MCSA/MCSE
Self-Paced Training Kit, 2nd
Edition
Microsoft Windows 2000 Professional
Exam 70-210 (BLUE Book Cover)
Chapter 14 [309]: Securing Resources
with NTFS Permissions
NTFS folder permission
Read
Write
List Folder Contents
Read & Execute
Modify
Full Control
NTFS file permissions
Read
Write
Read & Execute
Modify
Full Control
Access control list (
Access control entry (ACE)
Effective permissions: the sum of the
NTFS permissions that you assign to the individual user account and to all of
the groups to which the user belongs.
Deny permission: overrides all instances where that permission is allowed.
Permission inheritance:
336 Avoid permission problems
Cache: Copies of files stored in a reserved portion
of disk space.
Manual Caching For Documents
Automatic Caching for
Documents
Automatic Caching for
Programs
Offline Files Mover (Cachemov.exe): used to change the location of the cache
In a workgroup, no
centralized database of user accounts exists,
Therefore, you must create the same user account with the same password on each
computer in the workgroup.
Chapter 16 [374]:
Auditing Resources and Events
Auditing allows you to track
both user activities and Win 2k activities called events.
Security log: maintains a record of valid and invalid logon
attemps and events related to creating, opening, or
deleting files or other objects.
Audit Plicy: defines the
types of security events that Win 2k records in the security log on each
computer.
Auditable Events:
Track
trends of system use
Event Viewer: Application log, Security log, System log
Filtering and finding events
Windows 2000 Pro Audit Policy:
Administrative Tools à Local Security Policy à Local Security Settings à Local Policies à Audit Policy à Select type of event to audit à Action menu à Security à Check success or Failure check box
Chapter 17: Group Policy and Local Security Policy
[398]
Password policy:
Password history – 1 to 24
Max password age – default 42 days; range 0 to 999
Reversible encryption – (CHAP) Challenge Handshak0e Authentication Protocol
Account lockout policy thru either Group Policy snap-in or the Local
Security Settings window
Acc lockout duration – 0 to 99999 minutes = 69.4 days
Reset acc lockout counter after – 1 to 99999 minutes
Security Options
Chapter 19: Backing Up and Restoring Data
Chapter 18: Managing Data Storage
Compression
Disk quotas [419]
Disk thresholds
Quota limits
Copying and moving compressed files and folders:
Compression:
Bitmaps will often compress
to less than 50 percent
Do not store compressed
files, in a compressed folder
Compress static data rather
than dynamic
Causes performance
degradation when you copy or move
Microsoft Encrypting File System (
Cipher Command: [429]
Utility that provides the
ability to encrypt and decrypt files and folders from a command prompt.
cipher
[/e | /d] [/s:folder_name] [/a] p/i]
[/f] [/q] [/h] [/k] [file_name […]]
If the owner’s private key is
unavailable, a person designated as the recovery
agent can open the file using his or her own private key, which Is applied to the
Disk defrag 434
Default Recovery Agent is administrator of the local computer unless the
computer is a member of a domain, domain administrator.
Ntbackup
command
Windows Backup: type ntbackup to
open utility
Normal backup: all selected files and folders are backed
up. Doesn’t rely on markers; any
existing marks are cleared and each file is marked as having been backed up.
Copy backup: all selected files and folders are backed
up. Neither looks for nor clears
markers; use a copy backup between a normal and incremental backup to create an
archival snapshot of network data.
Incremental backup: only selected files and folders
that have a marker are backed up, and then the backup clears markers; if you did two
incremental backups in a row on a file
and nothing changed in the file, the file would not be backed up the second
time.
Differential backup: only selected files and folders
that have a marker are backed up, but the backup doesn’t clear markers. If you did tow differential backups in a row
on a file and nothing changed in the file, the entire file would be backed up
each time.
Daily: All selected files and folders that have
changed during the day are backed up. Doesn’t clear the markers; if you want to back up all files and
folders that change during the day, use a daily backup.
