1. Logical Diagram of Active Directory?

What is the difference between child domain & additional

domain server?
2. Port numbers?

FTP: 21 TELNET: 23 SMTP: 25

DNS: 53 DHCP: 67 KERBEROS: 88
POP3: 110 NNTP: 119 IMAP: 143
SNMP: 161 LDAP: 389 SSL: 443
MS-DS-AD: 445 RPC: 530 LDAP-S: 636
IMAP-S: 993 POP-S: 995 Lotus Notes: 1352
Sametime: 1533 MS-PPTP: 1723 MS-RDP: 3389

3. What is Kerberos? Which version is currently used by Windows? How does Kerberos work?
A) Kerberos is the user authentication used in Win2000 and Win2003 Active Directory servers
Kerberos version is 5.0. Port is: 88. It’s more secure and encrypted than NTLM (NT authentication)

Kerberos makes use of a trusted third party, termed a Key Distribution Center (KDC), which consists
of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS).
Kerberos works on the basis of "tickets" which serve to prove the identity of users.

The KDC maintains a database of secret keys; each entity on the network – whether a client or a
server – shares a secret key known only to itself and to the KDC. Knowledge of this key serves to
prove an entity's identity. For communication between two entities, the KDC generates a session
key which they can use to secure their interactions.

4. What are FSMO Roles? List them.

A) Flexible Single Master Operation Roles (FSMO) roles are server roles in a Forest
There are five types of FSMO roles
1. Domain Naming Master – Forest Wide Roles
2. Schema Master – Forest Wide Roles
3. RID Master – Domain Wide Roles
4. PDC Emulator – Domain Wide Roles
5. Infrastructure Master – Domain Wide Roles

Domain Naming Master: Adding / Changing / Deleting any Domain in a forest it takes care
Schema Master: It maintains structure of the Active Directory in a forest.
RID Master: It assigns RID and SID to the newly created object like Users and computers. If RID
master is down (u can create security objects upto RID pools are available in DCs) else u can’t
create any object one its down
PDC emulator: It works as a PDC to any NT BDCs in your environment. It works as Time Server (to
maintain same time in your network). It works to change the passwords, lockout, etc.
Infrastructure Master: This works when we are renaming any group member ship object this role
takes care.

5. Describe the lease process of the DHCP server.

A) A DHCP lease is the amount of time that the DHCP server grants to the
DHCP client permission to use a particular IP address. A typical server
allows its administrator to set the lease time.
It’s a four-step process consisting of
(a) DHCP discovery,
(b) DHCP offer,
(c) DHCP Request and
(d) DHCP Acknowledgement.

