Table: Preparation for 70-210 Professional Exam

Makeboot.exe (DOS or Win 3.x) or makebt.32.exe (Win 95, 98, NT 2K) if no set up disks to boot from use them. Open the bootdisk on CDROM and execute.
Winnt32.exe/ox = Win NT 4.0 method of creating boot disks, it does not create Win 2K setup disks and is replaced by makeboot.exe and makebt32.exe in W2K

Setup Manager =(setupmgr.exe on CD-ROM support\tools\deploy.cab) answers installation prompts and saves answer results in answer file unattend.txt: configures screen resolution and other hardware and o/s settings during installation process. Setup manager can:

· create distribution share point
· create UDF (uniqueness database file)
· add third-party plug and play drivers and other resources
- add printers, scripts, batch files etc to distribution share

/u:answer file used for unattended installation. File contains answers to prompts
/s:sourcepath =switch that point to location of Win 2K installation files
udf:id this switch is used with UDF file, which overrides values of answer file
/unattend this switch is used with winnt32.exe to create unattended upgrade to W2K

Net use command to map to distribution share point using available drive letter
D:WINNT.EXE /s:I\i386 /u:unattend.txt /udf:machine1,unattend.udf = used to launch unattended install for a computer called machine1
Winnt32 /unattend:test1.txt /s source path initiates unattended installation where source path points to network location of Win setup files. User interaction options: provide defaults, fully automated, hide pages, read only

System Preparation Tool prepares a master image of a computer that contains W2K and any software application that users might need. Can be used with 3^rd party imaging software. To use, you must extract it from the deploy.cab file and place it in the sysprep folder
/pnp= forces setup to detect plug-and-play devices on destination computer.
/quiet (q) = no user intervention. /Reboot: restarts the source computer

Sysprep.exe creates an installation image of source computer that can be copied to target computers. (with switches quiet, nosidgen, pnp). Run sysprep.exe in the sysprep folder to remove all unique parameters from the computer
Sysprep.inf = answer file that provides settings to the Mini-setup wizard to answer all installation prompts. The end result is unattended install of image. You must place sysprep.inf in the sysprep folder or on floppy disk after image is applied, so, mini-setup will not prompt you for every installation parameter. Sysprep.exe triggers Plug and Play into action, so HAL should be similar on image and computer
Sysdiff.exe = to pre-install applications that must be installed during automated Win2K and that do not support scripted installation
Sysdiff /q to install applications that do not contain preformatted installation programs, use q switch to run in unattended mode
Setupcl.exe when copied into the sysprep folder it ensures that each target computer receives a unique SID
Nosidgen parameter ensures that the computer’s SID will not be regenerated (run this if there is no need to duplicate distribution to more computers)
Winnt.sif = answer file in order for setup to read it. Performs fully unattended installation and starts installation from the CD-ROM on each computer (not on network distribution point, used with CD-ROM install only). You must rename the answer file (default unattend.txt to winnt.sif and save to floppy in order for set up to read it and to automate a CD-ROM based installation during install).

OEM = Original equipment manufacturer. OEMPreinstall set to Yes = part of answer file for unattended installation from CD-Rom to copy contents of OEM folder to target computer
When you run setup from Win 2K CD-ROM, the answer file must be named winnt.sif in order for setup to read it and you must ensure that each of the computers supports booting from CD Rom drive. The answer file must include a [Data] section with the UnattendedInstall parameter set to yes, the MSDosInitiated value to 0 and the AutoPartition value set to 1.
A UDB is used to overwrite parts of the answer file that are specific to a particular computer. A UDB is not necessary when the installation is performed on a single computer. A UDB is used for unattended installations on multiple computers from a distribution point but is not used when installation is performed on a single computer. When installing from a CD-Rom, you cannot use a UDB to supply information that is specific to the computer.

RIS (Remote Installation Services) to deploy Win2K over a network from RIS server. Main goal is TCO (total cost of ownership). RIS integrates a few of installation methods. You can use it install W2K with blank hard drive or reinstall Win 2K to repair corrupted installation. RIS needs DHCP serve (for client to obtain IP address), DNS and Active Directory (client finds RIS by querying DNS server to find where Active Directory server (DC) is) and its own partition (2GB min). There are three steps to RIS:

Two ways:

Winnt32 /upgradeonly = to identify installation problems, reports issues as hardware en software incompatibility Utility scans the system and creates text file of results, to save or print.
Readiness Analyzer = Chkupgrd.exe tool (just another term for the same)
Chkupgrde.exe scans the current O/S and hardware for incompatibility with Win Pro
Dosnet.inf = to direct setup from NT 3.51 or 4.0 upgrade for incompatibility uses (to direct the setup how to proceed installation when incompatibilities are discovered)

HTTP = 80; POP3 = 110; Telnet = 23; SMTP = 25; FTP = 21; (FTP requires port 20 to enable data channel).

Slipstreaming = process of combining Windows 2000 installation files with a SP
Upgrade.exe /s = used to apply an SP to a distribution share of the installation files in slip stream mode.

