Windows Server 2008 Interview Questions

What are some of the new tools and features provided by Windows Server 2008?

Windows Server 2008 now provides a desktop environment similar to Microsoft Windows Vista and includes tools also found in Vista, such as the new backup snap-in and the BitLocker drive encryption feature. Windows Server 2008 also provides the new IIS7 web server and the Windows Deployment Service.

What are the different editions of Windows Server 2008?

The entry-level version of Windows Server 2008 is the Standard Edition. The Enterprise Edition provides a platform for large enterprisewide networks. The Datacenter Edition provides support for unlimited Hyper-V virtualization and advanced clustering services. The Web Edition is a scaled-down version of Windows Server 2008 intended for use as a dedicated web server. The Standard, Enterprise, and Datacenter Editions can be purchased with or without the Hyper-V virtualization technology.

What two hardware considerations should be an important part of the planning process for a Windows Server 2008 deployment?

Any server on which you will install Windows Server 2008 should have at least the minimum hardware requirement for running the network operating system. Server hardware should also be on the Windows Server 2008 Hardware Compatibility List to avoid the possibility of hardware and network operating system incompatibility.

What are the options for installing Windows Server 2008?

You can install Windows Server 2008 on a server not currently configured with NOS, or you can upgrade existing servers running Windows 2000 Server and Windows Server 2003.

How do you configure and manage a Windows Server 2008 core installation?

This stripped-down version of Windows Server 2008 is managed from the command line.

Which Control Panel tool enables you to automate the running of server utilities and other applications?

The Task Scheduler enables you to schedule the launching of tools such as Windows Backup and Disk Defragmenter.

What are some of the items that can be accessed via the System Properties dialog box?

You can access virtual memory settings and the Device Manager via the System Properties dialog box.

When a child domain is created in the domain tree, what type of trust relationship exists between the new child domain and the trees root domain?

Child domains and the root domain of a tree are assigned transitive trusts. This means that the root domain and child domain trust each other and allow resources in any domain in the tree to be accessed by users in any domain in the tree.

What is the primary function of domain controllers?

The primary function of domain controllers is to validate users to the network. However, domain controllers also provide the catalog of Active Directory objects to users on the network.

What are some of the other roles that a server running Windows Server 2008 could fill on the network?

A server running Windows Server 2008 can be configured as a domain controller, a file server, a print server, a web server, or an application server. Windows servers can also have roles and features that provide services such as DNS, DHCP, and Routing and Remote Access.

Which Windows Server 2008 tools make it easy to manage and configure a servers roles and features?

The Server Manager window enables you to view the roles and features installed on a server and also to quickly access the tools used to manage these various roles and features. The Server Manager can be used to add and remove roles and features as needed.

What Windows Server 2008 service is used to install client operating systems over the network?

Windows Deployment Services (WDS) enables you to install client and server operating systems over the network to any computer with a PXE-enabled network interface.

What domain services are necessary for you to deploy the Windows Deployment Services on your network?

Windows Deployment Services requires that a DHCP server and a DNS server be installed in the domain

How is WDS configured and managed on a server running Windows Server 2008?

The Windows Deployment Services snap-in enables you to configure the WDS server and add boot and install images to the server.

What is the difference between a basic and dynamic drive in the Windows Server 2008 environment?

A basic disk embraces the MS-DOS disk structure; a basic disk can be divided into partitions (simple volumes).
Dynamic disks consist of a single partition that can be divided into any number of volumes. Dynamic disks also support Windows Server 2008 RAID implementations.

What is RAID in Windows Server 2008?

RAID, or Redundant Array of Independent Disks, is a strategy for building fault tolerance into your file servers. RAID enables you to combine one or more volumes on separate drives so that they are accessed by a single drive letter. Windows Server 2008 enables you to configure RAID 0 (a striped set), RAID 1 (a mirror set), and RAID 5 (disk striping with parity).

What conceptual model helps provide an understanding of how network protocol stacks such as TCP/IP work?

The OSI model, consisting of the application, presentation, session, transport, network, data link, and physical layers, helps describe how data is sent and received on the network by protocol stacks.

What protocol stack is installed by default when you install Windows Server 2008 on a network server?

