Pdf on mcse notes

Fast growing certification gains in popularity. This exam also serves as an elective for MCP status and other certifications. Best selling author with over , copies in print. Tom Shinder's books have over , copies in print and he's a regular speaker at the security industry's leading Black Hat Briefings.

First in-depth security exam from Microsoft. As Microsoft certification guru Ed Tittell points out, "this is the first real, nuts-and-bolts security exam in the MCP line-up.

This exam is the first MCP test to really dig into some of the most important details involved in locking down Windows systems and networks in the first place, and to step systematically through the processes involved in keeping Windows networks and systems secured thereafter.

So our low-priced study package delivers unsurpassed value for cost-conscious IT departments and trainees. In June, Microsoft will launch beta exams for the Windows Server certification line. Exams will likely go live the following August and September. The launch of this new certification track means that all current MCSEs, representing an installed base of approximately , source: MCP Magazine will need to recertify under Windows Server Many industry experts expect the Windows certification, and product line as well, to be a more popular track since many organziations are still using NT and plan to skip and go directly to Useful when we have to perform shorter administrative tasks.

When there is conflict between two policies applied to the same object. Verification Move client machine log in as user, we have created in child OU. We should notice control panel. No override: It is an option available from group policy useful when we want to override all the policies implemented on the child objects.

Important group policies User configuration Administration templates Windows components Windows explorer. Under user configuration Administrative templates Expand system -Run only allowed windows applications -Do not run specified applications. Group policies are of two types. It is a process of spreading out the software required onto the client machines when a user starts the computer. Software deployment is possible only when the software is with. Software deployment is possible only with.

This is the product of Veritas Company. Phase — I Converting. Acrobat Click on the dotted tab Browse. Scans the system install acrobat changes made after installation. Conversion Process Phase —I before snap shot In this wininstall le scans the complete system and the register and checks for installed applications.

And takes the snap shot of the current condition of the OS. Note: Using these three phases the Microsoft software installer can trouble- shoot or deploy the software. It is useful when we have implemented mandatory profile for users as a result they cannot save anything on the desktop, unknowingly if they save, that saved desktop contents should be saved in another location we call it as folder redirection.

Users do not lose their data. Implementing folder redirection: On DC Create a roaming profile for a user And convert it into mandatory Note: create a new OU at first and create a user in that and make that user profile as mandatory. Create a folder Share it Every one full access. Verification: Move on to member server Log in as a user We should notice a welcome message. Backup: It is a process of protecting user data or system state data on to separate storage devices.

NT supported only one type of storage media, i. Back up utilities: The default backup utility provided by NT, , NTbackup utility Comes along with the OS. Provides minimum benefits could have optimum benefits. Backing up a folder: Create a folder in D drive and a file in that Start - run — ntbackup — click on advanced mode Back up Next Select 2nd option backup selected files.

Normal Check the box disables volume shadow copy Next — finish. Restoring the backed up folder: Start — run — ntbackup Advanced — restore — next Select the backed-up file — next — finish. Achieve Bit: It is a bit used by backup utility to know whether a file is backed up. It is used as a backup marker.

Copy backup: Copy backs up all selected folders but does not remove archive bit after backing up. Copy is used between normal backup and incremental backup.

Removes the archive bit after back up. After backup does not remove the archive bit. It backs up all the files changed since normal back up. Recommended backup strategy: 1. If we select incremental back up it is faster and restoration is slower. If we go with differential backup, backup is slow, but restoration is fast i. SSD is a data store if we want to backup complete AD we can back up system state data from backup utility.

Taking a back up of system state data: Start - run — ntbackup — click on advanced mode — backup — next Select 3rd one system state data — next — save in E drive - create a folder SSD in this folder create a file with filename.

Restoration There are two types of restoration Non-authoritative restore Authoritative restore. Restoration of system state data can be done either authoritative or non authoritative Non-authoritative restore is a normal restore useful when we have only one DC in the network.

It does not increment the USN values of the objects after restoration. It uses older USN values only. Authoritative restore: This is useful when we want to restore a specific object or specific object by incrementing the USN value. When we want to perform authoritative restore, we have to restart the system in directory services restore mode DSRM by pressing F8.

While booting and selecting DSRM. Going to backup utility we can restore system state data on completion of the restoration system prompt us to restart the system. Tombstone: It is an object deleted from AD but not removed. It remains in the AD for 90 days. There are two versions in IP 1. Version 4. Version 6. Which are not changeable. DHCP: useful for extremely larger networks where we want to centralize the I. Case2: Useful for smaller networks where there are no administrators or administrator may not be comfortable with assigning IPs.

