Windows Server 2003 interview and certification

questions
By admin | December 7, 2003
1. How do you double-boot a Win 2003 server box? The Boot.ini file is set as read-only, system, and
hidden to prevent unwanted editing. To change the Boot.ini timeout and default settings, use
the System option in Control Panel from the Advanced tab and select Startup.
2. What do you do if earlier application doesn’t run on Windows Server 2003?When an application
that ran on an earlier legacy version of Windows cannot be loaded during the setup function or if it later
malfunctions, you must run the compatibility mode function. This is accomplished by right-clicking the
application or setup program and selecting Properties –> Compatibility –> selecting the previously
supported operating system.
3.  If you uninstall Windows Server 2003, which operating systems can you revert to? Win ME,
Win 98, 2000, XP. Note, however, that you cannot upgrade from ME and 98 to Windows Server 2003.
4. How do you get to Internet Firewall settings? Start –> Control Panel –> Network and Internet
Connections –> Network Connections.
5. What are the Windows Server 2003 keyboard shortcuts? Winkey opens or closes the Start menu.
Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next
application in the taskbar. Winkey + SHIFT + TAB moves the focus to the previous application in the
taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E
opens Windows Explorer showing My Computer. Winkey + F opens the Search panel. Winkey + CTRL + F
opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M
minimizes all. Winkey + SHIFT+ M undoes minimization. Winkey + R opens Run dialog. Winkey + U opens
the Utility Manager. Winkey + L locks the computer.
6. What is Active Directory? Active Directory is a network-based object store and service that locates and
manages resources, and makes these resources available to authorized users and groups. An underlying
principle of the Active Directory is that everything is considered an object—people, servers, workstations,
printers, documents, and devices. Each object has certain attributes and its own security access control list
(ACL).
7. Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain
Controller (BDC) in Server 2003? The Active Directory replaces them. Now all domain controllers
share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.
8. How long does it take for security changes to be replicated among the domain
controllers? Security-related modifications are replicated within a site immediately. These changes include
account and individual user lockout policies, changes to password policies, changes to computer account
passwords, and modifications to the Local Security Authority (LSA).
9. What’s new in Windows Server 2003 regarding the DNS management? When DC promotion
occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the
directory and replicate from the DC the required portions of the directory. If the wizard fails to locate a DC, it
performs debugging and reports what caused the failure and how to fix the problem. In order to be located
on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation
Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and
reporting activity is done with the Active Directory Installation Wizard.
10. When should you create a forest? Organizations that operate on radically different bases may require
separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS
identities. Organizations merge or are acquired and naming continuity is desired. Organizations form
 partnerships and joint ventures. While access to common resources is desired, a separately defined tree can
enforce more direct administrative and security restrictions.
11. How can you authenticate between forests? Four types of authentication are used across forests: (1)
Kerberos and NTLM network logon for remote access to a server in another forest; (2) Kerberos and NTLM
interactive logon for physical logon outside the user’s home forest; (3) Kerberos delegation to N-tier
application in another forest; and (4) user principal name (UPN) credentials.
12. What snap-in administrative tools are available for Active Directory? Active Directory Domains
and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group
Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema
Manager (optional, available from adminpak)
13. What types of classes exist in Windows Server 2003 Active Directory? 
 Structural class. The structural class is important to the system administrator in that it is the
only type from which new Active Directory objects are created. Structural classes are developed from
either the modification of an existing structural type or the use of one or more abstract classes.
 Abstract class. Abstract classes are so named because they take the form of templates that
actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes
as frameworks for the defining objects.
 Auxiliary class. The auxiliary class is a list of attributes. Rather than apply numerous attributes
when creating a structural class, it provides a streamlined alternative by applying a combination of
attributes with a single include action.
 88 class. The 88 class includes object classes defined prior to 1993, when the 1988 X.500
specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor
is it in common use for the development of objects in Windows Server 2003 environments.
14. How do you delete a lingering object? Windows Server 2003 provides a command called Repadmin
that provides the ability to delete lingering objects in the Active Directory. 
15. What is Global Catalog? The Global Catalog authenticates network user logons and fields inquiries about
objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In
Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the
network.
16. How is user account security established in Windows Server 2003? When an account is created, it
is given a unique access number known as a security identifier (SID). Every group to which the user belongs
has an associated SID. The user and related group SIDs together form the user account’s security token,
which determines access levels to objects throughout the system and network. SIDs from the security token
are mapped to the access control list (ACL) of any object the user attempts to access.
17. If I delete a user and then create a new account with the same username and password,
would the SID and permissions stay the same? No. If you delete a user account and attempt to
recreate it with the same user name and password, the SID will be different. 
18. What do you do with secure sign-ons in an organization with many roaming users? Credential
Management feature of Windows Server 2003 provides a consistent single sign-on experience for users. This
can be useful for roaming users who move between computer systems. The Credential Management feature
provides a secure store of user credentials that includes passwords and X.509 certificates.
19. Anything special you should do when adding a user that has a Mac? "Save password as encrypted
clear text" must be selected on User Properties Account Tab Options, since the Macs only store their
passwords that way.
20. What remote access options does Windows Server 2003 support? Dial-in, VPN, dial-in with
callback.
21. Where are the documents and settings for the roaming profile stored? All the documents and
environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all
 changes to the locally stored profile are copied to the shared server folder. Therefore, the first time a roaming
user logs on to a new system the logon process may take some time, depending on how large his profile
folder is.
22. Where are the settings for all the users stored on a given machine? \Document and Settings\All
Users
23. What languages can you use for log-on scripts? JavaScipt, VBScript, DOS batch files (.com, .bat, or
even .exe)