Recover Console = a command-line interface you must boot to using CD-ROM, or start up floppies, or by running winnt32 /cmdcons before a failure. Useful for copying files from CD-ROM or floppy disk to the system folder (WINNT) and configuring services not to start up during the next boot. You can also run chkdsk (to scan disk for file and sector partitions), diskpart (to create and delete partitions), and fixboot (to replace hard drive’s boot sector).
/cmdcons parameter instructs setup to include recover console option to repair installation (is only available once the set up has been completed). NB: You cannot use the Recovery console to copy boot.ini from Win CD because it does not have a copy of the file!
/cmd = switch that configures commands that will run when GUI mode portion of setup is complete, includes cmdlines.txt file

Emergency Repair Disk = to recover system files start up environment (dual-boot), and the registry. Not used to troubleshoot drivers To use, boot a system with Win 2K CD-ROM or start up floppies and choose Repair. Either choose fast repair or Manual Repair.

1. Fast repair: requires no further interaction or choices

2. Manual repair requires user interaction and prompts you

Windows Installer Service Packages to install applications has two functions

.msi file = Win Installer Package that contains all information necessary to tell Win Installer Service how the application should be installed. Install the application as an .msi file. MS Office 2K has their own .msi files. Users do not need local adm. Privileges to use Win Installer to install software.
Msiexec.exe = file reads the msi file and installs the packaged application. (double click .msi to run)

.mst files enable an administrator to customize Windows installer package files, they can apply multiple mst files in a single .msi package.
Transforms allow customization of Win stall packages, are only used in conjunction with .msi files during time of deployment, cannot be applied to existing installation.

Smart card for mobile users enables portability of credentials and eliminates need to transmit sensitive information over networks as authentication tickets. Smart card uses certificate based authentication methods: EAP (Extensible Authentication Protocol) and PPP (Point to Point Prot.)
EAP = critical technology for secure VPN (Virtual Private Network) connections because it offers more security than i.e. CHAP
PAP (Password Authentication Protocol) does not encrypt passwords and is not secure. The PAP client returns a password requested by a RRAS server in plaintext.
SPAP (Shiva Password Authentication Protocol) allows W2K computer to connect to a Shiva LAN Rover,. It does provide encryption of passwords, but it does not protect against server impersonation
CHAP (challenge Handshake Authentication Protocol) is an improvement over PAP and SPAP, because password is never sent over the network link.. However, data encryption is not supported by PAP, SHAP or CHAP. If any of these protocols are selected on the Advanced Security Settings dialog box, then you will receive a warning

MS-CHAP (v2) support data encryption during a dial-up connection session. MS-CHAP is a variation of CHAP that does not require passwords to be stored as plaintext on RRAS server.
MS CHAP v2 provides mutual authentication, stronger initial encryption keys and different encryption keys when sending and receiving.

CA = Certification Authority:
Enterprise CA = required to support smart card log on to W2k domain (does not work with stand alone CA because no access to Active Directory.
SelfCert.exe = utility used for MS Office 2000 to digitally sign macro’s in Office 2K applications

Security template = an .inf file containing security configuration settings. You apply the policy to a standalone or workgroup computer by importing them into the Security settings node of local GPO.
Security configurations in Win2K are Basic, Compatible, Secure and Highly secure

Compatws.inf = enables to run legacy application and loosens default security restrictions when upgrading. After applying, users do not need to be members of Power users to run legacy apps.
Basic.inf = applies the default security settings to the computer that has been upgraded to W2k Pro. It forces the same default security settings as with a clean installation: NB: security settings in W2K are stricter (more secure) than default settings on Win NT and 98 for which reason applications may not run: Use in this case compatws.inf to make application compatible with Win2K!
Securews.inf = not able to run legacy applications because assumed Win2K default security settings are in place (for Windows workstation or standalone servers). This template focuses on configuring more restrictive group membership, enabling policy settings that are part of audit policy and account policy, configuring restricted event log access, and modifying registry settings for security
Securedc.inf = same but used for Windows domain controllers. Does not require encrypted communications
Hisecws.inf /Hisecdc.inf= for resp. workstations and domain controllers. Most restric tive:
It ensures that that any communication over the network is encrypted by IPsec (Internet Protocol Security) Only W2K supports IPsec encryption, no communication possible with pre-W2K computers! After the template is applied, W2K Pro computers will require IPSec encryption for all network communications. Use MMC snap in Security Configuration & Analysis.and then apply the template to the computer. You can also use an OU and then a GPO to apply the template to the OU.
Poledit.exe = although available in W2K, primarily a NT 4.0 tool to create system policies applied to NT users.

VPN (Virtual Private Network) is an extension of a private network that uses public network communication. The Internet is the primary public network utilized in VPN’s. To transfer data securely over public networks, the date is first encapsulated with a header that provides information about the data’s destination. The data payload is then encrypted for confidentiality. Without encryption confidentiality is not ensured while the data travels over a public network. During a VPN session, a virtual tunnel is established through the public network that allows encrypted data.
VPN connections supported by W2K :
PPTP = (Point-to-Point Tunneling Protocol) and L2TP (Layer Two Tunneling Protocol) over IPSec (Internet Protocol Security). They provide encapsulation, authentication and data encryption.

SSL (Secure Sockets Layer), provides secure HTTP communications over TCP/IP networks to encrypt data during HTTP session.
SLIP (Serial Line Internet Protocol) = and older remote access standard originally used by UNIX remote access servers. SLIP does not provide support for VPN Connections. (Replaced by IPSec)

Administering Resources. NTFS & Share Permissions ^{Note 2}