MICROSOFT/MCSE

175 Tips for Passing the
Microsoft Windows Professional
70-210 Exam

1. The minimum installation requirement for processors is a Pentium 133MHz or
higher.

2. Windows 2000 Professional can support two processors.

3. The Support folder on the Windows 2000 Professional CD contains the Hardware
Compatibility List (HCL.TXT).

4. The minimum recommended RAM is 64MB. (32MB is minimum supported.) The
maximum RAM supported is 4GB.

5. Installation requires 650MB free disk space and a VGA monitor.

6. Dual-booting is supported for Windows 95, Windows 98, Windows NT 4.0
(Service Pack 4.0 or greater is required), Windows NT 3.51, Windows for
Workgroups 3.11, Windows 3.1, MS-DOS, OS/2, Windows 2000 Server, and
other installations of Windows 2000 Professional.

7. The startup disks (a set of four) can be created from the CD with the
MAKEBOOT.EXE utility in the Bootdisk folder. A 32-bit version of the utility
(MAKEBT32.EXE) is also found in the Bootdisk folder and can be used if you
want to make the boot disks from within Windows 2000 on another machine.

8. Two executable setup files exist: Winnt.exe (for command-prompt and 16-bit
installations) and Winnt32.exe (for 32-bit operating systems).

9. By default, all installations go into the same directory; you cannot choose the
partition during setup.

10. Windows 2000 works with NTFS, FAT, and FAT32 file systems. FAT is needed
for MS-DOS, OS/2, the Windows 3.x operating systems, and the first release of
Windows 95. FAT32 can be used with the second release of Windows 95 (95b)
and Windows 98.
175 Tips for Passing the 70-210 Exam

11. During typical installation, TCP/IP looks for a DHCP server; the option to
manually enter an IP address is not given.

12. In addition to TCP/IP, five protocols are included with Windows 2000
Professional and can be included during installation: AppleTalk (for
communicating with Macintoshes), DLC (for mainframes and network printers),
NetBEUI (for workgroups and older Microsoft operating systems), Network
Monitor Driver (for capturing packets the Network Monitor utility can analyze),
NWLink IPX/SPX/NetBIOS Compatible Transport (for communicating with
NetWare servers).

13. You can specify whether all users must enter a username and password to use the
computer (not the default) or whether Windows should automatically log on a
single user. When Windows automatically logs on a user, it bypasses fundamental
security. This is the default operation for Windows 2000 Professional; you must
change it if you want to require a username and password at each boot.

14. Unattended installations allow you to configure the operating system with little or
no human intervention. There are three primary methods of unattended
installations: RIS (Remote Installation Service) is a service that runs on a
Windows 2000 Server. The System Preparation Tool (Sysprep.exe) is used to
prepare an ideal Windows 2000 Professional workstation to have an image made
of it. Setup Manager is used to create answer files (known as Uniqueness
Database Files, or UDFs) for automatically providing computer or user
information during setup.

15. Upgrades can be done from Windows 95, Windows 98, Windows NT
Workstation 4.0, and Windows NT Workstation 3.51.

16. Winnt32.exe initiates the upgrade from most other operating systems.

17. The Setup Wizard will automatically create a report of devices that could not be
upgraded. You must uncompress any DoubleSpace or DriveSpace volumes before
an upgrade can be started.

18. A service pack is a self-running program that modifies your operating system.
Upgrades to Windows 2000 come in the form of service packs. Each service pack
contains patches and fixes to operating systems components that need such, as
well as additional features.

19. For "Installation disk" errors, change the CD.

20. For "Inadequate disk space" errors, take corrective action to proceed with the
installation.

21. For "Disk configuration errors," make sure you are using hardware compatible
with Windows 2000 Professional by checking the Hardware Compatibility List
(HCL).

22. For "Cannot connect to a domain controller" errors, verify that you are entering
the correct username and password, and that the Caps Lock key is not on.

23. For "Domain name errors," reselect the correct domain name.

24. The permissions, attributes, and characteristics of files and folders depend greatly
on the file system on which Windows 2000 is installed.

25. Share permissions apply only when a user is accessing a file or folder through the
network.

26. Local permissions and attributes are used to protect the file when users are local.

27. The NTFS permissions for a folder are located on the Security tab of its Properties
dialog box.

28. With NTFS, permissions can be individually allowed or denied on a per-folder
basis. You can assign any combination of these values: Full Control, Modify,
Read & Execute, List Folder Contents, Read, and Write.

