070-290 MCSE Exam Summary

- The Disk Defragment tool needs at least 15% of free disk space. This tool can run with less than 15%but ut will only defragment the disk partially.

- Plug-and-Play devices configure and install themselves automatically. when you switch of the device, the operating system will uninstall the device automatically. You need to scan for the hardware device.

- If a driver is disabled, the oprating system will remove the driver from the memory. When you determine the solution you can enable the driver and fix it or get an update driver from the vendor.

- Roll Back allows you to restore the previous version of USB scanner drivers that were compatible with Windows Server 2003.

- Microsoft tests drivers for their compatibility with Windows operating systems. The drivers that are certified by Microsoft are digitally assigned.If we block unsigned drivers, and then try to install the printer drivers, we'll learn if the drivers are signed or not.

Q) You need to ensure that Amy Walsh is able to install the printers on the print servers but you do not want to give Amy Walsh more permission than she requires.
What should you do?
- Log on as the local Administraotr and enable the driver signing option to ignore file signature verification.

- The Driver Signing Options on Server1 is set to block the installation of unsigned drivers but on server2 and server3 it is set to warn or ignore unsigned drivers. You must configure the Driver Signing options on server3 to also warn or ignore driver signing. This will allow you to install the drivers on server3.

- The driver file is an msi file. Therefore we need to use the Windows Installer(msiexec) to install the driver. We need to use the msiexec command rather than double clicking the msi file in order to use driver rollback.

- Physical hard disk performance improvement? Identical to Drive and create a stripped volume.

- During disk writes, data is written to each disk in the striped volume. Each disk controller writes part of the data to the related disk. This provides improved read/write performance.

- spanned volumes span multiple disks
- RAID-5 requires at least three physical disks.
- Simple volume cannot span multiple disks.

Q)COM1 messages when COM1 and COM2 messages are received at the same time. You need to set the response settings to achieve your objectve.
- Set the Interrupt Request (IRQ) level

Q)different desktop environments ==> standard desktop environments
- Specify a profile pathe to a network share for each employee. Assign only the Allow-Read permission for the share to the Authenticated Users group.
(A mandatory user profile can be used to enforce a uniform desktop environment for the users.)

- If you want to reset the password, you have to should right-click the account. In the scenario the account is disabled.

1. Create a template account named Default Domain User in Active Directory.
2. Log on to the domain as Default Domain User.
3. Configure the desktop and Start menu.
4. Copy the profile for Default Domain User to NETLOGON\Default User.

- Universal Naming Convention(UNC) for the share file that will be used to host the user profiles. By typing this entry, Windows will automatically seek the profile folder named for the user account.

Q) You need to import these accounts to the Active Directory. The file is chown in the following exhibit.- import the computer account into Active Directory with the use of the CSVDE command.
CSVDE 형식은 사용자 개체와 다른 유형의 개체를 Active Directory에 추가할 때만 필요하다

Q) The manager wants you to pre-stage the computer accounts in Active Directory to minimize support that the users will require.
- In the TestDevOU, create the computer accounts.




Q) User A, is on vacation you need to ensure that the attempted intrusion is unsuccessful. Your solution must not compromise the other user's access to the domain.- Use Active Directory Users and Computers to disable the User account.


- Domain Group exam
1-case) Change the scope of the domain local group to global.
2-case) Create another domain group named Z-Z.==> This option will not work you need to keep the two groups synchronized as managers are added and removed from either groups.


- You need to create a group in testking.com so that you can give the appropriate permissions to the group. ==> Create a global security group in the testking.com domain.Place users from the testking.com domain in the new global security group and assign permissions to the group.

- When the functional is raised, only the incremental changes made to a universal group are replicated. When the domain is in Windows 2000 native mode, a cjange in universal group membership will force the entire group's membership information to be replicate across the domain.

- A global security group can be assign permissions anywhere in the forest or trusted domain. You have to change the distribution group to a security group. With a security group you can assign permissions.
- Domain Local group can include members from anywhere in the forest or trusted domain. Changing the scope is unnecessary.


Q)You need to this with the least amount of administrative effort.
- Open User's Properties page and examine the Members of tab.


Q) You create a global named TKMarketing in each office and add the user accounts in the Marketing department to the TKMarketing group. You want to assign permissions to the Marketing users to allow them access to all resources by using the minimum numbers oif group.
- Assign permissions for all appropriate resources throughout the forest th each TKMarketing group.(Domains at that functional level do not support universal security group.)


- Create separate global groups at each office and add user accounts of the Sales users at that office to the new global groups. Create a domain local group and add the global groups from each office to the domain local group. Then assign permissions to the domain local group.