6. WHAT IS THE FUNCTION OF DHCP?

A) Providing IP address dynamically
7. Boot process in windows nt/xp/2000/2003

Boot Loader Phase

The boot loader phase varies by platform. Since the earlier phases are not specific to the OS, the
boot process is considered to start:
• For x86 or x64: when the partition boot sector code is executed in real mode and loads
NTLDR
• For IA-64: when the IA64ldr.efi EFI program is executed (later referred as simply IA64ldr)
From that point, the boot process continues as follows:
1. An NTLDR file, located in the root folder of the boot disk, is composed of two parts. The first
is the StartUp module and immediately following the OS loader (osloader.exe), both stored
within that file.
2. When NTLDR is loaded into memory and control is first passed to StartUp module, the CPU is
operating in real mode. StartUp module's main task is to switch the processor into protected
mode, which facilitates 32-bit memory access, thus allowing it to create the initial Interrupt
descriptor table, Global Descriptor Table, page tables and enable paging. This provides the
basic operating environment on which the operating system will build. StartUp module then
loads and launches OS loader.
3. NTLDR's OS loader includes basic functionality to access IDE-based disks formatted for NTFS
or FAT file systems, or also CDFS, ETFS or UDFS in newer operating system versions. Disks are
accessed through the system BIOS, through native ARC routines on ARC systems, or via network
using TFTP protocol. It should be noted that all BIOS calls are done through virtual 8086 mode
beyond this point, because the BIOS can not be accessed directly within protected mode. If the
boot disk is a SCSI disk, an additional file, Ntbootdd.sys is loaded to handle disk access in place
of the default routines. This is a copy of the same SCSI miniport driver that is used when
Windows is running.
4. The boot loader then reads the contents of boot.ini to locate information on the system
volume. At this point, the screen is cleared, and in the Windows 2000 or later versions of NTLDR
and IA64ldr which support system hibernation, (Windows 2000 or later), the root directory
default volume as defined in boot.ini is searched for a hibernation file, hiberfil.sys. If this file is
found and an active memory set is found in it, the contents of the file (which will match the
amount of physical memory in the machine) are loaded into memory, and control is transferred
into the Windows kernel at a point from which hibernation can be resumed. The file is then
immediately marked as non-active, so that a crash or other malfunction cannot cause this (now-
outdated) memory state to be re-loaded. If a state resume fails, the next time NTLDR runs it will
ask the user whether to try resuming again or to discard the file and proceed with normal
booting.
5. If boot.ini contains more than one operating system entry, a boot menu is displayed to the
user, allowing the user to choose which operating system is to be loaded. If a non NT-based
operating system such as Windows 98 is selected (specified by an MS-DOS style of path, e.g.
C:\), then NTLDR loads the associated "boot sector" file listed in boot.ini (by default, this is
bootsect.dos if no file name is specified) and passes execution control to it. If an NT-based
operating system is selected, NTLDR runs ntdetect.com, which gathers basic information about
the computer's hardware as reported by the BIOS. At this point in the boot process, NTLDR
clears the screen and displays a textual progress bar, (which is often not seen on XP or 2003
systems, due to their initialization speed); Windows 2000 also displays the text "Starting
Windows..." underneath. If the user presses F8 during this phase, the advanced boot menu is
displayed, containing various special boot modes including Safe mode, with the Last Known
Good Configuration, with debugging enabled, and (in the case of Server editions) Directory
Services Restore Mode.
6. Once a boot mode has been selected (or if F8 was never pressed) booting continues. If an
x64 version of Windows is being booted (Windows XP Professional x64 Edition or Windows
Server 2003 x64 Editions), the CPU is now switched into Long mode, enabling 64-bit addressing.
7. Next, the Windows kernel Ntoskrnl.exe and the Hardware Abstraction Layer hal.dll are read
into memory. If either of these files fails to load, the message "Windows could not start because
the following file was missing or corrupt" is displayed to the user, and the boot process comes
to a halt.
8. If multiple hardware configurations are defined in the registry, the user is prompted at this
point to choose one. With the kernel in memory, boot-time device drivers are loaded (but not
yet initialized).
 9. This information (along with information on all detected hardware and Windows Services) is
stored in the HKLM\SYSTEM portion of the registry, in a set of registry keys collectively called a
Control Set. Multiple control sets (typically two) are kept, in the event that the settings
contained in the currently-used one prohibit the system from booting. HKLM\SYSTEM contains
control sets labeled ControlSet001, ControlSet002, etc., as well as CurrentControlSet. During
regular operation, Windows uses CurrentControlSet to read and write information.
CurrentControlSet is a reference to one of the control sets stored in the registry. Windows picks
the "real" control set being used based on the values set in the HKLM\SYSTEM\Select registry
key:
• Default will be NTLDR or IA64ldr's choice if nothing else overrides this.
• If the value of the Failed key matches Default, then NTLDR or IA64ldr displays an
error message, indicating that the last boot failed, and gives the user the option to try
booting, anyway, or to use the "Last Known Good Configuration".
• If the user has chosen Last Known Good Configuration from the boot menu, the
control set indicated by the LastKnownGood key is used instead of Default.
•
10. When a control set is chosen, the Current key gets set accordingly. The Failed key is also set
to the same as Current until the end of the boot process. LastKnownGood is also set to Current
if the boot process completes successfully.
For the purposes of booting, a driver is either a "Boot" driver that is loaded by NTLDR or IA64ldr
prior to starting the kernel and started before system drivers by the kernel, a "System" driver,
which is loaded and started by ntoskrnl.exe after the boot drivers or an "Automatic" driver which is
loaded much later when the GUI already has been started.
"Boot" drivers are almost exclusively drivers for hard-drive controllers and file systems (ATA, SCSI,
file system filter manager, etc.); in other words, they are the absolute minimum that ntoskrnl.exe
will need to get started with loading other drivers, and the rest of the operating system. "System"
drivers cover a wider range of core functionality, including the display driver, CD-ROM support, and
the TCP/IP stack.
The appropriate file system driver for the partition type (NTFS, FAT, or FAT32) which the Windows
installation resides on is also loaded.
With this finished, control is then passed from NTLDR or IA64ldr to the kernel. At this time, Windows
NT shows the famous "blue screen" displaying number of CPUs and the amount of memory
installed, whilst Windows 2000, XP and 2003 switch into a graphical display mode to display the
Windows logo.
Kernel loading phase
The initialization of the kernel subsystem and the Windows Executive subsystems is done in two
phases.
1. During the first phase, basic internal memory structures are created, and each CPU's
interrupt controller is initialized. The memory manager is initialized, creating areas for the
file system cache, paged and non-paged pools of memory. The Object Manager, initial
security token for assignment to the first process on the system, and the Process Manager
itself. The System idle process as well as the System process are created at this point.
2. The second phase involves initializing the device drivers which were identified by
NTLDR as being system drivers. Through the process of loading device drivers, a "progress
bar" is visible at the bottom of the display on Windows 2000 systems; in Windows XP and
Windows Server 2003, this was replaced by an animated bar which does not represent
actual progress. Prior to Windows XP, this part of the boot process took significantly longer;
this is because the drivers would be initialized one at a time. On Windows XP and Server
2003, the drivers are all initialized asynchronously.
Session Manager
Once all the Boot and System drivers have been loaded, the kernel (system thread) starts the
Session Manager Subsystem (smss.exe).
Before any files are opened, Autochk is started by smss.exe. Autochk mounts all drives and checks
them one at a time whether they were not shut down cleanly before. In that case it will
automatically run chkdsk, however just before the user can abort this process by pressing any key
within 10 seconds (this was implemented in Windows NT 4.0 Service Pack 4, in earlier versions you
could not skip chkdsk). Since Windows 2000, XP and 2003 show no text screen at that point (unlike
NT, which still shows the blue text screen), they will show a different background picture holding a
mini-text-screen in the center of the screen and show the progress of chkdsk there.
At boot time, the Session Manager Subsystem:
• Creates environment variables
 (HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment)
• Starts the kernel-mode side of the Win32 subsystem (win32k.sys). This allows
Windows to switch into graphical mode as there is now enough infrastructure in place.
• Starts the user-mode side of the Win32 subsystem, the Client/Server Runtime Server
Subsystem (csrss.exe). This makes Win32 available to user-mode applications.
• Creates virtual memory paging files
(HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management)
• Any rename operations queued up are performed. This allows previously in-use files
(e.g. drivers) to be replaced as part of a reboot.
• Starts the Windows Logon Manager (winlogon.exe). Winlogon is responsible for
handling interactive logons to a Windows system (local or remote). The Graphical
Identification and Authentication (GINA) library is loaded inside the Winlogon process, and
provides support for logging in as a local or Windows domain user.
The Session Manager stores its configuration at HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager. The exact operation of most of these items is based on the configuration set in the
registry.
Winlogon
Winlogon is responsible for responding to the secure attention key (in Windows this is the Control-
Alt-Delete key combination), loading the user profile on logon, and optionally locking the computer
when a screensaver is running. In Windows Vista and later operating systems, Winlogon's roles and
responsibilities have changed significantly.
1. Winlogon calls GINA
1. GINA begin logon prompt is displayed (image)
2. User presses SAS (Control-Alt-Delete)
3. GINA logon dialog is displayed
4. User inputs credentials (Username, Domain and Password)
5. GINA passes credentials back to Winlogon
2. Winlogon passes credentials to LSA
• LSA determines which account databases is to be used
o Local SAM
o Domain SAM
o Active Directory
3. Winlogon (loaded by SMSS)
• At this point, Winlogon starts the Service Control Manager (SCM), which in turn will
start all the Windows services that are set to "Auto-Start". The Local Security Authority
Subsystem Service (lsass.exe) is also started, which enforces the local security policy
(checking user permissions, creating audit trails, doling out security tokens, etc.).
• userinit.exe
Logon phase
After a user has successfully logged in to the machine, Winlogon does the following:
• Updates the Control Sets; the LastKnownGood control set is updated to reflect the current
control set.
• User and Computer Group Policy settings are applied.
• Startup programs are run from the following locations:
1. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
2. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
4. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
5. HKCU\Software\Microsoft\Windows\CurrentVersion\Run
6. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
7. All Users ProfilePath\Start Menu\Programs\Startup\ (please note that this path is localized on
non-English versions of Windows)
8. Current User ProfilePath\Start Menu\Programs\Startup\ (please note that this path is
localized on non-English versions of Windows)