Windows Server 2003 Active Directory and

Security questions
By admin | December 7, 2003
1. What’s the difference between local, global and universal groups? Domain local groups assign
access permissions to global domain groups for local domain resources. Global groups provide access to
resources in other trusted domains. Universal groups grant access to resources in all trusted domains.
2. I am trying to create a new universal user group. Why can’t I? Universal groups are allowed only in
native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be
promoted to Windows Server 2003 Active Directory.
3. What is LSDOU? It’s group policy inheritance model, where the policies are applied toLocal
machines, Sites, Domains and Organizational Units.
4. Why doesn’t LSDOU work under Windows NT? If the NTConfig.pol file exist, it has the highest
priority among the numerous policies.
5. Where are group policies stored? %SystemRoot%System32\GroupPolicy
6. What is GPT and GPC? Group policy template and group policy container.
7. Where is GPT stored? %SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID
8. You change the group policies, and now the computer and user settings are in conflict. Which
one has the highest priority? The computer settings take priority.
9. You want to set up remote installation procedure, but do not want the user to gain access
over it. What do you do? gponame–> User Configuration–> Windows Settings–> Remote Installation
Services–> Choice Options is your friend.
10. What’s contained in administrative template conf.adm? Microsoft NetMeeting policies
11. How can you restrict running certain applications on a machine? Via group policy, security
settings for the group, then Software Restriction Policies.
12. You need to automatically install an app, but MSI file is not available. What do you
do? A .zap text file can be used to add applications using the Software Installer, rather than the Windows
Installer.
13. What’s the difference between Software Installer and Windows Installer? The former has fewer
privileges and will probably require user intervention. Plus, it uses .zap files.
14. What can be restricted on Windows Server 2003 that wasn’t there in previous
products? Group Policy in Windows Server 2003 determines a users right to modify network and dial-up
TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network
configuration parameters.
15. How frequently is the client policy refreshed? 90 minutes give or take.
16. Where is secedit? It’s now gpupdate.
17. You want to create a new group policy but do not wish to inherit. Make sure you check Block
inheritance among the options when creating the policy.
18. What is "tattooing" the Registry? The user can view and modify user preferences that are not stored in
maintained portions of the Registry. If the group policy is removed or changed, the user preference will
persist in the Registry.
19. How do you fight tattooing in NT/2000 installations? You can’t.
20. How do you fight tattooing in 2003 installations? User Configuration - Administrative Templates -
System - Group Policy - enable - Enforce Show Policies Only.
21. What does IntelliMirror do? It helps to reconcile desktop settings, applications, and stored files for
users, particularly those who move between workstations or those who must periodically work offline.
22. What’s the major difference between FAT and NTFS on a local machine? FAT and FAT32 provide
no security over locally logged-on users. Only native NTFS provides extensive permission control on both
remote and local files.
23. How do FAT and NTFS differ in approach to user shares? They don’t, both have support for
sharing.
24. Explan the List Folder Contents permission on the folder in NTFS. Same as Read & Execute, but
not inherited by files within a folder. However, newly created subfolders will inherit this permission.
25. I have a file to which the user has access, but he has no folder permission to read it. Can he
access it? It is possible for a user to navigate to a file for which he does not have folder permission. This
involves simply knowing the path of the file object. Even if the user can’t drill down the file/folder tree using
My Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The best
way to start would be to type the full path of a file into Run… window.
26. For a user in several groups, are Allow permissions restrictive or permissive?Permissive, if at
least one group has Allow permission for the file/folder, user will have the same permission.
27. For a user in several groups, are Deny permissions restrictive or permissive?Restrictive, if at
least one group has Deny permission for the file/folder, user will be denied access, regardless of other group
permissions.
28. What hidden shares exist on Windows Server 2003 installation? Admin$, Drive$, IPC$,
NETLOGON, print$ and SYSVOL.
29. What’s the difference between standalone and fault-tolerant DFS (Distributed File System)
installations? The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a
shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared
resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to
other domain controllers. Thus, redundant root nodes may include multiple connections to the same data
residing in different shared folders.
30. We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box. Use the
UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares.
31. Where exactly do fault-tolerant DFS shares store information in Active Directory? In Partition
Knowledge Table, which is then replicated to other domain controllers.
32. Can you use Start->Search with DFS shares? Yes.
33. What problems can you have with DFS installed? Two users opening the redundant copies of the file
at the same time, with no file-locking involved in DFS, changing the contents and then saving. Only one file
will be propagated through DFS.
34. I run Microsoft Cluster Server and cannot install fault-tolerant DFS. Yeah, you can’t. Install a
standalone one.
35. Is Kerberos encryption symmetric or asymmetric? Symmetric.
 36. How does Windows 2003 Server try to prevent a middle-man attack on encrypted line? Time
stamp is attached to the initial client request, encrypted with the shared key.
37. What hashing algorithms are used in Windows 2003 Server? RSA Data Security’s Message Digest
5 (MD5), produces a 128-bit hash, and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash.
38. What third-party certificate exchange protocols are used by Windows 2003 Server? Windows
Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7 certificate response to
exchange CA certificates with third-party certificate authorities.
39. What’s the number of permitted unsuccessful logons on Administrator account? Unlimited.
Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators
group.
40. If hashing is one-way function and Windows Server uses hashing for storing passwords, how
is it possible to attack the password lists, specifically the ones using NTLMv1? A cracker would
launch a dictionary attack by hashing every imaginable term used for password and then compare the
hashes.
41. What’s the difference between guest accounts in Server 2003 and other editions? More
restrictive in Windows Server 2003.
42. How many passwords by default are remembered when you check "Enforce Password
History Remembered"? User’s last 6 passwords.