Combining backup types:
Normal and differential backups: Monday – normal backup; Tue through Fri - differ
backups
Normal and incremental backups: Monday –
normal backup; Tue thru Fri, incremental backups
Normal, differential, and copy backups: Same as first , except that on Wed,
perorm copy backup
Scheduling Backup Jobs [450]
Restoring Data [457]
Chapter 20: Monitoring Access to Network
Resources
[473]
Monitoring open files
(computer management
Disconnect users from open
files
Sharing a folder on a remote
computer with
Monitoring user sessions
Send administrative messages
to Users
Chapter 21: Configuring Remote Access [486]
Win NT v4 includes support for several authentication
protocols used to verify the credentials of users connecting to the network.
Win 2000 also includes:
EAP: An extension to the
Allows for
an arbitrary auth mechanism to validate.
·
Generic token
cards
·
MD5-CHAP
·
Transport Level
Security (
RADIUS –
Remote Authentication Dial-in User Service
Win 2k can act as a RADIUS
client, a server, or both.
A RADIUS client, typically an
Windows 2000 Internet
Authentication Services (IAS) performs authentication
Internet Protocol Security:
IPSec is a set of security protocols and cryptographic
protection services for ensuring secure private communications over IP
networks.
Clients negotiate a security
association (SA) that acts as a private key to encrypt the data flow.
L2TP:
Similar to PPTP in that its primary purpose is to create an encrypted tunnel
through an untrusted network. But also provides tunneling but not
encryption. Provides a
secure tunnel by cooperating with other encryption technologies such as IPSec.
Key differences between PPTP and L2TP:
Remote Access Service (
Allowing inbound dial-up
connections
Make a new connection
Dial0up to a private network
option
Authentication Protocols (NT4):
New Authentication Protocols(Windows
2000):
Extensible Authentication Protocol (EAP): An extension
to the Point-to-point protocol (PPP) that works with dial-up, PPTP, and L2TP
clients. Allows for
arbitrary authentication mechanism to validate a dial-in connection. Support authentication by using the
following:
Remote Authentication Dial-in User Service (RADIUS): Provides
authentication and accounting services for distributed dial-up networking. Windows 2000 can act as a RADIUS client, a
RADIUS server, or both.
RFC 2138/2139
RADIUS Client: Typically an ISP dial-up server; a remote
access server receiving authentication requests and forwarding requests to a
RADIUS server. Configure RADIUS clients
on the Securities tab in the remote access server’s Properties dialog box.
RADIUS Server: Validates the RADIUS client request. Windows 2000 Internet Authentication Services
(IAS) performs authentication.
2000 Internet Authentication Services (IAS): Stores RADIUS accounting information from RADIUS
clients in log files.
Internet Protocol Security (IPSec): Set of
security protocols and cryptographic protection services for ensuring secure
private communications over IP networks.
Aggressive protection against private network and Internet attacks while
retaining ease of use. Clients negotiate
a security association (SA) that acts as a private key to encrypt the data
flow.
