During the restructure, you'll need to create the objects and assign them according to your design. Note the wide range of options shown in Figure 7. It's also possible to configure logon and logoff batch files and to control the installation of software for a particular user. In this practice, you examine how a Windows group policy works. In the domain above a number of values have been assigned as registry keys for use in the domain.
At different levels in the domain group policy objects are used to set particular values to some of these keys; for example, in the Europe GPO the value of A is set to The actual keys in themselves could represent anything such as A being the percentage of bandwidth allowed and B being the number of objects in a database. The important point of the practice is that you check your understanding of how GPOs work and how to ascertain the final settings for any OU. Working through the practice will also give you a better feel for why it is not a good idea to have very deep OUs with a policy assigned on each OU because this is the exact path that your systems will have to traverse for your entire active set of user accounts.
The values of each registry key set in the GPOs on the objects are shown in the figure and in the following table format. In this lesson, you learned how the Windows NT system policies, based around the Ntconfig. In this lesson, you will examine the effect of Windows NT and Windows policies in a mixed migrated environment. In their own environments, both Windows NT and Windows policies offer tremendous benefits in locking down preventing users from changing and maintaining a user's environment.
However, in a migration environment, you might experience inconsistencies and your users or your help desk will need to know how to handle them. One aspect of Windows NT system policies is that no "Undo" feature exists. Once a policy has been applied, it's difficult to reverse the effects without prior knowledge of every workstation whose registry settings were affected by the policy change.
Because Windows NT registry changes made by policies are permanent, it is known as tattooing. Windows policies can be removed from Windows client systems simply by removing the relevant GPOs from the containers. Their policy settings are saved in two new special areas of the registry that don't exist in Windows NT. Windows can replicate this behavior by changing the following setting found in the domain GPO policy.
If you have any Ntconfig. Tattooing is an excellent feature when you want to make certain registry settings permanent. For example, you might want a logon banner to appear even when a user is validated by his or her local machine instead of just the domain. Another positive effect of tattooing is when you want to ensure consistency between Windows NT and Windows client systems. However, tattooing is disadvantageous when you need to undo settings or change settings regularly. How policies from Windows NT will migrate to Windows must be considered when planning the migration because you might not want to have tattooing on the registries of Windows clients by Windows NT policies.
Consider the following five scenarios. Instead, the settings in any migrated Ntconfig. In contrast, a Windows client will receive its settings from any GPOs set for the user and computer objects in the Active Directory of the Windows domain controller. If an upgraded Windows controller is in the domain, the Windows client will try to be authenticated by the Windows controller and hence, get its user and computer settings from the GPO mechanism instead of from the Ntconfig.
However, if for any reason the Windows client can't be authenticated by a Windows domain controller, and it was authenticated by a Windows NT domain controller, the Ntconfig. In other words, the setting from the Ntconfig. Once the GPO is removed, the setting from the Ntconfig. The resource domain is still a Windows NT domain with a one-way trust to the upgraded domain.
If a user logs on via a Windows NT workstation in the Windows NT resource domain, the resource domain will pass through the authentication to the Windows domain holding all the user accounts. The workstation will use both the user and computer settings in the Ntconfig. However, if a user logs on via a Windows workstation in the Windows NT resource domain, the Windows workstation will use any GPOs set for the user from the trusted Windows domain and combine those with the computer policy settings from the Ntconfig.
Microsoft Windows Architecture Training Training Kit
If User1 and User2 log on via the same Windows NT workstation, the workstation will have computer settings from the Ntconfig. Any policies that contain conflicts will be overwritten by whichever user's Ntconfig. This scenario is discussed in Lesson 3, "Migration Environments," of Chapter 1. It is relatively stable compared to the previously discussed scenarios and is an advantage when considering upgrading the Windows NT workstations to Windows prior to any upgrade of domain controllers. Computer policies are received from the Ntconfig. User registry settings are received from the GPOs if the user is authenticated by the Windows domain or from the Ntconfig.
This scenario could represent a complete trust relationship or might be part of a multiple master domain situation in which one of the accounts domains has already been upgraded to Windows In this case, User1 is held on the Windows NT accounts domain that is awaiting upgrade.
