Objective 1.3 Optimize Server Disk Performance
14
-
27
4.
Oksana is looking at a report generated by the disk defragmenter of her system. Her
system contains two volumes. The first volume is 100 GB and is mirrored on a second
100 GB disk. The second volume is 400 GB and uses RAID-5 over five 100 GB disks.
The report that Oksana is examining was an analysis performed on the second volume
rather than the first.
Oksana is puzzled because there seems to be several sections on the second volume
that are colored green. Green in a defragmenter analysis represents unmovable files.
Oksana is puzzled because she believed that the only files that were unmovable for the
disk defragmenter are located on the system or boot volumes. What is the cause of the
unmovable files listed on the defragmenter analysis of the second volume? (Select all
that apply.)
A.
Oksana has mistakenly analyzed the first volume, which contains the boot and
system files.
B.
The page file has been located on the second volume.
C.
Oksana has stored encrypted files on the second volume.
D.
Oksana has stored compressed files on the second volume.
E.
The NTFS change journal, stored on all NTFS volumes, is an unmovable file.
5.
Oksana has scheduled a command-line disk defragmentation job to take place at 2 A.M.
every Sunday on all Windows Server 2003 systems at her site. This represents a perfect
time to perform such a task because the amount of activity on any of the servers at this

time is minimal. Checking through the logs on a Monday morning, Oksana finds that
the Sunday morning defragmentation did not occur on one of the volumes on one of
the Windows Server 2003 servers. Oksana logs onto the server from a remote desktop
connection and checks the Disk Defragmenter in the Computer Management Console.
Oksana decides to wait until the end of business that day and try to run the defragmen-
tation process again on this volume. At 6:30 P.M. she logs on from the remote desktop
again and attempts to initiate a defragmentation of the problematic volume. The pro-
cess fails again. What could be causing the failure, and which of the following steps
should Oksana take to defragment this volume?
A.
The volume is failing to defragment because it is close to capacity. A volume must
have at least 15 percent of space free for the defragmentation process to begin.
B.
The volume has been marked as dirty. Oksana needs to run Chkdsk from the com-
mand line before she can defragment the volume successfully.
C.
Oksana must take the volume offline manually to perform the defragmentation.
Once this is done, the disk will defragment normally.
D.
Oksana needs to dismount the disk hosting the volume to perform a defragmen-
tation. Once this is done, the disk will defragment normally.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
14-28
Chapter 14 Managing and Maintaining Physical and Logical Devices (1.0)
6.
You are the systems administrator for several small businesses. One of the small busi-
nesses that you work for has reported that the performance of its server appears to be
degrading. The server is configured as follows:
Volume Type File System Fault Tolerance Fragmentation
Drive C Dynamic NTFS Mirrored 9%

Drive D Basic NTFS None 13%
Drive E Dynamic NTFS Striped 23%
Drive F Dynamic NTFS RAID-5 32%
Drive G Dynamic NTFS RAID-5 41%
On which of the Windows Server 2003 system volumes will Windows recommend that
you run the defragmenter? (Select all that apply.)
A.
Drive C
B.
Drive D
C.
Drive E
D.
Drive F
E.
Drive G
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 1.3 Optimize Server Disk Performance
14
-
29
Objective 1.3 Answers
1.
Correct Answers: A, B, C, and E
A.
Correct: Disk mirroring provides no read/write benefit but does provide fault
tolerance.
B.
Correct: RAID-5 must generate parity information while writing to the disks,
something that disk striping (RAID-0) does not need to do. RAID-5 parity genera-

