Microsoft Certification, Exam MCSE 70-299, Microsoft Mcitp Certification

Although not a prerequisite, it is recommended that CompTIA Network+ candidates have at least nine months of experience in network support or administration or academic training, along with a CompTIA A+ certification.

To receive accreditation, participants need to go through one of three training programs: Field Service, Help Desk or Diagnostic Troubleshooting. Each training program is provided by an approved vendor.

Wade Lindenberger is a CPA with 20 years of financial, accounting, and management

experience in public accounting and private industry. He is currently director of the corporate governance service line for RoseRyan, Inc., a regional professional services firm. Prior to that, Wade was director of the finance and accounting service line for the San Diego office of a global, publicly held professional services firm.

Before becoming a consultant, Wade was divisional controller for one of the leading health and fitness club chains in the world. He's also been internal audit manager and divisional controller for a division of a Fortune 500 global energy project management company. He began his career with Coopers & Lybrand, one of the "big four" CPA firms.

Wade is the author of the Certified Bookkeeper Online Training Program as well as an instructor for it. He's previously served as an instructor for programs at Coopers & Lybrand and, more recently, at the University of California at San Diego for the Extension Program. He is a member of the American Institute of Certified Bookkeepers' Advisory Board, the American Institute of CPAs, and the California Society of CPAs.

a is proprietor of MJ Phillips Company. For over 12 years, Marlissa has serviced many small businesses in various industries. She partners with her clients to help them reach their goals. Her firm has also launched Heart2Heart Services. This service focuses on the needs and concerns of nonprofit organizations. Heart2Heart combines stewardship and mission. Marlissa provides training to clients as well as accounting professionals. Her Web site, www.mjphillipscpa.com, has a host of accounting, tax, and QuickBooks information.

Marlissa graduated from the University of West Georgia with a B.B.A. in finance. She received an M.B.A. in accounting from DePaul University. Marlissa is a member of the Intuit Accounting Professionals Trainer Network and is an instructor for CPELink.com.

No comments

Removing a GPO Link

Removing a GPO link simply unlinks the GPO from the specified site, domain, or OU. The GPO remains in Active Directory until it is deleted.

To remove a GPO link, complete the following steps:

1.      Open the Active Directory Users And Computers console to unlink a GPO from a

domain or OU, or open the Active Directory Sites And Services console to unlink

a GPO from a site.

2.      In the console, right-click the site, domain, or OU from which the GPO should be

unlinked. Click Properties, and then click the Group Policy tab.

3.      In the Properties dialog box for the object, in the Group Policy tab, select the GPO

that you want to unlink, and then click Delete.

4.      In the Delete dialog box, shown in Figure 10-20, click Remove The Link From The

List. The GPO remains in Active Directory but is no longer linked.

Deleting a GPO

If you delete a GPO, it is removed from Active Directory, and any sites, domains, or OUs to which it is linked are no longer affected by it. You might wish to take the less drastic step of removing the GPO link, which disassociates the GPO from its OU but leaves the GPO intact in Active Directory.

To delete a GPO, complete the following steps:

1.      Open the Active Directory Users And Computers console to delete a GPO from a

domain or OU, or open the Active Directory Sites And Services console to delete

a GPO from a site.

2.      In the console, right-click the site, domain, or OU from which the GPO should be

deleted. Click Properties, and then click the Group Policy tab.

3.      In the Properties dialog box for the object, in the Group Policy tab, select the GPO

that you want to delete, and then click Delete.

4.      In the Delete dialog box, click Remove The Link And Delete The Group Policy

Object Permanently, and then click OK. The GPO is removed from Active Directory.

Editing a GPO and GPO Settings

To edit a GPO or its settings, follow the procedures outlined earlier in this lesson for creating a GPO and for specifying Group Policy settings.

No comments

Be able to determine how Group Policy settings should be arranged into GPOs based on the needs and requirements of an organization.

Figure 10-8 illustrates these GPO types.

Because sites and domains are the least restrictive components of Active Directory, it isn't too difficult to plan site and domain GPOs. Just remember that site and domain GPOs are applied to all child objects as a result of Group Policy inheritance, unless Block Policy Inheritance has been set for the child object. The real challenge is determining the OU GPOs. To determine the OU GPOs, you must consider the OLJ hierarchy set up for the domain. In Chapter 6, "Implementing an OU Structure," you learned that there are three reasons for defining an OU: to delegate administration, to hide objects, and to administer Group Policy. You were advised that because there is only one way to delegate administration and there are multiple ways to administer Group Policy, you must define OU structures to delegate administration first. Recall that the OU hierarchy structure can reflect administration handled by location, business function, object type, or a combination of the three elements. After an OU structure is defined to handle delegation of administration, you can define additional OUs to hide objects and to administer Group Policy. So, if you've defined your OU structure to accurately reflect how your domain is administered, the next step is to determine which Group Policy settings must be applied to which users and computers in each OU. Basically, you can build GPOs by using a decentralized or a centralized design.