Windows Server 2003 IIS and Scripting interview

questions
By admin | December 7, 2003
1. What is presentation layer responsible for in the OSI model? The presentation layer establishes the
data format prior to passing it along to the network application’s interface. TCP/IP networks perform this
task at the application layer.
2. Does Windows Server 2003 support IPv6? Yes, run ipv6.exe from command line to disable it.
3. Can Windows Server 2003 function as a bridge? Yes, and it’s a new feature for the 2003 product. You
can combine several networks and devices connected via several adapters by enabling IP routing.
4. What’s the difference between the basic disk and dynamic disk? The basic type contains partitions,
extended partitions, logical drivers, and an assortment of static volumes; the dynamic type does not use
partitions but dynamically manages volumes and provides advanced storage options
5. What’s a media pool? It is any compilation of disks or tapes with the same administrative properties. 
6. How do you install recovery console? C:\i386\win32 /cmdcons, assuming that your Win server
installation is on drive C.
7. What’s new in Terminal Services for Windows 2003 Server? Supports audio transmissions as well,
although prepare for heavy network load.
8. What scripts ship with IIS 6.0? iisweb.vsb to create, delete, start, stop, and list Web sites, iisftp.vsb to
create, delete, start, stop, and list FTP sites, iisdir.vsb to create, delete, start, stop, and display virtual
directories, iisftpdr.vsb to create, delete, start, stop, and display virtual directories under an FTP
root, iiscnfg.vbs to export and import IIS configuration to an XML file.
9. What’s the name of the user who connects to the Web site anonymously?IUSR_computername
10. What secure authentication and encryption mechanisms are supported by IIS 6.0? Basic
authentication, Digest authentication, Advanced digest authentication, Certificate-based Web transactions
that use PKCS #7/PKCS #10, Fortezza, SSL, Server-Gated Cryptography, Transport Layer Security
11. What’s the relation between SSL and TLS? Transport Layer Security (TLS) extends SSL by providing
cryptographic authentication. 
12. What’s the role of http.sys in IIS? It is the point of contact for all incoming HTTP requests. It listens for
requests and queues them until they are all processed, no more queues are available, or the Web server is
shut down.
13. Where’s ASP cache located on IIS 6.0? On disk, as opposed to memory, as it used to be in IIS 5.
14. What is socket pooling? Non-blocking socket usage, introduced in IIS 6.0. More than one application can
use a given socket.
15. Describe the process of clustering with Windows 2003 Server when a new node is added. As a
node goes online, it searches for other nodes to join by polling the designated internal network. In this way,
all nodes are notified of the new node’s existence. If other nodes cannot be found on a preexisting cluster, the
new node takes control of the quorum resources residing on the shared disk that contains state and
configuration data.
16. What applications are not capable of performing in Windows 2003 Server clusters? The ones
written exclusively for NetBEUI and IPX.
17. What’s a heartbeat? Communication processes between the nodes designed to ensure node’s health.
18. What’s a threshold in clustered environment? The number of times a restart is attempted, when the
node fails.
19. You need to change and admin password on a clustered Windows box, but that requires