29. The Advanced command button enables you to configure auditing and ownership
properties. The default for newly created entities is equal to Everyone - Full
Control.

30. The No Access permission that was available in all previous versions of NTFS
(meaning, in Windows NT) does not exist in NTFS 5 and Windows 2000.

31. NTFS file permissions are: Full Control, Modify, Read+Execute, Read, and
Write.

32. The Deny permission overrides all other permissions. In the absence of Deny,
rights accumulate through individual and group assignments, as well as through
folder and file assignments. (In the case of a conflict, file permissions override
folder permissions.)

33. Moving or copying a file to a new directory could change the permissions on an
NTFS file.

34. Using the NTFS file system, it is possible to configure files and folders for file-
level compression if you have Write permissions. Compression conserves disk
space but does not reduce the estimation of how much space the user is utilizing
when computing disk quotas.

35. Encryption and compression settings appear in the same frame on the dialog box.
The two features are mutually exclusive: You cannot compress encrypted files or
encrypt compressed files.

36. Share permissions differ significantly from NTFS permissions: 1) They apply to
users accessing the resource remotely and not locally. 2) They work with
Windows and DOS-based file systems (NTFS, FAT, or FAT32). 3) They work in
conjunction with other permissions.

37. Folder share permissions are: Full Control, Change, Read.

38. A folder can be shared under an unlimited number of names after it has been
shared the first time.

39. NET SHARE enables you to create shares from the command prompt.

40. You can "hide" a share (prevent it from appearing in My Network Places) by
adding a dollar sign ($) to the end of the share name.

41. For every Windows 2000-based computer, three hidden shares are created
automatically: 1) C$ is the root of the computer's drive. A similar share (such as
D$, E$, and so on) will be created for each hard drive partition on a system. 2)
ADMIN$ is the root of the partition on which Windows 2000 has been installed.
3) IPC$ is the remote IPC (InterProcess Connect) share used for networking.

42. If Web services are installed on the same machine you have created the share on,
an additional tab (Web Sharing) appears in the Properties dialog box. By default,
Web sharing is not enabled.

43. Print drivers for Windows 2000, Windows 95/98, and Windows NT 4.0 are
included with Windows 2000. Drivers for earlier versions of NT and other
operating systems are not included on the 2000 CD.

44. To reach the Print Server Properties dialog box, open the Printers folder, and then
choose File, Server Properties.

45. The printer name can contain up to 32 characters; it doesn't have to reflect the
name of the driver in use.

46. For the Internet printer option, you must specify an URL within the Setup Wizard
to go on to the next dialog box.

175 Tips for Passing the 70-210 Exam

47. Bi-directional support allows the printer to send unsolicited messages (such as
"Out of Paper" or "Low on Toner") to the workstation. The Printer Priority
defaults to 1, but it can be any number between 1 and 99.

48. When more than one printer is printing to the same printing device, it is useful to
change priorities (to allow the one with the highest priority to print first).

49. Separator Page lets you choose one of three predefined separator pages or create
one of your own. By default, Windows 2000 does not separate print jobs or use a
separator page.

50. A printer pool is a single logical printer that prints to more than one printing
device. It prints jobs sent to it to the first available printing device and provides
the throughput of multiple printing devices with the simplicity of a single printer
definition.

51. DOS-based applications differ from Windows-based applications in that they
provide their own printer drivers. Most DOS-based applications cannot handle
UNC names.

52. FAT was the standard file system used in older operating systems.

53. Advantages to using FAT in a Windows NT environment: Required file system
for floppy disks, compatible with DOS, Windows 95, and other operating
systems.

54. Disadvantages to using FAT in a Windows NT environment: No security support,
poor support for volumes larger than 512MB, no support for disks larger than
4GB, typically unable to format disks larger than 2GB.

55. Because FAT is limited to 65,535 clusters, it must make the cluster sizes larger
for large volumes. Any disk larger than 400MB should be formatted with a file
system other than FAT so that the cluster size can be kept small.

56. FAT32 was introduced with the release of Windows 95b and is the default file
system there and in Windows 98. It addressed several problems that cropped up
with FAT: 1) FAT was limited to 512 entries in the root directory. All long
filenames used one entry for every 13 characters. FAT32 has no such limitation.
2) FAT could not support large hard drives and stopped formatting at 2GB.
FAT32 supports large hard drives.