8. What is forest?
A) It is a collection of trees. Tree is nothing but collection of domains which is having same name
space. Domain contains domain controllers.
Forest — Tree — Domain.
9. What is Active Directory?
A) Active Directory is a network-based object store and service that locates and manages resources,
and makes these resources available to authorized users and groups. An underlying principle of the
Active Directory is that everything is considered an object—people, servers, workstations, printers,
documents, and devices. Each object has certain attributes and its own security access control list
(ACL).

10.Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller
(BDC) in Server 2003?
A) The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer
read and write relationship that hosts copies of the Active Directory.

11.How long does it take for security changes to be replicated among the domain controllers?
A) Security-related modifications are replicated within a site immediately. These changes include
account and individual user lockout policies, changes to password policies, changes to computer
account passwords, and modifications to the Local Security Authority (LSA).

12.What is Active Directory schema?

A) The Active Directory schema contains formal definitions of every object class that can be
created in an Active Directory forest it also contains formal definitions of every attribute that can
exist in an Active Directory object. Active Directory stores and retrieves information from a wide
variety of applications and services. So that it can store and replicate data from a potentially
infinite variety of sources, Active Directory standardizes how data is stored in the directory. By
standardizing how data is stored, the directory service can retrieve, update, and replicate data
while ensuring that the integrity of the data is maintained.
Schema master is a set of rules which is used to define the structure of active directory. It contains
definitions of all the objects which are stored in AD. It maintains information and detail information
of objects.

13.How will you backup Active Directory?

A) Take the system state data backup. This will backup the active directory database. Microsoft
recommend only Full backup of system state database

14.What are the contents of System State backup?

A) The contents are
Boot files, System files, Active directory (if its done on DC), SYSVOL folder(if it done on DC),
Certificate service ( on a CA server), Cluster database ( on a cluster server), Registry
Performance counter configuration information, Component services class registration database
15. Compare Active directory & SAM?

Windows NT Windows 2000

Single-master replication is used via
Multimaster replication is used via DCs.
PDCs and BDCs.
Domain is the smallest unit of Domain is the smallest unit of
partitioning. partitioning.
Domain is the smallest unit of
OU is the smallest unit of authentication.
authentication.
Domain is the smallest unit of policy OU is the smallest unit of policy (group
(system policies). policy objects).
Domain is the smallest unit of security A property of an object is the smallest
delegation/administration. unit of security delegation/administration.
TCP/IP connections to Active Directory as
NetBIOS broadcasts as primary browsing
primary browsing and connection
and connection mechanism.
mechanism.

WINS or LMHOSTS required for effective
browsing.
Object is the smallest unit of replication. Property is the smallest unit of replication.
Maximum recommended database size
for SAM is 40 MB.
Maximum effective number of users is
40,000 (if you accept the recommended
40 MB maximum).
Four domain models (single, single-
master, multimaster, complete-trust)
required to solve admin-boundary and
user-limit problems being per domain.
Schema is not extensible.
DNS and Active Directory required for
effective browsing
WINS required for older clients.
Maximum database size for Active
Directory is 70 TB.
Maximum number of users (objects) in
one domain is between one and two
million
Maximum number of users (objects) in
one forest is 10 million.
No domain models required as the
complete-trust model is implemented.
One-way trusts can be implemented
manually.
Schema is fully extensible.

16.What is the default domain functional level in Windows Server 2003?

A) The four domain functional levels are:
Windows 2000 Mixed Windows 2000 Native
Windows Server 2003 Interim Windows Server 2003
Windows 2000 Mixed
When you configure a new Windows Server 2003 domain, the default domain functional level is
Windows 2000 mixed. Under this domain functional level, Windows NT, 2000, and 2003 domain
controllers are supported. However, certain features such as group nesting, universal groups, and
so on are not available.
Windows 2000 Native
Upgrading the functional level of a domain to Windows 2000 Native should only be done if there are
no Windows NT domain controllers remaining on the network. By upgrading to Windows 2000
Native functional level, additional features become available including: group nesting, universal
groups, SIDHistory, and the ability to convert security groups and distribution groups.
Windows Server 2003 Interim
The third functional level is Windows Server 2003 Interim and it is often used when upgrading from
Windows NT to Windows Server 2003. Upgrading to this domain functional level provides support
for Windows NT and Windows Server 2003 domain controllers. However, like Windows 2000 Mixed,
it does not provide new features.
Windows Server 2003
The last functional level is Windows Server 2003. This domain functional level only provides support
for Windows Server 2003 domain controllers. If you want to take advantage of all the features
included with Windows Server 2003, you must implement this functional level. One of the most
important features introduced at this functional level is the ability to rename domain controllers

17. In which domain functional level, we can rename domain name?

A) All domain controllers must be running Windows Server 2003, and the Active Directory functional
level must be at the Windows Server 2003. Yes u can rename the domain in windows server 2003

18.Which is the default protocol used in directory services?

A) Light weight Directory Access Protocol (LDAP)
19.What is a site?
A) Sites: one or more well-connected highly reliable and fast TCP/IP subnets. A site allows
administrator to configure active directory access and replication topology to take advantage of the
physical network.

20.Which is the command used to remove active directory from a domain controller?
A) “dcpromo” in command prompt to add/remove active directory but first ADC should be removed
before DC if we want to remove DC first then check this server is last domain controller in domain.
Removing Active Directory:
1. If we want to remove Active Directory then we will use command……DCPROMO
 2. If some one deleted parent domain and we want to remove from child domain then we will use
command… DCPROMO /FORCEREMOVAL
Note: - One should not remove parent domain first. He should start from bottom means child
domain and after that its parent and so on.

21.What is trust?
A) To allow users in one domain to access resources in another, AD uses trust. Trust is automatically
produced when domains are created. The forest sets the default boundaries of trust, not the
domain, and implicit trust is automatic. As well as two-way transitive trust, AD trusts can be
shortcut (joins two domains in different trees, transitive, one- or two-way), forest (transitive, one- or
two-way), realm (transitive or nontransitive, one- or two-way), or external (nontransitive, one- or
two-way) in order to connect to other forests or non-AD domains. AD uses the Kerberos V5 protocol,
although NTLM is also supported and web clients use SSL/TLS.

22. What is the file that’s responsible for keep all Active Directory database?
A) NTDS.DIT. default size : 40 MB
23.What snap-in administrative tools are available for Active Directory?
A) Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active
Directory Users and Group Manager, Active Directory Replication (optional, available from the
Resource Kit), Active Directory Schema Manager (optional, available from adminpak)

24.What types of classes exist in Windows Server 2003 Active Directory?

A) Structural class: The structural class is important to the system administrator in that it is the only
type from which new Active Directory objects are created. Structural classes are developed from
either the modification of an existing structural type or the use of one or more abstract classes.
Abstract class: Abstract classes are so named because they take the form of templates that
actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract
classes as frameworks for the defining objects.
Auxiliary class: The auxiliary class is a list of attributes. Rather than apply numerous attributes
when creating a structural class, it provides a streamlined alternative by applying a combination of
attributes with a single include action.
88 class: The 88 class includes object classes defined prior to 1993, when the 1988 X.500
specification was adopted. This type does not use the structural, abstract, and auxiliary definitions,
nor is it in common use for the development of objects in Windows Server 2003 environments.

25. How do you delete a lingering object?

A) Windows Server 2003 provides a command called Repadmin that provides the ability to
delete lingering objects in the Active Directory.

26.What is Global Catalog?

A) The Global Catalog authenticates network user logons and fields inquiries about objects across a
forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows
2000, there was typically one GC on every site in order to prevent user logon failures across the
network.

27.What is GC? How many required for A Tree?

A) Global Catalog server is a Searchable Index book. With this we can find out any object in the Active
Directory. Also it works as logon authentication for Group memberships. We can have each domain
controller in domain or only first domain controller in a domain.

28.What is Global Catalog server?

A) Global Catalog Server maintains full information about its own domain and partial information
about other domains. It is a forest wide role.
A global catalog server is a domain controller it is a master searchable database that contains
information about every object in every domain in a forest. The global catalog contains a complete
replica of all
objects in Active Directory for its host domain, and contains a partial replica of all objects in Active
Directory for every other domain in the forest. It have two important functions:
i)Provides group membership information during logon and authentication
ii)Helps users locate resources in Active Directory
29.Can I change password if my machine’s connectivity to DC who holds PDC emulator role has been
fails?
A) No you cannot change the password.
30.How Can I Deploy the Latest Patched in Pc through G.P. without having the Admin Right in PC?
A) Create a batch file and place all the patches in the Netlogon, and deploy the batch file through GP
to all the pc so the same should take affect after restarting the pc.
The above answer is incorrect.
You cannot deploy a batch file using group policy. You can only publish or assign .msi packages or
Zap files. They are the only two valid file formats allowable when using “intellimirror” in active
directory.
If you create a script and assign it to the STARTUP script in a GPO applied to the COMPUTER and not
the USER, then it runs as a local administrator on the computer.

31.Difference between 2000 & 2003.

A) 1. We can’t rename domain in Win2k, u can rename in Win2k3
2. IIS 5.0 in Win2k and IIS 6.0 in Win2k3
3. No Volume Shadow Copying in Win2k, it’s available in Win2k3
4. Active Directory Federation Systems in Win2k3
Like that some other security features added in Win2k3, main features are above

32.What is hot fix?

A) It is fix, which Microsoft release whenever there is a bug or for updation of Operating
system.

33.What is paging?
A) If a program references a memory location within a virtual page that is not available, the hardware
generates a page fault. When this occurs, the memory management hardware invokes an operating
system routine that loads the required page from auxiliary storage (e.g., a paging file on disk) and
turns on the flag that indicates the page is available. The hardware then adds the offset denoted by
the low-order bits in the address register to the start location of the physical page, accesses the
requested memory location, and returns control to the application that originally tried to access the
memory. This process takes place transparently to the application addressing the memory. This
scheme is called paging.

34. Explain hidden shares?

A) Hidden or administrative shares are share names with a dollar sign ($) appended to their
names. Administrative shares are usually created automatically for the root of each drive letter.
They do not display in the network browse list.

35.How do the permissions work in Windows 2000? What permissions does folder inherit from the
parent?
A) When you combine NTFS permissions based on users and their group memberships, the
least restrictive permissions take precedence. However, explicit Deny entries always override Allow
entries.

36.Why can’t I encrypt a compressed file on Windows 2000?

A) You can either compress it or encrypt it, but not both.

37.If I rename an account, what must I do to make sure the renamed account has the same
permissions as the original one?
B) Nothing, it’s all maintained automatically.

38.What’s the most powerful group on a Windows system?

A) Administrators.

39.What are the accessibility features in Windows 2000?

A) StickyKeys, FilterKeys Narrator, Magnifier, and On-Screen Keyboard.
40.Why can’t I get to the Fax Service Management console?
A) You can only see it if a fax had been installed.

41.What do I need to ensure before deploying an application via a Group Policy?

A) Make sure it’s either an MSI file, or contains a ZAP file for Group Policy.

42.How do you configure mandatory profiles?

A) Rename ntuser.dat to ntuser.man

43.I can’t get multiple displays to work in Windows 2000.

A) Multiple displays have to use peripheral connection interface (PCI) or Accelerated Graphics
Port (AGP) port devices to work properly with Windows 2000.

44.What’s a maximum number of processors Win2k supports?

A) 2

45.I had some NTFS volumes under my Windows NT installation. What happened to NTFS after Win 2k
installation?
A) It got upgraded to NTFS 5.

46.How do you convert a drive from FAT/FAT32 to NTFS from the command line?
A) convert c: /fs:ntfs

47.Explain APIPA.
A) Auto Private IP Addressing (APIPA) takes effect on Windows 2000 Professional computers if no
DHCP server can be contacted. APIPA assigns the computer an IP address within the range of
169.254.0.0 through 169.254.255.254 with a subnet mask of 255.255.0.0.

48. How does Internet Connection Sharing work on Windows 2000?

A) Internet Connection Sharing (ICS) uses the DHCP Allocator service to assign dynamic IP
addresses to clients on the LAN within the range of 192.168.0.2 through 192.168.0.254. In addition,
the DNS Proxy service becomes enabled when you implement ICS.

49.I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig
my address is 169.254.*.*. What happened?
A) The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server
is not available. The name for the technology is APIPA (Automatic Private Internet Protocol
Addressing).

50.We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting
DHCP leases off of it.
A) The server must be authorized first with the Active Directory.

51. How can you force the client to give up the DHCP lease if you have access to the client PC?
A) ipconfig /release

52.What authentication options do Windows 2000 Servers have for remote clients?
A) PAP, SPAP, CHAP, MS-CHAP and EAP.

53.What are the networking protocol options for the Windows clients if for some reason you do not
want to use TCP/IP?
A) NWLink (Novell), NetBEUI, AppleTalk (Apple).

54.What is data link layer in the OSI reference model responsible for?
A) Data link layer is located above the physical layer, but below the network layer. Taking raw data
bits and packaging them into frames. The network layer will be responsible for addressing the
frames, while the physical layer is responsible for retrieving and sending raw data bits.

55.What is binding order?

A) The order by which the network protocols are used for client-server communications. The most
frequently used protocols should be at the top.
56.How do cryptography-based keys ensure the validity of data transferred across the network?
A) Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and
transmitting ends, the data was modified or corrupted.

57.Should we deploy IPSEC-based security or certificate-based security?

A) They are really two different technologies. IPSec secures the TCP/IP communication and protects
the integrity of the packets. Certificate-based security ensures the validity of authenticated clients
and servers.

58.What is LMHOSTS file?

A) It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.

59.What’s the difference between forward lookup and reverse lookup in DNS?
A) Forward lookup is name-to-address; the reverse lookup is address-to-name.
60.How can you recover a file encrypted using EFS?
A) Use the domain recovery agent.

61.What is IPv6?
A) Internet Protocol version 6 (IPv6) is a network layer IP standard used by electronic devices to
exchange data across a packet-switched internetwork. It follows IPv4 as the second version of the
Internet Protocol to be formally adopted for general use. It is a 128 bit size address. Here we can
see total 8 octets each octet size is 16 bits.

62.What is multimaster replication?

A) In addition to storing primary zone information in DNS we can also store it in active directory as
active directory object. This integrates DNS with active directory in order to take advantage of
active directory features. The benefits are
• Zone can be modified from any domain controller within the domain and this information is
automatically updated or replicated to all the other domain controllers along with the active
directory replication. This replication is said to be Multimaster replication.
• We no longer face the standard DNS server drawbacks. In standard DNS server only the primary
server can modify the zone and then replicate the changes to other domain controllers (It was in
windows NT4 before). But when DNS gets integrated with AD .Zone can be modified and
replicated from any domain controller.
• Fault tolerance
• Security: You can prevent access to any updates to zone or individual record preventing
insecure dynamic updates.

63.What is RSoP?
A) Resultant Set of Policy (RSoP) is provided to make policy modification and trouble shooting easier.
RSoP is the query object it has two modes:
1. Logging mode: Polls existing policies and the reports the result of the query.
2. Planning mode: The questions ask about the planned policy and the report the result of the
query.

64.Difference between NTFS and FAT32

A)
NTFS FAT32
Allows access local to Win2k, Win2k3, WinXP,
Fat 32 Allows access to Win95, Win98,
WinNT4 with SP4 & later may get access for
WinMe, Win2k, WinXP on local partition.
some file.
Maximum size of partition is 2 Terabytes &
Maximum size of partition is upto 2 TB.
more.
Maximum File size is upto 16TB. Maximum File size is upto 4 GB.
File & folder Encryption is possible File & folder Encryption is not possible.
FAT support 8.3 character file name( avail. in
Support 255 characters long file name
FAT32)

65.What is Microsoft Software Assurance?

A) It means that if in future some upgrade version is introduced in market, then software assurance
allows upgrading the license without paying any extra cost.

66.How is user account security established in Windows Server 2003?

A) When an account is created, it is given a unique access number known as a security identifier (SID).
Every group to which the user belongs has an associated SID. The user and related group SIDs
together form the user account’s security token, which determines access levels to objects
throughout the system and network. SIDs from the security token are mapped to the access control
list (ACL) of any object the user attempts to access.

67.If I delete a user and then create a new account with the same username and password, would the
SID and permissions stay the same?
A) No. If you delete a user account and attempt to recreate it with the same user name and password,
the SID will be different.

68.What do you do with secure sign-ons in an organization with many roaming users?
A) Credential Management feature of Windows Server 2003 provides a consistent single sign-on
experience for users. This can be useful for roaming users who move between computer systems.
The Credential Management feature provides a secure store of user credentials that includes
passwords and X.509 certificates.

69.Anything special you should do when adding a user that has a Mac?
A) “Save password as encrypted clear text” must be selected on User Properties Account Tab Options,
since the Macs only store their passwords that way.

70.What remote access options does Windows Server 2003 support?

A) Dial-in, VPN, dial-in with callback.
71.Where are the documents and settings for the roaming profile stored?
A) All the documents and environmental settings for the roaming user are stored locally on the
system, and, when the user logs off, all changes to the locally stored profile are copied to the
shared server folder. Therefore, the first time a roaming user logs on to a new system the logon
process may take some time, depending on how large his profile folder is.

72.Where are the settings for all the users stored on a given machine?
A) \Document and Settings\All Users

73.What languages can you use for log-on scripts?

A) JavaScipt, VBScript, DOS batch files (.com, .bat, or even .exe)

74.How do you double-boot a Win 2003 server box?

A) The Boot.ini file is set as read-only, system, and hidden to prevent unwanted editing. To change the
Boot.ini timeout and default settings, use the System option in Control Panel from the Advanced tab
and select Startup.

75.What do you do if earlier application doesn’t run on Windows Server 2003?

A) When an application that ran on an earlier legacy version of Windows cannot be loaded during the
setup function or if it later malfunctions, you must run the compatibility mode function. This is
accomplished by right-clicking the application or setup program and selecting Properties –>
Compatibility –> selecting the previously supported operating system.

76.If you uninstall Windows Server 2003, which operating systems can you revert to?
A) Win ME, Win 98, 2000, XP. Note, however, that you cannot upgrade from ME and 98 to Windows
Server 2003.

77.How do you get to Internet Firewall settings?

A) Start –> Control Panel –> Network and Internet Connections –> Network Connections.
78.What’s new in Windows Server 2003 regarding the DNS management?
A) When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts
an existing DC to update the directory and replicate from the DC the required portions of the
directory. If the wizard fails to locate a DC, it performs debugging and reports what caused the
failure and how to fix the problem. In order to be located on a network, every DC must register in
DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration
of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the
Active Directory Installation Wizard.

79.When should you create a forest?

A) Organizations that operate on radically different bases may require separate trees with distinct
namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations
merge or are acquired and naming continuity is desired. Organizations form partnerships and joint
ventures. While access to common resources is desired, a separately defined tree can enforce more
direct administrative and security restrictions.

80.How can you authenticate between forests?

A) Four types of authentication are used across forests: (1) Kerberos and NTLM network logon for
remote access to a server in another forest; (2) Kerberos and NTLM interactive logon for physical
logon outside the user’s home forest; (3) Kerberos delegation to N-tier application in another forest;
and (4) user principal name (UPN) credentials.

81.What’s the difference between local, global and universal groups?

A) Domain local groups assign access permissions to global domain groups for local domain resources.
Global groups provide access to resources in other trusted domains. Universal groups grant access
to resources in all trusted domains.

82.I am trying to create a new universal user group. Why can’t I?

A) Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode
requires that all domain controllers be promoted to Windows Server 2003 Active Directory.

83.What is LSDOU?
A) Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains
and Organizational Units.

84.Why doesn’t LSDOU work under Windows NT?

A) If the NTConfig.pol file exist, it has the highest priority among the numerous policies.

85.Where are group policies stored?

A) %SystemRoot%System32\GroupPolicy

86.What is GPT and GPC?

A) Group policy template and group policy container.
87.Where is GPT stored?
A) %SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID
88.You change the group policies, and now the computer and user settings are in conflict. Which one
has the highest priority?
A) The computer settings take priority.
89.You want to set up remote installation procedure, but do not want the user to gain access over it.
What do you do?
A) gponame–> User Configuration–> Windows Settings–> Remote Installation Services–> Choice
Options is your friend.

90.What’s contained in administrative template conf.adm?

A) Microsoft NetMeeting policies

91.How can you restrict running certain applications on a machine?

A) Via group policy, security settings for the group, then Software Restriction Policies.

92.You need to automatically install an app, but MSI file is not available. What do you do?
A) A .zap text file can be used to add applications using the Software Installer, rather than the
Windows Installer.

93.What’s the difference between Software Installer and Windows Installer?

A) The former has fewer privileges and will probably require user intervention. Plus, it uses .zap files.

94.What can be restricted on Windows Server 2003 that wasn’t there in previous products?
A) Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP
properties. Users may be selectively restricted from modifying their IP address and other network
configuration parameters.

95.How frequently is the client policy refreshed?

A) 90 minutes give or take.

96.Where is secedit?
A) It’s now gpupdate.
97.You want to create a new group policy but do not wish to inherit.
A) Make sure you check Block inheritance among the options when creating the policy.
98.What is “tattooing” the Registry?
A) The user can view and modify user preferences that are not stored in maintained portions of the
Registry. If the group policy is removed or changed, the user preference will persist in the Registry.

99.How do you fight tattooing in NT/2000 installations?

A) You can’t.

100. How do you fight tattooing in 2003 installations?

A) User Configuration - Administrative Templates - System - Group Policy - enable - Enforce Show
Policies Only.

101. What does IntelliMirror do?

A) It helps to reconcile desktop settings, applications, and stored files for users, particularly those who
move between workstations or those who must periodically work offline.

102. What’s the major difference between FAT and NTFS on a local machine?
A) FAT and FAT32 provide no security over locally logged-on users. Only native NTFS provides
extensive permission control on both remote and local files.

103. How do FAT and NTFS differ in approach to user shares?

A) They don’t, both have support for sharing.

104. Explan the List Folder Contents permission on the folder in NTFS.
A) Same as Read & Execute, but not inherited by files within a folder. However, newly created
subfolders will inherit this permission.

105. I have a file to which the user has access, but he has no folder permission to read it. Can he
access it?
A) It is possible for a user to navigate to a file for which he does not have folder permission. This
involves simply knowing the path of the file object. Even if the user can’t drill down the file/folder
tree using My Computer, he can still gain access to the file using the Universal Naming Convention
(UNC). The best way to start would be to type the full path of a file into Run… window.

106. For a user in several groups, are Allow permissions restrictive or permissive?
A) Permissive, if at least one group has Allow permission for the file/folder, user will have the same
permission.

107. For a user in several groups, are Deny permissions restrictive or permissive?
A) Restrictive, if at least one group has Deny permission for the file/folder, user will be denied access,
regardless of other group permissions.

108. What hidden shares exist on Windows Server 2003 installation?

A) Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.

109. What’s the difference between standalone and fault-tolerant DFS (Distributed File System)
installations?
A) The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a shared
folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared
resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is
replicated to other domain controllers. Thus, redundant root nodes may include multiple
connections to the same data residing in different shared folders.

110. We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box.
A) Use the UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant
shares.