tion provides some latency, making this method slower than disk striping.
C.
Correct: Disk spanning has similar performance to a simple volume whereas disk
striping is the quickest method of reading and writing to a volume.
D.
Incorrect: Disk spanning has similar performance to a simple volume, disk strip-
ing offers the best read/write performance.
E.
Correct: In disk striping, data can be written to or read from multiple disks mak-
ing up the volume at one time. In a simple volume, only one disk can be written
to or read simultaneously.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
14-30
Chapter 14 Managing and Maintaining Physical and Logical Devices (1.0)
2.
Correct Answers: F
A.
Incorrect: Rooslan achieved all the goals of the first team. For the second team,
he achieved the first and second goals. By choosing to mirror, rather than stripe,
the third volume, he did not create a volume of 240 GB with the fastest read/write
speed. The volume would have been 120 GB and would not have performed sig-
nificantly better than a simple volume. Rooslan achieved one goal of the third
team. He achieved the first goal, but by using RAID-5 instead of striping, he failed
to achieve the second. The second volume would have been 360 GB rather than
480 GB as specified, the equivalent of one drive lost in storing parity information.
B.
Incorrect: Rooslan achieved all the goals of the first team. For the second team,
he achieved the first and second goals. By choosing to mirror, rather than stripe,
the third volume, he did not create a volume of 240 GB with the fastest read/write
speed. The volume would have been 120 GB and would not have performed sig-

nificantly better than a simple volume. Rooslan achieved one goal of the third
team. He achieved the first goal, but by using RAID-5 instead of striping, he failed
to achieve the second. The second volume would have been 360 GB rather than
480 GB as specified, the equivalent of one drive lost in storing parity information.
C.
Incorrect: Rooslan achieved all the goals of the first team. For the second team,
he achieved the first and second goals. By choosing to mirror, rather than stripe,
the third volume, he did not create a volume of 240 GB with the fastest read/write
speed. The volume would have been 120 GB and would not have performed sig-
nificantly better than a simple volume. Rooslan achieved one goal of the third
team. He achieved the first goal, but by using RAID-5 instead of striping, he failed
to achieve the second. The second volume would have been 360 GB rather than
480 GB as specified, the equivalent of one drive lost in storing parity information.
D.
Incorrect: Rooslan achieved all the goals of the first team. For the second team,
he achieved the first and second goals. By choosing to mirror, rather than stripe,
the third volume, he did not create a volume of 240 GB with the fastest read/write
speed. The volume would have been 120 GB and would not have performed sig-
nificantly better than a simple volume. Rooslan achieved one goal of the third
team. He achieved the first goal, but by using RAID-5 instead of striping, he failed
to achieve the second. The second volume would have been 360 GB rather than
480 GB as specified, the equivalent of one drive lost in storing parity information.
E.
Incorrect: Rooslan achieved all the goals of the first team. For the second team,
he achieved the first and second goals. In choosing to mirror, rather than stripe,
the third volume, he did not create a volume of 240 GB with the fastest read/write
speed. The volume would have been 120 GB and would not have performed sig-
nificantly better than a simple volume. Rooslan achieved one goal of the third
team. He achieved the first goal, but by using RAID-5 instead of striping, he failed
to achieve the second. The second volume would have been 360 GB rather than

480 GB as specified, the equivalent of one drive lost in storing parity information.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 1.3 Optimize Server Disk Performance
14
-
31
F.
Correct: Rooslan achieved all the goals of the first team. For the second team, he
achieved the first and second goals. In choosing to mirror, rather than stripe, the
third volume, he did not create a volume of 240 GB with the fastest read/write
speed. The volume would have been 120 GB and would not have performed sig-
nificantly better than a simple volume. Rooslan achieved one goal of the third
team. He achieved the first goal, but by using RAID-5 instead of striping, he failed
to achieve the second. The second volume would have been 360 GB rather than
480 GB as specified, the equivalent of one drive lost in storing parity information.
3.
Correct Answers: A, C, and D
A.
Correct: Disk 1 is a mirrored volume of a volume on Disk 0. No data will be lost
if this disk fails.
B.
Incorrect: If disk 0 fails, data will be lost as any data that is not on the Datastore
volume, such as the boot volume, is not protected.
C.
Correct: Disk 2 is part of a RAID-5 array, hence if disk 2 fails, parity information
can be used to regenerate the data.
D.
Correct: Datastore is a mirrored volume compared to Archive on RAID-5, and
RAID-5 is faster than RAID-1 (mirroring).
E.

