Syngress knows what passing the exam means to
you and to your career. And we know that you
are often financing your own training and
certification; therefore, you need a system that is
comprehensive, affordable, and effective.
Boasting one-of-a-kind integration of text, DVD-quality
instructor-led training, and Web-based exam simulation, the
Syngress Study Guide & DVD Training System guarantees 100% coverage of exam
objectives.
The Syngress Study Guide & DVD Training System includes:
■
Study Guide with 100% coverage of exam objectives By reading
this study guide and following the corresponding objective list, you
can be sure that you have studied 100% of the exam objectives.
■
Instructor-led DVD This DVD provides almost two hours of virtual
classroom instruction.
■
Web-based practice exams Just visit us at www.syngress.com/
certification to access a complete exam simulation.
Thank you for giving us the opportunity to serve your certification needs. And
be sure to let us know if there’s anything else we can do to help you get the
maximum value from your investment. We’re listening.
www.syngress.com/certification
274_70-290_FM.qxd 8/12/03 12:03 PM Page i
274_70-290_FM.qxd 8/12/03 12:03 PM Page ii
Deborah Littlejohn Shinder
Dr. Thomas W. Shinder
Laura E. Hunter
Technical Reviewer

007 CH3W7E42AK
008 9EU6V4DER7
009 SUPACM4NFH
010 5BVF3MEV2Z
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Managing and Maintaining a Windows Server 2003 Environment Study Guide & DVD Training System
Copyright © 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of
America. Except as permitted under the Copyright Act of 1976, no part of this publication may be
reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of the publisher, with the exception that the program listings
may be entered, stored, and executed in a computer system, but they may not be reproduced for
publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-932266-60-7
Technical Editor:Deborah Littlejohn Shinder Cover Designer: Patricia Lupien
and Thomas W. Shinder M.D Page Layout and Art by: Patricia Lupien
Technical Reviewer: Laura Hunter Copy Editors: Beth Roberts, Michelle Melani
Acquisitions Editor: Jonathan Babcock Indexer: Rich Carlson
DVD Production: Michael Donovan DVD Presenter:Will Schmied
274_70-290_FM.qxd 8/12/03 12:03 PM Page iv
v
Acknowledgments
v
We would like to acknowledge the following people for their kindness and support in
making this book possible.
Karen Cross, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent

(ISBN: 1-928994-29-6), and ISA Server and Beyond (ISBN: 1-931836-66-3). Deb is
also a technical editor and contributor to books on subjects such as the Windows 2000
MCSE exams, the CompTIA Security+ exam, and TruSecure’s ICSA certification. She
edits the Brainbuzz A+ Hardware News and Sunbelt Software’s WinXP News and is
regularly published in TechRepublic’s TechProGuild and Windowsecurity.com. Deb
currently specializes in security issues and Microsoft products. She lives and works in
the Dallas-Fort Worth area and can be contacted at [email protected] or via the web-
site at www.shinder.net.
Thomas W. Shinder M.D. (MVP, MCSE) is a computing industry veteran who has
worked as a trainer, writer, and a consultant for Fortune 500 companies including
FINA Oil, Lucent Technologies, and Sealand Container Corporation.Tom was a Series
Editor of the Syngress/Osborne Series of Windows 2000 Certification Study Guides
and is author of the best selling books Configuring ISA Server 2000: Building
Firewalls with Windows 2000 (Syngress Publishing, ISBN: 1-928994-29-6) and Dr.
Tom Shinder’s ISA Server and Beyond (ISBN: 1-931836-66-3).Tom is the editor of
the Brainbuzz.com Win2k News newsletter and is a regular contributor to
TechProGuild. He is also content editor, contributor and moderator for the World's
leading site on ISA Server 2000, www.isaserver.org. Microsoft recognized Tom's lead-
ership in the ISA Server community and awarded him their Most Valued Professional
(MVP) award in December of 2001.
Technical Editors
274_70-290_FM.qxd 8/12/03 12:03 PM Page vi
vii
Laura E. Hunter (CISSP, MCSE, MCT, MCDBA, MCP, MCP+I, CCNA, A+,
Network+, iNet+, CNE-4, CNE-5) is a Senior IT Specialist with the University of
Pennsylvania, where she provides network planning, implementation, and trou-
bleshooting services for various business units and schools within the University. Her
specialties include Microsoft Windows NT and 2000 design and implementation,
troubleshooting and security topics. As an “MCSE Early Achiever” on Windows 2000,
Laura was one of the first in the country to renew her Microsoft credentials under the