Layer Two Tunneling Protocol (L2TP): Provides
tunneling but not encryption; secure tunnel by cooperating with other
encryption technologies such as IPSec; creates secure
VPN connection; requires only that the tunnel media provide packet-oriented,
point-to-poing connectivity; can use UDP, Frame Relay
PVCs, x.25 VCs, or ATM VCs to operate over an IP
network; uses PPP encryption; requires IPSec for
encryption; supports header compression; supports tunnel authentication
PPTP: Requires an IP-based transit network; does
not support header compression;
Bandwidth Allocation Protocol (BAP) Bandwidth
Allocation Control Protocol (BACP):
: Enhance multilinked devices by dynamically
adding or dropping links on demand; useful for carrier charges based on
bandwidth use; both use PPP control
protocols and work together to provide bandwidth on demand;
Allow Incoming Connections
Allow/deny Incoming Virtual
Private Connection page
Select network components you
want to enable for incoming connections
Outbound Connections:
Chapter 22: Windows 2000 Boot Process
Windows 200 Boot process, five stages:
|
Files used when windows boots [502] |
|
||
|
File |
Location |
Boot Stage |
|
|
Ntldr |
System partition root (C:\) |
Preboot and boot |
|
|
Boot.ini |
System partition root |
Boot |
|
|
Bootsect.dos |
System partition root |
Boot (optional) |
|
|
Ntdetect.com |
System partition root |
Boot |
|
|
Ntbootdd.sys |
System partition root |
Boot (optional) |
|
|
Ntoskrnl.exe |
Systemroot\System 32 |
Kernel load |
|
|
Hal.dll |
Systemroot\System 32 |
Kernel load |
|
|
System |
Systemroot\System 32\Config |
Kernel initialization |
|
|
Device drivers (*.sys) |
Systemroot\System 32\Drivers |
Kernel initialization |
|
Pre-boot Sequence:
Boot Sequence:
4 Phases of Boot Sequence:
Initial Boot Loader Phase: Ntldr switches the microprocessor from real mode to 32-bit
flat memory mode, which Ntldr requires to carry out
any additional functions. Next, Ntldr starts the appropriate minifile
system drivers. The minifile
system drivers are built inot Ntldr
so that Ntldr can find and load Windows 2000 from
partitions formatted with either FAT or NTFS.
Operating System Selection: Ntldr reads the Boot.ini file. Default parameter in Boot.ini will
automatically start an OS.
Hardware Detection: Ntdetect.com and Ntoskrnl.exe
perform hardware detection. Ntdetect.com
executes after you select Win 2k on the Please Select and OS Screen.
Configuration Selection: The Hardware
Profile/Configuration Recovery Menu – list of the HW profiles that are set up
on the computer.
NTdetect.com
collects a list of currently installed hw components
and returns this list to Ntldr for later inclusion in
the registry under the HKEY_LOCAL_MACHINE\HARDWARE key.
Ntdetect.com detects the
following components:
Kernel load: Ntoskrnl.exe loads and initializes device
drivers and loads services.
Kernel initialization: Ntldr passes control to the kernel; system displays a
graphical screen with a status bar indicating load status. Four tasks are accomplished:
|
Error control values and Resulting Action |
|
|
|
0x0 (Ignore) |
Boot sequence ignores the
error and proceeds without displaying an error message |
|
|
0x1 ( |
Boot sequence displays an
error message but ignored the error and proceeds |
|
|
0x2 (Severe) |
Boot sequence fails and
then restarts using the LastKnownGood control set;
if already using this, then ignores the error and proceeds |
|
|
0x3 (Critical) |
Boot sequence fails and
then restarts using the LastKnownGood control set;
if this set is causing the critical error, the boot sequence stops and
displays an error message |
|
|
|
|
|
Logon
Windows 2000 control sets
The Last Know Good Process: [509]
Advanced Boot Options [512]
Boot.ini file:
in the active partition; ntldr uses info in this file
to display the Please Select the OS to Start menu.
ARC Paths Advanced RISC [reduces instruction set
computing] Computing: paths pointing to the computer’s boot partition.
Multi(0)disk(0)rdisk(1)partition(2)
Boot.ini Switches [517]: to provide
additional functionality.
/base video
/fastdetect=[comx|comx,y,z]
/maxmem:n
/noguiboot
/sos
Safe Mode: Press F8 during the OS selectin
phase.
Install recovery console:
<cd_drive>:\i386\winnt32
/cmdcons
Recovery console: [520]
Chdir (cd)
Chkdsk
Cls
Copy
Delete
Dir
Disable
Enable
Exit
Fdisk
Fixboot
listsvc
Fixmbr
Format
Help
Logon
Map mkdir
(md)
More
Rmdir (rd)
Rename (ren)
Type
I386> winnt32 /cmdcons
Chapter 23 Deploying Windows 2000:
To install the installation deployment tools: [528]
Setup Manager Options:
Use Setup Manager to create an “Unattended Setup
Script” [531]
o
Provide Defaults
o
Fully Automated
o
Hide Pages