291 Study Bullet Points
Mishra
Member Posts: 2,468 ■■■■□□□□□□
Okay I'm reading some material and will post some of their bullet points they list that to help me study and maybe help you in your studies as well.
* If you want a computer to talk to the subnet it is currently in but not talk to any other subnets, don't give it a default gateway
* If you are using RRAS, make sure that the NIC connected to the subnet that does not have the DHCP server is configured as the DHCP Relay Agent
* Don't forget you can use "pathping IP address or DNS address" to trace packets and get reports at each destination.
* MBSA is the Microsoft Baseline Security Analyzer and will scan your computer for security defects.
* Automatic Updates is not installed on a 2003 server by default. You must install the right service packs or the AU client.
* To uninstall a windows update, you need to run spuninst in the windows\$ntuninstall\spuninst
directory.
* You should normally try to use the RunAs command instead of logging into the machine as an administrator. 2 ways you can use runas, hold down shift and right click a program. RunAs should appear. Or you can open a command prompt and type "runas".
* Run the status of computer report in WSUS to see if computers in the domain have all approved updates
* Use the "Automatically download the updates, and install them on the schedule that I specify" option in automatic updates if you have laptop users who shut their laptops off during times.
* If you have a proxy server for internet access, make sure you configure the proxy settings on the WSUS admin page with the correct proxy.
* Run wuauclt /detectnow options to get new updates from a WSUS client
* Use IPSec Monitor to verify users are connecting to your servers with encryption
* Only use the specific languages that you need when synchronizing updates.
* You can't change a subnet mask on a DHCP scope without deleting it. It has to be re-created if you are trying to change the subnet mask.
* Routers have "dhcp helper addresses" which store the IP address or DNS name of your DHCP server and will allow DHCP resolution over broadcast domains. Remember, DHCP talks over broadcasts and a broadcast domain (usually a router) blocks broadcasts from talking between subnets.
* A DHCP reservation is when you want to map an IP address directly to a computer by matching the MAC address of the client computer to the setting you put in the DHCP server. An exclusion only disables the IP address(es) listed from being used by the DHCP server. This is usually used when you have a computer configured with a static IP in the middle of a DHCP range.
* You do not have to include the dashes in the MAC address when assigning a reservation. 0009d5a6b1b6
* To restore a DHCP server at its most simple description, restore the database to your server. Use the DHCP console to restore the backup from the folder which the database resides. Then at the command prompt type "net start dhcpserver" and then authorize the DHCP server. You can also stop your first DHCP server, copy the database over to your second DHCP server, then start the service, authorize and activate the DHCP scopes.
* FSMO - there needs to be only 1 PDC emulator per domain and it must be on a domain controller
* ICF - If you have an FTP server that needs to be protected from the internet, make sure you turn on ICF and select FTP Server check box on the services tab
* IIS - you can view log files to collect information about which users are accessing the web server via HTTPS and which users are experiencing failed HTTPS requests
* ISA - make sure that on the Public interface that you clear the "Register this connection's address in DNS"
* You can use network monitor to identify whether Server-A is receiving requests for resources through NETBIOS broadcast
* Network monitor does not capture packets for the whole network, it only captures packets for the server it is installed on.
* Use network monitor to figure out a DoS attack
* To ensure the impact of monitoring on a server is reduced and that all packets are captured, then use run Network Monitor in dedicated capture mode
* If a large number of packets are captured, make sure you increase the buffer and decrease the frame to reduce the size of captured data
* Configure a Trigger in Network Monitor to send notifications
* You can capture a users communication to a domain controller by monitoring all traffic between the DC and CP1 with a capture filter
* If you are running system monitor with Network Interface, bytes per second at a sample rate of 15 seconds and the log size is getting too large, then set the sample rate to 60 seconds
* If you are monitoring events that are associated with invalid logins, then use Errors Logon, Errors Access Permissions, Errors Granted Access
* Use system monitor to create a log of the DNS counter Dynamic updates/sec and Total queries/sec for DNS client traffic causing problems
* To monitor the successful incremental zone transfers, use XFR Success Received counter
* Remember creating an ADI zone and configuring the zone for Secure Dynamic Updates Only is ~Important~ and best practice!