rebooting the cluster, doesn’t it? No, it doesn’t. In 2003 environment you can do that via cluster.exe
utility which does not require rebooting the entire cluster.
20. For the document of size 1 MB, what size would you expect the index to be with Indexing
Service? 150-300 KB, 15-30% is a reasonable expectation.
21. Doesn’t the Indexing Service introduce a security flaw when allowing access to the index? No,
because users can only view the indices of documents and folders that they have permissions for.
22. What’s the typical size of the index? Less then 100K documents - up to 128 MB. More than that - 256+
MB.
23. Which characters should be enclosed in quotes when searching the index? &, @, $, #, ^, ( ), and
|.
24. How would you search for C++? Just enter C++, since + is not a special character (and neither is C).
25. What about Barnes&Noble? Should be searched for as Barnes’&’Noble.
26. Are the searches case-sensitive? No.
27. What’s the order of precedence of Boolean operators in Microsoft Windows 2003 Server
Indexing Service? NOT, AND, NEAR, OR.
28. What’s a vector space query? A multiple-word query where the weight can be assigned to each of the
search words. For example, if you want to fight information on ‘black hole’, but would prefer to give more
weight to the word hole, you can enterblack[1] hole[20] into the search window.
29. What’s a response queue? It’s the message queue that holds response messages sent from the receiving
application to the sender.
30. What’s MQPing used for? Testing Microsoft Message Queue services between the nodes on a network.
31. Which add-on package for Windows 2003 Server would you use to monitor the installed
software and license compliance? SMS (System Management Server).
32. Which service do you use to set up various alerts? MOM (Microsoft Operations Manager).
33. What languages does Windows Scripting Host support? VB, VBScript, JScript.
Hardware design interview questions
By admin | December 7, 2003
1. Give two ways of converting a two input NAND gate to an inverter
2. Given a circuit, draw its exact timing response. (I was given a Pseudo Random Signal Generator; you can
expect any sequential ckt)
3. What are set up time & hold time constraints? What do they signify? Which one is critical for estimating
maximum clock frequency of a circuit?
4. Give a circuit to divide frequency of clock cycle by two
5. Design a divide-by-3 sequential circuit with 50% duty circle. (Hint: Double the Clock)
6. Suppose you have a combinational circuit between two registers driven by a clock. What will you do if the
delay of the combinational circuit is greater than your clock signal? (You can’t resize the combinational
circuit transistors)
7. The answer to the above question is breaking the combinational circuit and pipelining it. What will be
affected if you do this?
8. What are the different Adder circuits you studied?
9. Give the truth table for a Half Adder. Give a gate level implementation of the same.
10. Draw a Transmission Gate-based D-Latch.
11. Design a Transmission Gate based XOR. Now, how do you convert it to XNOR? (Without inverting the
output)
12. How do you detect if two 8-bit signals are same?
13. How do you detect a sequence of "1101" arriving serially from a signal line?
14. Design any FSM in VHDL or Verilog.
15. Explain RC circuit’s charging and discharging.
16. Explain the working of a binary counter.
17. Describe how you would reverse a singly linked list.