- The functional level is set at Windows 2000 mixed.


- TKSales: Send and receive E-mail messages.(Distribution Group)
- TKAcc: To assign access to network resources.(Security Group)
- TKMrk: To assign access to network resources and distributing E-mail messages.(Security Group)
- TKFin: To assing access to network resources and distributing E-mail messages.(Security Group)


Q) A manager named Rory Allen wants you to set up a group named TestKingResDev, which will consist of the employees of the Research and a Development department. This group will be used to grant access to resources on TESTKING-SR25. They should get access to other resources on other computers. You need to set up a group strategy to meet the manager's requirements.
- Add the TestKing.com employees to the TestKingResDev group and creat a local group named TestKingResDev on TESTKING-SR.


Q) Now you need to apply these settings to the rest of the 12 application servers with the least amount of administrative effort. You export the security settings on TESTKING-SR to a template.
- Add the servers into an OU you have created. Create a GPO and import the template into the GPO and link it to the OU.


- EFS provides a transparent way of encrypting data on NTFS volumes. To use EFS the user must be issued a digital certificate. For the users to use EFS you should create an OU and pacle portable computers in the OU. And link a new GPO to the OU.


- The DSADD command is used to add users, computers, organizational, contacts, and groups to Active Directory.
- The SECEDIT command is used to configure security and compare current settings to a security template.
- The GPDUPATE command is used to refresh group policy setting on local.
- The DCPROMO command is used to promote a member server to a domain controller.


- The Active Directory Users and Computer MMC snap-in allows you to create, modify, move and delete user accounts, computer account, organizational units and groups.


- Dsquer user searches Active Directory for users that match specified credentials. You can use dsquery to findusers and then send a list of those users to another command. Dsmod user modifies the attributes of users in Active Directory.
exam) 1. DSQUERY USER OU=TK_Mrk DC=testking DC=msft|
2. DSMOD USER-PROFILE "\\TESTKING-SR15\Mrk_Profiles\$usemame$"


- You should use the dsadd command to add users to Active Directory from the command line. The dsadd command is used to add new objects to Active Directory, such as users, group or computers.


- User templates so that share common settings can be replicate using a minimum of administrative effort. The commonly userd attribute are transferred by default during the copy operation. The Sales department users are members of common global groups and are allowed to connect to the network using remote dial-in connection.


- You need to configure the Temporary User account to expire in three months.
==> Create a saved LDAP query that will return user accounts. Select all of the user accounts returned by the query and at the same time modify the expired date in their accounts properties.
(Windows Server 2003 supports the configuration of common properties for multiple selected objects. You should create a saved query that will return all temporary user accounts.


- All the properties of an Active Directory object are kept when the objects is moved to another OU whether you use the DSMOVE command or the Active Directory Users and computers MMC snap-in.


- You should use the dsadd command to add users to Active Directory from the command line. The dsadd command is used to add new objects to Active Directorym such as users, group or computers.


- The CSVED command allows you to import and export Active Directory object to and from Active Directory. Too successfully import object you must define it in a comma-dellimited ASCII text file.


- You need to unlock the account. To protect the domain form brute force attackes, account policies can be created using group poplicy to lock a user account if a specified number of failed attempts occur during a specified period of time.


- You are going to store the reaming profiles on a server named TESTKING-SR26. You configure a template user account as in the exhibit.
















Q) You need to accomplish this task without disturbing the other client computers. You also want to accomplsh this task using the least amount of administrative effort.
- Configure auditing of the Everyone group for the files and folders you suspect are being accessed and enable an audit policy for the Finance department OU.


To allow Remote Assistance sessions between the desktop support personnel and users in the other buildings, the firewall between the buildings must be configured to allow Terminal Services traffic to pass on TCP port 3389. Terminal Service traffic uses TCP port 3389.


The issue you have arose because of Clive Wilson and probably other members of the web development team using the local Administrator account of TESTKING-SR23 when wanting to use a Remote Desktop connection to log on to TESTKING-SR32. For security purposes,Remote Desktop Connection does not authenticate any local users that have a blank password. You can resolve this by configuring a password for the local Administrator acount or by informing web developers to use their respective domain user account to log on to TESTKING-SR23.


Q) You want to configure the RDP-Tcp Properties sesstion and time-out settings for all terminal servers by using the minimum amount of administrative effort.
- Create a new OU named TerminalServers.--> Add all terminal servers to the OU
--> Create a new GPO and configure it with the appropriate session and time-out settings. --> Link the GPO to the TerminalSerbers OU.