* ADI DNS domain controllers can minimize WAN traffic
* Use the replmon tool to find out why DNS data is out of date
* One way to do a zone transfer is this:
1. New-DNS-Server setup a secondary zone for domain X
2. Add a NS records to New-DNS-Server for the X zone
3. on New-DNS-Server change the secondary zone to a primary zone for domain X
4. On Old-DNS-Server delete X zone
5. On Old-DNs-Server setup a secondary zone for domain X
*If you are configuring a complete DNS infrastructure which includes root zones, make sure to include all of the root DNS servers on each of your zoning DNS servers in your root hints configuration page.
*Round Robin enables DNS records that have multiple IP addresses mapped to one host to be able to evenly distribute the IP addresses in load balancing fashion.
* The following protocols encrypt data transmissions and authentication: EAP-TLS, MS-CHAPv2, MS-CHAP. Only encrypts authentication: CHAP.
* EAP-TLS = smart cards and certificates, MS-CHAPv2 = supports newer OS's and is mutual auth, MS-CHAPv1 = supports older OS's and is one way auth, CHAP = supports non-windows OS's, SPAP = shiva products, PAP = plaintext authentication
* You can use the MBSA to scan for WSUS/windows updates on a client machine
* If you want a computer to talk to the subnet it is currently in but not talk to any other subnets, don't give it a default gateway
* If you are using RRAS, make sure that the NIC connected to the subnet that does not have the DHCP server is configured as the DHCP Relay Agent
* Don't forget you can use "pathping IP address or DNS address" to trace packets and get reports at each destination.
* MBSA is the Microsoft Baseline Security Analyzer and will scan your computer for security defects.
* Automatic Updates is not installed on a 2003 server by default. You must install the right service packs or the AU client.
* To uninstall a windows update, you need to run spuninst in the windows\$ntuninstall\spuninst
directory.
* You should normally try to use the RunAs command instead of logging into the machine as an administrator. 2 ways you can use runas, hold down shift and right click a program. RunAs should appear. Or you can open a command prompt and type "runas".
* Run the status of computer report in WSUS to see if computers in the domain have all approved updates
* Use the "Automatically download the updates, and install them on the schedule that I specify" option in automatic updates if you have laptop users who shut their laptops off during times.
* If you have a proxy server for internet access, make sure you configure the proxy settings on the WSUS admin page with the correct proxy.
* Run wuauclt /detectnow options to get new updates from a WSUS client
* Use IPSec Monitor to verify users are connecting to your servers with encryption
* Only use the specific languages that you need when synchronizing updates.
* You can't change a subnet mask on a DHCP scope without deleting it. It has to be re-created if you are trying to change the subnet mask.
* Routers have "dhcp helper addresses" which store the IP address or DNS name of your DHCP server and will allow DHCP resolution over broadcast domains. Remember, DHCP talks over broadcasts and a broadcast domain (usually a router) blocks broadcasts from talking between subnets.
* A DHCP reservation is when you want to map an IP address directly to a computer by matching the MAC address of the client computer to the setting you put in the DHCP server. An exclusion only disables the IP address(es) listed from being used by the DHCP server. This is usually used when you have a computer configured with a static IP in the middle of a DHCP range.
* You do not have to include the dashes in the MAC address when assigning a reservation. 0009d5a6b1b6
* To restore a DHCP server at its most simple description, restore the database to your server. Use the DHCP console to restore the backup from the folder which the database resides. Then at the command prompt type "net start dhcpserver" and then authorize the DHCP server. You can also stop your first DHCP server, copy the database over to your second DHCP server, then start the service, authorize and activate the DHCP scopes.
* FSMO - there needs to be only 1 PDC emulator per domain and it must be on a domain controller
* ICF - If you have an FTP server that needs to be protected from the internet, make sure you turn on ICF and select FTP Server check box on the services tab
* IIS - you can view log files to collect information about which users are accessing the web server via HTTPS and which users are experiencing failed HTTPS requests
* ISA - make sure that on the Public interface that you clear the "Register this connection's address in DNS"
* You can use network monitor to identify whether Server-A is receiving requests for resources through NETBIOS broadcast
* Network monitor does not capture packets for the whole network, it only captures packets for the server it is installed on.
* Use network monitor to figure out a DoS attack
* To ensure the impact of monitoring on a server is reduced and that all packets are captured, then use run Network Monitor in dedicated capture mode
* If a large number of packets are captured, make sure you increase the buffer and decrease the frame to reduce the size of captured data
* Configure a Trigger in Network Monitor to send notifications
* You can capture a users communication to a domain controller by monitoring all traffic between the DC and CP1 with a capture filter
* If you are running system monitor with Network Interface, bytes per second at a sample rate of 15 seconds and the log size is getting too large, then set the sample rate to 60 seconds
* If you are monitoring events that are associated with invalid logins, then use Errors Logon, Errors Access Permissions, Errors Granted Access
* Use system monitor to create a log of the DNS counter Dynamic updates/sec and Total queries/sec for DNS client traffic causing problems
* To monitor the successful incremental zone transfers, use XFR Success Received counter
* Remember creating an ADI zone and configuring the zone for Secure Dynamic Updates Only is ~Important~ and best practice!
* ADI DNS domain controllers can minimize WAN traffic
* Use the replmon tool to find out why DNS data is out of date
* One way to do a zone transfer is this:
1. New-DNS-Server setup a secondary zone for domain X
2. Add a NS records to New-DNS-Server for the X zone
3. on New-DNS-Server change the secondary zone to a primary zone for domain X
4. On Old-DNS-Server delete X zone
5. On Old-DNs-Server setup a secondary zone for domain X
*If you are configuring a complete DNS infrastructure which includes root zones, make sure to include all of the root DNS servers on each of your zoning DNS servers in your root hints configuration page.
*Round Robin enables DNS records that have multiple IP addresses mapped to one host to be able to evenly distribute the IP addresses in load balancing fashion.
* The following protocols encrypt data transmissions and authentication: EAP-TLS, MS-CHAPv2, MS-CHAP. Only encrypts authentication: CHAP.
* EAP-TLS = smart cards and certificates, MS-CHAPv2 = supports newer OS's and is mutual auth, MS-CHAPv1 = supports older OS's and is one way auth, CHAP = supports non-windows OS's, SPAP = shiva products, PAP = plaintext authentication
* You can use the MBSA to scan for WSUS/windows updates on a client machine
Comments
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□*start > run (windows key + r) control netconnections
It probably won't be on the exam, but it's really slick. I've been surprised at how much I've used it. -
Revenue Member Posts: 130Hey thanks, Have my exam in a couple of hours :P Cheers for the quick revision.. gl
-
snadam Member Posts: 2,234 ■■■■□□□□□□thanks mishra, any extra info is well appreciated for this exam!**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security -
aoe Member Posts: 32 ■■□□□□□□□□Mishra wrote:
* Make sure and include the dashes in the MAC address when assigning a reservation. 00-00-00-00-00-00
My understanding is you do not need the dashes when assigning a MAC address a reservation.
Correct me if i'm wrong.
Thanks for all the other tips, i enjoy reading them.
Thanks. -
snadam Member Posts: 2,234 ■■■■□□□□□□dynamik wrote:*start > run (windows key + r) control netconnections
It probably won't be on the exam, but it's really slick. I've been surprised at how much I've used it.
