|
|
August 2008 - Posts
-
What audit policy is use to audit records regarding access to AD? Answer: Audit Directory Servers Access 
|
-
What audit policy is use to audit records regarding access to AD? 
|
-
Did you know that you can add command line switches in he command line? 
|
-
What are the forest and domain functional levels? Forest: - Windows 2000
- Windows 2003
- Windows 2008
Domain: - Windows 2000
- Windows 2003
- Windows 2008
|
-
I posted this early because of the long weekend. Have a good long weekend. This weeks reading for the self study group is: | 12.2 Managing Multiple Domain and Trust Relationships | 40 | 40 | 
|
-
What OU permission allows a user to “Create any OU valid object in the OU, including a sub OU”? Answer: Create All Child Objects Permission. 
|
-
What OU permission allows a user to “Create any OU valid object in the OU, including a sub OU”? 
|
-
SELECT distinct
CS.Name0 AS 'Computer',
isnull(CS.UserName0,HCS.UserName0) AS 'User Name' ,
CS.TimeStamp
FROM
v_GS_COMPUTER_SYSTEM CS Left outer join v_HS_COMPUTER_SYSTEM HCS on CS.ResourceID = HCS.ResourceID
WHERE
HCS.UserName0 is not NULL
and datediff(dd,CS.TimeStamp,getdate()) > 30
Group by
CS.Name0,
CS.UserName0,
CS.TimeStamp,
HCS.UserName0
order by
CS.Name0 
|
-
-
True or False, NTFS permission should always be assigned to a user? Answer: False, NTFS and all permission should be assigned to a Group and the user added to the group. This allows for better management for security. 
|
-
-
True or False, NTFS permission should always be assigned to a user? 
|
-
The OWSUG Self-study group exam review sessions have been posted. Space is very limited, please book only for the session you will attending and have already reviewed the material! These sessions assume that you have reviewed the matter and will be only answering questions that you might have. Location: CTE Solutions Inc. 11 Holland Avenue, Suite 100 Ottawa, ON K1Y 4S1 Canada map All sessions start at 6:00 p.m. with registration at approximately 5:45 p.m. 70-299 self-study group review sessions part 1 on Sept 8 http://www.clicktoattend.com/?id=130863 - How to book the exam
- What to expect on the exam
- Review Chapters 1-5
- Q&A
review sessions part 2 on Sept 15 http://www.clicktoattend.com/?id=130865 - Review Chapters 6-12
- Q&A
- Additional Resources
70-643 self-study group review sessions part 1 on Sept 22 http://www.clicktoattend.com/?id=130872 - How to book the exam
- What to expect on the exam
- Review Chapters 1-4
- Q&A
review sessions part 2 on Sept 29 http://www.clicktoattend.com/?id=130874 - Review Chapters 5-9
- Q&A
- Additional Resources
70-642 self-study group review sessions part 1 on Oct 6 http://www.clicktoattend.com/?id=130868 - How to book the exam
- What to expect on the exam
- Review Chapters 1-4
- Q&A
review sessions part 2 on Oct 15 Notice the date change http://www.clicktoattend.com/?id=130869 - Review Chapters 5-12
- Q&A
- Additional Resources
70-640 self-study group review sessions part 1 on Oct 20 http://www.clicktoattend.com/?id=130866 - How to book the exam
- What to expect on the exam
- Review Chapters 1-8
- Q&A
review sessions part 2 on Oct 27 http://www.clicktoattend.com/?id=130867 - Review Chapters 9-17
- Q&A
- Additional Resources
If you have any questions please free feel to contact Brad or myself 
|
-
What three factors should you use to decide to group server roles? Answer: - High Security: Do not group roles
- Group only common group roles, example DNS and WINS
- Group server roles when risk is acceptable
|
-
What are the forest and domain functional levels? 