As you can see from Figure 7. User2's situation is simpler: because this user account is held on the Windows domain controller, all policies for the user and computer are determined by GPOs on the Windows domain controller. As you've seen, how the policies are assigned depends on where the user is authenticated, and with roaming users, this can vary from one session to the next.
The scenarios become even more complicated when you consider that these examples have used pure Windows NT and Windows domains. Consider the problems if each of the domains shown contain both Windows NT and Windows domain controllers. Policy processing issues must be addressed in the migration planning process. After an upgrade, all the users and security groups in the source domain are placed in the Users container object in the new Active Directory. You can create OUs in the upgraded domain to. You'll then see the effect of running the Windows NT Ntconfig.
The user Migkitfin1 is a member of the migkit Finance group, so this policy should apply to Migkitfin1. Prior to completing your upgrade analysis of policies and profiles, you might want to make your own investigations. If you have the time, experiment. To help you learn, create a table of users and workstation types and then do some or all of the following:. In this lesson, you learned about the differences between the Ntconfig.
Other retired exams
Authentication by a Windows NT controller can occur if the system is in a Windows NT resource domain with a trust relationship to a Windows domain that holds the user accounts or if no Windows domain controllers are available at logon in a mixed-mode environment. This can lead to problems for users who might see different environments, depending on which system authenticates their logons.
You should have worked through Chapter 4, "Assessing Your Network Infrastructure," and completed all your testing to prepare your application servers for upgrading. You should especially ensure that checking is carried out on all mission-critical applications such as LOB, e-mail, and financial programs. Once you've ascertained that they can be upgraded and you've determined the potential risks, the next step is to plan for when and how to upgrade the application servers.
- Shop by category.
- Upgrading to Microsoft Windows MCSE Training Kit w/Sealed CD MCP Textbook | eBay.
- Handbook of the History of Logic. Volume 04: British Logic in the Nineteenth Century;
If it's impossible to plan the application servers upgrade for a weekend, public holiday, or evening, and the application is required to run 24x7, you'll need to plan for a backup server to make the data available while the original is being upgraded. In this case, you'll need to do some or all of the following:. DHCP and WINS servers upgrade without any problems, but you'll need to provide alternative services for IP management if the upgrade is taking place during working hours.
Although the anonymous connection is supported in Windows NT, it isn't supported in Windows without relaxing important security levels. If required, you can enable access to the Everyone group during the migration, at the cost of degrading security. If devices in the BDC aren't detected or are detected incorrectly, the upgraded Windows system won't function correctly and you'll need to install the missing drivers after the upgrade.
Therefore, you should attempt to perform a pilot upgrade on an identical platform before upgrading the production system. The system will copy files to the hard disk and then reboot twice during the installation, as in the PDC upgrade you performed in the previous chapter. After the basic installation has completed, the Active Directory Installation Wizard page appears. Use the Device Manager to check that the network card is working and update the drivers if necessary. In the first step of the Active Directory installation, you select the role of the server.
It can be a domain controller and take part in the Active Directory, or it can be a member server and hold only resources. Unlike Windows NT, it's possible to demote a domain controller to a member server without reinstalling the operating system. It's also possible to promote a member server to a domain controller. In Figure 7. At the Network Credentials screen shown in Figure 7. You must now be authenticated in the domain that the server is joining.
It isn't required that the Administrator user name be used, but the user name entered must be a member of the Administrators group. You are now shown a summary page similar to the one shown in Figure 7. Your page could appear somewhat different depending on the locations you've chosen for the Active Directory components. During the upgrade, the progress page will keep you informed of the action currently being performed. At the end of the upgrade, the Active Directory Installation Wizard will display the completion page you saw in Figure 6. After the system restarts, your system will be running Windows as a domain controller in the migkit.
In this lesson, you learned how to upgrade a Windows NT backup domain controller to a Windows domain controller. Once the planned Windows NT domain controllers have been migrated to Windows domain controllers, the final stage is to switch to native mode, which should be done as soon as possible to take advantage of such features as universal groups and group nesting. You shouldn't remain in mixed mode unless you have good reasons, such as application compatibility problems. Converting to native mode is an action that is performed once in the migration.
It's a one-way conversion. There's no way to revert to mixed-mode operation without reinstalling the operating system. In this practice, you'll convert the migkit. You'll then be shown a message box that warns you of the time that it will take for the changes to propagate.