the late nights required to write this book would not be possible. He would also like
to thank Kirk Vigil and Jim Jones for their support and encouragement. Lastly, Chad
would like to thank Olean Rabon and Theresa Johnson for being his greatest fans.
Jeffery A. Martin (MCSE, MCDBA, MCT, MCP+I, MCP, MCNE, CNE, CNA,
CNI, CCNA, CCNP, CCI, CCA, CTT, A+, Network+, I-Net+, Project+, Linux+,
CIW, ADPM) has been working with computers and computer networks for over 15
years. Jeffery spends most of his time managing several companies that he owns and
consulting for large multinational media companies. He also enjoys working as a
technical instructor and training others in the use of technology.
Feridun Kadir (MCP, MCP+I, MCSE, MCT) is a freelance IT consultant and
trainer who has worked in the field of IT since 1988. He remembers selling a TRS-80
home PC with 4Kilobytes RAM (yes kilobytes!) in the early 1980s for over $1,000.
His early IT experience was with UNIX systems and local area networks. In more
recent years he has worked with Microsoft products. Having discovered that he liked
giving presentations he became an MCT and regularly teaches Microsoft technical
courses including Windows NT 4.0,Windows 2000,Windows XP,TCP/IP, SQL
Server Administration and Small Business Server. Feridun also provides IT consulting
services to all types of businesses. Feridun lives with his wife, Liz and son, Jake in
Stansted, Essex in England.
Colin Bowern (MCSE, MCAD, MCSD, MCDBA, CCNA, CCDA, Network+)
is a Senior Consultant at Microsoft Services in Toronto, Canada.Through his work
with enterprise customers and partners, Colin helps information technology profes-
sionals and business leaders understand how to leverage and make better decisions
about how to use technology in their business to gain competitive advantages. Clients
span several industry verticals including financial services, public utilities, and govern-
ment. In addition to consulting, Colin is also an active presenter, speaking regularly in
the Microsoft Developer Network's web casts as well as at a variety of public events
including the TechNet Tour series in Canada. Colin's involvement with the industry
also includes providing technical review for Addison-Wesley's .NET development
series and the Windows Server 2003 series from Microsoft Press. In addition he is also

tration, and other services. As part of an Information Technology team that provides
support to a user base of over 800 civilian and uniform users, his theory is that when
the users carry guns, you tend to be more motivated in solving their problems.
Michael also owns KnightWare (www.knightware.ca), which provides computer-
related services like Web page design; and Bookworms (www.bookworms.ca), where
you can purchase collectibles and other interesting items online. He has been a free-
lance writer for several years, and published over three dozen times in numerous
books and anthologies. He currently resides in St. Catharines, Ontario Canada with
his lovely wife Jennifer and his darling daughter Sara.
274_70-290_FM.qxd 8/12/03 12:03 PM Page ix
x
Eriq Oliver Neale is an Information Technology manager for a large manufac-
turing company headquartered in the southwest. His IT career spans 16 years and just
about as many systems. He has contributed to a number of technical publications,
including several MCSE exam preparation titles. His article on MIDI, still considered
one of the seminal works on the topic, has been reprinted in hundreds of publications
in multiple languages. Most recently, he has been focusing on electronic data privacy
issues in mixed platform environments.When not working in and writing about
Information Technology, Eriq spends time writing and recording music in his home
studio for clients of his music publishing company. On clear nights, he can be found
gazing at the moon or planets through his telescope, which he also uses for deep-space
astrophotography. His PGP public key can be found at
http://eriq.neale.com/EriqNeale.asc.
Will Schmied, (BSET, MCSE, CWNA,TICSA, MCSA, Security+, Network+, A+),
is the president of Area 51 Partners, Inc., a provider of wired and wireless networking
implementation, security and training services to businesses in the Hampton Roads,
Virginia area.Will holds a Bachelor's degree in Mechanical Engineering Technology
from Old Dominion University in addition to various IT industry certifications.
Will has previously authored and contributed to several other publications from
Syngress Publishing, including Building DMZs for Enterprise Networks (ISBN: 1-