|
-
This weeks reading for the self study group is: | 11.2 Configuring the Global Catalog and Application Directory Partitions | 9 | 45 | | 11.3 Configuring Replication | 24 | | | 12.1 Understanding Domain and Forest Functional Levels | 12 | | 
|
-
-
What three factors should you use to decide to group server roles? 
|
-
If you had two Domains, one with High Security template applied and other with Enterprise Client template applied, which workstations could only connect to the Enterprise Client template domain and not the High Security template domain? - Windows for Workgroup
- Windows 95
- Windows 98
- Windows 98SE
- Windows NT 4 workstation
- Windows NT 4 Server
- Windows 2000 workstation
- Windows XP
- Vista
- Linux
- None of the above
Answer: None of the above 
|
-
-
SELECT DISTINCT
ARP.DisplayName0,
ARP.Publisher0,
ARP.Version0,
CS.Name0,
CS.UserName0,
WS.LastHWScan,
BIOS.SerialNumber0,
R.AD_Site_Name0
FROM
dbo.v_GS_ADD_REMOVE_PROGRAMS ARP INNER JOIN dbo.v_GS_Computer_System CS ON ARP.ResourceID = CS.ResourceID
INNER JOIN dbo.v_GS_PC_BIOS BIOS ON CS.ResourceID = BIOS.ResourceID
INNER JOIN dbo.v_R_System R ON CS.ResourceID = R.ResourceID
INNER JOIN dbo.v_GS_WORKSTATION_STATUS WS ON CS.ResourceID = WS.ResourceID
ORDER BY
ARP.DisplayName0 ASC,
CS.Name0 ASC,
WS.LastHWScan DESC 
|
-
If you had two Domains, one with High Security template applied and other with Enterprise Client template applied, which workstations could only connect to the Enterprise Client template domain and not the High Security template domain? - Windows for Workgroup
- Windows 95
- Windows 98
- Windows 98SE
- Windows NT 4 workstation
- Windows NT 4 Server
- Windows 2000 workstation
- Windows XP
- Vista
- Linux
- None of the above
|
-
Which FSMO roles does not matter if all DC are GC and Why? Answer: Infrastructure Role and it is not all that important because all GC will have the most up-to-date information about every object. yes you will still have one but… 
|
-
Are you like me have you accidentally deleted the “All systems” collection instead of a PC? Have you wonder how to get it back? Well after some digging and asking around, I finally determine the answer! (with being pointed in the right direction) <Drum Roll> Install / Reinstall the last service pack! BTW This might work in SMS 2003 too. If you try it and it works please let me know. 
|
-
-
What is include within the Security Option section of a Security Template? Answer: - Setting for GUI
- Legal Notice
- Device Drivers
- Etc.
|
-
This query will display all devices (PCs, routers, etc.) that ConfigMgr / SMS knows about which are not clients. select
Name0,
Resource_Domain_Or_Workgr0,
Operating_system_name_and0,
AD_Site_Name0,
Community_name0
from
v_R_System R
where
R.ResourceID Not in
(Select
CS.ResourceID
From
v_GS_Computer_System CS)
Order by
Name0 
|
-
What is include within the Security Option section of a Security Template? 
|
-
When answering this question “ How to Translate Business Requirement into Solutions?” What two step need to take place? Answer: - Determine the level of security required
- Translate Business requirements into Technical Solution
|
-
Which FSMO roles does not matter if all DC are GC and Why? 
|
-
This weeks reading for the self study group is: | 10.2 Configuring Operation Masters | 16 | 44 | | 10.3 Configuring DFS Replication of SYSVOL | 13 | | | 11.1 Configuring Site and Subnets | 15 | | 
|
-
When answering this question “ How to Translate Business Requirement into Solutions?” What two step need to take place? 
|
-
What are the three ways to results a Certificate Trust issue? Answer: - Use Commercial Certificate
- Build a Cross Certification Infrastructure
- Copy the Root Certificate
|
-
What are the three ways to results a Certificate Trust issue? 
|
-
True or False a RADUS server is needed for demand dial VPN? Answer: False, a Radus server is not needed for demand dial VPN. 
|
-
SELECT
CS.Name0,
CS.UserName0
FROM
dbo.v_GS_COMPUTER_SYSTEM CS
WHERE
CS.Manufacturer0='Microsoft Corporation'
AND CS.Model0='Virtual Machine' 
|
-
Define each of acronym: - DHCP
- DNS
- DoS
- FLZ
- FQDN
- GNZ
- MX
- RLZ
- RP
- SRV
- SYSVOL
- TXT
- WINS
Answer: - DHCP - Dynamic Host Configuration Protocol
- DNS – Domain Name Service
- DoS – Denial of Service
- FLZ – Forward Lookup Zones
- FQDN – Fully qualified domain name
- GNZ – Global Names Zone
- MX – Mail exchanger
- RLZ – Reverse lookup zones
- RP – Responsible person <insert joke here> :-)
- SRV – Service record
- SYSVOL - System Volume
- TXT – Text record
- WINS - Windows Internet Name Service
|
-
SELECT
CS.Name0,
adv.AdvertisementName,
stat.LastStateName,
adv.Comment AS C072,
pkg.Name AS C062,
adv.ProgramName AS C071,
adv.SourceSite,
adv.AdvertisementID
FROM
v_Advertisement adv
JOIN v_Package pkg ON adv.PackageID = pkg.PackageID
JOIN v_ClientAdvertisementStatus stat ON stat.AdvertisementID = adv.AdvertisementID
JOIN v_GS_Computer_System CS ON stat.ResourceID = cs.ResourceID
WHERE
-- sys.Resource_Domain_OR_Workgr0 LIKE 'IR'
and stat.laststatename = 'succeeded'
and datediff(dd,stat.LastStatusTime, '2007-12-09') = 0
ORDER BY
CS.Name0 ASC,
adv.AdvertisementName 
|
-
During a discussion on the myITforum ConfigMgr /SMS mailing this statement was made “It’s never bad admin mojo to provide a report based on what management seeks. You can either do it or you can’t.“ Without going into all of the details of what this person was looking, I will attempt to explain why what this person was looking for is a bad idea.
This is the type of report his Manager was looking for
This is a nice report but is not all that practical. First off the manger wanted ever application, Well the average number of ARP rows per PC is 186! To make matters worse, within the database that I used for this example there are 7107 different applications and that does not included the different versions of some application! So my question is how would you even read such a report assuming you could create it? Secondly I turned the titles 90 digress but that is NOT how it would be outputted via web reports! it would look like the screen shot below. How many columns could you get on a page?
You can quickly see that is report is just not feasible even thou the manager want it!
Every manager that I have meet, never understands ConfigMgr / SMS and will asks the world of it even when it is not feasible, practical or doable and for that matter is never really know what they want. As a ConfigMgr / SMS admin your job is to help them understand and provide them the information to help them do their job, sometime that mean saying “No, that is not a good idea. However if we do it this way....” I throw together these reports as a example only using Excel and Query Analyzer. I did this so that I could remove private data such as PC names, User Names, etc., however all of these reports are real. As a ConfigMgr / SMS Admin should use the power of web reports to give them that they need but in a different format. You will see from the examples below each report lend itself to drill downs from the C–level to Service desk reports. This setup is fairly easy to setup and is useable by everyone, provide the information that is need, in a readable format with little to no modification. For more blog posts on reporting see: SMS Data and Who Should Have Access to Ithttp://smsug.ca/blogs/garth_jones/archive/2007/03/26/232.aspx Garth’s guideline for creating web reports.http://smsug.ca/blogs/garth_jones/archive/2007/05/11/342.aspx C-Level Managers
Count of Application
C-Level – 1
Count of Application X by Departments
Count of Applications by Department
C-Level – 2 List of PCs with Application X in Department Y
And finally service desk and ConfigMgr Staff want to see all details about the PC and will look at the Machine Details report. <report not displayed>
|
-
True or False a RADUS server is needed for demand dial VPN? 
|
-
There are Two type of VPNs and Three protocols, What are they? Answer: VPN Types - Remote Access
- Site-To-Site
VPN Protocols - PPTP
- L2TP/IPsec
- IPSec tunnel mode
|
-
The question of learning T-SQL comes up all the time with ConfigMgr/SMS/MOM/OpsMgr Admins, here are some resources to help you out. Part of this are taken for a previous article I wrote on the subject and it still applies, today. http://www.myitforum.com/articles/18/view.asp?id=5694 Here are two free website to help you learn TSQL. http://sqlcourse.com/ http://sqlcourse2.com/ These two web sites are really two articles or two complete interactive Online SQL training sessions. When I first saw these, I liked their setup. The first site starts off with the basics. From a SMS perspective, here are some of the topics covered: · Table Basic · Selecting Data · Deleting Record · Deleting Tables The second course is an advance course; it covers: · Selecting Data · Function (Min, Max, Count, etc.) · Group by · Having · Order By · Where · Between · Mathematical Operators ( =, >, <, etc) · Joins · Other Database Site Links I have also been using the MS e-learning myself for my 70-649 exam prep, there have a collection of 9 course that you might find interesting, “Writing Queries Using Microsoft® SQL Server™ 2005 Transact-SQL” all of them for less than $300, you can’t go wrong with that! So the next time your boss ask you for a report, ask them to shell out the $300 and some time for you to learn T-SQL, both of you will be happy that you did. Plus if you play your cards right you can also use these course to help you pass an exam such as the 70-431 “Microsoft SQL Server 2005 - Implementation and Maintenance” this exam is useful to all System Center Admins! 
|
-
There are Two type of VPNs and Three protocols, What are they? 
|
-
I found one thing that was not transferred from my old PC to my new PC by using the “Windows Easy Transfer” tool! All my Live Writer setting did not get transferred! Now I have to remember how I setup live Writer so that I could post JPGs. So if you see any test posts, just ignore them. 
|
-
This weeks reading for the self study group is: | 9.2 Configuring and Using Domian Name System | 28 | 47 | | 10.1 Installing Domian Controllers | 19 | | 
|
-
There are two VPN types and three VPN Protocols, what are they? Answer: VPN Types - Remote Access VPN
- Site-to-Site VPN
VPN Protocols - PPTP
- L2TP/IPSec
- IPSec Tunnel Mode
|
-
Define each of acronym: - DHCP
- DNS
- DoS
- FLZ
- FQDN
- GNZ
- MX
- RLZ
- RP
- SRV
- SYSVOL
- TXT
- WINS
|
-
There are two VPN types and three VPN Protocols, what are they? 
|
-
I found this tidbit while studying for the 70-640/649 exam.
You can use the Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA) tool to collect data about an environment's Group Policy configuration. For example, you can use this tool to analyze a Group Policy configuration for the following purposes:
- To search for common configuration errors
- To discover and to diagnose problems
- To collect data for archiving
For more info check out.
http://support.microsoft.com/kb/940122/en-ca 
|
-
What are some of the limitation to technical Controls for password policies? Answer: - Without user training, password complexity might not add any additional security
- Written down passwords
- Sharing passwords
- Only one character being changed in a password
- Passwords reset by Admin staff and will need to be changed immediately
- Overhead of resetting passwords
- Different Password policy within one domain.
