client to get an IP from a DHCP server. Pay attention to any broadcasts that need to pass a router and to configure a relay agent

q       Configure DHCP server properties.

o       DHCP Scopes: A DHCP scope is an administrative grouping that identifies the full consecutive ranges of possible IP addresses for all DHCP clients on a physical Subnetwork. Scopes define a logical Subnetwork for which DHCP services are to be offered, and also allow the server to identify configuration parameters that are given to all DHCP clients on the Subnetwork. A scope must be defined before DHCP clients can use the DHCP server for dynamic TCP/IP configuration.

o       Address Pools: Once a DHCP scope is defined and exclusion ranges are applied, the remaining addresses form what is called an available address pool within the scope. Pooled addresses may then be dynamically assigned to DHCP clients on the network.

o       Exclusion Ranges: An exclusion range is a limited sequence of IP addresses within a scope range that are to be excluded from DHCP service offerings. Where exclusion ranges are used, they ensure that any addresses within the defined exclusion range are not offered to clients of the DHCP server.

o       Reservations: Reservations allow permanent address lease assignment by the DHCP server. Where reservations are used, they ensure that a specified hardware device on the Subnetwork can always use the same IP address.

o       Superscopes: An administrative feature included within the Microsoft DHCP Manager tool can be used to create a number of distinct scopes, which are grouped together into a single administrative entity called a superscope. Superscopes are useful for solving several different DHCP service issues.

o       Leases: As noted, a lease is the length of time that that a DHCP server specifies that a client computer can use an assigned IP address. When a lease is made to a client, it is described as active. At half-lease period, the client must renew its address lease assignment with the server. The duration of leases affects how often clients attempt to renew those they have been assigned with the DHCP server.

o       DHCP Options: DHCP Options are other client-configuration parameters that a DHCP server can assign when serving leases to DHCP clients. For example, IP addresses for a router or default gateway, WINS servers, or DNS servers are commonly provided for a single scope or globally for all scopes managed by the DHCP server. Many DHCP options are predefined through RFC 2132, but the Microsoft DHCP server also allows defining and adding custom options.

q       Create and configure a DHCP scope.

o       A scope is an administrative grouping of computers for a Subnetwork using DHCP service. Administrators create a scope for each physical Subnetwork, which is then used to define parameters used by clients for this Subnetwork. Scopes can be planned based on the needs of particular groups of users, with appropriate lease durations defined for the related scopes. A scope has the following properties:

§         A range of possible IP addresses from which to include or exclude addresses used in DHCP service lease offerings.

§         A unique subnet mask to determine the subnet related to a given IP address.

§         A scope name assigned when the scope is created.

§         Lease duration values to be assigned to DHCP clients that receive dynamically allocated IP addresses.

§         Reservations.

§         Options.

o        A DHCP scope consists of a pool of IP addresses on a Subnetwork, such as to, that the DHCP server can lease to DHCP clients. Each physical network can have only one DHCP scope or a superscope with one or more ranges of IP addresses.

q       Configure, administer, and troubleshoot DNS.

q       Configure DNS server properties.

o       Download this huge whitepaper. It will tell you everything you need to know to configure all aspects of Windows 2000 DNS services: Here

q       Other networking Services

o       Know the basics of HOST, LMHOSTS, WINS and DNS

q       Work on Configuring, Managing, Securing, and Troubleshooting Active Directory Organizational Units and Group Policy

q       Create, manage, and troubleshoot User and Group objects in Active Directory.

o       This URL pretty much goes over the whole Active Directory Process: Here

o       Linking Group Policy Objects to Active Directory Containers

o       Any site, domain, or OU may be associated with any Group Policy Object. As shorthand, we will use the acronym SDOU to mean a site, domain, or OU.

o       A given GPO can be associated (linked) to more than one site, domain, or OU. Conversely, a given site, domain, or OU can have multiple GPOs linked to it. In the case where multiple GPOs are linked to a particular site, domain, or OU, you can prioritize the order of precedence in which these GPOs are applied.

o       By linking GPOs to Active Directory sites, domains, and OUs, you can implement Group Policy settings for as broad or as narrow a portion of the organization as you want:

o       A GPO linked to a site applies to all users and computers in the site.

o       A GPO applied to a domain applies directly to all users and computers in the domain and by inheritance to all users and computers in child OUs. Note that policy is not inherited across domains.

o       A GPO applied to an OU applies directly to all users and computers in the OU and by inheritance to all users and computers in child OUs.

o       GPOs are stored on a per-domain basis, however, you can link a site, domain, or OU to a GPO in another trusted domain, although this is not recommend in general for performance reasons.

Configuring, Securing, and Troubleshooting Remote Access

q       Configure and troubleshoot remote access and virtual private network (VPN) connections.

o       All you need to know on how to configure a Win2K VPN

Disclaimer: Sure2Pass Tests and MCSE Braindumps are based solely on published objectives of various exams, which cover concepts that are necessary for various networking professional certification designations. Links to other sites are published for the benefit/information of our visitors and we are not responsible for their contents. Our MCSE Study Guides, practice tests, and/or material is not sponsored by, endorsed by or affiliated with Microsoft. Microsoft, MCSE, MCSA, MCSD, the Microsoft logo are trademarks or registered trademarks of Microsoft in the United States and certain other countries. All other trademarks are trademarks of their respective owners