and Table of Contents
All of Microsoft’s published objectives for the MCSA/MCSE
70-290 Exam are covered in this book. To help you easily
find the sections that directly support particular objec-
tives, we’ve listed all of the exam objectives below,
and mapped them to the Chapter number in which
they are covered. We’ve also assigned numbers to
each objective, which we use in the subsequent Table
of Contents and again throughout the book to iden-
tify objective coverage. In some chapters, we’ve made
the judgment that it is probably easier for the student to
cover objectives in a slightly different sequence than the order of
the published Microsoft objectives. By reading this study guide and following the cor-
responding objective list, you can be sure that you have studied 100% of Microsoft’s
MCSA/MCSE 70-290 Exam objectives.
274_70-290_map.qxd 8/11/03 4:18 PM Page xi
xii Contents
Objective
Number Objective Chapter Number
2.2 Create and manage computer accounts in an 4
Active Directory environment.
2.3 Create and manage groups. 4
2.3.1 Identify and modify the scope of a group. 4
2.3.2 Find domain groups in which a user is a member. 4
2.3.3 Manage group membership. 4
2.3.4 Create and modify groups by using the Active 4
Directory Users and Computers Microsoft
Management Console (MMC) snap-in.
2.3.5 Create and modify groups by using automation. 4
2.4 Create and manage user accounts. 4

3.3.2 Change ownership of files and shared folders. 5
3.4 Troubleshoot access to files and shared folders. 5
4 Managing and maintaining a Server Environment 1, 3, 7, 8, 9
4.1 Monitor and analyze events. Tools might include 9
Event Viewer and System monitor.
4.2 Manage software update infrastructure 1
4.3 Manage software site licensing. 1
4.4 Manage servers remotely. 7
4.4.1 Manage a server by using Remote Assistance. 6
4.4.2 Manage a server by using Terminal Services 6
remote administration mode.
4.4.3 Manage a server by using available support tools. 7
4.5 Troubleshoot print queues. 7
4.6 Monitor system performance. 9
4.7 Monitor file and print servers. Tools might include 9
Task Manager, Event Viewer, and System Monitor.
4.7.1 Monitor disk quotas. 1
4.7.2 Monitor print queues. 7
4.7.3 Monitor server hardware for bottlenecks. 3
4.8 Monitor and optimize a server environment for 9
application performance.
4.8.1 Monitor memory performance objects. 9
4.8.2 Monitor network performance objects. 9
4.8.3 Monitor process performance objects. 9
4.8.4 Monitor disk performance objects. 9
4.9 Manage a Web server. 8
4.9.1 Manage Internet Information Services (IIS). 8
4.9.2 Manage security for IIS. 8
5 Managing and Implementing Disaster Recovery. 10
5.1 Perform system recovery for a server. 10

Windows NT 3.51 ……………………………………………11
Windows NT 4.0 ………………………………………………11
Windows NT 4.0 Server ……………………………………12
Windows NT Server 4.0 Enterprise Edition …………………12
Windows NT Server 4.0 Terminal Server Edition …………12
Windows 2000 …………………………………………………12
Windows XP/Windows Server 2003 ……………………………12
Windows XP Home Edition …………………………………14
Windows XP Professional ……………………………………14
Windows XP Professional 64-Bit Edition ……………………15
Windows XP Media Center Edition …………………………15
Windows XP Tablet PC Edition ……………………………16
Windows Server Operating System Basics …………………………16
Client-Server Networking ………………………………………17
Centralized Authentication …………………………………17
Centralized Administration …………………………………17
274_70-290_TOC.qxd 8/11/03 4:20 PM Page xv
xvi Contents
Client-Server versus Peer-to-Peer Networking ………………17
The Domain Concept ……………………………………………18
NT Domains …………………………………………………19
Windows 2000/Server 2003 Domains ………………………19
Directory Services ………………………………………………20
What Are Directory Services? ………………………………20
History of Directory Services ………………………………21
Directory Services Standards …………………………………21
NT Directory Services ………………………………………22
Active Directory ……………………………………………22
What’s New in Windows Server 2003? ……………………………23
Why a New Server Operating System? …………………………23

Self Test ………………………………………………………………60
Self Test Quick Answer Key …………………………………………65
1 Chapter 2 Managing Physical and Logical Disks ………………67
Introduction …………………………………………………………68
Understanding Disk Terminology and Concepts ……………………68
Microsoft Disk Terminology ……………………………………71
Physical vs Logical Disks ……………………………………71
Basic vs Dynamic Disks ………………………………………71
Partitions vs Volumes …………………………………………74
Partition Types and Logical Drives ……………………………75
Volume Types …………………………………………………78
Using Disk Management Tools ………………………………………84
Using the Disk Management MMC ……………………………85
Using the Command-Line Utilities ……………………………86
Using diskpart.exe ……………………………………………87
Using fsutil.exe ………………………………………………90
Using rss.exe …………………………………………………91
1
Understanding and Managing Physical and Logical Disks …………91
1.1
Manage Basic Disks ………………………………………………92
When to Use Basic Disks ……………………………………92
Creating Partitions and Logical Drives ………………………92
How to Assign a New Drive Letter …………………………100
How to Format a Basic Volume ……………………………102
How to Extend a Basic Volume ……………………………106
1.1
Managing Dynamic Disks ………………………………………108
Converting to Dynamic Disk Status ………………………108
Creating and Using Dynamic Volumes ……………………110

Remote Storage Best Practices ……………………………170
Troubleshooting Disks and Volumes ………………………………170
Troubleshooting Basic Disks ……………………………………171
New Disks Are Not
Showing Up in the Volume List View ……………………171
Disk Status is Not Initialized or Unknown …………………172
Disk Status is Unreadable ……………………………………173
Disk Status is Failed …………………………………………173
Troubleshooting Dynamic Volumes ……………………………174
Disk Status is Foreign ………………………………………174
Disk Status is Online (Errors) ………………………………175
Disk Status is Offline ………………………………………176
Disk Status is Data Incomplete ……………………………177
Troubleshooting Fragmentation Problems ……………………177
Computer is Operating Slowly ……………………………178
The Analysis and Defragmentation
Reports Do Not Match the Display ………………………178
Volumes Contain Unmovable Files …………………………178
Troubleshooting Disk Quotas …………………………………178
The Quota Tab is Not There ………………………………178
274_70-290_TOC.qxd 8/11/03 4:20 PM Page xviii
Contents xix
Deleting a Quota Entry Gives you Another Window ………179
A User Gets an “Insufficient Disk Space”
Message When Adding Files to a Volume ………………180
Troubleshooting Remote Storage ………………………………180
Remote Storage Will Not Install ……………………………180
Remote Storage Is Not Finding a Valid Media Type ………180
Files Can No Longer Be Recalled from Remote Storage …181
Troubleshooting RAID …………………………………………181

1.4.2
Configuring Resource Settings ……………………………216
Device Installation and Configuration Best Practices …………217
274_70-290_TOC.qxd 8/11/03 4:20 PM Page xix
xx Contents
1.2
Monitoring Server Hardware ………………………………………218
Using Device Manager …………………………………………218
Using Event Viewer ……………………………………………219
Using Control Panel Applets ……………………………………219
Using Command-Line Utilities ………………………………220
Device Console Utility (devcon.exe) ………………………220
Service Control Utility (sc.exe) ……………………………225
4.7.3
Using Performance Console ……………………………………227
Hardware Monitoring Best Practices …………………………230
Troubleshooting Hardware Devices ………………………………231
Diagnosing and Resolving Issues
Related to Hardware Settings …………………………………234
Diagnosing and Resolving Issues
Related to Drivers and Driver Upgrades ……………………235
Last Known Good Configuration …………………………237
Safe Mode …………………………………………………238
System Configuration Utility ………………………………238
Recovery Console …………………………………………239
Emergency Management Services …………………………241
Automated System Recovery ………………………………241
Repairing the Windows Server 2003 Installation …………242
Hardware Troubleshooting Best Practices ………………………242
Summary of Exam Objectives ………………………………………244

Creating and Managing User Accounts ……………………………277
2.4.1
Using the ADUC MMC Snap-In to Create and Manage Users 277
2.6.2/2.6.1/
Managing and Troubleshooting
2.1
User Accounts Via the Properties Tabs ……………………280
Managing User Accounts Via the Pop-Up Menu …………296
Using the Command Line to Create and Manage Users ………300
Using dsadd.exe user ………………………………………300
Using dsmod user …………………………………………303
Using dsquery user …………………………………………306
Using dsget.exe ……………………………………………309
2.3.5/
Automating User and Group Account Creation ………………313
2.4.2
2.4.3
Importing User Accounts ………………………………………315
2.6
Troubleshooting User Accounts ………………………………317
2.3
Creating and Managing Group Accounts …………………………318
2.3.1
Understanding Group Types and Scopes ………………………319
Security and Distribution Groups …………………………319
Local, Domain Local, Global, and Universal Groups ………320
2.3.3/
Using the ADUC MMC
2.3.4
Snap-In to Create and Manage Groups ……………………324

Manage, and Troubleshoot Computers ………………………362
Using dsadd computer ………………………………………363
Using dsmod computer ……………………………………364
Using dsquery computer ……………………………………365
Using dsget computer ………………………………………368
Creating and Managing Domain Controllers …………………370
Creating a New Domain
Controller for an Existing Domain ………………………370
Creating a Domain Controller for a New Forest …………377
Creating a Domain Controller for a New Child Domain …381
Creating a Domain Controller for a New Domain Tree ……384
Assigning Domain Controller Operations Master Roles ……388
2.5
Troubleshooting Computer Accounts …………………………395
Summary of Exam Objectives ………………………………………396
Exam Objectives Fast Track …………………………………………398
Exam Objectives Frequently Asked Questions ……………………400
Self Test ……………………………………………………………402
Self Test Quick Answer Key ………………………………………407
274_70-290_TOC.qxd 8/11/03 4:20 PM Page xxii
Contents xxiii
3
Chapter 5 Managing Access to Resources ……………………409
Introduction ………………………………………………………410
Understanding Access Control ……………………………………410
Defining Access Control ………………………………………411
Access Control Terminology ………………………………411
Access Control Process ……………………………………412
3.1
Understanding and Using Access Permissions ………………………412

Using EFS Encryption ……………………………………………450
Understanding Disk Encryption ………………………………451
Understanding How EFS Works “Under the Hood” …………452
Domain Recovery Policies …………………………………455
Encrypting Files and Folders Using the Graphical Interface …456
Using the cipher.exe
Command to Perform Encryption Tasks ……………………458
274_70-290_TOC.qxd 8/11/03 4:20 PM Page xxiii
xxiv Contents
Applying EFS Best Practices ……………………………………459
Implementing a Public Key Infrastructure …………………………460
Understanding the Function of a PKI …………………………460
Public Key Cryptography …………………………………461
Digital Certificates …………………………………………463
Certification Authorities ……………………………………464
Installing and Using the
Windows Server 2003 Certificate Services ……………………465
Creating the Certificate Authority Hierarchy …………………466
Applying PKI Best Practices ……………………………………470
Summary of Exam Objectives ………………………………………473
Exam Objectives Fast Track …………………………………………474
Exam Objectives Frequently Asked Questions ……………………477
Self Test ……………………………………………………………479
Self Test Quick Answer Key ………………………………………486
Chapter 6 Managing and
Troubleshooting Terminal Services 487
Introduction ………………………………………………………488
Understanding Windows Terminal Services ………………………488
Terminal Services Terminology and Concepts …………………489
How Terminal Services Works ………………………………489