Download MCSE Training Kit: Upgrading to Microsoft Windows 2000 (IT-Training Kits) Ebook Online
Once the changes have propagated, the migkit. The following questions reinforce key information presented in this chapter. If you're unable to answer a question, review the appropriate lesson and then try again. Appendix A, "Questions and Answers," provides answers to the questions. See All Customer Reviews. Shop Books. Add to Wishlist. Right-click the desktop and select Properties from the shortcut menu that appears. The desktop pattern will change as Critters is loaded.
Right-click the desktop and select Properties from the shortcut menu. Select the Background tab and use the Browse button to select the Winnt. Click OK to close the Display Properties dialog box. The Windows NT Workstation bitmap should appear on your screen. Change the background to Solar Eclipse. Answers When working with a mixture of Windows NT and Windows clients, these types of anomalies will occur frequently. Lesson Summary In this lesson, you learned that the profile settings for a user are retained after upgrading a Windows NT domain controller; however, if a mixed environment of Windows NT and Windows clients are used, users who log on to both platforms might encounter inconsistencies with their profiles.
After this lesson, you will be able to Explain how Windows NT and Windows system policy mechanisms differ. Understand the problems associated with policies in a mixed environment. Estimated lesson time: 25 minutes Windows NT Policies Windows NT policies allow administrators to tailor the environment of their users by using a program called the System Policy Editor. Policies are applied in the following order: Ntconfig. This file is used by Windows NT to implement policies. It is stored on the Netlogon share on each domain controller.
In a pure Windows environment, Ntconfig. It should be migrated to a group policy object as soon as possible and applied at the appropriate level. Local Computer. These policies are set on the local computer. These policies are set for the site. They tend to address the needs of the WAN links, such as network bandwidth settings. These policies are set for the domain. They tend to be security-related, such as a policy that requires all users to have a password length of seven or more characters.
Organizational Unit. These policies are set for the OU containing the account. These policies are more concerned about the users and the computers in their environment. For example, these policies might determine which options are available to users on the Start menu, or whether users in an OU can see the My Computer icon on their desktops. GPO Basics The policies can interact in many different ways. Avoid large numbers of GPOs at a container. As a rough guide more than eight GPOs at an OU is a clear indication something is wrong and the design should be revised.
GPO computer settings are installed at reboot for the machine. GPO User settings are installed at logon for the user. The user has to log on to remove a GPO. GPOs are applied in full at first reboot and logon.
MC MCSE Article: Dazed & Confused by the New Microsoft Certifications
Subsequent settings are only applied if the GPO changes. Assigning a Group Policy Object Figure 7. Right-click a container object and select Properties. From the container's Properties dialog box, click the Group Policy tab. Now you'll see a dialog box similar to the one shown in Figure 7. Practice: Working with Group Policies In this practice, you examine how a Windows group policy works. Complete the table by entering in each blank cell the effective settings for these keys on each of the containers assuming normal inheritance. After this lesson, you will be able to Understand how policy mechanisms behave during the upgrade.
Explain how system policies are used in conjunction with OUs. Estimated lesson time: 40 minutes Policies in Mixed Environments In their own environments, both Windows NT and Windows policies offer tremendous benefits in locking down preventing users from changing and maintaining a user's environment.
Windows Registry Areas for Policies Windows policies can be removed from Windows client systems simply by removing the relevant GPOs from the containers. Benefits of Tattooing Tattooing is an excellent feature when you want to make certain registry settings permanent. Policy Scenarios How policies from Windows NT will migrate to Windows must be considered when planning the migration because you might not want to have tattooing on the registries of Windows clients by Windows NT policies. Policy Pandemonium As you've seen, how the policies are assigned depends on where the user is authenticated, and with roaming users, this can vary from one session to the next.
Organizational Units After an upgrade, all the users and security groups in the source domain are placed in the Users container object in the new Active Directory. You can create OUs in the upgraded domain to Apply group policy objects to replace those previously supplied by Ntconfig. Allow control to be delegated within the upgraded domain. Practice: Investigating Ntconfig.