TCP/IP (v4 and v6) is the default protocol for Windows Server 2008. It is required for Active Directory implementations and provides for connectivity on heterogeneous networks.

How is a server running Windows Server 2008 configured as a domain controller, such as the domain controller for the root domain or a child domain?

Installing the Active Directory on a server running Windows Server 2008 provides you with the option of creating a root domain for a domain tree or of creating child domains in an existing tree. Installing Active Directory on the server makes the server a domain controller.

What are some of the tools used to manage Active Directory objects in a Windows Server 2008 domain?

When the Active Directory is installed on a server (making it a domain controller), a set of Active Directory snap-ins is provided. The Active Directory Users and Computers snap-in is used to manage Active Directory objects such as user accounts, computers, and groups. The Active Directory Domains and Trusts snap-in enables you to manage the trusts that are defined between domains. The Active Directory Sites and Services snap-in provides for the management of domain sites and subnets.

How are domain user accounts created and managed?

The Active Directory Users and Computers snap-in provides the tools necessary for creating user accounts and managing account properties. Properties for user accounts include settings related to logon hours, the computers to which a user can log on, and the settings related to the user’s password.

What type of Active Directory objects can be contained in a group?

A group can contain users, computers, contacts, and other nested groups.

What type of group is not available in a domain that is running at the mixed-mode functional level?

Universal groups are not available in a mixed-mode domain. The functional level must be raised to Windows 2003 or Windows 2008 to make these groups available.

What types of Active Directory objects can be contained in an Organizational Unit?

Organizational Units can hold users, groups, computers, contacts, and other OUs. The Organizational Unit provides you with a container directly below the domain level that enables you to refine the logical hierarchy of how your users and other resources are arranged in the Active Directory.

What are Active Directory sites in Windows Server 2008?

Active Directory sites are physical locations on the network’s physical topology. Each regional domain that you create is assigned to a site. Sites typically represent one or more IP subnets that are connected by IP routers. Because sites are separated from each other by a router, the domain controllers on each site periodically replicate the Active Directory to update the Global Catalog on each site segment.

Can servers running Windows Server 2008 provide services to clients when they are not part of a domain?

Servers running Windows Server 2008 can be configured to participate in a workgroup. The server can provide some services to the workgroup peers but does not provide the security and management tools provided to domain controllers.

What does the use of Group Policy provide you as a network administrator?

Group Policy provides a method of controlling user and computer configuration settings for Active Directory containers such as sites, domains, and OUs. GPOs are linked to a particular container, and then individual policies and administrative templates are enabled to control the environment for the users or computers within that particular container.

What tools are involved in managing and deploying Group Policy?

GPOs and their settings, links, and other information such as permissions can be viewed in the Group Policy Management snap-in.

How do you deal with Group Policy inheritance issues?

GPOs are inherited down through the Active Directory tree by default. You can block the inheritance of settings from upline GPOs (for a particular container such as an OU or a local computer) by selecting Block Inheritance for that particular object. If you want to enforce a higher-level GPO so that it overrides directly linked GPOs, you can use the Enforce command on the inherited (or upline) GPO.

How can you make sure that network clients have the most recent Windows updates installed and have other important security features such as the Windows Firewall enabled before they can gain full network access?

You can configure a Network Policy Server (a service available in the Network Policy and Access Services role). The Network Policy Server can be configured to compare desktop client settings with health validators to determine the level of network access afforded to the client.

What is the purpose of deploying local DNS servers?

A domain DNS server provides for the local mapping of fully qualified domain names to IP addresses. Because the DNS is a distributed database, the local DNS servers can provide record information to remote DNS servers to help resolve remote requests related to fully qualified domain names on your network.

In terms of DNS, what is a caching-only server?

A caching-only DNS server supplies information related to queries based on the data it contains in its DNS cache. Caching-only servers are often used as DNS forwarders. Because they are not configured with any zones, they do not generate network traffic related to zone transfers.

How the range of IP addresses is defined for a Windows Server 2008 DHCP server?

The IP addresses supplied by the DHCP server are held in a scope. A scope that contains more than one subnet of IP addresses is called a superscope. IP addresses in a scope that you do not want to lease can be included in an exclusion range.

Technical Interview Questions – Active Directory

·         What is Active Directory?

·         What is LDAP?