To further strengthen Dynamik's point with the runas command, here is a list of all control panel commands. I keep this very handy, as users are locked out of the control panel in my environment.Control panel tool Command ----------------------------------------------------------------- Accessibility Options control access.cpl Add New Hardware control sysdm.cpl add new hardware Add/Remove Programs control appwiz.cpl Date/Time Properties control timedate.cpl Display Properties control desk.cpl FindFast control findfast.cpl Fonts Folder control fonts Internet Properties control inetcpl.cpl Joystick Properties control joy.cpl Keyboard Properties control main.cpl keyboard Microsoft Exchange control mlcfg32.cpl (or Windows Messaging) Microsoft Mail Post Office control wgpocpl.cpl Modem Properties control modem.cpl Mouse Properties control main.cpl Multimedia Properties control mmsys.cpl Network Properties control netcpl.cpl NOTE: In Windows NT 4.0, Network properties is Ncpa.cpl, not Netcpl.cpl Password Properties control password.cpl PC Card control main.cpl pc card (PCMCIA) Power Management (Windows 95) control main.cpl power Power Management (Windows 9[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_cool.gif[/IMG] control powercfg.cpl Printers Folder control printers Regional Settings control intl.cpl Scanners and Cameras control sticpl.cpl Sound Properties control mmsys.cpl sounds System Properties control sysdm.cpl
**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security -
Tyrant1919 Member Posts: 519 ■■■□□□□□□□aoe wrote:My understanding is you do not need the dashes when assigning a MAC address a reservation.
You are correct sir, you do not need them.A+/N+/S+/L+/Svr+
MCSA:03/08/12/16 MCSE:03s/EA08/Core Infra
CCNA -
Mishra Member Posts: 2,468 ■■■■□□□□□□aoe wrote:Mishra wrote:
* Make sure and include the dashes in the MAC address when assigning a reservation. 00-00-00-00-00-00
My understanding is you do not need the dashes when assigning a MAC address a reservation.
Correct me if i'm wrong.
Thanks for all the other tips, i enjoy reading them.
Thanks.
Sorry, wrote it down wrong. Thanks for the correction. -
1MeanAdmin Member Posts: 157Windows Key + "Pause" = Go To System Properties saved enormous amount of time for me
-
JayrodEF Member Posts: 111 ■□□□□□□□□□Just a note on RRAS since I just got done toying with it. As far as the DHCP relay agent goes, it doesn't necessarily have to be on the RRAS's interface facing the subnet that doesn't have a DHCP server. You can place an DHCP relay agent on any member server in the subnet that doesn' t have a DHCP server and point it to the correct server.
-
Mishra Member Posts: 2,468 ■■■■□□□□□□Here are some generalized study material I jotted down.
net session - view computer names and user names of users on a server to see open files and user sessions
netstat - used to display tcp/ip and port information
netsh - wide range of tasks, can configure tcp/ip, display configs, and stats.
netcap - captures network traffic (291 study bullet)
Resource Location Server
This option specifies a list of IP addresses for resource location servers, as defined in RFC 887, available to the client. When more than one server is assigned, the client interprets and uses the addresses in the specified order.
WINS lookup is used to look up names that cannot be resolved by DNS through the specific zone the lookup is configured on.WINS lookup has 2 specific types of resource records, the WINS resoucre record and the WINS-R resource record. Instead of putting static WINS entries on desktops, you can instead use the resource records to channel through your DNS infrastructure instead.
reference: http://technet2.microsoft.com/windowsserver/en/library/1a6e1172-3ad9-4f24-8ffe-763ecaf49c661033.mspx?mfr=true -
Goldmember Member Posts: 277Who knew the Beast would be so much fun!!! Yeah!!!CCNA, A+. MCP(70-270. 70-290), Dell SoftSkills
-
Krank Member Posts: 90 ■■□□□□□□□□This is my last source of information before the beast...
I sit for it in 10 minutes!!! -
snadam Member Posts: 2,234 ■■■■□□□□□□Krank wrote:This is my last source of information before the beast...
I sit for it in 10 minutes!!!
kill that mofo**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security -
techster79 Member Posts: 169 ■■■□□□□□□□midiman wrote:Windows Key + "Pause" = Go To System Properties saved enormous amount of time for me
Windows Key + E = opens my computer(explorer)
Windows Key + D = minimizes all windows and shows desktop
Windows Key + L = locks computer, very handy when you walk away from your desk oftenStudying for MCSE: Server Infrastructure (70-414 left) -
tonyflo04 Member Posts: 1 ■□□□□□□□□□techster79 wrote:Windows Key + D = minimizes all windows and shows desktop
Hi Y'all,
Just found this site...I am ol UNIX admin that switch to windows 4 years ago and am finally Sitting down to do my certs...especially now that I am going back in IT after a few year hiatus in the "non-sales account manager" role I had.
anywhoo
the Windows Key + M = minimizes all windows and shows desktop
works too."...God, my Brilliance is becoming a bit of a problem...Get back to me..."