With a decentralized GPO approach (see Figure 10-9), the goal is to include a specific policy setting in as few GPOs as possible. When a change is required, only one (or a few) GPO(s) have to be changed to enforce the change. Administration is simplified at the expense of a somewhat longer logon time (due to multiple GPO processing).

To achieve this goal, create a base GPO to be applied to the domain that contains policy settings for as many users and computers in the domain as possible. For example, the base GPO could contain corporate-wide security settings such as account and password restrictions. Next, create additional GPOs tailored to the common requirements of each OU, and apply them to the appropriate OUs.

This model is best suited for environments in which different groups in the organization have common security concerns and changes to Group Policy are frequent.

No comments

Logon scripts on a shared network directory in another forest are supported for net-work logon across forests. This is a new feature of the Windows Server 2003 family.

The Security Settings node allows a security administrator to manually configure security levels assigned to a local or nonlocal GPO. This can he done after, or instead of, using a security template to set system security. For a detailed discussion of system security and the Security Settings node, refer to Chapter 13, "Administering Security with Group Policy."

In the User Configuration node only, the Windows Settings folder contains the additional nodes Remote Installation Services, Folder Redirection, and Internet Explorer Maintenance. Remote Installation Services (RIS) is used to control the behavior of a remote operating system installation. Optionally, RIS can be used to provide customized packages for non-Windows Server 2003 clients of Active Directory. (Group Policy requires a genuine Windows 2000 or Windows Server 2003 client, not merely a pre-Windows 2000 client of Active Directory, however.) Folder Redirection allows you to redirect Windows Server 2003 special folders (Application Data, Desktop, My Documents, and Start Menu) from their default user profile location to an alternate location on the network, where they can be centrally managed. For details on folder redirection, refer to Chapter 11, "Administering Group Policy." Internet Explorer Maintenance allows you to administer and customize Microsoft Internet Explorer on computers running Windows Server 2003.

Administrative templates view filtering does not affect whether the settings apply to users or computers. Do not confuse this feature with the procedure for filtering GPO scope according to security group membership.

To filter the view provided by administrative templates, complete the following steps:

1.      Open the Group Policy Object Editor, and in the console tree, right-click the folder

under Administrative Templates that contains the policy settings you want to filter.

Click View, and then click Filtering.

2.      In the Filtering dialog box, shown in Figure 10-5, do any of the following to filter

the settings you can view:

Q   If you want to remove any types of settings from the GPO display, select the Filter By Requirements Information check box, and then in the Select TheItems To Be Displayed list, clear any categories you do not want to see. By default, all types of settings are selected (that is, are displayed).

If you want to hide settings that are not configured, select the Only Show Configured Policy Settings check box. If you select this check box, only Enabled or Disabled settings are visible.

If you want to hide Windows NT 4—style system policy settings, select the Only Show Policy Settings That Can Be Fully Managed check box. Microsoft recommends selecting this check box, and it is selected by default.

No comments

1.      Vamsi is a fairly new administrator. Ben is willing to help Vamsi manage the

West_Site. What should you do to ensure that Ben can fully assist Vamsi?

Delegate the necessary administrative permissions to Ben for the West OU. You probably want Ben to have the same access as Vamsi.

2.      Wei tells you that Dragan delegated control of the Operations OU to Candy Spoon

from the Contractors OU. Candy 'was helping manage the Operations OU while

Zheng was on vacation. Candy is no longer helping with the Operations OU.

Zheng and Wei want you to return Candy's access to that of a normal user. What

should you do?

In order to remove the delegated rights that Dragan implemented for Candy's account, you must modify the DACL of the Operations OU. Remove the special permissions assigned to Candy. You can probably do this by simply removing her account from the DACL. Candy will still have normal user access to the Operations OU, but she would get that access through her group memberships.

3.      You've given Michael Full Control permissions to the South OU. Now he wants to

allow his assistant to reset users' passwords in the South_Site. What should he do?

Michael doesn't have the ability to delegate any permissions at the site level, but he can delegate the specific permission to reset passwords on the South OU. He can use the Delegation Of Control Wizard to accomplish this task.

4.      You want Jim, Vamsi, Michael, and Don to be able to log on to and shut down the

domain controllers at their respective locations. However, right now when they try

to log on to the domain controllers, they receive a message that reads: "The local

policy of this system does not permit you to log on interactively." What should

you do?