111. Where exactly do fault-tolerant DFS shares store information in Active Directory?
A) In Partition Knowledge Table, which is then replicated to other domain controllers.
112. Can you use Start->Search with DFS shares?
A) Yes.

113. What problems can you have with DFS installed?

A) Two users opening the redundant copies of the file at the same time, with no file-locking involved in
DFS, changing the contents and then saving. Only one file will be propagated through DFS.

114. I run Microsoft Cluster Server and cannot install fault-tolerant DFS.
A) Yeah, you can’t. Install a standalone one.

115.Is Kerberos encryption symmetric or asymmetric?

A) Symmetric.

116. How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?
A) Time stamp is attached to the initial client request, encrypted with the shared key.

117. What hashing algorithms are used in Windows 2003 Server?

A) RSA Data Security’s Message Digest 5 (MD5), produces a 128-bit hash, and the Secure Hash
Algorithm 1 (SHA-1), produces a 160-bit hash.

118. What third-party certificate exchange protocols are used by Windows 2003 Server?
A) Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7 certificate
response to exchange CA certificates with third-party certificate authorities.

119. What’s the number of permitted unsuccessful logons on Administrator account?

A) Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of
the Administrators group.

120. If hashing is one-way function and Windows Server uses hashing for storing passwords, how is it
possible to attack the password lists, specifically the ones using NTLMv1?
A) A cracker would launch a dictionary attack by hashing every imaginable term used for password
and then compare the hashes.

121. What’s the difference between guest accounts in Server 2003 and other editions?
A) More restrictive in Windows Server 2003.

122. How many passwords by default are remembered when you check “Enforce Password History
Remembered”?
A) User’s last 6 passwords.
123. What is presentation layer responsible for in the OSI model?
A) The presentation layer establishes the data format prior to passing it along to the network
application’s interface. TCP/IP networks perform this task at the application layer.

124. Does Windows Server 2003 support IPv6?

A) Yes, run ipv6.exe from command line to disable it.

125. Can Windows Server 2003 function as a bridge?

A) Yes, and it’s a new feature for the 2003 product. You can combine several networks and devices
connected via several adapters by enabling IP routing.

126. What’s the difference between the basic disk and dynamic disk?
A) The basic type contains partitions, extended partitions, logical drivers, and an assortment of static
volumes; the dynamic type does not use partitions but dynamically manages volumes and provides
advanced storage options

127. What’s a media pool?

A) It is any compilation of disks or tapes with the same administrative properties.
128. How do you install recovery console?
A) C:\i386\win32 /cmdcons, assuming that your Win server installation is on drive C.

129. What’s new in Terminal Services for Windows 2003 Server?

A) Supports audio transmissions as well, although prepare for heavy network load.

130. Describe the process of clustering with Windows 2003 Server when a new node is added.
A) As a node goes online, it searches for other nodes to join by polling the designated internal
network. In this way, all nodes are notified of the new node’s existence. If other nodes cannot be
found on a preexisting cluster, the new node takes control of the quorum resources residing on the
shared disk that contains state and configuration data.

131. What applications are not capable of performing in Windows 2003 Server clusters?
A) The ones written exclusively for NetBEUI and IPX.

132. What’s a heartbeat?

A) Communication processes between the nodes designed to ensure node’s health.

133. What’s a threshold in clustered environment?

A) The number of times a restart is attempted, when the node fails.

134. You need to change and admin password on a clustered Windows box, but that requires rebooting
the cluster, doesn’t it?
A) No, it doesn’t. In 2003 environment you can do that via cluster.exe utility which does not require
rebooting the entire cluster.

135. Which add-on package for Windows 2003 Server would you use to monitor the installed software
and license compliance?
A) SMS (System Management Server).

136. Which service do you use to set up various alerts?

A) MOM (Microsoft Operations Manager).
137.What are the different Editions of Windows Server 2003?

Web Standard
Requirement Enterprise Edition Datacenter Edition
Edition Edition
133 MHz for x86- 400 MHz for x86-
Minimum CPU based computers based computers
133 MHz 133 MHz
Speed 733 MHz for Itanium- 733 MHz for Itanium-
based computers* based computers*
 Recommended CPU
550 MHz 550 MHz 733 MHz 733 MHz
Speed
Minimum RAM 128 MB 128 MB 128 MB 512 MB
Recommended
256 MB 256 MB 256 MB 1 GB
Minimum RAM
64 GB for x86-based 128G for x86-based
computers computers
Maximum RAM 2 GB 4 GB
2 TB for x64 and 2 TB for x64 and ia64
ia64 computers computers
Minimum 2-way
Multiprocessor capable machine
Up to 2 Up to 4 Up to 8
Support required
Maximum 64
1.2 GB for
1.2 GB for
Network 1.2 GB for Network 1.2 GB for Network
Disk Space Network Install
Install Install Install
Required 2.9 GB for CD
2.9 GB for 2.9 GB for CD Install 2.9 GB for CD Install
Install
CD Install

Web Edition
• Designed to be used primarily as an IIS 6.0 Web server.
• Used mainly for building and hosting Web applications, Web pages, and XML Web Services.
• Does not require Client Access Licenses and Terminal Server mode is not included. However,
Remote Desktop for Administration is available.
• Supports a maximum of 4 processors with support for a maximum of 2GB of RAM.
• Only version of Windows Server 2003 that DOES NOT includes Client Number limitation upon
Windows update services as it does not require Client Access Licenses.
• Cannot act as a domain controller
Standard Edition
• Aimed towards small to medium sized businesses.
• Supports file and printer sharing, secure Internet connectivity, and allows centralized desktop
application deployment.
• Can run on up to 4 processors with up to 4 GB RAM.
• 64-bit versions are also available for the x86-64 architecture (AMD64 and Intel64, called collectively
x64 by Microsoft).
• The 64-bit version is capable of addressing up to 32 GB of RAM.
• 64-bit version supports Non-Uniform Memory Access (NUMA), something the 32-bit version does not
do.
Enterprise Edition
• A full-function server operating system aimed towards medium to large businesses.
• Supports up to 8 processors and can support up to 32 GB of memory with addition of the PAE
parameter in the initialization file.
• Provides enterprise-class features such as eight-node clustering using Microsoft Cluster Server
(MSCS) software.
• Enterprise Edition also comes in 64-bit versions for the Itanium and x64 architectures.
• The 64-bit version is capable of addressing up to 1 Terabyte (1024 GB) of RAM.
• Both 32-bit and 64-bit versions support Non-Uniform Memory Access (NUMA).
• Also provides the ability to hot-add supported hardware.
DataCenter Edition
• Aimed for infrastructures demanding high security and reliability.
• Windows Server 2003 is available for x86 32-bit, Itanium, and x64 processors.
• Supports a minimum of 8 processors and a maximum of 64 processors & memory up to 512GB. [ *
When run on 32-bit architecture Limited to 32 processors & limits memory addressability to 64GB.]
• Windows Server 2003, Datacenter Edition, also allows limiting processor and memory usage on a
per-application basis.
• Supports Non-Uniform Memory Access.
• Supports 8-node clustering.
• Better support for Storage Area Networks (SAN).
Small Business Server
• Designed keeping the below goals in mind primarily for Small Businesses:
– Provide small businesses with connectivity for collaboration, communication, and mobility.
– Provide simplicity in installation, management, and use.
– Provide flexible deployment features that benefit both small-business customers and
technology providers.
• To better meet the variation in a larger population of small businesses, Windows Small Business
Server 2003 is available in two editions, Standard and Premium.
• Standard Edition is ideal for first-server customers who are looking to leverage the benefits of
server technology in their network, or for customers migrating from a stand-alone server to an
integrated technology platform.
• Premium Edition is ideal for small businesses with more demanding IT needs, such as data-
intensive line-of-business applications, or for customers with more stringent monitoring and
management of Internet services and connectivity.
138. Are there any differences between 32-bit, x64, and 64-bit versions of Windows Server 2003?
A)
Versions 32-bit x86 64-bit x64 64-bit Itanium
Data Center Up to 32-way, 64 GB Up to 64-way, 1 TB Up to 64-way, 1 TB
Edition RAM RAM RAM
Enterprise Up to 8-way, 32 GB Up to 8-way, 1 TB Up to 8-way, 1 TB
Edition RAM RAM RAM
Up to 4-way, 4 GB Up to 4-way, 32 GB
Standard Edition n/a
RAM RAM
Up to 2-way, 2 GB
Web Edition n/a n/a
RAM
Symmetric Multiprocessing (SMP) support
SMP: The Windows Server 2003 Family supports single or multiple CPUs that conform to the SMP
standard. Using SMP, the operating system can run threads on any available processor, which makes it
possible for applications to use multiple processors when additional processing power is required to
increase the capability of a system. New features include SMP locking performance, improved registry
performance, and increased Terminal Server sessions.

139. What’s New in Windows 2003 R2?

A) With Windows Server 2003 R2, you get the following improvements:
• Identity and access management
• Branch office server management
• Storage setup and management
• Application development inside and outside your organization's traditional boundaries
 This topic describes the following new components that you can install with Windows
Server 2003 R2:
Server Manageability
• Administration Tools Packs
• Hardware Management
• MMC 3.0
Features for Active Directory
• Active Directory Application Mode (ADAM)
• Active Directory Federation Services
Disk and File Management Features
• Branch Office: Distributed File System (DFS)
• Common Log File System (CLFS)
• File Server Management
• Microsoft Services for Network File System
• Storage Management for SANs
• File Server Resource Manager
Printer and Protocol Support
• Print Management
Microsoft .NET Framework
• Microsoft .NET Framework 2.0
Internet and E-Mail Services and Features
• Windows Sharepoint Services
UNIX Interoperability
• Identity Management for UNIX
• Subsystem for UNIX-based Applications

140. What specific updates are there in 2003 SP2?

A) The updates are as below:
Clustering
A new event log event has been created to address certain situations in which the Cluster service
account becomes excessively restricted by domain policy. The new event ID is 1239. The event text
includes troubleshooting information.
Data access components
XmlLite is new with Windows Server 2003 SP2. XmlLite is a fast, low-level, native XML parser with a
small memory footprint.
Distributed systems
New options have been added to the Dcdiag.exe Domain Name System (DNS) tests to generate
XML tags when the tests are run with the /test:dns option. It can be used to more easily parse the
verbose log that the DNS tests generate.
File systems
Icacls.exe is an upgrade of the Cacls.exe tool in Windows Server 2003 SP2, and can be used to
reset the access control lists (ACLs) on files from Recovery Console, and to back up ACLs. Also,
unlike Cacls.exe, Icacles.exe correctly propagates the creation of inherited ACLs and changes to
them.
Microsoft Message Queuing
The default storage limit for message queuing has been changed to 1 gigabyte (GB). If you choose
to have a storage limit of more than 1 GB, you can change the storage limit setting in Microsoft
Management Console (MMC) on the General tab of Message Queuing Properties.
Networking and communications
1. Includes an update that enables you to simplify the creation and maintenance of Internet
Protocol security (IPsec) policy. This update enables you to use an IPsec "Simple Policy". For most
environments, the installation of this update allows you to reduce the number of IPsec filters that
are required for a Server Isolation deployment or for a Domain Isolation deployment. You can
reduce the number of IPsec filters from many hundreds of filters to only two filters.
3. Group Policy support for non-broadcasting networks and Wi-Fi Protected Access 2 (WPA2)
settings has been added to the Windows wireless client in Windows Server 2003 SP2. This update
allows the Windows wireless client to accept additional wireless Group Policy configuration options.
These new settings include support for WPA2 parameters and non-broadcast networks.
4. The Windows wireless client now supports WPA2, which enables you to take advantage of high
levels of standards-based connection and encryption security. New security features include:
Non-broadcast network profiles are now marked with a flag to improve the security of the Windows
wireless client.
Windows will not automatically connect to a peer-to-peer network, even if it has been automatically
saved in the preferred network list. You must manually connect to a peer-to-peer network profile.
Windows Deployment Services
Remote Installation Services is replaced by Windows Deployment Services. You can use Windows
Deployment Services to set up new computers through a network-based installation without having
to be physically present at each computer and without having to install directly from DVD media.