·         Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.

·         Where is the AD database held? What other folders are related to AD?

·         What is the SYSVOL folder?

·         Name the AD NCs and replication issues for each NC

·         What are application partitions? When do I use them

·         How do you create a new application partition

·         How do you view replication properties for AD partitions and DCs?

·         What is the Global Catalog?

·         How do you view all the GCs in the forest?

·         Why not make all DCs in a large forest as GCs?

·         Trying to look at the Schema, how can I do that?

·         What are the Support Tools? Why do I need them?

·         What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?

·         What are sites? What are they used for?

·         What's the difference between a site link's schedule and interval?

·         What is the KCC?

·         What is the ISTG? Who has that role by default?

·         What are the requirements for installing AD on a new server?

·         What can you do to promote a server to DC if you're in a remote location with slow WAN link?

·         How can you forcibly remove AD from a server, and what do you do later? • Can I get user passwords from the AD database?

·         What tool would I use to try to grab security related packets from the wire?

·         Name some OU design considerations.

·         What is tombstone lifetime attribute?

·         What do you do to install a new Windows 2003 DC in a Windows 2000 AD?

·         What do you do to install a new Windows 2003 R2 DC in a Windows 2003 AD?

·         How would you find all users that have not logged on since last month?

·         What are the DS* commands?

·         What's the difference between LDIFDE and CSVDE? Usage considerations?

·         What are the FSMO roles? Who has them by default? What happens when each one fails?

·         What FSMO placement considerations do you know of?

·         I want to look at the RID allocation table for a DC. What do I do?

·         What's the difference between transferring a FSMO role and seizing one? Which one should you NOT seize? Why?

·         How do you configure a "stand-by operation master" for any of the roles?

·         How do you backup AD?

·         How do you restore AD?

·         How do you change the DS Restore admin password?

·         Why can't you restore a DC that was backed up 4 months ago?

·         What are GPOs?

·         What is the order in which GPOs are applied?

·         Name a few benefits of using GPMC.

·         What are the GPC and the GPT? Where can I find them?

·         What are GPO links? What special things can I do to them?

·         What can I do to prevent inheritance from above?

·         How can I override blocking of inheritance?

·         How can you determine what GPO was and was not applied for a user? Name a few ways to do that.

·         A user claims he did not receive a GPO, yet his user and computer accounts are in the right OU, and everyone else there gets the GPO. What will you look for?

·         Name a few differences in Vista GPOs

·         Name some GPO settings in the computer and user parts.

·         What are administrative templates?

·         What's the difference between software publishing and assigning?

·         Can I deploy non-MSI software with GPO?

·         You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that?

Windows admin interview questions

By admin | September 3, 2004

1.         Describe how the DHCP lease is obtained. It’s a four-step process consisting of (a) IP request, (b) IP offer, © IP selection and (d) acknowledgement.

2.        I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my address is 169.254.*.*. What happened? The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).

3.        We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP leases off of it. The server must be authorized first with the Active Directory.

4.        How can you force the client to give up the dhcp lease if you have access to the client PC? ipconfig /release

5.        What authentication options do Windows 2000 Servers have for remote clients? PAP, SPAP, CHAP, MS-CHAP and EAP.

6.        What are the networking protocol options for the Windows clients if for some reason you do not want to use TCP/IP? NWLink (Novell), NetBEUI, AppleTalk (Apple).

7.        What is data link layer in the OSI reference model responsible for? Data link layer is located above the physical layer, but below the network layer. Taking raw data bits and packaging them into frames. The network layer will be responsible for addressing the frames, while the physical layer is reponsible for retrieving and sending raw data bits.

8.        What is binding order? The order by which the network protocols are used for client-server communications. The most frequently used protocols should be at the top.

9.        How do cryptography-based keys ensure the validity of data transferred across the network?  Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends, the data was modified or corrupted.

10.      Should we deploy IPSEC-based security or certificate-based security? They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of the packets. Certificate-based security ensures the validity of authenticated clients and servers.

11.       What is LMHOSTS file? It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.

12.      What’s the difference between forward lookup and reverse lookup in DNS?Forward lookup is name-to-address, the reverse lookup is address-to-name.

13.      How can you recover a file encrypted using EFS? Use the domain recovery agent.