Normal users do not have the right to log on to a domain controller. This right is available only to Account Operators, Administrators, Backup Operators, Print Operators, and Server Operators. The right to shut down the system is available only to Administrators, Backup Operators, Print Operators, and Administrators. Therefore, you can either make Jim, Vamsi, Michael, and Don members of one of these groups or specifically grant them the right to access these computers through the Default Domain Controllers Policy in Group Policy.

No comments

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson and then try the question again. Answers to the questions can be found in the "Questions and Answers" section at the end of this chapter.

1. What is a security principal?

2. You are trying to assign permissions to an object in its Properties dialog box, but you cannot find the Security tab. How can you fix this problem?

3. The permissions check boxes for a security principal are shaded. What does this indicate?

4. What are effective permissions?

5. User X is a member of the Sales group and the Marketing group. The Sales group has Write permission for the Accounts shared folder. The Marketing group has Full Control permission for the Accounts shared folder. User X alone has Read permission for the Accounts shared folder. Which of the following permissions does User X have for the Accounts shared folder?

a.      Write permission only

b.      Read permission only

c.      Read and Write permissions only

d.      Full Control permission only

e.      All permissions

Lesson Summary

•       To control access to Active Directory objects, you grant or deny permissions to

security principals. You set permissions to either Allow or Deny. Deny permissions take precedence over all other permissions.

•       When an object is created, the user creating it automatically becomes its owner.

The owner controls how permissions are set on the object and to whom permissions are granted.

•       You can set selective authentication differently for outgoing and incoming external

and forest trusts. These selective trusts allow you to make flexible access control

decisions between external domains and forest-wide.

•       When you assign a permission to a security principal for access to an object and

that security principal is a member of a group to which you assigned a different

permission, the security principal's permissions are the combination of the

assigned security principal and group permissions.

•       Permissions assigned through inheritance are propagated to a child object from a

parent object. Effective permissions are the overall permissions that a security

principal has for an object, including group membership and inheritance from parent objects.

No comments

Tip The information displayed in the Effective Permissions tab is read-only. Therefore, you cannot change a user's permissions by selecting or clearing permission check boxes in this tab.

The fotowing b*C &&WS to* pwmiwioro !h* wouti fan granted la tha sahetod tfwip or my. bwed selB|)

[§33

D Full Control D List Contorts D Read All Properties E3 Write All Properties D Delete O Delete Subtree D Read Permissions Q Modify Permissions n Modily Owner Q All Validated Writes D All Extended Rights

iftabout how aftetiiva Mrmissiora ate dBtetmrned.

Figure 9-10   Advanced Security Settings dialog box, Effective Permissions tab Best Practices for Assigning Permissions

The following are the best practices for assigning permissions:

•       Because it is inefficient to maintain user accounts directly, you should assign per¬

missions to groups rather than to users.

•       Deny permissions sparingly. You should deny permissions only when it is necessary to exclude a subset of a group that has allowed permissions, or to exclude

one special permission when you have already granted full control to a user or

group. If you assign permissions correctly, you should not need to deny permissions. In most cases, denied permissions indicate mistakes that were made in assigning group membership.

•       Set permissions to be inheritable to child objects.

•       Assign Full Control permission, if appropriate, rather than individual permissions.

Caution    Always ensure that all objects have at least one user with the Full Control permission. Failure to do so might result in some objects being inaccessible to the person using the Active Directory Users And Computers console, even an administrator, unless object owner-ship is changed.

No comments

1.      On Serverl, use the procedure provided earlier in this lesson to find users in the

West OU with the first name of User. What is the result?

In the Find Users, Contacts, And Groups dialog box, Windows Server 2003 displays the User Eleven, User Thirteen, User Fifteen, User Seventeen, and User Nineteen accounts. Results might vary on your system if additional users have been created.

2.      On Serverl, use the procedure provided earlier in this lesson to find users in the

contoso.com domain with the first name of User. What is the result?

In the Find Users, Contacts, And Groups dialog box, Windows Server 2003 displays the User Eleven, User Thirteen, User Fifteen, User Seventeen, and User Nineteen accounts, plus the User One, User Three, User Five, User Seven, and User Nine accounts you added in Chapter 7. Results might vary on your system if additional users have been created.

3.      Use the procedure provided earlier in this lesson to find users in the contoso.com

domain with the telephone number beginning with 555. What is the result?

In the Find Users, Contacts, And Groups dialog box, Windows Server 2003 displays the User Eleven account for which you typed a telephone number of 555-1234. Results might vary on your system if additional users have been created.

No comments

The Run As program allows a user to run specific tools and programs with permissions other than those provided by the account with which the user is currently logged on. Therefore, you can use the Run As program to run administrative tools with either local or domain administrator rights and permissions while logged on as a normal user. The Run As program can be used to start any program, Microsoft Management Console (MMC) tool, or Control Panel item, as long as

•       You provide the appropriate user account and password information

•       The user account has the ability to log on to the computer

•       The program, MMC tool, or Control Panel item is available on the system and to

the user account

The Run As program is usually used to run programs as an administrator, although it is not limited to administrator accounts. Any user with multiple accounts can use Run As to run a program, MMC tool, or Control Panel item with alternate credentials. The Run As program can be invoked on the desktop or by using the Runas command.

To invoke the Run As program from the desktop, complete the following steps:

1.      In Windows Explorer, or on the Start menu, right-click the program, MMC tool, or

Control Panel item you want to open, and then click Run As.

2.      In the Run As dialog box, shown in Figure 8-7, click The Following User.

3. Type the user name and password of the account you "want to use in the User Name and Password boxes, respectively. Click OK.

If you attempt to start a program, MMC tool, or Control Panel item from a network location using the Run As program, it might fail if the credentials used to connect to the network share are different from the credentials used to start the program. The credentials used to run the program might not be able to gain access to the same network share. If the Run As program fails, the Secondary Logon service might not be running. You can set the Secondary Logon service to start automatically "when the system starts using the Secondary Logon Service option in the Services console.

You can also set a property on shortcuts to programs and MMC tools so that you are always prompted for alternate credentials when you use the shortcut. To set the property, right-click the shortcut, click Properties, click Advanced in the Shortcut tab, and then select the Run With Different Credentials check box in the Advanced Properties dialog box. When you start the shortcut, the Run As dialog box appears, prompting you for the alternate user name, password, and domain as described previously.

Using the Runas Command

Note To complete this practice, you must have successfully completed the practices in Chapter 6, "Implementing an OU Structure," and Chapter 7, "Administering User Accounts."

1.      Log on to Serverl as User9.

2.      On Serverl, use the procedure provided earlier in this lesson to use Run As to start

Active Directory Users And Computers as the Administrator for the contoso.com

domain. Use the Administrator password. (Hint: You can access Active Directory

Users And Computers from Control Panel.)

3. Verify that you can now use Active Directory Users And Computers as a domain administrator by attempting to add a new user to the Chicago OIL If you can add a new user, you are successfully running Active Directory Users And Computers as Administrator while logged on as User9.

No comments

With many online resources for preparing for the 70-299 Exam, you will notice when you read the below information that Pass-Guaranteed is your premier source for your 70-299 exam. With our 70-299 practice tests with explanations, no other vendor will be able to compare to Pass-Guaranteed for quality 70-299 study guides.

70-299 Downloadable, Printable Exams (in PDF format):

Our Exam 70-299 Preparation Material provides you everything you will need to take your 70-299 Exam. The 70-299 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, logical and verified explanations for the answers.

Exam 70-299 Practice Test with Full Explanations Includes:

• Comprehensive Practice Test Questions with Full Explanations
• Detailed Explanations of all the questions
• Practice Test Questions accompanied by exhibits
• Verified Answers Researched by Industry Experts
• Drag and Drop questions as experienced in the Actual Exams
• Practice Test Questions with Explanations updated on regular basis
• Our Practice Test Questions with Explanations are backed by our 100% MONEY BACK GUARANTEE.
• Like actual certification exams, our Practice Tests with Explanations are in multiple-choice (MCQs)

Our 70-299 Exam will provide you with exam questions and explanations with verified answers that reflect the actual exam. These questions and answer explanations provide you with the experience of taking the actual test. Our 70-299 Exam is not just questions and answers. They are your access to high technical expertise and accelerated learning capacity. Our questions have detailed explanations for every answer and thus ensures that you fully understand the questions and the concept behind the questions. Certification Experts, Certified Computer Trainers, Technical Coworker and Comprehensive Language Masters, who have a solid, verified and certified background and high technical expertise, have compiled these detailed explanations. Pass-Guaranteed’s practice tests will make you feel like you are taking an actual exam at a Prometric or VUE center.

We are constantly updating our Exam 70-299. These 70-299 Exam updates are supplied free of charge to Pass-Guaranteed customers- hereby becoming an investment rather than a disposable product. Our clients receive the most reliable and up-to-date information when they decide to take the 70-299 exam. Like actual certification exams our 70-299 Exam is in multiple-choice format (MCQs). After purchasing our 70-299 practice test with explanations, you are just a step away from being certified. Still not convinced? Try our free samples or choose to buy your 70-299 Practice Exam now!

No comments