To create an Ntconfig. Select Add Group from the Edit menu. From the Add Group dialog box, click Browse and then select the Finance group. Double-click the new Finance group to open its Properties dialog box. Now expand the Control Panel policy until you reach Restrict Display. Place a check mark next to Restrict Display. Options for the Restrict Display setting will appear in the bottom half of the dialog box. Place a check mark next to Hide Background Tab. Your screen should look like that shown in Figure 7. Select Save from the File menu and save the policies as Ntconfig. Verify that the policy has taken effect by clicking the Start button to see that the Run command has disappeared.
Right-click the desktop and select Properties to verify that the Background tab has also been removed. Right-click the migkit. Click Organizational Unit. You will now create a group policy object and assign it to the Finance OU. Right-click the Finance OU and select Properties from the shortcut menu. Select the Group Policy tab in the Finance Properties dialog box. Click the New button to create a new group policy object. Right-click the new object, if necessary, and change its name to Financeprops. Click the Edit button to open the Group Policy window.
When the Properties dialog box opens, select the Enabled option. To add a program, click the Show button. When the Show Contents dialog box appears, click the Add button and type write. Try to use the Run command on the Start menu. What happens? Try to access the Background tab in the Display Properties dialog box. Answers Further Research Prior to completing your upgrade analysis of policies and profiles, you might want to make your own investigations.
To help you learn, create a table of users and workstation types and then do some or all of the following: Create a few more users Migkitfin3, Migkitfin4, and so on and place them in the Finance OU. Create some user settings in the GPO for Finance. Experiment with having the Ntconfig. When you create your policies, use obvious settings like colors and bitmaps.
When using bitmaps, create ones that make changes in settings obvious, such as writing the bitmaps with the words "Bitmap for Migkitfin4 user on MIGKIT domain. If you have extra PCs to experiment with, install a resource domain with Windows NT and Windows clients and try some of the combinations shown in the diagrams in this lesson. Lesson Summary In this lesson, you learned about the differences between the Ntconfig. After this lesson, you will be able to Understand the tasks to perform before upgrading a backup domain controller.
Estimated lesson time: 40 minutes Server Upgrades You should have worked through Chapter 4, "Assessing Your Network Infrastructure," and completed all your testing to prepare your application servers for upgrading. Business Continuity During Upgrade If it's impossible to plan the application servers upgrade for a weekend, public holiday, or evening, and the application is required to run 24x7, you'll need to plan for a backup server to make the data available while the original is being upgraded.
In this case, you'll need to do some or all of the following: Freeze any new data entry until the upgrade process has completed. Have a process in place for migrating all changes from the backup server that do occur during the upgrade. Create a clustering solution that will enable one system to be upgraded while the other system manages the users. Once the upgrade on one system has completed, bring it back online and upgrade other nodes of the cluster. Pre-Upgrade Procedures Before beginning the upgrade of a BDC, you should at least perform the following: Test hardware, software, and procedures in a non-production lab environment.
Ensure that you have a backup of the BDC and you have a fully replicated BDC functioning that is maintained offline during the upgrade. Have all the Windows drivers for all the hardware devices in the server to be upgraded. During the upgrade, the server will establish contact with the other servers in the domain that it's being installed into. As a result, a significant burst of network traffic during the actual upgrade can occur, and you'll need to plan to perform the upgrade in the quieter hours of the day when the systems aren't being heavily used.
As with the PDC upgrade, ensure that the network card drivers have been correctly installed and that the network is functioning before the Active Directory installation wizard is started. For systems such as domain controllers, it's preferable to configure static IP addresses.
When prompted whether you want to upgrade, click Yes and choose Upgrade To Windows Verify or make changes as needed so that the IP Address is I decided to take the exam at the end of the bootcamp, without studying for it, based strictly on my background. In fact, the bootcamp providers were considering adding one of the new electives. The topic was opened up to the class, and we all thought it would be a great idea to roll out the new elective with our class. So instead of taking Proxy 2. We were told it would be new for the bootcamp process, as well as for us.
In essence, we were guinea pigs. Every member of my class, including me, voted in favor of the new elective. If we flunked the exam on the first try, the second attempt would be covered by the bootcamp providers. It was a win-win situation. At that point, I put the decision to take on a back burner. No one was caught off-guard, and everyone welcomed the opportunity. The bootcamp providers were VUE testing centers.
All bootcamp tests were scheduled for the students. Seven tests were included in the price of the bootcamp. Testing was conducted at the students' computers in the classroom. The computers were booted into a test mode Windows After going through the normal sign-in procedures required by VUE, students cleared their desks and began the test.
A VUE authorized proctor remained in the room to oversee the exam. Some exams were conducted in the morning, and some which were killers for me were done in the late afternoon and early evening. I did much better in the morning exams. Time was built into the schedule in case students had to retest.
One student flunked the Server exam, and left the bootcamp unexpectedly. One student flunked the Designing Security exam on the morning of day He knew as soon as he finished what his mistakes were. He opted to retake the exam immediately while the rest of the class had lunch. On the second try, he passed with a The only other person who failed an exam in my class was me. We began the material for the new elective, Designing a Migration Strategy, on the afternoon of day I was exhausted.
The course material made sense, but I was having trouble paying attention. I studied late into the evening of day 14, and hit a mental wall on day In fact, I was having trouble staying focused during the morning discussion. I knew when we broke for lunch that I did not truly understand the material because I was too tired. As it turned out, I flunked the exam as everyone else passed. I took the exam again the next day, and barely flunked it again. The reason was simple: exhaustion and mental fatigue had set in.
I waited Microsoft's two-week retake period, studied for less than one hour, and got a decent passing score. I knew the material; I had just burned out. I knew that I was not getting the new concepts that we were covering in class for the Designing a Migration Strategy test that we were scheduled to take later that day. So, I reverted to my original plan. As it turned out, I passed the exam with no problem. I never studied for it. I opted to take it based simply on my NT 4. After a little rest and Microsoft's two-week wait period, I also passed the Before the bootcamp, one of the major concerns I had was if I would learn enough to teach the W2K courses.
As a trainer, I was able to see the complete picture of the MCSE track, not just a snapshot here and there. I can easily see the relationship of courses and technologies. Since I entered the IT world as a trainer several years ago, one of my philosophies has been not to teach a vendor's course until I understood the whole product line. The bootcamp format reinforced this philosophy. I feel that I left the bootcamp with a complete picture of the W2K operating system. With a normal amount of trainer preparation, I look forward to a busy schedule teaching W2K classes. The main strength of the bootcamp method was the way presentations zeroed in on tasks that were needed in the workplace; skills and concepts needed for the exam while bypassing irrelevant, non-essential ideas.
The thing that I found interesting was that the instructor had to be thoroughly versed in all aspects of the W2K product to successfully present a bootcamp, and cannot be tied to the MOCs. If the MOCs are relied on, a day bootcamp would easily turn into a day nightmare. My class easily finished within the designed schedule. As a seasoned instructor, I was impressed.
- My Uncle Oswald?
- Ed Tittel, James Michael Stewart?
- Advances in Military Sociology: Essays in Honour of Charles C. Moskos;
Without a doubt, one of the best features of this bootcamp was the quality of instruction. It was superb. Over the day bootcamp, I had very few low points. The main one was failing the exam. Bootcamps are intense, exhausting, demanding, and draining. The other downside to my bootcamp experience was the nature of Microsoft's exams. We took three design exams over the last four days of the bootcamp.
We were ready for them. But as you all probably know, the design exams are reading comprehension exams. All of the concepts come from the administration and implementation courses. Fatigue definitely set in. But those last three were tough. If you can get past those issues, it is a great experience. I wish that we had had a one-day break during the 16 days somewhere around day I think with just a little bit of time away from the classroom, the last few days would not have seemed so overwhelming to me. Was the Bootcamp Everything that Was Advertised?
What Is the Overall Bottom Line? To answer this question, I'd like to share some comments that my classmates made while we were on break as we were approaching the end of the bootcamp. One of my classmates said that he had a chance to go to another less-expensive bootcamp. When asked if he would change his mind and opt for the cheaper training, he said "No. Another classmate wanted to know when a CCNA bootcamp was scheduled. Another classmate told us that around day 10 the bootcamp seemed like it would never end. Now that it was almost over, and everyone was one test away, she was very satisfied.
With the proper background, the bootcamp was worth the price and worth the work. I found out why IT professionals are flocking to bootcamps to complete the W2K certification requirements. It is not the best learning mode for everyone, but it worked for me. It seems funny to me to pay someone to work me to exhaustion.