Incorrect: Datastore is a mirrored volume compared to Archive on RAID-5.
RAID-5 is faster than RAID-1 (mirroring).
F.
Incorrect: Disk 3 is also part of the RAID-5 array; therefore, if Disk 3 fails, data
will not be lost.
4.
Correct Answers: B and E
A.
Incorrect: The question states clearly that it is the second volume, so Oksana is
not mistaken.
B.
Correct: Page files are unmovable files and therefore are reported in green by the
disk defragmenter analyzer. Similarly, the NTFS change journal, on NTFS volumes,
is also represented by the unmovable green.
C.
Incorrect: Encrypted and compressed files are not unmovable.
D.
Incorrect: Encrypted and compressed files are not unmovable.
E.
Correct: Page files are unmovable files and therefore are reported in green by the
disk defragmenter analyzer. Similarly, the NTFS change journal, on NTFS volumes,
is also represented by the unmovable green.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
14-32
Chapter 14 Managing and Maintaining Physical and Logical Devices (1.0)
5.
Correct Answers: B
A.
Incorrect: If a disk has less than 15 percent of space left, the defragmentation
process will finish, but the disk will not be completely defragmented.

B.
Correct: Disk defragmentation will fail only when a disk has errors. If a disk has
errors, it is classified as “dirty” by the operating system. The only way to change
this state is to perform a Chkdsk operation on the disk and complete all required
repairs.
C.
Incorrect: Disks cannot be defragmented if they are taken offline.
D.
Incorrect: Volumes cannot be defragmented if they are taken offline.
6.
Correct Answers: B, C, D, and E
A.
Incorrect: This figure is below the 10% threshold, so Windows will not recom-
mend a defragmentation.
B.
Correct: This figure is above the 10% threshold, so Windows will recommend a
defragmentation.
C.
Correct: This figure is above the 10% threshold, so Windows will recommend a
defragmentation.
D.
Correct: This figure is above the 10% threshold, so Windows will recommend a
defragmentation.
E.
Correct: This figure is above the 10% threshold, so Windows will recommend a
defragmentation.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 1.4 Install and Configure Server Hardware Devices
14
-

33
Objective 1.4
Install and Configure Server
Hardware Devices
A signed driver is one that has a digital certificate attached from Microsoft that guaran-
tees that the driver has been tested on a wide variety of configurations and has been
deemed reliable. Windows Server 2003 can be configured to look for this particular
digital certificate and refuse to install drivers that have not met with Microsoft’s
approval.
An administrator may not wish to use only Microsoft-approved device drivers all the
time. Administrators can override any signing settings by manually setting this option
in the System Properties. The options include Block, Warn, and Ignore. Block disallows
the installation of unsigned drivers, Warn allows the installation but produces a mes-
sage that must be approved notifying the administrator that the user is about to install
unsigned drivers, and Ignore produces no warning and simply installs the drives
regardless of whether they have been digitally signed.
The resources that a hardware device uses can be configured in the Device Manager by
selecting the device and, from the Action menu, selecting Properties. Newly installed
hardware can sometimes conflict with other hardware on the system and these con-
flicts can best be resolved by adjusting resources such as I/O range and IRQ.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
14-34
Chapter 14 Managing and Maintaining Physical and Logical Devices (1.0)
Objective 1.4 Questions
1.
Oksana has recently replaced Rooslan as the systems administrator of six Windows
Server 2003 systems. These six servers are stand-alone systems and not members of
any domain. Several weeks into her tenure, Oksana receives the go-ahead to buy a
Digital Audio Tape (DAT) backup drive for each of the Windows Server 2003 systems.
At a prescheduled time she brings the servers down and installs the new hardware.

When all the servers have been brought up, Oksana logs on to each and is confronted
by the Add New Hardware Wizard. She begins the process of installing the software for
the new hardware but finds that the process fails because the driver cannot be
installed. Oksana then investigates the driver signing setting in the System Properties.
The driver signing option is set to Block with the other options dimmed. Although the
drivers have not been digitally signed by Microsoft, Oksana has decided that she wants
to use them and that they will pose no problems to the stability of the servers that she
administers. Which of the following actions can Oksana take to allow the installation of
unsigned drivers on all six of these Windows Server 2003 systems? (Select all that
apply.)
A.
Oksana should reconfigure the domain GPO and set the Unsigned Driver Installa-
tion Behavior policy to Warn But Allow Installation.
B.
Oksana should reconfigure the local GPO and set the Unsigned Driver Installation
Behavior policy to Warn But Allow Installation.
C.
Oksana should check the Administrator Option / Make This Action The System
Default check box in the Driver Signing Options dialog box, accessible from the
System Properties. This will enable her to switch the option from Block to Warn.
D.
Oksana should reconfigure the GPO assigned to the site that the servers are set up
in and set the Unsigned Driver Installation Behavior policy to Warn But Allow
Installation.
E.
Oksana should reconfigure the GPO applied to the OU that the servers are mem-
bers of and set the Unsigned Driver Installation Behavior policy to Warn But Allow
Installation.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 1.4 Install and Configure Server Hardware Devices

14
-
35
2.
You are a systems administrator at a medium-sized organization. You maintain a test
lab of five Windows Server 2003 systems that are all members of your organization’s
single domain. Because the organization has had trouble in the past with some users
with sufficient privileges installing unsigned drivers on the system the default domain
GPO has been configured to block the installation of all unsigned drivers on computers
that are members of the domain. The domain GPO also blocks access for all users to
the System Properties and hides all icons on the desktop. Until recently this was
unproblematic; however you have just received a new batch of high-performance net-
work cards that you wish to test on your lab servers. These high performance network
cards ship with drivers that have not been digitally signed by Microsoft. Because you
cannot access the System Properties you cannot override the default domain GPO set-
ting that blocks the installation of unsigned drivers. Which of the following methods
allows you to override the default domain GPO and change the setting on your lab
servers to Warn but not change the overall setting for other computers in your domain?
A.
Edit the local GPO on each server and set the Unsigned Driver Installation Behav-
ior policy to Warn But Allow Installation.
B.
Edit the GPO applied to the site in which the servers in your lab reside and set the
Unsigned Driver Installation Behavior policy to Warn But Allow Installation.
C.
Create a new organizational unit called Mylab. Move the computer accounts for
the Windows Server 2003 systems in to the Mylab OU. Create a GPO that sets the
Unsigned Driver Installation Behavior policy to Warn But Allow Installation and
apply it to the Mylab OU.
D.

Edit the Domain GPO and set the Unsigned Driver Installation Behavior policy to
Warn But Allow Installation.
E.
Create a group and put your user account in this group. Create a GPO that sets the
Unsigned Driver Installation Behavior policy to Warn But Allow Installation and
apply this GPO to the newly created group.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
14-36
Chapter 14 Managing and Maintaining Physical and Logical Devices (1.0)
3.
You are the part-time systems administrator for a small desktop publishing business.
There is a Windows Server 2003 stand alone at your office. You have recently come
into possession of a legacy fax board, a device that allows multiple faxes to be sent and
received at the same time. You install the board on the Windows Server 2003 system
but discover that it does not work. You examine the Device Manager and notice that a
yellow warning with a black exclamation mark sits beside the fax board icon. You sus-
pect that there is an IRQ conflict with another device on this same system, a legacy
RAID controller. Which of the following describes the correct method of altering the
fax board’s configuration so that there is no IRQ conflict between the legacy fax board
and the legacy RAID controller?
A.
Select the RAID controller in the Device Manager. From the Action menu, select
Properties. Select the Resources Tab, and then clear the Use Automatic Settings
check box. Select the IRQ and click Change Settings. Scroll through the IRQs
until you find one that does not conflict with any others. Click OK and then restart
the server.
B.
Select the fax board in the Device Manager. From the Action menu, select Properties.
Select the Resources tab, and then clear the Use Automatic Settings check box. Select
the IRQ and click Change Settings Scroll through the IRQs until you find one that

does not conflict with any others. Click OK and then restart the server.
C.
Select the RAID controller in the Device Manager. From the Action menu, select
Properties. Select the Resources tab, and then clear the Use Automatic Settings
check box. Select the I/O Range and click Change Settings button. Scroll through
the I/O Range until you find one that does not conflict with any others. Click OK
and then restart the server.
D.
Select the fax board in the Device Manager. From the Action menu, select Proper-
ties. Select the Resources tab, and then clear the Use Automatic Settings check
box. Select the I/O Range and click Change Settings. Scroll through the I/O Range
until you find one that does not conflict with any others. Click OK and then restart
the server.
E.
Select the RAID controller in the Device Manager. From the Action menu, select
Properties. In the Device Usage drop-down list on the General tab, select Do Not
Use This Device (Disable).
F.
Select the fax board in the Device Manager. From the Action menu, select Proper-
ties. In the Device Usage drop-down list on the General tab, select Do Not Use
This Device (Disable).
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 1.4 Install and Configure Server Hardware Devices
14
-
37
4.
You have recently installed three legacy network cards on a Windows Server 2003
member server. Two of the network cards are working properly, but a third appears to
be conflicting with another device on your system. How can you determine which