Windows Admin Interview Questions & Answers

1. Describe how the DHCP lease is obtained. 

It’s a four-step process consisting of (a) IP request, (b) IP offer, © IP selection and (d) acknowledgement. 

I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my address is
169.254.*.*. What happened? 

The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available.
The name for the technology is APIPA (Automatic Private Internet Protocol Addressing). 
We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP leases off of
it. The server must be authorized first with the Active Directory. 

2. How can you force the client to give up the dhcp lease if you have access to the client PC? 

ipconfig /release 

3. What authentication options do Windows 2000 Servers have for remote clients? 

PAP, SPAP, CHAP, MS-CHAP and EAP. 

4. What are the networking protocol options for the Windows clients if for some reason you do not want to use
TCP/IP?

NWLink (Novell), NetBEUI, AppleTalk (Apple). 

5. What is data link layer in the OSI reference model responsible for? 

Data link layer is located above the physical layer, but below the network layer. Taking raw data bits and packaging
them into frames. The network layer will be responsible for addressing the frames, while the physical layer is
reponsible for retrieving and sending raw data bits. 

6. What is binding order? 

The order by which the network protocols are used for client-server communications. The most frequently used
protocols should be at the top. 

7. How do cryptography-based keys ensure the validity of data transferred across the network?  

Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends, the
data was modified or corrupted. 

8. Should we deploy IPSEC-based security or certificate-based security? 

They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of the
packets. Certificate-based security ensures the validity of authenticated clients and servers. 

9. What is LMHOSTS file? 

It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses. 

10. What’s the difference between forward lookup and reverse lookup in DNS? 

Forward lookup is name-to-address, the reverse lookup is address-to-name. 

11. How can you recover a file encrypted using EFS? 

Use the domain recovery agent.

Read more: http://discuss.itacumens.com/index.php/topic,22705.0.html#ixzz1A7iMI4ql