57. Benefits of implementing NTFS on a Windows 2000 Professional workstation:
Transaction tracking, file-level security support, file-level compression support,
large volume support.

58. The CONVERT.EXE utility allows you to convert a FAT or FAT32 file system to
NTFS without losing data.

59. The Computer Management utility offers a storage component that provides the
basis for working with disk devices.

60. The heart of most disk operations resides in the Disk Management tool. You must
be a member of Administrators to access this tool.

61. The System volume holds the files needed to boot the system (the boot files); the
Boot volume holds the files needed by Windows 2000 Professional (the system
files).

62. Disk Cleanup always prompts before removing files, but defaults to removing
downloaded program files, temporary Internet files, and temporary offline files.

63. Windows 2000 does include a disk defragmenter. It analyzes the amount of
fragmentation and can take files and rewrite them back to the disk in contiguous
units--thus enhancing performance.

64. Formatting the drive deletes all data on it. Converting the drive to NTFS (using
the Convert.exe utility) does not delete the data.

65. Just as FAT volumes can be converted to NTFS without losing data, but there is
no way back (you must format and lose all data); basic disks can be converted to
dynamic disks, but there is no easy means of converting back. Should you need to
convert back, you must first delete the volumes, and then use the Revert to Basic
Disk command.

66. The advantages of converting to dynamic disks are: 1) Existing partitions become
simple volumes; 2) All fault-tolerant volumes become dynamic volumes.

67. The disadvantages and limitations of converting to dynamic disks are: 1) Cannot
contain partitions or logical drives; 2) Cannot be accessed by operating systems
other than Windows 2000; 3) Dynamic disks are not supported on portable
computers.

68. Removable Storage can be used to manage libraries (multiple media sets),
jukeboxes, and the like. There are two types of recognized libraries: stand-alone
(where you manually change sets) and robotic (automated).

69. Removable Storage works in conjunction with backup and other data management
programs. A more advanced form of Removable Storage is Remote Storage,
which is not included with Windows 2000 Professional.

70. Windows 2000 Professional ships with a DVD Player utility, as well as the usual
CD Player. Like the CD Player, when a disc is placed into a DVD drive, the DVD
Player automatically starts. A DVD decoder is needed to play movies. The
Hardware Compatibility List contains a listing of all compatible decoders and
device drivers.

71. The primary interface for interacting with the display adapter is through the
Device Manager component of Computer Management.

72. Windows 2000 Professional, like Windows 98, supports the use of more than one
monitor for creating the output display. Up to 10 monitors can be combined, with
the desktop display divided between them--each capable of having different
resolution and color depth.

73. One monitor is the primary display, used for the Logon dialog box. This is the
monitor that most programs default to when started, but can then be switched to
another.

74. Windows 2000 uses ACPI for all power management, from shutdown when low
on battery to startup at the touch of a keyboard key. The options that can be
configured from the Power Options applet in Control Panel are: Power Schemes
(allows you to choose the role of the machine), Advanced (choose whether
power-related icons should appear in the taskbar), Hibernate (choose whether this
stage is available).

75. When you are configuring power management, the APM checkbox allows you to
enable Advanced Power Management support.

76. When you disconnect a device, you must tell Windows 2000 that you are going to
do so prior to ejecting/disconnecting to prevent an error.

77. The Add/Remove Hardware Wizard in Windows 2000 Professional's Control
Panel can also be used to uninstall/unplug a device. Uninstalling a device removes
it permanently; unplugging a device merely stops it temporarily.

78. Devices can use only one type of resource, or many types. The Windows 2000
operating system automatically does the work of negotiating the resources in use
with those that are available on the system.

79. System Information is useful for obtaining a quick snapshot of the system.
Beneath Hardware Resources are six subcomponents that offer the system
resource overview: Conflicts/Sharing, DMA, Forced Hardware, I/O, IRQs, and
Memory.

80. Using the Add/Remove Hardware Wizard and choosing to Add a new device can
also be used to add IEEE 1394 bus host controllers, imaging devices, multi-port
serial adapters, SCSI and RAID controllers, tape drives, and a plethora of other
options.