other device on the system is conflicting with the third network card?
A.
Run the Device Manager and look for another device with a yellow and black
exclamation mark beside it.
B.
View the application log and look for an entry that describes the device with
which the network card conflicts.
C.
Run the Device Manager and select the network card that has the yellow and black
exclamation mark beside it. From the Action menu, select Properties. On the
Resources tab, clear the Use Automatic Settings check box. A conflicting device list
will be displayed with the resources that conflict.
D.
Run the Hardware Troubleshooting Wizard and select Resolve All Device Conflicts.
E.
Run the Hardware Troubleshooting Wizard and select Report On All Device
Conflicts.
5.
You would like to view a list of devices connected to your Windows Server 2003 sys-
tem listed numerically by IRQ. Which of the following methods could you use to do
this? (Select all that apply.)
A.
Use the Device Manager and from the View menu, select Resources By Connection.
B.
Use the Device Manager and from the View menu, select Resources By Type.
C.
Use the Device Manager and from the View menu, select Devices By Connection
D.
Use the Device Manager and, from the View menu, select Devices By Type.
E.

This cannot be done.
6.
You have two modems connected to a Windows Server 2003 system that are used to
create a multilink connection to a remote site using on-demand routing. You have
found that the line quality to the remote site is not particularly high and you want to
modify the port speed of both modems. Which of the following administrative tools
would you use to do this?
A.
Use the Device Manager to find the modems and select their properties.
B.
Use the Phone And Modem Options in Control Panel to adjust the modem speeds.
C.
Use the Routing And Remote Access console to adjust the modem speed.
D.
Right-click on My Network Places and select Properties. Edit the properties of the
multilink connection to the remote site and reduce the connection speed.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
14-38
Chapter 14 Managing and Maintaining Physical and Logical Devices (1.0)
7.
You are the systems administrator for a small agricultural college. One of the problems
that you have encountered is students installing different devices on their Windows XP
Professional workstations in their dormitory rooms. The college allows only Windows XP
Professional workstations that it has leased to the students to join the dormitory net-
work. This allows administration to restrict the students from engaging in undesirable
activities such as peer-to-peer (P2P) file sharing.
Your group within the college is responsible for maintaining these workstations. After
analyzing the amount of time that your group spends supporting the workstations, it
has been found that 30 percent of the time goes to repairing faults caused by the instal-
lation of unsigned device drivers. You would like to prevent unsigned device drivers

from being installed on the dormitory room workstations. Which of the following
methods will achieve this goal without altering the settings on any other computers
within the domain?
A.
Move all computer accounts for dormitory room workstations into a newly created
organizational unit named Dormwkstn. Create a GPO that sets the Unsigned
Driver Installation Behavior policy to Warn But Allow Installation. Apply this GPO
to the Dormwkstn OU.
B.
Create a group named Dormwkstn and add all computer accounts for dormitory
room workstations to this group. Create a GPO that sets the Unsigned Driver
Installation Behavior policy to Warn But Allow Installation. Apply this GPO to the
Dormwkstn group.
C.
Create a group named Dormwkstn and add all dormitory room user accounts to
this group. Create a GPO that sets the Unsigned Driver Installation Behavior policy
to Warn But Allow Installation. Apply this GPO to the Dormwkstn group.
D.
Move all computer accounts for dormitory room workstations into a newly created
organizational unit named Dormwkstn. Create a GPO that sets the Unsigned
Driver Installation Behavior policy to Do Not Allow Installation. Apply this GPO to
the Dormwkstn OU.
E.
Create a group named Dormwkstn and add all computer accounts for dormitory
room workstations to this group. Create a GPO that sets the Unsigned Driver
Installation Behavior policy to Do Not Allow Installation. Apply this GPO to the
Dormwkstn group.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 1.4 Install and Configure Server Hardware Devices
14

-
39
Objective 1.4 Answers
1.
Correct Answers: B and C
A.
Incorrect: All six of the Windows Server 2003 server systems are stand-alones
and not members of any domain. Editing GPOs applied to any domain has no
influence on these servers because they are not affected by external GPOs.
B.
Correct: The other options are dimmed because the Administrator Option / Make
This Action The System Default check box is not selected. Selecting the check box
means that any change is instantly reflected in the local GPO. The local GPO can
also be edited without selecting this check box to obtain the same result.
C.
Correct: The other options are dimmed because the Administrator Option / Make
This Action The System Default check box is not selected. Selecting the check box
means that any change is instantly reflected in the local GPO. The local GPO can
also be edited without selecting this check box to obtain the same result.
D.
Incorrect: All six of the Windows Server 2003 server systems are stand-alones
and not members of any domain. Editing GPOs applied to any domain or site has
no influence on these servers because they are not affected by external GPOs.
E.
Incorrect: All six of the Windows Server 2003 server systems are stand-alones
and not members of any domain. Editing GPOs applied to any domain has no
influence on these servers because they are not affected by external GPOs.
2.
Correct Answers: C
A.

Incorrect: Local GPOs are overridden by Site, Domain, and Organizational Unit
GPOs. Because the GPO in question is applied at the Domain level, it will have
precedence over the Local GPO settings.
B.
Incorrect: Local GPOs are overridden by Site, Domain, and Organizational Unit
GPOs. Because the GPO in question is applied at the Domain level it will have
precedence over the Site GPO settings.
C.
Correct: By creating an OU and moving the specific computer accounts in the
test environment into the OU, a group policy can be applied that will influence
only these specific systems. As Group Policy applied at the OU level overrides that
applied at the Site or Domain level, a policy applied to the OU level on driver
signing will override the default domain GPO for computers that are members of
this OU.
D.
Incorrect: This will change the settings for all computers in the domain, which
was forbidden in the question setup.
E.
Incorrect: GPO cannot be applied directly to groups; GPO can apply only to
Sites, Domains, Organizational Units, and Locally. Groups can be used to modify
which users in a Site, Domain, or OU the GPO applies do.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
14-40
Chapter 14 Managing and Maintaining Physical and Logical Devices (1.0)
3.
Correct Answers: B
A.
Incorrect: This alters the RAID controller configuration, not the fax board config-
uration. The question asked how the fax board configuration should be altered.
B.

Correct: The first thing to do is make sure that the IRQ, rather than the I/O on
the fax board is adjusted. While the settings are adjusted, the dialog will display
any other conflicts that might arise. Keep altering the IRQ setting until a free IRQ
is found. There is no point stopping a conflict between a fax board and a RAID
controller if it leads to a conflict between the fax board and another device.
C.
Incorrect: This answer configures the wrong hardware device and the wrong
resource setting (I/O as opposed to IRQ).
D.
Incorrect: This answer configures the wrong resource setting (I/O as opposed to
IRQ).
E.
Incorrect: This action merely disables the device; it does not resolve the conflict.
Disabling the RAID controller will also not be helpful for maintaining a stable
server.
F.
Incorrect: This action merely disables the device; it does not resolve the conflict.
4.
Correct Answers: C
A.
Incorrect: Because the other device is working, it has taken precedence over the
third network card. It will have no outward appearance of having any problems.
B.
Incorrect: If a conflict was logged, it would be logged in the system log rather
than the application log.
C.
Correct: By examining the Resources tab on the Device Properties dialog box,
you can generate a list of all devices that have resources that conflict with the par-
ticular device in which you are interested. From here you can decide also if you
want to configure a device manually to use different resources or, if that is not

possible, check the properties of the conflicting device to see if its resources can
be changed.
D.
Incorrect: This option does not exist from the Hardware Troubleshooting
Wizard.
E.
Incorrect: This option does not exist in the Hardware Troubleshooting Wizard.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Objective 1.4 Install and Configure Server Hardware Devices
14
-
41
5.
Correct Answers: A and B
A.
Correct: A list of devices by IRQ can be generated by viewing resource by con-
nection or by type in Device Manager. To locate the IRQ number for a particular
device in other views, the specific device properties must be viewed.
B.
Correct: A list of devices by IRQ can be generated by viewing resource by con-
nection or by type in Device Manager. To locate the IRQ number for a particular
device in other views, the specific device properties must be viewed.
C.
Incorrect: This option does not sort by IRQ.
D.
Incorrect: This option does not sort by IRQ.
E.
Incorrect: A list of devices by IRQ can be generated by viewing resource by con-
nection or by type in Device Manager. To locate the IRQ number for a particular
device in other views, the specific device properties must be viewed.

6.
Correct Answers: B
A.
Incorrect: Modem port speeds cannot be adjusted using the Device Manager.
B.
Correct: Because the modem speeds need to be adjusted for several connections
the best option is to edit the modem properties using Phone And Modem Options
in Control Panel.
C.
Incorrect: The Routing And Remote Access MMC cannot be used to adjust the
modem port speed.
D.
Incorrect: Network Connections (accessible through the My Network Places
properties or Control Panel) cannot be used to adjust the modem port speed.
7.
Correct Answers: D
A.
Incorrect: This option allows the installation of unsigned drivers rather than
blocking it.
B.
Incorrect: GPOs cannot be applied to distribution or security groups.
C.
Incorrect: GPOs cannot be applied to distribution or security groups.
D.
Correct: GPOs can be applied to sites, domains, and organizational units. There
is also a GPO that can be edited and applied locally. The policy must be set to Do
Not Allow Installation.
E.
Incorrect: GPOs cannot be applied to distribution or security groups.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
15 Managing Users,
Computers, and Groups
(2.0)
Users need access to resources on the network to do their daily work, but should not
have access to unauthorized data. This access is gained by logging on to a computer
that has access to the domain, and then being acknowledged as a member of assigned
groups in the domain. Permissions to resources can only be set for users, groups, and
computers that are recognized by the domain.
Creation of these user, group, and computer accounts can be done manually through
tools provided in the Microsoft Windows Server 2003 interface, or automated through
command-line tools or scripts. The methods of creating user, group, and computer
accounts are important to success on the exam.
Related to the creation and management of user, group, and computer accounts are the
granting of permissions appropriate to the level of access needed, and the manage-
ment of data related to the account, such as logon scripts and user profiles.
Testing Skills and Suggested Practices
The skills that you need to master the Managing Users, Computers, and Groups objec-
tive domain on Exam 70-290: Managing and Maintaining a Microsoft Window Server
2003 Environment include
■
Manage local, roaming, and mandatory user profiles.
❑
Practice 1: Configure a roaming profile for secure access. Set the permissions
on an individual profile folder for that user. Make sure that no other users
have access to the data, and that users can log on and use their profile data
successfully.
❑
Practice 2: Change the configuration of the roaming profile to make it man-
datory. Groups of users sharing a profile should not be able to change it. To

do this rename the shared profile from Ntuser.dat to Ntuser.man. Using a
mandatory profile does not limit the ability of users who share the profile
from creating, modifying, or deleting application data files within the profile
folder structure.
15-1
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
15-2
Chapter 15 Managing Users, Computers, and Groups (2.0)
■
Create and manage computer accounts in an active directory environment.
❑
Practice 1: Use the Active Directory User And Computers MMC to create two
new computer accounts within the domain.
❑
Practice 2: Join a new Windows XP workstation to the Windows Server 2003
domain. Examine Active Directory Users And Computers and note that the
new computer account is added to the directory.
■
Create and manage groups.
❑
Practice 1: Use manual methods to create user, group, and computer
accounts. Use the Active Directory Users And Computers MMC snap-in, and
the Directory Service command-line tools to create user, group, and computer
accounts. Modify the properties of user accounts and test the effect of various
property changes. Use the System Properties interface at a desktop computer
to join computers to the domain.
❑
Practice 2: Use automated methods to create user, group, and computer
accounts.
❑

Practice 3: Place users, groups, and computers as members of a group. Use
both interface-based and command-line tools.
❑
Practice 4: Identify group membership in a complex group hierarchy. Use the
Directory Service command-line tools to do bulk analysis.
■
Create and manage user accounts.
❑
Practice 1: Create four different user accounts using the Active Directory
Users And Computers MMC.
❑
Practice 2: Create a single user account using the Active Directory Users and
Computers MMC. Configure specific settings for the user’s logon hours and
group membership. Create three similar accounts using the copy command.
■
Troubleshoot computer accounts.
❑
Practice 1: Create a computer account in the Active Directory Users and Com-
puters MMC. In the dialog box alter the group that can add the computer to
the domain from the Domain Admins group to the Users group.
❑
Practice 2: In the Active Directory Users and Computers MMC locate a test
Windows XP computer account that has recently been joined to the domain.
Using the Action menu, Disable the computer account. Try to use this com-
puter to gain access to the domain.
■
Troubleshoot user accounts
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Chapter 15 Managing Users, Computers, and Groups (2.0)
15

-
3
❑
Practice 1: Modify the Default Domain GPO and alter the Account Lockout
threshold to three attempts. Log on with incorrect credentials to a Windows
Server 2003 domain with a normal user account until the account is locked.
Use the Active Directory Users and Computers MMC to re-enable the account.
❑
Practice 2: Reset the password on a user account and configure the account to
force the user to change their password to one of their own the next time that
they log on.
■
Troubleshoot user authentication issues.
❑
Practice 1: Edit the default domain policy GPO to change the password poli-
cies. Configure the Account Lockout Threshold policy to three invalid logon
attempts. Set the Account Lockout Duration policy to 30 minutes.
❑
Practice 2: Edit the default domain policy GPO to change the password poli-
cies. Set the Enforce Password History policy to 10 passwords. Set the Mini-
mum Password Age policy to 2 days. Set the Minimum Password Length
policy to 10 characters.
Further Reading
This section contains a list of supplemental readings divided by objective. If you feel you
need additional preparation before taking the exam, study these sources thoroughly.
Objective 2.1 Review Chapter 3, “User Accounts,” which focuses on the creation and
management of user accounts and user profiles.
Review Chapter 4, “Group Accounts,” which contains additional information on
automated creation of groups, group type and scope, and nesting groups.
Microsoft Corporation. Microsoft Windows Server 2003 Deployment Kit. Volume:

Designing a Managed Environment. Redmond, Washington: Microsoft Press, 2003.
This volume can be found on the Microsoft Web site at:
/windowsserver2003/techinfo/reskit/deploykit.mspx.
Objective 2.2 Review Chapter 5, “Computer Accounts,” which contains information
about creating computer accounts through manual and automated means, various
methods of joining the computer accounts to a domain, and resetting the pass-
word on a computer account.
Microsoft Corporation. Windows Server 2003 Help and Support Center. Review
“Manage Computers.”
Objective 2.3 Review Chapter 4, “Group Accounts,” which focuses on the creation
and management of user accounts and user profiles.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
15-4
Chapter 15 Managing Users, Computers, and Groups (2.0)
Microsoft Corporation. Windows Server 2003 Help and Support Center: “Managing
Domain Users and Groups: Using Groups.”
Objective 2.4 Review Chapter 3, “User Accounts,” which focuses on the creation and
management of user accounts and profiles.
Microsoft Corporation. Windows Server 2003 Help and Support Center: Managing
Domain Users and Groups: User and Computer Accounts.
Objective 2.5 Review Chapter 5, “Computer Accounts,” which contains information
about creating computer accounts through manual and automated means, various
methods of joining the computer accounts to a domain, and resetting the pass-
word on a computer account.
Microsoft Corporation. Windows Server 2003 Knowledge Base article 325850:
“How to Use netdom.exe to Reset Machine Account Passwords of a Windows
Server 2003 Domain Controller.”
Objective 2.6 Review Chapter 3, “User Accounts,” which describes some techniques
for troubleshooting user of user accounts.
Microsoft Corporation. Windows Server 2003 Help and Support Center: Managing

Domain Users and Groups: User and Computer Accounts.
Objective 2.7 Review Chapter 3, “User Accounts,” which focuses on the creation and
management of user accounts and profiles.
Microsoft Corporation. Windows Server 2003 Help and Support: Managing Domain
Users and Groups: User and Computer Accounts.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.