-Dr. Perry Cox (Heres to a Scrubs 8th season) -
undomiel Member Posts: 2,818SuperKey + D and SuperKey + E are my two most favourite and most used windows shortcuts. With SuperKey + L a close step behind. SuperKey + R for run (works on Vista!) and SuperKey + F to do a search are fairly useful as well. A tip about the SuperKey + D -- when you use it to bring up the desktop if you hit it again it will restore all of the windows that it minimized to bring up the desktop. Not 100% I've seen it fail a few times but it is still a really handy trick. Especially if you want to quickly hide your techexams.net browsing when the boss walks by.
Oh and almost forgot, Ctrl - Shift - Esc for the Task Manager.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/ -
dynamik Banned Posts: 12,312 ■■■■■■■■■□undomiel wrote:Especially if you want to quickly hide your techexams.net browsing when the boss walks by.
www.workfriendly.net
Windows + break/pause is useful too -
pwjohnston Member Posts: 441Here are some study notes I have taken while studding with the MS Press book and Transcender.
Could you guys please review them for accuracy and add the ones that are not in the original document.
*DNS Servers that are authoritative for a zone should be listed on the Name Server tab of the properties sheet for the zone.
*Win2k3 supports the Automatic Recovery of these services:
-DNS Clients
-DHCP Servers
-Error Reporting Services
*User specific policies(GPO’s) do not apply to the entire computer only the users profile.
*netdiag is a command line diagnostic tool that can be used to test network connectivity.
*netdiag /test:kerberos – CMD line for testing Kerberos functionality.
*Routers are configured at the Scope level.
*1542 Compliant Router is a BootP forwarder.
*Steps to migrate DHCP
-Back up DHCP server database manually
-Stop DHCP service
-Disable DHCP Service
-Copy backup to DHCP2
-Restore DHCP Database
-Start DHCP service
*DHCP reservations require MAC address. If the hardware changes the MAC address in the reservation needs to change as well.
*While W2k and W2k3 AD networks can shut down rogue DHCP servers on W2k and W2k3 machines, they cannot shut down DHCP running on NT4 or earlier. Must be done manually.
*252 WPAD Reservation (Web Proxy Auto Detect) – Enables computer to discover the address of the local ISA server through auto discovery.
*MAC address contains 12 alphanumeric 0 – F Characters.
*An authoritative DNS server for a zone is a server that hosts a primary or secondary copy of that DNS zone.
*You should only delete a DHCP reservation if you plan on changing the IP Addy.
*DHCP Options:
-Server- option that should apply or be inherited by all scopes and clients of the DHCP server as defaults.
-Scope- option that should apply only to an applicable scope selected in DHCP console tree.
-Class- option if you have a mixture of DHCP clients with diverse needs
-Reservation- apply only to specific DHCP client.
+Can only be created in their own subnet scope.
*Reservation options override Class options
Class options override Scope options
Scope options override Server options.
*Automatic Metric Checkbox- allows TCP/IP to determine the routing metric based on the speed of the network adaptors. Interface w/ highest speed = lowest metric.
*Remote access policies are applied in order until a policy is found where all conditions are met. Once that policy is found the remaining policies are not checked.
*secedit.exe- is the command line version of Security Configuration and Analysis tool.
*gpresult.exe- command line version of the Resultant Set of Policy.
*Kerberos can only be used in and AD or Kerberos realm environment and cannot be used by a stand alone server.
*mbsacli.exe- command line version of Microsoft Baseline Security Analyzer.
*inconfig /setclassid – enables you to configure the user class.
I may have more to add later.