|
-
Select
CS.Name0,
WS.LastHWScan
From
dbo.v_GS_COMPUTER_SYSTEM CS,
dbo.v_GS_WORKSTATION_STATUS WS
Where
CS.Resourceid = WS.ResourceID
and datediff(dd,WS.LastHWScan,getdate())< 30 
|
-
Select
ARP.DisplayName0,
HARP.InstallDate0
from
dbo.v_GS_ADD_REMOVE_PROGRAMS ARP,
dbo.v_HS_ADD_REMOVE_PROGRAMS HARP
Where
ARP.ResourceID = HARP.ResourceID
and ARP.ProdID0 = HARP.ProdID0
Group by
ARP.DisplayName0,
ARP.InstallDate0,
HARP.InstallDate0
Having
isnull(ARP.InstallDate0,'1980-1-1') <> Min(isnull(HARP.InstallDate0,'1980-1-1'))
Order by
ARP.DisplayName0,
HARP.InstallDate0 
|
-
select CS.Name0 as 'Computer Name', convert(datetime,isnull(ARP.installdate0,'1980-1-1')) as 'Installed Date' From dbo.v_GS_ADD_REMOVE_PROGRAMS ARP, dbo.v_GS_COMPUTER_SYSTEM CS Where CS.ResourceID = ARP.ResourceID 
|
-
Select Distinct
CS.Name0,
NIC.Description0,
NAC.IPAddress0,
NAC.DefaultIPGateway0,
NIC.*,
Nac.*
from
dbo.v_GS_COMPUTER_SYSTEM CS,
dbo.v_GS_NETWORK_ADAPTER NIC,
dbo.v_GS_NETWORK_ADAPTER_CONFIGUR NAC,
(Select distinct
CS.ResourceID as 'ResourceID',
count (CS.ResourceID) as 'Total'
from
dbo.v_GS_COMPUTER_SYSTEM CS,
dbo.v_GS_NETWORK_ADAPTER NIC,
dbo.v_GS_NETWORK_ADAPTER_CONFIGUR NAC
Where
CS.ResourceID = NIC.ResourceID
and CS.ResourceID = NAC.ResourceID
and NAC.ServiceName0 = NIC.ServiceName0
and NAC.IPAddress0 != ''
and NAC.IPAddress0 != '0.0.0.0'
group by
CS.ResourceID ) CCS
Where
CS.ResourceID = NIC.ResourceID
and CS.ResourceID = NAC.ResourceID
and CS.ResourceID = CCS.ResourceID
and NAC.ServiceName0 = NIC.ServiceName0
and NAC.IPAddress0 != ''
and NAC.IPAddress0 != '0.0.0.0'
and CCS.Total > 1
Order by
CS.Name0,
NIC.Description0,
NAC.IPAddress0,
NAC.DefaultIPGateway0 
|
-
Every so often I get asked/told “Why tell Microsoft about errors within their products! They will not listen to me.”. Well that is not true, take a look at this email I received from MS Learning about an error I found within one of their books. (70-640) 
and 
So sometime in the near future MS will update the errata for this book. So if you find a bug or error that is not covered by the errata for the book, take the time to send an email to publisher about this issue and have it fix/updated. 
|
-
What are some of the limitation to Technical Controls for password policies? 
|
-
Match up the IPv6 address types to their corresponding format Types: - Global unicast
- Link-local
- Loopback
- Site-local
- Unspecified
Format: - ::
- ::1
- All others
- FE80::
- FEC0::
Answer - Unspecified = ::
- Loopback = ::1
- Link-local = FE80::
- Site-local = FEC0::
- Global unicast = All others
|
-
-
When is NTLM preferred over Kerberos, this method is used by many admins to test network connection? Answer: When IP address is used to map a network drive instead of the NetBIOS name. Example \\192.168.1.15\C$ vs \\EnhansoftDC\C$ 
|
-
While reading the MS Press 70-640 book I noticed an error, so I went looking for the errata for this book, here are the erratas for MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory comments and corrections http://support.microsoft.com/kb/955243/en-ca MCTS Self-Paced Training Kit (Exam 70-642): Configuring Windows Server® 2008 Network Infrastructure comments and corrections http://support.microsoft.com/kb/953194/en-ca MCTS Self-Paced Training Kit (Exam 70-643): Configuring Windows Server® 2008 Applications Infrastructure comments and corrections http://support.microsoft.com/kb/951753/en-ca MCITP Self-Paced Training Kit (Exam 70-646): Windows Server® Administration <no errata yet> MCITP Self-Paced Training Kit (Exam 70-647): Windows Server® Enterprise Administration <no errata yet> BTW I was right the answer is just "B" on page 888 for Question 2. 
|
-
When is NTLM preferred over Kerberos, this method is used by many admins to test network connection? 
|
-
What does ktpass.exe do? Answer: ktpass.exe creates key pass files for UNIX workstations used to encrypt ticket requests. 
|
-
What does ktpass.exe do? 
|
-
Match up the IPv6 address types to their corresponding format Types: - Global unicast
- Link-local
- Loopback
- Site-local
- Unspecified
Format: - ::
- ::1
- All others
- FE80::
- FEC0::
|
-
Name all six trust types. Answer: - No trust **** Personally I don't think this is a trust type but I didn't write this book so...
- Trusts between Domain in a Forest
- Shortcut trust
- External trust
- External trust with a non-windows kerberos realm
- forest trust
|
-
70-298 Well all questions have be pre-posted and September 22nd will be the last Q&A for 70-298 exam. 70-640 I will continue to post the weekly Q&As for 70-640 and the last Q&A will be posted on Oct 17th. Remember that the exam review session are Oct. 20th and 27th and I will be leading those sessions. 70-649 Sometime this LONG weekend, I will start working on 70-649 exam and you may see some Q&A for that but it is unlikely, mostly because it is allot of work. Remember to keep an eye on the forums for Q&A for other people or to post your own Q&A. http://owsug.ca/forums/default.aspx?GroupID=2
|
-
Name all six trust types. 
|
-
Well I did it this morning, I wrote and passed 70-298. With passing this exam I now have updated myself to MCSE on Window 2003. So what does this mean to my daily blog post for 70-298 exam. Nothing, almost all sections have already been pre-posted and the few that are not I will try to pre-post the Q&A to my blog this weekend. With passing this exam it also means that I can finally can teach SMS 2003 and ConfigMgr 2007, Long story there. Yes, I’m a MCT, long story there too. Just in case you care I now have these exam to write some time soon. 70-089, 400, 402 (if released), 403 (when/if released), 640, 642, 643, 646, 647, 652 (when out of beta). Now the question is do I go after the Windows 2008,SMS 2k3 or OpsMgr 2k7 exam? Since 70-089 will not give me anything, so I will put that one on the back burner for now. So now it is down to 70-401 and 70-640 or 70-649? I will give it the LONG weekend to decide but I have a feeling that I will pick the 70-640 or 70-649 exam, most because I have a free exam voucher for either exam that expirers Oct 31 2008. I would write the 70-400 exam if the OpsMgr MVPs finished writing the study guide that they started but alas.... <Evil Grin> Finally, for those of you thinking about writing exams, I only started updating my skills from MCSE NT4 to Win 2k3 in December 2007, Since then I have passed 70-401, 620 , 622, 431, 290, 291, 293, 294, and 298, that is almost one exam a month. If I can do it, anyone can. Now it is time for a few Beers, plus it is a long weekend! 
|
-
What are RODC and why are they more secure? Answer: RODC = Read-Only Domain Controllers RODC maintains a small number of cache user accounts and therefore if compromised the affect is limited to those account only. 
|
-
I posted this early because of the long weekend. Have a great long weekend.
This weeks reading for the self study group is:
| 9.0 DNS and IPv6 |
13 |
38 |
| 9.1 Understanding and Installing Domian Name System |
25 |
| 
|
-
What SUS client log Event ID indicates, "Install success"?
Answer:
Event ID 19 indicates "Install success". 
|
|
|
|