If the client machine is restarted again the DHCP lease process takes place and again the client gets an IP for 8 days. Group of scopes is called as super scope. Note: when we have multiple scopes only one scope can be active in order to enable all the scopes we have to merge all the scopes with super scope.

Creating super scope Requires multiple scopes Create 2 scopes. Right click on server Say new super scope Specify the super scope name Select 2 scopes by holding ctrl key Next — finish. Address Pool: gives the range of IP addresses we have specified Address leases: specifies the client names and the IP addresses assigned Reservations: useful when we want to dedicate a particular IP to a particular system. Ex: managerial systems, important clients.

Scope options: Using scope options we can specify the other servers addresses available in the network. So that the DHCP server maintains information about all other servers and provides it to the client machines along with the I. For NT — 66servers addresses - for - Server options: Useful when we have multiple scopes and provide information to all the scopes. Where as scope options are limited only to that scope.

Resolver: It is a file which will contain the mapping information of the clients. System name and its IP address. NetBIOS names are the names without extensions. Supports all type of OS. Issues queries that ask for specific types of mapping of computers and IP addresses records Query types determine behavior of DNS server receiving query. Lookup types determine whether a name to IP mapping or an IP to name mapping is sought. Recursive Queries: When a client start a query, query is passed onto local DNS for resolution if a query cannot find the solution then the DNS on behalf of client forwards the query to another DNS, And to another DNS and so on until it finds the mapping information or an answer.

If the DNS cannot resolve it sends a negative response to the client, then the client has to contact another DNS and so on. Zone: Zone is a subtree of DNS database.

Forward Look up zone: Contains host record, which contain host names to IP, address mapping information. Records: It is a database which contains information about the zone There are a few types of records. Right click on the zone you have created - new host — specify the servers address —and IP Add host - ok - done. Right click on zone — new alias Specify www. Right click on the R-L zone New zone — next - zone type - next — specify the IP address — zone file — next — allow both — next — finish.

Right click on reverse lookup zone. New- pointer — specify IP Browse host record — ok. Secondary Zone: There are created on the second DNS server where it holds a read only copy of the zone. Secondary zones provide fall tolerance and load balancing to the primary zone. Secondary zone is a back up for primary zone.

Zone transfer: Zone transfer is a process of transferring the zone from primary to secondary or secondary to primary. Zone transfers occur when there is a change or modification taken place on either of the zones. AD integrated zones: These are useful when we want to maintain zone information in the AD. If it is a primary zone, zone is saved as a normal text file as a result we have to back p the zone separately, AD integrated zone is created when we install AD with a domain name.

Stub zones are useful for resolving the query faster. On DC Create a primary zone with a host record ex: hp. There are a few types of resource records. These are useful for locating the services. There are totally 6 service records created when we install AD. They are located in DNS under domain subtree. When we install AD, system automatically creates an AD integrated zone with the corresponding domain name.

Provides DNS information in entire forest. Move onto member server refresh the zone This process is we call as safe zone transfer. For accessing C drive through command prompt. Create secondary zone for dc zone. Open DNS right click on the zone properties Type of zone secondary If we want to change click on change. Dynamic updates take place when there is a modification or change done at the client or when we have DHCP server. DNS gets updated as and when what all the hosts come online get their names registered with DNS server.

Disable recursion: By default this is disabled i. BIND version 4. Faster zone transfer is possible by transferring multiple zones at a time besides compression.

If the secondary zone comes across stale records or unwanted records the zone will not be loaded if we check this box. Secure cache against pollution: By default the cache DNS information is secured against pollution. Once configured as root sever disable forwarders and root hints.

Root servers zone name is always represented by a dot. Next - zone file — allow both-Next — finish. Security: We can add sub administrator for administrator and set permission on these administrators. Monitoring: used for troubleshooting DNS. Debug Logging: to assist with debugging we can record the packets sent and received by the DNS server to a log file. Debug logging is disabled by default. Verification: Go to command prompt. Win I. Details Select F. Services Ok — next. Right click on the.

Virtual Directory: These are useful for creating child websites or links Ex: mail servers, chat servers, advertisement servers etc…. Browse WebPages folder Check the box browse - next — finish. Redirection is useful in various cases. Case1: renaming of the website where users are unaware of the change. Case2: when the website is under construction Case3: when the website hosting server is unavailable, we go for redirection.

Create 2 websites Select web content create 2 websites Select web content Create 2 zones with host records corresponding Open I. Useful for publishing advertisements in a particular websites and seen as a footer for the website Open I. Right click on the website Properties Documents Check the box enable documents footer Browse webpages folder Select any. It is a new feature in We can backup and restore websites. Open I. Right click on the websites Select website from file Browse the backup file we have saved Click on read file Select the site name — ok.