81. Hardware devices use drivers to communicate. Drivers can change, and have a
problem fixed or additional functionality added.

82. Multiple processors can be added to a system to offload the bottleneck on a single
processor and enable intensive operations to be performed quicker. Device
Manger is used to add the additional processors to the system after their
installation.

83. Network adapters should be recognized automatically during boot and configured
by Plug and Play. If they are not, the Add/Remove Hardware Wizard can be used
to install them.

84. Configuration and troubleshooting of installed adapters can be done through: 1)
the Add/Remove Hardware Wizard; 2) right-clicking and choosing properties
from the Local Area Connection icon in Network and Dial-up Connections; 3)
right-clicking on the My Network Places icon on the desktop and choosing
Properties, and then right-clicking and choosing properties from the Local Area
Connection icon in Network and Dial-up Connections, or with the Device
Manager.

85. If Microsoft can verify that executable files do not behave erratically or cause
system problems or identifiable failures, Microsoft signs the file digitally.

86. When an administrator or user attempts to install a new component, the system
automatically looks for the signature. By default, a system always looks for a
driver signature; this feature is known as System File Protection.

87. The driver signature is ignored only when the user is using one of the following
programs: Hotfix.exe, Update.exe, Windows Update, or Winnt32.exe.

88. SIGVERIF.EXE looks for files that are not digitally signed.

89. By default, signature verification search results go to the log file SIGVERIF.TXT.
You are notified when unsigned files are found during searches.

90. Information on an unsigned file includes the name, version, location, type, and
modification date.

91. The System File Checker utility keeps the operating system alive and well.
SFC.EXE automatically verifies system files after a reboot to see whether they
were changed to unprotected copies. Storing system files in two locations
consumes a large amount of disk space.

92. Task Scheduler allows you to configure jobs to run automatically. For a job to run
in unattended mode, a username and associated password with proper permissions
to run the application must be provided.

93. You can delete a scheduled job by deleting its icon, or you can disable a job by
removing the check mark from the Enabled box on the Task tab of the task's
Properties dialog box.

94. Windows 2000 uses two methods of synchronization (to aid mobile users): The
Briefcase and "Offline" versions of needed networked resources.

95. When you select the Make Available Offline choice, the Offline File Wizard
starts. You can have reminders pop up regularly when you are working offline to
tell you that you are not connected to the network.

96. A shortcut can be added to the desktop for the offline material. By default, this
option is not enabled. On a Windows 2000 Server, an administrator can choose to
disable offline access of folders if he or she does not want to make them available
for security reasons.

97. Choosing to make a file non-cacheable prevents it from being available for offline
storage. By default, however, shared resources can be made available for offline
access.

98. The Synchronization Manager offers three tabs: Logon/Logoff (allows you to
configure whether synchronization should occur when you log on and/or log off
or whether you should always be prompted before you take any action), On Idle
(allows you to configure the items to be updated when the system is idle), and
Scheduled (allows you to define synchronization jobs).

99. Resources are a combination of everything internal to the system and external
determinants. The primary tool for gathering usage information in Windows 2000
is the Performance tool, located in the Administrative Tools folder of Control
Panel.

100.
The Performance Monitor has become the Performance snap-in for MMC
(Microsoft Management Console). A baseline is a history of performance over
time and is used to compare against current activity.

101.
Within the System Monitor, the workstation is divided into a number of
different objects. The following objects are normally found in System Monitor:
Browser, Cache, IP, LogicalDisk, Memory, Network Interface, Objects, Paging
File, PhysicalDisk, Process, Processor, Redirector, Server, Server Work Queues,
System, TCP, Telephony, Thread, and UDP.

102.
For each object, System Monitor has one or more counters (subsets of the
overall object). There are two types of counters: actual (a true number or an
average) and percentage (from 0 to 100).

103.
Performance Logs and Alerts fall into three sections: Counter logs, trace
logs, alerts.

104.
The five common areas of bottlenecks include: memory, processor, disk,
network, and applications.

105.
If the amount of RAM you want to allot to the OS is less than what is
installed in your system, you must use the /MAXMEM switch in the BOOT.INI
file. TCP/IP counters are fully enabled only if the SNMP (Simple Network
Management Protocol) service agent is installed.

106.
Most desktop computers should have only one hardware profile because
the hardware will not deviate greatly. The hardware connected to a laptop/mobile
computer can differ from day to day, based on where it is being used.

107.
If a system has multiple hardware profiles, a menu of the choices will
appear during the boot process.

108.
The best insurance against devastating loss when a failure occurs is a
backup of the data that you can turn to when the system is rebuilt. Windows 2000
tools and features for preparing for a failure and recovering from one include
Windows Backup, Emergency Repair Disk, Safe Mode, and Recovery Console.

109.
Windows 2000 uses the term System State data to refer to all the
components the operating system needs to function. System State data on
Windows 2000 Pro is much smaller than what is needed on Windows 2000
Server. On Professional, System State data includes boot files, the Registry, and
COM+ database files.

110.
The User Profile is the portion of the Registry that is customizable for
every user and is stored in NTUSER.DAT. Whenever a user logs in to a system,
he or she automatically creates a local profile on that system, by default.

111.
The profile will be found in {root drive}:\Documents and
Settings\{username}. Profiles can contain the following desktop-related items:
Application information, Cookies, Favorites, Files saved on the desktop, Local
settings, My documents, My pictures, Nethood, Printhood, Recent, Send to,
Shortcuts, Start Menu, and Template items.

112.
To configure a user account to use a roaming profile, set the profile path in
the Properties dialog box for that account. A roaming profile enables a user to
have the same desktop regardless of the machine he or she uses. You can copy or
delete profiles and change their type from the System applet.

113. A
mandatory profile is a deviation on a roaming profile. It's configured
like a roaming profile, but the file is renamed from NTUSER.DAT to
NTUSER.MAN.

114.
Multiple Language Support allows you to create documents that can be
read in different languages and to change the information text presented in
Windows 2000 Pro. To enable multiple languages, you must be a member of the
Administrators group; open the Regional Options applet in Control Panel.

115.
Although multiple languages are turned on at the local machine, they can
be turned off by using settings in a Group Policy (either locally or on a network
you are connected to).

116.
The Unicode standard enables support of multiple languages. Unicode,
and the Unicode Character Set (UCS), has a 16-bit value for each character. This
allows the same character to be interpreted/represented by 65,536 different
entities.

117.
Windows Installer is divided into two components: an installer service for
the client (MSIEXEC.EXE) and package files (which have the extension .MSI).
.MSI files are the applications themselves and most often come from software
vendors, but can be created internally by developers.

118.
MSIEXEC uses the MSI.DLL library to read the package files and
incorporate items from any transform files (with .MST extensions). Transform
files are nothing more than deviations from the MSI routine.

119.
MSI files contain relational databases (multiple tables) of instructions that
need to be carried out. Windows Installer is a component of IntelliMirror and is
tightly integrated with Group Policy. IntelliMirror also includes the ability to
administer user settings, perform remote installation, and mirror data between the
network and local machines.

120.
Windows Installer works: with Windows Explorer, from the command
line, with the Add/Remove program, and within Group Policy.

121.
The Active Desktop can include Web content and desktop icons. The
Properties dialog box is the DESKTOP.CPL file and can be summoned from the
command prompt or the Run dialog box (choose Start, Run).

122.
Windows 2000 allows you to "print" to a fax modem as you would to a
printer. Graphics are converted to .TIF files before they're sent over the
fax/modem; supported modems are class 1, 2, and 2.0.

123.
Windows 2000 does not support fax sharing. The fax modem must be
connected to the workstation.

124.
The Accessibility Options applet allows you to configure the system for
use by individuals with physical disabilities. Configuration can be done in areas
related to the keyboard, mouse, display, or sound. Accessibility features
automatically turn off after a set time. (Five minutes is the default.)

125.
With Windows 2000, you can install any other protocol you want, but you
must install TCP/IP. TCP/IP is necessary for Active Directory and its use of DNS.

126.
When you manually configure a computer as a TCP/IP host, you must
enter the appropriate settings, which are required for connectivity with your
network. To reach the configuration tabs, choose the Network and Dial-Up
Connections applet from the Control Panel, right-click on the network in question,
choose Properties from the pop-up menu, select Internet Protocol (TCP/IP), and
then click the Properties button.

127.
Required TCP/IP network settings: IP address, subnet mask, and default
gateway (router).

128.
The Default Gateway box must be left blank if you are connecting to the
Internet through an Internet Service Provider (ISP). The ISP fills in that
information upon connection.

129.
Name resolution is the process of translating user-friendly computer
names to IP addresses. On a very small network, a static file named HOSTS can
be used to translate host names to IP addresses in place of DNS.

130.
Although host names (and thus DNS) are understood on all operating
systems running TCP/IP, NetBIOS names (and thus WINS) is understood only in
the world of Microsoft operating systems. Eventually, WINS will be completely
phased out in favor of DNS.

131.
On a very small network, a static file named LMHOSTS can be used to
translate NetBIOS names to IP addresses in place of WINS. The Import
LMHOSTS button allows WINS to convert your static file to the WINS service.

132.
DHCP automatically centralizes and manages the allocation of the TCP/IP
settings required for proper network functionality for computers that have been
configured as DHCP clients.

133.
TCP/IP settings that the DHCP client receives from the DHCP server are
only leased to it and must be periodically renewed. This lease and renewal
sequence enables a network administrator to change client TCP/IP settings.

134.
To determine the network settings a DHCP server has leased to your
computer, type IPCONFIG /all at a command prompt.

135.
Windows 2000 offers new parameters for IPCONFIG: /DISPLAYDNS
(shows the contents of the DNS cache), /FLUSHDNS (flushes the contents of the
DNS cache), /REGISTERDNS (renews all leases and DNS configuration),
/SETCLASSID (changes the DHCP class ID), and /SHOWCLASSID (shows the
DHCP class ID for all adapters).

136.
On Windows 95/98 machines, you can get this information from a
graphical utility. Choose Start, Run and then type WINIPCFG to view your IP
configuration. Select the MORE INFO button to see additional information.

137.
If systems are on different subnets and cannot communicate, remember
that TCP/IP requires routing to communicate between subnets.

138.
If the systems were previously able to communicate but can no longer,
suspect your router(s) or changes in software configuration.

139.
The ARP utility can be used to see the entries in the Address Resolution
Table. Use the Event Viewer to examine events and errors that were written to log
files.

140.
The Finger command can return information about a remote host and the
services and users on it. HOSTNAME returns the name the current host is known
as. This utility does not support parameters.

141.
NBTSTAT is a command-line utility that enables you to check the
resolution of NetBIOS names to TCP/IP addresses. NETSTAT is a command-line
utility that enables you to check the status of current IP connections. Executing
NETSTAT without switches displays protocol statistics and current TCP/IP
connections.

142.
NSLOOKUP is a command-line utility that enables you to verify entries
on a DNS server. The PING command sends a series of packets to another
system, which sends back a response. ROUTE is a command-line utility that
enables you to see the local routing table and add entries to it.
143.
Telnet allows you to turn your workstation into a dumb-client and
establish a session with a remote host. The TRACERT utility determines the
intermediary steps involved in communicating with another IP host. It provides a
road map of all the routing an IP packet takes to get from host A to host B.

144.
Windows 2000 Professional offers different methods of working with
network resources. Each of the methods offers different ways of determining what
is available to you and different types of connections you can make to those
network resources.

145.
The Universal Naming Convention (UNC) is a standardized way of
specifying a share name on a specific computer. Share names can refer to folders
or printers. The UNC path takes the form of \\computer_name\share_name. Share
names commonly are limited to 15 characters.

146.
Many 16-bit applications do not work with UNC paths. If you need to
work with a 16-bit application that doesn't work with UNC paths, you must map a
drive letter to the shared folder or connect a port to the network printer.

147.
Shares appear in My Network Places, as do the following icons: Add
Network Place (allows you to connect to shares whether they are folders, Web
sites, or FTP sites), Computers Near Me (shows workgroup computers), and
Entire Network (shows everything that can be found--printers, workstations,
servers, and so on).

148.
The Search feature enables you to look for files and folders, or for people.

149.
You can view the currently shared resources from the command prompt
by typing NET VIEW. You can assign network resources to drive letters from the
command prompt by using the Net Use command and the UNC path of the
resource.

150.
Dial-Up Networking (DUN) enables you to extend your network to
unlimited locations--another computer, a network, or the Internet. With Windows
2000 Professional, the workstation can be used to dial out to servers or have other
clients dial in.

151.
DUN connections can be made via industry standard protocols: Point-to-
Point Protocol (PPP), Point-to-Point Tunneling Protocol (PPTP), and Serial Line
Internet Protocol (SLIP).

152.
The following authentication protocols are supported to make your
connections as secure as possible: CHAP, EAP, MS-CHAP, MS-CHAPv2, PAP,
SPAP, and smart cards.

153.
CHAP is the Challenge Handshake Authentication Protocol, while MS-
CHAP is the Microsoft Challenge Handshake Authentication Protocol (requires
the communication to be between a Microsoft client and a Microsoft server). MS-
CHAPv2 also requires the communication to be between a Microsoft client and a
Microsoft server.

154.
EAP is the Extensible Authentication Protocol; PAP is the Password
Authentication Protocol (uses clear-text authentication).

155.
Smart cards provide a certificate-based authentication.

156.
SPAP is the Shiva Password Authentication Protocol.

157.
The primary difference between MS-CHAP and MS-CHAPv2 is that the
latter is no longer backward compatible for LAN Manager. MS-CHAP allowed
for one-way authentication only; MS-CHAPv2 uses two-way (mutual)
authentication.

158.
Multilink allows you to establish a number of connections to the remote
access server via more than one modem. The speed of the networking session
becomes equal to the speed of all the modem connections combined.

159.
The Encrypting File System (EFS) encrypts and protects file or folder
contents. To use EFS, the file system must be NTFS, and the files must not be
compressed. Some files (system files in particular) cannot be compressed. If you
move/copy an encrypted file to one of these partitions, it becomes unencrypted.

160.
You can use the Export command in the Certificates snap-in to copy your
file encryption certificates to another location. Doing so lets you unencrypt your
files if a restore operation is needed after a media failure.

161.
Group Policies replace, and are a superset of, the System Policies that
existed in previous incarnations of the operating system. Group Polices are
created via the Group Policy Editor--an MMC snap-in. The two primary
divisions of a policy are Computer Configuration and User Configuration.

162.
Settings that are configured under Computer Configuration apply to the
computer, regardless of who is using it. Settings configured under User
Configuration apply only if the specified user is logged on.

163.
In Windows 2000, a user can be granted rights and permissions to
resources in two ways: Individually (she is explicitly assigned a right or
permission through her account), or as a group (she is a member of a group that
has a right or permission).

164.
Each Windows 2000 user account has a unique identifier. To add a user,
you must supply only one value: User Name.

165.
The Profile Path designates a specific location on a specified server where
the user's profile is going to be stored. The user profile contains the user portion
of the Registry in the file NTUSER.DAT.

166.
The most common path entered for the user profile is
\\{SERVER}\{PROFILESHARE}\%USERNAME%, where {SERVER} is
replaced by the name of your server, and {PROFILESHARE} by the name of a
folder for that user's profile. The %USERNAME% variable will expand to the
name of the user, which makes it ideal for use in a template.

167.
The logon script allows an administrator to configure common drive
mappings, run central batch files, and configure the system.

168.
By default, the following local groups are found on all Windows 2000
systems: Administrators, Backup Operators, Guests, Replicator, and Users.
169.
The built-in users and groups cannot be deleted. Attempts to do so will
return an error.

170.
Account policies are divided into two subsections: Password Policy and
Account Lockout Policy.

171.
Password Policy settings apply to all users on the system. It is not possible
to have separate settings by group, user, and so on. Account Lockout Policies are
settings that can be used to automatically lock the account should suspicious
activity occur.

172.
Auditing can be configured on nine pre-defined system events through the
Local Security Policy shortcut within the Administrative Tools folder of the
Control Panel: Audit Account Logon Events, Audit Account Management, Audit
Directory Service Access, Audit Logon Events, Audit Object Access, Audit
Policy Change, Audit Privilege Use, Audit Process Tracking, and Audit System
Events.

173.
When auditing is configured, entries are written to the Security log, which
can be viewed with the Event Viewer.

174.
Two types of user accounts are available in Windows 2000: local and
domain. Domain accounts require the presence of a domain controller, which
must be a server. When you use a domain account, authentication is done to the
Active Directory, and Kerberos is used for authentication. When you use a local
account, the SAM (Security Accounts Manager) database is used for verification.

175.
Security settings for the Professional workstation are in the Local Security
Policy shortcut within the Administrative Tools folder of the Control Panel. This
includes settings for Account Policies and Local Policies.