Get Type the filename to be downloaded Type the filename to be saved as same file name. Turning off interactive mode: prompt system does not prompt for conformation while downloading multiple files.

When we want to secure the ftp contents or when we want ftp users to have their own folders with ftp site we use isolating users. Zoom, India. Verification: On Member server Open I. Security Groups: These are used for setting permissions on the objects printer, data it can also be used as a distribution groups. This can also be used for maintaining distribution list. Group scope: identifies the extent of the group within in a domain or a forest.

UG: used for or organizing the users, groups from more than one domain. By default UGs are not available because the O. In order to enable UGs. Select windows native raise. Software router: A server with 2 NICs called software router.

NAT enables one way communication. Verification: On private network Go to command prompt Ping public network It should ping Move on to public network Ping private network It should not ping. Dynamic: It requires dynamic routing protocols there are a few dynamic routing protocols. Dynamic routing enables a router could prepare dynamically automatically on its own.

On command prompt Type root print. Network destination: destination of the packet reached Net mask: subnet mask of the system. It is a protocol responsible for listening to the client request for assigning an IP to the clients dynamically on behalf of DHCP server from the other network. Does not support routing. Suitable for larger networks. It is a routable protocol. IP — supported by many OS. It is a routable and robust ever changing protocol. Using public network for private use we call it as VPN.

Terminal Services: Terminal Server is a server used for centralizing the management of applications. It provides remote administration for administrators.

It is used when a company cannot upgrade their client machines, hardware infrastructure. During the session the terminal server uses the protocol called RDP. Only the mouse clicks and key stokes are sent to the TS.

If we want to configure T. Application mode offers remote administration as well as applications. In win we can install T. Fully Relaxed mode: Provides access to registry and other system resources useful when the security is not criteria or for performing remote administration. By default when we install T. It is a free license provided by T.

License manager: responsible for maintaining the T. When a T. Licensing mode: There are 2 modes 1. Domain Licensing mode 2. Enterprise licensing mode. NOTE: T. Only one T. Session on both T. Remote control: R. Remote Control: To have remote control of the user, an administrator has to login to the TS and only through the TS he can take the remote control of the user.

Login as administrator In terminal session Start — p — admin tools Open terminal services manager Right click on user — remote control Select the release keys ex. Notepad, cmd, etc.

ISA Internet Security Accelerator It is useful to speedup internet access and to protect private network from public network. Software firewall: ISA server Checkpoint Smooth wall Firewall: a firewall protects networked computers from international hostile intrusions. Foot printing 2. Scanning 3. Dos attack denial of service 4. Exploits ex. Cgi scripts, perl scripts etc. Trojan horses ex: netbus, bo2k 6. Port scanner. Foot printing: the art of gathering the complete security profiles of an organization or a target computer.

By using a combination of tools and techniques the hacker can take up the system and determine its IP address and domain names. Scanning: Scanning the system for bugs and loopholes in OS. DOS attack: Denial of service attack which is an attempt to get the service or the server down by overflowing the buffer.

Win spoof a7, my spoof. Exploits: Exploits are usually bugs in applications or OS which can be exploited by using a piece of code often referred as scripts. Ex: CGI scripts, perl scripts etc.. Trojan Horses: Trojan horses are a program that pretends to be a useful tool but actually installs malicious or damaging software.

Trojan Horses can be used to take over the remote system sending viruses to steal the data. Netbus, Bo2k. Port scanner: Scanning the port to get into the application ex: port scanner, etc. ISA can be configured as firewall or proxy server.

Packets are allowed or dropped through the device depending on the access control list. If it is configured as proxy it acts like a web server Application gateway: ex: proxy server.

Packets are allowed based on type of application and IP address. Application level gateways can also be used to log user activity and logins. Server deployment stand-alone only multiple servers with centralized management. IP: Cache mode: select this option if security is not the criteria as it is used for accelerating the access speed of websites by the private network users. Firewall: useful if we want to configure ISA as firewall, which protects the private network from public network. With the help of some protocol rules and policy elements we can set the security.

We can also control the type of traffic to be allowed in or allowed-out. Expand policy elements Right click on client address set New — set name of the set — ex. Sales Add the range of available IP adds. Including ISA — ok. Creating a destination set: Expand policy elements Right click on destination set New set - specify the destination Website name — click on add — specify the destination name Which site we want to block — Ok.

Verification: Move on to private network Try to access yahoo. Verification: Move onto private network Typing the source website we should find the redirected website. Yahoo redirected to google. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website. MCSE Tutorial.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. Manage consent. Close Privacy Overview This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website.

These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies.